NOTE: The assessment in the spec screenshotted $($assessment $2)$ has already been done, this assessment is building on the previous one.

Aims

Develop a secure networked application using TCP sockets

Identify security$/$privacy$/$trust issues and implement solutions to mitigate them

Develop a protocol to allow secure transfer of data

Introduction

The messaging system you developed in the previous project was insecure $($e$.$g$.$ no authorisation factors used to verify a user's identity, and all messages sent in plaintext$).$ Your task in this assignment is to identify security issues in your solution to Project Assessment $2$ and implement a secure system to take its place.

Protocol

Many of the security issues in the previous assignment were due to the protocol. Thus, while you are free to base your protocol on the previous version, you are given free reign to modify the protocol in any way to make the system more secure$.$

Functionality

As well as the functionality from assessment $2,$ your system should provide as much of the following functionality as possible:

Verify users when they log into the system to ensure they are who they say they are

Encrypt all communication between client and server

Allow users to send and receive messages between each other with the knowledge that all messages are authentic and can only be seen by the intended recipient

Allow users to know when messages they have sent have been read $($to help ensure non$-$repuidiation$)$

Any other security enhancements you can think of

Details

You may use any programming language that runs on turing.une.edu.au to implement your solution. Your solution should be submitted through myLearn in a single $.$zip or $.$tgz file which, along with your source code and any instructions to compile your code, should also include two shell scripts:

startServer.sh which takes a port number as its only command$-$line parameter and attempts to start a server on that port. If the server is unable to be started $($perhaps because that port is already in use$),$ your program should exit with an appropriate error message.

startClient.sh which takes a host name as its first command$-$line parameter and a port number as its second command$-$line parameter and attempts to connect to the server with the given host name and port number. If the client is unable to connect, it should exit with an appropriate error message.

Your submission should also include two documents. The first, in a PDF file named protocol.pdf$,$ should describe the protocol used by your system in enough detail to allow another developer to be able to implement your protocol by looking only at this document. The second, in a PDF file named report.pdf$,$ should describe the security$/$privacy$/$trust issues that were present in your previous project submission, your approaches to mitigating those issues $($which may refer to your protocol document$),$ and how those approaches work $($including any limitations$).$ If you are unable to implement some mitigations $($e$.$g$.,$ due to time constraints$),$ it is recommended you still list them in the report, indicating why you were unable to implement them.

Screenshot of project assessment $2$ spec to be based on attached.