CO3099/7099: Write Java client-server programs for the agency so that they can brute force attack these messages: Foundations of Cybersecurity Resit Coursework Part 1, UoL, UK

University University of Leicester (UoL)
Subject Foundations of Cybersecurity

A number of spies working for a national security agency intercepted some secret communications. Write Java client-server programs for the agency so that they can brute force attack these messages, as well as protect the communications between client and server with encryption, as described below.

The spies were listening for communications of some secret organisation, and they noticed that those communications always consist of some message that are mostly plaintext but with some letters being replaced by some other symbols, such as H@%%# w#r%d where @ % and # are the replacement symbols and the other letters (including spaces) are the original characters. Each special symbol is believed to correspond to one replaced letter:

for example @ might correspond to a, % might correspond to b and # might correspond to c. Separately, they have also intercepted some MD5 digests which are believed to be the digests of the original (before such letter
replacement) messages. They want to find out what letters correspond to which of the special symbols used, so that the resulting string has the same MD5 digest as the one they found.

For example, given the above string and the MD5 digest 3e25960a79dbc69b674cd4ec67a72c62, the correct answer is “Hello world” with % being l, # being o and @ being e. To do this, a brute force attack needs to be carried out.

Since the spies are “field agents” who don’t have the computing power required for such brute force attacks, they use your client program, that sends the intercepted message and digest to some central server. The server is a supercomputer that can perform the attack almost immediately, and return the answer to the client program.

Since you don’t actually have a supercomputer, for the purpose of the assignment we will assume a more restricted version of such secret messages: those “missing” letters are all lowercase letters (a-z);

only three special symbols @ % and # will be used; and the original string (before substitution) will not contain those special symbols.

The system consists of a client and a server Java program, and they must be named Client.java and Server.java respectively. They are started by running the commands

java Server port

java Client host port userid

specifying the hostname and port number of the server, and the userid of the client.

There can be many different clients, each with a unique userid. The userid is a simple string like alice, bob etc. Each user is associated with a pair of RSA public and private keys, with filenames that have .pub or .prv after the userid, respectively. Thus the key files are named alice.pub, bob.prv, etc.

The server is similarly associated with a pair of keys server.pub and server.prv. These keys are generated separately by a program RSAKeyGen.java. More details are in the comments of that program.

It is assumed that the server already has the public keys of all legitimate users, via some offline method not described here, prior to the execution of the programs. Similarly, all client users are assumed to

already have the server’s public key. All necessary keys (and only the necessary ones) are in the current directory where the respective programs run from.

The server program is always running once started, and listens for incoming connections at the port specified in the command line argument. When a client is connected, the server handles the request, then waits for the next request (i.e., the server never terminates).

For simplicity, you can assume that only one client will connect to the server at any one time. When the client program starts, it connects to the server at the host and port specified in the command line arguments. It prompts the user to enter a secret message that needs to be cracked, and its MD5 digest (in hexadecimal). The program then sends the client’s userid, the secret message, and the MD5 digest, all encrypted, to the server.

The encryption should use RSA/ECB/PKCS1Padding with the correct key so that only the server can decrypt them. It can be assumed that these strings are short enough that each of them fits inside one RSA block for the given RSA keysize.

Upon connecting a new client, the server receives the client userid, the secret message and the MD5 digest, all encrypted. It decrypts them using the appropriate key. The server then tries to work out what the missing characters are by brute force. When it found the correct answer, it encrypts the answer (the correct string, such as “Hello world” for the example above) with RSA/ECB/PKCS1Padding, using the correct key so that the message can only be decrypted by that client. It then sends the encrypted result to the client.

Finally, the client decrypts the received result, and displays it on screen.
An example run, from the client side, may look like this (you do not have to follow precisely):

java Client localhost 5678 alice
Enter the message:
Th% c@k% #s @ l#%
Enter the MD5 digest (in hex):
180dca210094772b0626b73a99eb049d
The cracked message is:
The cake is a lie

Buy Answer of This Assessment & Raise Your Grades

Students Assignment Help UK offers excellent coursework writing help on Foundations of Cybersecurity. Our diligent writers have the relevant industry experience to provide flawless coursework solutions on management assignments, engineering assignments, business assignments, etc at a reasonable price.

Answer
img-blur-answers