HW2 - Encryption

Objectives

In this homework, you will gain experience using cryptographic primitives including symmetric encryption, public-key encryption, message authentication codes, and digital signatures. You will use these together to implement a hybrid-encryption scheme, a scheme that you could find in the real world.

In addition to teaching about cryptography, this lesson also serves to improve your familiarity with enterprise-development languages and practices. This includes introducing you to C#, containerized development, and reading through online document. These are important real-world skills and practicing them in this class will help give you an advantage when you enter the workforce.

Initial Setup

Before starting this assignment you should complete problem #12 in the Worksheet for Cyptography II which will ensure that you have a working dotnet (C#) environment.

Download the start code for this homework and unzip the directory to a location that is convenient for you. You should then open that directory in a new VSCode window, and select “yes” to open it the directory in a container.

If you’ve completed the setup form the Worksheet, it should work smoothly.

Requirements

In this homework you will be implementing an encrypted echo client and server.

An echo server receives strings from clients and simply echos those strings back to the clients. An echo client reads input from the terminal, sends that input to the echo server, and prints to the terminal anything it receives from the server.

I have provided you a working echo server and client that you will enhance to secure communication using hybrid encryption. To complete this home work, you will need to modify the EncryptedEchoServer.cs and EncryptedEchoClient.cs files to support hybrid encryption. Do not add, edit, or delete any other source files.

When implementing the required functionality, make sure you use the same block modes, padding, and hashing algorithms on the client and server, otherwise it won’t work. Use the ones indicated in this writeup and in the source code, or your submission won’t pass the autograder.

Building and running the code

To build and run the code, do the following:

1. Open a terminal in VSCode. In this terminal, type dotnet run server. This runs the echo server.
2. Open a second terminal in VSCode. In that terminal, type dotnet run client. This runs the echo client.

The code, as provided, functions as an unencrypted echo client and server. Type anything you want at the terminal for the client, and it sends this string to the server, which sends the same string back. The client then outputs the string on the terminal. So you should see:

hello who is this?
hello who is this?
I'm Sarah
I'm Sarah
what a coincidence
what a coincidence

To aid you in testing your code, I’ve provided an echo-test binary. It contains a working encrypted echo server and client. Run them using ./echo-test server and ./echo-test client, respectively. This can be used to test your own implementations. For example, run your server with the echo-test client, or run your client with the echo-test server. If you can run against these tools without any issue, you should receive full credit on passoff (unless you cut corners around key generation). If you are using an arm device (like the mac M1/M2/M3) use echo-test-arm in the above commands.

Note that this allows you to write code for just the client, test and debug it, before writing the code for the server. You should eventually be able to run your client with your server, using encryption, with no issues.

Client-Server Protocol

The protocol you will build should do the following:

• The server generates an RSA key pair, (S, V)
• The client sends the server a Hello message
• The server response includes its RSA public key, V
• The client creates a symmetric encryption key K and an HMAC key H
• The client sends a message that includes:
  • E_V(K) – the key K, encrypted with V
  • IV – the AES initialization vector
  • E_K(message) – a message, encrypted with key K
  • E_V(H) – the key H, encrypted with V
  • HMAC_H(message) – the HMAC of the message, using key H
• The server responds with a message that includes:
  • message – not encrypted
  • E_S(SHA256(message)) – a signature of the SHA256 hash of the
    message, using key S

Echo Client

Start by writing the client and testing it with the solution server. On the client you will implement three methods:

1. ProcessServerHello: This method will read a RSA public key sent by the server when the client first connects. This key will be encoded using Base64.

2. TransformOutgoingMessage: This method will be responsible for applying
   hybrid encryption to the messages typed into the console:

   1. You will need to generate an AES, message encryption key. You will use this key to encrypt the message using CBC mode and PKCS7 padding. You should use a different key each time you encrypt a message.

   2. You will need to generate an HMAC for your plaintext message. Use the SHA256 variant of the HMAC algorithm. Generate a random key each time you generate a HMAC.

   3. Encrypt the two keys you generated using RSA. Use the OAEP padding scheme with SHA256.

3. TransformIncomingMessage: This method will be responsible for processing messages sent by the echo server and validating their digital signatures. Make sure to use PSS padding with SHA256.

Echo Server

After your client works with the solution server, write your server and test it with the solution client. Your server will need to generate an RSA key upon starting. It will also need to implement three methods:

1. GetServerHello: Returns the server’s RSA public key encoded using Base64.

2. TransformIncomingMessage: This method will be responsible for applying hybrid encryption to the messages typed into the console:
   1. Decrypt the message encryption and HMAC keys using the server’s RSA key.
   2. Decrypt the message with AES using CBC mode and PKCS7 padding.
   3. Verify the HMAC of the received message. Use the SHA256 variant of the HMAC algorithm.
3. TransformOutgoingMessage: This method will be responsible for using the server’s RSA key to digitally sign messages being sent by the server. Make sure to use PSS padding with SHA256.

Cryptographic Library

The cryptographic primitives needed in this home work can all be found in the System.Security.Cryptography namespace. You will need the AES, RSA, HMACSHA256, and RandomNubmerGenerator classes to complete this lab. Read up on how they work. Be sure to look at the methods for these classes. Don’t use the example code. Instead, find and learn to use each of the appropriate methods.

Resources

C# as a language sits between C/C++ and Java. Like Java, it is a high-level language, that abstracts many details about memory management and types. Like C/C++ it allows low-level access to hardware. You will only need a basic understanding of C# to complete this lab. The following are some resources to get you started about C# and its libraries:

• A tour of the C# language
• System.Security.Cryptography documentation. You can find documentation for any security functionality you will need on linked from this page. Some items you may want to look at include,
  • RandomNumberGenerator
  • RSA
  • AES
  • HMACSHA256
  • CryptographicException
• System.Text.Encoding
  for converting between text and bytes.
• System.Convert
  for Base64 encodings.

Grading Rubric

There are 100 possible points on this assignment.

• Echo client (60 points)
  • 5 points for properly retrieving the server’s public key from the server’s
    hello message.
  • 15 points for correctly implementing hybrid encryption.
  • 5 points for not reusing the message encryption key.
  • 5 points for correctly implementing message authentication using an HMAC.
  • 15 points for not reusing the HMAC key.
  • 5 points for using distinct keys for the message encryption and HMAC keys.
  • 10 points for properly verifying signed messages from the server.
• Echo server (40 points)
  • 5 points for generating a new RSA key each time a new server is created.
  • 5 points for returning the same RSA key in each hello message from the same
    server.
  • 10 points for correctly implementing hybrid decryption.
  • 10 points for correctly checking the message’s HMAC.
  • 10 points for correctly generating a digital signature on messages returned
    from the echo server.

Submission

Use the tar command to zip your files. Go one directory up, and run the following command on the terminal. You can use the terminal within VSCode and move one directory up by typing cd ...

tar czvf firstname.lastname.gwid.hw-2.tgz hw2-encryption

Where you replace firstname lastname and gwid with your information and hw2-encryption is the directory with all your work.

Take the file firstname.lastname.gwid.hw-2.tgz that is created and submit it via Blackboard link for this assignment.

Late Policy

As outlined in the syllabus homework late policy, this homework assignment is due on the date specified. One-time throughout the whole semester, you may request a three-day extension without any explanation for any homework assignment. If you have already used your three-day extension on a different assignment, you may submit this assignment three days late for 25% credit. If you cannot do so, you may submit the assignment anytime by the final lecture for 50% credit.

Acknowledgement

This assignment is adopted from Scott Ruotti and Daniel Zappala. Thank you!