代写Operating Systems and Networks 159.342 Assignment 2调试C/C++语言
- 首页 >> Matlab编程Operating Systems and Networks 159.342
Assignment 2
due: 10th of May
Cryptography: RSA algorithm with Cipher Block Chaining
Secure Communication Protocol
In this assignment your task is to implement a hybrid encryption algorithm called RSA with Cipher Block Chaining for communicating TCP client-server applications. You are not allowed to use any third-party libraries that implement network security protocols and algorithms (e.g. OpenSSL, GMP, etc.), or other toolset with built-in cryptographic functions (e.g. Qt), etc. except for Boost https://www.boost.org/. You need to implement the RSA and CBC algorithms in C/C++ from scratch.
In the TCP client-server examples, as you might remember, a client types a message, and then sends it to a server. In turn, the server echoes back the message. In this assignment, you have to modify the client so that it encrypts all messages sent to the server. In addition, you also have to modify the server, so that it decrypts the encrypted message locally.
Below are the basic steps describing the secure communication protocol.
Create a fixed RSA private key (dCA) and public key (eCA) for a CA (certification authority).
Assume that the CA issued a certificate for a server, containing its public key. That means the server has dCA(e,n). This is an encrypted public key of the server. Assume further that the client knows the public key of the certification authority (eCA), who issued the certificate.
Note: In this assignment, there is no commercial CA involvement. We will only make our own dCA(e, n) and eCA.
As always, the server must be up and running prior to a client connecting to it.
After the server accepts a client connection request, establishing a TCP connection, the server must send the client its encrypted public key dCA(e,n). In turn, the client extracts the public key using its copy of the certification authority’s public key: eCA(dCA(e,n)), then ACKs the receipt of the key. Next, the client informs the server of the random number (nonce) that will be used for the initial encryption and decryption operations. This nonce is sent encrypted using e(nonce). Successive messages coming from the client will then be encrypted accordingly using RSA-CBC, and the server will decrypt the received messages using RSA-CBC. The server may also echo back to the client the decrypted messages (this is optional - not required).
The client/server must be able to show the original, encrypted and decrypted messages, as seen in the example below:
- The client types: hello
- The server prints locally: The received encrypted message was: 10898 15630 8308 321 13772 22674 22040
After decryption, the message found is: hello
Design issues
There are many details in the implementation of a real RSA with Cipher Block Chaining that might have to be left out in order to keep it under the scope of an assignment. You have to ask the following questions regarding some decisions about the implementation:
a) What are the sizes of the keys? (aim for a big number(in the thousands) for the variable n in RSA)
b) Should the encryption be done character by character, or by block of characters?
c) Should padding be used?
d) Do you need an arbitrary precision library, or the keys are small enough to use a simple exponential code?
e) How are the keys sent to the client (your protocol design should specify: format, message order, etc).
The answers to these questions will establish how your own “encryption protocol” works.
For more details, check out the following documents:
1. The details of the core algorithm that must be implemented can be found in “Week_06_Network_Security_Implementing RSA_CBC_v2.pptx” You are allowed to use relatively small prime number pairs, but do not use pairs that will generate the same original message after encryption.
2. Use the cross-platform start-up codes provided for Assignment #2. I have separated the start-up codes for Windows and Unix-based based systems, but their only differences are the makefile, run.bat (for Windows) and run.sh (for Unix) files. Modify these source codes for your implementation of the secure communication protocol.
For verification and accurate marking of the assignment, the following information must be displayed on screen, as part of the secure server and secure client implementations.
Secure Server:
1. Print on screen the secure server’s:
. Public key (e, n)
. Private key (d, n)
. Certificate issued by a Certification Authority (CA) – make your own dCA(e,n)
2. Print on screen the received encrypted NONCE e(NONCE).
3. Print on screen the decrypted NONCE d(e(NONCE)).
4. Once the NONCE is correctly decrypted, print on screen the ACK transmitted to the client
. ACK 220 nonce ok.
5. During the communication session:
. Print the encrypted message received from the client.
. Print the decrypted message after applying RSA-CBC.
Secure Client:
1. Print on screen the received certificate from the secure server:
. dCA(e,n)
2. Print on screen the decrypted certificate from the secure server:
. eCA(dCA(e,n))
3. Print on screen the ACK transmitted by the client once it has decrypted the certificate of the server successfully.
. ACK 226 public key received.
4. Print on screen the NONCE.
5. Print on screen the encrypted NONCE e(NONCE).
6. Print the ACK received by the client.
. ACK 220 nonce OK.
7. During the communication session:
. Print the plaintext message.
. Print the encrypted message (using RSA-CBC).
Restrictions:
. Big Number Library: You may only use the Boost C++ library for implementing big numbers in your cryptographic method. No other libraries are allowed (i.e. GMP library is not allowed)
. OpenSSL (or other libraries with built-in cryptographic functions) is not allowed in this
assignment as students are expected to learn how to implement the core algorithms from scratch.
. The cross-platform. start-up code compiles and runs on both Windows and Unix-based systems but the assignment will be marked only in a Windows environment.
Testing the assignment:
For quickly testing the assignment, use the batch file, run.bat or run.sh (for unix-based systems) provided.
Submission Instructions:
1. Submit your complete C/C++ program electronically via Stream.
2. Use the following filename for your secure server: secure_server.cpp
3. Use the following filename for your secure client server: secure_client.cpp
4. Submit the makefile for building your codes. The makefile should suffice to build your codes.
5. As a backup, if you developed your program using an IDE, such as VSCODE or Clion, also submit the
complete support files (e.g. CMakeLists.txt, project file, *.sln, *.JSON, etc.), for building your codes.
6. Assignment documentation file: Download and fill out the Excel file, named
assignment_documentation.xlsx to provide important information about your work. Rename the file using your ID_number (e.g. 87654321.xlsx). This will help facilitate accurate marking of your
assignment. Deductions will be made if you do not submit the completed Excel file.
7. Snapshots file: Create a document containing snapshots of three complete client/server interactions, using the following test input strings:
For testing, use the following test input strings:
1. “the quick brown fox jumps over the lazy dog.”
2. “AAA”
3. “555”
Label and briefly describe each image. You may create a Word document or a pdf file to accomplish this task.
8. Create a zip file containing the following files:
o Complete set of codes (including *.cpp, *.h, makefile, other supporting files)
o Snapshots file
9. Submit the zip file containing your complete program and snapshots electronically via Stream. You will find a button with the following label.
10. Lastly, submit the assignment documentation Excel file via Stream website. You will find a separate button with the following label.
Distribution of marks:
The assignment will be marked based on functionality, design and correctness.
The marks are distributed as follows:
. 1 mark: for correctly creating and sending of the encrypted RSA public key to the client. The client must also decrypt the public key correctly.
. 1 mark: for correctly sending the encrypted random number (encrypt(nonce)) to the server, as well as decrypting and extracting the nonce correctly.
. 2 marks: for correctly creating and sending the certificate of the server dCA(e,n). In turn, the client must be able to receive, decrypt and extract the server’s public key correctly.
. 8 marks: for the correct implementation of RSA with Cipher Block Chaining. The encryption/decryption results should always be correct for any ASCII characters. Make sure that the combination of the selected RSA keys and nonce will not have any problem encrypting and decrypting messages.
. 3 marks:
o (2 marks) Assignment Documentation (Excel file)
o (1 mark) snapshots file.
. Bonus marks (max. of 2 marks) will be given to those who can implement and utilise correctly the Boost library’s big number support, to allow for very large public and private keys (make a note in your assignment documentation if you did this). I am providing a cross-platform start-up code that provides access to the boost library. Please see the installation instructions for the Boost library in our stream website.
Other Notes:
1 - Please download the Excel file named, assignment_documentation.xlsx from our Stream website. 2 - This assignment is worth 15 marks (+ bonus, if your submission qualifies).
3 - Marks will be subtracted for obvious copying and/or for delays without justification.