Reference no: EM132292277

Overview

For your final project you may choose to do one of the following: (1) a programming project; or (2) a practical skills project; or (3) propose your own project. If you choose to do a pro- gramming project, please choose one topic in the section titled Programming Projects, below. In completing this project, you may use any existing cryptographic libraries, tools, programming languages or platforms.

Programming Projects

Please complete one of the following programming projects.

1. Secure File Sharing

In this project, you are going to use the concepts of concurrent server to write a secure peer-to- peer file-sharing system. Concurrent server can service multiple clients at the same time.

There are 3 peers (hosts) connected to a network; each stores a number of files. Each file is associated a keyword that can be used to search for the file. There may be duplicates of the same file stored at multiple peers; these duplicates are associated with the same keyword. Different files can be associated with the same keyword. The goal of this project is to build a mechanism that enables these peers to securely share their files with each other. The overall structure of the file sharing system is given below.

An indexing server keeps track of which files are stored at which peers. Each peer has an account with the server. When a peer connects to the server, server prompts the peer to provide ID and password. The peer then sends its domain name and port number to the server. The peer also sends names of files it has and the corresponding keyword to the server; the server then updates its index database. A peer that wants a specific file queries the server with keyword. Server searches for the keyword in its index database and returns the <domain name, port number> where domain name and port number are the domain name and the port number of the peer who has the file.

Requesting peer then chooses one peer from the list returned by the indexing server and initi- ates a file transfer operation. Each peer contains a list of public keys of other peers of the form <name, publickey>. Files need to be transferred securely and should not be modifiable by unauthorized users during transmission.

Your implementation must provide both confidentiality and digital signature. For digital sig- nature you must provide the user with a choice of using RSA or Digital Signature Algorithm. Both digital signature schemes must be supported.

2. Secure Chat

In this project you are to implement a system which enables a group of users to chat securely. All users are registered with the chat server. When the user wants to chat with another reg- istered user, he first connects to the chat server and enters his/her user name and password. The server verifies the user name and password, and if correct, the user's status is changed to "online". Next, the user may enter the user ids of users with whom he wishes to chat (could be more then one). At any given time the user should be able to check what other users are online and invite them to the ongoing conversation.

Once the user specifies the users with whom he wishes to chat, the server generates a symmetric key, and securely distributes it to all the specified users and the user who initiated the chat. To achieve secure key distribution you must encrypt the symmetric key using the public keys of the respective users (you may assume that server knows the public keys of all users). If one of the specified users is not online, the requesting user is notified about this.

After the encrypted symmetric key has been distributed to all users, the users decrypt the sym- metric key using their private keys, and the chat session may begin. All messages exchanged during the chat must be encrypted using the symmetric key provided by the server and must be delivered to all users participating in the chat. Any user may choose to leave the conversation. If the user disconnects from the chat server, his status should be changed to "offline". All users who are connected to the server, must have a way to check whether a given user is online.

You do not need to support multiple chat sessions.

Your implementation must provide both confidentiality and digital signature. For digital sig- nature you must provide the user with a choice of using RSA or Digital Signature Algorithm. Both must digital signature schemes must be supported.

3. Secure Purchase Order

Implement a secure purchase order system that allows the user to enter a purchase request and routes it to Order Processing Department (OPD) for signature. Each customer has an account with the online purchasing system. The online purchasing system has the public-key of every customer.

First, the customer enters his/her ID and password. The system verifies his/her ID and pass- word. Next, the customer sends the order as well as a timestamp to the OPD - confidentiality and digital signature must be provided. OPD verifies the signature of the customer and checks

if the product is available. If the customer's signature is verified and the product is available, OPD prepares the order. After OPD processes the order, OPD retrieves the customers email address and sends an email to the customer, indicating that the order has been shipped. OPD should be implemented as a concurrent server.

Your implementation must provide both confidentiality and digital signature. For digital sig- nature you must provide the user with a choice of using RSA or Digital Signature Algorithm. Both digital signature schemes must be supported.

4. Secure Internet Poker

This project implements poker on the Internet. It will accept two players. The house has each players public key.

1. Each player generates a session key and distributes the session key to the house securely.
The session key is used to encrypt message sent between the house and the players.

2. The house randomly generates three numbers between 1 and 15 and sends the numbers to player.
3. The house randomly generates three numbers between 1 and 15 and sends the numbers to player.
4. There are three rounds. In each round, each player chooses a number out of the three numbers and sends the number to the server. The server compares the number. The player who chose larger numbers than the other for at least two rounds wins. At the end of the 3rd round, the house announces the winner.
5. The session key will be destroyed after a player leaves a current session.

Your implementation must provide both confidentiality and digital signature. For digital sig- nature you must provide the user with a choice of using RSA or Digital Signature Algorithm. Both digital signature schemes must be supported.

5. Secure Banking

Implement the authentication and secure communications protocols for a distributed system consisting of a bank server and a number of automatic teller machines (ATMs). Assume one bank server and 2 ATMs. The bank should be implemented as a concurrent server.

Public key cryptography is employed for secrecy, integrity-protection, and authentication. The bank server's public key is stored by the ATM, with the corresponding private key stored by server the connected to that ATM. You may also assume that the bank has the public keys of the two ATMs.

ATM would work like this:

1. The customer enters his/her 6-digit ID (e.g. 124356) and password.

2. The ATM contacts the bank server to verify the customers ID and password.

3. The customer selects an action to be performed, and that action is performed by the bank server.
There are five actions: display the amount of money in the account, deposit money, withdrawals, account activities (time and date when the user performed transactions and what transactions the user performs), and quit. Assume that the bank knows the ATMs public key and the ATM knows the banks public key. The ATM communicates with the bank by running a protocol that satisfies the following requirements:

1. It authenticates the customer to the bank server (ID, passwd).

2. It authenticates the ATM to the bank server through public-key encryption. 3.It preserves the confidentiality of communications between the bank and ATM. 4.The bank server takes actions in response to customer uses of an ATM.

Your implementation must provide both confidentiality and digital signature. For digital sig- nature you must provide the user with a choice of using RSA or Digital Signature Algorithm. Both digital signature schemes must be supported.

6. Secure Blockchain

Blockchain is the uderlying technology of Bitcoin, Etherium, and other cryptocurrencies. Its power comes from the idea of distributed ledger which has many applications beyond cryptocur- rencies.

If you choose to do this project, please take some time to read and learn about the basics of the blockchain. The following links provide good resources that will get you started:

• Blockchain high-level overview
• Blockchain tutorial
• Blockchain implementation tutorial
• Blockchain implementation tutorial

Cryptographic concepts, including public key cryptography and hashing, play central roles in the blockchain. The goal of this project to implement a simulation of the public blockchain similar to Bitcoin. Your implementation should include the following key parts of the blockchain:

1. Individual users should be able to broadcast transactions to the miners i.e., parties re- sponsible for verifying the blocks.

2. All transactions within a block must be digitally signed by the user initiating a transaction. 3.Miners verify the transaction within a block by solving a computationally hard problem.

For the purpose of this project you can simplify the difficulty of the problem in order to be able to test and demo your project. For example, finding a number that results in the block's hash containing a hexadecimal number "0x0a".

4. The miner who solves the problem first, gets a reward according to the rules of blockchain.

5. When the block is verified, the miner broadcasts the verified block to the users.

6. In order to deal with the issues associated with spoofed blocks (e.g., if the attacker beats the miners) the users must use the longest chain rule.

Your implementation should support at least three users and three miners and must provide both confidentiality and digital signature. For digital signature you must provide the user with a choice of using RSA or Digital Signature Algorithm. Both digital signature schemes must be supported.

Presentation Guideline

If time permits, each group will give an in-class presentation. If the time does not permit, then please submit a video of your presentation or demo your project to the instructor. When making your video, demo, or in-class presentation, please adhere to the following guidelines:
• Give 5-10min presentation.
• Show and explain how your code runs.
• Discuss the design (how do you provide confidentiality, authentication, digital signature, integrity etc)
• Implementation (language, libraries, implementation issues).
• What you have learned by doing the project.

Propose Your Own Project

Propose your own project idea! Be creative! The proposed idea should be at least as challenging as the projects listed above and require application of principles and practices of cryptography. Please make sure you get your idea approved by the instructor. All proposed projects must include a presentation, demo, or a video component and a written document similar to that required in programming and practical skills projects.

Attachment:- Projects.rar