cs255 programming project 1. programming project 1 due: friday feb 8 th (11:59pm) – can use...
TRANSCRIPT
CS255 Programming Project 1
Programming Project 1
• Due: Friday Feb 8th (11:59pm)– Can use extension days
• Can work in pairs– One solution per pair
• Test and submit on Leland machines– SCPD students: get SUNet ID!
sunetid.stanford.edu
Overview
• Build a password manager• Effectively a secure, networked map• Works like OS keychain• Client-server model• Written in Java using JCE
Security Features
• Passwords cannot be stolen– Not even if the server is compromised
• Network attackers can't tamper– Can't impersonate the server either
• Master password can be changed– Shouldn't require reciphering everything
What is provided?
• Most of the application– GUI– Server– IO layer– Layered Map API– Simple test cases
• Skeleton code– AES– Secure network code
GUI
• Simple, unpolished SWT– List of resource names– Create new RN/password with ^N– Edit password with ENTER– Delete password with DEL– Change master password– Only connects to localhost
• Improvements welcome– Not required by any means
Server
• (Mostly-) atomic file store• Backed by the filesystem–More transparent than a database
• Doesn't know anything about crypto• Sets master password = 'passw0rd'– Change it in the GUI
IO Layer
• Probably a sign that I don't know Java• IO for blobs– byte[] and byte[][]– Uses simple length encoding– Filesystem instance for server– Network instance for client/server– Secure network instance... write me!
Layered Maps
• Store byte[] -> byte[] maps on disk• Export them over the network• Encrypt and MAC them• Use them as String -> String maps
Skeleton Crypto Code
• Wrapper around HMAC-SHA1• Catches exceptions–Most of them statically can't be thrown– Probably a few of them can (BUGS!)
• Provides a more functional interface
Quirks in the code
• I'm not a Java programmer• byte[] is usually assumed immutable• Needs testing on Windows– GUI code– Atomic file operations
• There are definitely bugs
What needs to be done
• Aes class– AES-CTR mode– Authenticate with HMAC-SHA1
• SecureBlobIO class– Negotiate secure network connection– Prevent attacker from faking commands–Watch out for replay attacks!– Store necessary parameters on disk– Recover master AES key
Errata
• You are NOT required to:– protect integrity of keys from compromised server– protect secrecy of keys from anyone
Security
• Don’t use the same key to encrypt and MAC !!!
• Use a common key, K, and derive encryption and MAC keys, Kenc, Kmac using a PRF– Kenc = HMAC(K, “encrypt”);
– Kmac = HMAC(K, ”integrity”);
Counter Mode
• You must implement it.• To get a “plain” cipher use ECB mode with no
padding–Warning! CBC mode used by default– Need to specify “AES/ECB/NoPadding”
• Need a counter (try BigInteger)
Java Cryptography Extension
• Implementations of crypto primitives
Cipher Cipher
Pseudo-random Generator SecureRandom
Message Authentication Code Mac
Cryptographic Hash MessageDigest
JCE: Generating Random Keys
1. Start the PRG (random seed set by default)
2. Initialize KeyGenerator with the PRG3. Generate the key
// Generate a random encryption keySecureRandom prng = SecureRandom.getInstance("SHA1PRNG");
KeyGenerator enckeygen = KeyGenerator.getInstance("AES");
enckeygen.init(prng);
SecretKey enckey = enckeygen.generateKey();
JCE: Keys From Byte Data
• Use SecretKeySpec– Extends SecretKey
// Use KeyTree API to get key bytes from passwordbyte[] keyBytes = KeyTree.createAESKeyMaterial(passwd);
// Use the bytes to create a new SecretKeySecretKeySpec keySpec = new SecretKeySpec(keyBytes, “AES”);
JCE: Using Ciphers
1. Select the algorithm2. Initialize with desired mode and key3. Encrypt/Decrypt// Create and initialize the cipherCipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, enckey);
// Encrypt the messagebyte[] msg = "Content is here.".getBytes();byte[] enc = cipher.doFinal(msg);
• Mac class has a similar API
Grading
• Security comes first– Design choices– Correctness of the implementation
• Did you implement all required parts?• Secondary– Cosmetics– Coding style– Efficiency
Submitting
• README file– Names, student IDs– Describe your design choices
• Your sources• Use /usr/class/cs255/bin/submit from a
Leland machine
Stuck?
• Use the newsgroup (su.class.cs255)– Best way to have your questions answered quickly
• TAs cannot:– Debug your code– Troubleshoot your local Java installation