首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
INTE2401代写、代做Java设计程序
项目预算:
开发周期:
发布时间:
要求地区:
School of Computing Technologies
INTE2401/2402 Cloud Security
Assignment 3
Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment 3.
Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.
Due date: Week 12, Sunday the 2nd June 2024 11:59pm
As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.
Weighting: 35 marks (Contributes 35% of the total Grade)
1.Overview
The objective of Assignment 3 is evaluating your knowledge on the topics covered mainly from Lecture 9 to 11. Topics include Data Privacy Protection Techniques, AWS Identity Management and Database Security, and AWS VPN and Firewall Practices. However, topics covered from Lecture 1 to 8 are required as prerequisite. Assignment 3 will focus on developing your abilities in application of knowledge, critical analysis, decision making and using AWS security services. Assignment 3 contains several problems related to the topics mentioned above. You are required to prepare your answers and programming codes, videos and upload them as a single zip file in CANVAS.
In this assignment, there are 4 (four) questions in total.
Question Q1 is about how to protect cloud data privacy with Homomorphic Encryption. To protect our data privacy in cloud and meanwhile allow the cloud server to process our data, the best solution is using homomorphic encryption scheme, e.g., Paillier encryption scheme, to protect our data in the cloud. In this question, you are expected to understand how homormphic encrytion technique can be used to protect your data privacy in Cloud and analyse data privacy.
Question Q2 is about Key Recovery with Shamir Secret Sharing. In Question Q1, the decryption key of homomorphic encryption is required when decrypting the ciphertexts downloaded from the cloud. If you lost your decryption key, you would lose all of your date stored in the cloud. In this question, you are expected to use Shamir’s secret sharing scheme to recover your decryption key of homomorphic encryption.
Question 3 is about Secure Data Management via Amazon S3. Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. In this question, you are expected to demonstrate your understanding of how to create three secure buckets in Amazon S3 to keep the data from the three departments of a company, respectively.
Question Q4 is about AWS Virtual Private Network (AWS VPN). AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS resources in your on-premises network. With Client VPN, you can access your resources from any location using an OpenVPN-based VPN client. Client VPN offers the following features and functionality: secure connections, authentication, granular control, ease of use and etc. In this question, you are expected to demonstrate your understanding of how to create an AWS VPN server for a company and allow the staff of the company to get access to the AWS VPN server and then AWS VPC.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture 9 (in Week 9). At the end of each week starting from Week 9 to Week 11, you should be able to solve at least one question.
If there are questions, you may ask via the relevant Canvas discussion forums in a general manner.
2.Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
Demonstrate knowledge of cloud security principles and mechanisms
Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure
Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing
Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing
Demonstrate knowledge and skills to prepare for industry cloud security certificate exams, e.g. CCSK, CCSP.
Communicate clearly and effectively using the technical language of the field correctly.
3.Submission
You must follow the following special instructions:
You must use the values provided in the questions.
Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word).
You are required to show all of the steps and intermediate results for each question.
For Questions 3 and 4, use screen shots to show clearly the outcome of each step you took to arrive at your answers. And, also include videos to demonstrate your configurations.
Upload your answers together with programming codes and videos as a single zip file in CANVAS.
This assessment will determine your ability to:
Follow requirements provided in this document and in the lessons.
Independently solve a problem by using security concepts, principles and mechanisms taught over the course.
Meeting deadlines.
After the due date, you will have 5 business days to submit your assignment as a late submission. Late submissions will incur a penalty of 10% per day. After these five days, Canvas will be closed and you will lose ALL the assignment marks.
4.Assessment details
Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q4) are provided in the next page.
Q1. Data Privacy Protection with Homomorphic Encryption (Marks: 2+2+2+2+2=10)
In cloud computing, you may store your data in cloud. Although the cloud server is able to protect your data against various attacks from the outside, it cannot guarrantee your data privacy if your data is not encrypted by youself. The cloud data administrator may be able to get access to your plain data stored in cloud and reveal the privacy of your data. To protect your data privacy in cloud and meanwhile allow the cloud server to process your data, the best solution is using homomorphic encryption scheme, e.g., Paillier encryption scheme, to protect your data in the cloud as shown in Figure 1.
Assume that you want to store your monthly incomes in the first quarter in the cloud and decide to use the Paillier encryption scheme to encrypt the incomes and upload them to the cloud.
(1)Use the tool https://www.mobilefish.com/services/rsa_key_generation/rsa_key_generation.php to generate your public key for Paillier encryption and determine your private key for Paillier decryption. The size of the modulo is required to be 1024 bits.
(2)Use your public key to encrypt your monthly incomes from January to March and upload the ciphertexts to the cloud. Assume that your monthly income is MD5(your student ID||the month) (mod 10000). What are the three ciphertexts?
(3)How does the cloud server compute the encryption of the sum of your monthly salaries for these 3 months (assume that the cloud server returns one encrypted result to you)? What is the ciphertext computed by the cloud server?
(4)How do you decrypt the encrypted result to get the sum of your monthly salaries for these 3 months? Show the steps in detail.
(5)Implement Paillier encryption algorithm (submit your code) and verify your encryption results in (2).
Q2. Key Recovery with Secret Sharing (Marks: 2+2+2+2+2=10)
In Question Q1, the decryption key of homomorphic encryption is required when decrypting the ciphertexts downloaded from the cloud. If you lost your decryption key, you would lose all of your date stored in the cloud.
In order to be able to recover your decryption key, suppose that you decide to use Shamir’s secret sharing scheme. Shamir's Secret Sharing is an approach to share secret, where a secret is divided into parts, giving each participant its own unique part. To reconstruct the original secret, a minimum number of parts is required.
Following Shamir’s secret sharing scheme, suppose that you divide your decryption key into 4 parts, storing 4 parts in four different clouds as shown in Figure 2. If you lost your decryption key, you should be able to recover it with any 3 parts.
(1)Select a suitable polynomial (using your student ID as one of the coefficient and determining what Paillier key parameter in Question 1 should be considered as the secret);
(2)Divide your Paillier key parameter into 4 shares (assume uploading them onto 4 different clouds, respectively);
(3)Recover your Paillier key parameter with any 3 of 4 shares (show the steps in detail);
(4)Implement (1)-(3) with JavaScript (submit your codes);
(5)Analyse the security of your Paillier key parameter in the case of 2 of the 4 clouds collude to derive your decryption key.
Q3. Secure Data Management via Amazon S3 (Marks: 2+2+2+2+2=10)
Overview
“Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements”.
AWS S3 Developer Guide
This task requires you to demonstrate your knowledge of cloud security principles by creating secure buckets in Amazon S3.
Task
Suppose that you are an IT manager for a company with three departments – marketing, sales and services. The CEO of the company decides to move all company data to Amazon Simple Storage Service (Amazon S3).
For this purpose, you are required to create three buckets in Amazon S3 to keep the data from the three departments, respectively, as shown in Figure 3.
Questions
Assume that Alice, Bob are two staff in the marketing department, Smith and Turdy are two staff in the sales department, and Charlie is a staff in the service department.
3.1. In order for the five staff to upload and download data to and from Amazon S3, create user accounts for them (please name the user with your student ID + a, b, c, d, or e, e.g., s1234567a).
3.2. In order to protect data privacy between departments, different department buckets should be encrypted by different secret keys. Generate the marketing key, the sales key, and the services key, respectively.
3.3 Allow Alice and Bob to access the marketing key, Smith and Trudy to access the sales key, and Charlie to access the services key.
3.4 Create three buckets in S3 for the marketing, sales and services departments, respectively.
3.5 Encrypt the marketing, sales and services department buckets with the marketing key, the sales key, and the services key, respectively.
For Question 3.1 to 3.5, use screen shots with a video to show clearly the outcome of each step you took to arrive at your response.
Your responses will be assessed for clarity, completeness and correctness.
Q4. Create AWS Client Virtual Private Network (Marks: 1+1+1+1+1=5)
Overview
“AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS resources and resources in your on-premises network. With Client VPN, you can access your resources from any location using an OpenVPN-based VPN client.”
AWS Client VPN Guide
This task requires you to demonstrate your knowledge of cloud security principles by setting up and configuring a VPN Server using AWS Client VPN.
Task
Suppose that you are the IT Manager for ABC Bookshop PTY LTD. ABC Bookshop has decided to move all services including its web server and databases to Amazon Virtual Private Cloud (VPC). As the IT Manager, your job is to set up an AWS VPN Server. You are then required to configure this server so that staff are able to access the server and then the Virtual Private Cloud (VPC). Please see Figure 4 for the AWS architecture diagram representing the final solution.
Questions
4.1 Create an AWS VPN Server in AWS.
4.2 Configure the AWS VPN Server connection.
4.3 Setup a password for your staff to get access to the AWS VPN Server. The password should be your student ID.
4.4. Demonstrate admin login and client login to the AWS VPN Server.
4.5 Jane, the CEO of Bookshop PTY LTD is concerned about the security of the VPN solution. Explain to Jane how secure your solution is.
For Question 4.1 to 4.4, use screen shots with a video to show clearly the outcome of each step you took to arrive at your response.
Your responses will be assessed for clarity, completeness and correctness.
5.Academic integrity and plagiarism (standard warning)
Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:
Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods.
Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.
If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.
RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including:
Failure to properly document a source
Copyright material from the internet or databases
Collusion between students
For further information on our policies and procedures, please refer to the University website.
6.Assessment declaration
When you submit work electronically, you agree to the assessment declaration.
7.Rubric/assessment criteria for marking
All of the computations must be correct and only provided values must be used. Instructions must be followed.
Criteria
The characteristic or outcome that is being judged. Total
Question 1
Data Privacy Protection with Homomorphic Encryption Questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
All of the computations, implementation are shown correctly in detail. Any 4 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
The computations, implementations in 4 questions are shown correctly in detail.
Any 3 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
The computations, implementations in 3 questions are shown correctly in detail.
Any 2 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
The computations, implementations in 2 questions are shown correctly in detail.
Any 1 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations or implementations.
The computations, implementations in 1 question are shown correctly in detail. Answer is not correct
Question 2
Key Recovery with Secret Sharing Questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations, implementations.
All of the computations, implementation and security analysis are shown correctly in detail. Any 4 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
The computations, implementations and/or security analysis in 4 questions are shown correctly in detail.
Any 3 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
The computations, implementations and/or security analysis in 3 questions are shown correctly in detail.
Any 2 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations and implementations.
The computations, implementations and/or security analysis in 2 questions are shown correctly in detail.
Any 1 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail computations or implementations.
The computations, implementations, or security analysis in 1 question are shown correctly in detail.
Answer is not correct
Question 3
Secure Data Management via Amazon S3 Questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
All of the implementations are shown correctly in detail.
Any 4 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations in 4 questions are shown correctly in detail.
Any 3 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations in 3 questions are shown correctly in detail.
Any 2 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations in 2 questions are shown correctly in detail.
Any one of questions (1)-(5) is answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations in 1 question are shown correctly in detail.
Question 4
Create AWS Client Virtual Private Network Questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
All of the implementations and security analysis are shown correctly in detail.
Any 4 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations and/or security analysis in 4 questions are shown correctly in detail.
Any 3 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations and/or security analysis in 3 questions are shown correctly in detail.
Any 2 of questions (1)-(5) are answered correctly.
Step-by-step processes are shown with detail implementations.
The implementations and/or security analysis in 2 questions are shown correctly in detail.
Any one of questions (1)-(5) is answered correctly.
Step-by-step processes are shown with detail implementations.
The implementation or security analysis in 1 question is shown correctly in detail.
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
代做 program、代写 c++设计程...
2024-12-23
comp2012j 代写、代做 java 设...
2024-12-23
代做 data 编程、代写 python/...
2024-12-23
代做en.553.413-613 applied s...
2024-12-23
代做steady-state analvsis代做...
2024-12-23
代写photo essay of a deciduo...
2024-12-23
代写gpa analyzer调试c/c++语言
2024-12-23
代做comp 330 (fall 2024): as...
2024-12-23
代写pstat 160a fall 2024 - a...
2024-12-23
代做pstat 160a: stochastic p...
2024-12-23
代做7ssgn110 environmental d...
2024-12-23
代做compsci 4039 programming...
2024-12-23
代做lab exercise 8: dictiona...
2024-12-23
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!