Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Media

word document

advertisement 
Page |1
Encryption with OPENSSL
Date Assigned: mm/dd/yyyy
Time Due: mm/dd/yyyy by hh:mm
Educational Objectives
This lab is designed for students to gain first-hand experience on symmetric encryption
algorithms, encryption modes, padding scheme and initial vector (IV) using available libraries.
Lab Environment
One Fedora 18 Linux VM will be used for this lab.
Section 1 Preparation
The cryptographic library implemented by OpenSSL project will be used in this lab. Detailed
description about OpenSSL and the libraries can be found from the following link:
http://www.openssl.org/
Please install OpenSSL on a Fedora system by executing the following command as a root:
yum install openssl
In addition, the GHex, a hex editor for GNOME, will be used in this lab to edit a file in binary or
hex. More information about GHex can be found from the following link:
http://directory.fsf.org/wiki/Ghex#tab=Overview
Please install GHex on a Fedora system by executing the following command as a root:
yum install ghex
The executable is named as ghex. Type the following command will launch GHex with a
window similar to the following screenshot.
ghex
Page |2
From there, you can open a file, edit it and save it. It works as a regular text editor, but you can
see and modify a file in binary or hex. You can make changes on a specific bit.
Section 2 Encryption Using Different Ciphers and Modes
The following command can be used to encrypt/decrypt a file using OpenSSL libraries.
openssl enc -cipher_type –e|d -in file –out file –K key –iv initial_vector
where
cipher_type: the cipher, e.g., –aes-128-cbc, -aes-128-ebc, and etc.
-e|d: encryption | decryption
-in file: input file
-out file: output file
-K key: the Key in hex, e.g., -K 00112233445566778899aabbccddeeff
-iv initial_vector: initial vector in hex, e.g., -iv 0102030405060708
Please use man pages to learn how to use the command openssl enc. (man openssl, man enc)
Please perform the following:




Create a test file of at least 100 bytes.
Encrypt this file.
Decrypt this file.
Try the above using at least three different cipher types and operation modes.
You can find the meaning of the command line options and all the supported cipher types by
using the man page of enc (man enc).
Page |3
Question 1: What were the cipher types and operations modes that you tried?
Question 2: Was the plain text retrieved from the cipher text correctly? If no, explain why.
Section 3 Operation Mode: ECB versus CBC
The file pic_lab4.bmp that is attached to the lab assignment on Canvas contains a simple picture.
Please download the file from the course web page (You can install firefox: yum install –y
firefox to make the file transfer.). We would like to test the ECB and CBC modes using this
picture. Please perform the following:


Open the file pic_lab4.bmp using any image viewing software (Firefox will work for this
purpose. Image Viewer also works.) to view the picture. And then close it.
Encrypt the file using the ECB and CBC modes (e.g.: aes-128-ecb and aes-128-cbc) and
save it in different files (e.g., picture_ecb.bmp and picture_cbc.bmp).
Now, the encrypted pictures cannot be viewed (you can try it) because the header information is
“damaged” by the encryption process. The header information is included in the first 54 bytes in
a .bmp file. In order to view the encrypted picture, the original header information must be
recovered. Please perform the following:


Reset the first 54 bytes of the encrypted files to the original header information using the
GHex tool.
Display the encrypted pictures using a picture viewer (e.g., Image Viewer).
Question 3: Take screenshots that show the encrypted pictures (both ECB and CBC modes)
when they are viewed and attach them here. Indicate the operation mode that is used for
encrypting them for each.
Can you derive useful information about the original picture from the encrypted picture? I
believe you can if the encryption is done with an ECB mode.
Question 4: Please explain your observations. More precisely, please argue the ECB mode
against the CBC mode. Which operation mode can more completely hide the original
information and is more secure? Explain your arguments.
Page |4
Section 4 Encryption Modes – Corrupted Cipher Text
To better understand the properties of various encryption modes, we would like to do the
following exercises:




Create a text file of at least 64-byte long.
Encrypt the file using the aes-128 cipher with CBC, CFB, ECB and OFB mode,
respectively.
Simulate a corrupted bit of the 30th byte in the encrypted files by change the value of that
bit using the GHex tool.
Decrypt the corrupted files (cipher texts) using the correct key and IV.
Please study the plain texts that are recovered from the corrupted cipher texts and answer the
following questions.
Question 5: How many bytes are damaged in the recovered plain texts that are caused by the
corrupted bit in the corresponding cipher text? In which block(s) are those damaged bytes
located?
ECB Mode:
CBC Mode:
CFB Mode:
OFB Mode:
Question 6: Explain why the number of the damaged bytes is different when different operation
mode is used for the encryption.
Section 5 Padding
For block ciphers, when the size of the plaintext is not the even multiple of block size, padding is
required. Please do the following exercises to test padding schemes used in OpenSSL.


The OpenSSL manual says that OpenSSL uses PKCS#5 standard for padding. Please
design an experiment to verify this. In particular, use your experiment to figure out the
padding in the AES encryption when the length of plaintext is 20 and 32 bytes.
Please use ECB, CBC modes to encrypt a file (You can pick any cipher) and study the
padding.
Question 7: Use screenshots and descriptions to describe your experiment that you did to verify
the padding scheme implemented in OpenSSL.
Page |5
Question 8: What are the operation modes that use a padding scheme? If a mode does not use
padding, please explain why. Briefly explain what you did to figure this out.
Section 6 Performance Test (4% bonus)
For the bonus part, please write a script to measure the performance of the ciphers implemented
in OpenSSL. In this test, you must select at least three different ciphers of your choice. For each
cipher, you must choose at least three operation modes of your choice. Generate a large file and
measure the time to encrypt it using different ciphers.
Question B01: Briefly describe what you did and attach your working code.
Question B02: Give a diagram or table to show your measured results. Briefly summarize your
observations.
Survey Questions
Questions in this section will not be graded, but will make your suggestions and voice heard by
your instructor.
GQ 1. What changes would you like to make to this lab?
GQ 2. How much time did you spend to finish this lab?
GQ 3. Do you learn anything new or gain a better understanding of class lecture by finishing this
lab?
Well, you have completed another lab for this class. Hope you enjoyed doing this lab. Please let
me know if you have any comments.
Page |6
Answer Sheet
========================== Required Questions ===========================
Question 1: What were the cipher types and operations modes that you tried?
Question 2: Was the plain text retrieved from the cipher text correctly? If no, explain why.
Question 3: Take screenshots that show the encrypted pictures (both ECB and CBC modes)
when they are viewed and attach them here. Indicate the operation mode that is used for
encrypting them for each.
Question 4: Please explain your observations. More precisely, please argue the ECB mode
against the CBC mode. Which operation mode can more completely hide the original
information and is more secure? Explain your arguments.
Question 5: How many bytes are damaged in the recovered plain texts that are caused by the
corrupted bit in the corresponding cipher text? In which block(s) are those damaged bytes
located?
ECB Mode:
CBC Mode:
CFB Mode:
OFB Mode:
Question 6: Explain why the number of the damaged bytes is different when different operation
mode is used for the encryption.
Question 7: Use screenshots and descriptions to describe your experiment that you did to verify
the padding scheme implemented in OpenSSL.
Page |7
Question 8: What are the operation modes that use a padding scheme? If a mode does not use
padding, please explain why. Briefly explain what you did to figure this out.
=========================== Bonus Part (4%) ============================
Question B01: Briefly describe what you did and attach your working code.
Question B02: Give a diagram or table to show your measured results. Briefly summarize your
observations.
=========================== Survey Questions ============================
GQ 1. What changes would you like to make to this lab?
GQ 2. How much time did you spend to finish this lab?
GQ 3. Do you learn anything new or gain a better understanding of class lecture by finishing this
lab?
Related documents
Hwk #11
Hwk #11
cs772MidtermFall15Solution
cs772MidtermFall15Solution
SampleHWSubmission
SampleHWSubmission
VideoCase08:_Security
VideoCase08:_Security
homework-02
homework-02
IS-Assignments - WordPress.com
IS-Assignments - WordPress.com
cs772MidtermFall15
cs772MidtermFall15
Homework due 12/22
Homework due 12/22
cryptext round 2 (level 1)
cryptext round 2 (level 1)
Term Project CMPE 553 Cryptography and Network Security, Fall
Term Project CMPE 553 Cryptography and Network Security, Fall
Download
advertisement