5. Secure System Design (25 marks) In a privileged membership club, there are sole facilities provided...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
5. Secure System Design (25 marks) In a privileged membership club, there are sole facilities provided for their members exclusively, such as restaurants and massage. Each of these facilities is operated by different business owners, who are paid by the owner of the club, who is also taking membership fees from its members. Hence, these facilities will allow exclusive club members only to access them and enjoy the service provided. To provide this benefit to the members, the club issues a membership card that is used to identify each member's identity. Meanwhile, the facilities are also expected to prevent the sensitive customer information from being exposed to the facility operators (business owners). As a club member, he/she may have different roles when using various facilities. The club server grants proper permissions and informs the facility provider. Such roles are entitled to many club members. System architecture is as follows. Gold member Silver member Sauna service Restaurant Internet Club server System requirement: provide secure user authentication and authorisation between a member and the club server. Security requirements are as follows. Provide secure user authentication. Provide perfect forward secrecy Withstand replay, DoS, man-in-the-middle, eavesdropping attacks. System limitations are as follows: A membership card CAN store some secret values for authentication purposes, while it CANNOT be connected to the Internet at any time. The network connection between the business owner and the club server is through the public (insecure) network. During authentication, a membership card is the only input from the user side. For example, a user cannot type any characters or digits. Business owners (other than the club) are NOT trusted by the client nor the club. They might be an (insider) adversary. Your Task: Design a system to archive the system and security requirements. a. In order to establish secure communication, there are three phases: user authentication, authorization, and key establishment. In what order of these three phases should be conducted? (2.5 marks) b. What kind of information should be stored on a membership card for authentication? (2.5 marks) c. Design (a brief description) a security mechanism for key establishment and user authentication phases. The design should satisfy the security requirements if an item is applicable. Justify your answers. (15 marks) d. For user authorization, we may consider the access control models such as ACM, BLP, Biba and RBAC (role-based access control). Which one of the access control models would be better in this scenario? Why? (5 marks) 5. Secure System Design (25 marks) In a privileged membership club, there are sole facilities provided for their members exclusively, such as restaurants and massage. Each of these facilities is operated by different business owners, who are paid by the owner of the club, who is also taking membership fees from its members. Hence, these facilities will allow exclusive club members only to access them and enjoy the service provided. To provide this benefit to the members, the club issues a membership card that is used to identify each member's identity. Meanwhile, the facilities are also expected to prevent the sensitive customer information from being exposed to the facility operators (business owners). As a club member, he/she may have different roles when using various facilities. The club server grants proper permissions and informs the facility provider. Such roles are entitled to many club members. System architecture is as follows. Gold member Silver member Sauna service Restaurant Internet Club server System requirement: provide secure user authentication and authorisation between a member and the club server. Security requirements are as follows. Provide secure user authentication. Provide perfect forward secrecy Withstand replay, DoS, man-in-the-middle, eavesdropping attacks. System limitations are as follows: A membership card CAN store some secret values for authentication purposes, while it CANNOT be connected to the Internet at any time. The network connection between the business owner and the club server is through the public (insecure) network. During authentication, a membership card is the only input from the user side. For example, a user cannot type any characters or digits. Business owners (other than the club) are NOT trusted by the client nor the club. They might be an (insider) adversary. Your Task: Design a system to archive the system and security requirements. a. In order to establish secure communication, there are three phases: user authentication, authorization, and key establishment. In what order of these three phases should be conducted? (2.5 marks) b. What kind of information should be stored on a membership card for authentication? (2.5 marks) c. Design (a brief description) a security mechanism for key establishment and user authentication phases. The design should satisfy the security requirements if an item is applicable. Justify your answers. (15 marks) d. For user authorization, we may consider the access control models such as ACM, BLP, Biba and RBAC (role-based access control). Which one of the access control models would be better in this scenario? Why? (5 marks)
Expert Answer:
Related Book For
International Marketing And Export Management
ISBN: 9781292016924
8th Edition
Authors: Gerald Albaum , Alexander Josiassen , Edwin Duerr
Posted Date:
Students also viewed these computer network questions
-
Image transcription text Module 5 Discussion A' Instructions: This discussion will be completed in two parts, and will give you an opportunity to reect upon this week's content and to interact with...
-
Due to acid rain, the percentage of lakes in Scandinavia that lost their population of brown trout increased dramatically between 1940 and 1975. Based on a sample of 2850 lakes, this percentage can...
-
Wright Water Co. is a leading producer of greenhouse irrigation systems. Currently, the company manufactures the timer unit used in each of its systems. Based on an annual production of 50,000...
-
Write solubility product expressions for the following compounds. a. Ba3(PO4)2 b. FePO4 c. PbI2 d. Ag2S
-
Define the five traditional functional business units.
-
Planned Pethood Plus, Inc., is a veterinarian-owned clinic. It borrowed $389,000 from KeyBank at an interest rate of 9.3 percent per year for ten years. The loan had a prepayment penalty clause that...
-
1. Evaluate how technology can provide the public with critical information during an incident. Provide at least two examples. 2. Discuss how technology can provide critical information in support of...
-
Which statement concerning TQM in services is false a Service quality often depends upon the courtesy of the sales person b Service quality often depends upon how problems are handled c Service...
-
what is the difference between Indigenous theatre and European Theatre with example
-
How can a domain name infringe some other persons trademark?
-
Think about someone whom you find to be an excellent speaker. What makes this speaker excellent? How does he or she structure introductions and conclusions? Does he or she give attention to language...
-
Find a YouTube video of a global multimedia presentation (e.g., TED Talk, RSA speech). Write a brief summary about how one of your personal speech designs might be altered when tailored to a global...
-
What are the legal consequences of violating Canadas anti-spam legislation?
-
Have you ever seen a speaker reading a speech? What was your impression of that speaker? How did you feel as an audience member?
-
a. Provide a business table comparison of the two companies (CT Signage (Bozz) Technology Co Ltd and Shenzhen Joyhong Technology Co Ltd (COMPANIES) specific product: picture frameworks) b. What is...
-
Suppose the market is semistrong form efficient. Can you expect to earn excess returns if you make trades based on? a. Your brokers information about record earnings for a stock? b. Rumors about a...
-
Go to the library and search out print media (i.e., magazine and newspaper) advertising by a company, or one of its products or brands in different countries. Does this company use standardized or...
-
Introduction Dell, Inc. was the worlds market leader in personal computers using direct sales through the Internet and over the telephone until 2005. In 2006, it experienced an unexpected decline in...
-
In the decade of the 2010s, the plans and operations of Avon Inc. in marketing, research, and manufacturing throughout Asia are still being affected by actions taken after a 1998 meeting. The US...
-
How are products and services different?
-
Why is place important in the marketing mix?
-
How is technology changing the work of pricing strategists?
Study smarter with the SolutionInn App