School of Science INTE2401/2402 C loud Security Assignment Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment. Marks awarded for meeting...


School of Science



INTE2401/2402 C
loud Security


Assignment




















Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.





Due date:
11:59pm, 18/Oct/2019; Deadlines will not be advanced but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment for the most up to date information.


As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.





Weighting: 10 marks



1. Overview


Cloud computing has become the mainstay of the IT industry, shaping an on-demand and highly scalable way to allocate the storage and computation resources. Nonetheless, the primary obstacle to the wide adoption of cloud service is the security issue. Data breaches are realistic; revealing the sensitive and valuable data could ruin the reputation of the company, and put the customers’ privacy in danger. Thereby, data encryption is essential when outsourcing the data on cloud server. This course covers the ground-up concepts, techniques and practices in the area of cloud security. The aim of this assignment is for you to gain a hands-on experience on how to develop and use the cryptographic algorithms correctly in practice.


For this assignment, assume that you are a leader in a company’s data security team. Your company owns a database containing the customers’ sensitive data, but has limited resources to archive and process the data. Thus, you wish to leverage the advancement of the storage capacity and computational capability provided by the cloud service. Yet, as the cloud environment cannot be fully trusted, you need to develop a utility program to protect your outsourced dataset. With this project, you aim to demonstrate to your potential customers the following privacy guarantees:



1. Implement a prototype of the Keccak-f[25] function


Your company is able to create a program using the SHA-3 (which uses the permutation Keccak-f[25]) to generate message digests, so as to ensure the integrity of customers’ data (detailed in section 4.1 below).



2. Implement a prototype of the ElGamal cryptosystem


To obtain useful information, your company is able to do computation over the encrypted data using Homomorphic encryption scheme (aka, ElGamal cryptosystem) (see requirements in section 4.2 below).


Note: You must not just “throw in the concepts” to your programs just because they need to be there; it should be clear from the code why a certain concept should be there and you must further explain these through your comments. You will also need debug your code on your own and document any issues, etc. You are given marks on your ability to fulfill all requirements of this document.



There are implementation requirements (8 marks) and documentation requirements (2 marks) for a total of 10 marks.



Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You can get started as soon as the concepts are introduced in lessons.


If there are questions, you must ask via the relevant Canvas discussion forums in a general manner (replicate your problem in a different context in isolation before posting).




2. Assessment Criteria


This assessment will determine your ability to:


1. Understand the relevant concepts and techniques introduced in the lessons.


2. Implement the relevant protocols as utility programs.


3. Write and debug the programs independently.


4. Demonstrate the prototypes properly.


5. Document the prototypes.


6. Ability to provide references where due.


7. Meeting deadlines.


8. Seeking clarification from your “supervisor” (instructor) when needed via discussion forums.


9. Create a program by recalling concepts taught in class, understanding and applying concepts relevant to solution, analysing components of the problem, evaluating different approaches.




3. Learning Outcomes


This assessment is relevant to the following Learning Outcomes:


1. Demonstrate knowledge of cloud security principles and mechanisms.


2. Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure.


3. Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing.


4. Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing.


5. Demonstrate knowledge and skills to prepare for industry cloud security certificate exams e.g. CCSK, CCSP.


6. Communicate clearly and effectively using the technical language of the field correctly.




4. Assessment details


Note: Please ensure that you have read sections 1-3 of this document before going further.


Your prototypes must meet the following requirements of the Keccak-f[25] (section 4.1) and the ElGamal (section 4.2); also refer to corresponding rows in the rubric (section 9).









4.1) Use JavaScript to implement the Keccak-f[25] permutation function, including
12 rounds
of the following functions:


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)




C1. For step mapping, take as input (5×5)-bit binary state and outputs a new (5×5)-bit binary state for mixing bits. The formulas are provided in the lessons.


C2. For step mapping, take the result of step mapping function as input, and outputs a (5×5)-bit state for lane permutation. The formula is provided in the lessons.


C3. For step mapping, take the result of step mapping function as input, and operate independently and in parallel on each row of the state. The formula is provided in the lessons.


C4. For step mapping, convert the round constant (RC) numbers from hexadecimal format to binary. In each round, take as input the lane A[0,0] from the result of step mapping function, choose the corresponding round constant, and XOR them to break the symmetry of. The lookup table of RC numbers is provided in the lessons.


In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.2) Use JavaScript to implement ElGamal including


· Key generation (1 marks)


· Encryption (1 marks)


· Decryption (1 mark)


· Multiplication over encrypted data (1 mark)



D1. Generate prime numbers for the key generation. Based on the given cyclic group, generate the public key and private key in the group.



D2. For encryption, input an integer as the message, generate random integer, and encrypt the message.



D3. Decrypt and output the result.



D4. For multiplication, input 5 integers, multiply their ciphertexts, and decrypt the result.



In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.3) Documentation requirement



E1. Write a report to describe what you have done and what you have observed with
screen shots
whenever necessary. Write comments before code blocks (e.g. before methods, loops, ifs, etc. where you can have { }) and important variable declarations.





5. Referencing guidelines


What: This is an individual assignment and all submitted contents must be your own. If you have used sources of information other than the contents directly under Canvas→Modules, you must give acknowledge the sources and give references using IEEE referencing style.


Where: Add a code comment near the work to be referenced and include the reference in the IEEE style.


How: To generate a valid IEEE style reference, please use the
citethisforme tool
if unfamiliar with this style. Add the detailed reference before any relevant code (within code comments).




6. Submission format


Submit
a .zip file
via Canvas→Assignments→Assignment. The submission has to include your programs, and a report to describe what you have done and what you have observed with
screen shots
whenever necessary. It is the responsibility of the student to correctly submit their files. Please verify that your submission is correctly submitted by downloading what you have submitted to see if the files include the correct contents.




7. Academic integrity and plagiarism (standard warning)


Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:


· Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarised, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,


· Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.


If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.


RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviours, including:


· Failure to properly document a source


· Copyright material from the internet or databases


· Collusion between students


For further information on our policies and procedures, please refer to the
University website.




8. Assessment declaration


When you submit work electronically, youagree to theassessment declaration.








9. Rubric/assessment criteria for marking


Code must be valid, runnable JavaScript to be given a mark (non-compliable code, incomplete code cannot be marked). Run-time errors will incur up to a 50% penalty (run-time errors due to data type mismatches in inputs are acceptable).





































































Inadequate




Partial




Complete
(Uses only the concepts covered in class materials for meeting stated criteria)




C1



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Appropriate input a (5×5)-bit binary state as a matrix.


Correctly performs the column parity on each column based on the exclusive or (XOR) operation.


Correctly performs the combining operation.


Correctly performs the effect based on the XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C2



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the lane permutation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C3



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the bitwise NOT operation on each bit of .


Correctly performs the bitwise AND operation with the bit and the bit .


Correctly performs the bitwise XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C4



Missing/incorrect conversion of the round constant numbers from the hexadecimal format to binary format, implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly chooses the corresponding round constant (RC) number for each round from the lookup table given in the lessons.


Correctly convers the RC from the hexadecimal format to binary format.


Correctly extracts the corresponding bit from the binary RC.


Correctly performs the bitwise XOR operation with the extracted bit of RC and the lane .


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D1



Missing/incorrect primality test, fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For key generation, the prime modulus p is required to be more than 200. Both the prime modulus p and the prime order q should be verified via the primality test.


Correctly uses the fast modular exponentiation algorithm to generate the public key.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D2



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For encryption, inputs an integer as the message m, and randomly chooses the ephemeral key k.


Correctly encrypts the message as the cipertext (c1, c2).




D3



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



Correctly decrypts the ciphertext and outputs the message identical to the input.




D4



More than one of the criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For multiplication, inputs 5 integers, encrypts them, multiplies the encrypted numbers, and decrypts the multiplied number.




E1



Lacks one or more of the ‘partial’ level criteria.



Identifies concepts required and application of each concept is discussed with respect to the overall aims of the program.


Has an even spread of the above near code blocks and important variables in plain English where possible.



Further to ‘partial’ level criteria...


A report to describe what you have done and what you have observed with screen shots whenever necessary.


The report should include the chosen key, plaintext, and demonstration data.


Evaluates strategies used to meet requirements and compares the quality of one approach to another approach. Has an even spread of the above near code blocks and important variables in plain English possible.



School of Science



INTE2401/2402 C
loud Security


Assignment




















Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.





Due date:
11:59pm, 18/Oct/2019; Deadlines will not be advanced but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment for the most up to date information.


As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.





Weighting: 10 marks



1. Overview


Cloud computing has become the mainstay of the IT industry, shaping an on-demand and highly scalable way to allocate the storage and computation resources. Nonetheless, the primary obstacle to the wide adoption of cloud service is the security issue. Data breaches are realistic; revealing the sensitive and valuable data could ruin the reputation of the company, and put the customers’ privacy in danger. Thereby, data encryption is essential when outsourcing the data on cloud server. This course covers the ground-up concepts, techniques and practices in the area of cloud security. The aim of this assignment is for you to gain a hands-on experience on how to develop and use the cryptographic algorithms correctly in practice.


For this assignment, assume that you are a leader in a company’s data security team. Your company owns a database containing the customers’ sensitive data, but has limited resources to archive and process the data. Thus, you wish to leverage the advancement of the storage capacity and computational capability provided by the cloud service. Yet, as the cloud environment cannot be fully trusted, you need to develop a utility program to protect your outsourced dataset. With this project, you aim to demonstrate to your potential customers the following privacy guarantees:



1. Implement a prototype of the Keccak-f[25] function


Your company is able to create a program using the SHA-3 (which uses the permutation Keccak-f[25]) to generate message digests, so as to ensure the integrity of customers’ data (detailed in section 4.1 below).



2. Implement a prototype of the ElGamal cryptosystem


To obtain useful information, your company is able to do computation over the encrypted data using Homomorphic encryption scheme (aka, ElGamal cryptosystem) (see requirements in section 4.2 below).


Note: You must not just “throw in the concepts” to your programs just because they need to be there; it should be clear from the code why a certain concept should be there and you must further explain these through your comments. You will also need debug your code on your own and document any issues, etc. You are given marks on your ability to fulfill all requirements of this document.



There are implementation requirements (8 marks) and documentation requirements (2 marks) for a total of 10 marks.



Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You can get started as soon as the concepts are introduced in lessons.


If there are questions, you must ask via the relevant Canvas discussion forums in a general manner (replicate your problem in a different context in isolation before posting).




2. Assessment Criteria


This assessment will determine your ability to:


1. Understand the relevant concepts and techniques introduced in the lessons.


2. Implement the relevant protocols as utility programs.


3. Write and debug the programs independently.


4. Demonstrate the prototypes properly.


5. Document the prototypes.


6. Ability to provide references where due.


7. Meeting deadlines.


8. Seeking clarification from your “supervisor” (instructor) when needed via discussion forums.


9. Create a program by recalling concepts taught in class, understanding and applying concepts relevant to solution, analysing components of the problem, evaluating different approaches.




3. Learning Outcomes


This assessment is relevant to the following Learning Outcomes:


1. Demonstrate knowledge of cloud security principles and mechanisms.


2. Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure.


3. Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing.


4. Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing.


5. Demonstrate knowledge and skills to prepare for industry cloud security certificate exams e.g. CCSK, CCSP.


6. Communicate clearly and effectively using the technical language of the field correctly.




4. Assessment details


Note: Please ensure that you have read sections 1-3 of this document before going further.


Your prototypes must meet the following requirements of the Keccak-f[25] (section 4.1) and the ElGamal (section 4.2); also refer to corresponding rows in the rubric (section 9).









4.1) Use JavaScript to implement the Keccak-f[25] permutation function, including
12 rounds
of the following functions:


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)




C1. For step mapping, take as input (5×5)-bit binary state and outputs a new (5×5)-bit binary state for mixing bits. The formulas are provided in the lessons.


C2. For step mapping, take the result of step mapping function as input, and outputs a (5×5)-bit state for lane permutation. The formula is provided in the lessons.


C3. For step mapping, take the result of step mapping function as input, and operate independently and in parallel on each row of the state. The formula is provided in the lessons.


C4. For step mapping, convert the round constant (RC) numbers from hexadecimal format to binary. In each round, take as input the lane A[0,0] from the result of step mapping function, choose the corresponding round constant, and XOR them to break the symmetry of. The lookup table of RC numbers is provided in the lessons.


In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.2) Use JavaScript to implement ElGamal including


· Key generation (1 marks)


· Encryption (1 marks)


· Decryption (1 mark)


· Multiplication over encrypted data (1 mark)



D1. Generate prime numbers for the key generation. Based on the given cyclic group, generate the public key and private key in the group.



D2. For encryption, input an integer as the message, generate random integer, and encrypt the message.



D3. Decrypt and output the result.



D4. For multiplication, input 5 integers, multiply their ciphertexts, and decrypt the result.



In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.3) Documentation requirement



E1. Write a report to describe what you have done and what you have observed with
screen shots
whenever necessary. Write comments before code blocks (e.g. before methods, loops, ifs, etc. where you can have { }) and important variable declarations.





5. Referencing guidelines


What: This is an individual assignment and all submitted contents must be your own. If you have used sources of information other than the contents directly under Canvas→Modules, you must give acknowledge the sources and give references using IEEE referencing style.


Where: Add a code comment near the work to be referenced and include the reference in the IEEE style.


How: To generate a valid IEEE style reference, please use the
citethisforme tool
if unfamiliar with this style. Add the detailed reference before any relevant code (within code comments).




6. Submission format


Submit
a .zip file
via Canvas→Assignments→Assignment. The submission has to include your programs, and a report to describe what you have done and what you have observed with
screen shots
whenever necessary. It is the responsibility of the student to correctly submit their files. Please verify that your submission is correctly submitted by downloading what you have submitted to see if the files include the correct contents.




7. Academic integrity and plagiarism (standard warning)


Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:


· Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarised, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,


· Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.


If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.


RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviours, including:


· Failure to properly document a source


· Copyright material from the internet or databases


· Collusion between students


For further information on our policies and procedures, please refer to the
University website.




8. Assessment declaration


When you submit work electronically, youagree to theassessment declaration.








9. Rubric/assessment criteria for marking


Code must be valid, runnable JavaScript to be given a mark (non-compliable code, incomplete code cannot be marked). Run-time errors will incur up to a 50% penalty (run-time errors due to data type mismatches in inputs are acceptable).





































































Inadequate




Partial




Complete
(Uses only the concepts covered in class materials for meeting stated criteria)




C1



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Appropriate input a (5×5)-bit binary state as a matrix.


Correctly performs the column parity on each column based on the exclusive or (XOR) operation.


Correctly performs the combining operation.


Correctly performs the effect based on the XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C2



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the lane permutation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C3



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the bitwise NOT operation on each bit of .


Correctly performs the bitwise AND operation with the bit and the bit .


Correctly performs the bitwise XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C4



Missing/incorrect conversion of the round constant numbers from the hexadecimal format to binary format, implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly chooses the corresponding round constant (RC) number for each round from the lookup table given in the lessons.


Correctly convers the RC from the hexadecimal format to binary format.


Correctly extracts the corresponding bit from the binary RC.


Correctly performs the bitwise XOR operation with the extracted bit of RC and the lane .


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D1



Missing/incorrect primality test, fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For key generation, the prime modulus p is required to be more than 200. Both the prime modulus p and the prime order q should be verified via the primality test.


Correctly uses the fast modular exponentiation algorithm to generate the public key.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D2



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For encryption, inputs an integer as the message m, and randomly chooses the ephemeral key k.


Correctly encrypts the message as the cipertext (c1, c2).




D3



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



Correctly decrypts the ciphertext and outputs the message identical to the input.




D4



More than one of the criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For multiplication, inputs 5 integers, encrypts them, multiplies the encrypted numbers, and decrypts the multiplied number.




E1



Lacks one or more of the ‘partial’ level criteria.



Identifies concepts required and application of each concept is discussed with respect to the overall aims of the program.


Has an even spread of the above near code blocks and important variables in plain English where possible.



Further to ‘partial’ level criteria...


A report to describe what you have done and what you have observed with screen shots whenever necessary.


The report should include the chosen key, plaintext, and demonstration data.


Evaluates strategies used to meet requirements and compares the quality of one approach to another approach. Has an even spread of the above near code blocks and important variables in plain English possible.



School of Science



INTE2401/2402 C
loud Security


Assignment




















Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.





Due date:
11:59pm, 18/Oct/2019; Deadlines will not be advanced but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment for the most up to date information.


As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.





Weighting: 10 marks



1. Overview


Cloud computing has become the mainstay of the IT industry, shaping an on-demand and highly scalable way to allocate the storage and computation resources. Nonetheless, the primary obstacle to the wide adoption of cloud service is the security issue. Data breaches are realistic; revealing the sensitive and valuable data could ruin the reputation of the company, and put the customers’ privacy in danger. Thereby, data encryption is essential when outsourcing the data on cloud server. This course covers the ground-up concepts, techniques and practices in the area of cloud security. The aim of this assignment is for you to gain a hands-on experience on how to develop and use the cryptographic algorithms correctly in practice.


For this assignment, assume that you are a leader in a company’s data security team. Your company owns a database containing the customers’ sensitive data, but has limited resources to archive and process the data. Thus, you wish to leverage the advancement of the storage capacity and computational capability provided by the cloud service. Yet, as the cloud environment cannot be fully trusted, you need to develop a utility program to protect your outsourced dataset. With this project, you aim to demonstrate to your potential customers the following privacy guarantees:



1. Implement a prototype of the Keccak-f[25] function


Your company is able to create a program using the SHA-3 (which uses the permutation Keccak-f[25]) to generate message digests, so as to ensure the integrity of customers’ data (detailed in section 4.1 below).



2. Implement a prototype of the ElGamal cryptosystem


To obtain useful information, your company is able to do computation over the encrypted data using Homomorphic encryption scheme (aka, ElGamal cryptosystem) (see requirements in section 4.2 below).


Note: You must not just “throw in the concepts” to your programs just because they need to be there; it should be clear from the code why a certain concept should be there and you must further explain these through your comments. You will also need debug your code on your own and document any issues, etc. You are given marks on your ability to fulfill all requirements of this document.



There are implementation requirements (8 marks) and documentation requirements (2 marks) for a total of 10 marks.



Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You can get started as soon as the concepts are introduced in lessons.


If there are questions, you must ask via the relevant Canvas discussion forums in a general manner (replicate your problem in a different context in isolation before posting).




2. Assessment Criteria


This assessment will determine your ability to:


1. Understand the relevant concepts and techniques introduced in the lessons.


2. Implement the relevant protocols as utility programs.


3. Write and debug the programs independently.


4. Demonstrate the prototypes properly.


5. Document the prototypes.


6. Ability to provide references where due.


7. Meeting deadlines.


8. Seeking clarification from your “supervisor” (instructor) when needed via discussion forums.


9. Create a program by recalling concepts taught in class, understanding and applying concepts relevant to solution, analysing components of the problem, evaluating different approaches.




3. Learning Outcomes


This assessment is relevant to the following Learning Outcomes:


1. Demonstrate knowledge of cloud security principles and mechanisms.


2. Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure.


3. Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing.


4. Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing.


5. Demonstrate knowledge and skills to prepare for industry cloud security certificate exams e.g. CCSK, CCSP.


6. Communicate clearly and effectively using the technical language of the field correctly.




4. Assessment details


Note: Please ensure that you have read sections 1-3 of this document before going further.


Your prototypes must meet the following requirements of the Keccak-f[25] (section 4.1) and the ElGamal (section 4.2); also refer to corresponding rows in the rubric (section 9).









4.1) Use JavaScript to implement the Keccak-f[25] permutation function, including
12 rounds
of the following functions:


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)




C1. For step mapping, take as input (5×5)-bit binary state and outputs a new (5×5)-bit binary state for mixing bits. The formulas are provided in the lessons.


C2. For step mapping, take the result of step mapping function as input, and outputs a (5×5)-bit state for lane permutation. The formula is provided in the lessons.


C3. For step mapping, take the result of step mapping function as input, and operate independently and in parallel on each row of the state. The formula is provided in the lessons.


C4. For step mapping, convert the round constant (RC) numbers from hexadecimal format to binary. In each round, take as input the lane A[0,0] from the result of step mapping function, choose the corresponding round constant, and XOR them to break the symmetry of. The lookup table of RC numbers is provided in the lessons.


In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.2) Use JavaScript to implement ElGamal including


· Key generation (1 marks)


· Encryption (1 marks)


· Decryption (1 mark)


· Multiplication over encrypted data (1 mark)



D1. Generate prime numbers for the key generation. Based on the given cyclic group, generate the public key and private key in the group.



D2. For encryption, input an integer as the message, generate random integer, and encrypt the message.



D3. Decrypt and output the result.



D4. For multiplication, input 5 integers, multiply their ciphertexts, and decrypt the result.



In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.3) Documentation requirement



E1. Write a report to describe what you have done and what you have observed with
screen shots
whenever necessary. Write comments before code blocks (e.g. before methods, loops, ifs, etc. where you can have { }) and important variable declarations.





5. Referencing guidelines


What: This is an individual assignment and all submitted contents must be your own. If you have used sources of information other than the contents directly under Canvas→Modules, you must give acknowledge the sources and give references using IEEE referencing style.


Where: Add a code comment near the work to be referenced and include the reference in the IEEE style.


How: To generate a valid IEEE style reference, please use the
citethisforme tool
if unfamiliar with this style. Add the detailed reference before any relevant code (within code comments).




6. Submission format


Submit
a .zip file
via Canvas→Assignments→Assignment. The submission has to include your programs, and a report to describe what you have done and what you have observed with
screen shots
whenever necessary. It is the responsibility of the student to correctly submit their files. Please verify that your submission is correctly submitted by downloading what you have submitted to see if the files include the correct contents.




7. Academic integrity and plagiarism (standard warning)


Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:


· Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarised, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,


· Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.


If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.


RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviours, including:


· Failure to properly document a source


· Copyright material from the internet or databases


· Collusion between students


For further information on our policies and procedures, please refer to the
University website.




8. Assessment declaration


When you submit work electronically, youagree to theassessment declaration.








9. Rubric/assessment criteria for marking


Code must be valid, runnable JavaScript to be given a mark (non-compliable code, incomplete code cannot be marked). Run-time errors will incur up to a 50% penalty (run-time errors due to data type mismatches in inputs are acceptable).





































































Inadequate




Partial




Complete
(Uses only the concepts covered in class materials for meeting stated criteria)




C1



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Appropriate input a (5×5)-bit binary state as a matrix.


Correctly performs the column parity on each column based on the exclusive or (XOR) operation.


Correctly performs the combining operation.


Correctly performs the effect based on the XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C2



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the lane permutation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C3



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the bitwise NOT operation on each bit of .


Correctly performs the bitwise AND operation with the bit and the bit .


Correctly performs the bitwise XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C4



Missing/incorrect conversion of the round constant numbers from the hexadecimal format to binary format, implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly chooses the corresponding round constant (RC) number for each round from the lookup table given in the lessons.


Correctly convers the RC from the hexadecimal format to binary format.


Correctly extracts the corresponding bit from the binary RC.


Correctly performs the bitwise XOR operation with the extracted bit of RC and the lane .


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D1



Missing/incorrect primality test, fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For key generation, the prime modulus p is required to be more than 200. Both the prime modulus p and the prime order q should be verified via the primality test.


Correctly uses the fast modular exponentiation algorithm to generate the public key.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D2



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For encryption, inputs an integer as the message m, and randomly chooses the ephemeral key k.


Correctly encrypts the message as the cipertext (c1, c2).




D3



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



Correctly decrypts the ciphertext and outputs the message identical to the input.




D4



More than one of the criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For multiplication, inputs 5 integers, encrypts them, multiplies the encrypted numbers, and decrypts the multiplied number.




E1



Lacks one or more of the ‘partial’ level criteria.



Identifies concepts required and application of each concept is discussed with respect to the overall aims of the program.


Has an even spread of the above near code blocks and important variables in plain English where possible.



Further to ‘partial’ level criteria...


A report to describe what you have done and what you have observed with screen shots whenever necessary.


The report should include the chosen key, plaintext, and demonstration data.


Evaluates strategies used to meet requirements and compares the quality of one approach to another approach. Has an even spread of the above near code blocks and important variables in plain English possible.



vSchool of Science



INTE2401/2402 C
loud Security


Assignment




















Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.





Due date:
11:59pm, 18/Oct/2019; Deadlines will not be advanced but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment for the most up to date information.


As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.





Weighting: 10 marks



1. Overview


Cloud computing has become the mainstay of the IT industry, shaping an on-demand and highly scalable way to allocate the storage and computation resources. Nonetheless, the primary obstacle to the wide adoption of cloud service is the security issue. Data breaches are realistic; revealing the sensitive and valuable data could ruin the reputation of the company, and put the customers’ privacy in danger. Thereby, data encryption is essential when outsourcing the data on cloud server. This course covers the ground-up concepts, techniques and practices in the area of cloud security. The aim of this assignment is for you to gain a hands-on experience on how to develop and use the cryptographic algorithms correctly in practice.


For this assignment, assume that you are a leader in a company’s data security team. Your company owns a database containing the customers’ sensitive data, but has limited resources to archive and process the data. Thus, you wish to leverage the advancement of the storage capacity and computational capability provided by the cloud service. Yet, as the cloud environment cannot be fully trusted, you need to develop a utility program to protect your outsourced dataset. With this project, you aim to demonstrate to your potential customers the following privacy guarantees:



1. Implement a prototype of the Keccak-f[25] function


Your company is able to create a program using the SHA-3 (which uses the permutation Keccak-f[25]) to generate message digests, so as to ensure the integrity of customers’ data (detailed in section 4.1 below).



2. Implement a prototype of the ElGamal cryptosystem


To obtain useful information, your company is able to do computation over the encrypted data using Homomorphic encryption scheme (aka, ElGamal cryptosystem) (see requirements in section 4.2 below).


Note: You must not just “throw in the concepts” to your programs just because they need to be there; it should be clear from the code why a certain concept should be there and you must further explain these through your comments. You will also need debug your code on your own and document any issues, etc. You are given marks on your ability to fulfill all requirements of this document.



There are implementation requirements (8 marks) and documentation requirements (2 marks) for a total of 10 marks.



Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You can get started as soon as the concepts are introduced in lessons.


If there are questions, you must ask via the relevant Canvas discussion forums in a general manner (replicate your problem in a different context in isolation before posting).




2. Assessment Criteria


This assessment will determine your ability to:


1. Understand the relevant concepts and techniques introduced in the lessons.


2. Implement the relevant protocols as utility programs.


3. Write and debug the programs independently.


4. Demonstrate the prototypes properly.


5. Document the prototypes.


6. Ability to provide references where due.


7. Meeting deadlines.


8. Seeking clarification from your “supervisor” (instructor) when needed via discussion forums.


9. Create a program by recalling concepts taught in class, understanding and applying concepts relevant to solution, analysing components of the problem, evaluating different approaches.




3. Learning Outcomes


This assessment is relevant to the following Learning Outcomes:


1. Demonstrate knowledge of cloud security principles and mechanisms.


2. Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure.


3. Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing.


4. Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing.


5. Demonstrate knowledge and skills to prepare for industry cloud security certificate exams e.g. CCSK, CCSP.


6. Communicate clearly and effectively using the technical language of the field correctly.




4. Assessment details


Note: Please ensure that you have read sections 1-3 of this document before going further.


Your prototypes must meet the following requirements of the Keccak-f[25] (section 4.1) and the ElGamal (section 4.2); also refer to corresponding rows in the rubric (section 9).









4.1) Use JavaScript to implement the Keccak-f[25] permutation function, including
12 rounds
of the following functions:


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)


· step mapping (1 mark)




C1. For step mapping, take as input (5×5)-bit binary state and outputs a new (5×5)-bit binary state for mixing bits. The formulas are provided in the lessons.


C2. For step mapping, take the result of step mapping function as input, and outputs a (5×5)-bit state for lane permutation. The formula is provided in the lessons.


C3. For step mapping, take the result of step mapping function as input, and operate independently and in parallel on each row of the state. The formula is provided in the lessons.


C4. For step mapping, convert the round constant (RC) numbers from hexadecimal format to binary. In each round, take as input the lane A[0,0] from the result of step mapping function, choose the corresponding round constant, and XOR them to break the symmetry of. The lookup table of RC numbers is provided in the lessons.


In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.2) Use JavaScript to implement ElGamal including


· Key generation (1 marks)


· Encryption (1 marks)


· Decryption (1 mark)


· Multiplication over encrypted data (1 mark)



D1. Generate prime numbers for the key generation. Based on the given cyclic group, generate the public key and private key in the group.



D2. For encryption, input an integer as the message, generate random integer, and encrypt the message.



D3. Decrypt and output the result.



D4. For multiplication, input 5 integers, multiply their ciphertexts, and decrypt the result.



In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvas→Discussions→’Assignment’ when in doubt.












4.3) Documentation requirement



E1. Write a report to describe what you have done and what you have observed with
screen shots
whenever necessary. Write comments before code blocks (e.g. before methods, loops, ifs, etc. where you can have { }) and important variable declarations.





5. Referencing guidelines


What: This is an individual assignment and all submitted contents must be your own. If you have used sources of information other than the contents directly under Canvas→Modules, you must give acknowledge the sources and give references using IEEE referencing style.


Where: Add a code comment near the work to be referenced and include the reference in the IEEE style.


How: To generate a valid IEEE style reference, please use the
citethisforme tool
if unfamiliar with this style. Add the detailed reference before any relevant code (within code comments).




6. Submission format


Submit
a .zip file
via Canvas→Assignments→Assignment. The submission has to include your programs, and a report to describe what you have done and what you have observed with
screen shots
whenever necessary. It is the responsibility of the student to correctly submit their files. Please verify that your submission is correctly submitted by downloading what you have submitted to see if the files include the correct contents.




7. Academic integrity and plagiarism (standard warning)


Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:


· Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarised, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,


· Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.


If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.


RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviours, including:


· Failure to properly document a source


· Copyright material from the internet or databases


· Collusion between students


For further information on our policies and procedures, please refer to the
University website.




8. Assessment declaration


When you submit work electronically, youagree to theassessment declaration.








9. Rubric/assessment criteria for marking


Code must be valid, runnable JavaScript to be given a mark (non-compliable code, incomplete code cannot be marked). Run-time errors will incur up to a 50% penalty (run-time errors due to data type mismatches in inputs are acceptable).





































































Inadequate




Partial




Complete
(Uses only the concepts covered in class materials for meeting stated criteria)




C1



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Appropriate input a (5×5)-bit binary state as a matrix.


Correctly performs the column parity on each column based on the exclusive or (XOR) operation.


Correctly performs the combining operation.


Correctly performs the effect based on the XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C2



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the lane permutation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C3



Missing/incorrect implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly performs the bitwise NOT operation on each bit of .


Correctly performs the bitwise AND operation with the bit and the bit .


Correctly performs the bitwise XOR operation.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




C4



Missing/incorrect conversion of the round constant numbers from the hexadecimal format to binary format, implementation of step mapping function,


OR some criteria in the ‘complete’ level missing/incorrect.



Any one operation of the criteria in the ‘complete’ level missing/incorrect.



Correctly chooses the corresponding round constant (RC) number for each round from the lookup table given in the lessons.


Correctly convers the RC from the hexadecimal format to binary format.


Correctly extracts the corresponding bit from the binary RC.


Correctly performs the bitwise XOR operation with the extracted bit of RC and the lane .


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D1



Missing/incorrect primality test, fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For key generation, the prime modulus p is required to be more than 200. Both the prime modulus p and the prime order q should be verified via the primality test.


Correctly uses the fast modular exponentiation algorithm to generate the public key.


Demonstrates understanding of above functions whenever necessary. Above demonstrated as a part of meeting overall functional aims of program.




D2



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For encryption, inputs an integer as the message m, and randomly chooses the ephemeral key k.


Correctly encrypts the message as the cipertext (c1, c2).




D3



Missing/incorrect use of the fast modular exponentiation algorithm,


OR some criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



Correctly decrypts the ciphertext and outputs the message identical to the input.




D4



More than one of the criteria in the ‘complete’ level missing/incorrect.



One of the ‘complete’ level criteria not met but demonstrated as a part of meeting overall functional aims of program.



For multiplication, inputs 5 integers, encrypts them, multiplies the encrypted numbers, and decrypts the multiplied number.




E1



Lacks one or more of the ‘partial’ level criteria.



Identifies concepts required and application of each concept is discussed with respect to the overall aims of the program.


Has an even spread of the above near code blocks and important variables in plain English where possible.



Further to ‘partial’ level criteria...


A report to describe what you have done and what you have observed with screen shots whenever necessary.


The report should include the chosen key, plaintext, and demonstration data.


Evaluates strategies used to meet requirements and compares the quality of one approach to another approach. Has an even spread of the above near code blocks and important variables in plain English possible.



Oct 12, 2021INTE2401
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here