Client$-$Server Authentication System with Advanced Features

April $22,2024$

$1$ Introduction

This project involves creating a client$-$server system using Python, where the server authenticates clients based on usernames and SHA$-256$ hashed passwords stored in a file. This project serves as an introduction to network programming, hash functions, and secure communication.

$2$

$$

$3$

$1.$

$12$

$2.$

Project Requirements

Python $3.$x

Libraries: socket, hashlib, os$,$ threading, faker

Basic knowledge in socket programming, SHA$-256$ hashing, and multi$-$ threading.

Setup Instructions

Install necessary Python libraries. You will need Faker for generating realistic user data and possibly other libraries depending on your project$$s scope. Install them using pip:

pip install faker

This command installs the Faker library, which you will use to generate names and passwords for your authentication system.

Generate SSL certificates using OpenSSL to secure your client$-$server com$-$ munication. Run the following command in your terminal. Ensure you are in the root directory of your project so that the certificates are stored in the correct folder:

$1$

openssl req $-$x$509-$newkey rsa:$4096-$keyout lawencrypt$/$key$.$

pem $-$out lawencrypt$/$cert$.$pem $-$days $365-$nodes $-$subj $"/$CN$=$ localhost"

$1$

$2$

$4$ Instructions

$5$ Generating User Credentials

As part of setting up the authentication system, you will need to generate a list of user credentials, including usernames and passwords. This process involves creating two files: one for storing usernames and their corresponding SHA$-256$ hashed passwords, and another for storing usernames alongside their plaintext passwords for testing purposes. Here$$s what you need to do:

$1.$ Use a Python library, such as Faker, to generate realistic names. These names will be used to derive usernames.

$2.$ Generate usernames by using the first letter of the first name and the full last name from the generated names. Convert these to lowercase to maintain consistency.

$3.$ Generate passwords using simple English words. This choice simplifies remembering and entering passwords during testing but remember that simple words are not secure for production environments.

$4.$ Hash each password using SHA$-256,$ a cryptographic hash function, to ensure that passwords are stored securely in the system. This step is crucial for protecting user data.

$5.$ Writetheusernamesandtheirhashedpasswordstoafilenamedcredentials.txt$.$ This file will be used by the server to verify user logins$.$

$6.$ Additionally, write the usernames and their plaintext passwords to another file named user details.txt$.$ This file is used for testing the login process to ensure that the system works correctly.

This setup will allow you to create a secure and functional authentication system where user credentials are both generated and validated properly. Ensure that both files are stored in a secure location, such as the lawencrypt folder, and that they are properly protected to prevent unauthorized access.

$2$

This command generates a self$-$signed SSL certificate and a private key, saving them in the lawencrypt folder. Use these files to configure SSL in your Python scripts.

$5\mathrm{.}1$ Server

$1.$ Create a file named credentials.txt$.$ Each line should contain a user$-$ name and a SHA$-256$ hash of the password, separated by a comma.

$2.$ Write a Python script for the server that:

$$ Loadstheusernameandhashedpasswordsintoadictionaryatstartup.

$$ Listens for incoming connections from clients.

$$ Receives login requests $($username and password$).$

$$ Hashes the received password and compares it with the stored hash.

$$ Sends a success or failure message back to the client.

$$ Implements multithreading to handle multiple client connections si$-$ multaneously.

$5\mathrm{.}2$ Client

$6$

$7$

$1.$

$1.2.$

Write a Python script for the client that:

$$ Connects to the server.

$$ Sends login credentials $($username and password$).$ Receives and prints the server$$s response.

Extra Credit

Multi$-$threaded Server: Modify the server to handle multiple client connections at the same time using the threading library.

Encrypted Chat System: After successful authentication, clients can send messages to the server, which then encrypts and relays them to other authenticated clients. Implement this using a simple symmetric encryption like AES.

Expected Outcome

Upon completion, students will have a functioning client$-$server system capable of secure authentication and, optionally, capable of handling encrypted commu$-$ nications and multiple clients simultaneously.

$3$