Advisor: Jeff Ondich
Times: Winter 3a
When I teach about encrypted protocols like TLS, HTTPS, and (occasionally) DNSSEC in CS338 Computer Security, I want my students to be able to observe the protocols in action to help them understand how the protocols function. When we discuss these protocols in the abstract, we talk about how Alice and Bob want to communicate with one another securely even when Eve the eavesdropper is listening or Mal the malefactor is trying to disrupt the communications. What I want is for my students to be able to see what Alice sees when the protocols are put into practice.
What I wish for would go something like this:
Sadly, trying this experiment with a normal packet analyzer like Wireshark or tcpdump obscures many aspects of the client/server interaction. For example, the encryption keys determined during the TLS handshake are known to the browser and to the server, but not to the packet analyzer. Furthermore, once the encryption keys are determined, all of the remaining packets' payloads are encrypted, so my students and I can't even see the specifics of the HTTP GET requests, etc.
This behavior of browsers and packet analyzers is normal and expected. We really don't want packet analyzers to be able to read the encrypted contents of the traffic they observe—that's the point of encrypting things in the first place.
But what if we were to make the packet analyzer a part of the browser? The analyzer would have access to all the cryptographic information and all the unencrypted traffic, which would make it possible to show us the entirety of the client/server interaction, unencrypted. This could be a great pedagogical tool, and might in some contexts be a valuable network analysis tool as well.
In this project, you will combine and, as needed, modify existing open-source tools (e.g. a browser, a packet analyzer, a networking library, a cryptographic library, etc.) to create the self-analyzing browser described above. To get to this goal, you will need to:
Possible Bonus Fun: If this project goes more quickly than I expect it to, we could add a special Person-in-the-Middle mode to help students observe a PITM attack on a website using HTTP instead of HTTPS, and then observe the same attack and see where TLS thwarts the attacker in the middle.
Some knowledge of networking (e.g., from CS331 or CS338) would be helpful (but not absolutely essential, since you could study the relevant material early in the term).