Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: THEend8_
INFO2222 Project: Security Part
This assignment is worth 15% of your final grade.
1 Security Part Description
Design and implement a secure end to end messaging tool.
Basic Functionality Requirements:
6 marks 1. Users can login with their username and password.
a. If login fails, show failure reason.
6 marks 2. If user successfully logs in, display the friend list: a list of all users who this
user is friends with. It can contain one or many or none.
6 marks 3. Users can add friends by submitting another user’s username to the server.
6 marks 4. Users can view a list of their friend requests (sent/received) and approve/reject
friend requests received from others.
30 marks 5. Users can click on a friend to open a chatroom. If both users are currently
online, assuming they are friends, they can communicate securely to each
other. User A sends a message to B securely, showing at B’s side, and vice
versa. The chatroom should distinguish which user the message is from.
a. The server acts as a middleman for transferring the messages – but
the messages should be encrypted so the server cannot read what
they are.
b. Message Authentication Code should be used so that each user can
be sure the server hasn’t modified the messages
15 marks 6. Message history is stored securely encrypted on the server and displayed
when a user opens a chatroom session.
a. The user’s password should be the key (or used to derive the key),
and the server should never know what it is.
Additional Criteria:
6 marks Properly store passwords on the server using hash and salt.
10 marks Use HTTPS to secure communication between the client and server, this does
encryption and also ensures integrity with HMAC. Browser warnings (eg. “this site
is not secure”) should not appear.
15 marks Ensure all requests to the server are properly authenticated (eg. using a session
token / cookie).
Total: 100 marks
INFO2222
Page 2 of 3
Template: We have provided a website template so that you can run a server and show pages
without needing to design a html layout and stylesheets from scratch. You will need to code the
frontend (client-side) using Javascript, and the backend is in Python. Please consider and investigate
the relevant cryptographic libraries you will need. You do not have to use this template if you are
already familiar with other web frameworks and you are free to choose your own layout and design, or
backend language. You may host the site locally, or can use a free cloud hosting provider (eg. Vercel).
The focus of this assignment is the security features – you will not be marked on layout or design
for this component, as that will be done in the second part of the assignment which will focus on
usability.
2 Submission
Your submission should consist of two files: A pdf report, and a zip file containing your codebase. Please
ensure these are uploaded separately to canvas (don’t put the report inside the zip file, because then it
cannot be detected for similarity checking).
In your report, please:
1. Explain how you addressed each of above items (basic functionality and additional criteria)
2. Include screenshots as evidence of the functionality, and relevant code excerpts to highlight where
security features were implemented / screenshots to show how it works, and what was done
3. Clearly identify how group members divided the tasks
There is no explicit word limit or requirement. Ensure you cite all sources used in your research.
Submission deadline: The report for this component (security part) and corresponding code is due
on Sunday midnight of W8.
3 Demonstration
Other than the report, you are required to give a demonstration to your tutor during class after you’ve
submitted. During the demonstration, you will show the functionality working, including security features
you have implemented and explain how they work. Your tutor may ask you questions about the sections
of code you wrote and to explain how a particular security feature is accomplished in the code. Failure to
attend for the demonstration will result in a deduction of 20 marks.
4 Group Member Contribution Adjustment
Marks may be adjusted among group members based on each’s contribution. Each group member will
give a confidential rating of the other’s contribution percentage to inform the teacher’s assessment of
their participation in the project work. There will be surveys conducted each week for this purpose.
INFO2222
Page 3 of 3
At the end of the project, marks may be adjusted as follows:
Group Mark = X points based on criteria
Bonus Mark = (Actual Contribution/50 - 1) * 20%
Penalty = (Actual Contribution/50 - 1) * 100%
Penalty Reduction = ((50 - Reported Contribution) / (50 - Actual Contribution)) * 25%
If Bonus Mark > 0:
Student receives X * (1 + Bonus Mark)
Else If Penalty > 0:
Student receives X * (1 – Penalty * (Penalty Reduction))
Else:
Student receives X
Mark cannot exceed 100% regardless of bonus marks.
For example:
• If Student A and Student B both contribute 50% each, then there is no adjustment and they
both receive the same mark X/100.
• If Student A contributed 75% effort and Student B only 25%, then Student A receives +10%
bonus to account for the extra work they may have had to do, and Student B receives -50%
penalty because they did half the work they should have done. Student A’s mark is 1.1*X and
student B’s mark is 0.5*X
o If Student B reported their contribution honestly (25% or less) then they receive a
reduction in their penalty of up to 25% - so instead of -50%, they would get -37.5%.
o If Student B reported their contribution dishonestly (50% or more) then they would
receive the full -50% penalty.
o If Student B reported their contribution less than 50% but greater than 25%, then they
would receive a reduction in their penalty linearly scaled in this range – so if they
reported 40%, then they get (10/25)*25% = 10% reduction in their penalty, so they
receive -45% penalty instead of -50%.
• If Student A contributed 100% and Student B contributed 0%, then Student A receives +20%
bonus, and Student B receives -100%.
• If Student A contributed 80% and Student B contributed 20%, then Student A receives +12%
bonus and Student B receives -60%.
• If Student A contributed 55% and Student B contributed 45%, then student A receives +2%
bonus mark and Student B receives -10% penalty (if student B reported their contribution as
45% or less, they only receive -7.5% penalty).
The actual contribution percentage will be determined based on a range of factors including:
• The demonstration during class
• Responses to confidential progressive weekly surveys and final survey (reported contribution)
• Division of tasks explained in the group report
• Additional evidence provided by group members