COURSEWORK ASSESSMEN
T SPECIFICATION
|
Module Title: |
Network Security |
|
Module Number: |
LD7007 |
|
Module
Tutor Name(s): |
xxxxxxxxxxx |
|
Academic Year: |
2020-21 |
|
%
Weighting (to overall module): |
30% GROUP WORK |
|
Coursework Title: |
SSL PKI Implementation
& Threat Modelling |
|
Average
Study Time Required by Student |
40 hours to complete assignment |
|
Date
of Handout to Students:
28/09/2020
|
|
Mechanism for Handout to Students:
Blackboard |
|
Date and Time of Submission by
Student:
Date 12/01/2021 (15:59 hours) |
|
Mechanism for Submission of Work by
Student:
The reports must be submitted via the Turnitin
link published on eLP. |
|
Date by which Work, Feedback and Marks
will be returned to Students:
Within 20 working days after submission of this assignment
|
|
Mechanism for return of assignment
work, feedback and marks to students:
Feedback
and marks to be provided via Blackboard to the students.
|
Learning Outcomes tested in this assessment:
The following learning outcomes will be assessed by
this assignment:
·
Apply
appropriate theory, practices and tools to the design/development of network
security solutions.
·
Critically
evaluate the legal, ethical and social implications of security
Introduction
In this task you will create a Certification Authority (CA) which will
act as a subordinate Enterprise Certification Authority to issue certificates
to users and computers for an organisation called Hexad0m. An offline root
Certification Authority is expected to be installed and configured to establish
the fundamentals in the PKI architecture to serve as an issuer to your
subordinate CA. You will also demonstrate a comprehensive threat model against
two categories, namely identity spoofing and CA threats as part of your
analysis. The group is advised to use a Windows 2012 server and any machine to
perform the attacks against the system. Groups are free to completely
virtualise the testing environment.
Assignment
Tasks:
Your work
must be presented in the form of a Project Report and be no longer than 4500 words (excl. references, figures,
tables and appendices) plus a facing page that includes the executive
summary. This should be typed on A4
paper and use a font size Arial 10 single spacing. For completeness, you may if you wish include
additional material in an appendix but this will not contribute to the marks.
Section 1: SSL PKI Design & Implementation
The technical requirements
are listed as follows:
1.
Install
and configure an offline Root Certification Authority
2.
Install
and issue a Certification Authority
3.
Configure
the appropriate certificate templates of the issuing CA
4.
Check the
revocation status of certificates by installing and configuring an online
responder
5.
Create a
fully operational TLS-enabled Web page and observe encrypted traffic
6.
Demonstrate
at least two (2) attacks against your PKI infrastructure in alignment with the
two (2) threat categories outlined in Section 2.
Section 2: SSL PKI Threat Modelling & Ethical
Considerations
The non-technical Requirements
are listed as follows:
1. SSL PKI
threat model: Identify the threats,
attacks arising from the proposed description of the SSL PKI security issues
raised in your design/proposal. Create and discuss a taxonomy of those threats
relevant to your design and propose suitable mitigation plans with clear
references to the literature. You are required to threat model only against
identity spoofing and certificate authority threats using a standardised
methodology to identify and rank the threats identified.
2. Threat
Ranking: Define, adopt and validate
the appropriate method to rank threats in SSL PKI architecture.
3. Threat
mitigation Plan: A detailed threat
mitigation plan is also required as part of your deliverables. Clear evidence
of a systematic approach taken to validate threats identified must be clearly
articulated as part of your analysis.
4. PKI
Risks: Critically discuss at least
two (2) significant risks of PKI and link these to privacy. What kind of
ethical and legal concerns are raised by the adaptation of PKI in Industry 4.0
for the authentication of IoT devices?
Project
Deliverables: Written Group Report (max 3 students per group)
Project Report: The project report should provide your design and
recommendations for the planned exercise. Please pay attention to the following
points in designing your PKI security solution and preparation of report; at
its basic form, the report should be structured as follows:
1.
Executive Summary: Provide an executive summary [~150 words]
2.
Introduction: An introduction using appropriate information and problem statement
from the team. [~200 words]
3.
SSL PKI Design & Implementation: In this section you address all technical
requirements in Section 1 of the brief with a clear articulation of the process
followed to achieve the outcomes requested. [~1500 words, excl. figures,
diagrams and tables]
4.
SSL PKI threat modelling & Ethical
Considerations: This section must include a
systematic approach on the identification of threats, methodologies used to
rank them and a detailed mitigation plan against the threat vectors given in
the brief. You should also discuss ethical and legal implications by the
adaptation of PKI in the authentication of “things” in IoT. [~2500 words excl.
figures and tables]
5.
Conclusion: Design recommendations, summary of key points/findings from your
investigation [~150 words]
IMPORTANT
NOTE: The project report must be
based on academic references. Please use IEEE explore, ACM, ELSEVIER databases
for references related to threat models, security technologies, cloud computing
etc. CAUTION: Merely selecting an
existing UC technology from the market without addressing the project
deliverables will result in a very low mark. A single file submission must be
made ONLY by a delegated group member including any appendices, tables,
diagrams, etc (No word limitation for appendices). Feedback will be distributed
to all group members as appropriate.
Assessment criteria
|
Assessment Criteria Section |
Possible marks |
Actual Marks |
|
Executive Summary |
5 |
|
|
Introduction
|
5 |
|
|
SSL PKI Design & Implementation
|
45 |
|
|
SSL PKI Threat Modeling & Ethical Considerations ·
SSL PKI
Threat modelling approach (threat identification, validation) ·
PKI
security issues/attacks relevant to the case with discussion ·
Threat
mitigation plan(s) ·
Critical
discussion on ethical and legal issues |
35 |
|
|
Conclusion
|
5 |
|
|
References |
5 |
|
|
Marks deducted in case of poorly structured
reports, layout, word count (15 marks) |
|
|
|
Total |
100 |
|
Academic Integrity Statement
You must adhere to the university regulations on academic
conduct. Formal inquiry proceedings will be instigated if there is any
suspicion of plagiarism or any other form of misconduct in your work. Refer to
the University’s Assessment Regulations for Northumbria Awards if you are
unclear as to the meaning of these terms. The latest copy is available on the
University website.
Formative Feedback
There will be an opportunity for formative feedback during
the semester. You are advised to start working on this assignment as early as
possible so that you can seek clarification from the module tutor regarding any
questions you might have during the semester. Note that tutors will not predict
your grade, and you should not take the lack of comment on any aspect of your
work as indicating that it is correct. You should make every effort to take
advantage of formative feedback as tutors will not comment on draft work at
other times. Remember that you will get more useful feedback from us by asking
specific questions.
Penalties for Exceeding Word Limits:
The actual word count is to be declared on the front of the
assessment submission. If a given task has a word limit, the following
penalties will be applied after any reductions in mark due to late submission
have been made, Penalties will be applied as defined in the University Policy
on Word Limits Policy.
Late Submission Policy:
For coursework submitted up to 1 working day (24 hours)
after the published hand-in deadline without approval, 10% of the total marks
available for the assessment (i.e.100%) shall be deducted from the assessment
mark. Penalties will be applied as defined in the University Policy on the Late
submission work.
For
clarity: a late piece of work that would have scored 65%, 55% or 45%
had it been handed in on time will be awarded 55%, 45% or 35% respectively as
10% of the total available marks will have been deducted.
Failure
to submit: The University requires all students to submit assessed
coursework by the deadline stated in the assessment brief. Where coursework is submitted without
approval after the published hand-in deadline, penalties will be applied as
defined in the University Policy on the Late Submission of Work.
https://www.northumbria.ac.uk/about-us/university-services/academic-registry/quality-and-teaching-excellence/assessment/guidance-for-students/
0 comments:
Post a Comment