We need to design and implement a secure conference system. The system will allow users to connect to a conference server and to participate in a shared conversation. The conversation is public for all connected users. No private (user to user) communication is required. The conversation stream crosses the network in encrypted format. The conference application consists of three parts: the conference server, the server configuration tool and the conference client. The server role is to dispatch the received message from any client to all other clients.

The Scenario:

The scenario of the conference system consists of five main operations:

1.       Configuring and launching the server

2.        Configuring and launching the client

3.       Client Authenticating

4.       Sending a message

5.       Receiving a message

Configuring and launching the server

1.  The administrator creates a public and private key for the server. The keys are stored on the server.

2. The administrator creates a meeting on the conference server. Each meeting has a title, a unique ID, a secret-key encryption algorithm and a randomly-generated secret key appropriate for the encryption algorithm. The administrator creates also user accounts. The user information consists of the username and the user public key.

3.   The administrator launches the server and the server is waiting for connections from clients. The server listens to a certain IP address and a certain port. The server has a list of active meetings.

Configuring and launching the client

1.  The client creates a public and private key for the user. The keys are stored on the client.

2.  If the client wants to use the conference room, he (or she) should ask the server administrator to create an account for him (her). The client provides the server administrator with the username and the user public key.

3.  The user launches the client and connects to the server.

Client Authenticating

1.       The client connects to conference server by specifying the IP address, the port address, the meeting ID.

2.  The client also sends its authentication information which are the username and the user name encrypted using its private key. These information are sent encrypted using the public key of the server.

3. The server authenticate the client. If the authentication is not successful an error message is returned back to the client. The authentication is done by three steps:  1-decrypting the information sent by the client using the server private key, 2- lookup the user public key, 3- comparing the username and the result of decrypting the username using the stored user public key.

4.   If the authentication is successful the server returns back the encryption algorithm used for the meeting and the secret key of the meeting to the client. This information is sent encrypted using the public key of the client.

5.   The client decrypts the meeting encryption parameters using its private key and start sending and receiving messages.

Sending Messages

1. The client sends messages in encrypted format. The message encryption is done using the meeting encryption algorithm and the meeting secret key.

2.  The server forwards the received encrypted message from the client to all the other clients connected to the server on the specified meeting.

Receiving Messages

1.       The client receives an encrypted message.

2.       The client decrypts the message using the meeting encryption algorithm and the meeting secret key.

3.        The client shows the message to the user.

Requirements

The following requirements are essential for the implementation and delivery of the assignment:

1.    Both server and client application should use only text file format for configuration and storage. No DBMS are allowed.

2.    The student should provide the text-format user database containing the user information.

3.    The following encryption algorithms should be used:

a.    DES and/or AES for symmetric key cryptography

b.    RSA for public key cryptography

4.    The server and client applications should be configurable using a UI containing the following information:

a.    Server application: server IP address, port address, path of user database file, server public key, server private key

b.    Client application: server IP address, port address, client public key, client private key

5.    The following documents and source code should be delivered

a.    Assignment specification and design document. This document should contain:

1.    Written using pdf format.

2.    Description of the designed system.

3.    Description of the designed server.

4.    Description of the designed client.

5.    Description of the design of the text-format user database.

6.    A list of error messages exchanged between the client and the server.

b.    Source code of the server application. It should meet the following:

1.    Written in C# using VS 2005.

2.    Use of multi-threading technique for client-server communication.

3.    It uses the Namespace: System.Security .Cryptography (mscorlib) for cryptography functions.

4.    Built using sub procedures

5.    Well commented

c.    Source code of the client application. It should meet the following:

1.    Written in C# using VS 2005.

2.    Use of multi-threading technique for client-server communication.

3.    It uses the Namespace: System.Security .Cryptography (mscorlib) for cryptography functions.

4.    Built using sub procedures

5.    Well commented

d.    System usage manual document. This document should meet the following:

1.    Written using pdf format.

2.    It contains description of the usage of the server application.

3.     It contains description of the configuration of the server application.

4.    It contains description of the usage of the client application.

5.    It contains description of the configuration of the client application.