COMS11200 The Tour: Second Main Assignment (Weeks 10,11,12)

There was going to be a small exercise for week 10, but I haven't had time to sort it out properly. Instead, I am asking everyone to get prepared for the second main assignment by sorting out groups, and doing some planning.

Administrative Details

This assignment is intended to introduce you to systems design, without involving you in any programming. It involves developing human as well as computer procedures for an Internet banking system, and writing these down as precise algorithms, expressed in English. It involves thinking about many issues, including concurrency (several things happening at once) and protocols (to deal with what can go wrong) and public key cryptography (to prevent unauthorised tampering). It is suggested that you work in groups of three; this will introduce you to group working, and allow you to try out your system "by hand" using paper or email, with a payer, payee and banker.

The way in which you combine into groups is up to you; for first year undergraduates, using tutor groups might be suitable. Otherwise, groups of friends or lab acquaintances would be fine, or in the last resort you could email an advert for group members. Please don't form groups of more than five (and four or five is pushing it; two or three is better). One or two people may need to do it on their own for special reasons (but please let me know). The size of the group will be taken into account for marking.

The hand-in date is Friday 23rd January (the end of week 12). The assignment counts for 10% of the assessment for the unit. As usual, please use all the available lab time, if you can; if you leave it to the last week, there there will be too much competition for lab spaces.

Submit your work as a web page (or several linked pages), making it available via your home page. Each group should submit a single page; one person should store it in their web space, and the others should make links to it. The page should list all the members of the group, and briefly explain their contributions. There will be a single mark for each group, ie all members of the group will be given the same mark.

As with all your work, please put a printed copy into your portfolio for your end-of-year assessment, and get it ticked off by a lab supervisor (each member of the group needs a separate printout or good photocopy for the portfolio).

Instructions

Develop an email-based banking system. There should be at least: a procedure for someone to follow to send a digital cheque by email to someone else, a procedure for someone to deposit a cheque in their account by sending an email message to the bank, and a procedure for the bank to transfer funds from one account to another as the result of receiving a deposit message. It is sufficient to assume a single bank, though to get very high marks, you might like to at least consider the issue of clearing between banks.

Each person involved (payer, payee, banker) should follow precise written procedures for communicating by email (or similar). The procedures you develop will necessarily involve public key cryptography, which you need to read about. No programming is required for this assignment, and no actual cryptography is required, just descriptions of what would be encrypted and what keys would be used. You needn't worry about efficiency issues such as using digests etc; all you need to know is:

1. you can assume that there is a reliable authority who issues public keys for people and makes them available to everybody
2. encrypting with someone's public key means that only they can read it (by decrypting with their private key)
3. encrypting with your private key acts like a signature so that everyone knows the message must have come from you (by decrypting with your public key)
4. you can doubly encrypt a message (encrypt it with one key, then encrypt the result with a second key) when necessary.

Your assignment should include:

• A list of group members, and a brief statement about their roles.
• A brief advertisement for your system, including brief explanations of why users should regard your system as safe and convenient.
• Brief instructions for the payers and payees about how to use the system.
• A technical description of the way the system works, including descriptions of (human and/or computer) procedures for payer, payee and banker, and explanations of why the system is reliable and safe in all circumstances.
• Examples of your system in action, eg simulated email messages. You should make it clear which parts of the messages are "in clear" and which are encrypted. An encrypted part can be written as ENCRYPT(K,"This is a message") so that the contents remain visible, and it is clear what is going on.

You will need to think carefully about possible ways in which your system might go wrong, or might be misused. For example, what happens if a message gets lost in the mail, or is intercepted by an eavesdropper, or a payee tries to deposit a cheque twice.

Assessment will be broadly along the same lines as the first assigmnent, under the three headings of presentation (as before), content (which will include coherence of overall structure, and evidence of successful group working) and technical quality (which will include clarity, accuracy, reliability and safety of your proposed system).