Secure Multicast chat system By: Ashraf A Amrou Presented to Prof. Dr. Hussien Abdel-Wahab Contents: 1. Introduction. 2. Files contained in the submission. 3. How the system works. 4. How to compile the programs. 5. How to run the programs. 6. How to generate the Keys. 7. Important Note on the cryptographic algorithms used. 1. Introduction: This system is developed using java 2 SDK 1.4.0. This system runs a secure multicast chat system. The techniques used here is not limited to the chat application, that can be used will little modifications in other applications. 2. Files included in this system: 1) README file. 2) Makefile. 3) Coordinator.java: This program is responsible for distribution of the multicast secret key to the group members. 4) SecureMChatDESMember.java: This is the program for running a chat client. 5) mchat.java: This program can be used to monitor the cipher text that is transfered on the network. 6) keys and sertificate files. 3. How the system works. When a chat client program runs, it first gets the login name from the user. It, then, contacts the group Coordinator to get the multicast secret key. The chat client sends the login name and the Coordinator responds by the multicast secret key. This reply is encrypted using the public key of the user. This represents a challenge since only the true user now can decrypt it and get the secret key to proceed with joining the group. If someone is trying to impersonate the user, he will not be able to decrypt the reply and thus will not be able to join the chat session. The system include cryptographic Algorithms and techniques that are not part of the Java2 SDK 1.4.0. See the section titled "7. Note on the cryptographic algorithms used" for information on how to setup the required provider software. 4. How to compile. A makefile is included. So to compile the programs, just enter the command make at the unix prompt. 5. How to run. a) Use the following command to run the Coordinator: % java Coordinator <port> where port is the SSL server port that the chat clients will use it to contact the coordinator to get the secret key. For example, % java Coordinator 12345 b) Use the following command to run the chat client: % java SecureMChatDESMember <Coord ip> <mcast ip> <mcast port> For example, % java SecureMChatDESMember 128.82.4.66 225.0.0.99 12345 6. How to generate the Keys. Sample Keystore files for three users are included. These were created using the java "keytool". You can add, remove update users as you want. This can be done simply by manipulating the keystores using the keytool. To generate RSA keypairs (private and public) and certificate for a user named "user1" use: 1) Private Key: keytool -genkey -alias user1key -keyalg RSA -storepass groupmcast -keypass groupmcast -storetype JCEKS -keystore user1PrivateStore 2) To generate Certificate: keytool -export -alias user1key -storepass groupmcast -storetype JCEKS -keystore user1PrivateStore -file user1.cert 3) Public Key: keytool -import -alias user1key -storepass groupmcast -keypass groupmcast storetype JCEKS -keystore user1PublicStore -file user1.cert Note that the Coordinator looks up the user key from a keystore named "groupKeyStore". Thus, When adding a user, the user's sertificate must be imported to this keystore using the following command keytool -import -alias user1key -storepass groupmcast -keypass groupmcast storetype JCEKS -keystore groupKeyStore -file user1.cert 7. Important: Note on the cryptographic algorithms used. The system utilizes some cryptograiphic Algorithms and techniques that are not part of the Java2 SDK 1.4.0. These Algorithms are implemented by the Bouncy Castle providor. For the system to function correctly, include the following in your CLASSPATH environment Variable: ./bcprov-jdk14-112.jar