FAQ for HW3, Part II

How do we run the project?

There are three main classes in the tarball: Router, Server and Client. The commands for running them are as follows:

java Router server-port client-port
java Server server-port
java Client account-number client-port

Run the programs in the same order as above. The port numbers must be positive integers greater than 1024. While running the Server (Client), use the same server (client) port number which you used in the Router. But server-port and client-port must be different values. If your Router is unable to listen at a port, someone else may be using it: try another value. After a single transaction, terminate the Router manually (by pressing Control-C); otherwise, the Router will run forever.

The account-number should be the last three digits of your dc cluster login (and not your last name as originally stated). If you are a team of two, run your code with the lesser of the two account numbers.

What do these classes do?

The Router simply forwards the messages between the Server and Client. As stated in the homework, the Client first authenticates the Server. Once the Server is authenticated, the Client then sends its credit card information, appropriately encrypted, to the Server.

What is the public key of the server?

The server's public key is contained in the file pk.txt that you can download as part of the code for the client/server/router.

How do we begin attacking the authentication protocol?

Use Router.java to eavesdrop on the conversation between the client and the server. Recall also that you have the server's public key (see previous question). You are also free to modify the source code for Router.java and generate your own Router.class; this will allow you to implement active attacks as discussed in class.

You are not supposed to use any other sort of attack; for example, you are not allowed to disassemble the java code (in the real world, the client and server would be running remotely, and you would not have direct access to the executables). If we have reason to believe you have done this, your homework submission may be disqualified.

Finally, a word of caution: both the Server and Client are currently set up to deal only with "good" Clients and Servers (i.e., the version provided in this project). Once you start modifying the Router, this might result in unpredictable behaviour!

How should we submit everything?

Keep everything in two directories, one for each part. The first portion of the homework should go in a directory named "part1" and the second in a directory named "part2".

For part 2, you should have the following files:

The goal of the project is to recover the credit card number being used by your client (note: this number will be different for each team). Turn in your guess for the credit card number in an ASCII text file named "ccnXXX.txt", where XXX is the three digits of your dc cluster login that you used when running the client (see "How do we run the project?", above).
Any code you wrote as part of the project, especially your modified Router code.
A README file as described in the homework.