Prog1 - CS4235Spring2008 ProgrammingProject1 :59p.m.,February 29,2008.:59p.m.onMonday .75. 11:59p.m.onMarch3 Thisisagroupproject..Youmaychoose

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS4235Spring2008 IntroductiontoInformationSecurity ProgrammingProject1 Thecompletedprojectisdueby11:59p.m.AtlantalocaltimeonFriday,February 29,2008.Studentssubmittingprojectsafterthatdatebutby11:59p.m.onMonday, March3willhavetheirscoresscaledby0.75.Noprojectswillbeacceptedafter 11:59p.m.onMarch3. Thisisagroupproject.Pleaseworkinagroupofsizetwoorthree.Youmaychoose yourowngrouppartners. Thisassignmentisprogrammingintensive.Ifyoudonotgetanearlystart,youmay beunabletosuccessfullycompletetheproject.Youmayimplementyoursolutionin anyofC,C++,orJavawithoutpriorapprovalfromtheTA.Youmayuseadifferent languageonlyiftheTAgivesyoupermission. Inthisproject,youwilldevelopaninstantmessagingsystemcalledChatter.Chatter hasaclientserverarchitecturethatallowsmultipleclientstocommunicatethrough asinglesharedserver.Thehumanuserofeachclientmustsuccessfullyauthenticate totheserver,andallcommunicationbetweeneveryclientandtheserveris encryptedtoprovideconfidentialityfromeavesdroppers. TheChatter"system"isasingleserverandoneormoreclientsconnectedtothe server.Youareresponsibleforimplementingthecompletesystem;thiswillrequire bothnetworkprogramminganduseofcryptographicprogramming.Forthis project,allcomponentsofthesystemshouldexecuteonRedHatEnterpriseLinux. ChatterServer TheChatterserverisacommandlinenetworkserverwithtwopurposes: 1. ItauthenticateshumanuserstotheChattersystem. 2. Itsecurelydistributesmessagestypedbyoneusertoallconnectedclients. Theservershouldhaveadatabaseofknownusernamesandpasswordhashes.You donotneedtoimplementfunctionalitytoaddorchangeexistingusersandcan manuallycreatethedatabase.Notethatpasswordsshouldnotbestoredincleartext sothataccidentaldisclosureofthedatabasetoanattackerdoesnotallowthe attackertoknowusers'passwords. Whenstarted,theservershouldbeginlisteningforincomingTCPconnectionsfrom Chatterclients.Uponreceiptofanincomingconnection,theserverandclientshould useDiffieHellmankeyexchangetoestablishasharedsecretkey.NotethattheDH valueschosenbytheclientandserver(g,p,a,andb)shouldbeselectedusinga randomnumbergeneratorsothateachsessionwillhaveadifferentkey.Assoonas thekeyisestablished,theclientandservershouldbeginsendingalldataencrypted withasymmetrickeyprotocolusingtheDHsecretkey. Afterestablishingthesecurechannel,theservershouldauthenticatethehuman useroftheChatterclient.Theclientshouldsendtheusernameandpasswordofthe useracrosstheencryptedchanneltotheserver.Theservershouldrecomputethe passwordhashandthenverifytheusernameandhashagainstthedatabaseof knownusers.Iftheverificationfails,thentheservershoulddisconnecttheclient. Otherwise,theservernextprovidesinstantmessagingservicetotheclient. Anauthorizedclientsendsmessagestotheserverandreceivesmessagesbackfrom theserver(includingmessagessentbyitself).Theservershouldacceptamessage fromanyconnectedandauthorizedclient.Itshouldthendistributethatmessageto allauthorizedclients,includingtheclientthatgeneratedthemessage.Notethat distributionwillrequiretheservertodecryptthemessageusingthesecretkey sharedwiththesenderandthentoreencryptthemessageusingeachclient'sunique sharedsecretkey.Whendistributingmessages,theservershouldalsosendthe usernameoftheclientthatgeneratedthemessage. Amessageisonelineofprintablecharactersendinginanewline.Messagesmay haveanarbitrarynumberofcharactersbeforethenewline,sobesurethatyour serverandclientallowsarbitrarylengthstrings. Theservershouldsilentlydiscardmessageswithunprintablecharacters. Clientsmaycomeandgoduringwhiletheserverisprovidinginstantmessaging service,soitshouldbeabletoauthenticatesomeclientswhilesimultaneously receivinganddistributingmessagestootherclientsalreadyauthenticated. Forourtesting,theservershouldsupportuptofoursimultaneouslyconnected users.Youmayprogramthissupportintotheserverinwhateverwayiseasiestfor you.Forexample,theservercanlistenforallconnectionsononeportandthenpass offeachincomingconnectionrequesttoachildprocess.Thisapproachscalesnicely toalargenumberofsimultaneousconnections.Alternatively,theservercouldlisten onfourportsandexpecteachofthefourclientstoconnectondifferentports.This willallowyoutowriteasimplersinglethreaded,singleprocessserver,althoughit islesselegant.Wesuggestprintingamessagetothescreenwhentheserverstarts upinstructingushowtoconnecteachoftheclientstotheserver. Oncestarted,theservershouldbenoninteractive.Atyourdiscretion,youcanhave theserverprintoutdebugmessagesifyouthinktheywillhelpustestyoursystem, butweshouldnotneedtotypecommandsintotheserver.Wewillexpectto terminatetheserver'sexecutionviaControlC. Theservershouldgracefullyhandleexitingclientsorlostnetworkconnections.The servershouldsimplyremovethatclientfromitslistofcurrentlyconnectedclients, andnewclientsshouldstillbeabletoconnecttotheserverandjointhesystem. ChatterClient TheChatterclientisacommandlineinteractiveprogramthatahumanusestochat withotherparticipantsoftheChattersystem.Theclientshouldtakecommandline argumentsthatspecifyhowtoconnecttotheChatterserver.Thisshouldincludethe TCPportatwhichtheserverislistening,andmayoptionallyincludeacomputer nameorIPaddressspecifyingwheretheserverisexecuting.Notethatourtestswill executetheserverandallclientsonthesamemachine,soamachinename argumentisnotrequired. Whenstarted,theclientshouldattempttoconnecttotheserver.Iftheattemptfails (perhapstheserverisnotexecuting),thentheclientshouldprintanerrormessage andexit.Iftheconnectionsucceeds,thentheclientshouldruntheDiffieHellman keyexchangealgorithmwiththeservertoestablishthesharedsessionkey.After establishingthekey,theclientshouldusesymmetrickeycryptographyforall subsequentcommunicationwiththeserver. Theclientshouldprompttheusertotypeausernameandpasswordatthe keyboard.Theclientthensendsthisinformationtotheserverovertheencrypted channelforuserauthentication.Ifauthenticationfails,thentheclientshouldprint anerrormessageandexit.Otherwise,theclientshouldenteritsinstantmessaging mode. Intheinstantmessagingmode,theclientreceivesinputfromboththekeyboardand theserver.Inputfromthekeyboardismadeofmessagestypedbythehumanusing theclient.Amessageisasinglelineofprintabletextendingwithanewline.When theuserfinishestypingamessage(e.g.presses<Return>),theclientshouldsend thatmessageacrosstheencryptedTCPchanneltotheserver. Inputfromtheserveriscomprisedofmessagesandtheusernameofeachmessage's author.Theclientshouldprinteachmessagetothescreenintheformat: <username>: <message> withouttheanglebrackets.Allmessagesfromtheservershouldbeprinted, includingthemessagesthatweresentbythesameclient.Makesurethatyoucan handlethecasewheretheclientreceivesamessagefromtheserverwhilethe humanuserwasinthemiddleoftypingatthekeyboard. Wewillexpecttoterminateaclient'sexecutionbypressingControlC,althoughyou arefreetocreateadifferentexitmechanismatyourdiscretion. Theclientshouldgracefullyhandleanunexpectedterminationoftheserveroralost networkconnection.Printinganerrormessageandexitingisasuitablebehavior. CryptographicAlgorithms YouneedtochoosetwocryptographicalgorithmsforuseintheChattersystem: 1. Thehashalgorithmusedonuserpasswords. 2. Thesymmetrickeycryptographicschemeusedfordataconfidentiality. Selectalgorithmsthatyoubelieveappropriatebasedonourclassroomdiscussions. Youshouldnotneedtoimplementeitherofthesealgorithms.Itisperfectlysuitable tofindanduselibrariesimplementingcryptographicoperations. Youmayneedtomassagethedatathatyouwouldliketoencrypt.Algorithmsoften expectplaintextdataofaspecificlength,soyoumayneedtobreaklongplaintext intosmallerblocksandpadshortmessagesouttoafullblocklength.When decryptingamessage,yourcodeshouldremovepaddingandreassembleblocksas necessary. DiffieHellmanKeyExchange YouwillneedtouseDHkeyexchangetocreatethesharedsecretkeyusedfor subsequentsymmetrickeycryptography.Thealgorithmwascoveredinclass;recall thatitusesthefollowingmathematicaloperations: Selectionofalargeprimenumber. Exponentiationofalargenumbertoalargeexponentinmodulararithmetic. Youarewelcometofindandusealibraryprovidingthisfunctionality.However, theseoperationsaresimpleenoughthatyoumaychoosetoimplementthem yourself. Forthisproject,youshouldchooseunsignedintegervalueslessthan232.Bewareof integeroverflow:thesquareofa32bitnumbermayrequire64bitstorepresent.If implementingyourownalgorithms,youshouldmakeuseofthe unsigned long longdatatype,orusealibraryforlargenumbers. Forefficientselectionofalargeprime,lookupthe"MillerRabinprimalitytest" online. Forefficientlargenumberexponentiation,lookup"Exponentiationbysquaring" online. NetworkProtocols YourChattersystemshoulduseTCPforallcommunicationbetweenclientsanda server.Thesystemrequiresseveraldifferenttypesofdatatobesentatdifferent pointsofexecution: DHparameterexchangedata(incleartext). Datacontainingahuman'susernameandpassword(encrypted). Anauthenticationresponsefromtheserver(encrypted). Datacontainingausernameandmessagesentbyahumantoallparticipants inthesystem(encrypted). Dependingonhowyouimplementconnectionestablishmentandconnection teardownbetweenaChatterclientandaserver,youmayhaveadditionalprotocol messagesnotlistedabove. Youwillneedtodevelopthenecessaryprotocols.Wesuggestcreatingalistof differentmessagetypes,whereeachtypeusesauniqueidentifierinthefirstbyteof themessage.Therecipientofdatafromthenetworkcanthenreadthefirstbyteto knowhowtointerprettheremainingdata. HowtoProceed Thisprojectrequiresafairlyextensiveimplementation,soitisimportanttoplan yoursolution.Wesuggestdividingtheworkamongtheteammembers.For example,oneteammembercouldworkontheserverandanothercouldworkon theclient.Theycouldinitiallyignoretheneedforencryptionsimplytogetnetwork communicationoperatingproperly.Meanwhile,thethirdteammembercouldbe developingthenecessarycryptographywhichcanthenbeeasilyinsertedintothe clientandservercode. WhattoTurnIn Submissionswillbedoneelectronicallyviaemail.Eachgrouponlyneedstosubmit onesolution,butitshouldlistallgroupmembers. CreateaREADMEfilecontainingthefollowinginformation: Thenamesofallgroupmembers. Adescriptionofwhatyouwereabletocomplete.Ifyoubelievethatyouhave afullyworkingsolution,thenthisexplanationwillbebrief.Otherwise,you shouldexplainwhatwewillfindworkingandwhatwewillfindbrokenor missingwhenwebegintesting. Astatementindicatingwhatcryptographicalgorithmyouusedtocompute passwordhashes. Astatementindicatingwhatcryptographicalgorithmyouusedforsymmetric encryptionanddecryption. Alistoftheusernamesandpasswordsfortheusersinyouruserdatabase. Exact,stepbystepinstructionstellingushowtobuildyourChatterserver andclient.WewillbuildyoursolutiononaCollegeofComputingRedHat Linuxdesktop.YoushouldexpectustocompileCandC++usinggcc3.4.6. ForJavaprograms,weprefertocompileusingjavacandtorunwithjava. Instructionstellingushowtorunyoursolution.Pleasegivetheexact commandlinesthatweneedtotype. AstatementtellinguswhichTCPportnumbersareusedbyyoursystem;or, instructionsstatinghowwecanfigurethisoutatruntime(incasetheports arechosendifferentlyforeachexecution).Weneedthisinformationforpart ofourtesting:wewillusenetworkmonitoringtoolstoverifythatthe communicationchannelsbetweenclientsandserverscarryencryptedtraffic. Citationstowebsitesstatingwhereyoufoundanynonstandardlibraries usedinyoursolution. Createazipfileortarballcontainingthefollowing: Allsourcecodethatyouwrote. Alllibrarycodethatisnonstandard(e.g.youdownloadeditfromthe Internet).Withoutthiscode,wewillbeunabletobuildyourutilities. Acompiledversionofyourserverandclientallreadyforustorun immediately. Auserdatabasefilecontainingusernamesandpasswordhashes. TheREADMEfiledescribedabove. EmailacopyofyourzipfileortarballtotheTAandCCtheinstructor.Youshould expecttoreceiveabriefemailinresponsesimplysothatyouknowwehave receivedyoursolution. AcademicConductStatement Yoursolutionmustbeyourown(andteammates)work.Althoughyoucanuse outsidesourcesforinformationandlibrarycode,you mustbelegallyallowedtouseanycodenotwrittenbyyou;and mustciteallsourcesofinformationandcode.Acitationshouldprovide sufficientinformationformyselforanyoneelsetofindthesourcethatyou used. Wemayemploytheuseofautomatedcodeanalysisandcomparisontoolsaspartof ourevaluation.Anysuspectedacademicconductviolationswillbereferredtothe DeanofStudentsOffice.Ifyouareeverunsurewhetherornotyouareactingin violationofacademicconductpolicies,pleaseaskusratherthanguessing. Grading Tobeannouncedmidproject.ScoreswillbepostedonTSquare. ...
View Full Document

This note was uploaded on 04/20/2008 for the course CS 4235 taught by Professor Giffin during the Spring '08 term at Georgia Institute of Technology.

Ask a homework question - tutors are online