Computer and Network Security (CITS3231)

Computer Science & Software Engineering
Computer and Network Security (CITS3231) - 2008 project

Faculty Home | CSSE Home | csentry | CITS3231 | help3231

Computer and Network Security (CITS3231) - 2008 project

Also check the project clarifications and project resources webpages.

Digital signatures are increasingly used to verify the authenticity of electronic documents. A cryptographic hash is taken of the document, and that hash is encrypted with the signer's private key. The recipient of the document may consider it to be authentic or safe (depending on the context) if they can verify the digital signature.

Digital certificates are then used to verify the identity of the individual presenting the public key with which a digital signature may be verified. Digital certificates are, themselves, verified by following a hierarchical chain of trust from the original certificate to a root authority. The root authority "earns" their trust through both being an early member of the "certification marketplace", and through their continued survival in that competitive marketplace.

An alternative to the hierarchical certificate model is provided by a ring of trust in which we believe that a signed document is authentic, or safe, if it has been signed by someone whose digital certificate has been signed by someone, whose digital certificate has been signed by someone, ...., until we locate a closed ring of people who each vouch for each other. No definitive root authority is required. Instead, trust is earned if the closed ring is simply long enough, or if it contains one of more people whom you definitively trust and is long enough (but probably containing fewer people).

Aim

The aim of the project is to develop a secured file storage facility, named thevault, whose contents are protected by a "ring of trust". The files being stored are to be stored within a standard Linux file-system, but all activities involving the files, such as adding, removing, fetching, and verifying, are to be performed by a network accessible service.

The storage facility is to be accessed through a command-line program named thevault, which is to support the following command-line options:

-a filename	add or replace a file to the vault
-c number	provide the required circumference (length) of a ring of trust
-f filename	fetch an existing file from the vault (simply sent to stdout)
-h hostname:port	identify the remote address providing the storage service
-l	list all stored files and how they are protected
-t name	trust a ring of trust involving the indicated person (i.e. their certificate)
-u certificate	upload the your certificate to the storage service
-v filename certificate	vouch for the authenticity of an existing file in the vault by providing your certificate

All communication between the thevault client application and thevault server must be secured by secure socket layer (SSL) channels.

A significant part of this project requires you to determine under what circumstances, and in what combinations, the above command-line options are reasonable and necessary. For example, you'll need to identify and answer questions such as "how and where are certificates managed?", "how and where are the files signed?", and "how is a ring of trust maintained, determined, and reported?".

In addition, you may need to support additional command-line arguments, or exchange additional information between the thevault client application and thevault server.

Your project must run on the CSSE Linux lab machines and may be written in either:

the C99 programming language and the OpenSSL library,
the Java programming language and Java's SE Security Platform, or
a combination of the two (the server and client in the different languages).

There is a lot of relevant well-written code and tutorial documents available on the web. Pointers to these will be added a project resources webpage. You will need to devote time to reading and understanding this material, but you will not need to develop significant amounts of new code.

Deadline and project submission

The project is due at 12noon, Friday 24th October 2008 (week 12) and is worth 30% of your mark in CITS3231 this year.

By the deadline all source code, digital certificates, and scripts that you wish to be assessed should also be submitted using cssubmit.

You are welcome to undertake the project on your home or laptop computers. Please note, however, that all materials submitted for marking must be working on our School's Linux machines by the due date.

Project demonstration

Your team must also arrange a demonstration of your software, for up to 30 minutes, in week 13. A booking sheet will be provided, soon. During the demonstration, your team should:

briefly describe design decisions and assumptions that you have made in your project. You should clearly identify what is being protected by your file storage system, how that protection is assured, and identify any currently known weaknesses with your approach or its implementation.
re-compile your programs, and initialize and invoke the server and client programs. Describe the contents of each necessary file and directory.
demonstrate, through a small number of examples, how someone may use your client program. In particular, clearly demonstrate any additional command-line options that you've added to your programs.

Working in groups of up to three

The project may to be undertaken in groups of up to three students. The motivation working in small groups is to enhance communication skills amongst students, and to enable you to attempt a project considered of greater difficulty than would normally be reasonable for the time available. It is anticipated that this project will require 15-25 hours of study by each member of the three-person groups.

The project is worth 30% of your mark in CITS3231 this year, and the distribution of marks within your group (typically 50/50 or 60/40) must be agreed to by both members of your group.

Only one group member needs submit files using cssubmit. Ensure that all students' names and student number are on, or in, all submitted materials.

Anyone needing to find a project partner should read partners.html as soon as possible, so that individuals may be paired up.
Groups of 4 will only be assigned by Chris McDonald if absolutely necessary.

Clarifications

Please post requests for clarification about any aspect of the project to help3231 so that all students may remain equally informed.

Clarifications will be also added to the project clarifications webpage.

Additional materials will also be addded to the project resources webpage.

Good luck,

Chris McDonald
October 2008.

Top of Page

CRICOS Provider Code: 00126G