Crypto Systems and Data Protection PMA (First Sit)
1 Context
You are a system architect in a large cyber security consultancy. You have been asked to propose a solution to meet the requirements of a new client. The client is a UK University. The client uses an ID card-based authentication system to enable access to campus services such as those described in Section 2.2. The client is exploring the feasibility of replacing the card-based system with a phone app-based system.
2 Requirements
You are required to produce: a Cryptool based cryptosystem simulation of a proposed campus identity management system (CIMS); an accompanying report; and a video which outlines and describes the CIMS.
2.1 COTS
The CIMS will comprise a combination of commercial off the shelf systems which will provide the functionality described in Section 2.2. Examples of these systems include, but are not limited to authentication/OTP systems including: Yoti, SecureAuth, Google Authenticator, Microsoft Authenticator; payment systems including: Apple Pay, Alipay, Blackboard Transact, WeChat Pay, Walmart Pay, Google Pay, Samsung Pay; physical access control systems including: FingerTec QR, AptiQmobile, HID Global, Tapkey, Stanley Onedoor, Onecard Mobile, Kisi and SSO/access gateway systems such as Okta verify
Design your CIMS using one or a combination of these and/or other products. For example, you might choose to use Google authenticator as the authentication system and Google Pay as the payment system. You might find a COTS that performs all the desired functions.
2.2 System Functionality
The CIMS must incorporate the following functionality. Users must be able to:
a. Borrow library books.
b. Submit and pay for document prints, and pay for other items on campus.
c. Access buildings/physical services using an underlying technology such as Bluetooth Smart , with a minimum security level of 1. Buildings/services include but are not limited to: the sports centre, accommodation, and campus buildings.
d. The University provides several web services including: VLE access, accommodation web site, email, file storage, library, and the sports centre. These services must be accessed through a single sign-in system.
e. Access to information systems must take place from a recognised host. When a user logs in from a different host, the system will generate a one-time passcode which the user must present within a defined time. When successfully presented, the system will implement the sign on process.
3 Deliverables
3.1 Cryptosystem (50%)
Simulate a provably functional cryptosystem using one Cryptool configuration for each of the requirements stated in Section 2.2. Each Cryptool configuration file must have an appropriate filename.
You are producing simulations. Your simulations may:
Utilise the Achterbahn algorithm (or another algorithm) to demonstrate both symmetric and asymmetric encryption
Pseudo implement an X.509 certificate.
Make further assumptions which must be clearly stated.
Realistic implementations will attract more credit.
3.2 Report (40%)
Your report should contain:
a. Introduction. A very brief introduction outlining the scope of the report.
b. Technical Description.
a. Provide a brief description of each COTS used. How does the COTS work from a cryptosystem perspective?
b. By referring to the cryptosystem simulations, present a detailed technical description of the protocols and data exchanges between elements such as the user, browser, servers, databases.
Provide a critical overview of how these systems will work together in your design to achieve the desired system functionality described in Section 2.2.
c. Reflection. Provide a critique of the merits/demerits of the implementation. What are the assumptions made? Is there a more secure method of implementing any of the elements?
3.3 Video (10%)
A 10-minute video demonstrating the solution functionality. Your voice must be heard in this video and must evidence that you are the owner and narrator of this video. The video will walk through your cryptosystem simulation carefully explaining each element.