zip

CSCI368 Network Security Session 3 Assignment 1 Solved

65.00 $

Category: Tags: , , , , ,

Description

5/5 - (3 votes)

Objectives

On completion of this assignment you should be able to:

  • Understand some basic techniques for building a secure channel.
  • Perform some basic security analysis for secure communication protocols.

 

Programing Task

Write (Java or C/C++) UDP programs allowing two parties to mutually authenticate each other and establish a secure communication channel. For simplicity, let us call the programs “Host” and “Client”, which are executed by Alice and Bob, respectively.

Alice and Bob share a common password PW, which contains 6 alphanumeric characters. Alice also has a public and privacy key pair (pk, sk) for the RSA encryption scheme. They want to establish a secure communication channel that can provide data confidentiality and integrity. This will be done via the following steps: (1) perform a mutual authentication and key exchange protocol; and (2) use the shared session key derived from the first step to secure the real communication.

Step 1 is done via the following mutual authentication and key exchange protocol:

1: B → A: NB

2:  A → B: pk, NA

3:  B → A: C1 = PKE pk(K), C2 = SKEK(Username||PW)

Alice decrypts C1 using sk to get K, and then decrypts C2 to get Username and PW. Alice checks Username and PW and accepts the connection if and only if they are correct. Alice sends either “Successful” or “Failed” to Bob to indicate whether the connection is successful or not.

4: A → B: Authentication Successful/Failed

In the above protocol, NB and NA denote 128-bit nonces chosen by Bob and Alice, respectively; PKE denotes the RSA encryption; SKE denotes the RC4 stream cipher and || denotes string concatenation. K is a random string selected from the message space of the PKE. Alice and Bob then compute the shared session key as ssk = H(K||NB||NA) where H denotes the SHA-1 hash algorithm.

After establishing the session key, step 2 is achieved as follows:

  1. whenever Alice wants to send a message m to Bob, Alice first computes an integrity check value h = H(ssk||m||ssk), and then computes C = SKEssk(m||h) and sends C to Bob;
  2. upon receiving a ciphertext C, Bob first runs the decryption algorithm to obtain m||h. After that, Bob computes h’ = H(ssk||m||ssk) and checks if h = h’. If the equation holds, then Bob accepts m; otherwise, Bob rejects the ciphertext;
  3. the same operations are performed when Bob sends a message to Alice.

Implementation guidelines

  • Place Host and Client in two separate directories: Alice and Bob. Alice also stores a password file in her directory. The password file contains all the user records, e.g., (Bob, PW).
  • Generate a public and private key pair for Alice, and store the generated public and private key pair in a key file under Alice’s directory. The key generation can be done using a separate program.
  • Alice executes Host.
    • Host is running and listening to the opened port (you need to select a port for your code).
  • Bob executes Client.
    • Client asks for input (username and PW) from Bob via keyboard.
    • Client sends the first message (i.e., NB) to Host.
  • Alice and Bob perform the authentication and key exchange protocol as outlined above.
  • If Alice cannot successfully authenticate Bob, then Alice quits the program after sending “Authentication Failed” to Bob. Bob also quits the program after receiving the message from Alice.
  • If the connection is successfully established,
    • Either Alice or Bob can send a message encrypted and authenticated by the session key ssk. They type the message on their own terminal. The message is processed by their code according to step 2 given above.
    • The received message is printed on the screen if decryption is successful. Otherwise, print “Decryption Error” on the screen.
    • To quit the programs, Bob should type “exit”.

You can choose to use existing library functions or open source code to implement UDP sockets, RSA, RC4 and SHA-1. You should provide a reference if you use any downloaded code. 

How to run?

Your programs should run according to the protocol. Host and Client should be executed on different windows. For convenience of marking, please use the local IP: 127.0.0.1 for the submitted version. For simplicity, there is no GUI required in this assignment. That is, messages are simply typed on the window and printed on the receiver’s window.

Mark distribution:

  1. RSA key generation and storage: 2 marks
  2. Key Establishment (Step 1): 8 marks
  3. Data Encryption/Decryption (Step 2): 8 marks
  4. Proper and clear message display: 2 marks

Note: code that cannot be compiled or executed will receive a zero mark.

 

 

Files to be submitted:

All source codes (Do not submit any executable).

A readme file (text/ACSII only): instructions about how to compile and run your code.

 

 

  • CSCI368A1-NetworkSecurity-fx2mfk.zip

Related products