CSCI968 Advanced Network Security Summer 2022
Assignment 1 (15 Marks) Submission Due: 29 Jul 2022 23:30
Part 1: Programming
Write (Java or C/C++) UDP programs to implement a remote login protocol. For simplicity, let us call the programs “Host” and “Client”, which are executed by Alice and Bob, respectively.
Alice and Bob share a common password PW, which contains 8 alphanumeric characters. Alice stores the password in a hashed form in a password file. Alice also has a public and privacy key pair (pk, sk) for the plain RSA encryption and Bob stores the public key digest H(pk) where H is the SHA-1 hash function.
Alice wants to authenticate Bob for every remote connection request from Bob. This is done through the following identification protocol:
1. 1: B → A: Username
2. 2: A→B:pk,NA
3. 3: B → A: RSA(pk, OTP)
4. 4: A → B: Success/Fail
In the above protocol, NA is a 128-bit random string, OTP is a one-time password which is computed as follows:
where H is the SHA-1 hash function.
Implementation guidelines
OTP = H(H(pw), NA)
· Place Host and Client in two separate directories: Alice and Bob. Create a password file in Alice’s directory. For simplicity, we assume the password file contains only 1 record (Bob, H(PW)).
· Generate a public and private key pair for the Alice, and store the generated public and private key pair (pk, sk) in a key file under Alice’s directory. Also, store H(pk) in a key file under Bob’s directory.
· Alice executes Host.
- Host is running and waiting for connection.
• Bob executes Client.
· - Client asks for input for username and password from user.
· - Bob inputs the username and password via keyboard.
• Client and Host perform the identification protocol as outline above.
· - Client sends the first message containing Bob’s identity to Host
· - Host generates NA and sends the 2nd message to Client
· - Client checks whether H(pk) matches the stored value in Bob’s key file; if not, terminate the communication; otherwise, compute OTP and send the 3rd message
· - Host decrypts OTP, verifies its value and sends the notification to Client
How to run?
Your programs should run according to the protocol. Host and Client should be executed on different windows. For convenience of marking, please use the local IP: 127.0.0.1 with different port numbers for Host and Client for the submitted version. For simplicity, there is no GUI required in this assignment.
You can choose to use existing library functions or open source code to implement UDP sockets, RSA and SHA-1. You should provide a reference if you use a downloaded code.
Mark distribution:
1. Protocol setup: 2 marks
2. Identification protocol implementation: 6 marks
3. Proper message display: 2 marks
The code that cannot be compiled or executed will receive a zero mark.
Part 2: Protocol analysis
1. Explain the purpose of using the nonce NA in the protocol.
2. Explain the purpose of checking H(pk) by the client, i.e., is there any attack if no such checking is
performed in the protocol? (2 marks)
3. Is there any advantage if we replace the plain RSA encryption by a randomised public-key encryption
scheme (e.g., the ElGamal encryption)?
Files to be submitted:
All source codes (Do not submit any executable).
A readme file (text/ACSII only): instructions about how to compile and run your code. Your answers (in a word/pdf file) for Part 2.
Submission
(2 marks)
Compress all the files to be submitted into a zip file and submit it via the submission link provided in the Moodle site.
Late Submission: Penalty is 25% deduction per day (including weekends), unless Academic Consideration is granted.
Plagiarism
A plagiarised assignment will receive a zero mark and be penalised according to the university rules. Plagiarism detection software may be used.
(1 mark)