This assignment requires you to use the open source security toolkit OpenSSL to perform various security operations: generate certificates and keys, encrypt/decrypt messages, sign/verify messages, calculate digests. The objectives are for you to learn how the different security mechanisms are applied in practice, especially the relationship between keys and certificates and the role of different algorithms. In addition, you will become aware of commonly used software libraries which you could apply in software applications in the future.
To complete this assignment you need:
If you expect any of these requirements to cause you a problem, please discuss with me as early as possible.
You will be given a set of tasks over the duration of the assignment. The tasks will be posted in this web page, as well as via the maillist. The tasks will require you to use OpenSSL and in some cases send an email. It is important that you clearly read the task. If you do not understand the task, contact me.
For some tasks I will provide examples of OpenSSL commands to use. In others you need to find the correct command to use. Use the recommended schemes for naming files. Where you see ID in my instructions, replace it with your student ID.
You must validate all data you receive from other people (via email or posted on this site). If you detect an error (e.g. you know that a message has been modified) then you must send an email to css322-error@ict.siit.tu.ac.th with an explanation of the error, the exact openssl command(s) you used to detect, and the relevant files included as an attachment. This must be done before the deadline of the task. If a message you received was modified, but you did not detect it, then you will lose marks. If you email css322-error@ict.siit.tu.ac.th thinking you have detected an error, but there wasn't (e.g. you used the wrong command) you may lose marks.
The assignment is individual work. Although it is expected that you discuss approaches with other students, you must do all the tasks yourself. You must not tell other students the exact commands to use. You must not share private information (such as a secret or private key) with other students.
$ openssl genrsa -out mytestkey-ID.pemLook at the output. Can change the strength (key length)? What is the value of your public key? What is the value of your modulus n? Try to encrypt some data using your key.
openssl command1 openssl command2 ... openssl commandN
Deadline: 9am Friday 28 January 2011
To generate your RSA private key:
$ openssl genrsa -out privkey-ID.pem -F4 1024
The -F4 option uses a public exponent (e) of 65537 (however this in the default, and is not actually needed). The output file (privkey-ID.pem) is plaintext. It contains the private key, encoded as Base64, in between two lines indicating the begin and end of the key.
To create a certiciate request:
$ openssl req -new -key privkey-ID.pem -out cert-ID.csr
The file cert-ID.csr can be emailed to the CA.
Here I'll explain the steps I took as the CA, normal user and malicious user.
As the certificate authority (CA), I had to create my own RSA private key and generate a self-signed certificate. In practice with a hierarchy of CA's, another CA could sign my CA's certificate. However obtaining certificates costs money. For this assignment my CA signed its own certificate.
$ openssl genrsa -out privkey-CA.pem -F4 1024 $ openssl req -new -x509 -key privkey-CA.pem -out cert-CA.pem -days 1095
OpenSSL stores CA information in a set of files and directories. By default the openssl configration in /usr/lib/ssl/openssl.cnf assumes some directory structure. Hence I created it:
$ mkdir ./demoCA $ mkdir ./demoCA/certs $ mkdir ./demoCA/crl $ mkdir ./demoCA/newcerts $ mkdir ./demoCA/private $ touch ./demoCA/index.txt $ echo 02 > demoCA/serial $ mv cert-CA.pem ./demoCA/cacert.pem $ mv privkey-CA.pem ./demoCA/private/cakey.pem
The CA's certificate (cert-CA.pem) was made available to all users by posting on the course website.
For each certificate request received, the CA generates a certificate using the command:
$ openssl ca -in cert-ID.csr -out cert-ID.pem
Rather than manually checking each received request and generating a certificate I prepared some simple scripts to automate the task for all students. Assuming the file idlist.txt contains the list of student IDs (one per line) and all certificate requests are in the current working directory:
# Check that all students submitted a certificate request $ sh checksubmit.sh cert-ID.csr # Generate certificates for all students $ sh gencerts.sh # Manually modify some certificates # Email certificates to all students: $ sh sendcerts.sh # Modify some certificates, then post all on the website # Generate confidential messages to all students: $ sh genm1.sh # Modify some messages and then email to students: $ sh sendm1.sh
The set of scripts are: checksubmit.sh, gencerts.sh, sendcerts.sh, genm1.sh and sendm1.sh. (These scripts could be generalised so only one or two scripts were needed, but for demonstration purposes I chose to leave them in their current form).
Note that in some stages I manually modified the certificates and ciphertext sent to you. This is emulating an attacker. Hence it is important that you validate all received data (including posted on the website).
The Certificate Authorities certificate is here. In the assignment you can assume the CA's certificate is correct and valid.
You should have received and validated your certificate from the CA. In addition, you will have received a message from me (M1), encrypted using RSA. The message contains the user number of two destinations, D1 and D2 (in the format uXX where XX is a number from 01 to 40) and a message (M2).
openssl command1 openssl command2 ... openssl commandN
Deadline: 5pm Thursday 3 February 2011
You need to validate your certificate received from the CA (maybe someone modified it):
$ openssl verify -CAfile cert-CA.pem cert-ID.pem cert-ID.pem: OK
If it is OK (and you trust the CA) then you are sure the received certificate came from the CA and was not modified along the way. Next you need to decrypt message1 received from me (I used your public key in your certificate to encrypt).
$ openssl rsautl -decrypt -inkey privkey-ID.pem -in message1.ssl -out message1.txt
The plaintext message1.txt should contain a string like: D1: 12; D2: 14; M2: des-cbc. This means you need to send message 2 to user number 12. Create the file message2.txt containing both D2 and M2 (e.g. D2: 14; M2: des-cbc). Now the message needs to be signed with your private key:
$ openssl rsautl -sign -inkey privkey-ID.pem -in message2.txt -out message2.sig
The output file, message2.sig, is the signed message which can now be sent to the destination css322-u12@ict.siit.tu.ac.th.
You should have received an email containing a signed message (message2.sig). The sender user ID is in the subject of the email. (Ignore the From: line; I forwarded the message. Use the user ID to know the original sender. You can assume this is correct for the assignment, i.e. the attacker didn't change the user ID).
There were some attacks on the certificates distributes in Task 3. Updated certificates are available for download.
openssl command1 openssl command2 ... openssl commandN
Deadline: 5pm Thursday 10 February 2011
Again, some of the certificates posted on the website were modified by me (the attacker). You should verify all certificates you received, as well as the message2.sig that you received. If user 12 received a message from user 28, then first they need to obtain and verify the certificate of user 28:
$ openssl verify -CAfile cert-CA.pem cert-u28.pem
Now that we are sure the certificate is correct, we can use it (and the public key inside) to verify the received message, since it was signed with the private key of user 28:
$ openssl rsautl -verify -in message2.sig -certin -inkey cert-u28.pem -out message2.txt
Note that the -certin option above tells OpenSSL that the certificate containing a public key is input, rather than just the public key. (You could have also extracted the public key from the certificate and then the -certin optin would not be needed). The message indicates an algorithm and next destination:
$ cat message2.txt D2: 14; M2: des-cbc
We now select a password (e.g. "stevespassword"), put it in a file, encrypt the file using RSA (and the destinations public key) and send to the destination. Of course, we also need to verify the destinations certificate (public key):
$ echo "stevespassword" > password.txt $ openssl verify -CAfile cert-CA.pem cert-u14.pem $ openssl rsautl -encrypt -in password.txt -certin -inkey cert-u14.pem -out password.ssl
Now we use the specified symmetric algorithm (e.g. des-cbc) and the chosen password to encrypt an image:
$ openssl enc -des-cbc -in image-ID.jpg -out image-ID.enc -kfile password.txt
Now email the two files, password.ssl and image-ID.enc, to the destination.
You will also received two files from another user. The password-rx.ssl file needs to be decrypted to find the password, and then the image can be decrypted:
$ openssl rsautl -decrypt -in password-rx.ssl -inkey privkey-ID.pem -out password-rx.txt $ openssl enc -des-cbc -d -in image-ID-rx.enc -out image-ID-rx.jpg -kfile password-rx.txt
I have posted all images received here. Check that the image is the same as what you sent. Let me know if it is or not, and how you know, by sending an email submission.
Also when you submit, I would like your thoughts on this assignment, such as:
This was the first time I held this assignment. I know there were some difficulties (e.g. with email), so would appreciate any feedback to determine whether to hold again. There is no wrong answer. You will not be penalised for saying ``This assignment was terrible''; however you may be penalised if you do not provide any feedback.
Email both of the above (answer about image, discussion on assignment):
Image answer ------------ Discussion on assignment
Deadline: 10am Tuesday 15 February 2011
I modified all images you sent with a binary (hex) editor. I modified some bits in each image, however the file size and properties remained the same, and in most cases the image looked the same. But it was different!
To compare your original image to the image on the website you have several methods. First, since you have both images a simple file comparison will work. In Linux, diff compares two files:
$ diff myimage.jpg webimage.jpg Binary files myimage.jpg and webimage.jpg differ
Often you may not have the original file, but only a hash of that file. Then you would need to compare the hash of the received (web) file with the expected hash value. OpenSSL allows you to calculate (MD5 and SHA) hash values. But most operating systems also have there own hash sum software:
$ md5sum myimage.jpg f31a55220930c93a00a2ca82ca40964e myimage.jpg $ md5sum webimage.jpg bee4d87105b2aac774302f495866160d webimage.jpg
Because the two MD5 hash values are different, we conclude the two files are different.
OpenSSL is an open source security toolkit. The core is a set of library functions that implement many security algorithms (ciphers, hash functions, key management). These library functions can be used when you write your own application. In addition, there is the command line program, openssl, that allows you to use these functions directly. We are only using the command line program (you do not need to write any software).
There are many operations that can be performed with openssl on the command line. Almost all operations take some input (in one format) and create some output (potentially in another format). Each set of operations is related to specific security mechanisms, e.g.:
Each operation has its own list of options (of the format -option), some of which have an argument. Hence the general structure of running openssl on the command line is:
$ openssl operation -option1 argument1 -option2 -option3 -in input -out output
For example, to encrypt the file message.txt with DES (CBC mode of operation) run:
$ openssl enc -des -in message.txt -out ciphertext.des3
A prompt for the password (from which a key will be generated) is given. The ciphertext is saved in the file ciphertext.des3. The file can be decrypted using a similar command, but with the -d option added.
From the main OpenSSL documentation page, if you click on the links for each of the standard commands (operations) you can find further examples.
For each task you will receive a score out of 10 (although some tasks will be weighted more than others, depending on their difficulty). To receive full marks (10) you need to follow all instructions correctly, sending the necessary emails, submitting the set of commands used. If you fail to verify received messages, you will lose marks. If you send an email to a css322-... address with the wrong information, you will lose marks.
Return to: CSS322 Home | Course List | Steven Gordon's Home | SIIT