



















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Lab; Class: Internetwork Security; Subject: Electrical & Computer Engr; University: Georgia Institute of Technology-Main Campus; Term: Fall 2004;
Typology: Lab Reports
1 / 27
This page cannot be seen from the preview
Don't miss anything!




















Group Number: _________ Member Names: ___________________ _______________________ Date Assigned: Date Due: Last Edited: Lab Authored by: Chulwoo Chu, Nicholas Gibbs, Yu-Kung Ke, Chukwuemeka Okonkwo Please read the entire lab and any extra materials carefully before starting. Be sure to start early enough so that you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due.
This lab assignment is served as an introduction of cryptography techniques. Although cryptography in general is heavily involved with rigorous mathematical theories, which are missing in this lab, you would still gain some fundamental knowledge and concepts of various cryptography mechanisms after completing this assignment.
In this assignment, first we are going to introduce some general methodologies, which are the fundamental operations of implementing cryptography. With the understanding of those methodologies, we are going to examine some commonly used cryptography techniques, which are employed to ensure the confidentiality, integrity and availability of data communications in a public network such as the Internet. The techniques included in the assignment are message digest, private key (a.k.a. symmetric-key) encryption, and public key (a.k.a. asymmetric-key) encryption. For the message digest, the MD5 is going to be our example. For the private key encryption, the RC4 scheme employed in WEP (wired equivalent privacy) of 802.11 wireless networks, and the AES (advance encryption standard) will be discussed and you will have chances to observe the encrypted and decrypted data using the provided programs for RC4 and AES. Finally, two well-known public key encryption schemes, RSA and Diffie-Hellman, will be introduced, and the PGP (pretty good privacy), a secure email protocol, will be used as an application example of public key encryption schemes. ( You will only need your HD, which contains two WinXP, one RH7.2 virtual machines, and a floppy disk to perform all the tasks.)
What is Cryptography? Cryptography comes from 2 Greek words which when translated mean “secret” and “writing”, hence, cryptography is the art of secret writing. [1] Cryptography is based on higher mathematics including the areas of group and field theory, computational complexity, real analysis and probability and statistics. [2] Why is it needed? Cryptography is used to send information between people in such a way that no one else can read it. [1] Terminology and Concepts The original message is known as plaintext or cleartext. The encrypted (scrambled) form of the message is known as ciphertext. Encryption is the process of encoding a message so that its meaning is not obvious (i.e. it is the process of producing ciphertext from plaintext.) Decryption is the reverse of encryption i.e. the process of converting an encrypted message back to its original plaintext. Alternative terms such as encode and decode or encipher and decipher could be used in place of encrypt and decrypt. A system for encryption and decryption is known as a cryptosystem. [2] The relationship is shown in Figure 1 below: The transformation between plaintext and ciphertext can be described using formal notations. We write: C = E(P) and P = D(C), where C = ciphtertext, P = plaintext E = encryption rule, D = decryption rule We want a cryptosystem for which P = D(E(P)) i.e. we want the ability to convert plaintext to ciphertext to ensure confidentiality against intruders but also for the receiver to recover the original plaintext. Sometimes the algorithms for encryption and Plaintext Encryption n Decryption n Ciphertext Original Plaintext Figure1. Encryption and Decryption.
Figures 3 and 4 demonstrates stream and block ciphers. [2] An encryption algorithm should have the characteristics of confusion and diffusion. Confusion: It should be able to transform the plaintext in such a way that it would be practically impossible to be able to predict what would change in the ciphertext by changing a character in the plaintext. An algorithm with good confusion has a complex functional relationship between the plaintext/key pair and the ciphertext; therefore it will take a long time for the interceptor to break the code. Diffusion: It should be able to spread the characters of the plaintext over the entire ciphertext thereby causing any changes in the plaintext to affect many parts of ciphertext. If an encryption algorithm has good diffusion, then it means that the interceptor needs access to a lot of the ciphertext in order to infer the algorithm. [2] Examples of Symmetric Stream and Block Ciphers A stream cipher can easily be created by substitution of each character in the plaintext with another character or symbol. There are two types of substitution: monoalphabetic and polyalphabetic. As its name suggests, monoalphabetic (or simple) substitution encrypts and decrypts via a single alphabet. The relationship between alphabets Plaintext Encryption n Decryption n Ciphertext
wdhuw… XN OI TP YR CN ba qc kd em mc Figure 3. Stream Cipher Encryption Figure 4. Block Cipher Encryption Key (Optional)
(encryption/decryption scheme) is a 1 to 1 function that maps characters from plaintext to ciphertext. The Caesar Cipher , used by none other than Julius Caesar himself, employs monoalphabetic substitution. Caesar encrypted a plaintext letter by shifting it 3 places, so that plaintext character A (the 1st^ letter) would become ciphertext character D (the 4th letter). Pre-lab Question 1: Decrypt the following ciphertext using the Caesar Cipher: ZHOFRPH WR WKH UHDO ZRUOG Note that the Caesar Cipher is a keyless cipher, and uses a very elementary substitution scheme. It is desirable to create more complicated mappings. One option is to use a key, followed by the rest of the alphabet in an easy to remember format: plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ ciphertext: keyword abcfghijlmnpqrstuvz Obviously, it is better to have a longer key. Another option [2] is to map letters in multiples of three: plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ ciphertext: adgjmpsvybehknqtwzcfilorux If it helps, think of the cipher as this function: π(λ) = (3 * λ) mod 26, where λ is plaintext letter number, A being 0, Z being 25. Anyway, you get the picture: the more complex the mapping the better the confusion characteristic. Although substitution can be rather quickly encrypted and decrypted, one of the major disadvantages is easy recognition of letter frequency (and word length). Understanding which plaintext letters appear most can allow for faster cryptanalysis (and higher scores on “Wheel of Fortune”). Polyalphabetic substitution mitigates this frequency distribution problem by employing multiple alphabets for encryption and decryption. For example, one alphabet is used to encipher the odd characters in the plaintext, while another alphabet is used for the even characters [2]. One famous example, the Vigenère Tableau, uses 26 alphabets, all combinations of the plaintext alphabet. Ideally, the perfect substitution cipher would use infinitely many, non-repeating alphabets. This cipher would have the benefit of preventing a repeated plaintext phrase from having the same corresponding ciphertext [2]. A one-time pad (OTP) is a long random string, divided into keys and XOR’d to a plaintext message to create the ciphertext [1]. Think of each key as being written on a sheet, glued to a pad, and discarded once used. An OTP effectively creates a key as long as the plaintext.
A message digest (also known as hash) in a one-way function, which takes an input message and produce an output. It is considered one-way because it is not practical to figure out what input correspond to a given output. For a message digest function to be considered cryptographically secure, it is must be computationally infeasible to find a message that has a given pre-specified message digest, it similarly should be impossible to find two messages that have the same message digest (a mathematical term, collision , is referred to such a situation). An example use of a message digest is to fingerprint a program or document to detect any modification of it (Recall, during the Lab 8 Firewall, a new MD5 message digest was generated each time after you save the change that you made on the content of configuration files; and a careful network administrator should save such message digest as an integrity check of configuration files.) Another use of message digest is that message digiest is in practicce combined with digital signature. In section 4.1, we will describe how we could generate a digital signature using a public- private key encryptiong scheme. Instead of signing the whole mesaage, one could first generate the meaage digest of a message and only sign the resulting message digest. It is efficient because a message digest algorithm is in general faster than an encryption scheme, and the message digest of a (lengthy) message is always 128-bits long. MD5 is one of a series of message digest algorithms designed by Ronald Rivest of MIT (Rivest, 1994). When analytic work indicated that MD5's predecessor — MD4— was likely to be insecure, MD5 was designed in 1991 to be a secure replacement; weaknesses were indeed subsequently found in MD4 by Hans Dobbertin. In 1996, Dobbertin announced a collision of the compression function of MD5 (Dobbertin, 1996). This was not quite an attack on the full MD5 hash function, but it was close enough for cryptographers to recommend switching to a replacement, such as secure hash algorithm (SHA-1) proposed by National Institute of Standards and Technology (NIST). In August 2004, Chinese researchers found collisions for MD5. It is still unknown how this discovery will affect the widespread use of MD5. MD5 processes a variable length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks; the message is padded so that its length is divisible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit integer representing the length of the original message. The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words, denoted A , B , C and D. These are initialised to certain fixed constants. The main algorithm then operates on each 512-bit message block in turn, each block modifying the state. The processing of a message block consists of four similar stages, termed rounds ; each round is composed of sixteen similar operations based on four primitive functions F , G , H , I , modular addition, and left rotation. Figure 5 shows the main loop of MD proceedings. Figure 6 shows the example of one operation in a round. In this example,
constant; finally this operation outputs a new message digest “ B ” The complete MD message digest algorithm, which illustrats the 64 operations in detail, could be found in IETF RFC1321 (http://www.ietf.org/rfc/rfc1321.txt ). Figure 5. The main loop of MD5 proceeding. Figure 6. Example of one operation within a round.^1 The 128-bit MD5 message digests are typically represented as 32-digit hexadecimal numbers. (^1) http://en.wikipedia.org/wiki/Md
There are several security concerns with RC4’s implementation in WEP1 and OpenSSL:
We’ll be using the CipherSaber-1 implementation of RC4 to encrypt and decrypt files. For more information on CipherSaber, see http://ciphersaber.gurus.com/ A cryptanalysis of the implementation can be found at: http://ciphersaber.gurus.com/cryptanalysis.html The CipherSaber-1 implementation uses a 10 byte IV and recommends a user-defined key of 54 characters or less. (Since we’re dealing with ASCII text, bytes, instead of bits, are used for the actual key.) A different IV is generated and appended to the beginning of each encrypted file, and must be read-in for decryption of the file. The user-defined key for the files should be securely shared (e.g. via face-to-face or PGP) between the communicating parties. Because of security concerns about RC4, no more than 1000 messages should be sent using the same user-defined key. CipherSaber-2 addresses these issues, but is not needed for this exercise. Since CipherSaber takes pride in its simplistic design, we could ask you to code it. But, isn’t it easier to use somebody else’s (freely distributed) work? First, on the WinXP machine, Select Start->Run Type \57.35.10.10\secure_class The username and password are both secure_class. Copy the /LabXX/ ciphersaber.exe (CipherSaber v.6) to your WinXP machine. You could also download it from: http://xorksplace.port5.com/windows.html Second, copy and untar the Linux version on your RedHat 8.0 machine: (You could also download it from: http://xorksplace.port5.com/linux.html) On your RedHat 8.0 machine # mount /mnt/nas4112/ # password: secure_class # cp /mnt/nas4112/LabXX/ciphersaber.tar.gz # tar xvfz ciphersaber.tar.gz # cd ciphersaber Create a text file and copy/paste your favorite paragraph of text. Run the CipherSaber program on the text file o # ./cs file.txt Enter a pass phrase of your liking View your text file o # more file.txt Take Screenshot 2 of the console
Notice your encrypted file now has the “.cs” extension appended to it Copy the encrypted file onto a disk o # mount /mnt/floppy o # cp file.txt.cs /mnt/floppy o # umount /mnt/floppy Tell your fellow team member the pass phrase. On your WinXP machine: Double-click on ciphersaber.exe and install the program Double-click on the CipherSaber desktop shortcut Click the Browse button and select file.txt.cs from the floppy drive Let your fellow team member enter the passphrase Select the Decrypt radio button and click on the Decrypt button The decrypted file “file.txt” will be written onto the floppy disk Take Screenshot 3 of the decrypted file Question 1: In the procedure you just followed, what is the primary weakness of this confidential transfer of information?
The Advanced Encryption Standard ( AES ), also known as Rijndael , is a block cipher adopted as an encryption standard by the US government, and is expected to be used worldwide and analysed extensively, as was the case with its predecessor, the Data Encryption Standard (DES). It was adopted by National Institute of Standards and Technology (NIST) as US Federal Information Processing Standard (FIPS) PUB 197 (http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf) in November 2001 after a 5- year standardisation proces. AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits, whereas Rijndael can be specified with key and block sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits. AES operates on a 4×4 array of bytes, termed the state (versions of Rijndael with a larger block size have additional columns in the state). For encryption, each round of AES (except the last round) consists of four stages: SubBytes — A non-linear substitution step where each byte is replaced with another according to a lookup table call S-box. S-box was derived from the calculations of binary polynomials based on some mathmetical theories. ShiftRow s — A transposition step where each row of the state is shifted cyclically a certain number of steps. MixColumns — A mixing operation, which operates on each column of the state, combining the four bytes in each column using a linear transformation, outputs a new column of the state. A lookup talbe, derived from the calculations of binary polynomials based on some mathmetical theories, is available.
On Windows, you can use WinZIP.
type “This is a test which is for AES ece 4112 ” (without the quotes)
login with a username/password you had created. ( If not you need to add a user to R.H 7.2 using “useradd” and “passwd” i.e., # useradd ece
Transfer the plaintext file to the R.H 7.2 machine
It should give you an error message saying HMAC check failed (wrong key ?). Now, we shall try and modify the ciphertext and see if it notices
Why would we need public key signatures? What is wrong with a secret key MAC (a MAC generated using secret key cryptography, and not a Hash)? The reason is because in order for a recipient to verify a MAC they would need to know the same secret that was used to create it. Hence, anyone who can verify a MAC can also generate one. Not only that, they could even substitute a totally different message and corresponding MAC. In the case of public key signatures, one only needs to know the public key in order to verify the signature. So ‘Alice’ can sign a message by generating a signature only she can generate (using her private key), and other people can verify that it is Alice’s signature (with her public key), but no one can forge her signature since only Alice knows her private key. [1]
Public key cryptography can do anything secret key cryptography can, but is much slower. As a result, it is normally used together with secret key algorithms. Public key cryptography could be used at the beginning of communication for authentication and to establish a temporary shared secret key (a.k.a. a session key). The secret key is then used to encrypt the remainder of the conversation using secret key technology (which is much faster than public key technology). [1] Transmitting Over an Insecure Channel Let Alice’s pair be and Bob’s key pair be . Assume that Alice knows Bob’s public key and Bob knows Alice’s public key. Messages can be transmitted between them as follows: Alice Bob encrypt mA using eB decrypt to mA using dB decrypt to mB using dA encrypt mB using eB Figure PK 2 Authentication Public key cryptography can also be used to provide authentication. If Alice knows Bob’s public key, she can verify Bob’s identity by choosing a random number r, encrypting it using Bob’s public key eB, and sending the result to Bob. Bob proves he knows dB by decrypting the message and sending r back to Alice. [1] Alice Bob encrypt r using eB decrypt to r using dB r Figure PK 3.
Digital Signatures Public key technology can be used to prove that a message was generated by a particular individual. Bob’s signature for a message m can only be generated by someone with knowledge of Bob’s private key and the signature depends on the contents of m. If m is modified in any way, the signature no longer matches. Digital signatures thus provide two important functionalities:
Modular arithmetic uses integers which are non-negative and less than some n (n > 0), and performs ordinary arithmetic operations (e.g. add, multiply), replacing the result with its remainder divided by n. Such a result is to be modulo n or mod n. “x mod n” means the remainder of x when divided by n. Using mod n, means that the answer would always be between 0 and n-1 e.g. mod 5, means .the answer will always be between 0 and 4. Modular Addition Example using mod 10 addition. 3 + 5 = 8 5 + 5 = 0 3 + 9 = 2 2 + 3 = 5 An additive inverse of x is the number you add to x to get 0. E.g. the additive inverse of 2 is 8 since in mod 10 arithmetic, 2+8 = 0. So if the secret key were 2, then to encrypt, we add 2 (mod 10) and to decrypt we’d add 8 (mod 10). [1] Modular Multiplication Example using mod 10 multiplication. Some numbers could be considered good ciphers (e.g. 1,3,7,9) because they perform 1-to-1 substitutions of the digits. But other numbers won’t work e.g. 5 (note that 52 and 54 both map to 0 mod 10, and are thus not unique). In ordinary maths, the multiplicative inverse of x is 1/x. However, mod arithmetic can only have integers (no fractions). As a result, in mod arithmetic, the multiplicative inverse of x (written as x-1) is the number by which you’d multiply x to get 1. In mod 10, only 1,3,7,9 have multiplicative inverses e.g (7 is the multiplicative inverse of 3, 1 and 9 are, there own inverses respectively). Multiplication mod n can be used as a cipher in that we can scramble the digits by multiplying by x and get back the original digits by multiplying by x-1. The Euclid’s Algorithm can be used to efficiently find inverses mod n.
Why RSA Works Recall n = pq. Ф(n) = (p-1)(q-1). d and e are chosen such that de = 1 mod Ф(n), since e and d are multiplicative inverses of each other (recall the definition of multiplicative inverse in mod n arithmetic). Therefore for any x, xde^ = x mod n (recall the Note: under modular exponentiation). Encryption performs xe. Decryption takes that and raises it by d i.e. (xe)d^ which is the same as x. Similar reasoning can be done for signatures. [1] Why is RSA Secure? The reason is based on the Fundamental Tenet of Cryptography – many smart people have tried, all have failed. The real premise of its security is due to the fact that factoring large numbers is hard. The best-known factoring methods are very slow. Factoring a 512- bit number would take pretty much forever right now (~ 30 thousand MIP-years, where MIP – Million Instructions Per second). A better technique would be to wait a few years and then use the best known technique of that time. In other words, if you can factor quickly, you can break RSA. [1]
This is the oldest public key scheme still in use today. It does neither encryption nor signatures. What it does is allow two individuals to agree on a shared key, by exchanging messages in public. No one else can figure out the secret based on the messages they overhear between the two participants. Neither participant has any secrets to begin with, yet at the end of the exchange (which consists of only 2 messages), they both will know a secret number. Such a secret number can then be used with secret key cryptography like DES for encryption. Diffie-Hellman is therefore used for key establishment. To begin, there are two numbers p and g. p is a large prime number and g < p. Both numbers could be publicly known. Once Alice and Bob agree on p and g, both choose a random 512-bit number and keep it secret. Alice choose random number SA and Bob chooses random number SB. Alice computes TA = gSA^ and Bob computes TB = gSB^ i.e. both raise g to their secret number. They exchange Ts. Finally both raise the received T to their secret number. The algorithm is shown below: Alice picks SA at random. Bob picks SB at random Alice computes TA = gSA^ mod p. Bob computes TB = gSB^ mod p. They exchange Ts. TA TB. Alice computes TBSA^ mod p. Bob computes TASB^ mod p Both come up with the same number because TBSA^ = (gSB)SA^ = gSBSA^ = gSASB^ = (gSA)SB^ = TASB^ mod p It works as a result of the Fundamental Tenet of Cryptography. It is difficult to compute discrete logarithms i.e. figure out SA and SB from seeing only gSA^ and gSB. Hence no one can calculate gSASB^ even though they know gSA^ and gSB. Recall: gSASB^ is NOT gSA*gSB which would have been gSA+SB. [1]
The Bucket Brigade/Man-in-the-Middle Attack Due to the fact that the Diffie-Hellman protocol does not perform authentication, it is susceptible to the bucket brigade/man-in-the-middle attack. In this case, Eve impersonates Alice to Bob and Bob to Alice. Since there is no authentication, Alice and Bob do not know if they are really talking to each other. Assume Eve’s secret is SE and Alice’s and Bob’s keys are SA and SB respectively as described above. The diagram is shown below. Alice Eve Bob gSA^ gSE^ gSB Alice sends gSA^ to “Bob” Eve sends gSE^ to Alice and Bob i.e. both ways Bob sends gSB^ to “Alice” Alice and Eve now have shared key KAE i.e. gSASE^ = gSESA Bob and Eve now have shared key KBE i.e. gSBSE^ = gSESB Eve can now receive messages from Alice to Bob, decrypt and view them using KAE and then send them to Bob, encrypting the message with KBE. The name bucket brigade attack comes from the way firefighters of old formed a line of people between a water source and a fire, passing buckets of water towards the fire and empty buckets back. However, the term man-in-the-middle has become more common. [1] Q. What are some defenses against Man-in-the-Middle Attack? (hint: think of how you can use another public key scheme to protect this exchange).
PGP – pretty good privacy, uses public key encryption to securely transmit email across a network. We shall use it to demonstrate the difference between encrypted and unencrypted mail. We shall be using the two WinXP machines to send emails to each other. Do the following for both your WinXP machines. Select Start->Run Type \57.35.10.10\secure_class The username and password are both secure_class. Copy the /LabXX/ PGP810-PF-W.zip to your WinXP machine. (You could download the zip file from http://www.pgp.com/downloads/freeware/index.html )