- ILM Unit-409: focused on understanding the impact of development on workplace performance: Managing Personal Development, Coursework, UOS, UK
- ILM Unit-409: focused on implementing and evaluating planned development activities and apply learning in the workplace: Managing Personal Development, Coursework, UOS, UK
- ILM Unit-409: focused on identifying and prioritising work-related development requirements: Managing Personal Development, CourseWork, UOS, UK
- 7PS032: Identify type of study design needed, including within or between groups where relevant: Research Methods Course Work, UOW, UK
- 7PS032: What do the means, range and standard deviations show?: Research Methods Course Work, UOW, UK
- 7PS032: You need to write a research proposal. It must be a quantitative research proposal: Research Methods Course Work, UOW, UK
- MN0493: Report the major points of your discussions with the client. This should include the construction of the portfolios: Investments and Risk Management Course Work, NUN, UK
- DAT7303: In portfolio 3, students must complete 4 tasks related to analysing a dataset using CRISP- DM methodology: Data Mining Course Work, UK
- BUSI 1475: Your task is to identify and select an article from the BBC News website (news.bbc.co.uk): Management in a Critical Context Course Work, UOG, UK
- COMP6029: Computer Science and Electronic Engineering related subjects generally use the IEEE referencing style: Network Systems Course Work, UOS, UK
- UMACTF-15-M: You have recently been appointed as a Financial Analyst for a leading investment bank in London: Corporate Financial Strategy Course Work, UWE, UK
- BAM5010: choose an organisation and make some recommendations for the delivery: Work Based Project Course Work, UOB, UK
- You are required to calculate ratios for Fresh Farms Ltd: financial Course Work, UK
- Understand the legal, ethical and theoretical context for health, safety and risk management: leadership and Management Course Work, UK
- P3 Describe the types of training and development used by a selected business: BTEC Business Extended Diploma Pearson Course Work, UK
- Describe how a selected business identifies training needs: BTEC Business Extended Diploma Pearson Course Work, UK
- Discuss your chosen business, background information and why you have chosen that business: BTEC Business Extended Diploma Pearson Course Work, UK
- Activity 7: Risk management in an organisation should be both sensible and proportionate to the level of risk involved: NEBOSH IDIP ID1 Research Paper Course Work, OU, UK
- Activity 6: Reviewing health and safety performance Critique your chosen organisation’s health and safety: NEBOSH IDIP ID1 Research Paper Course Work, OU, UK
- Activity 5: Management of contractors Review how your chosen organisation selects contractors and manages them while they are on site: NEBOSH IDIP ID1 Research Paper Course Work, OU, UK
CO3099/7099: Write Java client-server programs for the agency so that they can brute force attack these messages: Foundations of Cybersecurity Coursework, UoL, UK
| University | University of Leicester (UoL) |
| Subject | CO3099/7099: Foundations of Cybersecurity |
A number of spies working for a national security agency intercepted some secret communications. Write Java client-server programs for the agency so that they can brute force attack these messages, as well as protect the communications between client and server with encryption, as described below.
The spies were listening for communications of some secret organisation, and they noticed that those communications always consist of some message that are mostly plaintext but with some letters being replaced by some other symbols, such as H@%%# w#r%d where @ % and # are the replacement symbols and the other letters (including spaces) are the original characters. Each special symbol is believed to correspond to one replaced letter:
for example @ might correspond to a, % might correspond to b and # might correspond to c. Separately, they have also intercepted some MD5 digests which are believed to be the digests of the original (before such letter
replacement) messages. They want to find out what letters correspond to which of the special symbols used, so that the resulting string has the same MD5 digest as the one they found.
For example, given the above string and the MD5 digest 3e25960a79dbc69b674cd4ec67a72c62, the correct answer is “Hello world” with % being l, # being o and @ being e. To do this, a brute force attack needs to be carried out.
Since the spies are “field agents” who don’t have the computing power required for such brute force attacks, they use your client program, that sends the intercepted message and digest to some central server. The server is a supercomputer that can perform the attack almost immediately, and return the answer to the client program.
Since you don’t actually have a supercomputer, for the purpose of the assignment we will assume a more restricted version of such secret messages: those “missing” letters are all lowercase letters (a-z);
only three special symbols @ % and # will be used; and the original string (before substitution) will not contain those special symbols.
The system consists of a client and a server Java program, and they must be named Client.java and Server.java respectively. They are started by running the commands
java Server port
java Client host port userid
specifying the hostname and port number of the server, and the userid of the client.
There can be many different clients, each with a unique userid. The userid is a simple string like alice, bob etc. Each user is associated with a pair of RSA public and private keys, with filenames that have .pub or .prv after the userid, respectively. Thus the key files are named alice.pub, bob.prv, etc.
The server is similarly associated with a pair of keys server.pub and server.prv. These keys are generated separately by a program RSAKeyGen.java. More details are in the comments of that program.
It is assumed that the server already has the public keys of all legitimate users, via some offline method not described here, prior to the execution of the programs. Similarly, all client users are assumed to
already have the server’s public key. All necessary keys (and only the necessary ones) are in the current directory where the respective programs run from.
The server program is always running once started, and listens for incoming connections at the port specified in the command line argument. When a client is connected, the server handles the request, then waits for the next request (i.e., the server never terminates).
For simplicity, you can assume that only one client will connect to the server at any one time. When the client program starts, it connects to the server at the host and port specified in the command line arguments. It prompts the user to enter a secret message that needs to be cracked, and its MD5 digest (in hexadecimal). The program then sends the client’s userid, the secret message, and the MD5 digest, all encrypted, to the server.
The encryption should use RSA/ECB/PKCS1Padding with the correct key so that only the server can decrypt them. It can be assumed that these strings are short enough that each of them fits inside one RSA block for the given RSA keysize.
Upon connecting a new client, the server receives the client userid, the secret message and the MD5 digest, all encrypted. It decrypts them using the appropriate key. The server then tries to work out what the missing characters are by brute force. When it found the correct answer, it encrypts the answer (the correct string, such as “Hello world” for the example above) with RSA/ECB/PKCS1Padding, using the correct key so that the message can only be decrypted by that client. It then sends the encrypted result to the client.
Finally, the client decrypts the received result, and displays it on screen.
An example run, from the client side, may look like this (you do not have to follow precisely):
java Client localhost 5678 alice
Enter the message:
Th% c@k% #s @ l#%
Enter the MD5 digest (in hex):
180dca210094772b0626b73a99eb049d
The cracked message is:
The cake is a lie
Buy Answer of This Assessment & Raise Your Grades
Looking for professional assistance with your CO3099/7099 coursework at the University of Leicester (UoL)? Diploma Assignment Help UK is here to help! Our online assignment help service offers tailored solutions to ensure your academic success. With our Do My Assignment service, you can focus on mastering the foundations of cybersecurity while our experienced writers handle your coursework. Trust Diploma Assignment Help UK for top-quality assignments that showcase your knowledge and skills.
Answer
