Secure Communications

My colleague Tomas Costa and I implemented a secure communication channel between a server and a client in the course Information and Organizational Security (SIO).

Idea

The idea was to implement a secure channel using cryptography (with the help of Cryptography IO

Phase 1

On the first assignment, we were required to implement a private communication channel, using symmetric keys generated with the Diffie-Hellman algorithm.

The communication would, therefore, be private, but not authenticated and was vulnerable to Man-In-The-Middle attacks.

We also verified the integrity of the message using a Message Integrity Code (MIC).

The code and documetation for this first part can be found here.

Phase 2

On the second assignment, we implemented authentication using user accounts and passwords, as well as with the Portuguese Citizen Card (though it could be adapted to work with other types of smart cards).

The code and documentation can be found here