The objective of this assignment is to implement the KDC-based key establishment (exchange) for use with symmetric key encryption algorithms.
There will be two programs: (a) Key Distribution Center (KDC), and (b) Client (C). At start of execution, open at least 3 Terminal windows, one each for the KDC and two clients. In each terminal, invoke the corresponding program as described later. All communications between the KDC and the clients will be via TCP sockets.
The KDCs activities include: (i) storing clients master keys in a file (that uses encryption/hash such that the master keys are not publicly readable); (ii) generating a symmetric key for use between two clients (A and B) for secure data communication; either A or B can request the secret key for their communication. The data encryption algorithm to be used for client-client and KDC-client communication is: AES-128CBC, i.e. 128-bit key with CBC mode.
1 KDC
The KDC is invoked as follows:
./kdc -p portid -o outfilename -f pwdfile
The kdc process will listen on port number (portid) specified in the command line; the diagnostic output messages (that describe kdcs activities) will be stored in the file named, outfilename; the clients details will be stored in the password file (pwdfile), specified in the command line.
For example:
./kdc -p 12345 -o out.txt -f passwd.txt
The KDCs activities are:
- A message from a client is received with the following format:
| 301| IPAddress| ClientPortNum| ClientMasterKey| ClientName|
In the above message:
- the first field (301) is of type integer; Here, the code 301 indicates that this is a registration message from the client to the KDC.
- the second field is an IPv4 address, stored as a dotted string of length 16 bytes (e.g. 10.4.5.11);
- the third field is a TCP port number, stored as a string of length 8 bytes (e.g. 35678);
- the fourth field is the passphrase, a string of length 12 bytes; This string is converted into a 128-bit key and stored in an encrypted manner (with base64 encoding) in the password file maintained by the KDC.
- the last field is the clients name, a string of length 12 bytes (only lowercase letters from a z are permitted), e.g. alice.
The KDC will store the clients details in the specified password file, as shown in the following example:
:alice:10.4.5.11:35678:ABCDEFabcdef123456789=: :babu:10.4.6.13:45561:abcdef12345ABCDEF6789=:
If the username specified above already exists, the KDC overwrites the password file with the latest information.
Upon successful retrieval of the message and storage in the password file, the KDC will send a message to the client in the following format:
| 302| ClientName|
When the client receives this message with code 302, it processes the message but takes no further action.
- A message from a client is received with the following format:
| 305| E_KA[ IDA|| IDB|| Nonce1] | IDA |
This message is sent from client (IDA) to KDC, requesting a secret key for communication with client (IDB). Assume that an entry for IDB is present in the password file. The KDC sends a response as follows:
| 306| E_KA[ Ks || IDA || IDB || Nonce1 || IPAddrB || PortNoB || E_KB[ Ks || IDA || IDB || Nonce1 || IPAddrA || PortNoA] ] |
The KDC generates Ks as a 8-byte random string from the character set,.
The message also includes Client Bs IP Address and Port Number that it is listening to.
The client receives this message and retrieves the key, Ks, for communication with client IDB, as explained in the class, by decrypting uses its shared master key with the KDC. It then sends a message to the specified IP address and Port number of Client B.
| 309| E_KB[ Ks || IDA || IDB || Nonce1 || IPAddrA || PortNoA] || IDA |
2 Client
A client will act either as a sender or a receiver. If it is a sender, the client program is invoked as follows:
./client -n myname -m S -o othername -i inputfile -a kdcip -p kdcport
Here, myname denotes the clients (senders) name; othername denotes the receivers name; inputfile contains the contents that have to be encrypted and sent to the receiver; kdcip indicates the KDCs IP address; kdcport indicates the KDCs port number.
If it is a receiver, the client program is invoked as follows:
./client -n myname -m R -s outenc -o outfile -a kdcip -p kdcport
Here, myname denotes the clients (receivers) name; outenc contains the contents received by the receiver; outfile contains the decrypted contents and received by the receiver; kdcip indicates the KDCs IP address; kdcport indicates the KDCs port number. The clients activities are:
- Initiate the registration with the KDC, as explained above.
- After completion of initialization step, the client will sleep for 15 seconds, to ensure that all other clients are registered.
- If the client is a sender, it will initiate key request protocol with the server; once it obtains the secret key (Ks), it will follow the protocol described in class for client-to-client communication and encrypted data transfer.
- If the client is a receiver, it will wait to receive senders messages on its TCP port. The encrypted data file sent by the sender will be received and stored in the receivers output file (specified in the command line).
- The specific message formats are to be designed by you.
3 Sample Run
3.1 KDC Terminal Window
Assume that the KDC is running on a system with IP address of 10.21.22.23.
Prompt> script kdcscriptSystem outputs: Script started, output file is kdcscriptPrompt> ./kdc -p 12345 -o out.txt -f pwd.txt Starts TPC server to listen on port 12345 Wait for messages from clients..Type Ctrl-C to finally quitPrompt> exitSystem outputs: Script done, output file is kdcscriptPrompt> cat kdcscript |
3.2 Sender Client Terminal Window
P> script sendscript P> ./client -n alice -m S -o bob -i in.txt -a 10.21.22.23 -p 12345Contacts KDC and registers..Sleeps for 15 seconds ..Contacts KDC for secret key .Quits after sending the file to bob.P> exitSystem outputs: Script done, output file is sendscriptP> cat sendscript |
3.3 Receiver Client Terminal Window
Prompt> script recvscript Prompt> ./client -n bob -m R -s outenc.txt -o out.txt -a 10.21.22.23 -p 12345 Contacts KDC and registers..Sleeps for 15 seconds ..Contacts KDC for secret key .Quits after recving the file from alice.Prompt> exitSystem outputs: Script done, output file is recvscriptPrompt> cat recvscript |
4 What to Submit on IITM Moodle
A single tar.gz file with name ROLLNO-Lab3.tgz
- Source files and Makefile
- A README File that explains how to compile and run the programs; whether your programs works correctly or whether there are any known bugs/errors in your program.
- Using the script Linux command, record the session from the Terminal window for KDC, sender and receiver; thus, there will be three typescript files, named as above.
Your system may be tested with the KDC, Sender and Receiver running on different machines (or) virtual machines on a given system.
Reviews
There are no reviews yet.