In this assignment, you will add functionality to the code you wrote for Assignments 1 and 2, to reach the goal of implementing a secure facility for client-server communication across the Internet.
As before, we will give you some of the code you need, and we will ask you to provide certain functions missing from the code we provide. As before, you must not use any crypto libraries; the only primitives you may use are the ones we gave you, and ones you implemented from scratch yourself. Your solution will build on the functionality that you implemented for Assignment 2, but we will test your solution with our own implementation of the Assignment 2 functionality. Your solution must work correctly when we do this — this shouldn’t be a problem as long as you respect the API boundaries between the different classes we have given you. To help you mimic the testing setup that we will use, we are providing a pre-compiled JAR file (library) containing our reference solution to Assignment 2. We recommend that you use this instead of your own solution to Assignment 2.
In this assignment you will implement a secure channel abstraction that can be used by two programs, a client and a server, to communicate across a network, with the confidentiality and integrity of messages guaranteed. We have given you a class InsecureChannel
that implements a channel that works but is not secure: everything is sent in unprotected cleartext. We have also given you stubbed-out code for the SecureChannel
class that extends InsecureChannel
and (once you have modified it) will protect security and confidentiality.
To facilitate the testing process, we have provided the following files:
Util432s.java
- provides a few methods used by the other testing files (feel free to use these methods for debugging).ChannelTest.java
- provides a demonstration that the InsecureChannel
class works correctlySecureChannelTest.java
- used to test your SecureChannel
class (once implemented). Note that this class does NOT test security properties, instead testing only basic functionality. Also, note the commented out lines that give an example of how you can use Util432s
for debugging.InsecureChannel.java.debug
- provides a special version of InsecureChannel
and provides the ability to echo channel transmissions to the screen. To use this class, simply rename the file InsecureChannel.java
and place it in the same directory as SecureChannel.java
.Your AuthEncryptor
class should implement the following API:
public class AuthEncryptor {
public AuthEncryptor(byte[] key)
public byte[] authEncrypt(byte[] in, byte[] nonce, boolean includeNonce)
}
This class is used to perform authenticated encryption on values. Authenticated encryption protects the confidentiality of a value, so that the only way to recover the initial value is to decrypt the value using the same key
and nonce
that was used to encrypt it. At the same time, authenticated encryption protects the integrity of a value, so that a party possessing the same key
and nonce
(that were used to authenticate it) can verify that nobody has tampered with the value.
Code that uses AuthEncryptor
will be required to pass in a different nonce
for every call to the authEncrypt
method. The AuthEncryptor
class is not required to detect violations of this rule; it is the responsibility of the code that uses AuthEncryptor
to avoid re-using a nonce
with the same AuthEncryptor
instance.
includeNonce
is true, then the nonce
should be included (in plaintext form) in the output of authEncrypt
. If includeNonce
is false, then the nonce
should still be used in calculating the output, but the nonce
itself should not be copied into the output. (Presumably the party who will decrypt the message already knows what the nonce
will be.)
Your AuthDecryptor
class should implement the following API:
public class AuthDecryptor {
public AuthDecryptor(byte[] key)
public byte[] authDecrypt(byte[] in)
public byte[] authDecrypt(byte[] in, byte[] nonce)
}
The value passed as in
will normally have been created by calling authEncrypt()
with the same nonce
in an AuthEncryptor
that was initialized with the same key as this AuthDecryptor
.
If the integrity of the input value cannot be verified (that is, if the input value could not have been created by calling authEncrypt()
with the same nonce
in an AuthEncryptor
that was initialized with the same key as this AuthDecryptor
), then this method returns null
. Otherwise it returns a newly allocated byte-array containing the plaintext value that was originally passed to authEncrypt()
.
If the nonce
is included in the message, then the message should be processed with the authDecrypt(byte[] in)
method. Otherwise, the nonce
should be provided along with the ciphertext to authDecrypt(byte[] in, byte[] nonce)
.
Your SecureChannel
class should implement the following API:
public class SecureChannel extends InsecureChannel {
public SecureChannel(InputStream inStr, OutputStream outStr,
PRGen rand, boolean iAmServer,
RSAKey serverKey) throws IOException
public void sendMessage(byte[] message) throws IOException
public byte[] receiveMessage() throws IOException
}
The constructor will contain the vast majority of your code. Its role is to set up the secure channel such that the sendMessage
and receiveMessage
methods can do their jobs. These methods should provide authenticated encryption for the messages that pass over the channel, ensuring that messages arrive at the receiving end in the same order that they were send on the sending end. Furthermore, when the client is setting up its channel, it should also authenticate the server’s identity, and should take whatever steps are necessary to detect any man-in-the-middle. If one of the two parties (server or client) detects a potential security problem during channel construction, that party should close the channel by calling close()
. To ensure foward secrecy, the close()
method must delete any secret values associated with the channel. You can assume the serverKey
(public key) passed to the constructor of SecureChannel
on the client side of the communication is verified externally in some way (for example via a trusted certificate).
The underlying InsecureChannel
will normally deliver messages in the same order they were sent. But note that an adversary might try to reorder messages. The receiveMessage
method should return null
if an invalid or out-of-order message shows up.
ChannelTest.java
, which will provide you with a better understanding of how InsecureChannel
(and SecureChannel
) are intended to be used. In particular, two instances of InsecureChannel
will be created (one for the server → client channel and one for the client → server channel), each of which connects up two data streams (one input and one output data stream). Messages are sent through the channel using the sendMessage()
method, and whenever a message is sent via a channel, it stays there until a corresponding receiveMessage()
call is made. Luckily for you, you will not need to think about InputStreams
or OutputStreams
at all. That is all taken of in InsecureChannel.java
and in the main function of the ChannelTests
.InputStreams
and OutputStreams
, don’t worry, you won’t be dealing with them very closely. The same goes for runnable classes and threads.InsecureChannel.java.debug
over InsecureChannel.java
and running ChannelTest
, which will let you see the raw traffic being sent over the channel.SecureChannelTest.java
to get a feeling for how the SecureChannel
instantiations differ.Report.txt
file. This report should succinctly demonstrate that you have considered both the threats against your implementation and the specific techniques you use to defend against them. One way to format this is to describe a threat in a sentence or two, followed by a sentence or two that explains how your implementation defends against it; repeating this format for each threat.SecureChannelTest
, if a thread calls readMessage
and there is no message available, it will wait until a message becomes available.Submit your files to the Gradescope:
Report.txt
Threat model and Mitigation Description (see Getting Started for requirements).AuthEncryptor.java
- Source code file containing your implementation of the AuthEncryptor
class.AuthDecryptor.java
- Source code file containing your implementation of the AuthDecryptor
class.SecureChannel.java
- Source code file containing your implementation of the SecureChannel
class.