Bai Tap
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Bai Tap as PDF for free.
More details
- Words: 1,062
- Pages: 4
SW3 Project of Autumn 2007 September 2, 2007 Abstract In the Autumn semester of 2007, SW3 students are required to work on the project described in this document. It imposes a well-defined set of requirements on the students. The general SW3 guidelines are in operation (Section 3.1.3 of http://www.math.aau.dk/f-sn/338-f07/softwbach 2005 sept2007.html). This document is organized as follows. Section 1 gives an overview of the system to be implemented and tested. Section 2 lists system requirements. Section 3 introduces the Enigma machine to be incorporated in the system, and provides sources for relevant information on Enigma.
1
Student Assessment System Overview
The topic of the semester project is to implement and test a web-based secure student assessment system. Such a system is used by both a school and parents/guardians. A school teacher is able to write assessment texts into the system for students she educates. Each student can have assessments from multiple teachers who are in charge of different subjects. Whereas a parent or guardian is able to login the system and view assessments for her child(ren) or the kid(s) under her guardianship. However, such assessments are ciphered when they are input into the system, and therefore a parent or guardian need to decipher them before they she can read the actual contents. Also, there is a system administrator role who is responsible for user account management and security maintenance. All encrypted assessment texts, together with all other information, are stored in a database on the web server side. The encryption component should be implemented using the Enigma machine (See Section 3 for an introduction to it, where further references are also given).
2
System Requirements
All system requirements are sorted into three categories: requirements on general issues, requirements on security aspect, and requirements on user interface.
1
2.1 2.1.1
General Requirements Teacher Role
Each teacher maintains a set of encryption keys. They login the system with user names and passwords provided by the system administrator, and write assessment in texts for their students. In particular, teachers can: 1. Login and logout the system. 2. Write assessment for a selected student. 3. Store but not release the assessment for a student. 4. Modify/delete the stored assessment for a student. 5. Release the (stored) assessment for a student. 2.1.2
Parent/Guardian Role
A parent or guardian also needs user name and password to get the encrypted texts for her kid. Furthermore, she has the corresponding encryption key so that she can read the encrypted assessment texts. Note here it is a double privacy protection: access control plus encryption. This is justified in that access control alone may not be enough for privacy protection. Encryption will act as the protector against spies in case that access control is either hacked or abused. In particular, parents/guardians can: 1. Login and logout the system. 2. View assessments for her kid(s). 2.1.3
System Administrator Role
The system administrator is in charge of the user account management and security maintenance. In particular, the administrator can: 1. Login and logout the system. 2. Create/delete/modify account information. 3. Maintain code book and dispatch encryption keys. 4. View the access log, i.e., who did what at what time.
2.2
Security Requirements
1. Assessment for any student should only be viewed by that student’s parent(s) or guardian(s). 2. No original (not ciphered) assessment texts are released by any teacher.
2
3. A parent or guardian needs to decipher the assessment text so that she can know the contents. 4. The code book should be updated and old encryption keys should be replaced with new ones, either on a periodic basis or on demand. 5. All access activities should be logged, in the format “who did what at what time”. All log records are accessible to the system administrator only.
2.3
User Interface Requirements
Different user interfaces are required for three different system roles. All of these user interfaces should be web-based, i.e., accessible from a web browser. For a teacher, the web interface should provide a login page and then redirect to another page that displays all the students she has. On this page, assessment functionalities are required: (a) write assessment for a student, (b) store but not release assessment, (c) modify stored assessment, (d) delete stored assessment, and (e) release assessment. For a parent or guardian, the web interface should provide a login page and then redirect to another page that displays all encrypted assessment texts of her kid. That page should also provide the functionality of reading encrypted texts. For the system administrator, the web interface should provide a login page and then redirect to another page that provides two options: user account management and security maintenance. Either option will lead to its own specific web page. Please note that usability is NOT a main concern of this project. This means that students are not expected to make efforts on creating fancy GUIs. Instead, standard HTML page elements like plain text fields and radio buttons are enough and appropriate to accomplish the user interface requirements.
3
Introduction to Enigma Encryption
For privacy, assessment texts should not be stored in plain text but in ciphered text. The cipher to be used is the WWII German Enigma. David Hamer outlines the history of the machine as follows (http://www.eclipse.net/∼dhamer/Enigma1.htm): The German Enigma is surely the best known of the WW2 cipher machines used by either side in the conflict. Invented in 1918, it was developed as both a commercial and military encipherment system before and during the war. Enigma is an electro-mechanical device that utilizes a stepping wheel system to scramble a plaintext message to produce ciphertext via polyalphabetic substitution. Potentially, the number of ciphertext alphabets is astronomically large a fact that led the German military authorities to believe, wrongly as it turned out, in the absolute security of this cipher system. 3
The Enigma is of interest to Software Engineering students is because they can exercise their project management techniques and skills on an example where functional requirements are largely fixed: the software artifact must be able to encode and decode messages. For the purpose of testing and debugging, we recommend the artifact can operate both in graphical and command-line mode. Relevant sources of information are listed as follows. • http://en.wikipedia.org/wiki/Enigma machine • http://homepages.tesco.net/andycarlson/enigma/enigma j.html • http://www.simonsingh.com/Crypto Links.html • F. L. Bauer. Decrypted Secrets: Methods and Maxims of Cryptology. Springer, 1996. ISBN 3540604189.
4
1
Student Assessment System Overview
The topic of the semester project is to implement and test a web-based secure student assessment system. Such a system is used by both a school and parents/guardians. A school teacher is able to write assessment texts into the system for students she educates. Each student can have assessments from multiple teachers who are in charge of different subjects. Whereas a parent or guardian is able to login the system and view assessments for her child(ren) or the kid(s) under her guardianship. However, such assessments are ciphered when they are input into the system, and therefore a parent or guardian need to decipher them before they she can read the actual contents. Also, there is a system administrator role who is responsible for user account management and security maintenance. All encrypted assessment texts, together with all other information, are stored in a database on the web server side. The encryption component should be implemented using the Enigma machine (See Section 3 for an introduction to it, where further references are also given).
2
System Requirements
All system requirements are sorted into three categories: requirements on general issues, requirements on security aspect, and requirements on user interface.
1
2.1 2.1.1
General Requirements Teacher Role
Each teacher maintains a set of encryption keys. They login the system with user names and passwords provided by the system administrator, and write assessment in texts for their students. In particular, teachers can: 1. Login and logout the system. 2. Write assessment for a selected student. 3. Store but not release the assessment for a student. 4. Modify/delete the stored assessment for a student. 5. Release the (stored) assessment for a student. 2.1.2
Parent/Guardian Role
A parent or guardian also needs user name and password to get the encrypted texts for her kid. Furthermore, she has the corresponding encryption key so that she can read the encrypted assessment texts. Note here it is a double privacy protection: access control plus encryption. This is justified in that access control alone may not be enough for privacy protection. Encryption will act as the protector against spies in case that access control is either hacked or abused. In particular, parents/guardians can: 1. Login and logout the system. 2. View assessments for her kid(s). 2.1.3
System Administrator Role
The system administrator is in charge of the user account management and security maintenance. In particular, the administrator can: 1. Login and logout the system. 2. Create/delete/modify account information. 3. Maintain code book and dispatch encryption keys. 4. View the access log, i.e., who did what at what time.
2.2
Security Requirements
1. Assessment for any student should only be viewed by that student’s parent(s) or guardian(s). 2. No original (not ciphered) assessment texts are released by any teacher.
2
3. A parent or guardian needs to decipher the assessment text so that she can know the contents. 4. The code book should be updated and old encryption keys should be replaced with new ones, either on a periodic basis or on demand. 5. All access activities should be logged, in the format “who did what at what time”. All log records are accessible to the system administrator only.
2.3
User Interface Requirements
Different user interfaces are required for three different system roles. All of these user interfaces should be web-based, i.e., accessible from a web browser. For a teacher, the web interface should provide a login page and then redirect to another page that displays all the students she has. On this page, assessment functionalities are required: (a) write assessment for a student, (b) store but not release assessment, (c) modify stored assessment, (d) delete stored assessment, and (e) release assessment. For a parent or guardian, the web interface should provide a login page and then redirect to another page that displays all encrypted assessment texts of her kid. That page should also provide the functionality of reading encrypted texts. For the system administrator, the web interface should provide a login page and then redirect to another page that provides two options: user account management and security maintenance. Either option will lead to its own specific web page. Please note that usability is NOT a main concern of this project. This means that students are not expected to make efforts on creating fancy GUIs. Instead, standard HTML page elements like plain text fields and radio buttons are enough and appropriate to accomplish the user interface requirements.
3
Introduction to Enigma Encryption
For privacy, assessment texts should not be stored in plain text but in ciphered text. The cipher to be used is the WWII German Enigma. David Hamer outlines the history of the machine as follows (http://www.eclipse.net/∼dhamer/Enigma1.htm): The German Enigma is surely the best known of the WW2 cipher machines used by either side in the conflict. Invented in 1918, it was developed as both a commercial and military encipherment system before and during the war. Enigma is an electro-mechanical device that utilizes a stepping wheel system to scramble a plaintext message to produce ciphertext via polyalphabetic substitution. Potentially, the number of ciphertext alphabets is astronomically large a fact that led the German military authorities to believe, wrongly as it turned out, in the absolute security of this cipher system. 3
The Enigma is of interest to Software Engineering students is because they can exercise their project management techniques and skills on an example where functional requirements are largely fixed: the software artifact must be able to encode and decode messages. For the purpose of testing and debugging, we recommend the artifact can operate both in graphical and command-line mode. Relevant sources of information are listed as follows. • http://en.wikipedia.org/wiki/Enigma machine • http://homepages.tesco.net/andycarlson/enigma/enigma j.html • http://www.simonsingh.com/Crypto Links.html • F. L. Bauer. Decrypted Secrets: Methods and Maxims of Cryptology. Springer, 1996. ISBN 3540604189.
4
