CS代考 F21CN: Computer Network Security CW2 2021/22

F21CN: Computer Network Security CW2 2021/22
F21CN:计算机网络安全
断续 器
Assessed Paired Coursework 2 — Digital Notary
评估配对课程 2 — 数字公证
Copyright © 2021 , Heriot-Watt University, Edinburgh. Copyright © 2018 , Heriot-Watt University, Edinburgh.
版权所有 © 2021 ,爱丁堡赫瑞瓦特大学。版权所有 © 2018 Learning Outcomes
学H习a成mi果sh Taylor,爱丁堡赫瑞瓦特大学。

• • • •
This assessed coursework is for MSc students taking F21CN. It is worth 25% of the overall coursemark for Computer Network Security. It is one of two pieces of assessed coursework for this course.
该评估课程适用于参加 F21CN 的理学硕士学生。它占计算机网络安全课程总分的 25%。它是本课程的两部分评估课程之 一。
This coursework is an exercise in creating, using X.509 and PGP certificates. It involves developing anapplication that can be securely used to digitally record and verify signatories to a document. The application is capable of recording a set of signatures to a given document. Each signatory would have provided a signature of a given document using their own PGP certificate; the set of signato- ries is then signed using a X.509 certificate which would have been specifically set for the document.The application is capable of verifying the set of signatures to a given document. The application is certified by a local Certification Authority (CA) which is also certifying the document’s certificate.
本课程是使用 X.509 和 PGP 证书创建的练习。它涉及开发一个应用程序,该应用程序可以安全地用于以数字方式记录和验 证文档的签署人。该应用程序能够记录给定文档的一组签名。每个签名者都可以使用自己的 PGP 证书提供给定文件的签名; 然后使用专门为文档设置的 X.509 证书对签名者集进行签名。该应用程序能够验证给定文档的签名集。该应用程序由当地认 证机构 (CA) 认证,该机构也认证文件的证书。
Context of use: the application is to be used by a Notary to witness signatures on documents. The application should be implemented as a commandline client/server application with the notary server distributing document, public certificate, signatory certification on request and accepting individual signature. The application can also be implemented with no network interface and therefor working on the commandline locally only, see Section 6 for the implication of not including a network interfaceto the application. You are expected to add and document your own extra features such as managing update to the documents, or GUI. 使用环境:公证人将使用该应用程序来见证文件上的签名。该应用程序应作为命令行客户端/服务器应用程序实现,公证服务 器分发文件、公共证书、签名认证请求并接受个人签名。该应用程序也可以在没有网络接口的情况下实现,因此仅在本地命 令行上工作,请参阅部分 6 因为不包括应用程序的网络接口的含义。您需要添加和记录您自己的额外功能,例如管理对文 档或 GUI 的更新。
The choice of programming language to implement this application is left to the pair. You can choosebetween Java and Python. If you want to use another programming language, please get agreement from the lecturer first. The learning objective of this coursework is for you to become familiar with the concepts of certificates and signatures. The work should be done in pairs. However, pairs of stu- dents also have to join together with other pairs to form a wider group of people who are prepared to sign each other’s certificates. It is recommended that the pairs do their collaborative work using the University and MACS systems: Teams, Word Online, GitLab Student1. 实现该应用程序的编程语言的选择由两人决定。您可以在 Java 和 Python 之间进行选择。如果您想使用其他编程语言,请 先征得讲师的同意。本课程的学习目标是让您熟悉证书和签名的概念。工作应成对进行。但是,成对的学生也必须与其他成 对的学生一起组成一个更广泛的准备签署彼此证书的人。建议两人使用大学和 MACS 系统进行协作:Teams、Word Online、 GitLab Student 1 .
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30
1
Practical experience of analysing, designing, implementing and validating solutions to computer network securitychallenges using common network security tools and formal methods.
使用常见的网络安全工具和形式方法分析、设计、实施和验证计算机网络安全挑战的解决方案的实践经验。
Ability to deal with complex issues and make informed judgements about network security in the absence of com-plete or consistent data.
在缺乏完整或一致数据的情况下,能够处理复杂的问题并对网络安全做出明智的判断。
Exercise substantial autonomy and initiative in addressing computer network security challenges.
在应对计算机网络安全挑战方面行使充分的自主权和主动性。
Showing initiative and team working skills in shared computer network security application development.
在共享计算机网络安全应用程序开发中表现出主动性和团队合作能力。
Demonstrate critical reflection on network security issues.
展示对网络安全问题的批判性反思。
Overview
概述

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续
2 Tasks
任务
Each member of a pair should perform the following tasks:
一对中的每个成员都应执行以下任务:
1http://gitlab-student.macs.hw.ac.uk/

Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续

(i) Createoneself-signedPGPcertificateandprivatekey.
创建一个自签名 PGP 证书和私钥。
(ii) With the wider group of students, hold virtual key party(ies) for members to sign each other’s OpenPGP certificates.
与更广泛的学生群体一起,为成员举行虚拟密钥派对,以签署彼此的 OpenPGP 证书。
(iii) Create a plain text document2; create a new X.509 certificate and private key; get it signed by your pair’s CA that you created for task (1); sign the document using the new certificate; with the wider group of students, share the document, the X.509 certificate, and the signature.
创建纯文本文档 2 ;创建新的 X.509 证书和私钥;由您为任务创建的对的 CA 签名 (1) ;使用新证书签署文件;与 更广泛的学生群体共享文档、X.509 证书和签名。
(iv) Using your PGP private key, sign documents shared by other students; share the signatures to the wider group of students.
使用您的 PGP 私钥,签署其他学生共享的文件;将签名分享给更广泛的学生群体。
Each pair should perform the following tasks:
每对应该执行以下任务:
(1) Create a local CA run by the pair (the local CA should be given a suitable X.500 name and have a self-signed X.509 certificate created for it; it may be appropriate to take steps to ensurethat this certificate has the basic constraint extension set on it to identify it as a CA certifi-cate).
创建由该对运行的本地 CA(应为本地 CA 提供合适的 X.500 名称并为其创建自签名 X.509 证书;采取措施确保该 证书具有基本的在其上设置约束扩展以将其标识为 CA 证书)。
(2) Form a group with at least one other pair of students and do group activities:
与至少一对其他学生组成一个小组并进行小组活动:
(a) Exerciseduediligenceinusingkeytosignotherpairs’certificatesusingyourlocalCA.
在使用本地 CA 使用密钥签署其他对的证书时进行尽职调查。
(b) Get your pair’s certificate signed by at least one other pairs’ local CA.
获得至少一对其他对的本地 CA 签署的对的证书。
(3) Write an application to record and verify signatures to a given document such as the documentsand signatures shared in tasks (iii) and (iv). The application should have two modes of use: record to certify a list of signatories to a document, and verify to verify such list of signa- tories with the corresponding X.509 and PGP certificates. 编写一个应用程序来记录和验证给定文档的签名,例如任务中共享的文档和签名 (iii) 和 (iv) .应用程序应该有两 种使用模式:记录来证明文件的签署人名单,以及用相应的 X.509 和 PGP 证书验证这样的签署人名单。
(4) Sign the application with the private key corresponding either to the pair’s X.509 certificate orone of the member’s PGP certificate.
使用与该对的 X.509 证书或成员的 PGP 证书之一相对应的私钥对应用程序进行签名。
(5) Demonstrateyourapplicationworkscorrectlyusingarecordedvideo.Submitpairreport,sourcecodeand demonstration, and individual reports (see Section 3). 使用录制的视频演示您的应用程序正常工作。提交结对报告、源代码和演示以及个人报告(请参阅部分 3 ).
X.509 certificates should have a sensible X.500 name. PGP certificates should have sensible identi- fiers of your owner and include at least an e-mail address and a small photograph of them. Studentsshould exercise due diligence in key parties when signing each other’s PGP certificates.
X.509 证书应该有一个合理的 X.500 名称。 PGP 证书应该具有您所有者的合理标识符,并且至少包括一个电子邮件地址 和一张他们的小照片。学生在签署彼此的 PGP 证书时应在关键方面进行尽职调查。
3 Reports and Demonstration Recording
报告和演示录音
A pair report (up to 8 pages) should be jointly3 written and submitted, it should:
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续
器 成对报告(最多 8 页)应联合 3 书面和提交,它应该:
1. succinctly describe the project — what your pair did and what you produced, include an intro-duction section, discussing what you expect to learn from the assignment in general (and for each task), and describe the environment that you used to complete the tasks (e.g., what ma-chines, software and versions) 简洁地描述项目——你们两人做了什么和你做了什么,包括介绍部分,讨论你期望从任务中学到什么(和每个任 务),并描述你用来完成任务的环境(例如,什么机器,软件和版本)
2Userespectfulplaintextdocument,ifyoudonothaveadocumentathand,youcanpickyourfavouritequotefromNCSC’s email security guidance: https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing
2使用尊重的纯文本文档,如果您手头没有文档,您可以从 NCSC 的电子邮件安全指南中选择您最喜欢的引用: https://www.ncsc.gov.uk/collection/email- security-and-anti-spoofing
3Marks will be given based on each pair’s demonstration and written submissions. Pair members may also elect to
3分数将根据每对的演示和书面提交给出。配对成员也可以选择
be individually assessed, but need to inform the lecturer at least two weeks before the deadline.
单独评估,但需要在截止日期前至少两周通知讲师。
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续

2. list certificates, source files and code along with a brief account of how it works (prior and after revocations), use either screenshots or just cut-and-paste the command line with the responses, documenting the steps taken on each of the tasks above 列出证书、源文件和代码,并简要说明其工作原理(撤销之前和撤销之后),使用屏幕截图或仅将命令行与响应剪切 并粘贴,记录对上述每个任务所采取的步骤
3. explain any observations that are interesting or surprising, document any difficulties that youmet while doing any of the tasks.
解释任何有趣或令人惊讶的观察结果,记录您在执行任何任务时遇到的任何困难。
An individual report (up to 2 pages) should be individually written and submitted, it should: 个人报告(最多 2 页)应单独撰写和提交,它应该:
1. include an account of who did what on your pair work, give a percentage estimate
包括谁在你的配对工作中做了什么的说明,给出一个百分比估计
2. critically discuss the proposed security solution in terms of its security policy, threat model anda risk assessment of how well the deployed security measures mitigate threats4 批判性地讨论提议的安全解决方案的安全策略、威胁模型以及对部署的安全措施减轻威胁的程度的风险评估 4
3. in particular, discuss the impact of performing these activities partially or fully virtually.A pair
demonstration recording (up to 5 minutes), it should:
尤其要讨论部分或完全以虚拟方式执行这些活动的影响。一对演示录音(最多5分钟),它应该:
• involve both members of the pair 涉及这对的两个成员
• be a screencast 做一个截屏视频
• demonstrate the use of the application 演示应用程序的使用
• explain the main elements of the source code of the application 解释应用程序源代码的主要元素
For the pair demonstration, we recommend you use Teams to record a meeting where you would shareyour screen(s). Such recording is then available on Microsoft Stream where you can do simple trim- ming if necessary. You can then download locally the recording to upload it on Canvas.
对于配对演示,我们建议您使用 Teams 录制您将共享屏幕的会议。然后可以在 Microsoft Stream 上使用此类记录,如果需要, 您可以在其中进行简单的修剪。然后,您可以将录音下载到本地并将其上传到 Canvas。
4 Note on plagiarism and collusion
关于抄袭和串通的注意事项
This is a group coursework and you are expected to work in pairs to complete the coursework tasks.Your coursework submissions will be automatically checked for plagiarism. Here are some further points to take into consideration (here, your refers to the pair of students in the group): 这是一个小组课程作业,您需要结对完成课程作业任务。您提交的课程作业将被自动检查是否存在抄袭。以下是一些需要 考虑的进一步要点(这里,您指的是小组中的一对学生):
• Coursework reports must be written in your own words and any code in your coursework must be your own code. If some text or code in the coursework has been taken from other sources, these sources must be properly referenced. 课程作业报告必须用您自己的话编写,课程作业中的任何代码都必须是您自己的代码。如果课程作业中的某些文本 或代码来自其他来源,则必须正确引用这些来源。
• Failure to reference work that has been obtained from other sources or to copy the words and/orcode of others is plagiarism and if detected, this will be reported to the School’s Discipline Committee. If a student is found guilty of plagiarism, the penalty could involve voiding the course.
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续
器 未能参考从其他来源获得的作品或复制他人的文字和/或代码是抄袭,如果发现,将向学校纪律委员会报告。如果学生
被判抄袭,处罚可能包括取消课程。
• Students must never give hard or soft copies of their coursework reports or code to others. Stu-dents must always refuse any request from others for a copy of their report and/or code. 学生不得将课程报告或代码的硬拷贝或软拷贝提供给他人。学生必须始终拒绝其他人索取其报告和/或代码副本的任 何请求。
• Sharing a coursework report and/or code with other students is collusion, and if detected, this will be reported to the School’s Discipline Committee. If found guilty of collusion, the penalty could involve voiding the course. 与其他学生共享课程报告和/或代码属于串通行为,如果被发现,将向学校纪律委员会报告。如果发现串通有罪,处 罚可能包括取消课程。
4Note that this last item differs in the assessment of F20CN and F21CN. Pairs may be composed of F20CN andF21CN students. 4请注意,最后一项在 F20CN 和 F21CN 的评估中有所不同。配对可能由 F20CN 和 F21CN 学生组成。
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续

And remember: the consequences of taking unacceptable short cuts in coursework are much worse than getting a bad mark (or even no marks) on a piece of coursework. There has been one case this year where a student was awarded on Ordinary degree (rather than an Honoursdegree) because of the sanction imposed by the University’s Discipline Committee. The offencewas plagiarism of coursework. 请记住:在课程作业中采取不可接受的捷径的后果比在一项课程作业上获得不良分数(甚至没有分数)更糟糕。今年 曾发生过一起学生因大学纪律委员会的制裁而被授予普通学位(而不是荣誉学位)的案例。罪名是剽窃课程作业。
Further information on academic misconduct can be found in: https://www.hw.ac.uk/students/ doc/discguidelines.pdf
有关学术不端行为的更多信息,请参见: https://www.hw.ac.uk/students/ 文档/光盘指南.pdf
Submission
提交
The written reports, demonstration recording, URL to the pair’s GitLab Student project must be sub-mitted on Canvas. Each report must be submitted as a single file. Include a summary/conclusion sec-tion, where you discuss whether your expectations were met, highlighting issues of particular impor- tance, what you learned, and suggesting further work. 书面报告、演示录音、两人的 GitLab 学生项目的 URL 必须在 Canvas 上提交。每份报告必须作为一个文件提交。包括一个 总结/结论部分,您可以在其中讨论是否满足您的期望,突出特别重要的问题,您学到了什么,并建议进一步的工作。
Your coursework is due to be submitted by 3:30pm on Tuesday 30th of November, 2021. 您的课程作业将于 2021 年 11 月 30 日(星期二)下午 3:30 之前提交。
The course applies the University’s coursework policy.
该课程适用大学的课程作业政策。
• No individual extension for coursework submissions. 课程作业提交没有单独的扩展。
• Deduction of 30% from the mark awarded for up to 5 working days late submission. 延迟提交最多 5 个工作日,从获得的分数中扣除 30%。
• Submission more than 5 working days late will not get a mark. 逾期 5 个工作日以上提交将不计分。
• If you have mitigating circumstances for an extension, talk to your Personal Tutor and submit aMitigating Circumstances (MC) form online5. 如果您有延期的缓解情况,请与您的私人导师交谈并在线提交缓解情况 (MC) 表格 5
You should expect feedback on your submitted coursework by Tuesday 21th of December, 2021. 您应该会在 2021 年 12 月 21 日(星期二)之前收到有关您提交的课程作业的反馈。
6 Marking Scheme
评分方案
Total marks for F21CN Coursework 2: 100 F21CN 课程作业 2 总分:100
1. Certificate, notary recording, notary record verification
证书、公证备案、公证备案验证
These should conform to the specification and be detailed and evidenced in the
这些应符合规范,并在
report. (25 marks)
报告。 (25 分)
2. Application code
应用代码
The code should be commented, (snippets) presented in the report and demonstrated. The application functions and security implementation must be evidenced in the report and in the demonstration recording. (25 marks)
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30
5

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续
器 代码应该被注释,(片段)出现在报告中并进行演示。应用功能和安全实施必须在报告和演示记录中得到证明。 (25
分)
3. (individualpart) Securityanalysis,threatmodel,riskassessment
(个别部分)安全分析、威胁模型、风险评估
The security norms at stake should be critically discussed, it should discuss the threat model considered and give a detailed risk assessment. (25 marks) 应该批判性地讨论所涉安全规范,它应该讨论所考虑的威胁模型并给出详细的风险评估。 (25 分)
5http://www.hw.ac.uk/students/studies/examinations/mitigating-circumstances.htm
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30

F21CN: Computer Network Security CW2 2021/22 F21CN:计算机网络安全 断续
4. Reportanddemonstration
报告与演示

The report should be well structured and provide the necessary codes, commands and screen- shot to document the work done. (25 marks) 报告应该结构合理,并提供必要的代码、命令和屏幕截图来记录完成的工作。 (25 分)
Grade guidance
年级指导
• A 70% and over Full implementation of the specification including network interface and extra features. Excellent quality of reports, demonstration and code.
70% 及以上 规范的完整实现,包括网络接口和额外功能。出色的报告、演示和代码质量。
• B 60-69% Full implementation of the specifications including network interface but without nec- essary extra features. Very good quality of report, demonstration and code.
B 60-69% 完全实施规范,包括网络接口,但没有必要的额外功能。报告、演示和代码的质量非 常好。
• C 50-59% Implementation of the most of the specifications with partial network interface, with- out extra features. Good quality of report, demonstration and code.
C 50-59% 使用部分网络接口实现大部分规范,没有额外的功能。良好的报告、演示和代码质量。
• D 40-49% Partial implementation of the specifications without network interface, without extra features. Acceptable quality of report, demonstration and code.
D 40-49% 部分实现没有网络接口的规范,没有额外的功能。可接受的报告、演示和代码质量。
• E 30-39% Partial implementation of the specifications without network interface, without extra features. Weak report, demonstration and code.
E 30-39% 部分实现没有网络接口的规范,没有额外的功能。弱报告、演示和代码。
• F 0-29% Limited implementation of the specifications without network interface, without extra features. Incomplete report, demonstration and code.
F 0-29% 没有网络接口的规范的有限实现,没有额外的功能。不完整的报告、演示和代码。
Deadline: 3:30pm on Tuesday 30th of November, 2021 截止日期:2021 年 11 月 30 日(星期二)下午 3:30