CP5603Research Report
Note: This is not a group project. Each student must individually complete all parts of their submission.
Students must start with a new document and they must not have another person’s file in their possession at any time.
Students are welcome to discuss the task with each other (and with the lecturer), but each student must write their assignment independently and not show their work to other students.
A major cloud computing company has asked you to assess two similar technologies, from a big-picture view (without too much technical detail), to help them decide which alteranative they should use. The general idea is for your report to:
1. Briefly describe the two technologies.
2. Compare and contrast the two technologies: what are their good points and (more interestingly) their bad points or weaknesses.
3. Finally, what is your personal recommendation of which should a data-oriented company use? Explain why, perhaps by comparing their good points and bad points. If all options seem bad, feel free to recommend “none of the above”.
Any two similar technologies would be fine, below are some possible topics:
A Few Possible Topics
1. To stop spam email, should we use:
· a Bayesian spam filter on the email server, or instead
· email address authentication?
2. VPN encryption: should we use:
· IPSec or
· TLS/SSL or
· One of the less popular protocols such as Cisco’s AnyConnect (which uses Datagram Transport Layer Security (DTLS)) or Microsoft Point-to-Point Encryption (MPPE)?
3. What is the difference (if any) between the:
· Deep web (which usually means any web sites not indexed by search engines).
· Dark web (which usually means web sites doing criminal stuff).
Is one a subset of the other, or are they different but overlapping, or what?
4. Encryption key management: should we use
· A certificate authority for an SSL/TLS key and certificate (like a web site uses), or
· Our own key server for our company, something like Kerberos protocol.
5. How to send large binary files to a colleague, in a secure way? Should I use:
· Email attachments in MIME (given that email is not perfectly secure), or
· One-click hosting (also called a cyberlocker), such as www.mega.nz or similar?
6. On the subject of cyberlocker web sites, which one do you think is best? Take into account reviews of speed, is end-to-end encryption available, is it free, does the U.S. government read your files, and so on. Remember that our data company would value security above all else, so CALEA becomes very relevant, and end-to-end encryption would also be very nice. One place to start is the Wikipedia comparison of popular file hosting sites at https://en.wikipedia.org/wiki/Comparison_of_file_hosting_services
7. My company spies on other people. Which do you recommend a spy to use:
· A hardware keylogger, perhaps with WiFi to you never have to get it back, or
· Some malware that tries to read the victim’s hard drive.
8. Undeniable signatures are where someone cannot deny that they sent a message. There are several ways to do this, so describe two ways, and recommend what you think seems the best.
9. Encrypted, blockchain-based cryptocurrencies are popular today. What is the difference (if any) between:
· Bitcoin, and
· Etherium (or any other cryptocurrency that isn’t Bitcoin, such as Zcash).
If all cryptocurrencies seem bad to you, feel free to recommend not to use any.
10. In the United States, they have a law called theCommunications Assistance for Law Enforcement Act (CALEA). It requires companies that have computer networks (including Skype, Hotmail, Gmail, and all U.S. universities) to allow the U.S. Government to easily tap in to the private data of customers for real-time surveillance. This includes your emails, your Skype conversations, and so forth.
To prevent the U.S. Government from listening to your communications, should we use:
· Open-source substitutes for Skype with strong encryption, such as LinPhone, Tox, SureSpot, ChatSecure, or RedPhone, or instead:
· Some other commercial alternative, such as WeChat.
11. Cryptographic hash functions are a basic technology used in many encryption methods. Some hash functions are:
· Older but popular ones like MD5 and SHA-1
· Newer ones that are supposed to be better, like BLAKE2, SHA-3, and Tiger.
Is newer really better? Or are the older generation still okay?