experiential learning in cryptography and mapping into ia...
TRANSCRIPT
Experiential Learning in Cryptography and Mapping into IA Curriculum
July 24-25, 2011
University of Tennessee at Chattanooga Southern Polytechnic State University Tuskegee University
Sponsored by NSF-CCLI # 0942581
Table of Contents1.1 Lab - Encryption Using Classical Techniques..........................................................................................2
1.2 Lab on Frequency Analysis.....................................................................................................................3
2.1 Lab on encryption using binary/byte addition.......................................................................................7
2.2 Encryption using binary Exclusive-OR (XOR)........................................................................................14
2.3 Triple DES with CBC mode and Weak DES keys...................................................................................18
2.4 Lab on Testing Different Modes in Symmetric Ciphers........................................................................23
3.1 Lab on RSA Encryption and Factorization Attacks................................................................................25
3.2 Lab on Short Message RSA Attacks and Padding.................................................................................46
3.3 Lab on RSA Timing Attacks...................................................................................................................47
4.1 Lab on hash generation and sensitivity of hash functions to plaintext modifications.........................49
4.2 Lab on Hash Function..........................................................................................................................53
5.1 Lab on Digital Signature Visualization..................................................................................................54
5.2 Lab on RSA Signature...........................................................................................................................60
5.3 Lab on Attack on Digital Signature/Hash Collision...............................................................................67
5.4 Lab on Digital Signature.......................................................................................................................70
6.1 Lab on Writing a Simple Certificate Authority.....................................................................................71
Crypto Case 1: How Do You Secure BlackBerry Devices?...........................................................................72
Crypto Case 2: Do You Trust Others in Virtual Environment?....................................................................73
Crypto Case 3: Ensure the validity of Forensic Evidence by Using a Hash Function...................................74
Crypto Case 4: How Do You Secure Patient Data?.....................................................................................75
Crypto Case 5: Is SSL/TLS Enough to Secure E-commerce?.......................................................................76
List of participants.....................................................................................................................................77
1
1.1 Lab - Encryption Using Classical TechniquesIn this project you will develop a program to encrypt plaintext text given a keyword. The plaintext will be encrypted by Playfair cipher and the cipher text is displayed for a user.
Playfair Cipher (description taken from William Stallings “Cryptography and Network Security, Principles and Practice) is the best-known multiple letter encryption cipher, which treats diagrams in the plaintext as single units and translates these units into cipher text diagrams. (This cipher was actually invented by British scientist Sir Charles Wheatstone in 1854, but it bears the name of his friend Baron Playfair of St. Andrews, who championed the cipher at the British foreign office.)
The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a keyword. Here is an example:
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time according to the following rules:
1. Repeating plaintext letters that would fall in the same pair are separated with a filler letter, such as x, so that balloon would be enciphered as ba lx lo on.
2. Plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last. For example ar, is encrypted as RM.
3. Plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the row circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter is replaced by the letter that lies in its own row and column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM).
2
1.2 Lab on Frequency AnalysisThe cryptanalyst can benefit from some inherent characteristics of the plaintext language to launch a statistical attack. For example, we know that the letter E is the most frequently used letter in English text. The cryptanalyst finds the mostly-used character in the ciphertext and assumes that the corresponding plaintext character is E. After finding a few pairs, the analyst can find the key and use it to decrypt the message. To prevent this type of attack, the cipher should hide the characteristics of the language. Table 1 contains frequency of characters in English.
Table 1 Frequency of characters in English
Cryptogram puzzles are solved for enjoyment and the method used against them is usually some form of frequency analysis. This is the act of using known statistical information and patterns about the plaintext to determine it. In cryptograms, each letter of the alphabet is encrypted to another letter. This table of letter-letter translations is what makes up the key. Because the letters are simply converted and nothing is scrambled, the cipher is left open to this sort of analysis; all we need is that ciphertext. If the attacker knows that the language used is English, for example, there are a great many patterns that can be searched for. Classic frequency analysis involves tallying up each letter in the collected ciphertext and comparing the percentages against the English language averages. If the letter "M" is most common then it is reasonable to guess that "E"-->"M" in the cipher because E is the most common letter in the English language. These sorts of clues can be bounced off each other to derive the key and the original plaintext. The more collected cipher text the attacker has, the better this will work. As the amount of information increases, its statistical profile will draw closer and closer to that of English (for example). This sort of thing can also be applied to groups of characters ("TH" is a very common combination in English for example). The example frequency analysis image above was performed on the first three sentences of this paragraph turned into a cryptogram. As you can see, the English language is very predictable with regard to letter frequency and this can exploited in some situations to break ciphers.
3
The goal of this lab is to gain a better understanding of a statistical attack by programming some of the important components to analyze/manipulate arrays of characters. You will be given an almost fully working C# .NET application (contained in CPSC4600-Lab1.zip). To get this application fully working, you will need to implement the empty methods. After these methods are complete, the program can then be used to complete the remainder of the lab. You do not need to change any of the UI code to get this working, only methods in the Encryption.cs class.
Getting Started-Open up Visual Studio 2008. (If you do not have a copy for your own computer, it is available through the Microsoft Academic Alliance Program as well as Microsoft’s Dreamspark web site)
-Open up the .sln file in StatisticalAnalysis folder with Visual Studio 2008
-The project’s contents will be listed on the right-hand side of the IDE.
-MainForm.cs is the UI code that can be left alone (if you would like to tinker with it, you may want to work on a copy)
-StatisticalAnalysis.cs contains the methods you will need to implement in order to finish the lab. C# is very much like Java, if you have any questions about the language MSDN is a great resource (http://msdn.microsoft.com/en-us/vcsharp/aa336809.aspx)
4
Fill In The Code…Read the descriptions and hints carefully and fill in the missing methods in StatisticalAnalysis.cs.
// Pre-conditions: a class char[] called Transformation exists // in the class; the value p is an input parameter // Post-conditions: the contents of the class char[] called // Transformation has been shifted by p characters // (make sure it wraps around!) // HINT: the modulus operator is % public void ShiftTransformationArray(int p)
// Pre-conditions: a static char[] called Alphabet of length 26 // containing the alphabet (in UPPER CASE!!), // and the string inputStr is an input parameter // Post-conditions: an int[] of length 26 is calculated, where // each value in the integer array is the // number of occurrences (the frequency) // the corresponding letter occurred in InputStr public static int[] DetermineLetterFrequencies(String InputStr)
// Pre-conditions: character p is the character to be found arr1 // arr1 is the array to search through // arr2 is the array to return a character from // Post-conditions: Search through arr1 to find the character p, and // return the corresponding character in arr2 private char FindInCorrArray(char p, ref char[] arr1, ref char[] arr2)
Lab Questions1. What type of cipher is this program useful for breaking?
2. In this type of cipher, the relationship between characters in the plaintext and characters in the ciphertext is __________.
3. List the frequencies for the top 4 characters found in the given ciphertext:
MKLAJZHAIUQWKHJABZNXBVHAGKFASDFGALQPIWRYIOQYWIERMASVZMNBZXCKJASDFGLKJFHWQERYIOQWTYIOASUDYFLASKJDHFZMZVBCXMVQLWERYIQRASDFQIWUERYIHKMFMAKHLSDFYUIOQWYREIORYIWQEUFHAKDFHLKASHFKVBBBNASMDFSADFWQEUYRUUEYRUUUQKASJHFKJDSHFSNBNBNBNBABABAAASKJFHLKJSADHFIDUASFOYDASIYFQWERBQWBRKLJLKASSADFDFDASDA
4. Break the cipher text given in the following. What is the plaintext? What is the key?
5
OTWEWNGWCBPQABIZVQAPMLJGZWTTQVOBQUMAPMIDGZCAB
EQVBMZLZIXMLAXZQVOQVLMMXAVWEIVLLIZSNZWAB
JQZLWNLMTQOPBVIUMLGWCBPAEQNBTGTMNBBPMVMAB
ITIAKWCTLVBBQUMQBEPQTMQBEIAQVUGBZCAB
What To Turn in:A zip file named lastname_firstname_Lab1.2.zip, containing:
- StatisticalAnalysis.cs
- A text file or Word document containing yours answers to the Lab Questions
- If you changed any other files in your project, please include them as well
6
2.1 Lab on encryption using binary/byte additionUnder this encryption algorithm, the key entered is added character by character (byte by byte) to the data to be encrypted. Here addition modulo 256 is used, i.e. so that any carry-overs are ignored. The key is applied cyclically (as under the Vigenère encryption algorithm and also with the Exclusive-OR), i.e. once all the characters (bytes) of the key have been used, the algorithm reverts to the first character until the text has been completely encrypted.
To decrypt the text, the characters of the key have to be subtracted from the encrypted text modulo 256.
If one knows the characters which occur most frequently in the plaintext, it is then possible to work out the key with the aid of a computer (and hence also the plaintext) (see Automatic analysis, Byte Addition).
The key used for Binary Addition is entered in the Key entry dialog.
This encryption algorithm can be easily broken with a Ciphertext-Only attack (see Automatic analysis, Byte Addition). An example of this will be found in the Examples chapter.
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
2. Click “Analysis\Tools for Analysis\Histogram”.
7
We can see from the histogram that the character which occurs most frequently is the letter E. This is true of many German and English texts. This information will be used later on during our attack.
3. Close the histogram dialog. Choose from menu “Encrypt/Decrypt\Symmetric\Byte Addition”.
4. Enter 12 34 AB CD as the key and click Encrypt.
The encrypted message shows up:
8
5. cipher text only attack will be performed. Choose from menu “Analysis\Symmetric\Ciphertext-only\Byte Addition”.
We are told that key length is calculated to be 4. The commonest character is E with hexadecimal value of 45. If we look at the plaintext, the most frequently character is e with hexadecimal value of 65. We enter into the Expected most common character field in the Byte-by-byte Addition Analysis box 20 (=65-45).
6. Click “Continue”, CrypTool has been able to find the key. The only information was needed to do this was the fact that the character which occurred most frequently in the plaintext was the lower case letter e.
7. Click the “Decrypt” button shows the plaintext.
9
8. If the text is compressed prior to encryption then we will not be able to draw any conclusions from the frequency distribution of the characters in the text about the frequency distribution of the compressed text, since the compression process not only reduces size of a file but alters the frequencies of the individual characters so that they no longer reflect the frequencies of the characters in the original text. To compress the document, we make startingexample-en.txt active again. And select “Indiv. Procedure\Tools\Compress\Zip”, the rate of compression is displayed.
9. Click “OK”, the compressed document is shown.
10. Click “Analysis\Tools for Analysis\Histogram” to see its histogram. The compression produces a quite different histogram profile from the one previously obtained for the uncompressed document. The characters are much more evenly distributed than in the unencrypted document.
10
11. Make the compressed document the active window once again and the encrypt it using the same key 12 34 AB CD.
12. Click “Encrypt”.
13. We invoke the analysis again by choosing from menu “Analysis\Symmetric\Ciphertext-only\Byte Addition”.
11
CrypTool returns an incorrect key length of 12.
Given this key length, it is not possible to find the correct key either.
14. We will check whether it is possible to arrive at a readable version of the text document from the compressed and then encrypted document. We will provide the key and then unzip.
We will make the compressed and encrypted document the active window again. Choose from menu “Encrypt/Decrypt\Symmetric\Byte Addition”.
15. Enter 12 34 AB CD as the key and click Decrypt.
12
16. Choose from menu “Indiv. Procedure\Tools\Compress\UnZip”, and the original text is displayed.
13
2.2 Encryption using binary Exclusive-OR (XOR)1. Open file CrypTool.bmp from “C:\Program Files (x86)\CrypTool\examples”.
2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \ Histogram”.
You can see from the histogram that the character which occurs most frequently has the value 255. In hexadecimal notation this corresponds to FF. This information will be used later on during our attack.
3. Click on the window of “CrypTool.bmp”. And click “Encrypt\Decrypt/Symmetric/XOR” from menu.
14
4. Enter 12 34 56 78 as the key.
5. Click “Encrypt”
6. We will perform the cipher-text only attack. Select “Analysis\Symmetric Encryption\Ciphertext-Only\XOR”.
15
The autocorrelation is calculated and displayed. We are told that the key length is calculated to be 4. As we have seen in step 2, the most commonest character is FF. This we enter in the Expected most common character field.
7. Click “Continue”.
8. Click “Decrypt”.
16
9. If we compress the document before encryption. By clicking “Indiv. Procedure\Tools\Compress\Zip”.
10. Select “Analysis\Tools for Analysis \ Histogram”, which produces a quite different histogram from the one previously obtained for the uncompressed picture in bitmap format.
11. Encrypt the compressed document by selecting “Encrypt\Decrypt/Symmetric/XOR” from menu and use 12 34 56 78 as the key.
12. We will perform the analysis. Select “Analysis\Symmetric Encryption\Ciphertext-Only\XOR”. CrypTool returns incorrect key length.
17
2.3 Triple DES with CBC mode and Weak DES keys1. Open file “CrypTool-en.txt” from “C:\Program Files (x86)\CrypTool\examples”.
2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \ Histogram”.
3. Encrypt the document by selecting “Encrypt/Decrpt\Symmetric (modern)\Triple DES (CBC)”.
4. Use 12 34 AB CD as the key.
5. Click the Encrypt button.
18
6. Look at histogram of the encrypted document, which bears no resemblance to the histogram of the unencrypted document.
7. The autocorrelation exhibits no regularity which may provide a clue as to the key length.
19
8. The decryption of the document functions like encryption except that the Decrypt button is clicked.
9. We want to determine the key from the encrypted document using a brute-force attack.
Select “Analysis\Symmetric Encryption (modern)\Triple DES (CBC)” from menu. Enter ** ** AB CD 00 00 00 00 00 00 00 00 00 00 00 00 as the key.
10. Click “Start”.
20
11. The first one returns readable results. Click “Accept selection”. The original plaintext shows up.
Weak DES Keys
1. Click Encrypt/Decrypt\Symmetric(modern)\DES(ECB) when CrypTool-en.txt is open. Enter 01 01 01 01 01 01 01 01 as the key.
21
2. Click “Encrypt” button.
3. Repeat step 1 using the same key. Plaintext shows up on the right.
22
2.4 Lab on Testing Different Modes in Symmetric Ciphers
Symmetric key cryptography provides several modes of operation, including Electronic Codebook (ECB), Cipher-Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR), as shown in Figure 1. Modes of operation have been devised to encipher text of any size employing either DES or AES. Two important properties of these encryption modes that this lab will explore are pattern preservation and error propagation. Pattern preservation means that a block of plaintext is encrypted into a block of cipher text the same way every time; e.g. if Eve finds out that cipher text blocks 1, 5, and 10 are the same, she knows that plaintext blocks 1, 5, and 10 are the same. Error propagation means that a single bit error in transmission of a cipher text block creates errors in not only the decryption of the affected block, but propagates to the following blocks of the message.
Figure 1. Modes of Operation
Lab Tasks
Create an application to encrypt and decrypt messages using DES or AES ciphers using a programming language/cryptographic package of your own choice. Java has a mature offering in the form of its Java Cryptography Extension, which is integrated with the Java 2 SE SDK. An article on using AES with Java can be found here:
http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html. BSAFE from RSA is available under share project. You can choose a language/package that allows for the selection of operation mode (ECB, CBC, etc.) for encryption/decryption.
23
Task 1 Implement DES and AES ciphers.
Create an application in the language of your choice that implements encryption of a plaintext series of bytes, and decryption of the created cipher text.
Task 2 Investigate Properties of Modes in DES and AES
Your application should use either AES or DES encryption, and employ each of the following algorithm modes: ECB, CBC, CFB, OFB, and CTR. Your application should test pattern preservation by encrypting plaintext that includes a pattern, and examining the cipher text to see if the pattern is preserved. Your program should test error propagation by modifying one byte of the cipher text prior to decryption, and then examining the decrypted plaintext. The output from your program should resemble the following:
opmode: CFB
input : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 00 01 02 03 04 05 06 07
cipher: 61 a1 f8 86 ff 9b c7 09 4f c0 bc 1b 17 3a d7 bb c7 d7 1a 36 61 45 dd a8
Modifying random byte: bb->ba
plain : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0e 34 8b 0c bf fb 7f 9c de
Prepare a written report of your examination of the two discussed properties of the different cryptographic modes of operation. Include a completed version of the table below in your report (fill in each block with a yes, no, or other comment). Include the source code of your application with your report.
ECB CBC CFB OFB CTR
Pattern preservation
Error propagation
Hint:
To test pattern preservation property, you can include repeated blocks in your plaintext and observe the results of cipher text.
To test error propagation property, you can encrypt plaintext first and then modify one bit in ciphertext and check the decryption results.
24
3.1 Lab on RSA Encryption and Factorization AttacksEncryption or decryption of messages using the RSA key pair.
1. Select Individual Procedures/RSA Cryptosystem/RSA Demonstration
2. Enter the RSA key p=47, q=79, e=37. The parameters N = p*q=3713 and phi(N)=3588 and d=97 are calculated.
25
3. Click Alphabet and number system options
26
4. Choose specify alphabet under Alphabet Options and number system under Method for coding of text into number. Enter 2 in Block length in characters.
27
5. To confirm your entries, click on OK. You can now enter the input the text, “WORKSHOP AT CHATTANOOGA”, in the input line and click on the Encrypt button.
28
6. To decrypt, copy text in Encryption into ciphertext 1999 # 3408 # 2545 # 2798 # 0001 # 3284 # 3613 # 1404 # 2932 # 0208 # 1095 # 3306 to input text area. And click Decrypt button.
29
Encryption of the message with block length 1 v.s. encryption of the message with block length 2.
1. Create the RSA key p=251, q=269, e=65537. The value of N is , the value of phi(N) is , the value of private key d is .
30
2. Click Alphabet and number system options
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block into numbers and 1 in Block length in characters.
31
3. To confirm your entries, click on OK. You can now enter the input the text, “RUBY FALLS!”, in the input line and click on the Encrypt button.
32
The encrypted version of this is the number sequence is
The number “#” serves here to visually split up the individual numbers. If you insert these numbers into the input line and then choose Decrypt, the original plaintext will be restored.
4. Click Alphabet and number system options
33
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block into numbers and 2 in Block length in characters.
5. To confirm your entries, click on OK.
34
6. You will receive a cipher text that is only half as long:
35
Attack on RSA encryption with short RSA modulusThe analysis is performed in two stages: first of all the prime factorization of the RSA modulus is calculated using factorization, and then in the second stage the secret key for encryption of the message is determined. After this, the cipher text can be decrypted with the cracked secret key.
We will figure out plaintext given
RSA modulus n = 63978486879527143858831415041
Public exponent e = 17579
Cipher text = 45411667895024938209259253423, 16597091621432020076311552201, 46468979279750354732637631044, 32870167545903741339819671379
1. Factorization of the RSA modulus with the aid of prime factorization.
To break down the natural number, select menu sequence Indiv. Procedure/RSA Cryptosystem / Factorization of a Number.
2. The two components of the public key is
RSA modulus n = 63978486879527143858831415041
Public exponent e = 17579
Enter n=63978486879527143858831415041 as input and click Continue.
36
It is interesting to see which procedure broke down the RSA modulus the fastest.
2. Calculate the secret key d from the prime factorization of n and the public key e:
With the knowledge of the prime factors p = 145295143558111 and q = 440334654777631 and the public key e = 17579, we are in a position to decrypt the ciphertext.
3. Open the next dialog box via menu selection Indiv. Procedure/RSA Cryptosystem/RSA Demonstration:.
4. Enter p = 145295143558111 and q = 440334654777631 and the public key e = 17579.
5. Click on Alphabet and number system options and make the following settings:
37
Alphabet options: Specify alphabet
RSA variant: Normal
Method for coding a block into number: Number system
Block length: 14
Number system: Decimal
6. Enter the following cipher text in the input text field. And click Decrypt button.
45411667895024938209259253423,16597091621432020076311552201,46468979279750354732637631044,32870167545903741339819671379
38
Check your results: “NATURAL NUMBERS ARE MADE BY GOD”
39
Side Channel Attack to RSA:
1. Select from menu: “Analysis” \“Asymmetric Encryption” \“Side-Channel Attack on Textbook RSA”
2. Click “Introduction to the scenario”.
40
3. Click “Perform preparation” and click “OK”
4. Click “OK” again.
41
5. Click “Generate session key” and “Session Key”. The generated session key is “9E B7 61 D9 E4 F9 34 AA 91 F7 C4 CB 56 7D 98 88”.
6. Click “Select asymmetr. key”.
7. Select Bob’s key and click “OK”.
42
8. Click “Encrypt document symmetry.”, “Encrypt session key asymmetry.” and “Save”.
43
9. Click “Transmit message” and “Decrypt message”.
10. Enter 1234 and click “OK”.
11. Click “Intercept message” and “Start attack cycle”.
44
12. Click “All steps at once” button.
13. Click “OK” and icon of Trudy (Attacker).
45
The session key is 9EB761D9E4F934AA91F7C4CB567D9888 which matches the one generated in Step 5.
46
3.2 Lab on Short Message RSA Attacks and PaddingIn short message attack of RSA, if it is known that Alice is sending a four-digit number to Bob, Eve can easily try plaintext numbers from 0000 to 9999 to find the plaintext. Therefore, short message must be padded with random bits. If you are Eve, show that you are able to find the plaintext containing four digit numbers given ciphertext.
Optimal asymmetric encryption padding (OAEP) is recommended when short messages are encrypted with RSA algorithms. The following is the encryption and decryption processes of OAEP.
Encryption Pad the message to make m-bit message M, if M is less than m-bit Choose a random number r User one-way function G that inputs r-bit integer and outputs m-bit integer. This is the
mask. P1 = M Å G® P2 = H(P1) Å r, function H inputs m-bit and outputs k-bit C = E(P1 || P2). User RSA encryption here
Decryption P = D (P1 || P2) Bob first recreates the value of r: H(P1) Å P2 = H(P1) Å H(P1) Å r = r
Bob recreates msg: G(r) Å P1 = G(r) Å G(r) Å M = M
Pad your message with OAEP padding and then encrypt by RSA.
What to submit:
A report describes how you find the unpadded short plaintext (50 points), describes what you have observed after you apply OAEP padding (20 points), and discusses feasibility of short message attack after padding (30 points).
47
3.3 Lab on RSA Timing Attacks
RSA Timing Attacks
Brief DescriptionA timing attack is an attack which cleverly uses the fourth dimension, time. If an algorithm is not specifically designed to thwart this attack, then an attacker can observe the required amount of time for a calculation to be done and monitor the differences in calculation times. For example, the calculation of converting a “0” in plain text to cipher text versus converting a “1” in plain text to cipher text may require less time. This measured amount of time can be used to rebuild the key or figure out the plain text.
Lab Overview
RSA Encryption is complicated and also has protections against timing attacks, so we will be using a more simple example for this lab. We have performed two operations many, many times, specifically the add and multiply operation. The add is performed much faster than the multiply especially when scaled across many iterations. We will use this as our test case; a shorter operation will represent the processing of a zero and the long operation would represent the processing of a one. So given a stream of output times from a program which monitors these operations, you should be able to reconstruct a string ones and zeroes.
Different machines will require a different amount of time to process. So our implementation will take this into account by not using specific time values when processing the times from our “gathered” data. It may be a good approach to calculate an average time, and then compare each time value against this value to determine if it is a “1” or a “0”. After we have created a string of ones and zeroes, we will process these to generate our ASCII output (Google “ascii table”, if you are confused)
To Complete...
Using Visual Studio, open the provided “TimingAttackLab.sln”. This project was used to create the file “time_data”, which should be located in “....\TimingAttackLab\bin\Debug\”. Have a look at the “time_data” file; it is simply the number of ticks used to calculate a 1 or a 0. We assume a 1 takes more time to calculate than a 0.
The project only has a few functions that are left to be implemented in order for you to decrypt the super-secret message.
Turn in a lab report containing:
-Your implementation of the functions “public static String BinStr2ASCII(String BinStr)” and
“public static String LongToBinStr(long[] TimeData)”
48
-The decoded message from running the complete program.
And answers to the following questions:
1) What are some possible ways an algorithm could be designed to thwart timing attacks?
2) What assumptions must be true for an attacker to be able to perform a timing attack?
3) As a machine increases in processing power, is the difference in processing time between inputs (for example a one and a zero) likely to be greater or smaller?
49
4.1 Lab on hash generation and sensitivity of hash functions to plaintext modifications
Keyed-Hash Message Authentication Code (HMAC) ensures integrity of a message and authentication of the message. It requires a common key for sender and recipient.
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
2. Select from Menu “Indiv. Procedures” \“Hash” \“Generation of HMACs”.
3. Select SHA-1 as hash function and double hashing as HMAC variants.
4. Enter your key “chattanooga”. The HMAC code generated from the message and the key is
66 C2 2E BA 41 36 6D EB EA FB 8E B1 7D B1 3B 42 5A 15 98 E1
50
5. Select from menu “Indiv. Procedures” \“Hash” \“Hash Demonstration”.
51
6. Select a hash function from Selection of hash function.
7. add a space after CrypTool in plaintext. We will see 49.22% bits differ (63 of 128). A good hash function should react highly sensitively to even the smallest change in the plaintext –“Avalanche effect” (small change, big impact).
52
53
4.2 Lab on Hash FunctionEither SHA-1, HMAC, or MD5 can be selected to finish the following problems.
Problem One (50):
Use an example to show that Hash function can help to protect integrity of your message. You can encrypt your plaintext message, tamper the cipher text and use hash function to check whether the decrypted messaged is changed.
Problems Two (50):
Use an example to show that if you tamper both ciphertext and hashcode properly, you can escape from the integrity check of hash function.
54
5.1 Lab on Digital Signature Visualization1. Select from menu of CrypTool “Digital Signatures/PKI” \ “Signature Demonstration (Signature Generation)”
2. Click on “Select hash function”. Choose MD5 (or others) and click OK.
3. Click “Generate Key” and “Generate prime numbers” in step by step Signature Generation dialog.
55
4. Enter 2^150 as the lower limit and 2^151 as upper limit. And click Generate prime numbers and apply primes.
5. Click Store key button.
56
6. Click Provide certificate button. Enter
Name: Smith
First name: Mary
Key identifier: Mary key
PIN: cryptool
PIN verification: cryptool
7. And click “Create Certificate and PSE”.
57
8. click “Compute hash value”.
9. Click “Encrypt hash value”.
58
10. Click “Generate signature”.
11. Click “Store signature”.
59
12 click “OK”, you will see RSA (md5)signature of <startingexample-en.txt>.
60
5.2 Lab on RSA Signature1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
2. Click from menu Digital Signatures/PKI\PKI\Generate/Import Keys.
3. Enter the following
Last name: Smith
First name: John
Key identifier: Smith Key
PIN code: cryptool
PIN: cryptool
And click on the Generate new key pair button.
61
4. The following window shows up and click OK:
5. Click Show Key Pair, you will see
62
6. The certificate is displayed by clicking on the Show certificate pushbutton.
7. Close both dialogs on Certificate Data and Available Asymmetric Key Pairs.
8. To sign the document of CrypTool-en.txt, select Digital Signatures/PKI\Sign Message. Enter the following
63
Choose hash function: RIPEMD-160
Choose signature algorithm: RSA
Choose a key/PSE to be used when signing: Smith John
PIN code: cryptool
And click on Sign button.
64
9. Click OK button. The dialog box closes and the signed document is displayed.
10. The signature is at the start of the document and the document to be signed is at the end, as can be verified easily by comparing with the original document. A clearer presentation, with the separation of the signature and the document, can be obtained by selecting Digital Signature/PKI\Extract Signature.
65
11. Select Digital Signature/PKI\Verify Signature to check that the document has not been altered.
66
12. Select John Smith from the list of signatures and click on the Verify signature button. The following dialog appears.
13. Modify the message by deleting “What”.
14. Select Digital Signature/PKI\Verify Signature, the following dialog box appears:
67
5.3 Lab on Attack on Digital Signature/Hash CollisionFind two messages with the same hash value.
1. Select “Analysis” \“Hash” \“Attack on the Hash Value of the Digital Signature” from the menu.
2. Click “Options”.
68
3. Choose MD5 under Hash function and 40 for Significant bit length, and click Apply.
4. Click “Start Search” in dialog of Attack on the Hash Value of the Digital Signature.
5. Click “OK” and “Print Statistics”.
6. After modifying the two messages, the hash value of them are the same. The message will not appear to change, since only unprintable characters will be used to modify them.
69
A 72-bit partial collision (i.e., the first 72 hash value bits are identical) was found in a couple of days using a single PC. Today signatures with hash values of 128 bits or less are vulnerable to a massive parallel search. It is therefore recommended to use hash values with a length of at least 160 bits.
70
5.4 Lab on Digital Signature
Problems One:
Generate keys and a digital signature for data using the private key and to export the public key and the signature to files. Verify a digital signature by importing a public key and a signature that is alleged to be the signature of a specified data file and to verify the authenticity of the signature.
71
6.1 Lab on Writing a Simple Certificate AuthorityCertificates, or to be more specific, public key certificates, provide a mechanism that allows a third party, or issuer, to vouch for the fact that a particular public key is linked with a particular owner, or subject. Every certificate has a private key associated with it, and a chain of certificates is a list of certificates where each certificate other than the first one and the last one have had its private key used to sign the next certificate after it. The first certificate, the root certificate, is normally self-signed; you have to accept it as trusted for the certificate chain to be valid. The last certificate, or the end entity certificate, simply provides you with a public key you are interested in, which, assuming you accept the root certificate, you can regard as authentic. The entity responsible for issuing the certificate is referred to as a certificate authority, or more commonly, CA.
Write an application that creates a certificate from a certificate request.
In the application, you will create two key pairs: on is used to create a certificate request and the other is used to issue a root certificate. The certificate that gets created from the certificate request is a version 3 certificate. The extra extensions are the AuthorityKeyIdentifier and the SubjectKeyIdentifier, which are required for RFC3280 compliance.
Your application starts out pretending it is a client and then starts to behave as a CA instead. First, in “client mode”, a certificate request is created; then in “CA mode”, a root certificate is created. Next, still in CA mode, the certificate request is validated and then the client certificate is created. This step introduces a couple of new classes as well: AuthorityKeyIdentifierStructure and SubjectKeyIdentifier structure, both of which are defined in the org.bouncycastle.x509.extension package.
Tasks points checklistCreate key pairs for a request 10Create a certificate request 10Create a root key pair and create a root certificate 10Validate the certificate request 10Create the certificate using the information on the request (get owner, owner’s public key and algorithm from the request)
40
Use root’s private key to sign the certificate 10Print out the issued certificate 10
72
Crypto Case 1: How Do You Secure BlackBerry Devices?
Real-world Scenario: The BlackBerry is a wireless handheld device which supports push e-mail, mobile telephone, text messaging, internet faxing, web browsing and other wireless information services. It delivers information over the wireless data networks of mobile phone service companies.
Problem and Activities: We will secure data traffic in transit between the BlackBerry Server and the BlackBerry devices and data stored in the BlackBerry device using cryptography. Three special requirements specific to the BlackBerry need to be considered: 1) Communication is done through wireless links, which is more vulnerable than wired communication. 2) The limited computation capability in the BlackBerry. 3) The device may be stolen or grabbed by someone other than the owner.
Learning outcomes: Students gain knowledge of wireless handheld devices, and are able to take the above requirements into consideration when they use and implement learned cryptography techniques to protect data communication and storage.
Assessment: Students are able to secure wireless data communication as well as data storage.
73
Crypto Case 2: Do You Trust Others in Virtual Environment?
Real-world Scenario: Virtualization is almost a mainstream technology today because it reduces power usage, makes server and OS deployments more flexible, and better uses storage and systems resources. It helps to advance cloud computing, a new concept of collaboration and distribution. Virtualization technology allows one box hosts multiple virtual machines (VMs) and provides a computing environment for remote users. How do we provide separate VMs so that they can not affect each other in one box? How do we ensure security, compliance and trust in a virtual environment?
Problem and Activities: 1) Investigate solutions to separate VMs in one box; 2) study how to provide authentication to virtual users; and 3) propose solutions to prevent data loss.
Learning outcomes: Students gain knowledge of virtualization technology as well challenges faced by virtualization. Students know how to separate VMs using cryptography techniques, and authenticate users in a virtual environment in a scalable fashion.
Assessment: Students are able to setup a virtual environment and implement proposed security solutions.
74
Crypto Case 3: Ensure the validity of Forensic Evidence by Using a Hash Function
Real-world Scenario: A forensic hash is used for identification, verification, and authentication of file data. A forensic hash is the process of using a mathematical function and applying it to the collected data, which results in a hash value that is a unique identifier for the acquired (collected) data (similar to a DNA sequence or a fingerprint of the data). The National Child Victim Identification Program (NCVIP) Hash Sets are created to identify victim images of child sexual exploitation. Both MD5 and SHA-1 algorithms are commonly used on forensic image files. The hash process is normally used during acquisition of the evidence, during verification of the forensic image (duplicate of the evidence), and again at the end of the examination to insure the integrity of the data and forensic processing.
Problem and Activities: 1) Students will practice digital evidence acquisition by acquiring a forensic image, creating indexes, looking for evidence within the image, and generating reports.
2) Discuss collision in algorithm of MD5 and SHA-1. Since a hash collision would prevent known file filter identification, can criminals create a duplicate set of innocuous picture files whose hash values match a collection of contraband pornography?
Learning outcomes: Students will understand hash algorithm, “digital fingerprints”, and related cryptography methods used in law enforcement.
Assessment: Students will write reports and discussion summaries.
75
Crypto Case 4: How Do You Secure Patient Data?
Real-world Scenario: Health care information security planning, policies, digital right and privacy management are subject to Health Insurance Portability and Accountability Act (HIPPA). Students will design their security policies and use cryptographic techniques to implement those policies.
Problem and Activities: 1) Students will study HIPPA and design security policies compliant to HIPPA. 2) They will secure health data storage, electronic transaction and control access using authentication.
Learning outcomes: Students will be able to design security policies according to corresponding to regulations. They will be able to implement security policies using cryptographic techniques.
Assessment: Students will write report and do presentations.
76
Crypto Case 5: Is SSL/TLS Enough to Secure E-commerce?
Real-world Scenario: E-commerce/Web services integrate web-based applications and allow communication among different sources.
Problem and Activities: 1) Design an authentication solution which enables e-commerce/web services to more than three parities to be authenticated to one another. For example, a cardholder, an online merchant, and a bank can authenticate each other. Standards like SSL/TLS (Secure Socket Layer/Transport Level Security) only support point-to-point authentication. 2) Design an encryption solution that supports selective encryption. This is useful in a workflow scenario where a document may be processed by several applications, or signed, viewed, or approved by numerous people. Standards like S/MIME (Secure Socket Layer/Transport Level Security) and PGP (Pretty Good Privacy) as well as SSL/TLS treat each message as a whole.
Learning Outcomes: Students will be able to analyze requirements, design their own protocol to support multiple-party authentication, and selective encryption. Students will learn and practice how to provide quality of protection through message integrity, message confidentiality, and single message authentication. The XML (extensible markup language), web service security, SOAP (Simple Object Access Protocol) messaging will be investigated.
Assessment: Students will use written report and oral presentation to demonstrate the results.
77
List of participants
Xiaohui (Sean) Cui, Ph.D.Research ScientistApplied Software Engineering GroupComputational Science and Engineering DivisionOak Ridge National LaboratoryEmail: [email protected]
Jim Chen, Ph.D.Professor and Program Director of Information AssuranceGraduate School of Management & TechnologyUniversity of Maryland University CollegeEmail: [email protected]
Qing Yuan, Ph.D.Director of Business & Information TechnologyGarrett College687 Mosser RoadMcHenry, Maryland 21541Phone: 301.387.3043Fax: 301.387.3055Email: [email protected]
Raimund K. Ege, Ph.D.Associate ProfessorDepartment of Computer SciencePsychology-Computer Science BuildingNorthern Illinois UniversityDeKalb, IL 60115 USAEmail: [email protected]
Edward L. WileyCoordinator and InstructorComputer and Network Security ProgramWilmington University320 N. DuPont HighwayNew Castle, DE 19720-6491Email: [email protected]
Hetal Jasani, Ph.D.Assistant ProfessorDepartment of Computer ScienceNorthern Kentucky University
78
Phone: 859.572.7632Email: [email protected] R. SchaumloeffelProfessor of Information TechnologyGarrett College687 Mosser RoadMcHenry, MD 21541Email: [email protected]
Mark StockmanAssociate ProfessorUniversity of CincinnatiPhone: 513.556.4227Email: [email protected]
Bei-Tseng (Bill) ChuProfessor and Chairman Department of Software and Information SystemsDepartment of Software and Information Systems,UNC Charlotte, 9201 University City Blvd, Charlotte, NC 28223Phone: 704-687-4568Fax 704-687-4893Email: [email protected]
Lih-Yuan DengProfessor of Mathematical Sciences/Computer ScienceThe University of MemphisPhone: (901) 678-3134Fax: (901) 678-2480E-mail: [email protected] Office: Dunn Hall 359
Rong YangAssistant ProfessorDepartment of Mathematics and Computer ScienceWestern Kentucky UniversityE-mail: [email protected]
Kathy WintersDepartment of Computer Science and Engineering, Dept. 2302The University of Tennessee at Chattanooga735 Vine Street, EMCS 314Chattanooga, Tennessee, 37403Email: [email protected]
79
Mina Sartipi, Ph.D.Associate ProfessorThe University of Tennessee at Chattanooga735 Vine Street, EMCS 314Chattanooga, Tennessee, 37403Email: [email protected]
Jack Thompson, Ph.D.ProfessorThe University of Tennessee at Chattanooga735 Vine Street, EMCS 314Chattanooga, Tennessee, 37403Email: [email protected]
Semmy PurewalGeorgia Gwinnett [email protected]
Yi DingGeorgia Gwinnett [email protected]
Wei LiuGeorgia Gwinnett [email protected]
Andy WangProfessor and Chair of Computer ScienceSouthern Polytechnic State UniversityEmail: [email protected]
Chung-Han ChenComputer Science DepartmentTuskegee UniversityEmail: [email protected]
Cheng-Tzu Wang, PhD.Associate ProfessorComputer Science DepartmentTaipei University of Education, Taipei, TaiwanEmail: [email protected]
80
Li Yang, Ph.D.Associate Professor and Graduate Program Coordinator,Department of Computer Science and Engineering, Dept. 2302The University of Tennessee at Chattanooga735 Vine Street, EMCS 314AChattanooga, Tennessee, 37403Tel: 1-423-425-4392; Fax: 1-423-425-5442Email: [email protected]
Joseph M. Kizza, Ph.D.Professor and HeadDepartment of Computer Science & EngineeringThe University of Tennessee-ChattanoogaChattanooga, Tennessee, 37403Tel: 1-423-425-4043; Fax: 1-423-425-5442Email: [email protected]
Wade GasiorUniversity of Tennessee at [email protected]
81