|
|||
Problem overview:In this problem, you are to develop first part of a simple VPN that allows data to be sent from one computer to another computer over protected channel. For this problem, your channel must provide confidentiality and integrity protection using the shared secret value. You must provide your own implementation of the confidentiality and integrity protection, using third-party implementations of cryptographic primitives and modes of operation. However, you cannot use full or partial third-party implementations of protected channels, e.g., SSL, TLS, SSH. More details:The program you must create can be toggled between “client mode” and “server mode”. When set in server mode, the program waits for a TCP connection on a port that can be specified on the UI. When set in client mode, the program can initiate a TCP connection to a given host name (or IP address), on a given port; both the target host name (IP address) and the TCP port are specified on the UI. You may choose whichever stream or block ciphers and modes of operation you wish. However, you must be able to defend why you chose it and why you feel it is suitable (i.e., sufficiently secure) for implementing a VPN. To keep things simple, appropriate cryptographic algorithms include AES, DES, MD5, SHA, RSA, D-H, HMAC-MD5; when using these, ignore all padding rules (i.e., when padding is required, pad with zeros) and use the smallest moduli that will work. Deliverables: you are expected to write a document and your program. The document should include the following:A. A brief (no more than one page) but sufficient instructions for installing and executing your program installation. B. A brief description (no more than two pages) of how your VPN works. This description should include: |
Copyright © 2003-2007 Konstantin Beznosov |