COS 432: Information Security

Fall 2010

 General information
Schedule

Homework 2

Due at 11:00am, Monday, October 11

In this assignment, you'll add functionality to the code you wrote for Homework 1, toward the goal of implementing a secure facility for client-server communication across the Internet.

As before, we will give you some of the code you need, and we'll ask you to provide certain functions missing from the code we provide. You can download the code we are providing. Create a fresh directory and unzip the downloaded code into it. Then copy into that same directory all of the .java files from your solution to Homework 1. As before, you must not use any crypto libraries; the only primitives you may use are the ones we gave you, and ones you implemented from scratch yourself.

In this assignment you will implement three facilities, by modifying three Java code files. You will modify RSAKeyPair.java to generate an RSA key-pair. You will modify RSAKey.java to implement secure RSA encryption and decryption. You will modify KeyExchange.java to implement a secure key exchange. As in the previous assignment, we have provided you with code files in which some parts are "stubbed out". You will replace the stubbed out pieces with code that actually works and provides the required security guarantee. We have put a comment saying "IMPLEMENT THIS" everywhere that you have to supply code.

Although your solution may call on code that you wrote for Homework 1, your solution to this homework should not rely on any specific properties of your Homework 1 code. We will test your solution with our own implementation of the Homework 1 functionality. Your solution must work correctly when we do this --- this shouldn't be a problem for you as long as you respect the interface boundaries between the different classes we have given you.

Advice on this assignment: If you want to do operations on very large integers, you'll probably want to use the java.math.BigInteger library class. (Using BigInteger doesn't violate our rule against using external crypto primitives, because BigInteger provides basic mathematical functions, and not crypto.) Also, be sure to do everything that is necessary to implement the required operations securely.

Submitting your solution: You should submit any code files that you modified or created in doing this assignment. (You don't need to submit code that you copied from your solution to Homework 1. If you submit these we will ignore them anyway.) Package everything you're submitting into a single zip-file, called submit2.zip, and submit it.


Copyright 1998-2010, Edward W. Felten.