Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair.

Published byLorena Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair."— Presentation transcript:

1 CS255 Programming Project 1

2 Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair Test and submit on Leland machines – SCPD students: get SUNet ID! sunetid.stanford.edu

3 Overview Build a password manager Effectively a secure, networked map Works like OS keychain Client-server model Written in Java using JCE

4 Security Features Passwords cannot be stolen – Not even if the server is compromised Network attackers can't tamper – Can't impersonate the server either Master password can be changed – Shouldn't require reciphering everything

5 What is provided? Most of the application – GUI – Server – IO layer – Layered Map API – Simple test cases Skeleton code – AES – Secure network code

6 GUI Simple, unpolished SWT – List of resource names – Create new RN/password with ^N – Edit password with ENTER – Delete password with DEL – Change master password – Only connects to localhost Improvements welcome – Not required by any means

7 Server (Mostly-) atomic file store Backed by the filesystem – More transparent than a database Doesn't know anything about crypto Sets master password = 'passw0rd' – Change it in the GUI

8 IO Layer Probably a sign that I don't know Java IO for blobs – byte[] and byte[][] – Uses simple length encoding – Filesystem instance for server – Network instance for client/server – Secure network instance... write me!

9 Layered Maps Store byte[] -> byte[] maps on disk Export them over the network Encrypt and MAC them Use them as String -> String maps

10 Skeleton Crypto Code Wrapper around HMAC-SHA1 Catches exceptions – Most of them statically can't be thrown – Probably a few of them can (BUGS!)‏ Provides a more functional interface

11 Quirks in the code I'm not a Java programmer byte[] is usually assumed immutable Needs testing on Windows – GUI code – Atomic file operations There are definitely bugs

12 What needs to be done Aes class – AES-CTR mode – Authenticate with HMAC-SHA1 SecureBlobIO class – Negotiate secure network connection – Prevent attacker from faking commands – Watch out for replay attacks! – Store necessary parameters on disk – Recover master AES key

13 Errata You are NOT required to: – protect integrity of keys from compromised server – protect secrecy of keys from anyone

14 Security Don’t use the same key to encrypt and MAC !!! Use a common key, K, and derive encryption and MAC keys, K enc, K mac using a PRF – K enc = HMAC(K, “encrypt”); – K mac = HMAC(K, ”integrity”);

15 Counter Mode You must implement it. To get a “plain” cipher use ECB mode with no padding – Warning! CBC mode used by default – Need to specify “AES/ECB/NoPadding” Need a counter (try BigInteger)‏

16 Java Cryptography Extension Implementations of crypto primitives Cipher Pseudo-random Generator SecureRandom Message Authentication Code Mac Cryptographic Hash MessageDigest

17 JCE: Generating Random Keys 1.Start the PRG (random seed set by default)‏ 2.Initialize KeyGenerator with the PRG 3.Generate the key // Generate a random encryption key SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); KeyGenerator enckeygen = KeyGenerator.getInstance("AES"); enckeygen.init(prng); SecretKey enckey = enckeygen.generateKey();

18 JCE: Keys From Byte Data Use SecretKeySpec – Extends SecretKey // Use KeyTree API to get key bytes from password byte[] keyBytes = KeyTree.createAESKeyMaterial(passwd); // Use the bytes to create a new SecretKey SecretKeySpec keySpec = new SecretKeySpec(keyBytes, “AES”);

19 JCE: Using Ciphers 1.Select the algorithm 2.Initialize with desired mode and key 3.Encrypt/Decrypt // Create and initialize the cipher Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, enckey); // Encrypt the message byte [] msg = "Content is here.".getBytes(); byte [] enc = cipher.doFinal(msg); Mac class has a similar API

20 Grading Security comes first – Design choices – Correctness of the implementation Did you implement all required parts? Secondary – Cosmetics – Coding style – Efficiency

21 Submitting README file – Names, student IDs – Describe your design choices Your sources Use /usr/class/cs255/bin/submit from a Leland machine

22 Stuck? Use the newsgroup (su.class.cs255)‏ – Best way to have your questions answered quickly TAs cannot: – Debug your code – Troubleshoot your local Java installation

Download ppt "CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair."

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.

Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.

Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.

Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.
CS255 Programming Assignment #1. Due: Friday Feb 10 th (11:59pm) –Can use extension days Can work in pairs –One solution per pair Test and submit on Sweet.

CS255 Programming Assignment #1. Due: Friday Feb 10 th (11:59pm) –Can use extension days Can work in pairs –One solution per pair Test and submit on Sweet.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.

Similar presentations

Ads by Google