Assignment-02-Solutions

SYSC 4810: Introduction to Network and Software Security Module 2 Assignment Fall 2021 Dr. J. Jaskolka Carleton University Department of Systems and Computer Engineering Posted: September 23, 2021 Due: October 10, 2021 Due on Sunday, October 10, 2021 by 11:59PM This assignment contains 15 pages (including this cover page) and 8 problems. You are responsible for ensuring that your copy of the assignment is complete. Bring any discrepancy to the attention of your instructor. Special Instructions: 1. Do as many problems as you can. 2. Start early as this assignment is much more time consuming than you might initially think! 3. The burden of communication is upon you. Solutions not properly explained will not be considered correct. Part of proper communication is the appearance and layout. If we cannot “decode” what you wrote, we cannot grade it as a correct solution. 4. You may consult outside sources, such as textbooks, but any use of any source must be documented in the assignment solutions. 5. You are permitted to discuss general aspects of the problem sets with other students in the class, but you must hand in your own copy of the solutions. 6. Your assignment solutions are due by 11:59PM on the due date and must be submitted on Brightspace . • Late assignments will be graded with a late penalty of 20% of the full grade per day up to 48 hours past the deadline . 7. You are responsible for ensuring that your assignment is submitted correctly and without corruption. Problem 1 2 3 4 5 6 7 8 Total Points: 10 10 5 10 5 10 10 10 70 Page 1 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 In this assignment, you will participate in activities related to the operation and use of cryptographic tools and techniques. This assignment aims to assess your understanding of the basic principles underlying the main cryptographic concepts and technologies available today, including symmetric and asymmetric encryption, and digital signatures. Acknowledgment This assignment is based off the SEED Labs: “Secret-Key Encryption Lab” and “RSA Public-Key Encryption and Signature Lab” developed by Wenliang Du at Syracuse University. Submission Requirements Please read the following instructions very carefully and follow them precisely when submitting your assignment! The following items are required for a complete assignment submission: 1. PDF Assignment Report : Submit a detailed report that carefully and concisely describes what you have done and what you have observed. Include appropriate code snippets and listings, as well as screenshots of program outputs and results. You also need to provide an adequate explanation of the observations that are interesting or surprising. You are encouraged to pursue further investigation beyond what is required by the assignment description. 2. ZIP Archive of Source Code : In addition to embedding source code listings in your assignment report, create and submit a ZIP archive of all programs that you write for this assignment. Please name each of your source code files with the problem number to which they correspond (e.g., for Problem 7(a), the source code file should be named Problem7a.c ). Your source code must compile and run, producing the desired output. Also, please remember to provide sufficient comments in your code to describe what it does and why. 3. ZIP Archive of Screenshot Image Files : In addition to embedding screenshots of program outputs and results in your assignment report, create and submit a ZIP archive of all of the raw screenshot images that you capture for this assignment. Grading Notes An important part of this assignment is following instructions. As such, the following grade penalties will be applied for failure to comply with the submission requirements outlined above: • Failure to submit an Assignment Report will result in a grade of 0 for the assignment. • Failure to submit the Source Code files will result in deduction of 10% of the full grade of the assignment. • Failure to submit the Screenshot Image files will result in deduction of 10% of the full grade of the assignment. • Failure of Source Code to compile/run will result in a grade of 0 for the corresponding problem(s). • Failure to submit any deliverable in the required format (PDF or ZIP) will result in deduction of 5% of the full grade of the assignment. Page 2 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 Furthermore, MedView Imaging needs to ensure that the messages that are received by the central database and subsequently sent to the physicians are authentic and that they cannot be altered in transit. This must be done to avoid any issues related to incorrectly diagnosing and prescribing incorrect treatments to patients. For this purpose, they have considered using digital signatures, but are unsure whether this solution will be suitable for satisfying their security requirements. MedView Imaging has expressed the following requirements and constraints of their system, which must be considered in the eventual choices of cryptographic mechanisms. 1. Medical images from an imaging service (e.g., CT, X-ray, MRI, etc.) must be transmitted to the central database. These transmissions must be encrypted. 2. Messages received by the central database and sent to a physician must be authenticated to ensure that they are from a trusted imaging unit and radiologist, and that the contents of the message have not been altered in transit. 3. Performance should be considered, but security is more important as there are serious consequences if PHI is mishandled. 4. Key distribution and management is not an issue and will be determined based on the recommendations and eventual selections of the cryptographic mechanisms. 5. The information systems should comply with the Health Insurance Portability and Accountability Act and NIST Cybersecurity Special Publication 1800-24, Securing Picture Archiving and Communication System , but verifying and validating compliance with these documents is outside the scope of this contract. 3 Obligations At the end of this assignment, you will be required to address the following concerns of MedView Imaging : 1. Provide a recommendation for a cryptographic solution to protect the confidentiality of the PHI (e.g., medical images, diagnostic notes, etc.). The recommendation should include a type of encryption, algorithm, key lengths, cipher modes, etc. Your recommendation must be justified with experimental results. 2. Provide a recommendation for message authentication. The client has expressed interest in using digital signatures. You should explain the suitability of this choice by discussing the potential issues with this choice. If you deem the choice of digital signatures to be unsuitable, recommend an alternative solution. In any case, your recommendation must be justified with experimental results, or a detailed discussion of the strengths and limitations of your recommendation. Page 4 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 Part II Environment Setup This assignment will be conducted using a pre-built virtual machine (VM) image. All of the necessary tools, software, and libraries that are needed for the assignment have been installed on the virtual machine image. We will assume that you already have a virtual machine set up from the Module 1 Assignment. If you have not yet completed the Module 1 Assignment, you will need to do so before continuing with this assignment. *Important Note* It is essential that you set up the virtual machine as early as possible to ensure that you have time to address any technical difficulties that you may face. The instructor and the TA will not be able to provide adequate technical support close to the assignment due date. Page 5 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 3 Problems and Tasks Problem 1 [10 points] Symmetric Encryption using Different Ciphers and Modes: This experiment will enable you to the behaviour of different ciphers and modes of poperation when using symmetric encryption algorithms. To complete this problem, do the following: (a) [1 point] Create a plaintext file : You can populate the file with any contents you would like. For example, the contents of the file may be: “This is a confidential message intended only for my friend.” Do not forget to describe the file and its contents in your report. (b) [4 points] Encrypt the file : Using the openssl enc command, encrypt the file that you created. Do this using at least THREE (3) different cipher types but use the same key and initialization vector. Be sure to clearly state the ciphers and the chosen modes that you have selected. (c) [5 points] Verify the output : Once the files are encrypted, most of the data in the file will not be printable. To observe the contents of the output file, use the command-line hex viewing tool xxd as follows: $ xxd cipher.txt Explain your findings and clearly identify what you notice about each of the ciphertexts that are generated. Solution: (a) Award 1 point for describing the plaintext file and its contents. (b) Award 1 point for an adequate description of the process for encrypting the file (with screenshots and/or code snippets) for each of the selected ciphers (3 points total). Award 1 point for clearly stating the selected ciphers and modes. (c) Award 1 point for an adequate description of the process for viewing the encrypted contents of the file (with screenshots and/or code snippets) for each of the selected ciphers (3 points total). Award 2 points for an appropriate explanation of the findings. Students should identify that although the plaintext, key, and initialization vector are all the same, we get different ciphertexts for different choices of ciphers and different modes of operations (even for the same cipher). Problem 2 [10 points] Encryption Mode: ECB vs. CBC: MedView Imaging needs to store encrypted images from an imaging service (e.g., CT, X-ray, MRI, etc.) in its central database. The files brain1.bmp and brain2.bmp each contain a sample MRI image from a brain scan and can be downloaded from the assignment resources for this assignment on Brightspace. We would like to encrypt these images, so people without the encryption keys cannot know what is in the image. To complete this problem, do the following: (a) [2 points] Encrypt the file : Using the openssl enc command as in Problem 1, encrypt brain1.bmp using the ECB (Electronic Code Book) and CBC (Cipher Block Chaining) modes using the AES-128 bit cipher. (b) [1 point] Replace the encrypted headers : We need to treat the encrypted image as an image, and use an image viewing software to display it. However, for the .bmp file, the first 54 bytes contain the header information about the image. This header must be set correctly so the encrypted file can be treated as a legitimate .bmp file. We will replace the header of the encrypted image with that of the original image. We can use the bless hex editor tool (already installed on the virtual machine) to directly modify binary files. We can also use the following commands to get the header from p1.bmp , the data from p2.bmp (from offset 55 to the end of the file), and then combine the header and data together into a new file as follows: Page 7 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 $ head -c 54 p1.bmp > header $ tail -c +55 p2.bmp > body $ cat header body > new.bmp (c) [2 points] View the encrypted images and draw conclusions : Display the encrypted image using an image viewing program; an image viewer program called eog is installed on the virtual machine. Can you derive any useful information about the original image from the encrypted picture? Explain your observations. (d) [5 points] Repeat Parts (a)-(c) using brain2.bmp and report your observations. Do you notice anything different about the results with respect to the original image? Solution: (a) Award 1 point for an adequate description of the process for encrypting the file (with screenshots and/or code snippets) for each of the cipher modes (2 points total). (b) Award 1 point for an adequate description of the process of replacing the encrypted headers (with screenshots and/or code snippets) for each file. (c) Award 2 points for an appropriate explanation of the findings (with screenshots and/or code snippets). (d) Award 5 points for a suitable description of the activities as in Parts (a)-(c). Students should identify that when encrypting with ECB mode, we can still make out some parts of the image, because some patterns of data are still visible. This is because ECB mode always encrypts the same plaintext to the same ciphertext for a given key, hence patterns of colour are still visible. On the other hand, when encrypting with CBC mode, the data resembles random noise, and no patterns are visibly discernable. This is because CBC mode utilizes the data encrypted in the previous block to encrypt the current block, hence, all blocks with identical plaintext will not generate the same ciphertext. Page 8 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 // Generate a random number of 128 bits BN_rand(a, 128, 0, 0); // Generate a random prime number of 128 bits BN_generate_prime_ex(a, 128, 1, NULL, NULL, NULL); • Print out a big number. void printBN( char *msg, BIGNUM * a) { // Convert the BIGNUM to number string char * number_str = BN_bn2dec(a); // Print out the number string printf( "%s %s\n" , msg, number_str); // Free the dynamically allocated memory OPENSSL_free(number_str); } • Compute res = a − b and res = a + b : BN_sub(res, a, b); BN_add(res, a, b); • Compute res = a × b . It should be noted that a BN_CTX structure is needed in this API. BN_mul(res, a, b, ctx); • Compute res = ( a × b ) mod n : BN_mod_mul(res, a, b, n, ctx); • Compute res = a c mod n : BN_mod_exp(res, a, c, n, ctx); • Compute modular multiplicative inverse, i.e., given a , find b , such that ( a × b ) mod n = 1 . BN_mod_inverse(b, a, n, ctx); 2.2 A Complete Example The following code sample shows a complete example where we initialize three BIGNUM variables, a , b , and n . We then compute ( a × b ) and ( a b mod n ) . /* bn_sample.c */ #include <stdio.h> #include <openssl/bn.h> #define NBITS 256 void printBN( char *msg, BIGNUM * a) { // Use BN_bn2hex(a) for hex string // Use BN_bn2dec(a) for decimal string char * number_str = BN_bn2hex(a); printf( "%s %s\n" , msg, number_str); OPENSSL_free(number_str); } Page 10 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 int main () { BN_CTX *ctx = BN_CTX_new(); BIGNUM *a = BN_new(); BIGNUM *b = BN_new(); BIGNUM *n = BN_new(); BIGNUM *res = BN_new(); // Initialize a, b, n BN_generate_prime_ex(a, NBITS, 1, NULL, NULL, NULL); BN_dec2bn(&b, "273489463796838501848592769467194369268" ); BN_rand(n, NBITS, 0, 0); // res = a*b BN_mul(res, a, b, ctx); printBN( "a*b = " , res); // res = a^b mod n BN_mod_exp(res, a, b, n, ctx); printBN( "a^b mod n = " , res); return 0; } Compilation We can use the following command to compile bn_sample.c . $ gcc bn_sample.c -lcrypto NOTE : the character after - is the letter ℓ , not the number 1; it tells the compiler to use the crypto library. 3 Problems and Tasks Problem 3 [5 points] Deriving the Private Key: An important requirement for asymmetric cryptography is that it should be computationally infeasible for an adversary, knowing the public key, to determine the private key. In other words, the private key should remain private. This experiment will demonstrate how to derive the private key given, knowing the public key and having determined the two prime numbers p and q (in some way). Let p , q , and e be three prime numbers. Let n = p × q . We will use ( e, n ) as the public key. Write a C program to calculate the private key d . The hexadecimal values of p , q , and e are listed below. p = CF751B1FA7FD450223CD96CDABE96AC7 q = FD8F0F9D611E28DD688447C0E9A0CDBD e = 41AC7 It should be noted that although p and q used in this problem are quite large numbers, they are not large enough to be secure. We intentionally make them small for the sake of simplicity. In practice, these numbers should be at least 512 bits long (the ones used here are only 128 bits). In your report, you should explain why this is the case! Page 11 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 $ python3 -c ’print(bytes.fromhex("4D7920415343494920737472696E672E").decode("ASCII"))’ My ASCII string. Solution: Award 1 point for an adequate explanation of how to decrypt the ciphertext. Award 3 points for a suitable C program that decrypts the ciphertext. Award 1 point for a correct output of the plaintext (in both hexadecimal as output by the C program and converted to ASCII). Students are expected to provide a C program that gives the following plaintext: M = 4A6F792052616E643A2041726D20582D726179202D3E204672616374757265 Similar to Problem 4, the ciphertext is decrypted using the RSA decryption algorithm: C d mod n . Coverting back to ASCII, the plaintext message should read “ Joy Rand: Arm X-ray -> Fracture ” (the quotations are not included). Problem 6 [10 points] Signing a Message: The public/private keys used in this problem are the same as the ones used in Problem 4. (a) [5 points] Write a C program to generate a signature for the following message: M = Ben Rice: Knee MRI -> MCL tear You should directly sign this message, instead of signing its hash value. (b) [5 points] Make a slight change to the message M , such as changing ‘MCL’ to ‘LCL’, and sign the modified message. Compare both signatures and describe what you observe. Solution: (a) Award 1 point for an adequate explanation of generate the signature. Award 3 points for a suitable C program that generates the signature. Award 1 point for a correct output of the signature. (b) Award 2 points for showing how the new signature was generated based on the changes to the message. Award 3 points for an adequate explanation of the observations. Students are expected to provide a C program that generates the following signature: S = 03225C97EE592D714AE940132B0154550C0A9F062F8D823BF029C59DAA78657C The message is signed using the RSA signing algorithm: M d mod n . Students should observe that changing the message slightly gives a completely different signed message. Problem 7 [10 points] Verifying a Signature: Suppose MedView Imaging ’s central systems receives a message “ Lisa McKay: Brain CT -> Benign ” (the quotations are not included) from a radiologist, with the signature S . We know that radiologist’s public key is ( e, n ) . (a) [5 points] Write a C program to verify whether or not the signature is indeed that of the radiologist. The public key and signature (in hexadecimal) are listed below: M = Lisa McKay: Brain CT -> Benign S = 54AAB2D38593EB85BE29B4D084B348F36E8099DDE34A8FE57CE5011F2AF20007 e = A223F n = BBE2F8AE1FFB0B44C55B9AEB8E55FE300A34590FC19D06485C31563421281819 Page 13 of 15

SYSC 4810 — Module 2 Assignment Due Date: October 10, 2021 (b) [5 points] Suppose that the signature is corrupted, such that the last byte of the signature changes from 07 to 08 , i.e, there is only one bit of change. Repeat Part (a) of this problem and describe what happens to the verification process. Solution: (a) Award 1 point for an adequate explanation of verifying the signature. Award 3 points for a suitable C program that verifies the signature. Award 1 point for a correct output of the original message. (b) Award 2 points for showing the verification of the corrupted signature. Award 3 points for an adequate explanation of the observations. Students are expected to provide a C program that recovers the following signed message: M = 4C697361204D634B61793A20427261696E204354202D3E2042656E69676E The message is obtained using the RSA signature verification algorithm: S e mod n . Students should observe that the original message is recovered, thereby verifying that the signature was indeed that of the radiologist. Students should also observe that a corrupted signature will not result in the correct message being recovered in the verification, thus demonstrating that the signature is incorrect and is not the message sent by the radiologist. Page 14 of 15