Assignment 2
Objective
To explore the latest security related development in electronic commerce.
Instruction
• •
This assignment is group based with a maximum of 3 members in a group.
There are two tasks which are preferred in the same topic: Part I: Report (20 marks) Part II: Programming (15 marks) Option 1: Design a set of small client-server programs implementing a certificate scheme. Option 2: Design and Implement your own security algorithm (with extra 3 marks bonus).
Submission details
• • • • •
Due date: Midnight Sunday (week 12), i.e., 23:59 sharp, 27 May 2012. The assignment is submitted via Weblearn. Report must be submitted in HTML or PDF format. Programming languages HTML, JavaScript and PHP are preferred. Each submission must include the file readme.txt in the following format: StudentID: [your Student ID - without the initial "S"] Login: [your CS username] Name: [your full name] Partner Name: [your team member’s name] Partner ID: [your team member’s Student ID] Topic: [your report topic] Notes: [any other relevant information]
•
The name of the file must be lowercase readme.txt and the character set used must be viewable from a text viewer like VIM or VI.
Note that
• • • • •
Each group will demonstrate (main work using ppt & programming) on weeks 11&12. Groups demonstrate on week 11 get 2 marks bonus. A penalty of 10% per day of the total marks applies for each day if submission is late. Submissions received more than five days late will receive zero marks. All work will be checked for plagiarism and incorrect referencing, and it is your responsibility to adhere to the School guidelines. See: http://www.cs.rmit.edu.au/students/integrity/
Specification:
Provide a report on the security related event of electronic commerce. The minimum length is 2500 words (figure&reference are not counted). At least 10 publications on books, referred academic journals or conferences are cited. And at least 5 of them are in or later 2008. The report should take the format of IEEE. You can find the publications from Google Search and IEEE Academic Publications Database via RMIT Library. For option 1 in part II, the report should comprise: o Introduction. o Background and related work. Information needed on a certificate? Why each part is needed? Why is it important to have a revocation list? How does this work in real life implementations? Is it possible for you to manage revocation centrally? Why? What happens if someone’s private key is compromised? Is there a way to manage this theoretically? Describe how. o Experimental results (your programming part fits here). Describe and implement the certificate (should be designed from sketch). What programming language you used. You can look at OpenSSL, as most of the options can be done by it. X.509 file formatting is not required. You should use your own simplified format – as long as you can read back what you wrote, and it is ‘printable’. o Conclusion and future work. Note that: Use external library, e.g. java.security.cert which can generate certificate automatically, is not allowed. For option 2 in part II, choose one main reference and investigate its security related algorithms carefully. Then the report should comprise: o Introduction. o Background and related work. What is the issue investigated in the reference. What is the security problem? How the problem being solved. o Proposed algorithm. Design your own algorithm to improve on what is presented in the reference. o Experimental results (your programming part fits here). Use examples to illustrate why and how your scheme works effectively in terms of security. Security analysis. Compare your proposed algorithm with that shown in the reference. o Conclusion and future work. Suggested areas: o Secure mobile payment process o Ubiquitous healthcare data protection o Privacy in mobile government o Security and privacy in cyber physical systems
Marking guide for option 1: Part I Report (20 marks) o Report and programming are in the same topic o What is the PKI, security certificate, revocation o How it delivers security requirements (SSL, CAs) o Programming summary o Your summary and future work o Reference and format 2 marks 4 marks 4 marks 3 marks 3 marks 4 marks
Part II Programming (15 marks) o Users can create their own certificate 3 marks o Read/display the contents of a certificate 2 marks o Only certificate owner manages the keys 3 marks o Certificate manager: Certifying Authority signs a certificate and sends it back to the client. This incorporates some way of managing CAs as well (ie. a central CA list somewhere, how long are certificates valid for) 4 marks o Client can display the certificate and its content to ANY user. 3 Marks Marking guide for option 2: Part I Report (20 marks) o Report and programming are in the same topic o What is the state-of-the-art in the related area o How existing research publications address the vulnerability o How your propose to improve on the security o Programming summary o Your summary and future work o Reference and format Part II Programming (15 marks+ 3 marks bonus) o Implement the algorithm in the main reference o Use examples to illustrate why/how your scheme works o Compare the results: your vs. algorithms in reference The possible improvement to consider: o Have both sides contribute to the session key o Bundle mobile, SIM card information with PIN for authentication Note that: Option 2 is prepared for potential research. Students have the knowledge of research methods are suggested to choose Option 2. You can further explore security component in the area you have investigated. The maximum possible mark is 40: o Basic report o Basic programming o Choose to Design and Implement your own security algorithm o Demonstration on week 11
2 marks 2 marks 3 marks 3 marks 3 marks 3 marks 4 marks
5 marks 8 marks 5 marks
20 marks 15 marks 3 marks 2 marks
You May Also Find These Documents Helpful
-
This is our first individual assignment for Programming unit this semester. This assignment was given in December 2013, and submission date is on 10th February 2014.…
- 1859 Words
- 8 Pages
Good Essays -
E-commerce networks are prone to external attacks. They present large targets with valuable internal data, such as customer information, credit card numbers and bank accounts, supply chain information, pricing, and so on. They must allow legitimate, worldwide users to connect and interact with the network. Speed is a priority to end users, where long transaction times or slow site navigation will motivate them to move to a different vendor. Security is another priority. Customers must be assured that their privacy and confidential information will remain intact and guarded.…
- 890 Words
- 4 Pages
Better Essays -
| The main objective of information security is to preserve the availability, integrity, and confidentiality of information and knowledge of an organization.Answer…
- 357 Words
- 2 Pages
Satisfactory Essays -
Lesson 7: E-commerce security and controls Access control: Mechanism that determines who can legitimately use a network resource. Active tokens: Access token Authentication: Process to verify the real identify of an individual, computer, computer program, or EC website. Authorization: Determines whether a buyers card is active and whether the customer has sufficient funds. Biometric systems: Authentication systems that identify a person by measurement of biological characteristic, such as fingerprints, iris patterns, facial features, or voice. Biometric control: An automated method for verifying the identity of a person based on physical or behavioral characteristics. Botnet: A huge number of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet. Business continuity plan: A plan that keeps the business running after a disaster occurs. Each function in the business should have a valid recovery capability plan. Certificate authority (CA): Third parties that issue digital certificates. Ciphertext: a plaintext message after it has been encrypted into a machine-readable form. Confidentiality: Assurance data privacy and accuracy. Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes. Cybercrime: Intentional crimes carried out on the Internet. Cybercriminal: A person who intentionally carries out crimes over the Internet. Crackers: A malicious hacker who may represent a serious problem for a corporation. Cryptography: is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Data breach: A security incident in which sensitive, protected, or confidential, data is copied transmitted, viewed, stolen, or used by an individual unauthorized to do so. Denial-of-service (DoS) attack: An attack on a website in which an attacker uses specialized software to send a…
- 3983 Words
- 11 Pages
Powerful Essays -
UNIVERSITY OF WATERLOO CS 350 MIDTERM :: SPRING 2012 Date: Monday, June 25, 2012 Time: 7:00 – 8:50 pm Instructor: Dave Tompkins Exam Type: Closed book Additional Materials Allowed: none Last Name: SOLUTION First Name: ____________________________ Student #: __ __ __ __ __ __ __ __ UW Login: __ __ __ __ __ __ __ __ Signature: ____________________________ Question Out…
- 2644 Words
- 19 Pages
Powerful Essays -
I will then prepare a presentation that describes the kinds of actions that various organisations take to reduce security risks from operating online. I will then explain the competitivepressures on selected contrasting businesses organisations to develop their use of e-business. I will then take two contrasting businesses and explain using examples, how they have responded to competitive forces to develop their use of e-business. I will then be evaluating how successful a particular business organisation has been preparing for the growing use of e-business. I will finally prepare an outline personal development plan for sales staff that is unfamiliar with internet business.…
- 6979 Words
- 28 Pages
Powerful Essays -
1. What are the relative advantages and disadvantages of at least three different measures used to protect operating systems?…
- 369 Words
- 2 Pages
Satisfactory Essays -
Ethics. A requirement for passing this course is academic honesty and integrity. Failure to demonstrate honesty and integrity will result in a grade of F. In the case of team assignments team members can collaborate to develop a consensus solution. In the case of take home examinations, the work should be to student’s own work without consultation with other students.…
- 1506 Words
- 7 Pages
Satisfactory Essays -
Layton, Timothy P. (2007). Information Security: Design, Implementation, Measurement, and Compliance. Boca Raton, FL: Auerbach publications.…
- 1841 Words
- 8 Pages
Powerful Essays -
This paper will describe the security monitoring activities that should be implemented and carried out in an organization on both internal and e-commerce applications. Managing risk is very crucial and plays an integral part in an organization especially to those that considers data as one of their asset. In this time and age, good risk management is the basis in achieving good business and attaining the company’s goals high ROI (Return On Investment).…
- 1074 Words
- 5 Pages
Better Essays -
The difference between laws and ethics is laws are mandated and ethics are the basis of laws and the “right or wrongs” a person believes in.…
- 810 Words
- 4 Pages
Good Essays -
IS3440 Final Exam Review IS3440 Final Exam Review skong@itt tech.edu skong@itt‐tech.edu CIA triad CIA triad Remote Access Remote Access Virtualization OSSTMM WINE Access control Access control Authentication Databases Authentication Databases Firewall support Firewall support /etc/sudoers /etc/passwd /etc/login.defs PAM Edit /etc/sudoers Edit /etc/sudoers file FHS FHS recommended to locate configuration files in the /etc/ path FHS /etc/fstab Samba Encrypted Partitions and Volumes Encrypted Partitions and Volumes…
- 449 Words
- 2 Pages
Satisfactory Essays -
* It can be seen clearly that the Internet has developed with a very high speed in many recent years. In the 80s of last century, the Internet was only used in US army, but nowadays, the Internet has come to every country, every home and everyone. However, such fast develops also go along with the increasing number of security issues from the Internet. Therefore there is a need to find a security solution for this issue and that is the season why Internet Protocol Securities exists.…
- 2720 Words
- 11 Pages
Powerful Essays -
Security is the most important part of an operating system when it comes to keeping the system and its information safe. There are various aspects to the security piece in an operating system; which are protocols, kernel and encryption. The UNIX/LINIX, Apple and Windows Server 2008 all have protocol, kernel and encryption features. These features need to be enabled to the highest level in order to have the most security for each of these operating systems. Even though some of these features are already enabled to some level by default, the security level still can be raised for more protection. Starting with the UNIX/LINUX versus Apple operating systems, the most secured versions of these operating systems will be used to demonstrate which is more secured. There are two aspects of these operating systems, desktop and server, however we will stay with the desktop versions of these operating systems. This will allow a more forward approach, so that it will be more understandable for the end user. The LINUX Red Hat Enterprise edition offers the most security of any of the other editions of UNIX/LINUX desktop versions. The protocols of this operating system offer some level of security but there are no new approved security measures built into the security stack. This allows hackers/attacker to be able to gain access easier than newer security measures. One of the newest measures of security in LINUX is SELinux this includes enhancements to the kernel in the LINUX operating system. It provides a security measures that enables access control security policies. This level of security also includes MAC (mandatory access controls) which is a government style level of security measure. This kernel security measure is the highest level of security that this operating system has to offer. When looking into the Apple operating system, OS X offers the most protection of any version of Apple operating system. One of the main security…
- 642 Words
- 3 Pages
Good Essays -
CSE 3482 Introduction to Computer Security Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2014 Learning Objectives Upon completion of this material, you should be able to: • Describe the key security requirements of confidentiality, integrity and availability (CIA). • Describe the CNSS security model (McCumber Cube). • Identify today’s most common threats and attacks against information. • Distinguish between different main categories of malware. Required Reading Computer Security, Stallings: Chapter 1…
- 1155 Words
- 11 Pages
Satisfactory Essays