computer security Bonus projects

Computer Security Bonus Project (optional)

Note: Completing these projects is optional. A successfully completed project will earn you bonus points, which will be added to your overall earned score at the end of the semester.

Submission instructions:

A completed project must be submitted electronically (as a single zip file) to the instructor (yang@uhcl.edu), cc’ing the TA, before April 7, 2011. Late submissions will not be graded.
In the subject line, clearly indicate the course number, your name, and the project number.
Use your name at the beginning of the zip file name.
Give the TA a demonstration of your project(s) during his office hours, no later than April 7, 2011.
You may elect to work on either or both of the projects.

Project 1 Project 2

Project 1: A protocol for secure data communication in a network

Bonus points: up to 3%

Suppose you work as a network engineer for a small business company, which possesses a local area network of 100 computers. Your boss, the IT department director, asked you to design a communication protocol for the computers in that network. The protocol should provide the following security services:

a. For each communication session, the computers should authenticate each other to establish a secure session before data communications are conducted between them. Note: Use digital certificates for mutual authentication.

b. The data communication should be confidential, and provide data integrity and origin integrity, based on a session key. Note: To support strong security, a session key should be used for one session only and never be reused.

To submit:

a) The protocol: Design and write down your protocol by clearly indicating the entities (say, computer-A, computer-B), their respective actions (say, create a message, send its certificate to computer-B), the employed cryptographical methods (if any), and any necessary assumptions.

b) Overall integration: In addition to the protocol itself, explain how the protocol would be incorporated into the network.

c) Justification: Justify your solution by explaining why you believe your protocol will satisfy the constraints stated above.

Project 2: Creating certificates programmatically and saving them into a keystore

Bonus points: up to 3%

Refer to the following sample programs, all of which deal with keystore and/or certificates.

· KeyStoreExample.java (also check out information at http://sce.uhcl.edu/yang/teaching/csci4233spring2011/KeyStoreExample.htm)

· PrintCertFromKeyStore.java

· PrintCertInfo.java

· SignCertificate.java

Develop a Java application that programmatically creates the following certificate chains and saves the created certificate chains to a keystore file.

A<<A> (A is a self-signed root CA.)

A<<B>>A<<A>> (B is certified by A; that is, A is B’s CA.)

B<<C>>A<<B>>A<<A>> (C is certified by B.)

Note: Do not use keytool to create those certificate chains (as is done in your project 3). Be sure the issuer/subject relationships are set up right (as stated above).

To submit:

a) The Java program(s).

b) Screen snapshots of running the Java application.

c) The created keystore file.

d) Screen shots of the displayed certificate chains (using keytool –list –v).