Task 1
Write (Java or C/C++) UDP programs allowing two parties to establish a secure communication channel. For simplicity, let us call the programs "Host" and "Client", which are executed by Alice and Bob, respectively. Alice and Bob share a common password PW which contains 6 numeric characters. They want to establish a secure communication channel that can provide data confidentiality and integrity. They aim to achieve this goal via the following steps: (1) use the password to establish a shared session key; (2) use the shared key to secure the communication.
Step 1 is done via the following key exchange protocol:
1: A -> B: EPW(KA)
2: B -> A: EPW (KB)
Alice and Bob then compute the shared key as K = Hash(KA||KB). KA and KB are both 64-bit random binary strings, and || denotes string concatenation. Alice and Bob decide to use RC4 as the encryption function, and SHA-1 as the Hash function.
After establishing the session key, step 2 is achieved as follows:
1. whenever Alice wants to send a message M to Bob, Alice first computes H = Hash(K||M), and then computes C = EK(M||H) and sends C to Bob.
2. upon receiving a ciphertext C, Bob first runs the decryption algorithm to obtain M||H = DK(C). After that, Bob computes H' = Hash(K||M) and checks if H = H'. If the equation holds, then Bob accepts M; otherwise, Bob rejects the ciphertext.
3. the same operations are performed when Bob sends a message to Alice.
You need to write two programs: Host and Client.
Task 2
Perform a security analysis for the key exchange protocol given in Task 1. Does the protocol provide the property of key authentication? Justify your answer.