PIN: cryptool - The University of Tennessee at Chattanooga

Learning in
and Mapping
into IA
University of Tennessee at Chattanooga
Southern Polytechnic State University
Tuskegee University
July 24-25, 2011
Sponsored by NSFCCLI # 0942581
Table of Contents
1.1 Lab - Encryption Using Classical Techniques ........................................................................................... 2
1.2 Lab on Frequency Analysis ...................................................................................................................... 3
2.1 Lab on encryption using binary/byte addition........................................................................................ 7
2.2 Encryption using binary Exclusive-OR (XOR) ......................................................................................... 14
2.3 Triple DES with CBC mode and Weak DES keys .................................................................................... 18
2.4 Lab on Testing Different Modes in Symmetric Ciphers ........................................................................ 23
3.1 Lab on RSA Encryption and Factorization Attacks ................................................................................ 25
3.2 Lab on Short Message RSA Attacks and Padding .................................................................................. 46
3.3 Lab on RSA Timing Attacks .................................................................................................................... 47
4.1 Lab on hash generation and sensitivity of hash functions to plaintext modifications ......................... 49
4.2 Lab on Hash Function ............................................................................................................................ 53
5.1 Lab on Digital Signature Visualization ................................................................................................... 54
5.2 Lab on RSA Signature ............................................................................................................................ 60
5.3 Lab on Attack on Digital Signature/Hash Collision ................................................................................ 67
5.4 Lab on Digital Signature ........................................................................................................................ 70
6.1 Lab on Writing a Simple Certificate Authority ...................................................................................... 71
Crypto Case 1: How Do You Secure BlackBerry Devices? ........................................................................... 72
Crypto Case 2: Do You Trust Others in Virtual Environment? .................................................................... 73
Crypto Case 3: Ensure the validity of Forensic Evidence by Using a Hash Function................................... 74
Crypto Case 4: How Do You Secure Patient Data?...................................................................................... 75
Crypto Case 5: Is SSL/TLS Enough to Secure E-commerce? ........................................................................ 76
List of participants....................................................................................................................................... 77
1.1 Lab - Encryption Using Classical Techniques
In this project you will develop a program to encrypt plaintext text given a keyword. The plaintext will
be encrypted by Playfair cipher and the cipher text is displayed for a user.
Playfair Cipher (description taken from William Stallings “Cryptography and Network Security, Principles
and Practice) is the best-known multiple letter encryption cipher, which treats diagrams in the plaintext
as single units and translates these units into cipher text diagrams. (This cipher was actually invented by
British scientist Sir Charles Wheatstone in 1854, but it bears the name of his friend Baron Playfair of St.
Andrews, who championed the cipher at the British foreign office.)
The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a keyword. Here
is an example:
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the
matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is
encrypted two letters at a time according to the following rules:
Repeating plaintext letters that would fall in the same pair are separated with a filler letter, such
as x, so that balloon would be enciphered as ba lx lo on.
Plaintext letters that fall in the same row of the matrix are each replaced by the letter to the
right, with the first element of the row circularly following the last. For example ar, is encrypted
as RM.
Plaintext letters that fall in the same column are each replaced by the letter beneath, with the
top element of the row circularly following the last. For example, mu is encrypted as CM.
Otherwise, each plaintext letter is replaced by the letter that lies in its own row and column
occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM).
1.2 Lab on Frequency Analysis
The cryptanalyst can benefit from some inherent characteristics of the plaintext language to
launch a statistical attack. For example, we know that the letter E is the most frequently used
letter in English text. The cryptanalyst finds the mostly-used character in the ciphertext and
assumes that the corresponding plaintext character is E. After finding a few pairs, the analyst
can find the key and use it to decrypt the message. To prevent this type of attack, the cipher
should hide the characteristics of the language. Table 1 contains frequency of characters in
Table 1 Frequency of characters in English
Cryptogram puzzles are solved for enjoyment and the method used against them is usually some form of
frequency analysis. This is the act of using known statistical information and patterns about the plaintext
to determine it. In cryptograms, each letter of the alphabet is encrypted to another letter. This table of
letter-letter translations is what makes up the key. Because the letters are simply converted and nothing
is scrambled, the cipher is left open to this sort of analysis; all we need is that ciphertext. If the attacker
knows that the language used is English, for example, there are a great many patterns that can be
searched for. Classic frequency analysis involves tallying up each letter in the collected ciphertext and
comparing the percentages against the English language averages. If the letter "M" is most common
then it is reasonable to guess that "E"-->"M" in the cipher because E is the most common letter in the
English language. These sorts of clues can be bounced off each other to derive the key and the original
plaintext. The more collected cipher text the attacker has, the better this will work. As the amount of
information increases, its statistical profile will draw closer and closer to that of English (for example).
This sort of thing can also be applied to groups of characters ("TH" is a very common combination in
English for example). The example frequency analysis image above was performed on the first three
sentences of this paragraph turned into a cryptogram. As you can see, the English language is very
predictable with regard to letter frequency and this can exploited in some situations to break ciphers.
The goal of this lab is to gain a better understanding of a statistical attack by programming some of the
important components to analyze/manipulate arrays of characters. You will be given an almost fully
working C# .NET application (contained in To get this application fully working, you
will need to implement the empty methods. After these methods are complete, the program can then
be used to complete the remainder of the lab. You do not need to change any of the UI code to get this
working, only methods in the Encryption.cs class.
Getting Started
-Open up Visual Studio 2008. (If you do not have a copy for your own computer, it is available through
the Microsoft Academic Alliance Program as well as Microsoft’s Dreamspark web site)
-Open up the .sln file in StatisticalAnalysis folder with Visual Studio 2008
-The project’s contents will be listed on the right-hand side of the IDE.
-MainForm.cs is the UI code that can be left alone (if you would like to tinker with it, you may want to
work on a copy)
-StatisticalAnalysis.cs contains the methods you will need to implement in order to finish the lab. C# is
very much like Java, if you have any questions about the language MSDN is a great resource
Fill In The Code…
Read the descriptions and hints carefully and fill in the missing methods in StatisticalAnalysis.cs.
// Pre-conditions: a class char[] called Transformation exists
in the class; the value p is an input parameter
// Post-conditions: the contents of the class char[] called
Transformation has been shifted by p characters
(make sure it wraps around!)
HINT: the modulus operator is %
public void ShiftTransformationArray(int p)
// Pre-conditions: a static char[] called Alphabet of length 26
containing the alphabet (in UPPER CASE!!),
and the string inputStr is an input parameter
// Post-conditions: an int[] of length 26 is calculated, where
each value in the integer array is the
number of occurrences (the frequency)
the corresponding letter occurred in InputStr
public static int[] DetermineLetterFrequencies(String InputStr)
// Pre-conditions: character p is the character to be found arr1
arr1 is the array to search through
arr2 is the array to return a character from
// Post-conditions: Search through arr1 to find the character p, and
return the corresponding character in arr2
private char FindInCorrArray(char p, ref char[] arr1, ref char[] arr2)
Lab Questions
1. What type of cipher is this program useful for breaking?
2. In this type of cipher, the relationship between characters in the plaintext and characters in the
ciphertext is __________.
3. List the frequencies for the top 4 characters found in the given ciphertext:
4. Break the cipher text given in the following. What is the plaintext? What is the key?
What To Turn in:
A zip file named, containing:
A text file or Word document containing yours answers to the Lab Questions
If you changed any other files in your project, please include them as well
2.1 Lab on encryption using binary/byte addition
Under this encryption algorithm, the key entered is added character by character (byte by byte) to the
data to be encrypted. Here addition modulo 256 is used, i.e. so that any carry-overs are ignored. The key
is applied cyclically (as under the Vigenère encryption algorithm and also with the Exclusive-OR), i.e.
once all the characters (bytes) of the key have been used, the algorithm reverts to the first character
until the text has been completely encrypted.
To decrypt the text, the characters of the key have to be subtracted from the encrypted text modulo
If one knows the characters which occur most frequently in the plaintext, it is then possible to work out
the key with the aid of a computer (and hence also the plaintext) (see Automatic analysis, Byte
The key used for Binary Addition is entered in the Key entry dialog.
This encryption algorithm can be easily broken with a Ciphertext-Only attack (see Automatic analysis,
Byte Addition). An example of this will be found in the Examples chapter.
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
2. Click “Analysis\Tools for Analysis\Histogram”.
We can see from the histogram that the character which occurs most frequently is the letter E. This is
true of many German and English texts. This information will be used later on during our attack.
3. Close the histogram dialog. Choose from menu “Encrypt/Decrypt\Symmetric\Byte Addition”.
4. Enter 12 34 AB CD as the key and click Encrypt.
The encrypted message shows up:
5. cipher text only attack will be performed. Choose from menu “Analysis\Symmetric\Ciphertextonly\Byte Addition”.
We are told that key length is calculated to be 4. The commonest character is E with hexadecimal value
of 45. If we look at the plaintext, the most frequently character is e with hexadecimal value of 65. We
enter into the Expected most common character field in the Byte-by-byte Addition Analysis box 20 (=6545).
6. Click “Continue”, CrypTool has been able to find the key. The only information was needed to do this
was the fact that the character which occurred most frequently in the plaintext was the lower case
letter e.
7. Click the “Decrypt” button shows the plaintext.
8. If the text is compressed prior to encryption then we will not be able to draw any conclusions from
the frequency distribution of the characters in the text about the frequency distribution of the
compressed text, since the compression process not only reduces size of a file but alters the frequencies
of the individual characters so that they no longer reflect the frequencies of the characters in the
original text. To compress the document, we make startingexample-en.txt active again. And select
“Indiv. Procedure\Tools\Compress\Zip”, the rate of compression is displayed.
9. Click “OK”, the compressed document is shown.
10. Click “Analysis\Tools for Analysis\Histogram” to see its histogram. The compression produces a
quite different histogram profile from the one previously obtained for the uncompressed document.
The characters are much more evenly distributed than in the unencrypted document.
11. Make the compressed document the active window once again and the encrypt it using the same
key 12 34 AB CD.
12. Click “Encrypt”.
13. We invoke the analysis again by choosing from menu “Analysis\Symmetric\Ciphertext-only\Byte
CrypTool returns an incorrect key length of 12.
Given this key length, it is not possible to find the correct key either.
14. We will check whether it is possible to arrive at a readable version of the text document from the
compressed and then encrypted document. We will provide the key and then unzip.
We will make the compressed and encrypted document the active window again. Choose from menu
“Encrypt/Decrypt\Symmetric\Byte Addition”.
15. Enter 12 34 AB CD as the key and click Decrypt.
16. Choose from menu “Indiv. Procedure\Tools\Compress\UnZip”, and the original text is displayed.
2.2 Encryption using binary Exclusive-OR (XOR)
1. Open file CrypTool.bmp from “C:\Program Files (x86)\CrypTool\examples”.
2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \
You can see from the histogram that the character which occurs most frequently has the value 255. In
hexadecimal notation this corresponds to FF. This information will be used later on during our attack.
3. Click on the window of “CrypTool.bmp”. And click “Encrypt\Decrypt/Symmetric/XOR” from menu.
4. Enter 12 34 56 78 as the key.
5. Click “Encrypt”
6. We will perform the cipher-text only attack. Select “Analysis\Symmetric Encryption\CiphertextOnly\XOR”.
The autocorrelation is calculated and displayed. We are told that the key length is calculated to be 4. As
we have seen in step 2, the most commonest character is FF. This we enter in the Expected most
common character field.
7. Click “Continue”.
8. Click “Decrypt”.
9. If we compress the document before encryption. By clicking “Indiv. Procedure\Tools\Compress\Zip”.
10. Select “Analysis\Tools for Analysis \ Histogram”, which produces a quite different histogram from
the one previously obtained for the uncompressed picture in bitmap format.
11. Encrypt the compressed document by selecting “Encrypt\Decrypt/Symmetric/XOR” from menu and
use 12 34 56 78 as the key.
12. We will perform the analysis. Select “Analysis\Symmetric Encryption\Ciphertext-Only\XOR”.
CrypTool returns incorrect key length.
2.3 Triple DES with CBC mode and Weak DES keys
1. Open file “CrypTool-en.txt” from “C:\Program Files (x86)\CrypTool\examples”.
2. Look at the frequency distribution of the characters by clicking “Analysis\Tools for Analysis \
3. Encrypt the document by selecting “Encrypt/Decrpt\Symmetric (modern)\Triple DES (CBC)”.
4. Use 12 34 AB CD as the key.
5. Click the Encrypt button.
6. Look at histogram of the encrypted document, which bears no resemblance to the histogram of the
unencrypted document.
7. The autocorrelation exhibits no regularity which may provide a clue as to the key length.
8. The decryption of the document functions like encryption except that the Decrypt button is clicked.
9. We want to determine the key from the encrypted document using a brute-force attack.
Select “Analysis\Symmetric Encryption (modern)\Triple DES (CBC)” from menu. Enter ** ** AB CD 00
00 00 00 00 00 00 00 00 00 00 00 as the key.
10. Click “Start”.
11. The first one returns readable results. Click “Accept selection”. The original plaintext shows up.
Weak DES Keys
1. Click Encrypt/Decrypt\Symmetric(modern)\DES(ECB) when CrypTool-en.txt is open. Enter 01 01 01 01
01 01 01 01 as the key.
2. Click “Encrypt” button.
3. Repeat step 1 using the same key. Plaintext shows up on the right.
2.4 Lab on Testing Different Modes in Symmetric Ciphers
Symmetric key cryptography provides several modes of operation, including Electronic Codebook (ECB),
Cipher-Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter Mode (CTR),
as shown in Figure 1. Modes of operation have been devised to encipher text of any size employing
either DES or AES. Two important properties of these encryption modes that this lab will explore are
pattern preservation and error propagation. Pattern preservation means that a block of plaintext is
encrypted into a block of cipher text the same way every time; e.g. if Eve finds out that cipher text
blocks 1, 5, and 10 are the same, she knows that plaintext blocks 1, 5, and 10 are the same. Error
propagation means that a single bit error in transmission of a cipher text block creates errors in not only
the decryption of the affected block, but propagates to the following blocks of the message.
Figure 1. Modes of Operation
Lab Tasks
Create an application to encrypt and decrypt messages using DES or AES ciphers using a programming
language/cryptographic package of your own choice. Java has a mature offering in the form of its Java
Cryptography Extension, which is integrated with the Java 2 SE SDK. An article on using AES with Java
can be found here: BSAFE from RSA is available
under share project. You can choose a language/package that allows for the selection of operation
mode (ECB, CBC, etc.) for encryption/decryption.
Task 1 Implement DES and AES ciphers.
Create an application in the language of your choice that implements encryption of a plaintext series of
bytes, and decryption of the created cipher text.
Task 2 Investigate Properties of Modes in DES and AES
Your application should use either AES or DES encryption, and employ each of the following algorithm
modes: ECB, CBC, CFB, OFB, and CTR. Your application should test pattern preservation by encrypting
plaintext that includes a pattern, and examining the cipher text to see if the pattern is preserved. Your
program should test error propagation by modifying one byte of the cipher text prior to decryption, and
then examining the decrypted plaintext. The output from your program should resemble the following:
opmode: CFB
input : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 00 01 02 03 04 05 06 07
cipher: 61 a1 f8 86 ff 9b c7 09 4f c0 bc 1b 17 3a d7 bb c7 d7 1a 36 61 45 dd a8
Modifying random byte: bb->ba
plain : 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0e 34 8b 0c bf fb 7f 9c de
Prepare a written report of your examination of the two discussed properties of the different
cryptographic modes of operation. Include a completed version of the table below in your report (fill in
each block with a yes, no, or other comment). Include the source code of your application with your
Error propagation
To test pattern preservation property, you can include repeated blocks in your plaintext and observe the
results of cipher text.
To test error propagation property, you can encrypt plaintext first and then modify one bit in ciphertext
and check the decryption results.
3.1 Lab on RSA Encryption and Factorization Attacks
Encryption or decryption of messages using the RSA key pair.
1. Select Individual Procedures/RSA Cryptosystem/RSA Demonstration
2. Enter the RSA key p=47, q=79, e=37. The parameters N = p*q=3713 and phi(N)=3588 and d=97 are
3. Click Alphabet and number system options
4. Choose specify alphabet under Alphabet Options and number system under Method for coding of
text into number. Enter 2 in Block length in characters.
5. To confirm your entries, click on OK. You can now enter the input the text, “WORKSHOP AT
CHATTANOOGA”, in the input line and click on the Encrypt button.
6. To decrypt, copy text in Encryption into ciphertext 1999 # 3408 # 2545 # 2798 # 0001 # 3284 # 3613 #
1404 # 2932 # 0208 # 1095 # 3306 to input text area. And click Decrypt button.
Encryption of the message with block length 1 v.s. encryption of the message with block length 2.
1. Create the RSA key p=251, q=269, e=65537. The value of N is
, the value of private key d is
, the value of phi(N) is
2. Click Alphabet and number system options
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block
into numbers and 1 in Block length in characters.
3. To confirm your entries, click on OK. You can now enter the input the text, “RUBY FALLS!”, in the
input line and click on the Encrypt button.
The encrypted version of this is the number sequence is
The number “#” serves here to visually split up the individual numbers. If you insert these numbers into
the input line and then choose Decrypt, the original plaintext will be restored.
4. Click Alphabet and number system options
Choose All 256 ASCII characters under Alphabet options, b-adic under Method for coding and a block
into numbers and 2 in Block length in characters.
5. To confirm your entries, click on OK.
6. You will receive a cipher text that is only half as long:
Attack on RSA encryption with short RSA modulus
The analysis is performed in two stages: first of all the prime factorization of the RSA modulus is
calculated using factorization, and then in the second stage the secret key for encryption of the message
is determined. After this, the cipher text can be decrypted with the cracked secret key.
We will figure out plaintext given
RSA modulus n = 63978486879527143858831415041
Public exponent e = 17579
Cipher text = 45411667895024938209259253423, 16597091621432020076311552201,
46468979279750354732637631044, 32870167545903741339819671379
1. Factorization of the RSA modulus with the aid of prime factorization.
To break down the natural number, select menu sequence Indiv. Procedure/RSA Cryptosystem /
Factorization of a Number.
2. The two components of the public key is
RSA modulus n = 63978486879527143858831415041
Public exponent e = 17579
Enter n=63978486879527143858831415041 as input and click Continue.
It is interesting to see which procedure broke down the RSA modulus the fastest.
2. Calculate the secret key d from the prime factorization of n and the public key e:
With the knowledge of the prime factors p = 145295143558111 and q = 440334654777631 and the
public key e = 17579, we are in a position to decrypt the ciphertext.
3. Open the next dialog box via menu selection Indiv. Procedure/RSA Cryptosystem/RSA
4. Enter p = 145295143558111 and q = 440334654777631 and the public key e = 17579.
5. Click on Alphabet and number system options and make the following settings:
Alphabet options: Specify alphabet
RSA variant: Normal
Method for coding a block into number: Number system
Block length: 14
Number system: Decimal
6. Enter the following cipher text in the input text field. And click Decrypt button.
Side Channel Attack to RSA:
1. Select from menu: “Analysis” \“Asymmetric Encryption” \“Side-Channel Attack on Textbook RSA”
2. Click “Introduction to the scenario”.
3. Click “Perform preparation” and click “OK”
4. Click “OK” again.
5. Click “Generate session key” and “Session Key”. The generated session key is “9E B7 61 D9 E4 F9
34 AA 91 F7 C4 CB 56 7D 98 88”.
6. Click “Select asymmetr. key”.
7. Select Bob’s key and click “OK”.
8. Click “Encrypt document symmetry.”, “Encrypt session key asymmetry.” and “Save”.
9. Click “Transmit message” and “Decrypt message”.
10. Enter 1234 and click “OK”.
11. Click “Intercept message” and “Start attack cycle”.
12. Click “All steps at once” button.
13. Click “OK” and icon of Trudy (Attacker).
The session key is 9EB761D9E4F934AA91F7C4CB567D9888 which matches the one generated in Step 5.
3.2 Lab on Short Message RSA Attacks and Padding
In short message attack of RSA, if it is known that Alice is sending a four-digit number to Bob, Eve can
easily try plaintext numbers from 0000 to 9999 to find the plaintext. Therefore, short message must be
padded with random bits. If you are Eve, show that you are able to find the plaintext containing four
digit numbers given ciphertext.
Optimal asymmetric encryption padding (OAEP) is recommended when short messages are encrypted
with RSA algorithms. The following is the encryption and decryption processes of OAEP.
 Encryption
 Pad the message to make m-bit message M, if M is less than m-bit
 Choose a random number r
 User one-way function G that inputs r-bit integer and outputs m-bit integer. This is the
 P1 = M  G®
 P2 = H(P1)  r, function H inputs m-bit and outputs k-bit
 C = E(P1 || P2). User RSA encryption here
 Decryption
 P = D (P1 || P2)
 Bob first recreates the value of r:
H(P1)  P2 = H(P1)  H(P1)  r = r
 Bob recreates msg:
G(r)  P1 = G(r)  G(r)  M = M
Pad your message with OAEP padding and then encrypt by RSA.
What to submit:
A report describes how you find the unpadded short plaintext (50 points), describes what you have
observed after you apply OAEP padding (20 points), and discusses feasibility of short message attack
after padding (30 points).
3.3 Lab on RSA Timing Attacks
RSA Timing Attacks
Brief Description
A timing attack is an attack which cleverly uses the fourth dimension, time. If an algorithm is not
specifically designed to thwart this attack, then an attacker can observe the required amount of time for
a calculation to be done and monitor the differences in calculation times. For example, the calculation of
converting a “0” in plain text to cipher text versus converting a “1” in plain text to cipher text may
require less time. This measured amount of time can be used to rebuild the key or figure out the plain
Lab Overview
RSA Encryption is complicated and also has protections against timing attacks, so we will be using a
more simple example for this lab. We have performed two operations many, many times, specifically
the add and multiply operation. The add is performed much faster than the multiply especially when
scaled across many iterations. We will use this as our test case; a shorter operation will represent the
processing of a zero and the long operation would represent the processing of a one. So given a stream
of output times from a program which monitors these operations, you should be able to reconstruct a
string ones and zeroes.
Different machines will require a different amount of time to process. So our implementation will take
this into account by not using specific time values when processing the times from our “gathered” data.
It may be a good approach to calculate an average time, and then compare each time value against this
value to determine if it is a “1” or a “0”. After we have created a string of ones and zeroes, we will
process these to generate our ASCII output (Google “ascii table”, if you are confused)
To Complete...
Using Visual Studio, open the provided “TimingAttackLab.sln”. This project was used to create the file
“time_data”, which should be located in “....\TimingAttackLab\bin\Debug\”. Have a look at the
“time_data” file; it is simply the number of ticks used to calculate a 1 or a 0. We assume a 1 takes more
time to calculate than a 0.
The project only has a few functions that are left to be implemented in order for you to decrypt the
super-secret message.
Turn in a lab report containing:
-Your implementation of the functions “public static String BinStr2ASCII(String BinStr)” and
“public static String LongToBinStr(long[] TimeData)”
-The decoded message from running the complete program.
And answers to the following questions:
1) What are some possible ways an algorithm could be designed to thwart timing attacks?
2) What assumptions must be true for an attacker to be able to perform a timing attack?
3) As a machine increases in processing power, is the difference in processing time between inputs (for
example a one and a zero) likely to be greater or smaller?
4.1 Lab on hash generation and sensitivity of hash functions to plaintext
Keyed-Hash Message Authentication Code (HMAC) ensures integrity of a message and authentication of
the message. It requires a common key for sender and recipient.
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
2. Select from Menu “Indiv. Procedures” \“Hash” \“Generation of HMACs”.
3. Select SHA-1 as hash function and double hashing as HMAC variants.
4. Enter your key “chattanooga”. The HMAC code generated from the message and the key is
66 C2 2E BA 41 36 6D EB EA FB 8E B1 7D B1 3B 42 5A 15 98 E1
5. Select from menu “Indiv. Procedures” \“Hash” \“Hash Demonstration”.
6. Select a hash function from Selection of hash function.
7. add a space after CrypTool in plaintext. We will see 49.22% bits differ (63 of 128). A good hash
function should react highly sensitively to even the smallest change in the plaintext –“Avalanche effect”
(small change, big impact).
4.2 Lab on Hash Function
Either SHA-1, HMAC, or MD5 can be selected to finish the following problems.
Problem One (50):
Use an example to show that Hash function can help to protect integrity of your message. You can
encrypt your plaintext message, tamper the cipher text and use hash function to check whether the
decrypted messaged is changed.
Problems Two (50):
Use an example to show that if you tamper both ciphertext and hashcode properly, you can escape from
the integrity check of hash function.
5.1 Lab on Digital Signature Visualization
1. Select from menu of CrypTool “Digital Signatures/PKI” \ “Signature Demonstration (Signature
2. Click on “Select hash function”. Choose MD5 (or others) and click OK.
3. Click “Generate Key” and “Generate prime numbers” in step by step Signature Generation dialog.
4. Enter 2^150 as the lower limit and 2^151 as upper limit. And click Generate prime numbers and
apply primes.
5. Click Store key button.
6. Click Provide certificate button. Enter
Name: Smith
First name: Mary
Key identifier: Mary key
PIN: cryptool
PIN verification: cryptool
7. And click “Create Certificate and PSE”.
8. click “Compute hash value”.
9. Click “Encrypt hash value”.
10. Click “Generate signature”.
11. Click “Store signature”.
12 click “OK”, you will see RSA (md5)signature of <startingexample-en.txt>.
5.2 Lab on RSA Signature
1. Open the file CrypTool-en.txt under C:\Program Files (x86)\CrypTool\examples.
2. Click from menu Digital Signatures/PKI\PKI\Generate/Import Keys.
3. Enter the following
Last name: Smith
First name: John
Key identifier: Smith Key
PIN code: cryptool
PIN: cryptool
And click on the Generate new key pair button.
4. The following window shows up and click OK:
5. Click Show Key Pair, you will see
6. The certificate is displayed by clicking on the Show certificate pushbutton.
7. Close both dialogs on Certificate Data and Available Asymmetric Key Pairs.
8. To sign the document of CrypTool-en.txt, select Digital Signatures/PKI\Sign Message. Enter the
Choose hash function: RIPEMD-160
Choose signature algorithm: RSA
Choose a key/PSE to be used when signing: Smith John
PIN code: cryptool
And click on Sign button.
9. Click OK button. The dialog box closes and the signed document is displayed.
10. The signature is at the start of the document and the document to be signed is at the end, as can be
verified easily by comparing with the original document. A clearer presentation, with the separation of
the signature and the document, can be obtained by selecting Digital Signature/PKI\Extract Signature.
11. Select Digital Signature/PKI\Verify Signature to check that the document has not been altered.
12. Select John Smith from the list of signatures and click on the Verify signature button. The following
dialog appears.
13. Modify the message by deleting “What”.
14. Select Digital Signature/PKI\Verify Signature, the following dialog box appears:
5.3 Lab on Attack on Digital Signature/Hash Collision
Find two messages with the same hash value.
1. Select “Analysis” \“Hash” \“Attack on the Hash Value of the Digital Signature” from the menu.
2. Click “Options”.
3. Choose MD5 under Hash function and 40 for Significant bit length, and click Apply.
4. Click “Start Search” in dialog of Attack on the Hash Value of the Digital Signature.
5. Click “OK” and “Print Statistics”.
6. After modifying the two messages, the hash value of them are the same. The message will not appear
to change, since only unprintable characters will be used to modify them.
A 72-bit partial collision (i.e., the first 72 hash value bits are identical) was found in a couple of days
using a single PC. Today signatures with hash values of 128 bits or less are vulnerable to a massive
parallel search. It is therefore recommended to use hash values with a length of at least 160 bits.
5.4 Lab on Digital Signature
Problems One:
Generate keys and a digital signature for data using the private key and to export the public key and the
signature to files. Verify a digital signature by importing a public key and a signature that is alleged to be
the signature of a specified data file and to verify the authenticity of the signature.
6.1 Lab on Writing a Simple Certificate Authority
Certificates, or to be more specific, public key certificates, provide a mechanism that allows a third
party, or issuer, to vouch for the fact that a particular public key is linked with a particular owner, or
subject. Every certificate has a private key associated with it, and a chain of certificates is a list of
certificates where each certificate other than the first one and the last one have had its private key used
to sign the next certificate after it. The first certificate, the root certificate, is normally self-signed; you
have to accept it as trusted for the certificate chain to be valid. The last certificate, or the end entity
certificate, simply provides you with a public key you are interested in, which, assuming you accept the
root certificate, you can regard as authentic. The entity responsible for issuing the certificate is referred
to as a certificate authority, or more commonly, CA.
Write an application that creates a certificate from a certificate request.
In the application, you will create two key pairs: on is used to create a certificate request and the other
is used to issue a root certificate. The certificate that gets created from the certificate request is a
version 3 certificate. The extra extensions are the AuthorityKeyIdentifier and the SubjectKeyIdentifier,
which are required for RFC3280 compliance.
Your application starts out pretending it is a client and then starts to behave as a CA instead. First, in
“client mode”, a certificate request is created; then in “CA mode”, a root certificate is created. Next, still
in CA mode, the certificate request is validated and then the client certificate is created. This step
introduces a couple of new classes as well: AuthorityKeyIdentifierStructure and SubjectKeyIdentifier
structure, both of which are defined in the org.bouncycastle.x509.extension package.
Create key pairs for a request
Create a certificate request
Create a root key pair and create a root certificate
Validate the certificate request
Create the certificate using the information on the request (get owner,
owner’s public key and algorithm from the request)
Use root’s private key to sign the certificate
Print out the issued certificate
Crypto Case 1: How Do You Secure
BlackBerry Devices?
Real-world Scenario: The BlackBerry is a wireless handheld device which supports push e-mail, mobile
telephone, text messaging, internet faxing, web browsing and other wireless information services. It
delivers information over the wireless data networks of mobile phone service companies.
Problem and Activities: We will secure data traffic in transit between the BlackBerry Server and the
BlackBerry devices and data stored in the BlackBerry device using cryptography. Three special
requirements specific to the BlackBerry need to be considered: 1) Communication is done through
wireless links, which is more vulnerable than wired communication. 2) The limited computation
capability in the BlackBerry. 3) The device may be stolen or grabbed by someone other than the owner.
Learning outcomes: Students gain knowledge of wireless handheld devices, and are able to take the
above requirements into consideration when they use and implement learned cryptography techniques
to protect data communication and storage.
Assessment: Students are able to secure wireless data communication as well as data storage.
Crypto Case 2: Do You Trust Others in
Virtual Environment?
Real-world Scenario: Virtualization is almost a mainstream technology today because it reduces power
usage, makes server and OS deployments more flexible, and better uses storage and systems resources.
It helps to advance cloud computing, a new concept of collaboration and distribution. Virtualization
technology allows one box hosts multiple virtual machines (VMs) and provides a computing
environment for remote users. How do we provide separate VMs so that they can not affect each other
in one box? How do we ensure security, compliance and trust in a virtual environment?
Problem and Activities: 1) Investigate solutions to separate VMs in one box; 2) study how to provide
authentication to virtual users; and 3) propose solutions to prevent data loss.
Learning outcomes: Students gain knowledge of virtualization technology as well challenges faced by
virtualization. Students know how to separate VMs using cryptography techniques, and authenticate
users in a virtual environment in a scalable fashion.
Assessment: Students are able to setup a virtual environment and implement proposed security
Crypto Case 3: Ensure the validity of
Forensic Evidence by Using a Hash
Real-world Scenario: A forensic hash is used for identification, verification, and authentication of file
data. A forensic hash is the process of using a mathematical function and applying it to the collected
data, which results in a hash value that is a unique identifier for the acquired (collected) data (similar to
a DNA sequence or a fingerprint of the data). The National Child Victim Identification Program (NCVIP)
Hash Sets are created to identify victim images of child sexual exploitation. Both MD5 and SHA-1
algorithms are commonly used on forensic image files. The hash process is normally used during
acquisition of the evidence, during verification of the forensic image (duplicate of the evidence), and
again at the end of the examination to insure the integrity of the data and forensic processing.
Problem and Activities: 1) Students will practice digital evidence acquisition by acquiring a forensic
image, creating indexes, looking for evidence within the image, and generating reports.
2) Discuss collision in algorithm of MD5 and SHA-1. Since a hash collision would prevent known file filter
identification, can criminals create a duplicate set of innocuous picture files whose hash values match a
collection of contraband pornography?
Learning outcomes: Students will understand hash algorithm, “digital fingerprints”, and related
cryptography methods used in law enforcement.
Assessment: Students will write reports and discussion summaries.
Crypto Case 4: How Do You Secure Patient
Real-world Scenario: Health care information security planning, policies, digital right and privacy
management are subject to Health Insurance Portability and Accountability Act (HIPPA). Students will
design their security policies and use cryptographic techniques to implement those policies.
Problem and Activities: 1) Students will study HIPPA and design security policies compliant to HIPPA. 2)
They will secure health data storage, electronic transaction and control access using authentication.
Learning outcomes: Students will be able to design security policies according to corresponding to
regulations. They will be able to implement security policies using cryptographic techniques.
Assessment: Students will write report and do presentations.
Crypto Case 5: Is SSL/TLS Enough to Secure
Real-world Scenario: E-commerce/Web services integrate web-based applications and allow
communication among different sources.
Problem and Activities: 1) Design an authentication solution which enables e-commerce/web services to
more than three parities to be authenticated to one another. For example, a cardholder, an online
merchant, and a bank can authenticate each other. Standards like SSL/TLS (Secure Socket
Layer/Transport Level Security) only support point-to-point authentication. 2) Design an encryption
solution that supports selective encryption. This is useful in a workflow scenario where a document may
be processed by several applications, or signed, viewed, or approved by numerous people. Standards
like S/MIME (Secure Socket Layer/Transport Level Security) and PGP (Pretty Good Privacy) as well as
SSL/TLS treat each message as a whole.
Learning Outcomes: Students will be able to analyze requirements, design their own protocol to support
multiple-party authentication, and selective encryption. Students will learn and practice how to provide
quality of protection through message integrity, message confidentiality, and single message
authentication. The XML (extensible markup language), web service security, SOAP (Simple Object
Access Protocol) messaging will be investigated.
Assessment: Students will use written report and oral presentation to demonstrate the results.
List of participants
Xiaohui (Sean) Cui, Ph.D.
Research Scientist
Applied Software Engineering Group
Computational Science and Engineering Division
Oak Ridge National Laboratory
Jim Chen, Ph.D.
Professor and Program Director of Information Assurance
Graduate School of Management & Technology
University of Maryland University College
Qing Yuan, Ph.D.
Director of Business & Information Technology
Garrett College
687 Mosser Road
McHenry, Maryland 21541
Phone: 301.387.3043
Fax: 301.387.3055
Raimund K. Ege, Ph.D.
Associate Professor
Department of Computer Science
Psychology-Computer Science Building
Northern Illinois University
DeKalb, IL 60115 USA
Email: ege@niu.eduedu
Edward L. Wiley
Coordinator and Instructor
Computer and Network Security Program
Wilmington University
320 N. DuPont Highway
New Castle, DE 19720-6491
Hetal Jasani, Ph.D.
Assistant Professor
Department of Computer Science
Northern Kentucky University
Phone: 859.572.7632
Jill R. Schaumloeffel
Professor of Information Technology
Garrett College
687 Mosser Road
McHenry, MD 21541
Mark Stockman
Associate Professor
University of Cincinnati
Phone: 513.556.4227
Bei-Tseng (Bill) Chu
Professor and Chairman Department of Software and Information Systems
Department of Software and Information Systems,
UNC Charlotte, 9201 University City Blvd, Charlotte, NC 28223
Phone: 704-687-4568
Fax 704-687-4893
Lih-Yuan Deng
Professor of Mathematical Sciences/Computer Science
The University of Memphis
Phone: (901) 678-3134
Fax: (901) 678-2480
Office: Dunn Hall 359
Rong Yang
Assistant Professor
Department of Mathematics and Computer Science
Western Kentucky University
Kathy Winters
Department of Computer Science and Engineering, Dept. 2302
The University of Tennessee at Chattanooga
735 Vine Street, EMCS 314
Chattanooga, Tennessee, 37403
Mina Sartipi, Ph.D.
Associate Professor
The University of Tennessee at Chattanooga
735 Vine Street, EMCS 314
Chattanooga, Tennessee, 37403
Jack Thompson, Ph.D.
The University of Tennessee at Chattanooga
735 Vine Street, EMCS 314
Chattanooga, Tennessee, 37403
Semmy Purewal
Georgia Gwinnett College
Yi Ding
Georgia Gwinnett College
Wei Liu
Georgia Gwinnett College
Andy Wang
Professor and Chair of Computer Science
Southern Polytechnic State University
Chung-Han Chen
Computer Science Department
Tuskegee University
Cheng-Tzu Wang, PhD.
Associate Professor
Computer Science Department
Taipei University of Education, Taipei, Taiwan
Li Yang, Ph.D.
Associate Professor and Graduate Program Coordinator,
Department of Computer Science and Engineering, Dept. 2302
The University of Tennessee at Chattanooga
735 Vine Street, EMCS 314A
Chattanooga, Tennessee, 37403
Tel: 1-423-425-4392; Fax: 1-423-425-5442
Joseph M. Kizza, Ph.D.
Professor and Head
Department of Computer Science & Engineering
The University of Tennessee-Chattanooga
Chattanooga, Tennessee, 37403
Tel: 1-423-425-4043; Fax: 1-423-425-5442
Wade Gasior
University of Tennessee at Chattanooga