CSE539: Applied Cryptography

Information Assurance          Computer Science and Eng.         Fulton School of Eng.


Home Description Text Book Lecture Notes Course Instances Announcements Projects Assignments Resource Links Contact


Project Description

The project is subject to change every time the course is taught. In the project the students get hands on experience in security handling via digital certificates obtained from a certificate authority. The project teaches the ability to write code to sign and verify certificates, authenticate and communicate securely.

The projects are individual projects, and are required of all students.


Project #1: (sample)

  1. Obtain a certificate from a CA, tied to your email address. You can use cacert.org or trustcenter.de or any other site, that sends a X.509 certificate.
  2. After you receive a certificate, it gets installed in your browser. Export the certificate along with the private key in the PKCS #12 format. The certificate viewer in the browser does not show all parts of the certificate, you will have to export it and then look at the data.
  3. Verify the correctness of the certificate, that is verify the signature, with the public key of the certificate. To do this use a Java program (or C++ if you prefer) to extract the certificate data from the file (the file format is complex) and then print/validate the certificate. The java "signature" class can check validity.

Project #2: (sample)

Design a secure chat system using digital certificates. Two chat clients can communicate securely through the chat server. The system must have the following functionality:

1.      Logging into the secure chat system: A client can use digital certificates to login to the system. When he first registers with the chat server, the client sends his digital certificate to the chat server. Every login session is authenticated using PKI challenge response. The server sends a challenge to the client using the public key in the already stored certificate and the client responds to the challenge with the aid of his private key. Devise or use and appropriate challenge response mechanism.

2.      Adding a contact: Once a chat client Alice has logged in using her certificate, she can add another client Bob to her contact list by sending an addContact response message to the chat server with the contact name. This name has to be the same as the one in the subject field of the digital certificate of Bob. You can assume that all the chat clients have unique names. The chat server pulls up the corresponding certificate, and sends it to Alice in the addContact response message. The chat server  notifies Bob that he was added by Alice and forwards Aliceís certificate to Bob. The chat server also maintains the contact list for each client which is made available whenever the user logs in.

3.      Chatting: Having added Bob to the contact list, Alice can initiate a chat conversation with Bob. The messages sent back and forth should be encrypted. Use symmetric key encryption since it is less expensive and use public keys for key exchange. Alice picks a symmetric session key, encrypts the session key with Bobís public key sends this in an initChat request message to the server which simply forwards this to Bob. If Bob wishes to have a conversation with Alice, he notes the symmetric session key and sends a initChat response message to the sever which forwards it too Alice. All further messages in this session are encrypted using the symmetric key agreed upon. At any time Alice or Bob could choose to end the chat session by sending terminateSession message. For the sake of simplicity of UI you can assume that a user chats with only one other person at a time.