Customers use ATMs to make queries, withdrawals, and balance inquiries involving their accounts. Attackers must be prevented from interfering with these actions. Unlike ATM machines typically used in the US today, the ATM machines in the project accept smartcards capable of storing an RSA private key and performing a small amount of computation. Interactions with the ATM would work like this:
The ATM communicates with the bank by running a protocol that satisfies the following requirements:
bcprov-jdk15-134.jarlibrary.
For example, the user stevez was able to compile and run the project in the following session after downloading the Project4.tar.gz archive to the directory /home6/s/stevez/CSE331.
% gunzip Project4.tar.gz % tar -xf Project4.tar % cd Project4 % setenv CLASSPATH "/home6/s/stevez/CSE331/Project4/:/home6/s/stevez/CSE331/Project4/bcprov-jdk15-134.jar" % javac *.java % java BankKeys % ...The bank simulation consists of two main executables, BankServer and ATMClient, as well as a number of support utilities. The main pieces of the simulation are described below; it will be worth it to familiarize yourself with the provided code for more details.
The BankServer program takes no command-line arguments. It expects to be run from a directory that also contains the file bank.key, which contains the RSA KeyPair object for the bank. The bank KeyPair and any Rijndael keys needed during the server's operation are assumed to be stored in a secured RAM.
The BankServer also expects there to be a file called acct.db in the directory from which it is run. This file simulates the bank's database of accounts. In reality, such a database would be heavily replicated and bullet-proofed to prevent loss of accounting information, but for the purposes of this project, none of these features are significant. The file acct.db contains a AccountDB object that allows the bank to lookup and update account information.
The BankServer has access to additional non-volatile storage (a disk), on which it stores an audit log. The disk could possibly be read by an intruder, however, so the audit log should be encrypted to prevent undesired access. However log messages are liable to be large and frequent.
java ATMClient ATM# BankServerThe first argument is a string specifying a unique identifier for this ATM client. (The simulation does not verify that different clients have different ATM's, because that is not significant from the perspective of the project.) The argument BankServer is the IP address (or domain name) of the host machine running the BankServer program. Note that this argument should be localhost if the client and server are being run on the same machine.
The ATM is assumed to have little non-volatile memory (just enough to store the bank server's public key, the software itself, and the ATM identifier). The ATM software is trusted by the user and the bank; assume that it has been burned in ROM and so is not subject to attack. (This assumption rules out certain kinds of Trojan Horse attacks.)
The ATMClient program assumes that there is a file called bank.pub in the directory from which it is run. The bank.pub file contains the bank server's RSA public key, generated with the BankKeys utility.
Whenever a user has inserted a valid ATMCard, and entered the corresponding PIN, the ATMClient creates an ATMSession object that handles transactions for that user's session with the ATM.
The constructors for the BankSession and ATMSession objects initialize some fields used for communications, key information, and the account database. The fields kSession, currAcct, and atmID are to be established during the authentication procedure.
Communication between an ATMSession object and a BankServer object takes place via the Java ObjectIntputStream and ObjectOutputStream objects created when the socket connection is established. See the Java documentation at http://java.sun.com/j2se/1.5.0/docs/api/index.html for information on how to use these objects
The BankServer class contains a static reference to a Log object, so that log messages may be written as BankServer.log.write(...).
There are three kinds of transactions that the user can perform at the ATM: (1) Deposit, (2) Withdrawal, and (3) Balance inquiry. At the user's request, the bank server should perform the corresponding action on the Account object owned by the user.
For more information and Bouncy Castle documentation, see http://www.bouncycastle.org/. Also, you can try compiling the Crypto.java file with the debug flag set to true, to see the results of encryption/decryption.
The authentication protocol you use should be based on RSA encryption. It should entail changes to ATMSession.java and BankSession.java, including additional code (and perhaps fields). You will need to create additional classes to represent your protocol messages.
The transaction protocol should be based on Rijndael shared key encryption, and RSA-based digital signatures. Your implementation should entail modifications to ATMSession.java and BankSession.java, and may also require additional classes or methods to implement the transaction messages.
Only the BankServer should use the log, because the ATM does not have permanent storage. Instrument your authentication and transaction protocols to record information according to the criteria above. Justify the information that you decide to record in the audit log.
Note that you do not need to implement a way to read the log file (but see extra credit below), but it will be useful for debugging to echo your log writes to the console.
Project 4 should be submitted online on eniac by using the command turnin.
There is also a turnin man page which explains the usage in more detail, including some additional arguments.
Do not attempt the extra credit until you have completed the full assignment.