The goals of this exercise are to allow you to learn more about
man in the middle type attacks.
- (10 pts) Write a simple echo program where you enter text in your
simulator environment and it is displayed on a servlet (written in Java
1.4 not J2ME). NOTE: Several of the J2ME books include examples on
how to accomplish this.
- (40 pts) Now install the cryptographic software from
http://www.bouncycastle.org into your J2ME development environment, and
use the Diffie-Hellman algorithm to establish a shared security
association and encrypt your messages to the servlet using AES. NOTE:
the code from bouncy castle includes support for Diffie-Helman.
- (50 pts) Now implement a man in the middle attack, using Java 1.4
not J2ME, against the code you developed in problem #2. NOTE: You may
assume that the attacker is already in the middle of the connection by
having the attacker's code listing on port A, and the servlet listening
on port B. The J2ME code then connects to port A rather than port
B.