EEET2424/EEET2427Computer and NetworkSecurity
Lab Practice 2: Part A
Public-Key Encryption( ByDr. Benham)
Since this lab is experiential, youmustcomplete it during the lab period. Hand this exercise in at the end of the period.
When one transmits data over a packet-switched network, like the Internet, apacket snifferat any node along the transmission path can detect packets with potentially useful information. Unfortunately, some of this information (for example, credit card numbers or other private information) is most useful to people with dishonorable (and often crimi�nal) intentions. As commerce over the Internet – and other vulnerable long-distance networks – increases, this problem becomes more critical. Private data stored on a computer that’s accessible over a network is also vulnerable
One solution to this problem is toencipherdata one wants to keep private. In other words, one can somehow “scramble” the data so that it’s unrecognizable to anyone who does not have the necessarykeyto “unscramble” – ordecipher– it. In so-called “traditional” encryption techniques, the same key is used for enciphering (or encryption) and deciphering (or decryption). The key is typically a large number that is used to mathematically transform the message. The problem then becomes the secure transmission of the key itself.
One solution to this problem is to use two different keys – one for encryption and the other for decryption. Alice could then send her encryption key to Bob, who could use it to send an encoded message back to Alice. Provided Alice keeps her decryption key private, no one who intercepts the message will be able to decode it.In fact, Alice could make herencryption keypublicly available, so that Carol, David, Egbert, or anyone else who wants to do so can send her an encoded message. So long as she keeps herdecryptionkey secret, no one else will be able to read messages meant only for Alice. For this reason, this type of system is called apublic-key encryption system. Often, the encryption key is called thepublic key, and the decryption key is called theprivate key.
In this lab, you will be working with a simplified – and not very secure – version of one of the most popular public-key systems: theRSA public-key encryption system. Like all public-key systems, the keys are derived using a “trapdoor” operation – an operation that is easy to do but difficult to “undo.” In RSA, this operation is the multiplication of two large prime numbers: it is easy and fast to multiply the two numbers together, but it is sig�nifi�cantly more difficult and time consuming to factor the resulting number back into its prime components. In this lab experience, you will be using relatively small primes (only three digits) to see how this system works.
To explore this system in more depth, you will be exchanging encrypted messages with a partner. Choose your partner now.
1.Launch Microsoft Excel and open the spreadsheet
rsa.xls.
You may see a warning message informing you that the workbook contains macros. Since you will not need these macros to use the workbook, click on theDisableMacrosbutton.
2.This spreadsheet makes use of some specialized functions that are not part of the standard function set in Microsoft Excel. However, they are included in an extra set of functions called theAnalysis Toolpak. From theToolsmenu, chooseAdd-Ins…. In the dialogue box, click on the check box to the left of the entryAnalysis Toolpak. When a checkmark appears, click onOK.
3.If necessary, click on the tab for theKey Selectionworksheet. Use a random process to choose two different prime numberspandqbetween 137 and 311 (displayed in a list in cellsg5:I15). Enter these primes in cells B6 and B7. Be sure that cells C6 and C7 both display the message “OK”. The spreadsheet automatically computes themodulus(the productp*q) in cell B8 and theEuler totient(the product(p-1)*(q-1)) in cell B9. Note that the Euler totient would be difficult to determine from the modulus by itself; one needs to know the two primes. Write your two primes, your modulus, and your Euler totient below:
p: _______q: ___________modulus: ___________
Euler totient: ______________
4.�Choose a small number (no more that two digits) that has no factors (except 1) in common with the Euler totient. Enter this number as your public key and enter it in cell B15. If cell C15 displays the messageInvalid Public Key, you need to select a different public key. When you have chosen a valid public key, the messageOKwill appear in cell C15. The spreadsheet will automatically compute your private key in cell B20. The private key is chosen so that(Public Key)*(Private Key)leaves a remainder of one when divided by the Euler totient. (This would not be possible if the private had a factor other than 1 in common with the Euler totient.) Write your public and private keys below:
Public key: _____________
Private key: _______________
5.Once both you and your partner have each created a modulus and pair of keys, you are ready to exchange encrypted messages. Give yourmodulusandpublic keyto your partner. Donotgive your partner your private key or Euler totient. In return, your partner will give you her/his public key and modulus.
6.Click on the tab for theEncodingworksheet. Enter your partner’s modulus and public key in cells B6 and B7. Write these values below:
Partner’s modulus: _________________
Partner’s public key: __________________
7.Enter a message in cell B11. This message should consist of a string of fifteen or moreCAPITAL LETTERSwith no spaces or punctuation marks. The spreadsheet will encipher only the first fifteen letters of your message. Your message could be a short phrase or sentence, your mother’s name or your pet iguana’s name. For example, I usedRUTHJULIABENHAM(my mother’s name) andPLEASEHELPMENOWto test this spreadsheet. Note that a message to be enciphered is usually calledplaintext. The enciphered form of the message is called theciphertext.
8.The enciphered form of the message (the ciphertext) should appear in cell B13. (This may take a few seconds.) The spreadsheet determines the ciphertext as follows:
•Split the plaintext up into blocks of three letters (calledtrigraphs).•Obtain a numeric representation for each letter based on its position in the alphabet (A→0, B→1,etc.).•Compute a numeric code for each trigraph using the formula
(First Letter Code) * 262+ (Second Letter Code) * 26 + (Third Letter code).
For the mathematically inclined, this is interpreting each trigraph as a number in base twenty-six.
•Encipher each plaintext trigraph code by computing (Plaintexttrigraphcode)PublicKey, dividing the result by theModulusand taking the remainder.•Convert each enciphered trigraph code into aquadragraph– a block of four letters – as follows:
•Divide the code by 263.Thequotientis the code for the first letter of the quadragraph. The spreadsheet uses theremainderto get codes for the other three letters.•Divide theremainderfrom the first step by 262. The quotient is the code for the second letter. The spreadsheet uses the remainder to get the codes for the other two letters.•Divide the remainder from the second step by 26. The quotient is the code for the third letter and the remainder is the code for the fourth letter.
For the mathematically inclined, this quadragraph calculation determines the representation of the enciphered message as a four-digit number in base twenty-six (using the letters of the alphabet as our digits).
Some of the details of this calculation appear in cells A16:K38 of the Encoding worksheet. Enter the plaintext and ciphertext below. Show the steps of the conversion process in the table.
Plaintext: _____________________________________
Plaintext
|
Ciphertext
|
Trigraph
|
Trigraph Code
|
Enciphered Code
|
Quadragraph
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ciphertext: ___________________________________
9.Give the ciphertext (but not the plaintext) to your partner. In return, your partner will give you a ciphertext message. Record the ciphertext message from your partner below. In the rest of this exercise, you will be deciphering this message.
Ciphertext from partner: ______________________________
10.Click on the tab for theDecodingworksheet. Enter your modulus and yourprivatekey in cells B6 and B7 of this worksheet. Enter the ciphertext you received from your partner as the “Encrypted Message” in cell B13. The deciphering process is similar to the enciphering process:
•Split the ciphertext up into quadragraphs (instead oftrigraphs).•Obtain the numeric representation for each letter andcompute a numeric code for each trigraph using the formula
(FirstLetterCode)*263+ (SecondLetterCode)*262+ (ThirdLetterCode)*26 + (FourthLetterCode).
Encipher each ciphertext quadragraph code by computing
(Ciphertextquadragraphcode)PrivateKey,
dividing the result by theModulusand taking the remainder
•Convert each deciphered quadragraph code into a trigraph. •Divide the code by 262. The quotient is the code for the first letter.•Divide the remainder from the first step by 26. The quotient will be the code for the second letter and the remainder the code for the third.
Note that deciphering uses theprivatekey in place of the public key. Some of the details of this calculation appear in cells A19:D23 of the Decoding Worksheet. The deciphered message should appear in cell B13. Record the results of each deciphering step in the table below.
Ciphertext
|
Plaintext
|
Quadragraph
|
Quadragraph Code
|
Deciphered Code
|
Deciphered Trigraph
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now, write the deciphered message (plaintext) below.
Deciphered message: __________________________
11.Quit Excel. You do not need to save changes. Shut down the computer. When you’re finished, hand this lab in to the instructor.
Network SecurityLab Practice 2: Part BKey Recovery and Key Escrow( By Dr. Benham)One of the problems with any type of encryption system – public-key or secret-key – is key management. Decryption keys and moduli are usually very long numbers that are impossible for most human beings to remember. Face it: many people have trouble remembering their passwords or PINs, much less a 100- or 200-digit key. The solution is to store these numbers on a secondary memory device that’s not easily accessible by unauthorized “third parties” (perhaps on a diskette that one keeps in a secure place). There are two possible problems:• Even a key that is kept in a secure location can be compromised – discovered or stolen by an unauthorized third party. Anyone who suspects that his/her key has been compromised should get a new key.• The storage device on which the key is stored could be destroyed or corrupted. In either case, the key is lost. One possible solution is to ask a “trusted third party” maintain a copy of the key. This assumes that one can find such a trusted third party. An individual may be willing to trust a close friend, but this is not possible for a business.A second solution is to split the key into two or more parts, and ask a different third party to store each part. The purpose of this laboratory exercise is to explore one method for doing this. This method is based on a famous mathematical theorem called the Chinese Remainder Theorem. To make things easy, you will be using three-digit keys.This is also the basic idea behind the various “key-escrow” proposals from the United States government. All keys would be split into two or more parts, with each part entrusted to a different public or private agency. The idea is that the police could recover the key without the individual’s knowledge by obtaining warrants against each of the escrowing agencies. This would permit the police to “listen in” on encrypted communications or to read encrypted files without the key holder’s knowledge. We will be discussing these proposals in class.�1. Launch Excel and open the file
keyshare.xls
Choose Add-Ins from the Tools menu, and be sure that the Analysis ToolPak is checked.2. Click on the tab for labeled Key Splitting. This reveals a worksheet for splitting a three-digit key into three parts.3. The lab instructor will supply each of you with a different three-digit key value. Enter this value in cell B6. Record this value below:
________________4. If they’re not already there, enter the values 11, 13 and 16 in cells B14, B15 and B16, respectively. These values are your moduli. (It is not absolutely necessary to use the three moduli above. You could choose any three numbers between the cube root of 1000 – 10 – and the square root of 1000 – approximately 31 – such that no pair of moduli has any common factor larger than 1. For example, you could choose 14, 15 and 23.)
Record your three moduli below:
______________________________5. The spreadsheet will split your key into three pieces by dividing by each of the moduli and taking the remainder. The three pieces of your key will appear in cells C14, C15 and C16. Record the values of these pieces below:
_______________________________6. In reality, one would ask three different parties to each store one piece. Instead, write down your three moduli and the corresponding three pieces on sheet of paper and exchange pieces with a student at another computer.7. Click on the tab labeled Key Recovery. This reveals a worksheet for recovering a key from its three parts.8. �Enter the other student’s moduli in cells B7, B8 and B9. Enter her/his corresponding key pieces in cells C7, C8 and C9. Record all six of these values below:
ModulusCorresponding piece
_________________
________ _________
_________________
The key recovery calculation takes place in cells C7:E9 and cell E11. It works as follows:• In each row of column C, compute the products of the moduli in the other two rows. For example, if the moduli in column B are 11, 13 and 16, the corresponding cells in column C will contain 13*16 = 208, 11*16 = 176, and 11*13 = 143, respectively• Each row in column D contains the inverse of the value in column C with respect to the modulus in column A. To see this, enter the following formula in cell F7:
= MOD (C7*D7,A7)
MOD is a built-in function that divides its first argument by its second and takes the remainder. What value appears in cell when you enter this formula?
______________
Select the range F7:F9 and fill down. What values appear in cells F8 and F9?
F8: ___________F9: _____________
All of these values should be 1. This illustrates the concept of an inverse.• The “magic numbers” in column E are just the product of the inverse and the other moduli. Thus, the magic number in cell E7 is just C7*D7. Note that this is just the product of the number in cell C7 and its inverse.• To recover the key, multiply each piece by the corresponding “magic number.” Divide the sum of the products by the product of the moduli and take the remainder. Because of the special way we have constructed the magic numbers, this calculation produces the original key.The recovered key value should appear in cell E11. Record this value below. Check with the other student to see that you have correctly recovered her/his key.
EEET2427/2424 – Computer and Network security
Pls refer to the Lab2 sheet for the task purpose and instruction:
EEET2424_2427_Lab2_A.doc
EEET2424_2427_LAB2_B .doc
Lab Guide and Marking Criteria
Report Submission
You need to submit your lab report to the course canvas. You need an individual submission, not a group one. Report file name should be in the correct format as mentioned above.
The name of your report should strictly following the following convention.
Labx _ SessionDay_SessionStartTime_FirstMame_LastName_Student ID.doc
Where:
X = lab number ( ie 1, 2,3,4,5)SessionDay = ( ie Mon, Tue, Wed, Thu, or Fri)SessionStartTime = eg 830Eg
“Lab1 _Wed_830_John_Smith_s1234567.doc”
Format of report file : MS word or PDF.Cover page should have the following infoCourse code and titleLab No,Lab session: eg Wed 8:30amYour full nameYour IDReport Content
Generally you need to describe your work (your design, your code and testing result). You may need to discuss your challenges in the lab and answer some questions. As all labs are different, you need to follow the specific requirement in each lab.
Lab Marking Criteria
High Distinction (8-10/10)
Succinctly describes lab activities in reportProvides appropriate and focussed evidence of what was doneReport highlights deep insight into the significance of activitiesWhen asked can demonstrate a thorough understanding of work without prompting or reference to external sourcesConsistent performer who attends all sessionsAspiration role model to peers
Distinction (7- 7.9/10)
Covers most aspects of lab activities in reportSome evidence of what was doneReport shows understanding the significance of activitiesWhen asked can mostly describe understanding of work with minimal promptingFairly consistent performer who attends all sessions.discussion from sometimes
Credit (6-6.9/10)
Misses minor aspects of lab activities in reportSome evidence of what was done but misses aspectsReport covers a few aspects of the significance of activitiesWhen asked can describe some understanding of work but may need prompting and reference to external sources.Attends all sessions and contributes .
Pass (5-5.9/10)
Misses some key aspects of lab activities in reportMinimal evidence of what was doneReport barely covers the significance of activitiesWhen asked needs continual prompting to reveal any understanding of activitiesAttends all sessions but little to no contribution.
Fail (0-4.9/10)
Does not submit work or submits lateInadequate description of lab activitiesNo evidence of what was doneSignificance of activities show no understanding of work. Ie off trackWhen asked, even if prompted, has no idea what is going onHardly ever turns up to lab or only stays for a brief period of timeSpends lab time checking facebook or browsing the web