2. Programming Task

A client and a server are planning to do data exchange. They decide to use a simplified SSL handshake (see Figure 1) to establish a secure channel (session key) then exchange data. The simplified SSL handshake removes the messages for alert, change cipher spec, certificate, etc.

IDC: client ID; IDS: server ID; SID: session ID;

Your task: implement the above mechanism in Java (alternatively C++/Python). The following components are mandatory for implementation.

• Fast modular exponentiation

• RSA signature scheme.

 RSA key generation: randomly generate two primes p, q (for 2048-bit RSA). Set the public key as the fixed e = 65537. Server’s RSA public key will be sent to the client in the Steup message. Assume this message can be securely delivered, no security protection is needed. Note that a client DOES NOT have its RSA keys.

o RSA signature generation: using SHA256 for message digest computation.

o RSA signature verification: using SHA256 for message digest computation.

o The underlying hash function is SHA256. You can use it from the Java library.

o Key generation needs to be implemented using (Java) BigInteger.

o RSA signature generation and verification need to be implemented using your own fast modular exponentiation method.

• Diffie-Hellman key exchange

o Use the parameters p, g from the System Parameters section.

 The DH key exchange should be secure against man-in-the-middle attacks.

• HMAC

• CTR mode

o Assume a message is always a multiple of 16-byte, i.e. no padding needed.

• Data exchange

o When a shared session key is created, they use 256-bit AES encryption with CTR and HMAC to protect data confidentiality and integrity, respectively.

o Demonstrate at least two message exchanges, where each message is exactly 64 bytes.