QCAA Digital Solutions Digital methods for exchanging data

A checksum algorithm would be used to inspect the binary representation of auction data. If the checksum from the user is different from the checksum on the server, it means that the data has been corrupted or manipulated.

Encryption would be used to scramble the auction data to make it impossible to read in transit, but allowing it to be decrypted by the authorised recipient with a secret key.

Authentication would be used to verify the identity of the participant by using a digital signature or authentication code. A digital signature confirms that the bidder is who they say they are.

I would recommend AES for encrypting auction data to avoid a security breach. AES supersedes DES and 3DES and uses 128-bit blocks with 128, 192 and 256-bit encryption keys, whereas DES and 3DES use 64-bit blocks and key encryption. DES and 3DES are older ciphers and easily cracked in as little as one day, which would provide an opportunity for a hacker to gain access to auction data before the bids are revealed.

Two network transmission protocols are HTTP and HTTPS.
HTTP (hypertext transfer protocol) transfers data as text and offers no encryption and no authentication. This can be intercepted so should not be used for transferring data between websites.
In contrast, HTTPS (HTTP secure) uses a range of encryption protocols, e.g. TLS standard and certificates to confirm the identity of the server, making it the more secure option.

A data confidentiality risk is the possibility that an unauthorised person could observe the user data in transit. For example, the app requires a password for the user to log in and the data would need to be encrypted so that it cannot be stolen.

A data integrity risk is the possibility that the data could become corrupted, lost or be maliciously manipulated. For example, the wrong car might be unlocked or a hacker might use the data to cause distress.

A data availability risk is the possibility that someone may interfere with transmission to prevent data packets from reaching the intended destination, allowing them to access the person's car so that they can steal it.

Australian Privacy Principle: Security of personal information. Allow an administrator to de-identify or destroy personal information once it is no longer in use.

Ethical consideration: Security of personal information is important if the user sells their car, or if the car is no longer in use. The user should not be getting unnecessary calls or marketing materials for a service they no longer use or for a car they no longer own, and it would be unsafe for the original owner to still have access to the vehicle once it has been sold.

ABC DE FG H I J K L M N O P Q R S T U V W X Y Z

BEGIN
INPUT string plainText
INPUT int keyShift
SET string alphabet =ABCDEFGHIJKLMNOPQRSTUVWXYZ
SET encryptedText = ""
    FOR each character in plainText
        SHIFT character by keyShift
        APPEND letter to encryptedText
    END FOR
    RETURN encryptedText
END