Write a program that uses socket programming and RSA encryption. Your program should run on two different computers, and get the following input on each computer.
Input: IP address of the other party, a file that contains the public key of the other party
You may assume that the port numbers are fixed, or add it as an input. The authentication of the other party is done by generating a random number, sending the random number encrypted with the public key, receiving a message, comparing the received message with the random number. If the comparison returns true, then the other party is authenticated. Then your program will prompt the user to type a message to send to the other party. The message will not be encrypted and sent to the other party. Your program should display the received message on the terminal.
Grading will be done by demo. Demo will take about 15 minutes, and should be done by 10/3. Please schedule an appointment with the instructor via email. Failure to schedule an appointment is not an excuse for extension.
Implement one of the two solutions from Assignment 1, Problem 1c on your website. Your website will be ZBoxlive, and you'll need to write a program that runs on the user's computer to implement the protocol. Even better if you write a php or javascript file that will run on the user's web browser. The demo will put your website and the user-side proram on two different machines.
Submit your source code of the website and/or the user-side program by 10/12 in Blackboard. Grading will be done by demo. Demo will take about 15 minutes, and should be done by 10/14. Please schedule an appointment with the instructor via email. Failure to schedule an appointment is not an excuse for extension.
Implement the man-in-the-middle attack on slide 3 of SSL lecture. You will need to implement Alice, Bob, Charlie separately, demonstrate how Alice and Bob work in a normal situation, and also demonstrate how Charlie can sit between Alice and Bob to authenticate himself as Alice to Bob. Note that Bob needs to be a website, but you may implement Alice and Charlie as a stand-alone program. You may use a 3rd-party RSA library, e.g. PHPseclib.
Submit the source codes of Alice, Bob, Charlie, and README to Blackboard by 11/2. Grading will be done by demo. Demo will take about 15 minutes, and should be done by 11/2. Please schedule an appointment with the instructor via email. Failure to schedule an appointment is not an excuse for extension.
Add a database (e.g. MySQL) as the backend to your website that stores username and password. Build a login website so that you can demonstrate an SQL injection attack that will show all the usernames and passwords. (Hint: your website can login to the database as the admin to read username and password for the user.) This login website should act normally, e.g. this website should not be displaying the username and password in clear in a normal login process. Implement another version of the login website that prevents the attack you showed. (Hint: input sanitization)
Submit the source codes of two websites and a README to Blackboard by 11/23. Grading will be done by demo. Demo will take about 15 minutes, and should be done by 11/23. Please schedule an appointment with the instructor via email. Failure to schedule an appointment is not an excuse for extension.