Assignment title: Information
Assignment 1
Module: Database Management and Governance (CI7300)
Dates: 14th March – 19th March 2016
Coursework B
Data Governance Exercise
General Directions: Please submit through turnitin as ONE document.
Coursework B Deadline: 18\4\2016 by 10:00
Part 1 (50% of the overall Coursework B marks) Dr JC Nebel
Assignment:
In 1996, the United Kingdom government adopted a classified cipher, 'Red Pike', for potential use by the NHS.
Since Red Pike is classified, information about the cryptographic algorithm is very limited. For example, the whole Wikipedia page (on 26th February 2013) only contains these few lines:
"Red Pike is a classified United Kingdom government cipher, proposed for use by the National Health Service by GCHQ, but designed for a "broad range of applications in the British government". Little is publicly known about Red Pike, except that it is a block cipher with a 64-bit block size and 64-bit key length. According to the academic study of the cipher cited below and quoted in a paper by Ross Anderson and Markus Kuhn, it "uses the same basic operations as RC5" (add, XOR, and left shift) and "has no look-up tables, virtually no key schedule and requires only five lines of code"; "the influence of each key bit quickly cascades" and "each encryption involves of the order of 100 operations".
Red Pike is available to approved British government contractors in software form, for use in confidential (not secret) government communication systems. GCHQ also designed the Rambutan cryptosystem for the same segment."
However, the lack of technical knowledge about this cipher has not prevented academics and experts to discuss its strength and weaknesses. For example a quick web search - using the keywords "red pike" AND "cipher" – returns a few relevant entries including:
- The GCHQ Protocol and Its Problems by R Anderson, M Roe.
- Problems with the NHS Cryptography Strategy by R Anderson.
- Red Pike -- An Assessment by C Mitchell, S Murphy, F Piper, P Wild.
- The use of encryption and related services with the NHSnet by Zergo Limited.
In this assignment, you are required to discuss, first, the strengths and weaknesses of using a classified cipher, such as Red Pike for an organisation such as the NHS. Secondly, based on the limited technical information known about Red Pike, you should assess if today Red Pike would still be a safe cipher. Finally, if the NHS asked you to introduce a new cryptography system tomorrow, which cipher(s) would you recommend? Your choice must be justified.
1. Report Structure
1.1 Contents
The assignment should have the following contents:
1- Title page (your name, university and school name, course name, title of your assignment and date)
2- Contents page
3- Introduction
a. Background part1: the need of a cryptography system in the NHS
b. Background part2: brief description of Red Pike
c. The issues which are discussed in your report
d. The structure of your report
e. The summary of the conclusions reached.
4- Sections
5- Conclusion
6- References and / or bibliography
References: material you have cited
Bibliography: sources material you have read but not have the opportunity to quote.
1.2 Sections
For example you can follow this section sequencing:
Section 2: the strengths and weaknesses of using a classified cipher, such as Red Pike for an organisation such as the NHS
Section 3: the theoretical safety of Red Pike today
Section 4: describe and justify what cryptography system you would recommend to the NHS
1.3 Report Length
You should write about 1500 words excluding figures.
2. Marking Criteria
Mark out of 100
• For the introduction and conclusion. 15%
• For the structure, organization, presentation, use of resources and references and word limit. 10%
• For the sections: 75%
o the strengths and weaknesses of using a classified cipher, such as Red Pike for an organisation such as the NHS. 30%
o the theoretical safety of Red Pike today 15%
o describe and justify what cryptography system you would recommend to the NHS
30%
Part 2 (50% of the overall Coursework B marks) Dr Nada Philip
1- Identity Theft and Networking security Assignment:
Select an identity theft and networking security breach stories from the media or from the literature or stories you heard of or experienced.
In order to contain the scope of the assignment, it is suggested you focus on two issues for the Health Information Governance and two issues for Networking Security in the selected story or stories.
And identify the following:
• The strength and weaknesses of the approach that was adopted. Describe the symptoms of what went well or badly.
• What the theory and standards suggest you should do. Based on the course materials or other sources, describe what the theory suggests that you should do.
• Say what you would do if you had time again or if faced with the same problem of Health information governance and network security.
Report Structure
Contents
The assignment should have the following contents:
7- Title page (your name, university and school name, course name, title of your assignment and date)
8- Contents page
9- Introduction
a. Background: summary about your story/case study (or stories/case studies)
b. Which of the issues of the Health Information Governance and the Networking security you are going to write about
c. The approach you intend to adopt in your assignment (the following sections contents)
d. The summary of the conclusions reached.
10- Sections
11- Conclusion
12- References and / or bibliography
References: material you have cited
Bibliography: sources material you have read but not have the opportunity to quote.
Sections
For example you can follow this section sequencing:
Section 2: describe what the strengths and weaknesses were of the approach adopted against the four issues being described
Section 3: describes what the theory and standard suggest
Section 4: describes what the approach you will adopt in the future
Report Length
You should write about 2000 words excluding figures.
Marking Criteria
Mark out of 100
• For the introduction and conclusion: 15%
• For the structure, organization, presentation, Use of resources and references and word limit. 10%
• For the sections of (identity theft/network security) issues: 75%
o The strengths and weaknesses of the approach that was adopted. Describe the symptoms of what went well or badly. 20%
o What the theory suggests you should do. Based on the course materials or other sources, describe what the theory suggests that you should do. 20%
o Say what you should do if you had time again or if faced with that same problem of health information governance or network security in future. 35%
Some resources that can help with accomplishing the report:
BBC news:
http://www.bbc.co.uk/news/uk-england-surrey-15176343
http://news.bbc.co.uk/1/hi/7158019.stm
http://news.bbc.co.uk/player/nol/newsid_7150000/newsid_7158000/7158065.stm?bw=bb&mp=wm&asb=1&news=1&bbcws=1
NIH Information Security Awareness training
http://irtsectraining.nih.gov/CSA/0100005.aspx (all seven sections)