Академический Документы
Профессиональный Документы
Культура Документы
OF INFORMATICS
COURSEWORK COVERSHEET
SUBJECT’S INFORMATION:
Subject: CSCI368 Network Security
Session: July 2019
Programme / Section: BCS
Lecturer: Mohamad Faizal Alias
Coursework Type q Individual Assessment
(tick appropriate box)
Coursework Title: Assessment 2 Coursework Percentage: 10%
Hand-out Date: Week 7 Received By :
(signature)
Due Date: Week 12 Received Date :
STUDENT’S INFORMATION:
Student’s Name & ID: Phartheben Selvam 6186038
Contact Number / Email: 0162341801 phartheben@gmail.com
STUDENT’S DECLARATION
By signing this, I / We declare that:
1. This assignment meets all the requirements for the subject as detailed in the relevant Subject Outline, which I/ we have
read.
2. It is my / our own work and I / we did not collaborate with or copy from others.
3. I / we have read and understand my responsibilities under the University of Wollongong’s policy on plagiarism.
4. I / we have not plagiarised from published work (including the internet). Where I have used the work from others, I / we
have referenced it in the text and provided a reference list at the end of the assignment.
I am / we are aware that late submission without an authorised extension from the subject co-ordinator may incur a penalty.
(See your subject outline for further information).
Name & Signature: Phartheben Selvam
------------" -------------------" ------------------" -------------------" --------------------" ---------------------" --
COURSEWORK SUBMISSION RECEIPT
Subject: CSCI368 Network Security Session: July 2019
Programme / Section: BCS Lecturer: Mohamad Faizal Alias
Coursework Type: q Individual Assessment
(Tick appropriate box)
Coursework Title: Assessment 2 Coursework Percentage: 10%
Hand-out Date: Week 7 Received By:
(Signature)
Due date: Week 12 Received Date:
STUDENT’S INFORMATION:
Student’s Name & ID: Phartheben Selvam 6186038
Contact Number / Email: 0162341801 phartheben@gmail.com
Assessment Criteria Total Marks Given Marks
Lecturer’s Comments
Penalty for late submission:
1 day – minus 20% of total mark awarded
2 days – minus 50% of total mark awarded
3 days – 0 mark for this piece of coursework
University of Wollongong
CSCI368 NETWORK SECURITY
JULY 2019
Individual Assessment 2 (10 %)
Aims
This assignment consists of TWO parts. Part 1 consists of an Online Quiz 3 covering topic of Public Key Infrastructure. While Part 2 is a
program development for Single-Sing On Simulated System
Objectives
On completion of this assignment you should be able to:
• Understand the Public Key Infrastructure covering Key Management, Digital Certificates and Key Distribution
• Applying network programming.
• Applying Cryptographic techniques such as Key Generator, Hashing, block cipher and PKC into a Single Sign-on Simulated
system (Programming)
• Creating a complete simulated system consisting Client program, Trusted Authority program and server program for Single-
Sign On system.
Part 1 – Online Quiz 3 – PKI (2%) – Week 7
• Quiz 3 is an online quiz on Moodle which consist of 10 MCQs. You are given only 20 minutes to complete the quiz.
• The coverage for this quiz is on Chp04 – Public Key Infrastructure.
• Make sure you have done necessary reading before attempting this quiz.
• Quiz will be open for the whole Week 7.
Part 2 – Single Sign-on System (8%)
Aims
This Part 2 assignment aims to establish a basic familiarity with an authentication system with “single-sign-on” features.
Part 2 Objectives
The assignment involves the following tasks:
• Implementation of a working prototype of single-sign-on authentication system.
• Socket programming.
• Security programming including public-key certification and RSA signatures, SHA-1 hashing and Block Cipher.
Specifications
Write a C++ socket program to implement a working prototype of single-sign-on authentication system. The working program will be
using Crypto++ library and working on the physical network of computers.
Single-sign-on:
Single-sign-on is a system where a user who holds a valid identity and a valid password can access multiple networked servers via
strong authentication (i.e., using digital signatures). Intuitively, when a user logs on a computer using her password, the computer (or
client code) verifies the validity of her identity and password. If the verification is passed, a credential of the user will be generated.
With the credential, the user can then access services provided by multiple servers with a single-sign-on.
Since our single-sign-on system requires strong authentication, the problem we are facing is how to store users’ private keys. The
obvious solution is to utilise a file to store the credentials and keys.
Our single-sign-on system consists of the following components:
1. Key generator that generates RSA keys for each user.
2. Users. Each user possesses a pair of RSA keys.
3. A client program that handles user login.
4. Servers that provide services to users. All servers possess the public key of a trusted authority (T).
5. The trusted authority (T), performs the following functions:
• Generate RSA keys.
• Generate public-key certificates for users.
• Store private keys and public-key certificates for users.
• It is assumed that T holds a permanent RSA public/private key pair (e_T, d_T).
Reference diagram:
There are 3 different programs to be created:
1. Client program - C
2. Trusted Authority program - T
3. File Server program – S_i
Existing user login and request for authentication
1. When an existing/registered user U_i wants to access server S_j in the system, she enters (U_i, p_i) on the client computer C.
Meanwhile on the network:
S_i executes and communicate with T to get T public key, e_T.
2. C then forwards (U_i, hash(p_i)) to T. Hashing is using SHA-1.
3. Upon receiving (U_i, hash(p_i)), T verifies their validity by searching the “users_keystore” file.
If they are valid/found, T will return (U_i, k_i) and cert_i to C.
Remember, cert_i = Sign_d_T(U_i, e_i, timestamp_i),
4. Upon receiving (U_i, k_i) and cert_i, C asks U_i which Server (S_i) he/she would like to access and then sends a request to S_j on
behalf of U_i.
At the same time, C Decrypt k_i by:
d_i = D(p_i, k_i) ; this is AES decryption using p_i. Note: Again, AES decryption here is similar to Encryption above
(Registration protocol).
5. Selection of which server the U_i would like to connect will make the S_i generates a nonce N and returns it to C.
6. Upon receiving the challenge N from S_i, C computes an RSA signature with U_i’s signing key d_i (d_i produced in step 4 above).
The RSA signature is: Sign_i = RSA_ d_i(U_i, N).
7. Then, C sends Sign_i and cert_i to a server S_j.
8. Upon receiving Sign_i and cert_i, S_j checks the validity of the cert_i and Sign_i with the corresponding public keys.
cert_i = Sign_d_T(U_i, e_i, timestamp_i) is decrypted with e_T (public key of T) and U_i, e_i and timestamp_i is known.
Sign_i = RSA_ d_i(U_i, N) is decrypted with e_i (public key of U_i) and U_i and N is known.
Verification happen when:
Both U_i from cert_i and Sign_i is similar and N from Sign_i is simlar to N generated by S_i on step 5 above.
9. If they are valid, the service is then granted. Otherwise, return an error message.
Report Contents:
1. Cover page, Introduction, TOC
2. Each C, T and S program segments with explanation, screen captures of the execution and other remarks
3. User Registration steps – screen captures and explanation
4. User Accessing servers – screen captures and explanation.
5. Contents of crypto components files (i.e. “users_keystore” etc.)
Generate a zip file named <yourname><assign2>.zip that includes all the above files to be submitted. Put your name and student
number in all source codes.
Submission
This assignment should be submitted electronically via the assignment submission link on Moodle:
Comments in code files should be concise. A header should give your information (including name, student ID) and briefly summarize
the contents of the file - identifying purpose of program, listing classes etc.
Classes may have brief header comments if these are considered necessary.
Individual functions should only require comment if they are complicated or result in non-obvious side effects etc.
The code that does not compile or/and failure of client/server connection will receive a zero.
Note: A presentation slots will be prepared for you to show case your Single Sign-on system during Week 12. Date/time will be
announced later and will consider your FYP schedule.
Late Submission:
Penalty is 25% deduction per day.
Plagiarism
A plagiarised assignment will receive a zero mark and be penalised according to the university rules. Plagiarism detection software
will be used.