Secure Multicast chat system
By: Ashraf A Amrou
Presented to Prof. Dr. Hussien Abdel-Wahab
Contents:
1. Introduction.
2. Files contained in the submission.
3. How the system works.
4. How to compile the programs.
5. How to run the programs.
6. How to generate the Keys.
7. Important Note on the cryptographic algorithms used.
1. Introduction:
This system is developed using java 2 SDK 1.4.0. This system runs a secure multicast
chat system. The techniques used here is not limited to the chat application, that can
be used will little modifications in other applications.
2. Files included in this system:
1) README file.
2) Makefile.
3) Coordinator.java: This program is responsible for distribution of the multicast
secret key to the group members.
4) SecureMChatDESMember.java: This is the program for running a chat client.
5) mchat.java: This program can be used to monitor the cipher text that is transfered
on the network.
6) keys and sertificate files.
3. How the system works.
When a chat client program runs, it first gets the login name from the user. It, then,
contacts the group Coordinator to get the multicast secret key. The chat client sends
the login name and the Coordinator responds by the multicast secret key. This reply is
encrypted using the public key of the user. This represents a challenge since
only the true user now can decrypt it and get the secret key to proceed with joining
the group. If someone is trying to impersonate the user, he will not be able to decrypt
the reply and thus will not be able to join the chat session.
The system include cryptographic Algorithms and techniques that are not part of the
Java2 SDK 1.4.0. See the section titled "7. Note on the cryptographic algorithms
used" for information on how to setup the required provider software.
4. How to compile.
A makefile is included. So to compile the programs, just enter the command make at
the unix prompt.
5. How to run.
a) Use the following command to run the Coordinator:
% java Coordinator <port>
where port is the SSL server port that the chat clients will use it to contact the
coordinator to get the secret key. For example,
% java Coordinator 12345
b) Use the following command to run the chat client:
% java SecureMChatDESMember <Coord ip> <mcast ip> <mcast port>
For example,
% java SecureMChatDESMember 128.82.4.66 225.0.0.99
12345
6. How to generate the Keys.
Sample Keystore files for three users are included. These were created using the java
"keytool". You can add, remove update users as you want. This can be done simply
by manipulating the keystores using the keytool.
To generate RSA keypairs (private and public) and certificate for a user named
"user1" use:
1) Private Key:
keytool -genkey -alias user1key -keyalg RSA -storepass groupmcast -keypass
groupmcast -storetype JCEKS -keystore user1PrivateStore
2) To generate Certificate:
keytool -export -alias user1key -storepass groupmcast -storetype JCEKS -keystore
user1PrivateStore -file user1.cert
3) Public Key:
keytool -import -alias user1key -storepass groupmcast -keypass groupmcast storetype JCEKS -keystore user1PublicStore -file user1.cert
Note that the Coordinator looks up the user key from a keystore named
"groupKeyStore". Thus, When adding a user, the user's sertificate must
be imported to this keystore using the following command
keytool -import -alias user1key -storepass groupmcast -keypass groupmcast storetype JCEKS -keystore groupKeyStore -file user1.cert
7. Important: Note on the cryptographic algorithms used.
The system utilizes some cryptograiphic Algorithms and techniques that are not part
of the
Java2 SDK 1.4.0. These Algorithms are implemented by the Bouncy Castle providor.
For the
system to function correctly, include the following in your CLASSPATH
environment Variable:
./bcprov-jdk14-112.jar