Aligned with the "Secure Systems Architectures" module's outcomes, your challenge is to design a robust and secure system architecture for the campu

Aligned with the "Secure Systems Architectures" module's outcomes, your challenge is to design a robust and secure system architecture for the campus ride-sharing app. This design should emphasize principles of confidentiality, integrity, and availability

Report 2: Design and Implementation. (1,500 words approx.)

oPractical Architecture Design: Accompany this section with a comprehensive Component Interaction Diagram detailing the app's security architecture addressing the risks that can be identified based on the previous report (Report 1 Vulnerabilities and Security Controls).

oYour diagram should include at the very least: User Devices, Authentication & Authorization Service, Backend Application Resources and APIs, Database Connections, Third-Party Services & Integrations. Ensure each component and their secure interactions are meticulously represented.

oDepict connections and interactions using arrows to indicate data flow, and additional symbols for security measures.

oDescribe your diagram in 500 words approx. explaining the rationale behind each component's inclusion and how they interact securely in the context of the app.

oIn further 1000 words approx., describe how OWASP vulnerabilities can be used to fortify youre the security of your architecture. You may want to limit your discussion to a maximum of 5 OWASP items for clarity and focus.

2.Marking Criteria

The maximum marks available are 100, divided equally across the learning outcomes, as follows:

Exceptional Excellent Very good Good Satisfactory Unsatisfactory Poor

Vulnerabilities and risk factors research

Displays a good grasp of the subject with an accurate technical vocabulary; addresses core issues, as appropriate for the scenario, such as CIS controls.

Vulnerabilities and risk factors for the given scenario well-identified

Security technologies

Secure system design:architectural principles well applied, appropriate design including relevant protocols, well-executed diagrams, description is clear.

Security mechanisms and controls:correctly used, appropriate to the vulnerabilities previously identified, relevant mechanisms used such as appropriate OWASP controls

Practical deployment considerations

Discussion:features of networks, operating systems, cloud, DevSecOps, social engineering and innovative technologies are consistently evaluated

Critical thinking:Critical thinking applied throughout, arguments are logical and clear, pros and cons are balanced, limitations and alternative solutions are explored

Academic writing skills

Introduction and structure:appropriate sections, well-defined objectives for each section

Researched and referenced:authoritative sources used, clearly referenced

Writingis clear, explicit, specific, well-argued, concise, formal

Reflection:reflective and reflexive skills have been applied

Introduction

With every system comes vulnerabilities that can be exploited, whether intentionally or unintentionally. In this report, the vulnerabilities associated with deploying a secure campus ride-sharing app for students will be explored, focusing on the impact of threats, potential ways to mitigate these vulnerabilities and how to ensure a more secure environment for both the users and system.

Vulnerabilities

Since ridesharing apps involve financial transactions, this can make them vulnerable to cyber-attacks. The harsh reality of this threat was shown in 2022, when an 18-year-old cybercriminal gained access to Ubers internal systems, where they downloaded the financial information from Slack (Shachnow, 2022).

This incident highlights just how significant of a threat cybercriminals are to ride-sharing apps, since one of the largest ride-sharing companies experienced a breach in its internal system security.

Having an insecure payment system can greatly increase the risk of these cyberattacks being performed successfully. If this vulnerability was exploited, it would have a drastic impact on the users of the application. Not only could it cause monetary losses, but it can also cause an overall lack of trust in the application.

This potential attack could be mitigated by ensuring that the application uses a secure and trustworthy payment gateway, as this would add a protective layer to the system. However, given the evolving nature of cyberattacks, regular security assessments should be implemented to stay on top of this issue.

Another potential vulnerability associated with a ride-sharing application is insufficient authorisation and user authentication. If the ride-sharing application is lacking in methods of user verification, it can make user accounts vulnerable to unauthorised access.

This weakness exposes the application to potential attacks such as hackers taking unauthorised trips, financial fraud or even exposing user personal information. Therefore, precautions should be taken to minimise this risk. A good example of a mitigation method is to implement Multi-Factor Authentication (MFA). MFA is a major step forward in ensuring that users are who they claim they are by subjecting them to several security steps. The intention of MFA is to reduce the risk of stolen credentials by granting access based on several weighted elements. It offers an additional defence against these damaging attacks, which can cost organisations millions of dollars (www.otka.com, 2023).

Multi-factor authentication solutions are relatively inexpensive and often extremely easy to deploy (Jones, 2020). Furthermore, it also improves the overall security stance of these apps because it can prevent intruders from accessing accounts and therefore protecting people against possible economic or privacy losses.

Ride-sharing applications are heavily dependent on location-based services to match drivers and passengers. Nevertheless, this dependence brings along a security loophole related to exposure of geolocation data. Geolocation is a technology that determines a users physical location using data acquired from an individuals device (Estes, 2016).

The problem with such a vulnerability is that it affects more than just user privacy. These vulnerabilities could be exploited by stalkers, criminals, or kidnappers who want to track an individuals movements; this fact is particularly alarming for students who may not fully understand or know how to address these risks.

To combat this danger, ride-sharing apps need to put strong encryption on geolocation data at the top of their list of priorities, reduce access to the data, and make clients aware about how important it is for them always check their devices for location sharing settings. Regular security checks should also identify weaknesses in protecting geolocation data.

Prevention of Data Breaches and the Personal Data they Protect

The transmission of personal data through this system is necessary. Drivers need the geolocation of passengers to pick them up, and the financial transactions involved in the system require personal financial information. Due to the severe consequences of data breaches, preventative security measures must be put in place, to minimise both the probability and impact of these security breaches.

If a users location information was to be leaked, this can lead to safety concerns for that person. Unauthorized access to this sensitive information can have severe consequences, including identity theft and stalking (Utilities One, n.d.). To protect user location data, end-to-end user location data encryption could be implemented to protect this information and to enhance the security of data transfer between users and servers (Genetec, n.d.). Performing regular security audits would also be helpful to tackle emerging threats, as cyber-attacks are getting more aggressive and more intelligent by the day (www.entechus.com, n.d.). It is a must to consistently update security measures for this reason.

Users will need to verify their identity to use this app. If a users personal information was made public, it would not only compromise their safety, but it also increases the likelihood of identity theft. The seriousness of identity theft is not to be understated, as according to experts, there is a new victim every 22 seconds (National Council on Identity Theft Protection, 2023). Multi-factor authentication could be implemented to decrease the likelihood of malicious individuals accessing a users personal information. This threat can also be prevented by ensuring that personal data is encrypted during both storage and transmission. This ensures that any stolen data will be indecipherable without a key.

Payment information will be input by the user to initiate transactions for the ride-sharing services. Ensuring that these are secure transactions is necessary to prevent both financial loss and identity theft. If a malicious individual gains another persons payment information, they may be able to make fraudulent transactions. To safeguard user data, its necessary that the data within the transaction remains secure. To ensure this, a secure payment gateway is essential. Secure payment gateways are encryption systems that protect sensitive information (Main, 2023), and can also include fraud detection, further protecting the user from anyone attempting to use their details to make fraudulent purchases on the app.

System Security Mechanisms

CIS Control 1 is a necessary security mechanism for this application. It assists with the tracking and management of all hardware devices on the network. It makes sure that only approved devices are granted access to the servers and that unapproved and unmanaged devices are located and kept from doing so. This would aid confidentiality by preventing unauthorised access to hardware devices which may have sensitive data stored on them. Also, controlling who has access to hardware prevents unauthorised modifications which could compromise the integrity of data. It is also important for maintaining availability, as having properly functioning hardware can prevent system failures/downtime.

Another essential security mechanism for this application is CIS Control 3. CIS Control 3 secures data during storage and transmission by using data protection measures such as encryption. Data protection measures like encryption ensures that sensitive data is only accessible to those who need it, preserving the confidentiality of data. The integrity of data is maintained by preventing unauthorised modifications made to sensitive data and ensuring that data is protected from corruption makes it easier to preserve the availability of critical systems. As customers will rely on this applications services for their day-to-day transport needs, availability is a must.

CIS Control 5 is another very beneficial security mechanism to implement, as it helps with managing user accounts and preventing unauthorised access to both user and admin accounts.