CS255 Programming Project 1

Programming Project 1

• Due: Friday Feb 8th (11:59pm)– Can use extension days

• Can work in pairs– One solution per pair

• Test and submit on Leland machines– SCPD students: get SUNet ID!

sunetid.stanford.edu

Overview

• Build a password manager• Effectively a secure, networked map• Works like OS keychain• Client-server model• Written in Java using JCE

Security Features

• Passwords cannot be stolen– Not even if the server is compromised

• Network attackers can't tamper– Can't impersonate the server either

• Master password can be changed– Shouldn't require reciphering everything

What is provided?

• Most of the application– GUI– Server– IO layer– Layered Map API– Simple test cases

• Skeleton code– AES– Secure network code

GUI

• Simple, unpolished SWT– List of resource names– Create new RN/password with ^N– Edit password with ENTER– Delete password with DEL– Change master password– Only connects to localhost

• Improvements welcome– Not required by any means

Server

• (Mostly-) atomic file store• Backed by the filesystem–More transparent than a database

• Doesn't know anything about crypto• Sets master password = 'passw0rd'– Change it in the GUI

IO Layer

• Probably a sign that I don't know Java• IO for blobs– byte[] and byte[][]– Uses simple length encoding– Filesystem instance for server– Network instance for client/server– Secure network instance... write me!

Layered Maps

• Store byte[] -> byte[] maps on disk• Export them over the network• Encrypt and MAC them• Use them as String -> String maps

Skeleton Crypto Code

• Wrapper around HMAC-SHA1• Catches exceptions–Most of them statically can't be thrown– Probably a few of them can (BUGS!)

• Provides a more functional interface

Quirks in the code

• I'm not a Java programmer• byte[] is usually assumed immutable• Needs testing on Windows– GUI code– Atomic file operations

• There are definitely bugs

What needs to be done

• Aes class– AES-CTR mode– Authenticate with HMAC-SHA1

• SecureBlobIO class– Negotiate secure network connection– Prevent attacker from faking commands–Watch out for replay attacks!– Store necessary parameters on disk– Recover master AES key

Errata

• You are NOT required to:– protect integrity of keys from compromised server– protect secrecy of keys from anyone

Security

• Don’t use the same key to encrypt and MAC !!!

• Use a common key, K, and derive encryption and MAC keys, Kenc, Kmac using a PRF– Kenc = HMAC(K, “encrypt”);

– Kmac = HMAC(K, ”integrity”);

Counter Mode

• You must implement it.• To get a “plain” cipher use ECB mode with no

padding–Warning! CBC mode used by default– Need to specify “AES/ECB/NoPadding”

• Need a counter (try BigInteger)

Java Cryptography Extension

• Implementations of crypto primitives

Cipher Cipher

Pseudo-random Generator SecureRandom

Message Authentication Code Mac

Cryptographic Hash MessageDigest

JCE: Generating Random Keys

1. Start the PRG (random seed set by default)

2. Initialize KeyGenerator with the PRG3. Generate the key

// Generate a random encryption keySecureRandom prng = SecureRandom.getInstance("SHA1PRNG");

KeyGenerator enckeygen = KeyGenerator.getInstance("AES");

enckeygen.init(prng);

SecretKey enckey = enckeygen.generateKey();

JCE: Keys From Byte Data

• Use SecretKeySpec– Extends SecretKey

// Use KeyTree API to get key bytes from passwordbyte[] keyBytes = KeyTree.createAESKeyMaterial(passwd);

// Use the bytes to create a new SecretKeySecretKeySpec keySpec = new SecretKeySpec(keyBytes, “AES”);

JCE: Using Ciphers

1. Select the algorithm2. Initialize with desired mode and key3. Encrypt/Decrypt// Create and initialize the cipherCipher cipher = Cipher.getInstance("AES/ECB/NoPadding");

cipher.init(Cipher.ENCRYPT_MODE, enckey);

// Encrypt the messagebyte[] msg = "Content is here.".getBytes();byte[] enc = cipher.doFinal(msg);

• Mac class has a similar API

Grading

• Security comes first– Design choices– Correctness of the implementation

• Did you implement all required parts?• Secondary– Cosmetics– Coding style– Efficiency

Submitting

• README file– Names, student IDs– Describe your design choices

• Your sources• Use /usr/class/cs255/bin/submit from a

Leland machine

Stuck?

• Use the newsgroup (su.class.cs255)– Best way to have your questions answered quickly

• TAs cannot:– Debug your code– Troubleshoot your local Java installation