CIS 457 Project 3: TCP Encrypted Chat Program


Objective: Implement a Multi-client/server chat system. Learn how to encrypt/decrypt in code.

Deliverables: You must turn in your code on blackboard on the part two due date. Additionally you must turn in your documentation by the next lecture after the part two due date. You must demo your client and server meeting part 1 requirements on the part 1 due date in lab, and meeting part 2 requirements on the part 2 due date in lab. You must arrange a time to demo the complete project after the part three due date (lab time might be available for this).

Groups: This project may be done alone, or in groups of up to three students.

Grading: This project is worth 100 points (30 for part 1, 40 for part 2, 20 for part 3, and 10 for documentation), as described below.


Specifications

You may write this program in C, or C++, or Java. Other languages may be allowed by request. You may not use any non-standard libraries without prior permission. Your program must work on the computers in the Datacomm lab. You may program it wherever you like, but must demo it in the datacomm lab, between multiple lab computers.

Your assignment is to write both the server and client parts of a chat program. You must use TCP sockets. The messages you send must be encrypted, using AES in CBC mode. For the purpose of encryption you should use the OpenSSL libcrypto library (C), or the classes in javax.crypto (Java). Use of these libraries will be explained in lab at the start of the second week of this project. If you are not sure which language to choose, consider that the Java cryptography libraries are somewhat simpler than the C/C++ ones.


Part 1

Due: Tuesday, Mar 19 in Lab

For part 1, you must support the following functionality:

Part 1 Grading: In part 1, there will be a total of 30 points, divided as follows:
CriteriaPoints
Multiple client connections5
Broadcast message (to all clients)10
Individual message10
Client list5


Part 2

Due: Tuesday, Mar 26 in lab

For part 2, you must encrypt all messages being sent from client to server, and server back to client. Since all messages between two clients go through a server, the server will need to decrypt and then re-encrypt each message.

Please refer to the sample cryptotest.java and cryptotest.c files for help in how to encrypt and decrypt in your programs.

The C version needs a RSA public and private key in PEM format. These can be produced with the commands:

The Java version needs the keys in DER format. You can produce the correct keys with the above commands plus:

If you are using Java, you may not use cipherstreams.

When clients join the chat server, they need to securely establish a symmetric key pair with the server. For this purpose, the server should have a public/private key pair for use with RSA. To establish a symmetric key, the client should randomly generate one, and then send it to the server encrypted with the server's RSA public key. The server then should decrypt it using the RSA private key. All subsequent messages should be sent encrypted with this symmetric key.

A random initialization vector is used in encryption to ensure unique encriptions of identical messages. You must properly generate a new IV for each message.

Part 2 Grading: In part 2, there will be a total of 40 points, divided as follows:
CriteriaPoints
Randomly generate symmetric key5
Encrypt symmetric key with RSA pub key10
Decrypt symmetric key with RSA private key10
Encrypting all chat messages with symmetric key5
Decrypting all chat messages with symmetric key5
Correct use of initialization vector5


Part 3

Due: Monday, Apr 1 at 11:59 PM

For part 3, we will be finishing up the chat program by adding a few administrative commands. These commands must only be avaiable to an administrative user (except the command to become an admin). It is up to you how to distinguish these commands from chat messages. The specific commands you must support are:

Part 3 Grading: In part 3, there will be a total of 20 points, divided as follows:
CriteriaPoints
Admin command5
Password not printed5
Kick command5
????? command5


Documentation

Documentation of your program is worth 10 points. This should be a 1-3 page document describing the design of your program. This should not be a line by line explanation of your code, but should explain the overall structure and logic of the program, as well as what major challenges you encountered and how you solved them.