Assignment2-Courses/CYBR372_2024T2
Part1:TLSClient and Server lmplementation Using Java Sockets and SSLAPls(60%)
Objective:
Implement a client and server that communicate securely using TLS,focusing on low-level Socket and SSL APls (i.e.,avoiding higher-level libraries).The client should authenticate the server using a certificate issued by a self-created certificate authority(CA).
Learning Outcome:
You will understand the process of establishinga secure connection using TLS,including client-side certificate validation and server authentication.You will also learn how to create your own PKI by becoming your own certificate authority and issuing server certificates!
Requirements:
1.Client:
■Establish a connection to the server over a secure channel using TLS.
Verify the server's certificate,which is issued by a you as a trusted certificate authority(CA).
■ Authenticate the server.
■ Send a simple message (e.g.,"Hello,Server!")once the connection is established.
2. Server:
■Create a TLS server socket that listens on a specified port.
Accept connections from clients and send a simple response (e.g.,"Hello,Client!")back. ■Use a certificate signed by you as a trusted CA for authentication.
3.Certificate Authority(CA):
■ The students should become their own certificate authority by generating a root CA certificate and private key.
Issue a certificate for the server signed by the root CA's private key.This certificate should be used by the server for the TLS connection.
■ The client must trust the CA and verify the server certificate against it.
4.Certificates:
Create a certificate chain that includes the root CA certificate (yourself)and the server certificate.
Configure the server to present its certificate,and configure the client to validate the server certificate against the trusted CA.
5.Additional Notes:
■No mutual authentication is required.The client only verifies the server's certificate.
Provide thorough error handling if certificate validation fails (e.g.,invalid certificate,untrusted
Technologies:
■ Java Sockets(java.net.Socket /java.net.ServerSocket).
Java Secure Sockets Extension(JSSE)APls like SSLContext,SSLSocket,and SSLSocketFactory.
■ Java Keytool or openssl to generate certificates.
Deliverables:
1.Java code for the client and server.
2.The process of generating the root CA certificate and issuing the server certificate.
3.A PDF report (500 words limit)that explains the certificate generation and the process of using
your own CA.Include an explanation of how the client authenticates the server.
Part 2:Capture and Break-down TLSHandshake with Wireshark(40%)
Objective:
Capture and analyse the TLS1.2 and TLS 1.3 handshakes using Wireshark and identify cryptographic details.
Learning Outcome:
You will gain a deep understanding of the TLS handshake process and the differences between TLS
1.2 and 1.3,by literally seeing it!
Requirements:
1.Capture Setup:
Set up a TLS connection to a website using any secure service (e.g.your browser)or your own implementation (e.g.,from Project 1).
■Use Wireshark to capture network traffic during the TLS handshake
Deliverables:
1.Wireshark capture files(.pcap or .pcapng).
2.A PDF report(500 words limit)with screenshots:
■ identifying each step of the TLS handshake for both versions,clearly identifying each piece of exchanged information
plus mentioning what each side does in between the steps.For this,you may need to consult
with the TLS 1.2 and TLS 1.3 documentations:RFC 5246-The Transport Laver Security(TLS)
Protocol Version 1.2 and RFC8446-The Transport Laver Security(TLS)Protocol Version 1.3.
Part 3:CryptographicInspectionof Open-Source Communication Apps(40%)
Objective:
Analyse the cryptographic services and mechanisms used in open-source communication applications by inspecting their source code.
Learning Outcome:
You will gain experience in practical code analysis,understanding how cryptography is implemented in real-world systems.
Steps:
1.Application Selection:
■ Choose at least two open-source communication applications (text/chat,call,video conferencing)for analysis.Here are some suggestions,but feel free to select your own(as long as it is relatively known application,and not e.g.some student's project!),The source code should be publicly available (e.g.,on GitHub):
■ Signal(Private Messenger)-messaging,voice,and video calls
o Source Code:Available on GitHub-Signal Android and Signal Server.
■ Jitsi(Video Conferencing)-video conferencing
o Source Code:Available on GitHub -Jitsi.
Wire(Secure Messenger)-text,voice,and video calls
o Source Code:Available on GitHub -Wire Android and Wire Server.
Matrix/Element(Decentralized Communication)-decentralized messaging platform.
o Source Code:Available on GitHub-Element Web or GitHub-Element iOS and Matrix Synapse.
Tox(Peer-to-Peer Messenger-peer-to-peer instant messaging and video chat
o Source Code:Available on GitHub-Tox Core.
Linphone(VolP and Video Conferencing)-voice and video communication over the internet
o Source Code:Available on GitLab-Linphone Desktop or GitLab-Linphone Android or GitLab-Linphone IPhone.
Mumble(Low-Latency Voice Communication)-voice chat,often used by gamers
o Source Code:Available on GitHub-Mumble .
OpenFire(Real-Time Collaboration)-a real-time collaboration server based on XMPP
o Source Code:Available on GitHub-Openfire .
■ Zulip(Team Chat)-threaded team chat platform similar to Slack
o Source Code:Available on GitHub-Zulip .
RetroShare(Decentralized Communication)-peer-to-peer messaging and file sharing with end-to-end encryption
o Source Code:Available on GitHub-RetroShare .
Nextcloud Talk(Video and Text Chat)-self-hosted video and text chat for teams
o Source Code:Available on GitHub -Nextcloud Talk.
XMPP/Jabber(Protocol and Client Implementations)-multiple XMPP-based chat clients and servers are open source and widely used.
o Example Clients:
o Conversations: Codeberg -Conversations
o Gajim: Gitlab-Gajim
Briar(P2P Messaging with Strong Privacy Focus)-a peer-to-peer messaging app with a focus on anonymity and privacy
o Source Code:Available on Gitlab -Briar.
Mattermost(Team Communication)-an open-source Slack alternative for team communication.
o Source Code:Available on GitHub-Mattermost .
Rocket.Chat(Team Collaboration and Messaging)-an open-source chat platform. for
team collaboration
o Source Code:Available on GitHub-Rocket.Chat .
2.Source Code Analysis:
Download and inspect the source code to identify the cryptographic algorithms and libraries used.
■ Focus on the following cryptographic services:
o Confidentiality:How are messages encrypted (e.g.,AES,ChaCha20)?
o Message Authentication:What mechanisms ensure message integrity (e.g.,HMAC,
digital signatures)?
o Entity Authentication:How are users authenticated (e.g.,certificates,passwords,public
o End-to-End Encryption(E2EE):Are communications encrypted from sender to receiver? How is this achieved?
3.Documentation:
■ For each service identified (confidentiality,authentication,etc.),explain:
o The cryptographic technique used.
o The specific implementation in the source code(e.g.,mention libraries,functions, protocols).
o Any limitations(if found).
Deliverables:
A PDF report(1000 word limit for both applications combined)that includes:
■ o The selected applications.
o A description of the cryptographic primitives and services.
o Code snippets or references to relevant parts of the source code.
o A discussion of the security guarantees provided by these mechanisms.