Homework #3
CMSC 414 Section 0201
Due before the beginning of class March 10, 2003.

Written Problems. Turn in on hardcopy before class
  1. (25 pts) Exercise #3, page 121
  2. (25 pts) Exercise #5, page 121
  3. (50 pts) Exercise #9, page 150
Programming Problems. Turn in according to TA instructions

The goals of this exercise are to allow you to learn more about man in the middle type attacks.
  1. (10 pts) Write a simple echo program where you enter text in your simulator environment and it is displayed on a servlet (written in Java 1.4 not J2ME).  NOTE: Several of the J2ME books include examples on how to accomplish this.
  2. (40 pts) Now install the cryptographic software from http://www.bouncycastle.org into your J2ME development environment, and use the Diffie-Hellman algorithm to establish a shared security association and encrypt your messages to the servlet using AES. NOTE: the code from bouncy castle includes support for Diffie-Helman.
  3. (50 pts) Now implement a man in the middle attack, using Java 1.4 not J2ME, against the code you developed in problem #2. NOTE: You may assume that the attacker is already in the middle of the connection by having the attacker's code listing on port A, and the servlet listening on port B.  The J2ME code then connects to port A rather than port B.