INTE2401/2402 Cloud Security

Overview

The objective of Assignment 3 is to evaluate your knowledge of the topics covered mainly from Lectures 9 to 11. Topics include Data Privacy Protection Techniques, AWS Identity Management and Database Security, and AWS VPN and Firewall Practices. However, topics covered in Lectures 1 to 8 are required as prerequisites. Assignment 3 will focus on developing your abilities in the application of knowledge, critical analysis, decision making, and using AWS security services. Assignment 3 contains several problems related to the topics mentioned above. You are required to prepare your answers and programming codes, and videos and upload them as a single zip file in CANVAS.

In this assignment, there are 4 (four) questions in total.

Question Q1 is about how to protect cloud data privacy with Homomorphic Encryption. To protect our data privacy in the cloud and meanwhile allow the cloud server to process our data, the best solution is to use a homomorphic encryption scheme, e.g., the Paillier encryption scheme, to protect our data in the cloud. In this question, you are expected to understand how homomorphic encryption techniques can be used to protect your data privacy in Cloud and analyze data privacy.

Question Q2 is about Key Recovery with Shamir Secret Sharing. In Question Q1, the decryption key of homomorphic encryption is required when decrypting the ciphertexts downloaded from the cloud. If you lost your decryption key, you would lose all of your data stored in the cloud. In this question, you are expected to use Shamir's secret sharing scheme to recover your decryption key of homomorphic encryption.

Question 3 is about Secure Data Management via Amazon S3. Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. In this question, you are expected to demonstrate your understanding of how to create three secure buckets in Amazon S3 to keep the data from the three departments of a company, respectively.

Question Q4 is about AWS Virtual Private Network (AWS VPN). AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS resources in your on-premises network. With Client VPN, you can access your resources from any location using an OpenVPN-based VPN client. Client VPN offers the following features and functionality: secure connections, authentication, granular control, ease of use and etc. In this question, you are expected to demonstrate your understanding of how to create an AWS VPN server for a company and allow the staff of the company to get access to the AWS VPN server and then AWS VPC.