



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Project 4 Assignment Material Type: Project; Class: Network Application Design; Subject: Electrical & Computer Engineer; University: Virginia Polytechnic Institute And State University; Term: Fall 2007;
Typology: Study Guides, Projects, Research
1 / 5
This page cannot be seen from the preview
Don't miss anything!




Virginia Tech Bradley Department of Electrical and Computer Engineering
Policy regarding plagiarism The TA will use MOSS to detect software plagiarism. Here is the link to MOSS: http://theory.stanford.edu/~aiken/moss. If a student (or team) is proven to have used code that is not his/hers/theirs, he/she/they will be automatically get an F in this course regardless of how much of the submitted code is not his/hers/theirs and regardless of the source from which he/she/they took the code.
The educational objective of this project is to reinforce concepts related to security, cryptography, and the extensible markup language (XML). The design and programming objectives of this project are to design, implement, and test a peer-to-peer text chat windowed application based on IP multicast that sends and receives encrypted and authenticated messages encoded with XML. Specifically, you are to develop an application that uses the base of Project 3 and modify the message sending and receiving mechanisms to read XML messages with encrypted and authenticated content. Notes on design are included in an appendix.
Your application should support the following operations.
Messages will contain the sender’s name and the encrypted message data. Also included will be the encryption algorithm, hash algorithm, and nonce used in generating the message. These values will be organized and presented using XML. The message format is shown below.
Explanation of message parts:
Encryption algorithm The encryption algorithm used to encrypt the message data and to create the authentication check. This string should be the same as the string used when creating the SymmetricAlgorithm object. Required algorithms include: AES and 3DES.
Hash algorithm The hash (message digest) algorithm used to create the authentication check values. This string should be the same as the string used when creating the HashAlgorithm object. Required algorithms include: MD5 and SHA1.
Nonce The nonce value should be a unique, ever-increasing value used in creating the authentication check value. Each time an authentication value is created the nonce should be incremented by some value. The suggested method is to use the DateTime.Ticks property for the current time. This value is a number for this project. (In other contexts, the nonce can be any unique value number, string, or otherwise.) The most recent nonce for a sender name should be stored and used to evaluate the freshness of a message. Arriving messages should not have a nonce that is less than or equal to the last valid nonce. This will avoid the replay attack.
Sender name (^) The name specified by the user; a chat handle.
Encrypted message data (^) This value is calculated from the message the user sent. It should be base encoded after it is encrypted to allow it to be placed in XML. Pseudo-code implementation: base64encode(encrypt(message)).
Authentication check (^) This value is used to check the integrity of the message, assure that the message is from the specified sender, and assure the message has not been replayed. This value is found by base64 encoding the encrypted concatenation of the hash of the unencrypted message data, the nonce, and the sender name. Pseudo-code implementation: base64encode( encrypt( hash(message + nonce + sender name) ) ).
The encryption algorithms require additional information that needs to be shared between end points. This includes: how to generate keys and initialization vectors of a fixed length and other parameters.
The report should include the following items in the specified order. Note that mandatory page limits are given for some items. You may be penalized for excess verbiage.
o Test procedure used. Be sure to test all implemented functionality. o Screen shots and/or other evidence showing test results. (Screen shots do not count as part of the 3-page limit for text in this section, but they do count as part of the 5-page total limit.) o Summary of test results indicating which features work or do not work properly.
You must submit the report and all solution files as a single zip file using the Dropbox at the class Blackboard site. The zip file must be given a name of the following form: LAST1_LAST2_FIRST1_FIRST2 _p4.zip where LAST1_LAST2 are the last or family names and FIRST1_FIRST2 are your first or given names. Make only one submission. Email, paper, and diskette submissions will not be accepted.
Files contained within the zip file should adhere to the following requirements:
You must work alone on this project. Teams are not allowed. You may not share your code with other students or borrow code from other students. You may not discuss your design or code with anyone except the instructor for this class. You may not help other students in debugging their code. You may not have others help you. Simply stated, you may not discuss or in any way share any aspect of your original work with anyone except the instructor or graduate teaching assistant for this class. If you use libraries or any code developed by others, its use must be properly acknowledged.
You may discuss the details of system calls with other students. You may also discuss the protocol specification and the requirements of this assignment with others. Contact the instructor if you have any questions about the honor code requirements.
Use the Project 3 forum in the Discussion Board area of the class web site to ask questions about this assignment. Do not post questions that contain specific information about the solution.
(^1) Anti-virus software is available to Virginia Tech students at no charge at http://antivirus.vt.edu/.
Figure 1: Example UI.