Q1.Secure Payment Method Integration (Marks 18)
Assume that Alice has an E-Commerce Website where she sells different electronic bike.Initial HTMLand PHP pages of Alice's E-Commerce Website are provided in the CANVAS.Please refer to the following Figure-1.1 as an example of the
Figure-1.1:Product List Page of Alice's Electronic Bike ShopWebsite
When a customer clicks the “BUY”button of an item,the customer is forwarded to the following Shopping Cart page (see Figure-1.2) showing the selected items.Once the user clicks the “CHECKOUT NOW” button,it should go to the
Billing Information page(see Figure-1.3).
Figure-1.2:Shopping Cart Page of Alice's E-Commerce Website
Figure-1.3:Shopping Cart Payment Page of Alice's Electronic Bike Shop Website
In order to increase sales of her E-Commerce Website,she wants to include different types of payment options such as PayPal,MasterCard,Visa,AmEx,Google Pay,Apple Pay,Alipay,etc.Pleaserefer to the tutorials on integrating PayPal and Google Pay integrations asexamples.
In this task,you need to integrate at least four different payment options in the given e-commerce application,two of which should be PayPal and Google Pay.To fulfil the requirements of this task you need to perform. the followings:
(a)Upload the final files (e.g.,HTML,PHP,and JavaScript. files)as attachment in the CANVAS along with your assignment submission.
(b)In the assignment solution,provide step-by-step guidelines of integrating the selected four payment options with appropriate codes and screenshot of your output pages.You must demo the solution ofthis question to your tutor as a group.Date and time of demo will be announcedseparately.No demo,no marks.Please note that you do not need to provide any video of the demonstration.
Q2.Multi-Signature (Marks:10)
Imagine Alice,Bob,and Karen share a business.They have decided that whenever they purchase something for the business everyone must approve thetransaction.They have made that known to their bank AusBank.The bank isaware that a check will have signatures ofall for it to be valid.A typical blank check is shown below (see Figure-2.1).
Figure-2.1:A typical blank check
(a) Scenario-1:Assume that Alice,Bob,and Karenwant to issue a bank check of S100,000 in favourof XYZ company. To make it clear, XYZ isthe payee,the payable amount is $100,000,and Alice,Bob,and Karen are the payers of the check.The name of payee and the amount are printed on the check as shown in Figure-2.2.The checkmustbe
signed by each payer.Each payer hasa public and private keypair that is generated using a Public-Key
cryptosystem.Each payer will sign the message“100000”with theirrespective private key and generate a digital signature for the message.Bank knows the public keys of each payer.You arerequired to perform. the following tasks:
i. For each payer,show detail computations of each step for generating digital signatures for the above message (M =100000)using suitable key parameters (i.e.,you are allowed to choose the requirec parameters by yourown).
ii. Assume three digital signatures will be embedded somewhere on the blank space of the check as shown ir Figure-2.2. Show how the bank will verify the signatures before deciding to accept/reject the digital check Detail computations mustbe shown.
Figure-2.2:The bank check with payee name and amount containing digital signatures ofpayers:Alice, Bob,and Karen
(b) Scenario-2: With the situation mentioned in Scenario-1 (see Q2(a) ,Bankis worried that they have to verify three signaturesseparatelyeverytime a check comes from payers (i.e.,Alice,Bob,and Charlie).In order to reduce computational burden,Bank wants to verify just one signature.Payers are alsoeager to combine three signatures intoone as shown in Figure-2.3. How can this be accomplished with multi-signature?Explain the process and show detailed computations of each step.
To illustrate the process (Signing and verification of payment message using Multi-Signature)and show detailed computations of each step,a diagram should be used.This diagram should include all the necessary information that applies to the process as well as the calculations that are required.This demonstrates a visual representation of the process and provides a way to easily track every step.The process should be identified and broken down into each component,and mathematical calculations should be provided for each part as a means of determining the results.Having this information presented in a clear and concise manner can help to understand the process more effectively.
Figure-2.3:The bank check with payee nameand amountcontaining Multi-Signatures of payers:Alice,Bob,and Karen
Q3.Designing Reliable E-Commerce Systems (Marks 5)
An E-commerce company is setting up online business.They are expecting lots of clients to visit their website at the same time for purchasing items online.The company understands that the“n-tier architecture”is an industry-proven software architecture model.The architecture model is suitable to support enterprise level client-serverapplications by providing solutions to scalability,security,fault tolerance,reusability,and maintainability.It helps developers to create flexible and reusable applications.
Based on the above understanding,the company has decided to build a 3-tier robust E-commerce site as shown in Figure-3 to handle large number of e-transactions.The first tier,called web-server cluster,consists of a number of web-servers as application front-end.The second tier is known as application-server cluster and the third tier is named
as database-server cluster.Similar to the first tier,both second and third tiers have a number of servers.Having multiple
servers in every tier,offers higher reliabilityto the tier itself and to the overall multi-tier E-commerce system.
Figure-3:Three-tier E-Commerce System
However,company is running short of cash,and can only afford to buy old computers having only 75%(i.e.,0.75) reliability.Despite this,the company is determined to build a web-server cluster with 99.999% reliability,
application-server cluster with 99.99% reliability,and database-server cluster with 99.9% reliability.Based on the requirement of the company,you need to determine the followings by showing detail computations:
a)How many serverswould be required for different clusters?
b)What would be overall reliabilityof the 3-tier E-commerce system?
Q4.Secure Identification in E-Commerce Application (Marks 7)
Assume a real-lifelike scenario where Alice goes to wonderland for shopping and having fun.Usually,she caries a debit card issued by XYZ bank and withdraws cash from ATM to purchase something.There are plenty of XYZ banks and ATM machines in wonderland.One day,while she was in a shopping mall,she realizes that her wallet is no longer in the pocket ofher jacket.She has lost not only herATM card but also all the ID cards.So,going to the bank and showing her ID card to prove her identity is not an option.The only thingshe has is her mobile phone whichcan perform. large mod calculation.She is embarrassed and disappointed.
She then remembers the advice given by the bank when she is in a difficult situation like this.The bank advised her to go to any branch office ofXYZ and prove to them that she knows a secret without revealing the secret.They explained her the protocol.So,Alice goes to a branch office of XYZ and talks to branch officer Bob to prove that she knows a secret without revealing it.
How can the bank facilitate this with help of zero-knowledge-proof (ZKP)protocol?Assume bank is the trusted third party(TTP)deploying zero-knowledge-proof (ZKP)protocol,Alice is the prover and Bob is the verifier.Show all the steps in details and sequence diagram to illustrate how Alice convinces Bob.Also,show what the bank must prepare in advance to facilitate this.
Q4.Secure Identification in E-Commerce Application (Marks 7)
Assume a real-lifelike scenario where Alice goes to wonderlandfor shopping and having fun.Usually,she carries a debit card issued by XYZ bank and withdraws cash from ATM to purchase something.There are plenty of XYZ banks and ATM machines in wonderland.One day,while she was in a shopping mall,she realizes that her wallet is no longer in the pocket of her jacket.She has lost not only herATM card butalsoall the ID cards.So,going to the bank and showing her ID card to prove her identityis not an option.The only thingshe has is her mobile phonewhichcan perform. large mod calculation.She is embarrassed and disappointed
She then remembers theadvice given bythe bank when she is in a difficult situation like this.The bank advised her to go to any branch office of XYZ and prove to them that she knows a secret without revealing the secret.They explained her the protocol.So,Alice goes to a branch office of XYZ and talks to branch officer Bob to prove that she knows a secret without revealing it.
How can the bank facilitate this with help of zero-knowledge-proof (ZKP)protocol?Assume bank is the trusted third party(TTP)deploying zero-knowledge-proof (ZKP)protocol,Alice is the prover and Bob isthe verifier.Show all thesteps in details and sequence diagram to ilustrate how Alice convinces Bob.Also,show what the bank must prepare in advance to facilitate this.