Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CS-465-Homework-1-Fall

advertisement 
CS 465 Introduction to Computer Security
Homework Assignment #1
Assigned: Tuesday, September 24, 2013
Due: Tuesday, October 1, 2012 at the beginning of the class (HARD COPY)
No assignments will be accepted after 9:30 am on Thursday, October 3, 2013
Name
Student ID
1
/10
2
/15
3
/10
4
/10
5
/10
6
/25
7
/20
8
/5 extra credit
Total
/100
1. Classify each of the following as a violation of confidentiality, of integrity, of availability, of
authenticity (i.e., non-repudiation of the origin), or of some combination of those. Justify your
answer.
a. A spyware that runs on Ann’s computer, copies her keystrokes and sends them to its
creator’s computer.
b. A malware uses Tom’s computer to send spam to other computers. The spam messages
appear as they were sent by Tom.
c. John gets unauthorized access to the bank computer and increases his balance from $1,000
to $10,000.
d. A malware deletes files from Bob’s computer.
e. Bill hacks into the payroll computer and collects employees’ social security numbers.
(Total: 10 points)
2. Consider the following encryption algorithm based on the based on DES P-box scheme. The
plain text is divided in blocks of 32 characters and then the table given below is used to
rearrange the positions of characters from the plain text to the ciphered test.
Position of the
character in a 32
letter long block of
plain text
1–8
9 – 16
17 – 24
25 - 32
Goes to position
9
24
8
32
17
16
14
12
23
30
25
22
31
6
3
7
13
26
4
5
28
20
29
27
2
10
11
15
18
1
19
21
Answer the following questions:
a. What type of basic encryption is this algorithm? (3 points)
b. Encrypt the message: WVU PLAYS AGAINST OKLAHOMA STATE ON SATURDAY
AT NOON. (4 points)
(Note: Spaces do not count as characters.)
CS 465 Homework #1
page 1 of 4
c. Explain how you would decipher the text enciphered with the above algorithm and why
writing the deciphering function is a straightforward process. (3 points)
d. What would be the approximate value of the index of coincidence for the cipher text? How
would the picks and valleys of the frequency of letters in the cipher text be distributed? (5
points)
3. Answer the following questions related to the Data Encryption Standard (DES)
a. What is the rationale behind the encryption approach used in DES? (4 points)
b. How is description done in DES? (3 points)
c. What were the main reasons that led to replacing the DES with AES? (3 points)
4. RSA is one of the most widely used public key encryption systems.
a. What is the benefit from the fact that the public key and the private key are interchangeable?
How is that property used in communication of two parties?
b. Give the equations of how encryption and decryption is done with RSA.
(Total: 10 points)
5. a. Compare the advantages & disadvantages of secret and pubic key encryption systems
b. Describe the use of these systems in SSL (Secure Socket Layer) protocol.
c. Explain the structure of the message send by the CA to the client and the role of each step.
(Total: 10 points)
6. The exercises included in this problem demonstrate the use of OpenSSL which is a
cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) network protocols and related cryptography standards required by them.
Specifically, you will use the openssl program which is a command line tool for using the
various cryptography functions of OpenSSL’s crypto library from the shell. Information on
OpenSSL can be found at http://www.openssl.org or by viewing the man pages of the
appropriate commands on the LDCSEE shell server.
SYNOPSIS: openssl command [ command_opts ] [ command_args ]
The openssl program provides a rich variety of commands (command in the SYNOPSIS above),
each of which often has a wealth of options and arguments (command_opts and
command_args in the SYNOPSIS).
openssl [ list-standard-commands | list-message-digest-commands | list-cipher-commands ]
The pseudo-commands list-standard-commands, list-message-digest-commands, and listcipher-commands output a list (one entry per line) of the names of all standard commands,
message digest commands, or cipher commands, respectively, that are available in the present
openssl utility.
CS 465 Homework #1
page 2 of 4
PROBLEM: For each of the following steps (Step 1&2 for Secret key encryption and Steps 1-5
for Public key encryption) provide the complete openssl command line (with all necessary
options and arguments). Run the command on LDCSEE shell server using the time command to
display the information about resources used by that command.
Use of secret key:
Step 1: (3 points)
Encrypt the input file input.txt using AES with 128 bit key. (The command for symmetric cipher
routines is enc and the ciphername is aes-128-ecb.) Choose the appropriate command options
and arguments to use salt and password to generate the key and write the encrypted text in an
output file named outputEncAES128.txt.
Step 2: (3 points)
Decrypt the encrypted text generated in Step 1 (given in the file outputEncAES128.txt).
Remember to use the same password as in Step 1.
Use of public key:
Step 1: (3 points)
Using the openssl command genrsa, generate an RSA private key long 2304 bits. (Note that
2304 bits key has the same resistance to a brute force attack as 128 bits long secret key.) Use the
appropriate command options to save the key in a file named myPrivateKey.pem.
Step 2: (3 points)
Using the openssl command rsa, generate the RSA public key that corresponds to the private
key generated in Step 1. Read the private key from the file myPrivateKey.pem and write the
public key in another file myPublicKey.pem.
Step 3: (3 points)
Using the openssl command rsautl, encrypt the text given in the input.txt file with the public
key generated in Step 2 (and saved in the file myPublicKey.pem). Write the encrypted text in
the file outputEnc.txt.
Step 4: (3 points)
Decrypt the text encrypted in Step 3 (saved in the file outputEnc.txt) using the private key
generated in Step 1 (saved in the file myPrivateKey.pem) and write the decrypted text in the
output file outputDec.txt.
Step 5: (3 points)
Use the appropriate option(s) of the openssl command rsautl to sign the text given in the
input.txt file using the appropriate key generated in the previous steps.
CS 465 Homework #1
page 3 of 4
ANALYSIS: Use the values measured by the time command to compare the time used for secret
encryption (Step 1) and times used for public encryption (Steps 1, 2 & 3) and discuss what these
values demonstrate. (4 points)
NOTE: As a part of your homework, provide printouts of the files that contain the public/private
keys for RSA and the encrypted/decrypted text for both AES and RSA.
7. Read the article The clock is ticking for encryption. Briefly address the following:
a. Why quantum computers are a threat to public key encryption (e.g., RSA, ECC)?
b. Are secret key encryption algorithms more or less vulnerable to advances in quantum
computers? Justify your answer.
c. Describe briefly the quantum key distribution technology.
(Total: 20 points)
8. Extra credit question: Any questions? What is the one thing you would most like to see
explained better? A one-line (or a few lines) answer would be appreciated. (5 points)
CS 465 Homework #1
page 4 of 4
Related documents
CS 465 Introduction to Computer Security
CS 465 Introduction to Computer Security
Hwk #11
Hwk #11
cs772MidtermFall15Solution
cs772MidtermFall15Solution
Advisory-Note_Open-SSL
Advisory-Note_Open-SSL
Description
Description
8d20e5056a8d24d0462ce74e4904c1b5
8d20e5056a8d24d0462ce74e4904c1b5
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
CPET 364 * Test 1
CPET 364 * Test 1
Electronic Data Encryption Policy 2015
Electronic Data Encryption Policy 2015
Lecture 16 Handout
Lecture 16 Handout
Cryptography Lab - ECE Users Pages
Cryptography Lab - ECE Users Pages
Ms Word
Ms Word
Download
advertisement