CS 212 - Final Project (Phase 3): Adding Security

Summer 2003

Due: 11:59pm, Tuesday, Aug 5

0. Objectives

In the second part of the project you added networking to the client and server, allowing clients to log into the server, view elections, and cast votes.  Of course, privacy and security would be a prime concern if building a real electronic voting system.  In this final part of the project, you will add security features to your client and server  allowing your system to encrypt messages and authenticate users.

Please make sure you read this ENTIRE document, especially the section on what to submit.

 

1. System Specifications

Your system should have the following functionality:

  1. Your client and server should communicate securely, preventing attackers from reading message contents, and preventing clients from connecting to bogus servers.  You should use hybrid-encryption to create and distribute a session key for each session.

     
  2. The server should have functionality to add users and their passwords to its list of valid voters.  When adding a voter, the server should prompt the user for a username and password.  The server should not save the actual password for the user.  Also, make sure that all usernames are unique. (The idea here is that a voter must present himself in person to some election authority to prove his identity, after which the voter may choose a username and password to use.)

     
  3. The client and server should not be vulnerable to replay attacks, during which an attacker replays a message to the client or server to disrupt service, steal votes, etc.  (Imagine if an attacker could replay a "Close connection" message to the server each time a client connected: then no one would be able to vote.)

     
  4. Each time a user connects to the server or votes, she enters her username and password.  This <username,password> pair must correspond to a pair in the server's list of valid voters for the server to process the client's request.

     
  5. You should create a <public key, private key> pair for use with private key cryptography.  The client should have a file called PublicKey.txt, which holds the public key for the pair.  The server should have a file called PrivateKey.txt, which holds the private key for the key pair.  Upon startup, the client and server load these respective keys for use in private key cryptography.

     
  6. The client and server should not crash, especially if the TCP connection is suddenly broken.
     

 

2. Client Specifications

You should modify your client to function as follows:

  1. When first connecting, the client and server negotiate a session key using hybrid encryption; this session key is used to encrypt/decrypt all subsequent messages.  The client also sends the voter's username and password to the server.  If the username and password pair are valid, the server sends the election list.

     
  2. When the client votes, the client GUI must again prompt the user for her username/password, and send the username, password, and vote to the server.  The server checks the username/password before processing the vote.

     
  3. The client and server should be immune to replay attacks.


     

2. Server Specifications

In this part of the project, you will improve the server to allow it to listen for incoming connections and serve them.

The server should function as follows:

  1. The server should have functionality to add <username, password> pairs to its list of valid voters.

     
  2. Each time a client connects or vote, the client must supply a valid username and password for the server to perform the requested task.

     
  3. When the client connects, it will supply a session key.  The server should use that session key for all subsequent communication with the client.  Note that each client will choose the session key at random, so any two clients should have different keys (they could be the same, but the chance is extremely small).
     

 

3. More Notes

3.1 Cryptix

Certain cryptographic algorithms are not implemented in the Java API.  You should download Cryptix at http://www.cryptix.org/products/cryptix31/index.html, which can be used as a security provider for Java.  This package includes RSA algorithm, which you will need to use.  For DESede ("Triple-DES"), you can use Java's implementation.  See the directions on the site and my example code for how to use Cryptix, RSA, and DES.

Make sure you download "Cryptix 3", and not the "Cryptix JCE".

3.2 Crypto Algorithms

For secret key crypto, you should use the DESede ("Triple-DES") algorithm.  For private key crypto, you should use the RSA algorithm.  Both of these are used in the example program on the website.

 

 

 4. Design Priorities

The software you design should show good class structure and be easy to extend.  Good documentation, good structure, clean abstractions, and straightforward control flow all contribute to such extensibility. You should also make proper use of Java’s many data structures, such as hash tables, linked lists, etc. (if and where you think you need them).  Think about what classes and class structure you’ll need beforehand, and what those classes should do.

 

5. General Specifications

 

6. Partners and Other Important Information

As before, you can work in a group of 1-3 people total. You may work in a group different from your part 2 group if you like. 

You may use any group's part 2 programs to do this assignment, or you may use my solution files if you wish.

 

7. Submission

You should send your project submission to my email address (ejk16@cornell.edu).  Please put all submitted files in a .zip file whose name has the format "proj3_<netid>.zip", where <netid> is the netid of one of your group members.  For example, I would submit a file called "proj3_ejk16.zip".

Your zip file should contain the following files (at least):