August 9, 2011 – Mark's IT Blog

FIT5037 – Advanced Network Security Week 2

Miller-Rabin Python Implementation (slow but readable):

http://mchost/sourcecode/Miller-Rabin.py

As with my other subjects for week 2 I was absent for Adv. Network Security so this will be a summary of the lecture notes and reading materials. The title for this weeks lecture was ‘Adv. Cryptology, RSA and its implementation’. Considering the extensive assignment we completed last semester on PGP/GPG and it’s utilization of the RSA public key system, this will most likely be somewhat of a revision. I wrote a summary of the RSA system in that assignment which is will paraphrase below:

Generating Public and Private Keys (RSA):

Step 1: Generate two prime numbers

n = pq (let’s make p = 5 and q = 7)

5 * 7 = 35

n = 35

Step 2: Calculate the totient of n

φ(n) = (p – 1)(q – 1), φ is Euler's totient function

(5 - 1)(7 - 1)

φ(n) = 24

Step 3: Choose an integer, e, that is between 1 and φ(n) and co-prime with φ(n)

1 ,2 , 3 and 4 are not co-prime, however 5 is.

Let e = 5.

(e, n), (5, 35) is the public key.

Step 4: Using the public key and p*q (n), find the private key, d by finding the modular multiplicative inverse of e (mod(φ(n))

    d = e^–1 mod φ(n)

    d = 5^-1 mod φ(24)

Apply the Extended Euclidean algorithm (see http://mchost/sourcecode/eea.py)

    d = 29

public key = (5, 35)

private key = (29, 35)
 The encryption process for RSA is as follows:
    plaintext message = m, public key = (e, n)
    m^e mod(n) = cypher-text

The decryption process follows as:
    cypher-text message = c, private key = (d, n)
    c^d mod(n) = plaintext message

Signing of documents can be done, ideally using a hash function, a private key and a trusted certificate for the public key:
plaintext message = m, public key = (e, n), private key = (d, n)

hashFunction(m)^d mod(n) = signature

A recipient can confirm the signature with the following process:
    signature^e mod (n) = hashFunction(m)

The lecture notes explain these processes with much more correct mathematical notation, however this is the easiest way for me to express the process.

Also discussed in the lecture was a topic generating and tesing prime numbers. I did not complete strong analysis of ths process in the past semester. The Miller-Rabin test was introduced here. As per usual I find the easiest way to get my head around mathematical algorithms is not reviewing the mathematical proof/concept but by writing a script implementing the algorithm: http://mchost/sourcecode/Miller-Rabin.py

FIT5185 – IT Research Methods Week 2

Unfortunately I was absent for week 2 of IT Research Methods and the lecture delivered by Prof. David Arnott. The lecture was focussed on the initial stages to any research project, literature review.

Thematic Analysis – Qualitative in nature, classifying papers according to themes that are relevant to your research project.
Bibliographic Analysis – Quantitative in nature, using citation and/or content analysis. (rarely used in IT research)

A question posed at the start of the lecture; what is scientific evidence? Journal and conference papers along with websites, blogs, book and trade magazines were listed as possibilities. Before reading through the lecture I feel that any of these mediums could qualify as scientific evidence. Peer reviewed academics articles would however present a much more filtered source with blogs and websites most likely containing much more refutable contentions. It seems unwise to completely discount a source of information purely on the ground that it is a blog or website though.

The notes go on to present a rating system for journals, A, B and C, the A listers being:

Decision Support Systems
European Journal of Information Systems
Information and Management
Information Systems Journal
Information Systems Research
Journal of Information Technology
Journal of Management Information Systems
Journal of the Association for Information Systems
MIS Quarterly

The aim of a literature review can be summarized as:

Synthesis of articles
Define and understand relevant controversies
Based on critical review (note notes or observations)
Reads like an essay (but can use tables)

It seems that the thematic method of literature review is the avenue we will be encouraged to follow, which seems quite reasonable. Thematic review can be author and/or topic centric. Author centric review would only be appropriate in very limited niche topics where the published articles are by a limited number of researchers. When taking on topic centric review, creating a table with concept categorization for articles is recommended:

conceptMatrix — Webster & Watson Concept Matrix - Source week 2 lecture notes

Some questions are presented at the close of the lecture (which I imagine were answered in the lecture):

How long should a lit review be?
How many papers should be reviewed?
What tense should be used?
Which citation methodology? APA/Harvard?

I will have to follow up on these in the coming tutorial.

Finally there was a youtube video listed in the review materials for the week which included some good points:

What is the purpose of a literature review?

Summarized what has been researched before
Highlights the research gaps that you will aim to fill
Why it is necessary to fill those gaps
Set the scope of your research

Scope and length? – Does it need to be everything you know? No, the current state of the theory. Length requires discussion wit supervisor, but consider this is a summary of current research. Summary of existing knowledge, review of current research.
Look for flaws, disagreement among researchers.
Sources – Refereed international journals, Books/Chapters, national journals, conference papers, non-refereed articles.
Review of instruments – What are you using to gather data to support your hypothesis, are they an acceptable source, why?

Basic Framework:

Introduction
Broader Communication Issues
Likely Causes (Attack methods/motivations/scenarios)
Mitigation Methods
Summary of literature
Research aims

Make a check list for evaluating articles!