CSCI 6268 - Foundations of Computer and Network Security - Fall 2002
Assignment #5
Due: Dec 3, 2002
Design and implement a simple authentication system based on a
modified Lamport's hash scheme.
The system consists of two programs: mlhc, run by the
"client", and mlhs, run by the "server". Here the terms
"client" and "server" define who authenticates who. Specifically, the
server authenticates the client. So, if Bob wants to authenticate
Alice, then Bob will use mlhs while Alice will use
mlhc.
Authentication Scheme
The authentication scheme is essentially a one-time password scheme
based on Lamport's hash scheme. Lamport's scheme requires that the
server computes N iterations of a cryptographic hash
function, assuming a setup that can be used for authentication at
least N times. The modification is intended to reduce the
time complexity for the client by a constant factor r, while
requiring additional storage space for the server. This means that,
assuming a setup phase every N runs of the authentication
protocol, the client must be able to respond to the server's challenge
by computing only N/r cryptographic hash functions, while the
server might be required to store more information than just
<n,Hn(K)>. The modified scheme must not require
additional storage on the client side.
Implementation Specification
Both mlhs and mlhc are simple textual commands used
to compute the respective authentication messages. Neither
mlhs nor mlhc handle any network connection. In
fact, mlhs nor mlhc must be usable by two persons
authenticating each other over the phone or over surface mail.
mlhs works either in setup or normal
mode. The default mode (no command-line options) is normal
mode. With a -s command-line parameter, mlhs works
in setup mode.
In normal mode, mlhs runs the authentication
protocol:
- outputs the challenge (to standard output)
- reads the client's response (from standard input)
- verifies the response, and
- if the response verifies, it outputs OK and updates
its state
- otherwise it outputs KO and updates the necessary state
information
In setup mode, mlhs runs the setup procedure:
- reads the number of protocol rounds N (from standard input)
- reads any other necessary setup information (from standard input)
- stores all the necessary state information
mlhc also works either in normal (default) or
setup mode, triggered by a -s command-line
parameter.
In normal mode, mlhc runs the authentication
protocol:
- reads the challenge (from standard input)
- reads the pass-phrase (from standard input)
- outputs the challenge (to standard output)
In setup mode, mlhc runs the setup procedure:
- reads the number of protocol rounds N (from standard input)
- reads the pass-phrase (from standard input)
- outputs all the necessary setup information
Implementation Requirements
You must program this assignment in C or in C++. As for the
cryptographic hash function, you should use MD5. Obviously, you
should not implement MD5 yourself, but instead use one of the many
implementations available on the Web.
You must turn in your assignment in a single package, in the form
of a TAR file (compressed with gzip if you like) or a ZIP file.
Please, include the following in your package:
- all your source files, including the source for MD5
- all the necessary files (scripts, makefiles, etc.) to build your
programs
- a SCHEME file documenting the design of the authentication scheme
- a README file documenting the structure of your source package
and of the build process
You must send the package as a MIME-compatible attachment to
[email protected].