Operating Systems and Networks 159.342
Cryptography: RSA algorithm with Cipher Block Chaining
Secure Communication Protocol
In this assignment your task is to implement a hybrid encryption algorithm called RSA with Cipher Block Chaining for communicating TCP client-server applications. You are not allowed to use any third-party libraries that implement network security protocols and algorithms (e.g. OpenSSL, GMP, etc.), or other toolset with built-in cryptographic functions (e.g. Qt), etc. except for Boost https://www.boost.org/. You need to implement the RSA and CBC algorithms in C/C++ from scratch.
In the TCP client-server examples, as you might remember, a client types a message, and then sends it to a server. In turn, the server echoes back the message. In this assignment, you have to modify the client so that it encrypts all messages sent to the server. In addition, you also have to modify the server, so that it decrypts the encrypted message locally.
Below are the basic steps describing the secure communication protocol.
Create a fixed RSA private key (dCA) and public key (eCA) for a CA (certification authority).
Assume that the CA issued a certificate for a server, containing its public key. That means the server has dCA(e,n). This is an encrypted public key of the server. Assume further that the client knows the public key of the certification authority (eCA), who issued the certificate.
Note: In this assignment, there is no commercial CA involvement. We will only make our own dCA(e, n) and eCA.
As always, the server must be up and running prior to a client connecting to it.
After the server accepts a client connection request, establishing a TCP connection, the server must send the client its encrypted public key dCA(e,n). In turn, the client extracts the public key using its copy of the certification authority’s public key: eCA(dCA(e,n)), then ACKs the receipt of the key. Next, the client informs the server of the random number (nonce) that will be used for the initial encryption and decryption operations. This nonce is sent encrypted using e(nonce). Successive messages coming from the client will then be encrypted accordingly using RSA-CBC, and the server will decrypt the received messages using RSA-CBC. The server may also echo back to the client the decrypted messages (this is optional - not required).
The client/server must be able to show the original, encrypted and decrypted messages, as seen in the example below:
- The client types: hello
- The server prints locally: The received encrypted message was: 10898 15630 8308 321 13772 22674 22040
After decryption, the message found is: hello
There are many details in the implementation of a real RSA with Cipher Block Chaining that might have to be left out in order to keep it under the scope of an assignment. You have to ask the following questions regarding some decisions about the implementation:
a) What are the sizes of the keys? (aim for a big number(in the thousands) for the variable n in RSA)
b) Should the encryption be done character by character, or by block of characters?
c) Should padding be used?
d) Do you need an arbitrary precision library, or the keys are small enough to use a simple exponential code?
e) How are the keys sent to the client (your protocol design should specify: format, message order, etc).
The answers to these questions will establish how your own “encryption protocol” works.
For more details, check out the following documents:
- The details of the core algorithm that must be implemented can be found in “Week_06_Network_Security_Implementing RSA_CBC_v2.pptx” You are allowed to use relatively small prime number pairs, but do not use pairs that will generate the same original message after encryption.
- Use the cross-platform start-up codes provided for Assignment #2. I have separated the start-up codes for Windows and Unix-based based systems, but their only differences are the makefile, run.bat (for Windows) and run.sh (for Unix) files. Modify these source codes for your implementation of the secure communication protocol.
For verification and accurate marking of the assignment, the following information must be displayed on screen, as part of the secure server and secure client implementations.
1. Print on screen the secure server’s:
· Public key (e, n)
· Private key (d, n)
· Certificate issued by a Certification Authority (CA) – make your own dCA(e,n)
2. Print on screen the received encrypted NONCE e(NONCE).
3. Print on screen the decrypted NONCE d(e(NONCE)).
4. Once the NONCE is correctly decrypted, print on screen the ACK transmitted to the client
· ACK 220 nonce ok.
5. During the communication session:
· Print the encrypted message received from the client.
· Print the decrypted message after applying RSA-CBC.
1. Print on screen the received certificate from the secure server:
2. Print on screen the decrypted certificate from the secure server:
3. Print on screen the ACK transmitted by the client once it has decrypted the certificate of the server successfully.
· ACK 226 public key received.
4. Print on screen the NONCE.
5. Print on screen the encrypted NONCE e(NONCE).
6. Print ACK transmitted by the client once it has encrypted the NONCE successfully.
· ACK 226 public key received.
7. During the communication session:
· Print the plaintext message.
· Print the encrypted message (using RSA-CBC).
· Big Number Library: You may only the Boost C++ library for implementing big numbers in your cryptographic method. No other libraries are allowed (i.e. GMP library is not allowed)
· OpenSSL (or other libraries with built-in cryptographic functions) is not allowed in this assignment as students are expected to learn how to implement the core algorithms from scratch.
· The cross-platform start-up code compiles and runs on both Windows and Unix-based systems but the assignment will be marked only in a Windows environment.