Skip to main content Link Search Menu Expand Document (external link)
logo img  50.005 CSE

Programming Assignment 2

In this assignment, you will implement a secure file upload application from a client to a secure file server. By secure, we mean three fulfilled requirements:

  1. First, before you do your upload as the client, you should authenticate the identity of the file server so you won’t leak your data to random entities including criminals.
  2. Secondly, you want to ensure that you’re talking to a live server too.
  3. Thirdly, while carrying out the upload you should be able to protect the confidentiality of the data against eavesdropping by any curious adversaries.

You may complete this assignment in groups of 2-3 pax. Indicate your partner’s name in the google sheet provided in our course handout.

There are three parts of this assignment:

  1. Authentication Protocol (AP)
  2. Confidentiality Protocol 1 (CP1)
  3. Confidentiality Protocol 2 (CP2)

These three parts form a strict Secure File Transfer protocol. You will be using socket programming (from the first half of the term) and cryptography knowledge (from the second half of the term) to complete this assignment.

Secure FTP != HTTPs

Note that you will be implementing Secure FTP as your own whole new application layer protocol. In NO WAY we are relying on HTTP/s.

There seem to be some ridiculous misunderstanding from your seniors in the past years that this assignment requires knowledge on HTTP/s and/or DNS. It’s totally two different protocol even though they are both applicaiton layer protocol. HTTPs is not equal to our SFTP, they are unrelated, as unrelated as 🍊 fruit is to 🌹 flower.

System Requirements

The starter code provided to you is written in Python. You need at least Python 3.10 to complete this assignment and the cryptography module.

While you can develop in Python using any OS, you still need to ensure that your assignment runs on a POSIX-compliant OS (path, etc is resolved).

Starter Code

You should have joined the GitHub Classroom and obtain the starter code for this assignment there. The link can be found in the Course Calendar portion of your Course Handout.

PA2 Files

Anything under source/ is where you will work for this assignment. All files in the same level as source/ are for admin purposes. Do not modify these.

.
├── README.md
├── setup.sh
├── .gitignore 
├── files
│   ├── cbc.bmp
│   ├── file.txt
│   ├── image.ppm
│   ├── jsim.jar
│   ├── player.psd
│   ├── squeak.wav
│   ├── vscodejsim.mp4
│   └── week9.html
├── requirements.txt
└── source
    ├── ClientWithoutSecurity.py
    ├── ServerWithoutSecurity.py
    └── auth
        ├── cacsertificate.crt
        └── generate_keys.py

Run ./setup.sh

[PROJ_ROOT_DIR]/recv_files, [PROJ_ROOT_DIR]/recv_files_enc, and [PROJ_ROOT_DIR]/send_files_enc are all empty directories that are not added in .git. To create them, simply run ./setup.sh in the project root.

You should see exactly the above file structure afterwards. ./setup.sh is a bash script, in order to execute it you must chmod it to be executable first.

Test the Starter Code

Install required modules

Run the following command to ensure you install the required modules for this assignment:

python3 -m pip install -r requirements.txt

You can use pipenv if you don’t want to clutter your machine. Refer to the repository readme for details.

Using the same machine

The starter code provided to you implements a simple, non-secure file transfer protocol. We will explain in detail what the protocol is. For now, let’s just ensure that everything runs normally.

Run each of these commands in two separate shell sessions:

python3 source/ServerWithoutSecurity.py
python3 source/ClientWithoutSecurity.py

You can type in the filename you want to send, e.g files/image.ppm from the Client’s window, and the server will receive it and store it under [PROJECT_DIR]/recv_files directory.

You can repeat the above steps multiple times for each file you want to send to the server. If the client would like to close connection to the server, key in -1.

The screenshot below shows how client process can send files to the server process, when both are hosted in the same computer:

Using different machines

You can also host the Server file in another computer:

python3 source/ServerWithoutSecurity.py [port] 0.0.0.0

The client computer can connect to it using the command:

python3 source/ClientWithoutSecurity.py [port] [server-ip-address]

To get this to work, you most probably need to use private ip address instead of public one, unless you have set a static public IP. You might need to enable port forwarding if you use a public IP, but if you aren’t sure what you’re doing then dont, you might expose yourself to a security vulnerability. If this is all to complicated for you, skip. You can totally just do the assignment in the same computer

Consult the Debug Notes page should you find any difficulties running the starter code.

Do NOT Import Other Python Modules for the Main Tasks

You are NOT allowed to import any other python modules other than what’s given to implement the main tasks:

import pathlib
import socket
import sys
import time
from datetime import datetime
import secrets
import traceback
from signal import signal, SIGINT
from cryptography import x509
from cryptography.exceptions import InvalidSignature
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.backends import default_backend

You can however utilise other libraries to implement the Sustainability and Inclusivity part for demo purposes only, without disturbing the main FTP protocol.