INTE2401/2402 Cloud Security - Assignment 3

1. Overview

The objective of Assignment 3 is evaluating your knowledge on the topics covered mainly from Lecture 9 to 11. Topics include Data Privacy Protection Techniques, AWS Identity Management and Database Security, and AWS VPN and Firewall Practices. However, topics covered from Lecture 1 to 8 are required as prerequisite. Assignment 3 will focus on developing your abilities in application of knowledge, critical analysis, decision making and using AWS security services. Assignment 3 contains several problems related to the topics mentioned above. You are required to prepare your answers and programming codes, videos and upload them as a single zip file in CANVAS.

In this assignment, there are 4 (four) questions in total.

Question Q1 is about how to protect cloud data privacy with Homomorphic Encryption. To protect our data privacy in cloud and meanwhile allow the cloud server to process our data, the best solution is using homomorphic encryption scheme, e.g., Paillier encryption scheme, to protect our data in the cloud. In this question, you are expected to understand how homormphic encrytion technique can be used to protect your data privacy in Cloud and analyse data privacy. 

Question Q2 is about Key Recovery with Shamir Secret Sharing. In Question Q1, the decryption key of homomorphic encryption is required when decrypting the ciphertexts downloaded from the cloud. If you lost your decryption key, you would lose all of your date stored in the cloud.  In this question, you are expected to use Shamir’s secret sharing scheme to recover your decryption key of homomorphic encryption.

Question 3 is about Secure Data Management via Amazon S3. Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. In this question, you are expected to demonstrate your understanding of how to create three secure buckets in Amazon S3 to keep the data from the three departments of a company, respectively. 

Question Q4 is about AWS Virtual Private Network (AWS VPN). AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS resources in your on-premises network. With Client VPN, you can access your resources from any location using an OpenVPN-based VPN client. Client VPN offers the following features and functionality: secure connections, authentication, granular control, ease of use and etc. In this question, you are expected to demonstrate your understanding of how to create an AWS VPN server for a company and allow the staff of the  company to get access to the AWS VPN server and then AWS VPC.

Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture 9 (in Week 9). At the end of each week starting from Week 9 to Week 11, you should be able to solve at least one question.

If there are questions, you may ask via the relevant Canvas discussion forums in a general manner.

2. Learning Outcomes

This assessment is relevant to the following Learning Outcomes:

• Demonstrate knowledge of cloud security principles and mechanisms
• Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure
• Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing
• Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing
• Demonstrate knowledge and skills to prepare for industry cloud security certificate exams, e.g. CCSK, CCSP.
• Communicate clearly and effectively using the technical language of the field correctly.

3. Submission

You must follow the following special instructions:

• You must use the values provided in the questions.
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word).
• You are required to show all of the steps and intermediate results for each question.
• For Questions 3 and 4, use screen shots to show clearly the outcome of each step you took to arrive at your answers. And, also include videos to demonstrate your configurations.
• Upload your answers together with programming codes and videos as a single zip file in CANVAS.

This assessment will determine your ability to:

• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using security concepts, principles and mechanisms taught over the course.
• Meeting deadlines.

After the due date, you will have 5 business days to submit your assignment as a late submission. Late submissions will incur a penalty of 10% per day. After these five days, Canvas will be closed and you will lose ALL the assignment marks.

4. Assessment details

Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q4) are provided in the next page.

Q1. Data Privacy Protection with Homomorphic Encryption (Marks: 2+2+2+2+2=10)                                                                                                                  

Q2. Key Recovery with Secret Sharing (Marks: 2+2+2+2+2=10)                                                                                                                  

 Q3. Secure Data Management via Amazon S3 (Marks: 2+2+2+2+2=10)  

 Q4.  Create AWS Client Virtual Private Network (Marks: 1+1+1+1+1=5)

5. Academic integrity and plagiarism (standard warning)

Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:

• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods.
• Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.

If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including:

• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students

For further information on our policies and procedures, please refer to the University website.