Assignment 2 – Seven questions covering seminars 6 to 12 (inclusive

BISM7213 Securing Business Information – summer semester, 2020

Assignment 2 – Seven questions covering seminars 6 to 12 (inclusive)

(60% of overall course marks)

Assignment Overview

This assignment must be completed individually by each student.  The submission deadline is 1pm, Wednesday 16th December 2020.  This assignment requires a student to answer seven questions (each with sub-parts) that cover the course content of the final seminars.  Assignment

2 is worth 60% of the overall course marks.  A student’s answer to each of the seven questions (that is, each question and all its sub-parts) cannot exceed 300 words.  This word limit per question requires a student to soundly analyse/research each question and then structure a response in a concise, business-informative fashion.  There is no need to reference an answer unless referencing is specifically requested in the question.  A student must construct each answer in her/his own words – and in ‘plain English’ business language (not technical language that would be more suited to computing science/engineering contexts).  

  • ONE PDF submission via the Blackboard BISM7213 site (full details closer to submission date)

• Please ensure your student details (name, number, email address) are contained on eachpage of the report in a suitably designed footerAssignment Marking Guide

Each submission will be marked according to the following criteria:

  • The completeness of the answer – does the answer show that the student has grasped the full meaning of the question and that the student has included all relevant points in the answer? (40%)
  • Does the answer identify and accurately analyse the interdependencies of the relevant points that are relevant? (10%).
  • Is the answer presented in ‘plain English’ business language. The student must present answers (often discussing technical issues) in terminology/language that is clearly and easily understood by a business analyst/business manager (10%)

Question 1

Please answer the following questions in relation to our topic “symmetric key cryptography and hashing”.

  1. Describe the ‘key distribution problem’ as it applies to symmetric key cryptography. (3%)
  2. Analyse the process of hashing using the characteristics of integrity, confidentiality and authentication. You must clearly describe which is these three characteristics are/are not

provided by a hash, and why?                                                                                                                                                                                                                                                                                          (4%)

  1. We have discussed the US (attempted) initiative of the Clipper Explain what this initiative was.  Analyse the Clipper chip in terms of the Australian TOLA Act (we have

discussed in an earlier seminar).                                                                                                                                                                                                                                                                                                      (3%


1 | P a g e                          BISM7213 assignment 2 – summer semester, 2020


Question 2

Please answer the following questions in relation to our seminar topic “asymmetric key cryptography”.

  1. A work colleague asks you to explain to him how and why asymmetric key cryptography can control a specific document for (1) confidentiality (on its own), (2) authentication (on its own), and finally, (3) both confidentiality and authentication (together). The same work colleague asks you to explain if asymmetric key cryptography can/cannot deliver (4) integrity

(on its own) to a specific document.                                                                                                                                                                                                                                                                     (5%)

  1. Using our fundamental security ‘quality of service’ criteria of confidentiality, integrity, and authentication, explain how – within a PKI – public keys are distributed with trust.


Question 3

Please answer the following questions in relation to our seminar topic on ‘hybrid security – web and email’.

  1. Describe how (i.e. at which steps) and why TLS uses symmetric key cryptography and public key cryptography. (4%)
  2. Which of the two entities (browser, web server) is authenticated when we use the fundamental TLS exchange (i.e. no optional step)? TLS does provide an optional step at which the client browser sends a client digital certificate to the web server.  What does this optional step (if used) provide in terms of additional security?  Why is this optional step

rarely used?                                                                                                                                                          (3%)

  1. Describe how S/MIME provides symmetric key exchange when setting up confidential email exchange between two communicating parties. Explain why is S/MIME designed this

way (and not like TLS symmetric key exchange)?                                                                                                                                                                                                                                 (3%)


Peter Clutterbuck

Summer semester, 2020