hasan-aga / ca-project Goto Github PK

add an authentication step for the CA server, if client connects he gets asked for credentials.

this is how the professor explained the task:

in this phase of the project, you are to improve not only the entities but also the certificate server with new capabilities for user authentication.

This time, the entities register for the service provided by the certificate server before uploading or retrieving a certificate. If an entity is registered for the service, it will log in the system by providing the credentials it used for registration. Then, it will be able to upload/retrieve a certificate. Otherwise, all requests will fail with a message sent by the certificate server that says "You should log in first. If not registered yet, you can do it by issuing a message 'register <user_name> ' ". If an entity issues this message, a new account is created at the server side (the certificate server). An account is actually a new line in a file that stores user credentials.

For security reasons, it is not recommended to store user passwords in cleartext, but they are salted and hashed, then stored. Do some research and find out why we follow this method and how it is implemented in real life, i.e., what cryptographic tools are used and how they are used, etc. You are expected to use the method that you find in your implementation. Typically, you are supposed to store the username, the salt, and salted-and-then-hashed password in each line of the file in which you store account details. How they are used in user authentication is left to you as a part of this phase.

The scenarios that I am going to test during evaluation are as follows:

1 - An unregistered entity attempts to upload a certificate

2 - An unregistered entity attempts to download a certificate

3 - An unregistered entity attempts to register to the system

4 - A registered entity attempts to upload a certificate

5 - A registered entity attempts to download a certificate

In addition, I am going to inspect how you create a user account and store related data in the file.

Please write a one-paragraph explanation in your report about why and how salting and hashing are used in storing user credentials. Also, please include names of team members in this document.

In this phase of the substitution project, you are to integrate a public key cryptography-based key exchange protocol (Elliptic Curve Diffie Hellman recommended, but you are free to choose any of them) into the entities and to make them communicate over a secure channel encrypted with AES-CBC using the secret key exchanged via the key exchange protocol.

Now that entities have certificates of each other, they can use them in a key exchange protocol to exchange a secret key and use this secret key to encrypt messages to be sent to the other entities. So, first, two entities shall exchange a secret key using a key exchange protocol you will pick. After key exchange, the entities shall start listening to the user input (you or me). They shall get user input, encrypt it using AES-CBC and the secret key the entities exchanged before, and send encrypted message to the other entity at the other side of the connection. The recipient entity shall display the encrypted message first, then decrypts it and displays the original message.

Please explain how to run your code in the report. Also, please include names of team members in this document.

I created a discussion thread, so you can ask any technical and non-technical questions related to the phase 4 under that thread.

You can implement the certificate server and the entities using C/C++, Java, or Python as long as it is easy to run them just by following the commands in your report. All submissions will be accepted through the CANVAS system.