Objective:
The objective of this assignment is to identify a set of (cyber security) algorithmic requirements and apply the relevant symmetric and asymmetric key cryptography algorithms for a given application (Australian My Health Record – MHR system).
Total 100 marks for this Assignment 1:
In this assignment, you are required to complete the following three activities. Clearly state any assumptions you make. Your assumptions should be consistent with what are given the descriptions below. Upon the completion of the activities, you are required to provide a formal report documenting your findings in a single PDF file.
Format of Report:
For the purpose of this written assessment you are assumed to be a postgraduate student capable of producing a high quality report. As such, you should attempt at your best to reflect this quality in the preparation of the written assessment. The report should contain the following five sections, but not limited to:
Section 1: Introduction – State the purpose and objectives of the report.
Section 2: Description – Attempt and write all three activities. Include your assumptions.
Section 3: Recommendation – Any recommendations to improve MHR system.
Section 4: Conclusion – Summarize your findings according to the main points.
Section 5: References – Follow Harvard referencing style. Please provide in-text citations.
Number of Words: 1000 (maximum) – for all three activities. Your word count should not include introduction, recommendation, conclusion, figure captions and references.
Page Formatting: A4 size paper, 2-cm margins on all sides, single-sided page, 1-line spacing, and 12 point ‘Times New Roman’ font
Three Activities (80 marks):
Please consider the following application scenario using Australian My Health Record (MHR) system.
A simple MHR scenario:
MHR is an initiative by Australian government that provides a secure online summary of the health information to the individuals. It can control what goes into it and who is allowed to access it. It can choose to share patients’ health information with their doctors, hospitals and other healthcare providers like pharmacists. In addition to such “primary use” of the data/information for the health services, there are plans to use aggregated and anonymised health data/information for research and other purposes – this is known as “secondary use”. Overall, the MHR system controls our health information securely in one place. It is really our choice – we can keep our MHR with basic information, or we can allow more information to MHR users or permanently delete the record. A MHR user is an individual who has right to use patients’ health information. For example, A Doctor can do the following actions in the MHR system: Login to the system, Access patients’ health information, Write prescription, Recommend patient to the specialists. The MHR system also gives our pharmacists a clearer picture of our health information.
More information about MHR can be found here: https://www.myhealthrecord.gov.au/. You can use other MHR scenarios/examples from other sources, however, please document your scenarios/examples and provide references.
Please follow the word limits that are mentioned in each activities.
Activity (1) – 350 words (30 marks) – Write any specific use case description of the MHR system and identify the misuse cases. In this activity, you should document your findings according to following:
• Identify at least 5 use cases that can allow different users to interact with MHR system – 5 marks
• Identify the possible misuse cases for those use cases (at least 5 misuse cases) – 5 marks
• Select a single use case and provide the situations (i.e., interactions between actors and system) for your selected use case – 15 marks
• You may need to make your own assumptions for the situations that are not included in the above mentioned MHR scenario. In this case, state your assumptions.
Note: you can use one or more of these tools for documenting the description of your use and misuse cases: (i) flowcharts, (ii) UML use case description and diagram, and/or (iii) other systems/tools.
.
Write the description of the selected use case – 10 marks
Activity (2) – 400 words (35 marks) – Write a Brief Survey on Cryptographic Algorithms: In this activity, you have to provide a brief report on the following:
• Understand the basic concepts of Symmetric versus Asymmetric Key Cryptography and briefly write your findings including a symmetric key algorithm (e.g., One-time Pad) and a specific asymmetric key algorithm – 10 marks
• Write your reflections on using different cipher substitution algorithms (e.g., AtBash Substitution Cipher and Caesar Cipher Substitution) for secure communication – two entities (or users) can communicate and interact with MHR system through creating such a secure channel – 10 marks
• Justify your reflections on using secret and public keys based on the encryption and decryption processes during communication and interacting with MHR system – 15 marks
Activity (3) – 250 words (15 marks) – A Recent Cryptographic Algorithm: In this activity, you have to provide a brief report on any relevant symmetric or asymmetric algorithm that can be applied in MHR system. Document your research and findings according to following:
• Write about your research approach to find any relevant research paper – you can use ‘Google’, ‘Google Scholar’ or ‘Scopus’ to search/find your paper – 3 marks
• Identify any relevant algorithm from the paper that is proposed within last few years – 2 marks
• How the algorithm works and briefly describe the application area in which the algorithm is applied – 5 marks
• Write your reflections on applying the proposed algorithm in MHR system
Sample Solution
