【CSC574】Computer Network Security

The primary goal of this assignment is to provide an introduction to using cryptographic APIs. Specifically,
you will need to specify a secure AES mode of operation (we are using GCM), correctly generate and use
initialization vectors, and ensure both message integrity and confidentiality. You will also be getting first-hand
experience in how Diffie-Hellman works, and its susceptibility to on-path attacks.
Mini-Project 1 is due on the due date shown on the class schedule before 11:55pm EST. The assignment will
be submitted via Gradescope. If your Gradescope account was not automatically created and linked, click
on the “Mini-Project 1: Gradescope” assignment in Moodle and it should set you up. Contact the TA and
Instructor if you are having trouble.
Collaboration: You may not collaborate on this mini-project. The project should be done individually. You
may search the Internet for help, but you may not copy (either copy-and-paste or manual typing) code from
another source. You may use code from the official Python documentation, PyCryptodome documentation,
or from the instructor or TA.
Posting Solutions: You are explicitly forbidden from posting your solution in a public form (e.g., GitHub).
If you need to share your solution as part of a job interview, you should create a private repository and grant
that individual access. Please ask the instructor if you have any questions or concerns.
Programming Language: You will use Python 3 for this assignment.
Using a Single Host : While we are performing network socket programming, you can test all parts on a
single host. Use localhost or the loopback address 127.0.0.1 for the destination server and it will work.
For Part 4, you will need to specify different ports for the proxy and the server, since two processes cannot
listen on the same port on the same host.
What to submit: You should submit to Gradescope a README text file containing your name and UnityID,
as well as the Python 3 source code files for parts 1-5 (5 is optional). The filenames for the source code files
are specified in each part: uft , eft , eft-dh , dh-proxy , and lj-proxy . Note that there is no .py on the ends
of these filenames; however, adding .py is okay.
Autograder : This assignment uses an autograder that will automatically grade your work. You will submit
your program for autograding by uploading it to Gradescope. Any program that does not have a perfect
score will be manually graded after the due date. You may submit the assignment an unlimited
number of times. If you find a bug with the autograder, please notify the TA.
Autograder Environment : Your program will be executed with Python version 3.10. PyCryptodome is
the only python package that is installed by default. No additional packages are needed to complete the
assignment but you may include a requirements.txt file if additional packages are needed by your program.
Points: Mini-Project 1 has a maximum of 100 points with an additional 10 points for extra credit. Partial
credit may be awarded at the discretion of the grader in some cases, but it is not guaranteed.
A Last Note: While PyCryptodome replaces the no longer maintained (and insecure) PyCrypto module, some
source code analysis tools (e.g., bandit) suggest that PyCryptodome should only be used when compatibility
with PyCrypto is needed. If you are developing a new project, you are encouraged to use pyca/cryptography
which doesnt ask developers to deal with low level cryptographic primitives. Well ... it exposes them through
a hasmat API. For the purposes of this assignment, I’d like you to get some experience working with the
primitives.
Part 1 (25 points): Unencrypted File Transfer
In Part 1, you will use network sockets to transfer a file from a client to a server. To simplify operation, the
client will “read” a file from STDIN and the server will “save” the file to STDOUT . Your code for the client and
server must reside in the same Python script file ( uft ).
Your program must differentiate between client and server mode using command line arguments which must
conform to the following format:
uft [-l PORT > OUTFILE] [SERVER_IP_ADDRESS PORT < INFILE]
For example, the following is an example execution in two different terminal windows.
[server]$ ./uft -l 9999 > outfile.txt
[client]$ ./uft 127.0.0.1 9999 < infile.txt
Both programs must terminate after the file is sent. You may assume the server is started before the client.
The provided starter code includes command line argument parsing and will execute the client or server function based on the provided arguments. You may not add extra command line arguments.
Network Data Exchange: The client will generate Packet Data Units (PDUs) containing binary file data
that are then transmitted to the server. The PDUs must conform to the following specifications:
Data PDU
Element  Size in Bytes  Encoding Description
Length 2 Raw Bytes Number of data bytes following this element
Data Length Raw Bytes File Data
So the beginning of an example data segment with 70 bytes of data could look as follows:
     00 46 53 6F 6D 65 74 69 6D 65 73 20 79 6F 75 20
     6E 65 65 64 20 74 6F 20 75 6E 64 65 72 73 74 61
     6E 64 20 74 68 65 20 62 69 74 73 20 74 68 61 74
     20 6D 61 6B 65 20 6F 72 20 62 72 65 61 6B 20 70
     72 6F 74 6F 63 6F 6C 73
with the first two bytes 00 46 encoding the length of the following data (0 x 46 = 70). The total length of the PDU is thus 72 bytes to account for the header. Ensure the length bytes are sent in network order (big-endian).
Network Sequence: The PDUs will be transmitted as shown in the following network sequence diagram
Important: All parts of this assignment must work for both small and big files, both text based and binary
based . I recommend trying first with a simple text file and then testing with a PDF before submitting.
Tip: The entire file does not need to be sent in a single PDU. Multiple PDUs may be sent, each containing
a portion of the file. The autograder will by default send 1024 bytes of data at a time, but it will accept
any length up to 65535 bytes. Each PDU will contain the length of the data within that PDU, not the total
number of bytes in the file.
Tip: Use sys.stdin.buffer.read() to read from STDIN and sys.stdout.buffer.write() to write to
STDOUT . Wrappers for these functions are provided in the starter code.

你可能感兴趣的:(算法,网络安全)