ECE4112 Internetwork Security
Cryptography and Authentication
Group Number: _________
Member Names: ___________________
_______________________
Date Assigned:
Date Due:
Last Edited: April 23, 2007
Lab Authored by: Scott Allen Quinn and Joel Davis
Please read the entire lab and any extra materials carefully before starting. Be sure to start early
enough so that you will have time to complete the lab. Answer ALL questions in the Answer
Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the
Date Due.
Goal: The goal of this lab is to introduce some of the concepts in cryptography and
authentication and give some hands on experience with both.
Summary: Through this lab you will first see some of the protocols and encryption
techniques that are used during the semester and commonly used in public. After a brief
description of these protocols you will use some tools to see how a few of them are implemented.
Authentication schemes and examples will follow as well.
Background: Merriam-Webster defines cryptography as “the enciphering and
deciphering of messages in secret code or cipher.” With computers this processes is done
by a computer program. These algorithms are used such that a person or persons can
store or transmit data in such a form that outside parties can not understand what is being
transmitted. Authentication is ensuring the authenticity of the source of communication,
for without this authentication there can be no trust for online commerce. Document and
email signing, digital certificates and directory services both ensure authentication, and
new authentication techniques such as Windows CardSpace are on the forefront of
managed ID's on the Internet.
Prelab: Go to the following website on a computer with internet access.
http://www.nsa.gov/kids/home.cfm
Once there click on the “Make Your Own Secret Codes” button. In the page that opens
click on the “Make a Cipher” link on the left hand side of the screen. This will bring up a
list of a few different simple encryption methods. Read through a couple of these to see
the basic idea of how an encryption algorithm works.
Prelab Questions: After reading over the encryption methods on the website
decode the following:
P1: Decode the following string with the rail fences method
“FM LGY SWSM AI YUI AEOE”
P2: Decode the following string with the number grid method
12353532352444551155115512151543
Lab Scenario: This lab will require a Windows XP, RedHat 4.0, and some
other machine with access to the internet.
Section 1: Cryptography Intro
This section gives brief definitions of some of the more common cryptography terms and
ciphers.
AES (Advanced Encryption Standard) - AES is a block encryption standard that
superseded DES. It is a 128bit encryption standard that is used by the U.S. government
and widely used by other systems including WPA2 and SSH. The cipher operates
individually on 4x4 arrays of bytes. After the arrays are setup four operations are
performed on them to perform the encryption cipher.
ARC4 (ARCFOUR) – see RC4
Asymmetric Key Cryptography- Asymmetric key cryptography is encryption methods
in which two distinct keys are used. These two keys are split between public and private
keys. The private key is generated first and then the public key is determined from some
mathematical derivation of the private.
Block Cipher- A block cipher is a symmetric key encryption in which the operations are
performed on fixed lengths of bits called blocks.
CCMP (Counter Mode with Cipher Block Chaining Message Authentication
Protocol) – CCMP is an encryption protocol used by 802.11i(WPA2), integrating AES,
to help provide more security (replacing TKIP) by combining both encryption and
authentication into a sing protocol.
DES (Data Encryption Standard) – A now relatively insecure encryption standard,
DES uses 56bit encryption and a block cipher. Encryption with this algorithm takes 16
steps plus an initial and final permutation. These permutations did not add to the security
of the cipher, but allowed older hardware to more easily perform the encryption. DES is
not widely used anymore with the implementation of newer ciphers.
Diffie-Hellman- The Diffie-Hellman key exchange protocol is a protocol that allows to
parties to setup a shared secure key without prior knowledge of either group. The system
uses math functions on prime numbers to setup a shared secret key. The algorithm has
been updated to help protect the exchange from man-in-the-middle attacks due to the
algorithm not using authentication. The Diffie-Hellman is widely used for cryptographic
authentication and in the IPSec protocol suite.
DSA (Digital Signature Algorithm) – Is a standard produced by the US Federal
Government for digital signatures.
EAP (Extensible Authentication Protocol) – EAP is an authentication framework used
by both wired and wireless networks. The system is in wide use and has been adopted by
both WPA and WPA2. EAP is not a protocol, but instead defines how the data should be
transferred between parties.
EAP-MSCHAPv2- see PEAP
EAP-TLS (EAP-Transport Layer Security) – Based upon TLS, EAP-TLS is widely
used for wireless networks. EAP-TLS uses a public key infrastructure to connect to
RADIUS authentication server. It is considered to be very secure; however it can be hard
to set up, so not many providers use it. This is what has limited its growth among the
retail community.
FTP/FTPS (or FTP/SSL) - Is the method that FTP sets up and transfers files over the
SSL/TSL protocols
HTTPS- HTTPS refers to secure HTTP connections. The setup is the same, however the
HTTP connection is setup on port 143 and an encryption algorithm such as SSL or TSL is
used to help secure the transfer from man-in-the-middle attacks.
IPSEC- IPSEC is a suite of protocols that help authenticate, setup public keys, and
encrypt streams of IP traffic. There are two levels of the IPSEC suite, the transport and
tunnel modes. In the transport mode, only the data is encrypted. In the tunnel mode the
whole packet is encrypted.
Key- A key is a piece of information that controls the algorithm in cryptographic
algorithm. The key length of an encryption method is a general factor in determining the
security of the algorithm. But, not key is secure unless it is secure. This security may
include it randomness and if it is prime or not. The key for an algorithm can be created
by the user, a random number generator, or by some other key setup protocol such as the
Duffie-Hellman key exchange.
MD5- Not considered secure anymore, MD5 is a widely used hash algorithm that is also
often used for file integrity checking. The hash algorithm is only a single pass algorithm
and can be easily cracked by “Rainbow Tables” in which a hacker can lookup the
encrypted string in a table and see if there are any matches to do a backwards lookup of
the encrypted data. Another problem arising from the single pass is collisions. This
occurs when two inputs generate the same output. This can be used by hackers also to
hide the identity of their Trojans..
PEAP- PEAP is a protocol designed by CISCO, Microsoft, and RSA Security. There are
two versions of the standard. One is PEAPv0/EAP-MSCHAPv2 which is one of the most
widely used forms of EAP. It is widely used, and natively supported in all newer
versions of Windows (both client and server versions) and OSX. The other version of
PEAP is called PEAPv1/EAP-GTC, and is produced by CISCO. This protocol is similar
to the other, but allows for other authentication other then MSCHAPv2.
PGP (Pretty Good Privacy) – PGP is a program that provides both encryption and
authentication of data. The program uses both symmetric and asymmetric keys to
encrypt e-mail, single files or folders, and whole hard drives. The sender first uses a
session key to encrypt the message and then a public key is used to encrypt the session
key itself. The sender then sends the file to another user who used their private key to
decrypt the session key. The session key is then used again to decrypt the contents of the
message.
Private Key- The private key is the key in an asymmetric key cryptography method that
is kept secret by the originator of the keys. It is used to decrypt the message encrypted by
the public key.
Private Key Encryption- see Symmetric Key Encryption
Public Key- The public key is generated from the private key and is sent out to other
users in which the originator wants encrypted messages from. Even though the public
key is determined by the private key, there is no simply backwards mathematical method
to re-determine the private key from just the public.
Public Key Cryptography – see Asymmetric Cryptography
RADIUS (Remote Authentication Dial In User Service) – Is a system that used for
remote authentication for wireless or ISP providers. When a user wants to connect to the
service they send their Username and Password to the provider’s Network Access Server.
This server then sends the information to a RADIUS server where an authentication
scheme is used to check the identity of the user. Once their identity is verified they are
logged into the provider’s system.
RC4- Is one of the most widely used stream ciphers. It is used by both SSL and WEP to
encrypt data. Not considered very secure, this encryption method is not suggested to be
used in newer security schemes. The encryption uses a pseudorandom stream of bits that
is XORed with the original text of the message. To decrypt the message the encrypted
data is again XORed to reproduce the original message.
RSA- RSA is an asymmetric protocol. Even though it is an older encryption method it is
still considered secure given that the implementation is decent and the key is adequately
long. It is widely used for digital signatures and for electronic commerce.
SCP (Secure Copy) – Is the method of securing file transfers by transmitting files over
the SSH protocol. SCP does not provide authentication, however uses SSH to setup the
connections for the transfers.
Secret Key Cryptography – see Symmetric Cryptography
SHA (Security Hash Algorithm) – Is a set of hash algorithms developed by the NSA.
These algorithms are considered secure because no two messages generate the same hash
and there is no way to connect the message to the hash. The lowest variation of SHA has
been broken by researches, but the higher four variants have not been compromised.
SSH (Secure Shell) – SSH is a public key algorithm used to authenticate and secure
connections between systems. This connection can be used as a secure path to do many
things including: terminal commands, file transfers, VNC, Remote Desktop, and many
other programs that can use port forwarding to transfer data through the SSH connection.
SSH FTP (or SFTP) - SFTP is a protocol that uses SSH to transfer files. Much like
SCP, SFTP does not implement authentication or encryption, but relies upon SSH for
these functions. However, SFTP does offer more features then SCP does including:
resuming of interrupted transfers, directory listings, and remote file deletion.
SSL- see TLS
Stream Cipher- A stream cipher is a cipher in which each plaintext character is
encrypted one at a time with the transformations varying for each successive character.
Single Key Cryptography- see Symmetric Key Cryptography
Symmetric Key Cryptography- Symmetric algorithms are ones in which the keys for
encrypting and decrypting the data are the same or very closely related.
TKIP (Temporal Key Integrity Protocol) – TKIP is a key protocol used in WPA to
help solve the problems of WEP while 802.11i (WPA2) was being developed. TKIP
works on RC4 encryption however mixes the key per packet, does a data integrity check,
and sets up a system for re-keying. This allows for every packet to be sent with its own
encryption key.
Triple DES- Is pretty much the DES algorithm except it is performed three times (168bit
key) to help increase its security.
TLS- TLS/SSL are cryptographic protocols that secure web browsing, e-mail, IM, and
other data streams on the internet. SSL 3.0 and TLS 1.0 are largely the same protocol.
The connection is usually setup between an authenticated server and an unauthenticated
client. The protocol can use both symmetric and asymmetric keys. In their respective
categories TLS can use ciphers including RSA, DSA, Diffie-Hellman, RC4, DES, MD5,
SHA, and multiple others.
Weak Key- A Weak Key is a key that when inputted into an encryption algorithm makes
the algorithm act in an undesired way (i.e. easily crack able). Some algorithms that have
weak keys are RC4 and DES. If an algorithm has no weak keys, it is said to have a flat
key space.
WEP (Wired Equivalent Privacy) – WEP is part of the 802.11 standard that tries to
protect the wireless signal from eavesdropping. Soon after implementation its security
was breached due to its use of the RC4 cipher. Although it deters casual snooping it is
not a reliable choice for wireless security. It has been superseded by WPA and soon after
WPA2.
WPA (Wi-Fi Protected Access) – WPA was an intermediate step in the creation of
802.11i. Because of the security risk the WPA standard was rolled out while the 802.11i
standard was being finalized. WPA still uses the RC4 encryption algorithm, but with a
standard 128bit cipher and with the use of TKIP. These improvements greatly increased
the security of Wi-Fi traffic.
WPA2 (802.11i) – WPA2 is the full implementation of the 802.11i protocol. WPA2 uses
the AES block cipher algorithm instead of the RC4 stream cipher that is used in the WEP
and WPA. To setup the connection a four-way handshake is used to authenticate the
access point and to provide the group key to decrypt the access point’s traffic.
Section 2: Cryptography Practice
In this section you get some hands-on experience with some of the methods stated above.
Appendix A gives more description of how some of these work.
Section 2.1: AES Operation - As stated above the encryption process for AES is a four
step process that works on fixed blocks of data one at a time.
-AddRoundKey: Adds the key for that block with each byte.
-SubBytes: Operation performs a substitution of each byte with that in a lookup
table. This lookup table is determined by the inverse over a finite field.
-ShiftRows: Operation were each row is cycled a certain number of positions.
-MixColumns: An operation in which the 4 bytes of the column are combined
using a linear transformation.
Section 2.2: AES Input/Output –
-Go to the NAS and copy the SimpleCryptographer.exe, AES.txt, and DES.txt
files to your Windows XP machine.
-Run the SimpleCryptographer executable and select the AES radio button at the
top of the program.
-Input the following code into the “Key” option of the File encrypt/decrypt
section.
“ABD0193502EF246CDB21A12CD52901DF”
-In the file section browse for the AES.txt file
-After both the key and the files are inputted click on the “File-Decryption”
button
Question 2.2.1: What does the AES.txt file say before decryption?
Question 2.2.2: What does the decrypted AES_2.txt file say?
Section 2.3: DES Output-Do the same as above, but instead select DES, and use the following key
“1245ADEF391452FE”
and with the DES.txt file
Question 2.3.1: What does the decrypted DES_2.txt file say?
Section 2.4: Diffie Hellman- As stated above the Diffie-Hellman key exchange is a
process used to secretly generate a shared private key between two parties without prior
knowledge.
-To view an example of how this algorithm works go to the following url on a
computer with internet access and the Java VM installed.
-Once there click on the playback version of the Diffie-Hellman protocol.
http://www.dia.unisa.it/research/grace/demo.html
Question 2.4.1: How many public keys are generated through the key exchange?
Question 2.4.2: How many distinct keys are generated through the key exchange?
Section 2.5: RSA-Download the RSA.zip file from the NAS to your Windows XP machine.
-Once the file is on your computer unzip the archive and read through and play
with both of the html files.
-Try different values in both and see the effects on the cipher and on the resulting
keys.
Question 2.5.1: How long is the cipher text of an input string with the use of a 512bit RSA
key?(Look in the javascript cipher text)
Section 2.6: Hashing Functions-Download from the NAS and install the HASHcalc.exe.
-Input the string “w00t” into the data field of the hashcalc program.
-Look at and compare the output of the different hashing functions.
Question 2.6.1: What is the MD5 hash of the following string “w00t”?
Question 2.6.2: From what you see in the output which of these hash functions is the most
secure?
Section 3: Authentication Intro
Authentication is the means by which one entity can trust another. To perform sensitive
tasks over a network like the Internet, it is important to be able to trust the source. To
provide authentication, methods such as certificates, digital signing, and directory
services are used. Authentication is also used to describe maintaining data integrity.
Certificates
Certificates are electronic documents that contain encrypted sections that verify the
authenticity of an item. They can be used with small items like documents and emails, or
big items like SSL certificates for web sites. In all cases, they derive from and are
trustworthy because of their reliance on certificate authorities for issuance. A Certificate
Authority (CA) is tasked with issuing public and private keys, and is an example of a
trusted third party entity.
When you visit a secured web site, you see a lock icon in the user interface to let you
know that the page is secured. The actual cryptology behind SSL is mentioned in the
earlier cryptology section, but the only way that the user knows that the entity they are
about to give their credit card information to can be trusted is by the certificate associated
with the secure connection. It is issued by a CA that trusts that web site for commercial
use. As long as you trust the CA, you can then trust the site.
Digital Signing
Digital signing is used to ensure that a message originated from the appropriate
individual. The individual sending a message has both a secret key (SK), a public key
(PK). Before delivering a message, a hash function is used that takes the message, SK,
and PK as inputs and outputs a signature (s). The signature is then submitted with the
message and public key. At the receiving end, another algorithm is used to verify the
message's authenticity. This algorithm takes in the message, PK, and s as inputs and
outputs whether or not the message is valid. Many hashing algorithms can be used in
digital signing, including RSA variants, SHA, DSA, and others.
Digital signatures are very secure, so long as the private key of the individual is not
known by others. Once the private key is compromised, any attacker can essentially
forge documents perfectly. The private key can be stored on the individual's computer
(where it is then subject to the security of the computer itself) or sometimes on smart
cards. Smart cards are inserted into a smart card reader when they need to be used, and
they feature a microprocessor that reads in a message and generates the signature. This
means that the secret key is not contained anywhere but inside the device.
Windows CardSpace
Windows CardSpace is an authentication system developed by Microsoft to emulate real
world ID card usage. CardSpace is built into the client's web browser and/or operating
system, and it contains a set of cards that are issued from others (employers, financial
institutions, organizations) or self-issued. The cards form digital ID's for the individual,
which can then be used for tasks like logging into websites or making financial
transactions online.
Each card has one or more security tokens and the claims that token provides. Claims for
self-issued cards can only be basic information such as name, age, address, and contact
information. A card issued by a credit card company could obviously provide more
claims. Since claims other than basic telephone-book type information can only come
from "managed sources" (sources you are affiliated with in some way that issue a card).
These sources send a certificate to digitally sign the card before the individual installs it.
One important point to note is that no sensitive data is installed in the cards themselves,
only links to the data. When visiting a site that requires a certain card, token, and claim,
the individual picks one or more cards that fit the requirements, and then sends the cards
to the requesting site. The requesting entity then requests the information from the card
issuer directly, using the encrypted data in the card.
Directory Services
Directory services provide common methods for authenticating users on a network. A
central location holds information about the users and their personal information
(relevant to the network) and their authorization properties. This allows the user to use a
single set of credentials on a large network, and allows administrators a single access
point for managing the personnel security. Kerberos and LDAP are the most common
ways to access information in these databases.
Section 4: Authentication Practice
1. Signing and Encrypting Email Communication
NOTE: This section is to be completed outside of the 4112 lab environment! You need
an email address apart from your school email address to complete the lab, also, and an
email client such as Microsoft Outlook/Outlook Express or Mozilla Thunderbird.
This lab section involves obtaining and using an email signing certificate. The certificate
is used to digitally sign communication and ensures the receiver that you are who you say
you are, based on how much the receiver trusts the signing authority. In this case, we
will be obtaining a free email certificate from Comodo, a respected security services and
software provider. First, check with your TA to make sure that the certificate file has not
already been provided on the class NAS. If so, copy the certificate onto a disk or thumb
drive, then proceed to step 2.
Again, the following steps are to be completed outside the mininet.
Step 1: How to obtain your free email signing certificate
 Using Internet Explorer, navigate to
http://www.comodo.com/products/certificate_services/email_certificate.html (if the
link becomes broken over time, try googling for free email certificate)
 Follow the directions on the website to obtain your certificate. Make sure you enter
the email address that you will be using later in the lab to send emails from (i.e. it
must be able to use an email client supporting certificates (Outlook Express, Mozilla
Thunderbird, etc). You may also need to force IE to run the certificate Active X
control to generate and later install the certificate.
 You should momentarily receive an email from Comodo with a URL to obtain your
personal certificate. Follow the URL using IE (again, you may have to accept Active
X) and install the certificate. You may be warned about trusting the certificate
authority used by Comodo. Go ahead and trust the CA, if only for the lab duration.
Step 2: Setting up the email client to use the certificate
 In the email you received from Comodo, you should also have a link to
instructions for installing the certificate in your email client. Using Mozilla
Thunderbird will require a bit more effort than using Microsoft's products, since
Thunderbird uses its own certificate store, forcing you to export the certificate
with IE and then importing the certificate into Thunderbird. Again, the Comodo
website link will address this.
 Once the certificate is loaded into your email client, set up the account to use that
certificate for signing and encrypting emails. This is accomplished in the security
settings of your email browser (For Thunderbird, this is in Tools -> Account
Settings -> "Security" -> Digital Certificates & Encryption sections).
Step 3: Sending a signed message
 Begin creating a new email message.
o To: your@address.com (this can be another address from the one you
are using to send the email, as long as you have access to it and can
use an email client to receive it)
o Subject: 4112 signature test
o Body: This message is digitally signed!
o Make sure that you turn on digital signing for this message! In
Mozilla Thunderbird, you can do this in Options -> Security ->
Digitally Sign This Message
 Send the message
 Check your email and open the new message with "4112 signature test" in the
subject
Question 4.1.1 What does your email client do to inform you that the received message is
digitally signed? Briefly describe the information provided about the signature and
message validity.

Complete Step 3 again, only this time, send the email to your school email
account or other webmail account.
Question 4.1.2 What does your email provider do, if anything, to indicate to you that the
email is authentic?
Step 4: Sending an encrypted message
 Begin creating a new email message.
o To: your@address.com (this has to be the same address as the address
you are sending from)
o Subject: 4112 encryption test
o Body: This message is encrypted!
o Turn on message encryption. In Mozilla Thunderbird, you can do this
in Options -> Security -> Encrypt This Message.
 If you receive an error regarding encryption, make sure you are a) sending the
email to the email account you are sending from, and b) have the existing
certificate set up for signing (see step 2). Try again after fixing the issue.
 Send the message
 After waiting until the message is in your inbox, open the message and verify
that the correct body text is displayed.
Question 4.1.3 Did the message decrypt successfully? How can you tell that the message
is encrypted in the email client interface?
 View the message source to see what was actually transferred for others to
see. In Mozilla Thunderbird, you can see the source by pressing Ctrl+u or
View -> Message Source.
Question 4.1.4 What user supplied (i.e. addresses, subject, body) information is
encrypted and not encrypted?
2. Windows CardSpace on Windows XP
NOTE: This section of lab should also be completed outside of the lab!
Windows CardSpace is a new framework that is standard in Microsoft Windows
Vista operating System, which you will install and try today. If you are using a
computer with Windows XP, verify whether or not you need to install CardSpace by
looking in the control panel. If you see the Windows CardSpace icon, then watch the
InfoCard video separately and skip to Step 2. Also skip to Step 2 if you have
Windows Vista.
Step 1: Watch the msdn Channel 9 video on CardSpace and install .Net Framework
3.0.
 This is a single step because installing the .NET framework takes a short
while, and the video is long and can be watched concurrently.
 The video file is on the msdn web site
(http://channel9.msdn.com/showpost.aspx?postid=181080), and also available
on the class NAS (InfoCard_Explained_Final.wmv)
 Obtain the file dotnet30.zip from the NAS and extract the zip file to the root
of the Windows XP system. Once unzipped, run the SHORTCUT that came
with the zip file, which will run setup with the proper arguments to install the
framework properly.
o You should be able to click through the license agreement and begin
installation
o Begin watching the video, too, since the install can take a few minutes.
 Once you have installed the .NET Framework 3.0, you will see a new icon in
the control panel called Windows CardSpace, provided category view is
turned off. Open this Control Panel applet.
 Most of the good information in the CardSpace video is contained in the first
thirty-one minutes.
Question 4.2.1 What do you think are problems that will be encountered in using systems
like CardSpace? What features are good enough to push the system forward in
development and usage?
Step 2: Using CardSpace
 Once CardSpace is
available for use, you can
now create your first card.
Browse the Control Panel
and open the Windows
CardSpace applet. Follow
the directions to create your
own self-signed card (the
only type you can create
yourself) for use in a few
minutes.
 Browse to this website to
test the newly created test card: https://www.xmldap.org/relyingparty/
 If you are not using IE7, you will need to download an add-on for your
browser to enable CardSpace support. For Firefox, the download can be
found at http://www.perpetual-motion.com/ or possibly at the Mozilla Firefox
add-on site.
 The test card site (xmldap.org/rely….) should have an image of a card that
you can click on to submit your test card. Do this, and save a screen shot of
the page that results after submitting your card.
Screen shot 1: Result of submitting the ID card to card test site
Appendix A:
Diffie-Hellman:
Key Generation-The two parties first agree on a prime number p and a base b.
-The first party picks a secret number i
-They then compute s = (b^i)mod p and sends it to the second party
-The same is done by the second party(with j and t)
-The first party then computes (t^i)mod p
-The second party then computes (s^j)mod p
-Doing so reaching the same shared private key
RSA:
The steps to generate the keys are as follows-Pick to large prime numbers A and B
-Compute N such that N = A*B
-Compute n such that n is the least common multiple of A and B
-Pick e so that 1<e<n, such that e and n have no common factors other then 1
-e is the public key that will be released to other people
-Compute d such that the d*e = 1 + k*n, where k is some integer
-d is then saved as the private key
Encrypting the message-The public key is given out to an individual
-The message is then padded such to fit the criteria, n, setup at the time to give m
-Compute c such that c = (m^e)mod n
-c is then sent to the other users
Decrypting the message
-The user then computes m = (c^d)mod n
-Once m is found the original message can be recovered
MD5:
MD5 is a 128-bit encryption that runs on 512-bit blocks of data. If the input is not
divisible by 512 extra bits are added to the end. The first bit added is a 1 followed by as
many 0’s it takes to reach 64-bits below the next multiple of 512. After this is done the
original length of the message is appended as a 64-bit integer.
Once this is done the algorithm runs on a 128-bit state of data separated into 4 32bit words. These words are initialized to begin with certain fixed constants. Once
processing is finished on each 512-bit block the algorithm modifies the state, and then
starts on the next block.
The processing of a message block includes four stages and a total of 16
operations to encode the message. In each stage three of the words are processed to get
the final variables that are added to the old hash values.
F1(X,Y,Z) = (X and Y) or (notX and Z)
F2(X,Y,Z) = (X and Z) or (Y and notZ)
`
F3(X,Y,Z) = X xor Y xor Z
F4(X,Y,Z) = Y xor (X or notZ)
References
 http://blogs.zdnet.com/microsoft/?p=151
 http://msdn2.microsoft.com/en-us/netframework/aa663320.aspx
 http://www.comodo.com/products/certificate_services/email_certificate.html
 http://www.wikipedia.org/
 http://www.dia.unisa.it/research/grace/demo.html
 http://www.slavasoft.com/hashcalc/index.htm
 http://www.codeproject.com/useritems/Simple_Cryptographer.asp
 http://www.profactor.at/~wstoec/rsa.html
 http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.html
Questions:
P1: Decode the following string with the rail fences method
“FM LGY SWSM AI YUI AEOE”
P2: Decode the following string with the number grid method
12353532352444551155115512151543
Question 2.2.1: What does the AES.txt file say before decryption?
Question 2.2.2: What does the decrypted AES_2.txt file say?
Question 2.3.1: What does the decrypted DES_2.txt file say?
Question 2.4.1: How many public keys are generated through the key exchange?
Question 2.4.2: How many distinct keys are generated through the key exchange?
Question 2.5.1: How long is the cipher text of an input string with the use of a 512bit RSA
key?(Look in the javascript cipher text)
Question 2.6.1: What is the MD5 hash of the following string “w00t”?
Question 2.6.2: From what you see in the output which of these hash functions is the most
secure?
Question 4.1 What does your email client do to inform you that the received message is
digitally signed? Briefly describe the information provided about the signature and
message validity.
Question 4.1.2 What does your email provider do, if anything, to indicate to you that the
email is authentic?
Question 4.1.3 Did the message decrypt successfully? How can you tell that the message
is encrypted in the email client interface?
Question 4.1.4 What user supplied (i.e. addresses, subject, body) information is
encrypted and not encrypted?
Question 4.2.1 What do you think are problems that will be encountered in using systems
like CardSpace? What features are good enough to push the system forward in
development and usage?
Questions: (Answer Key)
P1: Decode the following string with the rail fences method
“FM LGY SWSM AI YUI AEOE”
Family Guy is awesome
P2: Decode the following string with the number grid method
12353532352444551155115512151543
Boo Lois yay beer
Question 2.2.1: What does the AES.txt file say before decryption?
ßY{
™-ˆÎ+ÃvË»‹£&„¡ië:^ö´Óv_ÒmɦÑë˜L,˜üêEXè i©Ò
Question 2.2.2: What does the decrypted AES_2.txt file say?
This is an example of an AES Cipher.
Question 2.3.1: What does the decrypted DES_2.txt file say?
ECE4112 Rules!
Question 2.4.1: How many public keys are generated through the key exchange?
2
Question 2.4.2: How many distinct keys are generated through the key exchange?
5
Question 2.5.1: How long is the cipher text of an input string with the use of a 512bit RSA
key?(Look in the javascript cipher text)
128Bits
Question 2.6.1: What is the MD5 hash of the following string “w00t”?
F291CAAA8226B6CCBCEB9AC54EF3C03C
Question 2.6.2: From what you see in the output which of these hash functions is the most
secure?
SHA512
Question 4.1 What does your email client do to inform you that the received message is
digitally signed? Briefly describe the information provided about the signature and
message validity.
In Mozilla Thunderbird, there will be an icon in the top right of the message
window – an image of a pen tracing a line, signifying the act of signing. You can
then click on the icon and view additional information about the signature,
including whether or not the message has been tampered with, the signer's name
and email address, and the certificate's issuer, and even more information in the
certificate itself. Outlook Express will be similar.
Question 4.1.2 What does your email provider do, if anything, to indicate to you that the
email is authentic?
Most web mail will not say whether or not the email is signed, but instead will have
the certificate in an attachment that can be downloaded.
Question 4.1.3 Did the message decrypt successfully? How can you tell that the message
is encrypted in the email client interface?
Yes. There is a lock icon displayed in the user interface.
Question 4.1.4 What user supplied (i.e. addresses, subject, body) information is
encrypted and not encrypted?
The addresses and the subject line are not encrypted. The only thing that is
encrypted is the body text.
Question 4.2.1 What do you think are problems that will be encountered in using systems
like CardSpace? What features are good enough to push the system forward in
development and usage?
Open ended question. Possible downsides – inter-browser, inter-operating system
compatibility issues, mobility between computers. Possible features good enough to
push the system forward – remotely stored secure data, ability to support multifactor authentication.
Screen shot 1: Result of submitting the ID card to card test site