Assignment Guidance and Front Sheet

This front sheet for assignments is designed to contain the brief, the submission instructions,
and the actual student submission for any WMG assignment. As a result the sheet is completed
by several people over time, and is therefore split up into sections explaining who completes
what information and when. Yellow highlighted text indicates examples or further explanation of
what is requested, and the highlight and instructions should be removed as you populate ‘your’
section.

This sheet is only to be used for components of assessment worth more than 3 CATS (e.g. for a
15 credit module, weighted more than 20%; or for a 10 credit module, weighted more than
30%).

To be completed by the student(s) prior to final submission:

Your actual submission should be written at the end of this cover sheet file, or attached with the
cover sheet at the front if drafted in a separate file, program or application.

Student ID or IDs for group work e.g. 1234567

To be completed (highlighted parts only) by the programme administration after approval and
prior to issuing of the assessment; to be consulted by the student(s) so that you know how
and when to submit:

Date set Date assessment will be released to the students

Submission date Date and time, assessment submission details

(excluding extensions)

Submission guidance Specific submission guidance for this work (e.g. Tabula link)

Marks return date Latest date that marks can be returned to the students (i.e. the 20
(excluding extensions) day turnaround)
 Late submission policy If work is submitted late, penalties will be applied at the rate of 5
marks per University working day after the due date, up to a
maximum of 10 working days late. After this period the mark for
the work will be reduced to 0 (which is the maximum penalty).
“Late” means after the submission deadline time as well as the
date – work submitted after the given time even on the same day
is counted as 1 day late.

For Postgraduate students only, who started their current course

before 1 August 2019, the daily penalty is 3 marks rather than 5.

Resubmission policy If you fail this assignment or module, please be aware that the
University allows students to remedy such failure (within certain
limits). Decisions to authorise such resubmissions are made by
Exam Boards. Normally these will be issued at specific times of the
year, depending on your programme of study. More information
can be found from your programme office if you are concerned.

To be completed by the module owner/tutor prior to approval and issuing of the assessment;
to be consulted by the student(s) so that you understand the assignment brief, its context
within the module, and any specific criteria and advice from the tutor:

Module title & code Crypto systems and data protection (ES94N-10)

Module owner HS Lallie

Module tutor HS Lallie

Assessment type HS Lallie

Weighting of mark 80%1

1
Note, although the specification adds up to 100, the PMA is worth 80% and the mark will be
factored to reflect that.
 Assessment brief

Please see below

Word count Described below

 Critically analyse the cryptographic needs of a particular

Module learning scenario.
outcomes (numbered)
 Critically evaluate cryptographic solutions to an information
assurance problem.

Learning outcomes As above

assessed in this
assessment (numbered)

Marking guidelines Generally indicated within specification

Academic guidance All queries to be directed to the PMA channel

resources

The following is pre-populated for PGT assignments only:

Writing your Post-Module Assignment (PMA): specific additional advice for WMG’s
Postgraduate Taught Students

As a postgraduate level student in WMG you may have some concerns about your
ability to write at the high standard required. This short guide is intended to provide
general guidance and advice. It is important that if you have any questions you discuss
them with your module tutor. Remember, in writing your PMA you need to meet the
expectations of the reader and university.

A good PMA generally requires you to answer the question and to include…
 1. A title, with your student number, module, lecturer’s name and any other
documentation required by the university.
2. A contents page and if appropriate, an abstract.
3. An introduction which acts as a ‘map’ to the rest of the document, describing
the aim or purpose of the work and explaining how this aim is achieved. At
this point it is usually helpful to paraphrase your conclusion.
4. Evidence of an appropriate level of background reading of relevant texts.
5. Evidence of systematic and clear thinking, indicative of good planning and
organisation.
6. Writing which makes sense, is clearly and carefully presented (proof-read and
grammar checked).
7. A critical style of writing which compares and contrasts the main theories,
concepts and arguments with conclusions that are based in evidence
presented.
8. High levels of accurate academic referencing.
9. A logical and well-defined structure with headings and subheadings.
10. Clearly labelled and well-presented diagrams and other graphics that are
discussed in the text.
11. Adherence to usual academic standards including length and a timely
submission.
12. A reference section in which every source that is cited in the text is listed.

Where to get help:

1. Talk to your module tutor if you don’t understand the question or are unsure as to
exactly what is required.
2. Study, Professional and Analytical Skills (SPA) Moodle site – we have a lot of resources
on this website with workbooks, links and other helpful tools.
https://moodle.warwick.ac.uk/
3. The university Academic Writing centre provides workshops and useful tools to help
you in all aspects of your work. https://warwick.ac.uk/services/skills/academicwriting/
4. Avoiding Plagiarism, the university’s site to help you to reference properly
https://moodle.warwick.ac.uk/course/view.php?id=42224
5. Wellbeing support services https://warwick.ac.uk/services/wss
6. Numerous online courses provided by the University library to help in academic
referencing, writing, avoiding plagiarism and a number of other useful resources.
https://warwick.ac.uk/services/library/students/your-library-online/
 Crypto Systems and Data Protection PMA (First Sit)

1 Context

You are a system architect in a large cyber security consultancy. You have been asked to propose
a solution to meet the requirements of a new client. The client is a UK University. The client uses
an ID card-based authentication system to enable access to campus services such as those
described in Section 2.2. The client is exploring the feasibility of replacing the card-based system
with a phone app-based system.

2 Requirements

You are required to produce: a Cryptool based cryptosystem simulation of a proposed campus
identity management system (CIMS); an accompanying report; and a video which outlines and
describes the CIMS.

2.1 COTS

The CIMS will comprise a combination of commercial off the shelf systems which will provide the
functionality described in Section 2.2. Examples of these systems include, but are not limited to
authentication/OTP systems including: Yoti, SecureAuth, Google Authenticator, Microsoft
Authenticator; payment systems including: Apple Pay, Alipay, Blackboard Transact, WeChat Pay,
Walmart Pay, Google Pay, Samsung Pay; physical access control systems including: FingerTec
QR, AptiQmobile, HID Global, Tapkey, Stanley Onedoor, Onecard Mobile, Kisi and SSO/access
gateway systems such as Okta verify

Design your CIMS using one or a combination of these and/or other products. For example, you
might choose to use Google authenticator as the authentication system and Google Pay as the
payment system. You might find a COTS that performs all the desired functions.

2.2 System Functionality

The CIMS must incorporate the following functionality. Users must be able to:

a. Borrow library books.

b. Submit and pay for document prints, and pay for other items on campus.
c. Access buildings/physical services using an underlying technology such as Bluetooth
Smart2, with a minimum security level of 1. Buildings/services include but are not limited
to: the sports centre, accommodation, and campus buildings.
d. The University provides several web services including: VLE access, accommodation web
site, email, file storage, library, and the sports centre. These services must be accessed
through a single sign-in system.

2
https://cie-group.com/how-to-av/videos-and-blogs/bluetooth-ble-access-control
 e. Access to information systems must take place from a recognised host. When a user logs
in from a different host, the system will generate a one-time passcode which the user
must present within a defined time. When successfully presented, the system will
implement the sign on process.

3 Deliverables

3.1 Cryptosystem (50%)

Simulate a provably functional cryptosystem using one Cryptool configuration for each of the
requirements stated in Section 2.2. Each Cryptool configuration file must have an appropriate
filename.

You are producing simulations. Your simulations may:

- Utilise the Achterbahn algorithm (or another algorithm) to demonstrate both symmetric
and asymmetric encryption
- Pseudo implement an X.509 certificate.
- Make further assumptions which must be clearly stated.

Realistic implementations will attract more credit.

3.2 Report (40%)

Your report should contain:

a. Introduction. A very brief introduction outlining the scope of the report.

b. Technical Description.
a. Provide a brief description of each COTS used. How does the COTS work from a
cryptosystem perspective?
b. By referring to the cryptosystem simulations, present a detailed technical
description of the protocols and data exchanges between elements such as the
user, browser, servers, databases.
Provide a critical overview of how these systems will work together in your design to
achieve the desired system functionality described in Section 2.2.
c. Reflection. Provide a critique of the merits/demerits of the implementation. What are
the assumptions made? Is there a more secure method of implementing any of the
elements?

3.3 Video (10%)

A 10-minute video demonstrating the solution functionality. Your voice must be heard in this
video and must evidence that you are the owner and narrator of this video. The video will walk
through your cryptosystem simulation carefully explaining each element.
4 Submission

At this stage in your studies, there is no excuse for poor presentation. You will not receive marks
for presentation, however, your submission will be penalised for poor presentation. Please
ensure that you follow the guidance outlined below. This guidance is not intended to be
conclusive. Failure to comply with any of the presentation requirements outlined below, WILL
be penalised.

Do not include the PMA specification in the submission.

Submission.

Your submission will comprise of multiple files.

1. A PDF report. This must not be a Word document.

2. A configuration simulation file for each requirement in Section 2.2.
3. A video

You will only have one opportunity to submit the above. If you miss any files out, they will not be
assessed, and you will not be given a second opportunity to submit.

Word count. The word count is 2,500 words. This includes tables, labels, headers, footers,
footnotes, and references. This is a very strict requirement. You must declare the word count on
the front page of your PMA.

Formatting. All figures and tables must be properly labelled and captioned. All pages must be
numbered. Formatting must be consistently applied throughout the submission.

Referencing. Citations will be denoted with a footnote marker. References will be provided in
the footnote. You are strongly advised to use a reference management system such as Endnote
Web. You must follow the Harvard referencing standard. Please study the guidance provided by
the University Library3.

Coherence. A poorly worded report will hide excellent content. The narrative should be easy to
read and arguments should be presented coherently and convincingly. Ensure that you spell
check the submission, use a grammar checker and ensure that you proof read your work prior to
submission. Spell/grammar checkers must be set to UK English, do not use ‘Americanised’
spellings.

3
https://warwick.ac.uk/services/library/students/referencing/referencing-
styles/harvard_referencing_guide.pdf