CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair.

Slides:



Advertisements
Similar presentations
Lecture 5: Cryptographic Hashes
Advertisements

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.
CS255 Programming Assignment #1. Due: Friday Feb 10 th (11:59pm) –Can use extension days Can work in pairs –One solution per pair Test and submit on Sweet.
Chapter 5 Cryptography Protecting principals communication in systems.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
IEEE Wireless Local Area Networks (WLAN’s).
Cryptography and Network Security
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
SSH Secure Login Connections over the Internet
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
CSCE 715: Network Systems Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
SSL/TLS How to send your credit card number securely over the internet.
ACCESS CONTROL MANAGEMENT Poonam Gupta Sowmya Sugumaran PROJECT GROUP # 3.
Enterprise Security API (ESAPI) 2.0 Crypto Changes
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
Wireless and Mobile Security
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
PKCS #5: Password-Based Cryptography Standard
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Network Layer Security Network Systems Security Mort Anvari.
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Java Cryptography Nick Pullman DSU-MSIA Citigroup Information Security
Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
- Richard Bhuleskar “At the end of the day, the goals are simple: safety and security” – Jodi Rell.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Hashing (Message Digest) Hello There Hashing (Message Digest)
Cryptographic Hash Functions
Cryptographic Hash Functions
Block Cipher Modes CS 465 Make a chart for the mode comparisons
Presentation transcript:

CS255 Programming Project 1

Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair Test and submit on Leland machines – SCPD students: get SUNet ID! sunetid.stanford.edu

Overview Build a password manager Effectively a secure, networked map Works like OS keychain Client-server model Written in Java using JCE

Security Features Passwords cannot be stolen – Not even if the server is compromised Network attackers can't tamper – Can't impersonate the server either Master password can be changed – Shouldn't require reciphering everything

What is provided? Most of the application – GUI – Server – IO layer – Layered Map API – Simple test cases Skeleton code – AES – Secure network code

GUI Simple, unpolished SWT – List of resource names – Create new RN/password with ^N – Edit password with ENTER – Delete password with DEL – Change master password – Only connects to localhost Improvements welcome – Not required by any means

Server (Mostly-) atomic file store Backed by the filesystem – More transparent than a database Doesn't know anything about crypto Sets master password = 'passw0rd' – Change it in the GUI

IO Layer Probably a sign that I don't know Java IO for blobs – byte[] and byte[][] – Uses simple length encoding – Filesystem instance for server – Network instance for client/server – Secure network instance... write me!

Layered Maps Store byte[] -> byte[] maps on disk Export them over the network Encrypt and MAC them Use them as String -> String maps

Skeleton Crypto Code Wrapper around HMAC-SHA1 Catches exceptions – Most of them statically can't be thrown – Probably a few of them can (BUGS!)‏ Provides a more functional interface

Quirks in the code I'm not a Java programmer byte[] is usually assumed immutable Needs testing on Windows – GUI code – Atomic file operations There are definitely bugs

What needs to be done Aes class – AES-CTR mode – Authenticate with HMAC-SHA1 SecureBlobIO class – Negotiate secure network connection – Prevent attacker from faking commands – Watch out for replay attacks! – Store necessary parameters on disk – Recover master AES key

Errata You are NOT required to: – protect integrity of keys from compromised server – protect secrecy of keys from anyone

Security Don’t use the same key to encrypt and MAC !!! Use a common key, K, and derive encryption and MAC keys, K enc, K mac using a PRF – K enc = HMAC(K, “encrypt”); – K mac = HMAC(K, ”integrity”);

Counter Mode You must implement it. To get a “plain” cipher use ECB mode with no padding – Warning! CBC mode used by default – Need to specify “AES/ECB/NoPadding” Need a counter (try BigInteger)‏

Java Cryptography Extension Implementations of crypto primitives Cipher Pseudo-random Generator SecureRandom Message Authentication Code Mac Cryptographic Hash MessageDigest

JCE: Generating Random Keys 1.Start the PRG (random seed set by default)‏ 2.Initialize KeyGenerator with the PRG 3.Generate the key // Generate a random encryption key SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); KeyGenerator enckeygen = KeyGenerator.getInstance("AES"); enckeygen.init(prng); SecretKey enckey = enckeygen.generateKey();

JCE: Keys From Byte Data Use SecretKeySpec – Extends SecretKey // Use KeyTree API to get key bytes from password byte[] keyBytes = KeyTree.createAESKeyMaterial(passwd); // Use the bytes to create a new SecretKey SecretKeySpec keySpec = new SecretKeySpec(keyBytes, “AES”);

JCE: Using Ciphers 1.Select the algorithm 2.Initialize with desired mode and key 3.Encrypt/Decrypt // Create and initialize the cipher Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, enckey); // Encrypt the message byte [] msg = "Content is here.".getBytes(); byte [] enc = cipher.doFinal(msg); Mac class has a similar API

Grading Security comes first – Design choices – Correctness of the implementation Did you implement all required parts? Secondary – Cosmetics – Coding style – Efficiency

Submitting README file – Names, student IDs – Describe your design choices Your sources Use /usr/class/cs255/bin/submit from a Leland machine

Stuck? Use the newsgroup (su.class.cs255)‏ – Best way to have your questions answered quickly TAs cannot: – Debug your code – Troubleshoot your local Java installation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.