Due: Tue, May 12, 11:59pm
In this project, you will implement a client (client) and server (server) that implement the searchable encryption scheme of Song et al. in the paper Practical Techniques for Searches on Encrypted Data. Specifically, you will implement the paper's final scheme as described in Section 4.4.
To simplify the project, we will encrypt only ASCII text (no commas or periods). The word size is 32 bytes; if a word is less than 32 bytes, it is first padded to 32 bytes with trailing space characters before pre-encrypting it. On decryption, these trailing spaces are removed, and each word is separated from the next word by a single space.
For our pseudorandom generator (the paper's G stream cipher that generates the S values), we will use AES-256 in CTR mode. The size of each S value is 24-bytes.
For our pseudorandom function (the paper's F function), we will use an HMAC parameterized with SHA256 and a 32-byte key, truncating the output to 8 bytes.
For our pseudorandom permutation (the paper's block cipher E), we will use AES-256 in ECB mode. When pre-encrypting the word, we consider the left portion (the paper's L value) to be the first 24-bytes.
The client communicates with the server over plain HTTP. There are two types of requests: search and fetch
When searching for the documents that matcha given keyword, the client makes an HTTP GET request to http://ip:port/search?x=...k=.... The x query parameter is the pre-encrypted word to search for, and k is the PRF key. The client should use base64.RawURLEncoding.EncodeToString to encode both values.
Upon receiving the request, the server searches the encrypted files under its static directory. If the server find matching files, it replies with an HTTP status code of 200 and a plaintext (Context-Type: text/plain) containing the matching file names (e.g., a.enc), one per-line.
If the server does not find a matching file, it should return the HTTP status code 404.
If the server detects that the client's request is malformed (e.g., missing a query parameter), it should return the HTTP status code 400.
If the client wants to fetch an encrypted file (e.g., a.enc), it makes a GET request to http://ip:port/static/a.enc. Upon receiving the file, the client decrypts, separates each word by a space, and prints the plaintext to stdout.
If the file does not exist, the server should return the HTTP status code 404.
To help get started, please use the following swp.zip skeleton module.
client - search and fetch files over the SWP protocol.
client [options] HOST:PORT
The host:port of the server to connect to. HOST can be an IP address or a domain name.
The client's PRG (stream cipher) key.
The client's PRF (HMAC key) key.
The plaintext word to search.
The encrypted file to fetch and decrypt. (The client must specify exactly one of -search or -get)
Show this usage statement and exit.
server [HOST]:PORT
A "host:port" address to listen on for connections.
Display this usage statement and exit.
Submit your project as a zip file via gradescope. Your project must include a Makefile that builds two executables: sget and sgetd. Please refer to the instructions for submitting an assignment for details on how to login to gradescope and properly zip your project.
./server 127.0.0.1:12345
./instructor/client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -search happy 127.0.0.1:12345
(out)b.enc
./server 127.0.0.1:12345
./instructor/client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -search fly 127.0.0.1:12345
(out)a.enc
(out)c.enc
./server 127.0.0.1:12345
./instructor/client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -search green 127.0.0.1:12345
(out)no files found
./server 127.0.0.1:12345
./instructor/client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -get a.enc 127.0.0.1:12345
(out)Somewhere over the rainbow Bluebirds fly Birds fly over the rainbox Why then oh why can't I
./server 127.0.0.1:12345
./instructor/client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -get d.enc 127.0.0.1:12345
(out)file not found
./instructor/server 127.0.0.1:12345
./client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -search happy 127.0.0.1:12345
(out)b.enc
./instructor/server 127.0.0.1:12345
./client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -search fly 127.0.0.1:12345
(out)a.enc
(out)c.enc
./instructor/server 127.0.0.1:12345
./client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -search green 127.0.0.1:12345
(out)no files found
./instructor/server 127.0.0.1:12345
./client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -get a.enc 127.0.0.1:12345
(out)Somewhere over the rainbow Bluebirds fly Birds fly over the rainbox Why then oh why can't I
./instructor/server 127.0.0.1:12345
./client -prg-key keys/prg.key -prf-key keys/prf.key -prp-key keys/prp.key -get d.enc 127.0.0.1:12345
(out)file not found