CMSC 414 Spring 2003
Due Midnight May 14, 2003
You will design and implement a secure chat program using J2ME. Two independent versions of the J2ME phone simulator (running the same application) should be able to:
1. Make initial contact,
2. Verify the identities of each participant/phone (NOTE: You may assume that the IP address / Phone number are not spoofable. This can, if you choose, to implement a completely peer to peer system using cryptographically generated addresses),
3. Establish a shared secret(s) free of man in the middle attacks, and
4. Protect the communications between the two phones (Confidentiality and Integrity) for a duplex connection.
The methods you use are completely up to you, but you must justify your choices in a design document. The design document will be due in class on April 23, 2003. The design document must include the following at a minimum:
1. Overview figure for the protocol
2. Explain how identity will be used and how you will verify it
3. How will you establish the shared secret(s) needed for protecting the communications
4. What algorithms will be used for protecting the communications,
5. Testing plan- explain how you will test your code.
You may include additional information, i.e. message formats etc., in the design document as you desire.
The only implementation requirement is to use J2ME (same version as homework) for both ends of the communications. Any additional requirements such as a server etc. can be done using J2SE. Also, both ends of the communications MUST use the same application code (although they obviously need different addresses and credentials).
Submission of the programming assignment will be done in the same fashion as the homework programming assignments. Be sure and include instructions for how to set-up and test your program- also include a soft copy of your updated design document.