INFO2222 Project 1 Solution

1 Security Part Description
Design and implement a secure end to end messaging tool. Basic exemplary flow:
1. In a page, user A logs in, typing username, pwd
2. If successfully log in, showing friend list, could contain just one; if log in fail, show failure reason.
Examine criteria:
1. Properly store passwords on the server —– 15 points
2. When log in, first check server’s certificate (e.g., you can manually create one using a hardcoded CA public key in your code) — 15 points
3. Securely transmitting a pwd to server (leveraging secure protocols or design the secure transmission properly) — 10 points
4. Properly check whether password is correct (at least use the simple method that defends against offline pre-computation attacks) —– 10 points
5. Securely transmitting the message from A to B, even the server who can forward communication transcript cannot read the message, or modify the ciphertext (leveraging secure protocols or design the authenticated secure transmission properly) — 40 points
6. Clarify of the report. — 10 points
There are also 20 points bonus if done well or extra functionalities are added, and for adjustment on single-member team.
Reporting requirement.
1. explain in one or two sentence how you address each of above items
2. show screenshot as evidence, if you can demonstrate intermediate executions in extra page, would be even better.
3. clear identify how group members divide the tasks.
4. no explicit word requirement
Remark 1 The template and code were just an example, if you prefer to do it in other framework, or using other language, it is OK. Just to make sure you can demonstrate that you properly implement the security features listed above.
2 Usability Part Description
You already have an account and messaging service that allows pair-wise communication among students themselves and to specific academic/administrative staff.
Besides the Login, Register, Messaging (view, send), Regular User role, your website should also have functionalities like following (to be assessed in last activity)
• Data/Info hierarchy – how you organize user generated contents
• Admin Role - delete/mute user, delete a course guide
• One specific user function – depending on your user investigation.
2.1 Recommended Activities
Step1: User Investigation. During this phase, you are to investigate your chosen group to determine what they need from your website. To make things easier, your group can concern yourself with a single very specific type of user:
• Students – this can range from any students starting just starting their program of studies to final year students. It can also include students transferring into a computing program from other USyd schools.
• Alumni – graduates who are willing to give back to their alma mater and to guide their juniors
• SCS/administrative staff – this can include program managers, academic advisors and administrative staff responsible for the running of program operations that affects students’ academic performance.
Perform a PACT analysis for your chosen group. You will likely still find that your selected group is too large and complex but your analysis should help you identify what you know about your target group and what you need to find out during your investigation to narrow your group down to a single persona. Step 1: Expected output: — 20 points.
• Outline of the user investigation process (surveys/interviews, how many?) that your group has used to narrow down your target user.
• Research materials used to collect data about your target group
• A persona document outlining your target persona
• Based on your findings above, gather content (collection of documents) relevant to the interest of your target persona. This should be in document form before you convert it to your website and must keep it updated with any changes. Ensure you cite all sources and quote where you have copied text verbatim.
Step 2: Navigation design. There will hopefully be a lot of information from Step 1 in many potential categories. As well as this, your website will need to include the following ‘user’ actions stated in the core requirements in addition to actions specified specially for your own target user group. Conduct a card sorting session with some of your target user group and use your results to create the navigation map (site map) of your website.
Step 2: expected output. — 20 points.
• Outline of card sorting session along with all materials that was used.
• Information architecture of your website
Step 3: Design-Evaluate (Prototype (paper or digital) ). Based on the information architecture that you have from the previous phase, brainstorm and create sketches of your website. Create a prototype of the best design and perform guerrilla test with target users using this prototype. Each of your team member should take part in the guerrilla test, at least one participant is outside of your team.
Step3: expected output. — 20 points.
• A prioritized list of additional features?
• Outline steps taken to determine the ‘best’ design to be prototyped
• Paper or digital prototype,
• Mini-report that outline of how guerrilla test is conducted, actual raw results, materials used and findings of the test.
Step 4: Design-Evaluate (Hi-Fi Prototype). Focus on converting your (improved) prototype (paper or digital) to the real web server. Do this incrementally and perform evaluations (e.g., think aloud test) to ensure that you are on the right track.
Step 4: expected output: — 20 points.
• Incremental development plan (two iterations at least)
• Outline of evaluations conducted
• Demonstrations of the functionalities mentioned at the beginning, admin roles, the user specific function etc.
Remark 2 Your output in Step4 does not need to be perfect, we care more and the markings will focus on your improvements over each iteration.
Step5:Final report. — 20 points.
• It is a collection of all the previous outputs in a neat format. The template is given.
Bonus step.— 20 points. You can re-use and extend many of your existing implementations on the security project to have public and private mode of posts. The default mode of posts could be public. The private mode will be visible to only specific role or user (i.e., you have to use encryption properly).