Security and Cryptography (CSS 322)

Assignment 2

Task 1

Complete the following steps:

  1. Implement RSA in PHP. See the template source code for detailed guidelines and conditions. (Note: after downloading the source code, change the file extension from .txt to .php).
  2. Generate your own RSA keys (using your PHP code).
  3. Submit your Public Key and source code via email to steve@siit.tu.ac.th by 8:00am Tuesday 3 February 2009. The email must containing the following (where you replace the example ID 4912345678 with your ID number):

Task 2

By 9am Thursday 5 February 2009, I will publish all public keys on this website (here) in the form a (simplified) digital certificate. Each certificate will be a string of the form:

PublicKeyOfUser IDOfUser RSA_Encrypt(Hash_Simple(PublicKeyOfUser IDOfUser),PrivateKeyOfSteve)

where:

Complete the following steps:

  1. Download the certificate of another user (known as your partner).
  2. Validate the certificate of your partner using RSA_ValidateCertificate() (you have to write the RSA_Validate() function yourself - you will also have to write RSA_Sign() for the next part).
  3. Using RSA send a signed and encrypted message to your partner via email and CC the email to: me at steve@siit.tu.ac.th; and to your malicious user by 8:00am Tuesday 10 February 2009. The email must containing the following (of course replacing the data with the appropriate values):

The certificates file contains the following information:

Task 3

Complete the following steps:

  1. Validate and decrypt the message from your partner.
  2. Write the function RSA_Attack() that a malicious user can apply to try to discover a plaintext message (from a captured ciphertext, and any other public information). Try to develop a generic function which will work efficiently for many different input values (e.g. larger than the values used in this assignment).
  3. Apply RSA_Attack() to determine the plaintext for the message you intercepted as a malicious user (that is, the email that you were CCed from the other user in Task 2). Note that, your attack can only make use of the information that normally would be publicly available to a malicious user (that is, you cannot simply ask your friend what the plaintext is!).
  4. Email a copy of your PHP code to me at steve@siit.tu.ac.th by 8:00am Tuesday 17 February 2009. The email must containing the following (where you replace the example ID 4912345678 with your ID number):

Marking Scheme

Return to: CSS322 Home | Course List | Steven Gordon's Home | SIIT