代写SCC.363、代做Java，c++设计程序

日期：2024-02-10 10:25

2023-2024 ASSESSMENTS

Undergraduate

Individual Programming

Assessment Weighting [30%]

SCC.363 Security and Risk

Academic Honesty and Integrity

Students at Lancaster University are part of an academic community that values trust,

fairness and respect and actively encourages students to act with honesty and integrity. It is

a University policy that students take responsibility for their work and comply with the

university’s standards and requirements- found in the Manual of Academic Regulations and

Practice. By submitting their answers students will be confirming that the work submitted is

completely their own. By submitting their answers the group of students will be confirming

that the work submitted is that of the group. Academic misconduct regulations are in place

for all forms of assessment and students may familiarise themselves with this via the

university website:

https://www.lancaster.ac.uk/academic-standards-and-quality/regulations-policies-andcommittees/manual-of-academic-regulations-and-procedures/

Plagiarism

Plagiarism involves the unacknowledged use of someone else’s work and passing it off as if it

were one’s own. This covers every form of submitted work, from written essays, video

vignettes, and coding exercises. However, deliberately plagiarism with the intent to deceive

and gain academic benefit is unacceptable. This is a conscious, pre-meditated form of

cheating and is regarded as a serious breach of the core values of the University. More

information may be found via the plagiarism framework website. All coursework is to be

submitted electronically and will be run through our plagiarism detection mechanisms.

Please ensure you are familiar with the University's Plagiarism rules and if you are in any

doubt please contact your module tutor.

https://www.lancaster.ac.uk/academic-standards-and-quality/regulations-policies-andcommittees/principles-policies-and-guidelines/plagiarism-framework/

General Guidance:

This is an individual assessment that will count for 30% of your overall mark for this module.

Learning objectives

? Develop appreciation and understanding of security concepts.

? Formulate troubleshooting methods to identify/solve problems.

? Evaluate information to argue solution choices critically.

? Effectively communicate ideas.

Submission requirements

Prepare and submit your coding solutions on Coderunner. For all coding solutions, you must

use Python3. You can use modules from standard Python3 and cryptography.io. Your code

should include appropriate comments explaining what you do and why. All implementations

must be in Python3, and the cryptography.io library must be used for any cryptographyrelated functions (if needed). If you must consider padding in any task, you should use PKCS7.

Your code should include appropriate comments explaining your solution.

Example of the type of comments you SHOULD AVOID -- the comments don't explain the

solution:

def avalancheCalculator(string1, string2):

# I hash the strings and generate the hexdigest values

hexstring1 = hashlib.sha256(string1.encode()).hexdigest()

hexstring2 = hashlib.sha256(string2.encode()).hexdigest()

# I convert the hexdigest to integers

int1 = int(hexstring1, 16)

int2 = int(hexstring2, 16)

# I XOR the integers

intResult = int1 ^ int2

# I return the 1's in the binary representation.

return ( bin(intResult).count('1') )

Examples of types of comments that provide adequate information – the comments explain

the solution to the problem:

def avalancheCalculator(string1, string2):

# A solution to the problem is to xor the integer representation

# of the two values and count in the resulting int the number of bits

# having the value of 1.

hexstring1 = hashlib.sha256(string1.encode()).hexdigest()

hexstring2 = hashlib.sha256(string2.encode()).hexdigest()

int1 = int(hexstring1, 16)

int2 = int(hexstring2, 16)

intResult = int1 ^ int2

# The "1"s in the binary representation of the XOR operation

# represent which bits from int1 and int2 are different.

# This is due to applying the XOR operation. 0^1 = 1, 1^0 = 1

# Counting the "1"s will provide how many bits differ

return ( bin(intResult).count('1') )

You have to upload the implementation of your functions on CodeRunner.

Marking Guidelines:

? You have to answer all three (3) tasks. Marks will be allocated based on the clarity of your

solution, comments in the code, and correctness. More information is provided within the

individual questions.

? The name of functions, type/number of variables, and return values must follow the tasks’

guidelines. Failing to adhere to this may result in not receiving marks.

Deadline for submissions: Friday 16

th February 16:00

TASK 1

--------

You are provided with the ds_hash hash function. The function receives a

finite message as input and produces a non-negative integer, which we

consider to be the hash value of the given message.

The size of input messages is fixed and always equals 64 bytes. Implement an

appropriate attack to check if the hash function ds_hash is strong collision

resistant. Your alphabet should include all lower-case and upper-case letters

of the English alphabet and all numbers from 0 to 9.

# -- START OF YOUR CODERUNNER SUBMISSION CODE

# INCLUDE ALL YOUR IMPORTS HERE

def ds_hash(message: str) -> int:

hash_value = 0

for ch in message:

hash_value = (hash_value * 71) + ord(ch)

return hash_value & 0x7FFFFFFF

def myAttack() -> bool:

# YOUR IMPLEMENTATION

return # True or False

# -- END OF YOUR CODERUNNER SUBMISSION CODE

#You can test your code in your system (NOT IN YOUR CODERUNNER SUBMISSION)

as follows:

# MAIN

if __name__ == "__main__":

print( myAttack() )

Marking scheme: This task's weight is 35% for providing a valid attack and

commenting on your code.

TASK 2

--------

Implement an HMAC based on the RFC-2104 definition (Section 2). The RFC is

available at the following link: https://www.rfc-editor.org/rfc/rfc2104

Below is the extract from the RFC that describes how the HMAC can be

implemented, and this is what you need to implement. The text is amended to

provide specific information about the selected H cryptographic hash

function, i.e., SHA256.

The definition of HMAC requires a cryptographic hash function, which

we denote by H, and a secret key K. In your implementation, assume H

to be the SHA256 cryptographic hash function.

We denote by B the byte-length of such blocks (B=64 for SHA256),

and by L the byte-length of hash outputs (L=32 for SHA256).

The authentication key K can be of any length up to B, the

block length of the hash function. Applications that use keys longer

than B bytes will first hash the key using H and then use the

resultant L byte string as the actual key to HMAC. In any case the

minimal recommended length for K is L bytes (as the hash output

length).

We define two fixed and different strings ipad and opad as follows

(the 'i' and 'o' are mnemonics for inner and outer):

ipad = the byte 0x36 repeated B times

opad = the byte 0x5C repeated B times.

To compute HMAC over the data `text' we perform

H(K XOR opad, H(K XOR ipad, text))

Namely,

(1) append zeros to the end of K to create a B byte string

(e.g., if K is of length 20 bytes and B=64, then K will be

appended with 44 zero bytes 0x00)

(2) XOR (bitwise exclusive-OR) the B byte string computed in step

(1) with ipad

(3) append the stream of data 'text' to the B byte string resulting

from step (2)

(4) apply H to the stream generated in step (3)

(5) XOR (bitwise exclusive-OR) the B byte string computed in

step (1) with opad

(6) append the H result from step (4) to the B byte string

resulting from step (5)

(7) apply H to the stream generated in step (6) and output

the result

The function's name has to be CustomHMAC and defined as follows.

# -- START OF YOUR CODERUNNER SUBMISSION CODE

# INCLUDE ALL YOUR IMPORTS HERE

def CustomHMAC(key: bytes, text: str) -> str:

# YOUR IMPLEMENTATION

return # YOUR RESULT

# -- END OF YOUR CODERUNNER SUBMISSION CODE

#You can test your code in your system (NOT IN YOUR CODERUNNER SUBMISSION)

as follows:

# MAIN

if __name__ == "__main__":

k = os.urandom(16) # k is <class 'bytes'>

txt = "hello world!!!!" # txt is <class 'str'>

print( CustomHMAC(k, txt) )

# The output will be a string of hexadecimal values, e.g.: a51b … 35fa

You can debug your code against the result from the following function:

from cryptography.hazmat.primitives import hashes, hmac

def HMAC_from_Cryptography(key: bytes, text: str) -> str:

h = hmac.HMAC(key, hashes.SHA256())

h.update(text.encode())

signature = h.finalize().hex()

return signature

Marking scheme: This task's weight is 40%, which will be allocated equally

for correctly implementing the steps and commenting on your code.

TASK 3

--------

Using the AES-ECB encryptor from the cryptography.io module, implement the

AES mode in Figure 1. You can instantiate an AES-ECB encryptor as follows:

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms,

modes

key = # SELECT AN APPROPRIATE KEY FOR AES

cipher = Cipher(algorithms.AES(key), modes.ECB())

encryptor = cipher.encryptor()

Figure 1 - The figure describes a mode of AES for encrypting plaintext to ciphertext

The function's name has to be CustomAESmode and defined as follows:

# -- START OF YOUR CODERUNNER SUBMISSION CODE

# INCLUDE ALL YOUR IMPORTS HERE

def CustomAESMode(key: bytes, iv: bytes, plaintext: str) -> str:

# YOUR IMPLEMENTATION

return # THE CIPHERTEXT

# -- END OF YOUR CODERUNNER SUBMISSION CODE

#You can test your code in your system (NOT IN YOUR CODERUNNER SUBMISSION)

as follows:

# MAIN

if __name__ == "__main__":

key = bytes.fromhex("06a9214036b8a15b512e03d534120006")

iv = bytes.fromhex("3dafba429d9eb430b422da802c9fac41")

txt = "This is a text"

print( CustomAESMode(key, iv, txt) )

# The result using the above input should be:

1827bfc04f1a455eb101b943c44afc1d

Marking scheme: This task's weight is 25%, which will be allocated equally

for correctly implementing the steps and commenting on your code.