HUMBOLDT-UNIVERSITÄT ZU BERLIN
COMPUTER SCIENCE DEPARTMENT
Systems Architecture Group

Head: Prof. Dr. Jens-Peter Redlich
Secretary:  Silvia Schoch
Phone: +49(30)2093-41150

 

     

Assignment 1: Encrypted communication

Credits

Edward W. Felten, http://www.cs.princeton.edu/

Logistics

Your solution should be a zip-file containing two things: your source code (any files you modified or created), and a report that describes what you did and why. The report should be an HTML file named index.html. (It may contain links to other files, if you include those files in your submission.)

You must work in a group (two people) on this assignment. You may not collaborate with anyone outside your group.

Introduction

At present, chat clients communicate with the chat server via ordinary network connections. No crypto is used, so anybody with access to the network can eavesdrop on these connections, or tamper with or forge traffic. Your job in this assignment is to solve this problem, by adding appropriate use of crypto, so as to protect the confidentiality and integrity of message traffic.

You will implement your solution by modifying the chat application software that which we have provided to you. You are welcome to modify the files that we have given you, or to create new source code files, or both.

Assumptions

Normally, the first stage in a secure communication protocol is for the two parties to authenticate each other and negotiate a shared secret key. That first stage is not your problem in this assignment. (It will be your problem in the next assignment.) For now, you should just assume that the two parties have authenticated each other and have established a shared secret key.

To simulate the shared secret key, you should call the function InsecureSharedValue.getValue(). This will return an array of bytes which will be the same on the client and the server. For the purposes of this assignment, you should pretend that this is a secret value that only the client and the server know.

Goal

Your goal is to modify the chat application so that an adversary who controls the network connecting the clients and the server cannot learn the contents of chat sessions, cannot forge chat messages, and cannot modify messages without the modifications being detected. Of course, your solution must allow users to chat.

There several good ways to solve the problem.

Threat Model

The adversary "wins" if he can do any one of these things:
  • learn the contents of a chat message,
  • create a bogus chat message and trick one user into believing that it came from another user,
  • modify a chat message in transit, without the modification being caught and rejected by the recipient.
You should make the following assumptions:
  • The adversary can read all of your source code (except that the adversary cannot tell what value InsecureSharedValue.getValue() will return).
  • The adversary can observe and/or modify all network traffic.
  • The adversary can create bogus network traffic.

Note that your design need not recover from message tampering or message injection. It is enough to detect that one of these events has occurred and then raise an alarm.

Your Report

Your report (in German language) should describe your solution, and justify why it prevents the adversary from achieving any of his goals. Your report should be concise but should be as convincing as you can make it. The quality of your report will be a very important component of your grade, so pay at least as much attention to your report as to your code.

Helpful Hints

You will probably find the HashFunction.java, BlockCipher.java, and RandomSeed.java files useful. See the comments in the files for an explanation of what they do. These are the only cryptographic primitives you are allowed to use (except, of course, for primitives you build yourself). You may not use any external cryptographic code or libraries, not even the ones in the standard Java libraries..

Buggy crypto code often causes data to end up totally garbled at its destination. This often causes message receivers to freak out and give weird error messages. So if you try to run the chat service on top of your crypto code, and the result is a bunch of weird error messages, it may be that your decryption process isn't undoing what your encryption process did. You may want to test your encryption and decryption transforms with simple test programs before you try hooking them up to the full chat application.

Java has extensive libraries, which are documented online. (Remember that the security and crypto libraries are off limits to you.)

You may find yourself wanting to buffer up some input or output data. The java.io.ByteArrayOutputStream and java.io.ByteArrayInputStream classes are useful for buffering.

If you write an OutputStream subclass, think carefully about its flush() method. Bear in mind that an OutputStream (or subclass) is allowed to buffer output data until somebody calls flush(); but when flush() is called, everything that has been buffered must be output. The chat software uses flush() carefully. If you're not careful about your flush() behavior, data may seem to disappear mysteriously in transit (when it is really waiting in a buffer somewhere).


Legal disclaimer. .  © 2024 Humboldt-Universität zu Berlin, Computer Science Department, Systems Architecture Group. Contact: sar@informatik.hu-berlin.de .