In this assignment, we will enhance Phone-to-phone Online Social Network with security services by utilizing cryptographic functions.
In particular, we will provide authentication, confidentiality and integrity checks and protect against fabrication and modification attacks.
We assume the clients know the server's public key. All communications sent to server are encrypted with the client's private key (except
REGISTER) and then server's public key and all communications from the server to clients are encrypted with server's private key and then clients' public key. All communications between the clients should use symmetric keys after session keys are established via public keys. Clients will query the server (i.e.,
SEARCH) to find other peer's public keys with the first message. Additionally, all messages should append a message digest to prevent modification.
You need to provide an overview of your design as a report.
You should work individually.
Your project will be tested to make sure it works properly.
Your grade will depend on the functionality and the code quality. Hence, please pay careful attention to clean, modular and extensible design as you implement the project.
There will be bonus for students that point to major issues or add to program structure.
This document will evolve as we discuss the project and determine communication protocols and messaging formats.
Don't wait till the last minute to start this phase!
Last updated on Apr 16, 2015