Programming Project
No presentation
Submission deadline: 11:59pm, May 2 (Thursday)
The programming project can be done individually or by a group of 2 students. You can use C, C++, Java, or Python in this project. You can also use existing implementations of RSA algorithms and hash functions
(e.g., those provided in java.security, openssl, etc.) in this project. You are not required to implement a
graphical user interface. If you choose to do the programming project on your own, you will get 10points extra credits. In this project, you will develop an iterative secure online shopping system that enable customers topurchase goods securely (“iterative” means that the server handles one client at a time). The systemcomprises a purchasing server, multiple purchasing clients, and a bank. Each customer invokes a
purchasing client to initiate purchase using their credit card number. The client then sends the purchase
related information to the purchasing server, which in turn communicates with the bank to authenticate the
customer’s credit card. Upon successful authentication by the bank, the customer's available credit is
updated, and the server is notified. The server then proceeds to process the order. The purchasing server manages a file named “item”. Each line in the file has the format <item#> <itemname> <price>, where <item #> is the item number, <item name> is the item name, and <price> gives the
price ofthe item. The file “item” has the following content. 10000
10001
10002
10003
table
tv
lego
lamp
100
2000
40
20
The bank manages a file “creditinfo”. Each line in the file has the format <name> <hash of credit card><available credits>, where <name> is the name of the customer, <hash of credit card> is the hash of the
credit card number, and <available credits> gives the available credits of the customer. Initially, the file
“creditinfo” has the following content:
alice H(12345678) 3000
bob H(23456789) 500
Here H represents the hash function. You can use SHA, MD5, or other hash functions to generate the hashof credit card number. Public-key encryption is used for security. Let Pus and Prs represent the public and private key of the
purchasing server, respectively, and Pub and Prb represent the public and private key of the bank, respectively. These keys can be manually generated and stored on the disk. Assume that the purchasingclient and the bank have the server’s public key, and the server has the bank’s public key. To establish the online shopping system, the bank will be invoked the first, followed by the purchasingserver, and then the client. If you use C, you will use the following commands to invoke the bank, the
server, and the client. The bank is invoked as: ./bank <bank’s port number>
The server is invoked as: ./serv <bank’s domain name> <bank’sport number>
The client is invoked as: ./cli <purchasing server’s domain name> <purchasing server’sport number>
If you use Java, your Makefile should generate three files Bank.class (bank), Serv.Class (the purchasing
server), and Cli.Class (the purchasing client). If you use python, your python files should have the name
bank.py (bank), serv.py (the purchasing server), and cli.py (the purchasing client). The detailed steps are given below:
item
E(Pus, item # ||customer’s name||H(custom’s credit card #)) Server 1/0 E(Pub, price||customer’s name||H(customer’s credit card #)) || signature 1/0 Bank
creditinfo S1: The customer invokes the purchasing client to establish a connection with the purchasing server. S2: The server sends the content ofthe file “item” to the client. S3: The client displays the received content to the customer and prompts the customer to enter the itemnumber of the item they wish to purchase. S4: The customer enters the item number. You can assume that the TA will always provide a valid itemnumber. S5: The client prompts the customer to enter their name and credit card number. S6: The client encrypts the item number, and the customer’s name and credit card number using the public
key of the purchasing server and sends the encrypted message to the server. S7. The server decrypts the message and retrieves the price of the item from file “item” based on the itemnumber. Following this, the server encrypts the price of the item, and the customer’s name and credit cardnumber, using the bank’s public key. The server then signs the encrypted message using its private keyand sends the signed message to the bank. S8. The bank verifies the signature of the server using the server’s public key and decrypts the message
using the bank’s private key. S9. The bank then validates the customer’s name and credit card number based on the information stored infile “creditinfo”. If the customer’s name is in file “creditinfo” and the credit card number is associated withthe name, then the bank checks if the customer’s available credits are greater than the price of the item. If
so, the bank updates the available credits in file “creditinfo” (i.e., new_available_credits = available_credits – price) and sends “1” to the server. Otherwise, it sends “0” to the server. S10. If the server receives “1” from the bank, then the server sends “1” to the client and the client displays
a message “Your order is confirmed” to the customer. Otherwise, the server sends “0” to the client and the
client displays a message “Credit card transaction is unauthorized” to the customer. The client terminates
after displaying the above message. The server continues listening for connections. Submission guideline
If you work in a group, only ONE group member should submit the project.
Create a directory with a unique name (e.g. proj-[userid]), which contains
o A makefile (C/C++/Java)
o A README file
o A sub-directory “server”, which contains the source code ofthe server, the file “item”, the server’s private key, and the bank’s public key.
Client
o A sub-directory “client”, which contains the source code ofthe client and the server’s
public key. o A sub-directory “bank”, which contains the source code ofthe bank, the file “creditinfo”, the bank’s private key, and the server’s public key.
Write a README file (text file, do not submit a .doc file) which contains
The name and email address of your group members. The programming language you use (C/C++/Java/Python)
Code for performing encryption/decryption, and hashing (you can copy-paste the code fromyour program)
Whether your code was tested on remote.cs.binghamton.edu. How to execute your program. Anything special about your submission that the TA/grader should take note of.
Place all your files under one directory with a unique name (such as proj-[userid] for project, e.g. proj-pyang).
Tar the contents of this directory using the following command. tar –cvf [directory_name].tar [directory_name]
E.g. tar -cvf proj-pyang.tar proj-pyang/
Use brightspace.binghamton.edu to upload the tared file you created above. Grading Guideline
OReadme: 5’ OMakefile (C/C++/Java): 5’ OEncryption/decryption: 10’ ODigital signature: 10’ OHashing: 10’ oOther functionality (C/C++/Java): 60 ’ Other functionality (Python): 65’ OExtra-credits (work alone): 10’
请加QQ:99515681 邮箱:99515681@qq.com WX:codinghelp
- 赛诺威盛:大孔径专科化CT领航者
- 网易硬刚腾讯 两大游戏玩家之间的口水仗不断
- 全球“最独特”的一台华为 nova 6 5G 版手机是什么样子的?
- 拼多多抖音淘宝京东,谁是真低价?
- 老杨第一次再度抓握住一瓶水,他由此产生了新的憧憬
- 丰田章男称未来依然需要内燃机 已经启动电动机新项目
- B站更新决策机构名单:共有 29 名掌权管理者,包括陈睿、徐逸、李旎、樊欣等人
- 苹果罕见大降价,华为的压力给到了?
- 三明列东又有房子要拆迁!住这里的人要发了!
- 放大招后,广州又忍不住了…
- 私募积极加仓,百亿股票私募仓位指数创出近八周新高
- 他,传闻中马云最想见的人
- 升级的脉脉,正在以招聘业务铺开商业化版图
- 如何经营一家好企业,需要具备什么要素特点
- 智慧驱动 共创未来| 东芝硬盘创新数据存储技术