Top-Rated Free Essay
Preview

Software Security

Powerful Essays
996 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Software Security
Secure Electronic Commerce (INTE1070/1071) – 2012s1
Assignment 2

Objective
To explore the latest security related development in electronic commerce.

Instruction
• •

This assignment is group based with a maximum of 3 members in a group.

There are two tasks which are preferred in the same topic: Part I: Report (20 marks) Part II: Programming (15 marks) Option 1: Design a set of small client-server programs implementing a certificate scheme. Option 2: Design and Implement your own security algorithm (with extra 3 marks bonus).

Submission details
• • • • •

Due date: Midnight Sunday (week 12), i.e., 23:59 sharp, 27 May 2012. The assignment is submitted via Weblearn. Report must be submitted in HTML or PDF format. Programming languages HTML, JavaScript and PHP are preferred. Each submission must include the file readme.txt in the following format: StudentID: [your Student ID - without the initial "S"] Login: [your CS username] Name: [your full name] Partner Name: [your team member’s name] Partner ID: [your team member’s Student ID] Topic: [your report topic] Notes: [any other relevant information]



The name of the file must be lowercase readme.txt and the character set used must be viewable from a text viewer like VIM or VI.

Note that
• • • • •

Each group will demonstrate (main work using ppt & programming) on weeks 11&12. Groups demonstrate on week 11 get 2 marks bonus. A penalty of 10% per day of the total marks applies for each day if submission is late. Submissions received more than five days late will receive zero marks. All work will be checked for plagiarism and incorrect referencing, and it is your responsibility to adhere to the School guidelines. See: http://www.cs.rmit.edu.au/students/integrity/

Specification:
Provide a report on the security related event of electronic commerce. The minimum length is 2500 words (figure&reference are not counted). At least 10 publications on books, referred academic journals or conferences are cited. And at least 5 of them are in or later 2008. The report should take the format of IEEE. You can find the publications from Google Search and IEEE Academic Publications Database via RMIT Library. For option 1 in part II, the report should comprise: o Introduction. o Background and related work. Information needed on a certificate? Why each part is needed? Why is it important to have a revocation list? How does this work in real life implementations? Is it possible for you to manage revocation centrally? Why? What happens if someone’s private key is compromised? Is there a way to manage this theoretically? Describe how. o Experimental results (your programming part fits here). Describe and implement the certificate (should be designed from sketch). What programming language you used. You can look at OpenSSL, as most of the options can be done by it. X.509 file formatting is not required. You should use your own simplified format – as long as you can read back what you wrote, and it is ‘printable’. o Conclusion and future work. Note that: Use external library, e.g. java.security.cert which can generate certificate automatically, is not allowed. For option 2 in part II, choose one main reference and investigate its security related algorithms carefully. Then the report should comprise: o Introduction. o Background and related work. What is the issue investigated in the reference. What is the security problem? How the problem being solved. o Proposed algorithm. Design your own algorithm to improve on what is presented in the reference. o Experimental results (your programming part fits here). Use examples to illustrate why and how your scheme works effectively in terms of security. Security analysis. Compare your proposed algorithm with that shown in the reference. o Conclusion and future work. Suggested areas: o Secure mobile payment process o Ubiquitous healthcare data protection o Privacy in mobile government o Security and privacy in cyber physical systems

Marking guide for option 1: Part I Report (20 marks) o Report and programming are in the same topic o What is the PKI, security certificate, revocation o How it delivers security requirements (SSL, CAs) o Programming summary o Your summary and future work o Reference and format 2 marks 4 marks 4 marks 3 marks 3 marks 4 marks

Part II Programming (15 marks) o Users can create their own certificate 3 marks o Read/display the contents of a certificate 2 marks o Only certificate owner manages the keys 3 marks o Certificate manager: Certifying Authority signs a certificate and sends it back to the client. This incorporates some way of managing CAs as well (ie. a central CA list somewhere, how long are certificates valid for) 4 marks o Client can display the certificate and its content to ANY user. 3 Marks Marking guide for option 2: Part I Report (20 marks) o Report and programming are in the same topic o What is the state-of-the-art in the related area o How existing research publications address the vulnerability o How your propose to improve on the security o Programming summary o Your summary and future work o Reference and format Part II Programming (15 marks+ 3 marks bonus) o Implement the algorithm in the main reference o Use examples to illustrate why/how your scheme works o Compare the results: your vs. algorithms in reference The possible improvement to consider: o Have both sides contribute to the session key o Bundle mobile, SIM card information with PIN for authentication Note that: Option 2 is prepared for potential research. Students have the knowledge of research methods are suggested to choose Option 2. You can further explore security component in the area you have investigated. The maximum possible mark is 40: o Basic report o Basic programming o Choose to Design and Implement your own security algorithm o Demonstration on week 11

2 marks 2 marks 3 marks 3 marks 3 marks 3 marks 4 marks

5 marks 8 marks 5 marks

20 marks 15 marks 3 marks 2 marks

You May Also Find These Documents Helpful

  • Good Essays

    This is our first individual assignment for Programming unit this semester. This assignment was given in December 2013, and submission date is on 10th February 2014.…

    • 1859 Words
    • 8 Pages
    Good Essays
  • Powerful Essays

    Exam Final ECOM 320

    • 3983 Words
    • 11 Pages

    Lesson 7: E-commerce security and controls Access control: Mechanism that determines who can legitimately use a network resource. Active tokens: Access token Authentication: Process to verify the real identify of an individual, computer, computer program, or EC website. Authorization: Determines whether a buyers card is active and whether the customer has sufficient funds. Biometric systems: Authentication systems that identify a person by measurement of biological characteristic, such as fingerprints, iris patterns, facial features, or voice. Biometric control: An automated method for verifying the identity of a person based on physical or behavioral characteristics. Botnet: A huge number of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet. Business continuity plan: A plan that keeps the business running after a disaster occurs. Each function in the business should have a valid recovery capability plan. Certificate authority (CA): Third parties that issue digital certificates. Ciphertext: a plaintext message after it has been encrypted into a machine-readable form. Confidentiality: Assurance data privacy and accuracy. Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes. Cybercrime: Intentional crimes carried out on the Internet. Cybercriminal: A person who intentionally carries out crimes over the Internet. Crackers: A malicious hacker who may represent a serious problem for a corporation. Cryptography: is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Data breach: A security incident in which sensitive, protected, or confidential, data is copied transmitted, viewed, stolen, or used by an individual unauthorized to do so. Denial-of-service (DoS) attack: An attack on a website in which an attacker uses specialized software to send a…

    • 3983 Words
    • 11 Pages
    Powerful Essays
  • Satisfactory Essays

    Os Security

    • 369 Words
    • 2 Pages

    1. What are the relative advantages and disadvantages of at least three different measures used to protect operating systems?…

    • 369 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Acc 491 Final Exam Paper

    • 1506 Words
    • 7 Pages

    Ethics. A requirement for passing this course is academic honesty and integrity. Failure to demonstrate honesty and integrity will result in a grade of F. In the case of team assignments team members can collaborate to develop a consensus solution. In the case of take home examinations, the work should be to student’s own work without consultation with other students.…

    • 1506 Words
    • 7 Pages
    Satisfactory Essays
  • Powerful Essays

    1. One barrier to effective eCommerce is security. Author and eBusiness practitioner, Paul May (2000, p.35), describes the World Wide Web as being "inherently insecure" and this insecurity is a "fundamental drawback to its use in a commercial setting". The introduction of the Internet has encouraged growth in areas such as commerce and telecommunications however it has also enabled a new type of crime: computer crime. The infrastructure of the Internet and anonymity of its users make it ideal for offences such as money laundering, hijacking system accounts, piracy and computer viruses (Adam, Dogramaci, Gangopadhyay and Yesha, 1999, p.156). Intangible or intellectual property is highly valuable in the New Economy (Hartley, 2002, p. 162) but continual advances in piracy and computer virus technology makes it very difficult to protect.…

    • 2766 Words
    • 12 Pages
    Powerful Essays
  • Powerful Essays

    Overview on Ipsec

    • 2720 Words
    • 11 Pages

    * It can be seen clearly that the Internet has developed with a very high speed in many recent years. In the 80s of last century, the Internet was only used in US army, but nowadays, the Internet has come to every country, every home and everyone. However, such fast develops also go along with the increasing number of security issues from the Internet. Therefore there is a need to find a security solution for this issue and that is the season why Internet Protocol Securities exists.…

    • 2720 Words
    • 11 Pages
    Powerful Essays
  • Good Essays

    Operating System Security

    • 642 Words
    • 3 Pages

    Security is the most important part of an operating system when it comes to keeping the system and its information safe. There are various aspects to the security piece in an operating system; which are protocols, kernel and encryption. The UNIX/LINIX, Apple and Windows Server 2008 all have protocol, kernel and encryption features. These features need to be enabled to the highest level in order to have the most security for each of these operating systems. Even though some of these features are already enabled to some level by default, the security level still can be raised for more protection. Starting with the UNIX/LINUX versus Apple operating systems, the most secured versions of these operating systems will be used to demonstrate which is more secured. There are two aspects of these operating systems, desktop and server, however we will stay with the desktop versions of these operating systems. This will allow a more forward approach, so that it will be more understandable for the end user. The LINUX Red Hat Enterprise edition offers the most security of any of the other editions of UNIX/LINUX desktop versions. The protocols of this operating system offer some level of security but there are no new approved security measures built into the security stack. This allows hackers/attacker to be able to gain access easier than newer security measures. One of the newest measures of security in LINUX is SELinux this includes enhancements to the kernel in the LINUX operating system. It provides a security measures that enables access control security policies. This level of security also includes MAC (mandatory access controls) which is a government style level of security measure. This kernel security measure is the highest level of security that this operating system has to offer. When looking into the Apple operating system, OS X offers the most protection of any version of Apple operating system. One of the main security…

    • 642 Words
    • 3 Pages
    Good Essays
  • Better Essays

    System Security

    • 1174 Words
    • 5 Pages

    a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.…

    • 1174 Words
    • 5 Pages
    Better Essays
  • Good Essays

    Design and Security

    • 702 Words
    • 2 Pages

    During the testing phase of the user interface, I have found three key areas that showed security risk and vulnerability with the user interface and they are:…

    • 702 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    E Learning

    • 1452 Words
    • 6 Pages

     Describe the major electronic commerce (EC) activities and processes and the mechanisms that support them.…

    • 1452 Words
    • 6 Pages
    Powerful Essays
  • Satisfactory Essays

    CSE 3482 Introduction to Computer Security Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2014 Learning Objectives Upon completion of this material, you should be able to: • Describe the key security requirements of confidentiality, integrity and availability (CIA). • Describe the CNSS security model (McCumber Cube). • Identify today’s most common threats and attacks against information. • Distinguish between different main categories of malware. Required Reading Computer Security, Stallings: Chapter 1…

    • 1155 Words
    • 11 Pages
    Satisfactory Essays
  • Good Essays

    General Computer Security

    • 2174 Words
    • 9 Pages

    The objective of this tutorial is to give an overview of the security process surrounding computer systems. It is aimed at the computer professional who may or may not already have some security background. This tutorial is general in scope. Many of the issues covered here will be examined in more depth in future tutorials.…

    • 2174 Words
    • 9 Pages
    Good Essays
  • Better Essays

    E-commerce networks are prone to external attacks. They present large targets with valuable internal data, such as customer information, credit card numbers and bank accounts, supply chain information, pricing, and so on. They must allow legitimate, worldwide users to connect and interact with the network. Speed is a priority to end users, where long transaction times or slow site navigation will motivate them to move to a different vendor. Security is another priority. Customers must be assured that their privacy and confidential information will remain intact and guarded.…

    • 890 Words
    • 4 Pages
    Better Essays
  • Satisfactory Essays

    Quiz: Security Program

    • 357 Words
    • 2 Pages

    | The main objective of information security is to preserve the availability, integrity, and confidentiality of information and knowledge of an organization.Answer…

    • 357 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    li and fung case study

    • 3870 Words
    • 14 Pages

    Likewise, in the first section of the assignment, those internet issues prevailing in the company which justifies the need to consider the introduction of Information Systems are stated. In the second section, its holistic global supply chain is analysed in order to understand how efficiently it has been making use of the technology. Moreover the pros and cons of using “Bubble-in” and turnkey solutions to build the e-commerce portal are stated from the case study. Finally, the security issues that Li & Fung need to be considered while implementing their e-commerce B2b portal are also dealt.…

    • 3870 Words
    • 14 Pages
    Powerful Essays