Programming Project
No presentation
Submission deadline: 11:59pm, May 2 (Thursday)
The programming project can be done individually or by a group of 2 students. You can use C, C++, Java, or Python in this project. You can also use existing implementations of RSA algorithms and hash functions
(e.g., those provided in java.security, openssl, etc.) in this project. You are not required to implement a
graphical user interface. If you choose to do the programming project on your own, you will get 10points extra credits. In this project, you will develop an iterative secure online shopping system that enable customers topurchase goods securely (“iterative” means that the server handles one client at a time). The systemcomprises a purchasing server, multiple purchasing clients, and a bank. Each customer invokes a
purchasing client to initiate purchase using their credit card number. The client then sends the purchase
related information to the purchasing server, which in turn communicates with the bank to authenticate the
customer’s credit card. Upon successful authentication by the bank, the customer's available credit is
updated, and the server is notified. The server then proceeds to process the order. The purchasing server manages a file named “item”. Each line in the file has the format <item#> <itemname> <price>, where <item #> is the item number, <item name> is the item name, and <price> gives the
price ofthe item. The file “item” has the following content. 10000
10001
10002
10003
table
tv
lego
lamp
100
2000
40
20
The bank manages a file “creditinfo”. Each line in the file has the format <name> <hash of credit card><available credits>, where <name> is the name of the customer, <hash of credit card> is the hash of the
credit card number, and <available credits> gives the available credits of the customer. Initially, the file
“creditinfo” has the following content:
alice H(12345678) 3000
bob H(23456789) 500
Here H represents the hash function. You can use SHA, MD5, or other hash functions to generate the hashof credit card number. Public-key encryption is used for security. Let Pus and Prs represent the public and private key of the
purchasing server, respectively, and Pub and Prb represent the public and private key of the bank, respectively. These keys can be manually generated and stored on the disk. Assume that the purchasingclient and the bank have the server’s public key, and the server has the bank’s public key. To establish the online shopping system, the bank will be invoked the first, followed by the purchasingserver, and then the client. If you use C, you will use the following commands to invoke the bank, the
server, and the client. The bank is invoked as: ./bank <bank’s port number>
The server is invoked as: ./serv <bank’s domain name> <bank’sport number>
The client is invoked as: ./cli <purchasing server’s domain name> <purchasing server’sport number>
If you use Java, your Makefile should generate three files Bank.class (bank), Serv.Class (the purchasing
server), and Cli.Class (the purchasing client). If you use python, your python files should have the name
bank.py (bank), serv.py (the purchasing server), and cli.py (the purchasing client). The detailed steps are given below:
item
E(Pus, item # ||customer’s name||H(custom’s credit card #)) Server 1/0 E(Pub, price||customer’s name||H(customer’s credit card #)) || signature 1/0 Bank
creditinfo S1: The customer invokes the purchasing client to establish a connection with the purchasing server. S2: The server sends the content ofthe file “item” to the client. S3: The client displays the received content to the customer and prompts the customer to enter the itemnumber of the item they wish to purchase. S4: The customer enters the item number. You can assume that the TA will always provide a valid itemnumber. S5: The client prompts the customer to enter their name and credit card number. S6: The client encrypts the item number, and the customer’s name and credit card number using the public
key of the purchasing server and sends the encrypted message to the server. S7. The server decrypts the message and retrieves the price of the item from file “item” based on the itemnumber. Following this, the server encrypts the price of the item, and the customer’s name and credit cardnumber, using the bank’s public key. The server then signs the encrypted message using its private keyand sends the signed message to the bank. S8. The bank verifies the signature of the server using the server’s public key and decrypts the message
using the bank’s private key. S9. The bank then validates the customer’s name and credit card number based on the information stored infile “creditinfo”. If the customer’s name is in file “creditinfo” and the credit card number is associated withthe name, then the bank checks if the customer’s available credits are greater than the price of the item. If
so, the bank updates the available credits in file “creditinfo” (i.e., new_available_credits = available_credits – price) and sends “1” to the server. Otherwise, it sends “0” to the server. S10. If the server receives “1” from the bank, then the server sends “1” to the client and the client displays
a message “Your order is confirmed” to the customer. Otherwise, the server sends “0” to the client and the
client displays a message “Credit card transaction is unauthorized” to the customer. The client terminates
after displaying the above message. The server continues listening for connections. Submission guideline
If you work in a group, only ONE group member should submit the project.
Create a directory with a unique name (e.g. proj-[userid]), which contains
o A makefile (C/C++/Java)
o A README file
o A sub-directory “server”, which contains the source code ofthe server, the file “item”, the server’s private key, and the bank’s public key.
Client
o A sub-directory “client”, which contains the source code ofthe client and the server’s
public key. o A sub-directory “bank”, which contains the source code ofthe bank, the file “creditinfo”, the bank’s private key, and the server’s public key.
Write a README file (text file, do not submit a .doc file) which contains
The name and email address of your group members. The programming language you use (C/C++/Java/Python)
Code for performing encryption/decryption, and hashing (you can copy-paste the code fromyour program)
Whether your code was tested on remote.cs.binghamton.edu. How to execute your program. Anything special about your submission that the TA/grader should take note of.
Place all your files under one directory with a unique name (such as proj-[userid] for project, e.g. proj-pyang).
Tar the contents of this directory using the following command. tar –cvf [directory_name].tar [directory_name]
E.g. tar -cvf proj-pyang.tar proj-pyang/
Use brightspace.binghamton.edu to upload the tared file you created above. Grading Guideline
OReadme: 5’ OMakefile (C/C++/Java): 5’ OEncryption/decryption: 10’ ODigital signature: 10’ OHashing: 10’ oOther functionality (C/C++/Java): 60 ’ Other functionality (Python): 65’ OExtra-credits (work alone): 10’
请加QQ:99515681 邮箱:99515681@qq.com WX:codinghelp