Objectives On completion of this assignment you should be able to: Understand some basic techniques for building a secure channel. Understand network programming. Task description You will implement a simplified version of the TLS/SSL protocol in this assignment. Write (Java or C/C++) UDP programs allowing two parties to mutually authenticate each other and establish a secure communication channel. For simplicity, let us call the programs “Host” and “Client”, which are executed by Alice and Bob, respectively. Alice and Bob share a common password PW, which contains 6 alphanumeric characters. Alice also has a public and privacy key pair (pk, sk) for the RSA encryption scheme. They want to establish a secure communication channel that can provide data confidentiality and integrity. This will be done via the following steps: (1) perform a mutual authentication and key exchange protocol; and (2) use the shared session key derived from the first step to secure the real communication.
Step 1 is done via the following mutual authentication and key exchange protocol: 1: A B: pk 2: B A: C1 = PKE pk(RK), C2 = SKERK(“Bob”||PW) 3: Alice decrypts C1 using sk to get RK, and then decrypt C2 to get “Bob”||PW. Alice checks PW and accepts the connection if and only if the PW is correct. Alice sends either “Successful” or “Unsuccessful” to Bob to indicate whether the connection is successful or not. In the above protocol, || denotes the string concatenation, PKE denotes the RSA encryption and SKE denotes the RC4 stream cipher. RK is a random value selected from the message space of the PKE. Alice and Bob then compute the shared session key as K = H(RK||PW) where H denotes the SHA-1 hash algorithm. After establishing the session key, step 2 is achieved as follows: 1. whenever Alice wants to send a message M to Bob, Alice first computes h = H(K||M||K), and then computes C = SKEK(M||h) and sends C to Bob; 2. upon receiving a ciphertext C, Bob first runs the decryption algorithm to obtain M||h. After that, Bob computes h’ = H(K||M||K) and checks if h = h’. If the equation holds, then Bob accepts M; otherwise, Bob rejects the ciphertext; 3. the same operations are performed when Bob sends a message to Alice.
Implementation guidelines Place Host and Client in two separate directories: Alice and Bob. The shared information (PW) is located in a file under each directory. Generate a public and private key pair for the Host (i.e., Alice), and store the generated public and private key pair in a file under Alice’s directory. The RSA modulus N must have at least 32 bits (i.e., the factors p and q of N should have at least 16 bits). Alice executes Host. - Host is running and listening to the opened port (you need to select a port for your code). Bob executes Client. - Client (Bob) sends a connection request to Host. - Client is ready and listens to the port. Alice and Bob perform the mutual authentication and key exchange protocol as outlined in Step 1. If Alice cannot successfully authenticate Bob in Step 1(3), then Alice quits the program after sending “Unsuccessful” to Bob. Bob also quits the program after receiving “Unsuccessful” from Alice. If the connection is successfully established, - Either Alice or Bob can send a message encrypted and authenticated by the key K. They type the message on their own terminal. The message is processed by their code (Host or Client) according to the step 2 given above. - The received message is printed on the screen if decryption is successful. Otherwise, print “decryption error” on the screen. - To quit the program, the client should type “exit”. You can choose to use some existing libraries or free source code to implement RC4 and SHA-1. You should cite the source if you use a downloaded code. How to run? Your programs should run according to the protocol. Host and Client should be executed on different windows. For convenience of marking, please use the local IP: 127.0.0.1 for the submitted version. For simplicity, there is no GUI required in this assignment. That is, messages are simply typed on the window and printed on the receiver’s window.
Files to be submitted: All source codes (Do not submit any executable). A readme file (text/ACSII only): instructions about how to compile and run your code. A Makefile: for C++ programmers. Alternatively, you provide the compilation instruction in the readme.