First part of the project -  File server with integrity guarantees
Second part of the project - Extending the file system to support smartcard-based authentication Third part of the project - Block server with intrusion-tolerant replication 

All questions regarding the course, namely questions on the project, should be directed to sec@tecnico.ulisboa.pt. Please write your message in English and state your campus and group id.

Frequently Asked Questions

 

1. Generation of the hash of the public key.  


The getEncoded() method (of both DSA and RSA implementations) of the PublicKey interface returns different results upon subsequent calls. Any of the different encodings returned by subsequent calls to getEncoded() can  be successfully employed to reconstruct the same PublicKey object. However, due to its non-determinism,  the output of getEncoded() cannot be used to generate the input for the hash function that determines the file name identifier.- Instead, publicKey.toString() generates a deterministic representation of the public key. 
Hence, the hash of the public key should be computed on the representation returned by the toString() method and not on the one returned by getEncoded().
2. Do we have to store the generated keys in a Java KeyStore?

This is recommended in a real system but not mandatory for the project. This means that we see this as an extra feature that we can (at best) reward with a small amount of extra credit.

3. Do we need to handle the deletion (or garbage collection) of content hash blocks that are no longer used?

No, do not worry about this aspect at all.

4. Do we need to consider performance and bandwidth issues when accessing very large files (e.g., gigabytes), which, even in a design that splits the content across public key and content hash blocks, still generate very large public key blocks?

You can regard this also as an extra feature that will only be rewarded with a small amount of extra credit.

5. What is required from the tests we need to develop?

These tests should provide a good coverage of the functionality of the file system, including corner cases that are not considered normal case operation (e.g., reading beyond the end of the file). In addition, you should also develop dependability tests, that show how the system tolerates or breaks under specific types of faults or attacks.

6. How should the tests be executed? 
The students are free to define how tests should be executed. By all means, the submission shall include a README file documenting how the tests should be run.

7. Where can I find the Java API documentation for using the Cartão de Cidadão?
To access this documentation, you need to install the Cartão de Cidadão's application from https://www.cartaodecidadao.pt/
You will then find this documentation under a directory called doc/
For your convenience, we posted a zip file with the documentation in the Lab section.




8. How can I configure Eclipse for the second stage of the project?

You can use the following steps to configure Eclipse. Thank you to Ricardo Maia for sending these:
1. Right-click sobre a pasta raiz do projecto que se encontra no package explorer do eclipse.       1.1. Navegar para Properties -> Java Build Path -> Libraries             1.1.1. Clicar em Add External JARs.             1.1.2. Adicionar pteidlibj.jar             1.1.3. Adicionar Sunpkcs11.jar - Esta lib encontra-se em %JDK-1.8-Folder%/jre/lib/ext . RNL: /usr/lib64/jdk1.8.0_72/jre/lib/ext       1.2. Navegar para Properties -> Java Build Path -> Order and Export            1.2.1. Através dos botões Up/Down meter as bibliotecas pala seguinte ordem:                       - Sunpkcs11.jar                      - JRE System Library [JavaSE1.8]                       - pteidlibj.jar2. Os erros no ficheiro eIDLib_PKCS11_test.java devem desaparecer, caso contrário fazer project -> clean do projecto.3. Configurar a execução do projecto em Run Configurations     3.1. Criar configuração para java application defenindo project e main-class para ser executada.     3.2. Ainda no painel de configuração de execução clicar numa tab que diz (x) = Arguments.            3.2.1. Por em VM arguments:                -Djava.library.path=/usr/local/lib/pteid_jni/                //Path na RNL      3.3. Clicar em Apply e Run.   
9. How can I validate the certificates in the "Cartão de Cidadão"?
You can use the Java Certification Path (JCP) library, which is included in the JSE (but there are many alternative libraries; another popular one is the Certification Path library). 
Here you find the documentation of the whole JCP library: 
http://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html
The most relevant classes are:- The CertPath Class - Certification Path Building Classes - Certification Path Validation Classes 
 Note that, to perform the validation, you should store the certificates of the "Entidade de Certificação do Cartão de Cidadão", which you can find here: 
 https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao/ 
(Suggestion from a fellow student: use instead https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao_autenticacao/Thank you to Bernardo Palma for the suggestion!)
 There are three certificates, which correspond to different versions of the Cartão de Cidadão.
Here you can find also the Certificate Revocation Lists:
 https://pki.cartaodecidadao.pt/publico/lrc/ 
 Some publicly available JAVA code examples: 
- http://www.java2s.com/Tutorial/Java/0490__Security/Validatecertificate.htm (using the Java Certification Path library) - http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/ (using the Bouncy Castle library) 


UPDATE: You can download here an example java class that performs certificate validation (which includes code to automate the check of the Certificate Recovation List).


10. For the third stage, can we simplify the implementation of authenticated perfect links?
You can use TCP instead of having to implement retransmission and duplicate elimination. However, you still need to add the code for handling the authentication and message integrity part.

UPDATE:  For the implementation of the authenticated links using MACs, we suggest that, to simplify, you assume that the client has already established a shared secret with each replica before your program starts to run. Therefore, it is ok for the client and the replicas to read these shared secrets, for instance, from a configuration file.

If you want, you can also try to do a complete version of the implementation (e.g., using TLS, or your own implementation of a key exchange protocol). This will be counted as extra credit.

Attachments