User Account

All Pages

Implement a simplified version of ssl

Assignment Help Python Programming
Reference no: EM131096204

Learning Objectives:

On completing this assignment you will gain sufficient expertise in the following skills:

- Understanding and developing security protocols.
- Reading and understanding standard documents for security such as RFCs.1 Learning Objectives:

On completing this assignment you will gain sufficient expertise in the following skills:
- Understanding and developing security protocols.
- Reading and understanding standard documents for security such as RFCs.

Project Scope

We will implement a simplified version of SSL/TLS (miniSSL) and a sim-plified application-layer protocol (miniGet) in this project. The goal is to get a better understanding of the SSL/TLS protocols.

miniSSL and miniGET

An miniSSL is a barebone version of Secure Socket Layer (SSL). An miniSSL includes a simplified SSL handshake, which leads for user authentication.

A session key need to be distributed securely for data encryption and in- tegrity check (by HMAC) in miniGet later. You are expected to use RSA and implement the client authentication (advanced requirement: mutual authentication).

An miniGET is simply a GET operation sent from client to server after the miniSSL hand-shake. The server sends the requested file, encrypted and HMACed with the session key. The session key for data encryption and integrity check was established during the miniSSL handshake. We always use the off-the-shelf cryptographic algorithms, AES 128-bit encryption and SHA1-based HMAC, for data encryption and integrity check. Once the file is delivered, both client and server would terminate the session without any further notifications.

Protocol flow

The simplified protocol you are going to implement is shown as follows. C denotes as client, S denotes as server. We have an miniSSL-CA.

We start with the miniSSL handshake. Note that we group the different message types of SSL/TLS in new, custom ones. In the following, the comma operator indicates the border between message fields, and the | operator indicates concatenation of two (bit) strings.

1. C chooses a nonce nc of length 28 bytes. It chooses the cipher suite to be 128-bit AES encryption and SHA1 as the HMAC function. It is denoted as a string AES-HMAC. The type of the first message is ClientInit. C sends this to S:

C → S : ClientInit, nc, AES-HMAC

2. Upon receiving this message, S chooses a random nonce ns of length 28 bytes. It acknowledges the client's cipher choice and also sends a certificate. It can add an optional request for the client to authenticate with a certificate by sending the CertRequest string:
S → C : ServerInit, ns, AES-HMAC, Certs [, CertReq]

3. C verifies that the unexpired server certificate was issued by the miniSSL- CA (checking the signature, with the certificates in its root store) and whether the common name matches with the expected one. It extracts S's public key. It generates a pre-master secret p as a random value with 46 bytes in length. From this, it derives two session keys k1 and k2 as k1=HMAC-SHA1(p, nc|ns|enc) and k2=HMAC-SHA1(p, nc|ns|mac), with enc,mac being the binary strings 00000000 and 11111111. Finally, it computes an HMAC over all messages up to this point in the following way:

mc=HMAC-SHA1(k2,ClientInit- nc-AES-HMAC-ServerInit-ns-Certs
[|CertReq])
C sends the following to the server (note the optional client certificate).
E means encryption with the respective public key:
C → S : ClientKex, ES (p), mc[, CertC, SigC(ns|ES(p))]
SigC (ns) is C's signature on the server's nonce.

4. The server, upon receiving this message, also verifies that CertC was issued by miniSSL-CA (see above) and that the certificate is not ex- pired. There is no need to check the Common Name. It computes k1, k2 and verifies that mc has the correct value. It computes an HMAC over all messages up to this point in the following way:
ms=HMAC-SHA1(k2,ClientKex-ES (p)|mc|[, CertC]).
It sends this to C:
S → C : ms

5. C verifies ms. The handshake is complete. C will now initiate miniGET. This protocol uses k1 for encryption and k2 for HMACs.

Compulsory Requirements
The following requirements are compulsory for your program.

- Your implementation must allow the protocol to run between client and server on different hosts, with different IP addresses. Therefore, TCP/IP sockets should be specified readily in your program.

- The miniSSL handshake should be implemented with the establishments of two session keys, one for AES data encryption, the other for HMAC integrity check.

- Your program should be able to accommodate multiple sessions, i.e. it must be possible to have two clients communicating with one server at the same time.

- Client and server must record the state of the current handshake, i.e., session management. All cryptographic information in a given protocol (nonces, keys, etc.) must be stored internally! There is an immediate effect that client and server cannot be confused when a third party starts sending them well-formed messages - they should be able to reject these as the state information is incorrect.

- Your client must verify that the server certificate has been issued from the minissl CA, carries the expected Common Name (it is in the cer- tificate), and is not expired. No other checks are necessary. It must use the public key found in the server certificate.

- Your server must support two modes: Simple and ClientAuth. In Simple, the client does not need to authenticate to the server. In ClientAuth, the server verifies that the client presents a valid certificate from the minissl CA and this certificate is not expired.

- After the handshake, the client must download the text file payload.txt from the server. Generate this file yourself. This messages must be encrypted with the session key, with the respective HMAC. In Clien- tAuth mode, the server could only process the received message if the client has presented the correct certificate. You have liberty of the design and implementations on your own session termination sig- nals in miniGet . We suggest you implement a simple GET and have server and client(s) simply terminate the connection when the file is successfully received.

- By checking the SHA-1 checksum, you must prove that both client and server have identical copies of payload.txt.

- If either the server or client presents an invalid certificate, the other side must terminate the connection (i.e., close the socket). There are rogue certificates in the attached project package. Use them to verify that you do not accidentally accept the invalid certificates.

- Your program must handle all the exceptions well without crashing if the packet is misconfigured. In addition, client and server must terminate the session successfully if it happened.

l implement a simplified version of SSL/TLS (miniSSL) and a simplified application-layer protocol (miniGet) in this project. The goal is to get a better understanding of the SSL/TLS protocols.

Attachment:- mini-ssl.pdf

Reference no: EM131096204

Questions Cloud

Demand and supply curves for cigarette market : Statistical studies have shown that the price elasticity of demand is -0.4, and the price elasticity of supply is 0.5. Using this information, derive linear demand and supply curves for the cigarette market.
Budget deficit of the government has been rising sharply : Country Y is an industrialized economy. The budget deficit of the government has been rising sharply in the last few years. In order to fund this expenditure, the government has resorted to financing its deficit by issuing bonds. Jason McAlister, a l..
What is the free market price : If both the agency and the board are right about demand and supply, what is the free market price? What is the change in city population if the agency sets a maximum average monthly rental of $300, and all those who cannot find an apartment leave ..
Unemployment insurance payments from the government : Unemployment workers receive unemployment insurance payments from the government. Does the existence of unemployment insurance make it likely that consumption will fluctuate more or fluctuate less over the business cycle than it would in the absence ..
Implement a simplified version of ssl : COMP 4337/9337 - Securing Wireless Networks - Implementation Assignment - Implement a simplified version of SSL/TLS (miniSSL) and a sim-plified application-layer protocol (miniGet) in this project.
Concerned about drop in export demand : U.S. farmers are concerned about this drop in export demand. What happens to the free-market price of wheat in the U.S.? Do farmers have much reason to worry?
Sales volume as a concomitant variable : Refer to Cash offers Problem 19.10. An analyst wishes to use each dealer's sales volume as a concomitant variable. The sales data (Xij) in hundred thousand dollars) follow.
Number of pretzel-stand licences : a) Illustrate the current equilibrium in a two-part diagram with the entire market in one part and an individual pretzel stand in the other. b) Now the city decides to restrict the number of pretzel-stand licences, reducing the number of stands to..
Market for standard-sized cardboard container consists : The market for a standard-sized cardboard container consists of two firms: Composite Box and Fiberboard. As the manager of CompositeBox, you enjoy a patented technology that permits your company to produce boxes faster and at a lower cost than Fiberb..

Reviews

Write a Review

Python Programming Questions & Answers

  Improve the code for the haunted house game

Improve the readability of the code by improving the function names, variables, and loops, as well as whitespace. Document these changes in your journal and define a win condition for the game, for example, collecting all items and returning to the..

  Topic of effective and ethical communication

Design an algorithm and use it to write a Python program that reads the contents of the data file into a list. The program should then loop, to allow a user to check various numbers against those stored in the list.

  The interest rate per period

The interest rate per period. For example, if your loan's interest is 6.5% per year, and you are paying monthly, this would be 6.5%/12. If you are paying every two weeks, r would be 6.5%/26, because there are 26 two-week periods in a year.

  The program should allow the student

The program should allow the student to enter the answer. If the answer is correct, a message of congratulations should be displayed. If the answer is incorrect, a message showing the correct answer should be displayed.

  Find in the dataset how often u2 is mentioned as artist

Write and run Hadoop code (mappers and reducers) to find in the Last.fm dataset (a) how often U2 is mentioned as artist and (b) songs that have been played more than 600 million times.

  Design a prgram using python

Design a prgram USING PYTHON that students can use to calculate what score they need on final exam to get a certan final grade for a course.

  Student record due smartsite thursday 1211 1155 pm file

due smartsite thursday 1211 1155 p.m. file names grading.py ltbrgtall prompts for input and all output must match my

  The program should use a boolean= valued function

Write a program that accepts a word as input and determines wehther or not it has three consecutive letters in the alphabet. The program should use a Boolean= valued function named isTripleConsecutive that accepts an entire word as input.

  Write a program that uses a bar

Write a program that uses a bar chart to display the percent-ages of the overall grade represented by the project, quizzes the midterm exam and the final exam

  Create a cheat commands in the game

ISCG5420 Programming Fundamentals - Create a cheat commands in the game so player can pick up any item he wants from any location in the map.

  Write python code that will execute a list

Write python code that will execute a list of functions with supplied parameters and report the observed runtime for each function run. Assume that the input file has a list of strings like so:

  Question 1 research 5-8 species within one family of birds

question 1 research 5-8 species within one family of birds. be sure to use primary or very good secondary literature

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd