Goal and learning objectives
COVIDSafe is a digital contact tracing app announced by the Australian Government to help combat the ongoing COVID-19 pandemic, which has infected more than 6 million people and killed more than 373,000. The pandemic has also caused major society and economy disruptions around the world, and effective contact tracing is one of conditions that we can go back to ``normal’’ life before the development of a COVID-19 vaccine. The app is based on the BlueTrace protocol developed by the Singaporean Government. In this assignment, you will have the opportunity to implement a BlueTrace protocol simulator and investigate its behaviours. Your simulator is based on a client server model consisting of one server and multiple smartphone clients. The clients communicate with the server using TCP and among themselves using UDP. The server is mainly used to authenticate the clients and retrieve the contact logs in the event of a positive COVID-19 detection since the logs are stored locally in the smartphones for 21 days only to protect the privacy of the users. The clients broadcast and receive beacons (UDP packets) when they are in the communication range.
Learning Objectives
On completing this assignment, you will gain sufficient expertise in the following skills:
Detailed understanding of how client-server and client-client interactions work.
Expertise in socket programming.
Insights into implementing an application layer protocol.
Assignment Specification
The base specification of the assignment is worth 20 marks. The specification is structured in two parts. The first part covers the basic interactions between the clients and server and includes functionality for clients to communicate with the server. The second part asks you implement additional functionality whereby two clients can exchange messages with each other directly in a peer-to-peer fashion. This first part is self-contained (Sections 3.2 – 3.4) and is worth 15 marks. Implementing peer-to-peer messaging (beaconing) (Section 3.5) is worth 5 marks.
The assignment includes 2 major modules, the server program and the client program. The server program will be run first followed by multiple instances of the client program (Each instance supports one client). They will be run from the terminals on the same and/or different hosts.
BlueTrace1 Overview
One of the core considerations of BlueTrace is to preserve user privacy. To this end, personal information is collected just once at point of registration and is only used to contact potentially infected patients. Contact tracing is done entirely locally on a client device using Bluetooth Low Energy (BLE) or UDP for this assignment, storing all encounters in a contact history log chronicling encounters for the past 21 days. Users in the contact log are identified using anonymous ``temporary IDs’’ (TempIDs) issued by the health authority server. This means a user's identity cannot be ascertained by anyone except the health authority with which they are registered. Furthermore, since TempIDs change randomly on a regular basis (e.g., every 15 minutes), malicious third parties cannot track users by observing log entries over time.
The protocol is focused on two areas: locally logging registered users in the vicinity of a device (i.e., peer to peer communication or P2P), and the transmission of the log to the operating health authority (i.e., client to server communication or C2S). In the context of this assignment, the P2P component operates on top of the unreliable UDP communication, defining how two devices acknowledge each other's presence. The C2S component uses reliable TCP to communicate a timeline of visits to a centralised server owned by a health authority once a user has tested positive for COVID-19. The health authority can then, using the log, notify the users who came in contact with the infected patient.
Server
The reporting server is responsible for handling initial registration, provisioning unique user identifiers, and collecting contact logs created by the P2P part of the protocol. When the user first launches a BlueTrace app they will be asked to create a UserID (internationally format mobile phone number, e.g., +61-410-888-888) and password. This phone number is later used if the user has registered an encounter in an infected patient's contact log. Once registered, users are provisioned TempID uniquely identifying them to other devices. Each TempID has a lifetime of a defined period (e.g., 15 minutes) to prevent malicious parties from performing replay attacks or tracking users over time with static unique identifiers. Therefore, the server has the following responsibilities.
User Authentication - When a client requests for a connection to the server, e.g., for obtaining a TempID or uploading contact logs after being tested as a COVID-19 positive, the server should prompt the user to input the username and password and authenticate the user. The valid username and password combinations will be stored in a file called credentials.txt which will be in the same directory as the server program. An example credentials.txt file is provided on the assignment page. Username and passwords are case-sensitive. We may use a different file for testing so DO NOT hardcode this information in your program. You may assume that each username and password will be on a separate line and that there will be one white space between the two. If the credentials are correct, the client is considered to be logged in and a welcome message is displayed. When all tasks)are done (e.g., TempID has been obtained or the contact log has been uploaded), a user should be able to logout from the server.
On entering invalid credentials, the user is prompted to retry. After 3 consecutive failed attempts, the user is blocked for a duration of block_duration seconds (block_duration is a command line argument supplied to the server) and cannot login during this duration (even from another IP address).
TempID Generation - TempIDs are generated as a 20-byte random number, and the server uses a file (tempIDs.txt, which will be in the same directory as the server program) to associate the relationship between TempIDs and the static UserIDs. An example tempIDs.txt file is provided on the assignment page.
Contact log checking - Once a user has been tested as a CVOID-19 positive, he/she will upload his/her contact log to the reporting server. The contact log is in the following format: TempID (20 bytes), start time (19 bytes) and expiry time (19 bytes). Then, the server will map the TempID to reveal the UserID and retrieve start time and expiry time (with help of the tempIDs.txt file). The health authority can then contact the UserID (phone number) to inform a user of potential contact with an infected patient. Therefore, you program will print out a list of phone numbers and encounter timestamps.
Client
The client has the following responsibilities - Authentication - The client should provide a login prompt to enable the user to authenticate with the server. Download TempID - After authentication, the client should be able to download a TempID from the server and display it. Upload contact log - The client should be able to upload the contact logs to the server after authentication. For NON-CSE students, you may read the contact logs from a static file (_contactlog.txt). For CSE students, you should generate the content of _contactlog.txt file dynamically as discussed in Section 3.5 below.
Commands supported by the client
After a user is logged in, the client should support all the commands shown in the table below. For the following, assume that commands were run by user A.
Command Description
Download_tempID Download TempID from the server.
Upload_contact_log Upload contact logs to the server.
logout log out user A.
Any command that is not listed above should result in an error message being displayed to the user. The interaction with the user should be via the terminal (i.e. console).
We do not mandate the exact text that should be displayed by the client to the user for the various commands. However, you must make sure that the displayed text is easy to comprehend. Please make sure that you DO NOT print any debugging information on the client terminal.
Some examples illustrating client server interaction using the above commands are provided in Section 8.
Peer to Peer Communication Protocol (beaconing)
The P2P part of the protocol defines how two devices communicate and log their contact. We will simulate BLE encounters with UDP in this section. Each device is in one of two states, Central or Peripheral. The peripheral device sends a packet with the following information to the central device: TempID (20 bytes), start time (19 bytes), expiry time (19 bytes) and BlueTrace protocol version (1 byte). After receiving the packet/beacon, the central device will compare current timestamp with the start time and expiry time information in the beacon. If the timing information is valid (i.e., current timestamp is between start time and expiry time), the central device will store the beacon information in a local file (_contactlog.txt) for 3 minutes2 . Note that a client can behave in either Central or Peripheral states.
To implement this functionality your client should support the following command and remove the outdated (i.e., older than 3 minutes) contact log automatically (in addition to those listed in Section 3.4)
File Names & Execution
The main code for the server and client should be contained in the following files: server.c, or Server.java or server.py, and client.c or Client.java or client.py. You are free to create additional files such as header files or other class files and name them as you wish. The server should accept the following two arguments: • server_port: this is the port number which the server will use to communicate with the clients. Recall that a TCP socket is NOT uniquely identified by the server port number. So it is possible for multiple TCP connections to use the same server-side port number. • block_duration: this is the duration in seconds for which a user should be blocked after three unsuccessful authentication attempts.
The server should be executed before any of the clients. It should be initiated as follows:
If you use Java:
java Server server_port block_durationIf you use
C: ./server server_port block_durationIf you use Python:
python server.py server_port block_durationNote that, you do not have to specify the TCP port to be used by the client. You should allow the OS to pick a random available port. Similarly, you should allow the OS to pick a random available UDP source port for the UDP client. Each client should be initiated in a separate terminal as follows:
If you use Java:
java Client server_IP server_port client_udp_port If you use C:
./client server_IP server_port client_udp_port If you use Python:
python client.py server_IP server_port client_udp_portNote: When you are testing your assignment, you can run the server and multiple clients on the same machine on separate terminals. In this case, use 127.0.0.1 (local host) as the server IP address.
Additional Notes
Tips on getting started:
The best way to tackle a complex implementation task is to do it in stages. A good place to start would be to implement the functionality to allow a single user to login with the server. Next, add the blocking functionality for 3 unsuccessful attempts. Then extend this to handle multiple clients. Once your server can support multiple clients, implement the functions for download TempID and upload contact logs. Note that, this may require changing the implementation of some of the functionality that you have already implemented. Once the communication with the server is working perfectly, you can move on to peer-to-peer communication. It is imperative that you rigorously test your code to ensure that all possible (and logical) interactions can be correctly executed. Test, test and test.
Application Layer Protocol:
Remember that you are implementing an application layer protocol for realising contact trace service to counter the COVID-19 pandemic. We are only considered with the end result, i.e. the functionality outlined above. You may wish to revisit some of the application layer protocols that we have studied (HTTP, SMTP, etc.) to see examples of message format, actions taken, etc.
Transport Layer Protocol:
You should use TCP for the communication between each client and server, and UDP for P2P communication. The TCP connection should be setup by the client during the login phase and should remain active until the user logs out, while there is no such requirement for UDP. The server port of the server is specified as a command line argument. Similarly, the server port number of UDP is specified as a command parameter of the client. The client ports for both TCP and UDP do not need to be specified. Your client program should let the OS pick up random available TCP or UDP ports.
Backup and Versioning:
We strongly recommend you to back-up your programs frequently. CSE backups all user accounts nightly. If you are developing code on your personal machine, it is strongly recommended that you undertake daily backups. We also recommend using a good versioning system such as github or bitbucket so that you can roll back and recover from any inadvertent changes. There are many services available for both which are easy to use. We will NOT entertain any requests for special consideration due to issues related to computer failure, lost files, etc.
Language and Platform:
You are free to use C, JAVA or Python to implement this assignment. Please choose a language that you are comfortable with. The programs will be tested on CSE Linux machines. So please make sure that your entire application runs correctly on these machines (i.e. your lab computers) or using VLAB. This is especially important if you plan to develop and test the programs on your personal computers (which may possibly use a different OS or version or IDE). Note that CSE machines support the following: gcc version 8.2, Java 11, Python 2.7 and 3.7. If you are using Python, please clearly mention in your report which version of Python we should use to test your code. You may only use the basic socket programming APIs providing in your programming language of choice. You may not use any special ready-to-use libraries or APIs that implement certain functions of the spec for you.
There is no requirement that you must use the same text for the various messages displayed to the user on the terminal as illustrated in the examples in Section 9. However, please make sure that the text is clear and unambiguous.
You are encouraged to use the forums on WebCMS to ask questions and to discuss different approaches to solve the problem. However, you should not post your solution or any code fragments on the forums.
We will arrange for additional consultation hours in Weeks 7, 8 and 9 to assist you with assignment related questions if needed.
Submission
Please ensure that you use the mandated file name. You may of course have additional header files and/or helper files. If you are using C, then you MUST submit a makefile/script along with your code (not necessary with Java or Python). This is because we need to know how to resolve the dependencies among all the files that you have provided. After running your makefile we should have the following executable files: server and client. In addition, you should submit a small report, report.pdf (no more than 3 pages) describing the program design, the application layer message format and a brief description of how your system works. Also discuss any design tradeoffs considered and made. Describe possible improvements and extensions to your program and indicate how you could realise them. If your program does not work under any particular circumstances, please report this here. Also indicate any segments of code that you have borrowed from the Web or other books. You are required to submit your source code and report.pdf. You can submit your assignment using the give command in a terminal from any CSE machine (or using VLAB or connecting via SSH to the CSE login servers). Make sure you are in the same directory as your code and report, and then do the following:
1. Type tar -cvf assign.tar filenames e.g. tar -cvf assign.tar *.java report.pdf
2. When you are ready to submit, at the bash prompt type 3331
3. Next, type: give cs3331 assign assign.tar (You should receive a message stating the result of your submission). Note that, COMP9331 students should also use this command.
Alternately, you can also submit the tar file via the WebCMS3 interface on the assignment page.
Important notes
The system will only accept assign.tar submission name. All other names will be rejected.
Ensure that your program/s are tested in CSE Linux machine (or VLAB) before submission. In the past, there were cases where tutors were unable to compile and run students’ programs while marking. To avoid any disruption, please ensure that you test your program in CSE Linux-based machine (or VLAB) before submitting the assignment. Note that, we will be unable to award any significant marks if the submitted code does not run during marking.
You may submit as many times before the deadline. A later submission will override the earlier submission, so make sure you submit the correct file. Do not leave until the last moment to submit, as there may be technical, or network errors and you will not have time to rectify it.
Late Submission Penalty:
Late penalty will be applied as follows:
1 day after deadline: 10% reduction
2 days after deadline: 20% reduction
3 days after deadline: 30% reduction
4 days after deadline: 40% reduction
5 or more days late: NOT accepted
NOTE: The above penalty is applied to your final total. For example, if you submit your assignment 1 day late and your score on the assignment is 10, then your final mark will be 10 – 1 (10% penalty) = 9.
Sample Interaction
Note that the following list is not exhaustive but should be useful to get a sense of what is expected. We are assuming Java as the implementation language.
Case 1: Successful Login
Terminal 1
>java Server 4000 60
Terminal 2 >java Client 10.11.0.3 4000 8000(assume that server is executing on 10.11.0.3)
>Username: +61410888888
>Password: comp3331 >Welcome to the BlueTrace Simulator!
Case 2: Unsuccessful Login (assume server is running on Terminal 1 as in Case 1)
Terminal 2
>java Client 10.11.0.3 4000 8000 (assume that server is executing on 10.11.0.3)
>Username: +61410888888
>Password: comp9331
>Invalid Password. Please try again
>Password: comp8331
>Invalid Password. Please try again
>Password: comp7331
>Invalid Password. Your account has been blocked. Please try again later
The user should now be blocked for 60 seconds (since block_time is 60). The terminal should shut down at this point.
Terminal 2 (reopened before 60 seconds are over)
>java Client 10.11.0.3 4000 8000 (assume that server is executing on 10.11.0.3)
>Username: +61410888888
>Password: comp3331
>Your account is blocked due to multiple login failures. Please try again later
Terminal 2 (reopened after 60 seconds are over)
>java Client 10.11.0.3 4000 8000 (assume that server is executing on 10.11.0.3)
>Username: +61410888888
>Password: comp3331
> Welcome to the BlueTrace Simulator! >
Contact us to get python or java socket programming assignment help at:
