Implement a simplified version of ssl

Assignment Help Python Programming
Reference no: EM131096204

Learning Objectives:

On completing this assignment you will gain sufficient expertise in the following skills:

- Understanding and developing security protocols.
- Reading and understanding standard documents for security such as RFCs.1 Learning Objectives:

On completing this assignment you will gain sufficient expertise in the following skills:
- Understanding and developing security protocols.
- Reading and understanding standard documents for security such as RFCs.

Project Scope

We will implement a simplified version of SSL/TLS (miniSSL) and a sim-plified application-layer protocol (miniGet) in this project. The goal is to get a better understanding of the SSL/TLS protocols.

miniSSL and miniGET

An miniSSL is a barebone version of Secure Socket Layer (SSL). An miniSSL includes a simplified SSL handshake, which leads for user authentication.

A session key need to be distributed securely for data encryption and in- tegrity check (by HMAC) in miniGet later. You are expected to use RSA and implement the client authentication (advanced requirement: mutual authentication).

An miniGET is simply a GET operation sent from client to server after the miniSSL hand-shake. The server sends the requested file, encrypted and HMACed with the session key. The session key for data encryption and integrity check was established during the miniSSL handshake. We always use the off-the-shelf cryptographic algorithms, AES 128-bit encryption and SHA1-based HMAC, for data encryption and integrity check. Once the file is delivered, both client and server would terminate the session without any further notifications.

Protocol flow

The simplified protocol you are going to implement is shown as follows. C denotes as client, S denotes as server. We have an miniSSL-CA.

We start with the miniSSL handshake. Note that we group the different message types of SSL/TLS in new, custom ones. In the following, the comma operator indicates the border between message fields, and the | operator indicates concatenation of two (bit) strings.

1. C chooses a nonce nc of length 28 bytes. It chooses the cipher suite to be 128-bit AES encryption and SHA1 as the HMAC function. It is denoted as a string AES-HMAC. The type of the first message is ClientInit. C sends this to S:

C → S : ClientInit, nc, AES-HMAC

2. Upon receiving this message, S chooses a random nonce ns of length 28 bytes. It acknowledges the client's cipher choice and also sends a certificate. It can add an optional request for the client to authenticate with a certificate by sending the CertRequest string:
S → C : ServerInit, ns, AES-HMAC, Certs [, CertReq]

3. C verifies that the unexpired server certificate was issued by the miniSSL- CA (checking the signature, with the certificates in its root store) and whether the common name matches with the expected one. It extracts S's public key. It generates a pre-master secret p as a random value with 46 bytes in length. From this, it derives two session keys k1 and k2 as k1=HMAC-SHA1(p, nc|ns|enc) and k2=HMAC-SHA1(p, nc|ns|mac), with enc,mac being the binary strings 00000000 and 11111111. Finally, it computes an HMAC over all messages up to this point in the following way:

mc=HMAC-SHA1(k2,ClientInit- nc-AES-HMAC-ServerInit-ns-Certs
[|CertReq])
C sends the following to the server (note the optional client certificate).
E means encryption with the respective public key:
C → S : ClientKex, ES (p), mc[, CertC, SigC(ns|ES(p))]
SigC (ns) is C's signature on the server's nonce.

4. The server, upon receiving this message, also verifies that CertC was issued by miniSSL-CA (see above) and that the certificate is not ex- pired. There is no need to check the Common Name. It computes k1, k2 and verifies that mc has the correct value. It computes an HMAC over all messages up to this point in the following way:
ms=HMAC-SHA1(k2,ClientKex-ES (p)|mc|[, CertC]).
It sends this to C:
S → C : ms

5. C verifies ms. The handshake is complete. C will now initiate miniGET. This protocol uses k1 for encryption and k2 for HMACs.

Compulsory Requirements
The following requirements are compulsory for your program.

- Your implementation must allow the protocol to run between client and server on different hosts, with different IP addresses. Therefore, TCP/IP sockets should be specified readily in your program.

- The miniSSL handshake should be implemented with the establishments of two session keys, one for AES data encryption, the other for HMAC integrity check.

- Your program should be able to accommodate multiple sessions, i.e. it must be possible to have two clients communicating with one server at the same time.

- Client and server must record the state of the current handshake, i.e., session management. All cryptographic information in a given protocol (nonces, keys, etc.) must be stored internally! There is an immediate effect that client and server cannot be confused when a third party starts sending them well-formed messages - they should be able to reject these as the state information is incorrect.

- Your client must verify that the server certificate has been issued from the minissl CA, carries the expected Common Name (it is in the cer- tificate), and is not expired. No other checks are necessary. It must use the public key found in the server certificate.

- Your server must support two modes: Simple and ClientAuth. In Simple, the client does not need to authenticate to the server. In ClientAuth, the server verifies that the client presents a valid certificate from the minissl CA and this certificate is not expired.

- After the handshake, the client must download the text file payload.txt from the server. Generate this file yourself. This messages must be encrypted with the session key, with the respective HMAC. In Clien- tAuth mode, the server could only process the received message if the client has presented the correct certificate. You have liberty of the design and implementations on your own session termination sig- nals in miniGet . We suggest you implement a simple GET and have server and client(s) simply terminate the connection when the file is successfully received.

- By checking the SHA-1 checksum, you must prove that both client and server have identical copies of payload.txt.

- If either the server or client presents an invalid certificate, the other side must terminate the connection (i.e., close the socket). There are rogue certificates in the attached project package. Use them to verify that you do not accidentally accept the invalid certificates.

- Your program must handle all the exceptions well without crashing if the packet is misconfigured. In addition, client and server must terminate the session successfully if it happened.

l implement a simplified version of SSL/TLS (miniSSL) and a simplified application-layer protocol (miniGet) in this project. The goal is to get a better understanding of the SSL/TLS protocols.

Attachment:- mini-ssl.pdf

Reference no: EM131096204

Questions Cloud

Demand and supply curves for cigarette market : Statistical studies have shown that the price elasticity of demand is -0.4, and the price elasticity of supply is 0.5. Using this information, derive linear demand and supply curves for the cigarette market.
Budget deficit of the government has been rising sharply : Country Y is an industrialized economy. The budget deficit of the government has been rising sharply in the last few years. In order to fund this expenditure, the government has resorted to financing its deficit by issuing bonds. Jason McAlister, a l..
What is the free market price : If both the agency and the board are right about demand and supply, what is the free market price? What is the change in city population if the agency sets a maximum average monthly rental of $300, and all those who cannot find an apartment leave ..
Unemployment insurance payments from the government : Unemployment workers receive unemployment insurance payments from the government. Does the existence of unemployment insurance make it likely that consumption will fluctuate more or fluctuate less over the business cycle than it would in the absence ..
Implement a simplified version of ssl : COMP 4337/9337 - Securing Wireless Networks - Implementation Assignment - Implement a simplified version of SSL/TLS (miniSSL) and a sim-plified application-layer protocol (miniGet) in this project.
Concerned about drop in export demand : U.S. farmers are concerned about this drop in export demand. What happens to the free-market price of wheat in the U.S.? Do farmers have much reason to worry?
Sales volume as a concomitant variable : Refer to Cash offers Problem 19.10. An analyst wishes to use each dealer's sales volume as a concomitant variable. The sales data (Xij) in hundred thousand dollars) follow.
Number of pretzel-stand licences : a) Illustrate the current equilibrium in a two-part diagram with the entire market in one part and an individual pretzel stand in the other. b) Now the city decides to restrict the number of pretzel-stand licences, reducing the number of stands to..
Market for standard-sized cardboard container consists : The market for a standard-sized cardboard container consists of two firms: Composite Box and Fiberboard. As the manager of CompositeBox, you enjoy a patented technology that permits your company to produce boxes faster and at a lower cost than Fiberb..

Reviews

Write a Review

 

Python Programming Questions & Answers

  Takes a directory containing files that record

Create a program called grading.py that takes a directory containing files that record how student's performed on their assignments and from these files determines each students grades in addition to the course statistics.

  Write a function that will take two arguments

Write a function that will take two arguments: a word to be searched for and a list of strings containing the grid and write code to read, in turn, each line of the file, remove the newline character and append the resulting string to a list of stri..

  Python function to calculate two roots

Write a Python function main() to calculate two roots. You must input a,b and c from keyboard, and then print two roots. Suppose the discriminant D= b2-4ac is positive.

  Output the starting position and length

X Strings: Input a string. Output the starting position and length of the first occurrence of the longest substring of capital Xs in that string. The first letter is in position 1.

  Improve the code for the haunted house game

Improve the readability of the code by improving the function names, variables, and loops, as well as whitespace. Document these changes in your journal and define a win condition for the game, for example, collecting all items and returning to the..

  Design an application in python

Design an application in Python- The application would generate a set of 100 integers in a random manner in the range of 50 to 150 including both the numbers in the range

  Print out the average score accurate to two decimal places

print out the average score accurate to two decimal places.

  Write a python program that draw as pie chart

Write a python program that draw as pie chart go n frequent lettering word.txt file. The program, will Use tkinter to build an interface to input n

  In this assignment you will write a program that does

in this assignment you will write a program that does simple packet routing. your program will take three command-line

  Write a loop that counts the number of space

Write a loop that counts the number of space characters in a string. Recall that the space character is represented a

  The interest rate per period

The interest rate per period. For example, if your loan's interest is 6.5% per year, and you are paying monthly, this would be 6.5%/12. If you are paying every two weeks, r would be 6.5%/26, because there are 26 two-week periods in a year.

  Determine which value is on the most dice

Determine which value is on the most dice, and set those dice aside so they won't be re-rolled. Repeat steps (2) and (3) until you're out of rolls (in Yahtzee, it's a maximum of 3 rolls)

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd