COE817-Project Solved

1. Implement SSL protocol with Java security framework.  

Familiar yourself with the following 4 parts of Java security framework described in  https://docs.oracle.com/javase/tutorial/security/.   

  

API and Tools Use for Secure Code and File Exchanges  

Signing Code and Granting It Permissions   

Exchanging Files  

Generating and Verifying Signatures  

Design and implement SSL handshake and record layer protocol at the application layer (your implementation on record layer protocol may not include the compress and decompress steps). Use as many ciphers, protocols, algorithms/functions from the framework.    

  

2.   Digital Certified Mail  
This project implements the digital certified mail scheme. A more theoretical discussion is found in "A Randomizing Protocol for Signing Contracts," by Even et. al., Communications of the ACM, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.98.7448&rep=rep1&type=pdf.  The objectives of digital certified mail are (1) to require that a recipient sign for a message prior to receiving it, and (2) to prevent a sender from forging a receipt.  

The solution involves several exchanges of keys to ensure that when the sender has a valid receipt, the recipient will also have a decrypted version of the text. Both sides must generate random DES keys, and encrypt receipts and one bogus message (to be sent by the Sender). Both sides will transfer the keys to each other using the oblivious transfer protocol.  

  

     3.    Secure Purchase Order  
Implement a secure purchase order system that allows the user to enter a purchase request and routes it (by secure email) to a supervisor for signature and then to the purchasing department.  

•  All connections between parties will be preceded by public-key mutual authentication.  

•  The signatures of both the purchaser and the supervisor will be public key based, and will be performed on a hash of the purchase order. The signature of the purchaser will be sent to both the supervisor and the orders department along with a timestamp. If an order is approved by the supervisor, the orders department can cross-check the digest signed by the supervisor with the digest signed by the purchaser. The signature and time-stamping is obviously important in preventing repudiation. I am purposely ignoring the possibility that a user will "publish" their key to back up a repudiation. Ideally, the user's key will not be easily accessible and, since the whole process takes place in one organization, the possible means of revealing a key are very limited. The biggest threat is a user using another user's machine the forge an order.  

•  All messages will be encrypted using RSA public-key cryptography. Depending on performance (and time) this might be optimized by using RSA to only send a one-time secret key.  

 

4.        Flow Table Security in Software Defined Networks (SDN)
Software Defined Networking (SDN) is an emerging networking paradigm in which the control plane and the data plane of the network are separated. In SDN, a controller monitors the whole network and makes decisions on packet forwarding (data plane) for the switches inside the network. In existing SDN frameworks, the main interface to the network switches is OpenFlow. An SDN controller inserts and updates flow entries, forwarding rules for the current traffic flows into one or more flow tables inside each switch. The resulting decoupling of the control and data plane simplifies network monitoring, fault tolerance and at the same time it introduces new security issues. In this project you need to investigate the security challenges and proposed solutions discussed in different scholarly articles.