Electronic Commerce has become a part of today's Internet-based economy. In line with that, Secure Electronic Commerce embodies a concept for doing reliable business online. It includes shopping and marketing products or goods through secure business-to-business transactions or events. This course is an introduction to secure e-commerce, from the principles and concepts to practical examples. The objective of this assignment is for you to gain first-hand experience on how the security theories introduced in lectures are applied in the digital world.
1. Registration (Signing up) interface of the website, and keep the username and hashed password in the database;
2. Login to the website using the credentials used for registration;
3. Shopping cart page accessible after successful login with update feature;
4. Post shopping cart information and credit card numbers to database servers after encryption (with RSA and DES).
Note: You must not just “throw in the concepts” to your programs just because they need to be there; it should be clear from the code why a certain concept should be there and you must further explain these through your comments. You will also need to debug your code on your own and document any issues, etc. You are given marks on your ability to fulfill all requirements of this document.
There are implementation requirements (9 marks) and documentation requirements (1 mark) for a total of 10 marks.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You can get started as soon as the concepts are introduced in lessons.
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner (replicate your problem in a different context in isolation before posting).
2. Assessment Criteria
This assessment will determine your ability to:
1. Understand the concepts and techniques addressed in the lectures, tutorials and practical.
3. Write and debug the program independently.
4. Demonstrate the prototype properly.
5. Document the prototype.
6. Ability to provide references if necessary.
7. Meeting deadlines.
8. Seeking clarification from your “supervisor” (instructor) when needed via discussion forums.
9. Create a program by recalling concepts taught in class, understanding and applying concepts relevant to solution, analysing components of the problem, evaluating different approaches.
3. Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
1. Explain the range of threats to e-commerce security.
2. Explain how cryptography can be, and is, used to achieve security.
3. Describe the different standards in use for secure electronic commerce, such as certificates, MACs, etc.
4. Describe and analyse standard security mechanisms, such as filters, proxies and firewalls.
4. Assessment details
Note: Please ensure that you have read sections 1-3 of this document before going further.
Your prototype must meet the following implementation requirements (section 4.1) and documentation requirement (section 4.2); also refer to corresponding rows in the rubric (section 9).
• Registration function (1 point)
• Login function (1 point)
• Shopping cart function (2 points)
• The function of posting shopping cart information and credit card number to Server (5 points)
Deploy your system under the directory titan.csit.rmit.edu.au/~sXXXXXXX/assignment/ with the correct permission, with the main folder “assignment” and three subfolders “server”, “client” and “database” (more detail please see section 6).
C1. For the registration function,
• Do not allow register if entered password is less than 6 characters (+0.25 points);
• Enter plain password is hashed before register (+0.25 point);
• Save username in the database and hashed password in the database (+0.5).
C2. For the login function,
• Verify if the entered username and hashed password is existed in the database (+0.5 point);
• Successful login with correct username and password should access shopping cart page (+0.5 points).
C3. For the shopping cart function,
• Only successful login user can access to the shopping cart (+1 point);
• and the quantity of each item in the shopping cart can be updated (1 point);
• Contents of the shopping cart is stored separated based on current login user. (0.5 point)
C4. For the function of posting shopping cart information and credit card number to Server,
• If you post plain information and display plain information (1 point);
• If your post encrypted information and display plain information – RSA only (overall 2.5 points):
o Shopping cart information and credit card number are encrypted with RSA encryption algorithm (1 point),
o and the server decrypts the information with RSA decryption algorithm and stores it in the database (1.5 points);
• If you post encrypted information and display plain information - RSA and DES (overall 5 points):
o A successful login user posts an encrypted DES key (chosen by the user) to the server with RSA encryption algorithm (2 points),
o and the server retrieves the DES key with RSA decryption algorithm and keeps the DES key for this user (1 point),
o and the user will encrypt the shopping cart and credit card number with DES encryption algorithm and DES key (shared between the user and the server) before POSTing to the sever, and the server decrypts the encrypted shopping cart and credit card number with DES decryption algorithm and the shared DES key and stores it in the database (2 points).
In places where this specification may not tell you how exactly you should implement a certain feature, the programmer (you) need to use your judgment to choose and apply the most appropriate concepts from class materials. Follow answers given by your “supervisor” (you instructor) under Canvasâ†’Discussionsâ†’’Assignment’ when in doubt.
4.2) Documentation requirement (1 point)
D1. Write a report to describe what you have done and what you have observed with screenshots whenever necessary.
Recommended report format:
• Title, student name and id.
• Report is recommended to have a scenario of e-commerce with screen-shots containing the explanation.