Secure Network Application Protocol Design using XML - Project #4 | ECE 4564, Study Guides, Projects, Research of Electrical and Electronics Engineering

Project 4 Assignment Material Type: Project; Class: Network Application Design; Subject: Electrical & Computer Engineer; University: Virginia Polytechnic Institute And State University; Term: Fall 2007;

Typology: Study Guides, Projects, Research

Pre 2010

Uploaded on 12/06/2007

vthokiegrad
vthokiegrad 🇺🇸

17 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE 4564
Fall 2007
Project 4 Assignment Page 1 of 5
Virginia Tech
Bradley Department of Electrical and Computer Engineering
ECE 4564: Network Application Design
Fall 2007
Project 4: Secure Network Application Protocol Design using XML
Due: November 22, 11:59pm
Policy regarding plagiarism
The TA will use MOSS to detect software plagiarism. Here is the link to MOSS:
http://theory.stanford.edu/~aiken/moss. If a student (or team) is proven to have used
code that is not his/hers/theirs, he/she/they will be automatically get an F in this course regardless
of how much of the submitted code is not his/hers/theirs and regardless of the source from which
he/she/they took the code.
1. Introduction
The educational objective of this project is to reinforce concepts related to security, cryptography, and the
extensible markup language (XML). The design and programming objectives of this project are to design,
implement, and test a peer-to-peer text chat windowed application based on IP multicast that sends and
receives encrypted and authenticated messages encoded with XML. Specifically, you are to develop an
application that uses the base of Project 3 and modify the message sending and receiving mechanisms to
read XML messages with encrypted and authenticated content. Notes on design are included in an
appendix.
2. Application Requirements
Your application should support the following operations.
A default group of 239.255.10.10 and default port number of 4000 should be used, unless the ability to
join and leave a group is implemented. (from Project 3)
At any time, allow a user to exit the application. (from Project 3)
When joined to a group, allow a user to send messages to members of the group as an IP multicast
datagram. Messages must be carried in a single datagram and adhere to the format specified in
Section 3 of this document.
When joined to a group, display messages received from other members of the group and from this
application (i.e., the application displays messages that it sends, as well as messages sent by other
members). When displayed, messages should be preceded by the sender name, see Section 3. For
example, if the received message is “Hello!” the application might display “[Stu] Hello!” as its output,
where “Stu” is the name of the sending user.
The application should provide the user a way to select the encryption and hash (digest) algorithms
that will be used to generate the next message, enter a name, select the group address, port, and
time-to-live value, and the key that will be used to generate the next message. An example interface
is shown in the appendix.
The time-to-live (TTL) value for multicast communication should be 1 or configurable with 1 as the
default. The application will need to allow multicast loopback to display it own messages. Multiple
instances of the application, all using the same IP group address and destination port number, should
be able to run on the same host.
Messages should include the encrypted user input, an authentication check value, the algorithms used
to create the message, and any other parameters needed to decrypt and authenticate the message.
Any invalid messages should be noted to the user and not displayed.
pf3
pf4
pf5

Partial preview of the text

Download Secure Network Application Protocol Design using XML - Project #4 | ECE 4564 and more Study Guides, Projects, Research Electrical and Electronics Engineering in PDF only on Docsity!

Virginia Tech Bradley Department of Electrical and Computer Engineering

ECE 4564: Network Application Design  Fall 2007

Project 4: Secure Network Application Protocol Design using XML

Due: November 22, 11:59pm

Policy regarding plagiarism The TA will use MOSS to detect software plagiarism. Here is the link to MOSS: http://theory.stanford.edu/~aiken/moss. If a student (or team) is proven to have used code that is not his/hers/theirs, he/she/they will be automatically get an F in this course regardless of how much of the submitted code is not his/hers/theirs and regardless of the source from which he/she/they took the code.

1. Introduction

The educational objective of this project is to reinforce concepts related to security, cryptography, and the extensible markup language (XML). The design and programming objectives of this project are to design, implement, and test a peer-to-peer text chat windowed application based on IP multicast that sends and receives encrypted and authenticated messages encoded with XML. Specifically, you are to develop an application that uses the base of Project 3 and modify the message sending and receiving mechanisms to read XML messages with encrypted and authenticated content. Notes on design are included in an appendix.

2. Application Requirements

Your application should support the following operations.

  • A default group of 239.255.10.10 and default port number of 4000 should be used, unless the ability to join and leave a group is implemented. (from Project 3)
  • At any time, allow a user to exit the application. (from Project 3)
  • When joined to a group, allow a user to send messages to members of the group as an IP multicast datagram. Messages must be carried in a single datagram and adhere to the format specified in Section 3 of this document.
  • When joined to a group, display messages received from other members of the group and from this application (i.e., the application displays messages that it sends, as well as messages sent by other members). When displayed, messages should be preceded by the sender name, see Section 3. For example, if the received message is “Hello!” the application might display “[Stu] Hello!” as its output, where “Stu” is the name of the sending user.
  • The application should provide the user a way to select the encryption and hash (digest) algorithms that will be used to generate the next message, enter a name, select the group address, port, and time-to-live value, and the key that will be used to generate the next message. An example interface is shown in the appendix.
  • The time-to-live (TTL) value for multicast communication should be 1 or configurable with 1 as the default. The application will need to allow multicast loopback to display it own messages. Multiple instances of the application, all using the same IP group address and destination port number, should be able to run on the same host.
  • Messages should include the encrypted user input, an authentication check value, the algorithms used to create the message, and any other parameters needed to decrypt and authenticate the message. Any invalid messages should be noted to the user and not displayed.

3. Message Specification

Messages will contain the sender’s name and the encrypted message data. Also included will be the encryption algorithm, hash algorithm, and nonce used in generating the message. These values will be organized and presented using XML. The message format is shown below.

_sender name_ _encrypted message data_ _authentication check_

Explanation of message parts:

Encryption algorithm The encryption algorithm used to encrypt the message data and to create the authentication check. This string should be the same as the string used when creating the SymmetricAlgorithm object. Required algorithms include: AES and 3DES.

Hash algorithm The hash (message digest) algorithm used to create the authentication check values. This string should be the same as the string used when creating the HashAlgorithm object. Required algorithms include: MD5 and SHA1.

Nonce The nonce value should be a unique, ever-increasing value used in creating the authentication check value. Each time an authentication value is created the nonce should be incremented by some value. The suggested method is to use the DateTime.Ticks property for the current time. This value is a number for this project. (In other contexts, the nonce can be any unique value number, string, or otherwise.) The most recent nonce for a sender name should be stored and used to evaluate the freshness of a message. Arriving messages should not have a nonce that is less than or equal to the last valid nonce. This will avoid the replay attack.

Sender name (^) The name specified by the user; a chat handle.

Encrypted message data (^) This value is calculated from the message the user sent. It should be base encoded after it is encrypted to allow it to be placed in XML. Pseudo-code implementation: base64encode(encrypt(message)).

Authentication check (^) This value is used to check the integrity of the message, assure that the message is from the specified sender, and assure the message has not been replayed. This value is found by base64 encoding the encrypted concatenation of the hash of the unencrypted message data, the nonce, and the sender name. Pseudo-code implementation: base64encode( encrypt( hash(message + nonce + sender name) ) ).

4. Encryption Algorithm Specifics

The encryption algorithms require additional information that needs to be shared between end points. This includes: how to generate keys and initialization vectors of a fixed length and other parameters.

  • Block size: use the largest possible block size for each algorithm.
  • Generating Keys: For both algorithms, use a key size of 128 bits. It is possible, but unlikely, that a user will enter the exact required key length. To make your application more user- friendly and accept a key of any length, please use the following procedure. Create an MD5 hash of the user- entered key value and feed this to the encryption algorithm. Do not base64 encode this value.

5.1. Report Requirements

The report should include the following items in the specified order. Note that mandatory page limits are given for some items. You may be penalized for excess verbiage.

  • Cover page with name of project (Project 4), date, number and name of this class, your name, your student ID number, CRN number for your section, your lecture location (“Whitt”, “Smyth” or both), tool(s) and version(s) used for development, operating system(s) and version(s) used for testing ( page).
  • Testing results, including the following (3 pages maximum for text, 5 pages maximum total).

o Test procedure used. Be sure to test all implemented functionality. o Screen shots and/or other evidence showing test results. (Screen shots do not count as part of the 3-page limit for text in this section, but they do count as part of the 5-page total limit.) o Summary of test results indicating which features work or do not work properly.

5.2. Submission Logistics

You must submit the report and all solution files as a single zip file using the Dropbox at the class Blackboard site. The zip file must be given a name of the following form: LAST1_LAST2_FIRST1_FIRST2 _p4.zip where LAST1_LAST2 are the last or family names and FIRST1_FIRST2 are your first or given names. Make only one submission. Email, paper, and diskette submissions will not be accepted.

Files contained within the zip file should adhere to the following requirements:

  • The report can be either a Microsoft Word or an Adobe Acrobat PDF file. The report file should be named using the same scheme as the zip file.
  • Submit all files from your solution, including all source files and the final executable file. Before “zipping” your solution directory, clean it up by removing draft source files, etc.
  • All files must be virus-free. Files that contain a virus as detected by the latest version of Symantec Antivirus^1 will not be graded.

6. Honor Code

You must work alone on this project. Teams are not allowed. You may not share your code with other students or borrow code from other students. You may not discuss your design or code with anyone except the instructor for this class. You may not help other students in debugging their code. You may not have others help you. Simply stated, you may not discuss or in any way share any aspect of your original work with anyone except the instructor or graduate teaching assistant for this class. If you use libraries or any code developed by others, its use must be properly acknowledged.

You may discuss the details of system calls with other students. You may also discuss the protocol specification and the requirements of this assignment with others. Contact the instructor if you have any questions about the honor code requirements.

7. Questions

Use the Project 3 forum in the Discussion Board area of the class web site to ask questions about this assignment. Do not post questions that contain specific information about the solution.

(^1) Anti-virus software is available to Virginia Tech students at no charge at http://antivirus.vt.edu/.

Appendix: An Example Interface

Figure 1: Example UI.