Understand how AWS applies hashing techniques, digital

Assignment Detail:- Cloud Security Learning Outcome 1: understand how AWS applies hashing techniques, digital signature, key management, and security protocols to achieve cloud security- Learning Outcome 2: discuss various types of confidentiality, authentication and data integrity mechanisms in cloud computing- Learning Outcome 3: analyze the strength and limitations of security protocols for cloud computing- Learning Outcome 4: design and implement security mechanisms and protocols- Q1- Cloud Client-Side Encryption Tool Q2- Signing AWS Requests with Signature Version Q3- AWS Key Management Service Q4- AWS Site-to-Site VPN based on Diffie-Hellman Key Establishment Q5- SSL Handshake Protocol In this assignment, there are 5 -five- questions related to AWS-Amazon Simple Storage Service -Amazon S3- is an object storage service that offers industry-leading scalability, data availability, security, and performance- This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics- You have two options for protecting data at rest in Amazon S3- Server-Side Encryption - Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects-Client-Side Encryption - Encrypt data client-side and upload the encrypted data to Amazon S3- In this case, you manage the encryption process, the encryption keys, and related tools- The first question of this assignment is to implement a client-side encryption tool built on Advanced Encryption Standard -AES-- Question 2 is on Signing AWS Requests with Signature Version 4- When you send HTTP requests to AWS, you need to sign the requests so that AWS can identify who sent them- You sign requests with your AWS access key, which consists of an access key ID and secret access key-The signing process helps secure requests in the following ways: verify the identity of the requester, protect data in transit, and protect against potential replay attacks- In this question, you are required to use AWS Signature Version 4 to generate a signature on a given string- Through this question, you are expected to understand the detail signature generation and verification process of AWS Signature Version 4- Question 3 is about AWS Key Management Service-AWS KMS-, a managed service that makes it easy for you to create and control customer master keys -CMKs-, the encryption keys used to encrypt your data- AWS KMS CMKs are protected by hardware security modules -HSMs- that are validated by the FIPS 140-2 Cryptographic Module Validation Program-AWS Key Management Service supports symmetric and asymmetric Customer Master Keys -CMKs-- A symmetric CMK represents a 256-bit key that is used for encryption and decryption- CMKs are created in AWS KMS- Symmetric CMKs never leave AWS KMS unencrypted- In this question, you are required to create a data key to encrypt a data and then store it in AWS- Through the question, you are expected to understand how data is encrypted and store in AWS- Question 4 is about AWS Site-to-Site VPN based on Diffie-Hellman key establishment- An AWS Site-to-Site VPN connection connects your Virtual Private Cloud -VPC- to your data centre- Amazon supports Internet Protocol Security -IPSec- VPN connections- Data transferred between your VPC and data centre routes over an encrypted VPN connection to help maintain the confidentiality and integrity of data in transit- Internet Key Exchange -IKEv2- is the protocol used to set up a security association -SA- in the IPSec protocol suite- IKEv2 uses X-509 certificates for authentication ???? either pre-shared or distributed and a Diffie-Hellman key exchange to set up a shared session secret from which cryptographic keys are derived-The question has three parts- In the first part, you are expected to implement the Diffie-Hellman key exchange protocol for AWS Site-to-Site VPN- In the second part, you are expected to perform a man-in-the-middle attack to the Diffie-Hellman key exchange protocol- In the last part, you are expected to propose an improved key exchange protocol which is able to overcome the man-in-the-middle attack- The last question is on Secure Socket Layer -SSL- Handshake Protocol-Secure Sockets Layer -SSL- is a standard security technology for establishing an encrypted link between a server and a client - typically a web server -website- and a web browser- AWS Certificate Manager from Amazon Web Services -AWS- takes care of deploying certificates to help you enable SSL/TLS for your website- Assume that AWS Certificate Manager issues you a SSL certificate and you have installed the certificate in your website hosted on AWS- When a client browses your website, suppose the client will run a SSL handshake protocol with ephemeral public key with your website to establish an encrypted link between the client and your website- In this question, we are expected to demonstrate your understanding how SSL handshake protocol with ephemeral public key work and analyse client authentication, server authentication, and forward security of the SSL handshake protocol- Develop this assignment in an iterative fashion -as opposed to completing it in one sitting-- You should be able to startpreparing your answers immediately after Lecture-5 -in Week-5-- At the end of each week starting from Week-5 to Week-8, you should be able to solve at least one question-

Most Recent Questions