1 Security Part Description
Design and implement a secure end to end messaging tool. Basic exemplary flow:
1. In a page, user A logs in, typing username, pwd
2. If successfully log in, showing friend list, could contain just one; if log in fail, show failure reason.
Template. We have provided a website template so that you can run a server and show corresponding sites with the prepared the html pages. While the control functions are located at the corresponding Python files. You can just modify and add function in corresponding Python files. You
1. Properly store passwords on the server —– 15 points
2. When log in, first check server’s certificate (e.g., you can manually create one using a hardcoded
CA public key in your code) — 25 points
3. Securely transmitting a pwd to server (leveraging secure protocols or design the secure transmission properly) — 10 points
4. Properly check whether password is correct (at least use the simple method that defends against offline pre-computation attacks) —– 10 points
5. Securely transmitting the message from A to B, even the server who can forward communication transcript cannot read the message, or modify the ciphertext (leveraging secure protocols or design the authenticated secure transmission properly) — 40 points
Reporting requirement.
1. Explain how you address each of above items
2. Attach screenshots as evidence
1
3. Clearly identify how group members divide the tasks
4. No explicit word requirement
Remark 1: The template and code were just an example, if you prefer to do it in other framework, or using other language, it is OK. Just to make sure you can demonstrate that you properly implement the security features listed above.
