这是一篇来自澳洲的关于对数据隐私保护技术、AWS身份管理和数据库安全，以及AWS VPN和防火墙实践的云安全代写

1. Overview

The objective of Assignment 3 is evaluating your knowledge on the topics covered mainly from Lecture 9 to 11. Topics include Data Privacy Protection Techniques, AWS Identity Management and Database Security, and AWS VPN and Firewall Practices. However, topics covered from Lecture 1 to 8 are required as prerequisite. Assignment 3 will focus on developing your abilities in application of knowledge, critical analysis, decision making and using AWS security services. Assignment 3 contains several problems related to the topics mentioned above. You are required to prepare your answers and programming codes, videos and upload them as a single zip file in CANVAS.

In this assignment, there are 4 (four) questions in total.

Question Q1 is about how to protect cloud data privacy with Homomorphic Encryption. To protect our data privacy in cloud and meanwhile allow the cloud server to process our data, the best solution is using homomorphic encryption scheme, e.g., Paillier encryption scheme, to protect our data in the cloud. In this question, you are expected to understand how homormphic encrytion technique can be used to protect your data privacy in Cloud and analyse data privacy.

Question Q2 is about Key Recovery with Shamir Secret Sharing. In Question Q1, the decryption key of homomorphic encryption is required when decrypting the ciphertexts downloaded from the cloud. If you lost your decryption key, you would lose all of your date stored in the cloud.  In this question, you are expected to use Shamir’s secret sharing scheme to recover your decryption key of homomorphic encryption.

Question 3 is about Secure Data Management via Amazon S3. Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. In this question, you are expected to demonstrate your understanding of how to create three secure buckets in Amazon S3 to keep the data from the three departments of a company, respectively.

Question Q4 is about AWS Virtual Private Network (AWS VPN). AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS resources in your on-premises network. With Client VPN, you can access your resources from any location using an OpenVPN-based VPN client. Client VPN offers the following features and functionality: secure connections, authentication, granular control, ease of use and etc. In this question, you are expected to demonstrate your understanding of how to create an AWS VPN server for a company and allow the staff of the  company to get access to the AWS VPN server and then AWS VPC.

Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture 9 (in Week 9). At the end of each week starting from Week 9 to Week 11, you should be able to solve at least one question.

If there are questions, you may ask via the relevant Canvas discussion forums in a general manner.

2. Learning Outcomes

This assessment is relevant to the following Learning Outcomes:

• Demonstrate knowledge of cloud security principles and mechanisms
• Demonstrate computer programming and configuration skills required to develop a cloud security infrastructure
• Identify cloud security weaknesses by recognising and discovering threats and vulnerabilities to cloud computing
• Problem solve how to fix cloud security weaknesses and mitigate security threats to cloud computing
• Demonstrate knowledge and skills to prepare for industry cloud security certificate exams, e.g. CCSK, CCSP.
• Communicate clearly and effectively using the technical language of the field correctly.

3. Submission

You must follow the following special instructions:

• You must use the values provided in the questions.
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word).
• You are required to show all of the steps and intermediate results for each question.
• For Questions 3 and 4, use screen shots to show clearly the outcome of each step you took to arrive at your answers. And, also include videos to demonstrate your configurations.
• Upload your answers together with programming codes and videos as a single zip file in CANVAS.

This assessment will determine your ability to:

• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using security concepts, principles and mechanisms taught over the course.
• Meeting deadlines.

After the due date, you will have 5 business days to submit your assignment as a late submission. Late submissions will incur a penalty of 10% per day. After these five days, Canvas will be closed and you will lose ALL the assignment marks.

4. Assessment details

Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q4) are provided in the next page.