Problem overview:

In this problem, you are to develop first part of a simple VPN that allows data to be sent from one computer to another computer over protected channel. For this problem, your channel must provide confidentiality and integrity protection using the shared secret value.

You must provide your own implementation of the confidentiality and integrity protection, using third-party implementations of cryptographic primitives and modes of operation. However, you cannot use full or partial third-party implementations of protected channels, e.g., SSL, TLS, SSH.

More details:

The program you must create can be toggled between “client mode” and “server mode”. When set in server mode, the program waits for a TCP connection on a port that can be specified on the UI. When set in client mode, the program can initiate a TCP connection to a given host name (or IP address), on a given port; both the target host name (IP address) and the TCP port are specified on the UI.

The TA will choose two machines (computer A and computer B), and install one instance of your program on A and another instance on B; both instances will then be run, one in client mode and one in server mode, with the client connecting to the server. The TA will input shared secret value into "Shared Secret Value" window on both, client and server.

On A, the TA will type some text into a “Data to be Sent” window and then click a “Send” button. On B, the received text will be displayed in a “Data as Received” window. Similarly, it should be possible to type data at B and receive/display it at A.

You may choose whichever stream or block ciphers and modes of operation you wish. However, you must be able to defend why you chose it and why you feel it is suitable (i.e., sufficiently secure) for implementing a VPN. To keep things simple, appropriate cryptographic algorithms include AES, DES, MD5, SHA, RSA, D-H, HMAC-MD5; when using these, ignore all padding rules (i.e., when padding is required, pad with zeros) and use the smallest moduli that will work.

Your UI must allow the TA to see what data is actually sent and received over the wire at each point in the communication processes. The TA should be able to step through these processes using a “Continue” button.

Deliverables: you are expected to write a document and your program.

The document should include the following:

A. A brief (no more than one page) but sufficient instructions for installing and executing your program installation.

B. A brief description (no more than two pages) of how your VPN works. This description should include:
(1) a discussion of how the data is actually sent/received, and protected,
(2) Explanation of what language the software is written in, the size of the program (lines of code; size of the executable), and the modules or major architectural components of your program (along with inputs, outputs, and functionality for each).

Software: you must implement this secure channel and your program must work properly and have a reasonably friendly user interface. The TA will must be able to enter whatever text the TA wishes before hitting “Send” and that identical text must appear at the receiver.