Assignment Instructions:
This assignment requires you to analyze a system, identify the cryptographic requirements, and then design a set of solutions to secure the data and the communication within the system. The system to be developed is based on the following scenario:
The ACME Yearbook Company has an existing desktop application that allows customers to create school yearbooks. The desktop application imports a portrait template containing a text document with student and faculty names, grades, and filenames. The filenames identify the yearbook photo for the respective individual. The application then allows the customer to edit the portrait database and design the school’s yearbook, including the ability to import additional photographs and lay out each yearbook page. When the yearbook is completed, the application uploads a data set to the portrait database “in the cloud” and all of the layout data for each yearbook page.
Note: Their previous product used CD ROMSs, and there was no Internet access for development, viewing, or purchase.
The company uses this data set to produce a high-resolution PDF of the yearbook, which is then used to produce the printed hardcopy yearbooks for the school. Additionally, the schools can request electronic copies of the yearbook on CDs for record-keeping or for direct sale to students to accompany their hard copies.
The ACME Yearbook Company has hired you to help them develop an Internet-based product to complement the existing desktop application. Write a report to the company explaining what features need to be added to their product to make it secure.
The Internet-based product should include the following additional features:
Allow all yearbook data to be stored on ACME’s servers, rather than on the customer’s local computer.
Allow the desktop product to be used to edit the yearbook and any new Internet version of the product.
Allow multiple people to edit the yearbook at the same time (including any students who are working on the yearbook).
Allow people to purchase copies of the completed yearbook using a credit card.
Allow a low-resolution PDF of the completed yearbook to be available to the school for proofing. Also, make available a high-resolution PDF that can only be accessed by ACME’s printing facilities and partners.
Security concerns include:
Licensing of the application client on school PCs.
Security for the output designs on the cloud and on CDs.
Secure storage of multiple yearbooks from multiple clients at ACME and in the cloud.
Online purchasing of electronic copies of yearbooks.
Communications security.
You must do the following:
Identify and list RISKS to be addressed.
Design a solution or a solution set.
You do not have to address all of the items below, but here are some possible topics to consider:
Remote access (VPN)
Whole disk encryption
Encrypted flash sticks
E-commerce transactions
Database encryption
Use of hashes (e.g., for checksums, passwords, perhaps even credit card information)
Cloud access security
Digital certificates (at various levels)
DRM for electronic copies of yearbooks
Acceptable use policies regarding the use of company computers, personal computers, and perhaps even use of personal encryption
Identify potential vulnerabilities with your proposed solution. (Note: Not all vulnerabilities can be solved with encryption.)
Finally, in case the company cannot implement all of your suggestions at once, list the features that you recommend and rank order them by importance.
Your design should take into consideration the data storage, data processing, and data communication needs of the system.
It is anticipated that the length of the paper will be 10–12 pages.