Security and Cryptography (CSS 322)

Format:
Individual assignment
Weight:
15% of course score
Deadline:
15 Feb 2011
Late assignments:
-10 marks per hour

Assignment

This assignment requires you to use the open source security toolkit OpenSSL to perform various security operations: generate certificates and keys, encrypt/decrypt messages, sign/verify messages, calculate digests. The objectives are for you to learn how the different security mechanisms are applied in practice, especially the relationship between keys and certificates and the role of different algorithms. In addition, you will become aware of commonly used software libraries which you could apply in software applications in the future.

Requirements

To complete this assignment you need:

  1. A computer that runs OpenSSL. Many Linux distributions (including Ubuntu) have this software. In addition, the source code, as well as binaries for Windows operating systems, are available from the website. If you don't have a personal computer or cannot run OpenSSL on it, you may use a lab computer.
  2. Subscription to the CSS322 Mailing List.
  3. Daily monitoring of your email during the assignment. Tasks will involve communicating via email (using the address subscribed to the mail list).

If you expect any of these requirements to cause you a problem, please discuss with me as early as possible.

Tasks

You will be given a set of tasks over the duration of the assignment. The tasks will be posted in this web page, as well as via the maillist. The tasks will require you to use OpenSSL and in some cases send an email. It is important that you clearly read the task. If you do not understand the task, contact me.

For some tasks I will provide examples of OpenSSL commands to use. In others you need to find the correct command to use. Use the recommended schemes for naming files. Where you see ID in my instructions, replace it with your student ID.

You must validate all data you receive from other people (via email or posted on this site). If you detect an error (e.g. you know that a message has been modified) then you must send an email to css322-error@ict.siit.tu.ac.th with an explanation of the error, the exact openssl command(s) you used to detect, and the relevant files included as an attachment. This must be done before the deadline of the task. If a message you received was modified, but you did not detect it, then you will lose marks. If you email css322-error@ict.siit.tu.ac.th thinking you have detected an error, but there wasn't (e.g. you used the wrong command) you may lose marks.

The assignment is individual work. Although it is expected that you discuss approaches with other students, you must do all the tasks yourself. You must not tell other students the exact commands to use. You must not share private information (such as a secret or private key) with other students.

Task 1

  1. Install and test OpenSSL on your computer (or make sure you have regular access to a computer with it installed). Read the manual for OpenSSL (e.g. man openssl in Linux or online).
  2. Generate test RSA keys for yourself using, for example:
    $ openssl genrsa -out mytestkey-ID.pem 
    
    Look at the output. Can change the strength (key length)? What is the value of your public key? What is the value of your modulus n? Try to encrypt some data using your key.

Task 2

  1. Generate a 1024-bit RSA private key using a public exponent (e) of 65537. The key is NOT encrypted with DES (or other ciphers). The output file must be named privkey-ID.pem (where ID is your student ID).
  2. Create a certificate request that will be sent to the Certificate Authority (CA). This takes a private key as input and produces a cert-ID.csr certificate request file as output. This is a new certificate request. When prompted for information give the following responses: Hint: use the req operation, with the -new option.
  3. Email your certificate request file to the Certificate Authority:
    To:
    css322-ca@ict.siit.tu.ac.th
    Attachment:
    cert-ID.csr
    Subject:
    Certificate Request: ID
    Body:
    (none, it will be ignored)
  4. Email your private key (as an attachment) and the set of commands you used for submission (you don't have to explain anything; simply include the exact set of openssl commands you used to complete the task):
    To:
    css322-submit@ict.siit.tu.ac.th
    Attachment:
    privkey-ID.pem
    Subject:
    Task 2: ID
    Body:
    openssl command1
    openssl command2
    ...
    openssl commandN
    

Deadline: 9am Friday 28 January 2011

Task 2 Answers

To generate your RSA private key:

$ openssl genrsa -out privkey-ID.pem -F4 1024

The -F4 option uses a public exponent (e) of 65537 (however this in the default, and is not actually needed). The output file (privkey-ID.pem) is plaintext. It contains the private key, encoded as Base64, in between two lines indicating the begin and end of the key.

To create a certiciate request:

$ openssl req -new -key privkey-ID.pem -out cert-ID.csr

The file cert-ID.csr can be emailed to the CA.

What Steve Did...

Here I'll explain the steps I took as the CA, normal user and malicious user.

As the certificate authority (CA), I had to create my own RSA private key and generate a self-signed certificate. In practice with a hierarchy of CA's, another CA could sign my CA's certificate. However obtaining certificates costs money. For this assignment my CA signed its own certificate.

$ openssl genrsa -out privkey-CA.pem -F4 1024
$ openssl req -new -x509 -key privkey-CA.pem -out cert-CA.pem -days 1095

OpenSSL stores CA information in a set of files and directories. By default the openssl configration in /usr/lib/ssl/openssl.cnf assumes some directory structure. Hence I created it:

$ mkdir ./demoCA
$ mkdir ./demoCA/certs
$ mkdir ./demoCA/crl
$ mkdir ./demoCA/newcerts
$ mkdir ./demoCA/private
$ touch ./demoCA/index.txt
$ echo 02 > demoCA/serial
$ mv cert-CA.pem ./demoCA/cacert.pem
$ mv privkey-CA.pem ./demoCA/private/cakey.pem

The CA's certificate (cert-CA.pem) was made available to all users by posting on the course website.

For each certificate request received, the CA generates a certificate using the command:

$ openssl ca -in cert-ID.csr -out cert-ID.pem

Rather than manually checking each received request and generating a certificate I prepared some simple scripts to automate the task for all students. Assuming the file idlist.txt contains the list of student IDs (one per line) and all certificate requests are in the current working directory:

# Check that all students submitted a certificate request
$ sh checksubmit.sh cert-ID.csr
# Generate certificates for all students
$ sh gencerts.sh
# Manually modify some certificates
# Email certificates to all students:
$ sh sendcerts.sh 
# Modify some certificates, then post all on the website
# Generate confidential messages to all students:
$ sh genm1.sh
# Modify some messages and then email to students:
$ sh sendm1.sh

The set of scripts are: checksubmit.sh, gencerts.sh, sendcerts.sh, genm1.sh and sendm1.sh. (These scripts could be generalised so only one or two scripts were needed, but for demonstration purposes I chose to leave them in their current form).

Note that in some stages I manually modified the certificates and ciphertext sent to you. This is emulating an attacker. Hence it is important that you validate all received data (including posted on the website).

Task 3

The Certificate Authorities certificate is here. In the assignment you can assume the CA's certificate is correct and valid.

You should have received and validated your certificate from the CA. In addition, you will have received a message from me (M1), encrypted using RSA. The message contains the user number of two destinations, D1 and D2 (in the format uXX where XX is a number from 01 to 40) and a message (M2).

  1. Create a message containing M2 and D2 (M2: xxxx; D2: xx) in a file, sign the message, and send it to the destination D1.
    To:
    css322-uXX@ict.siit.tu.ac.th
    Attachment:
    message2.sig
    Subject:
    Message 2: XX
    Body:
    (none, it will be ignored)
  2. Email the set of commands you used for submission (you don't have to explain anything; simply include the exact set of openssl commands you used to complete the task):
    To:
    css322-submit@ict.siit.tu.ac.th
    Attachment:
    (none)
    Subject:
    Task 3: ID
    Body:
    openssl command1
    openssl command2
    ...
    openssl commandN
    

Deadline: 5pm Thursday 3 February 2011

Task 3 Answers

You need to validate your certificate received from the CA (maybe someone modified it):

$ openssl verify -CAfile cert-CA.pem cert-ID.pem
cert-ID.pem: OK

If it is OK (and you trust the CA) then you are sure the received certificate came from the CA and was not modified along the way. Next you need to decrypt message1 received from me (I used your public key in your certificate to encrypt).

$ openssl rsautl -decrypt -inkey privkey-ID.pem -in message1.ssl -out message1.txt

The plaintext message1.txt should contain a string like: D1: 12; D2: 14; M2: des-cbc. This means you need to send message 2 to user number 12. Create the file message2.txt containing both D2 and M2 (e.g. D2: 14; M2: des-cbc). Now the message needs to be signed with your private key:

$ openssl rsautl -sign -inkey privkey-ID.pem -in message2.txt -out message2.sig

The output file, message2.sig, is the signed message which can now be sent to the destination css322-u12@ict.siit.tu.ac.th.

Task 4

You should have received an email containing a signed message (message2.sig). The sender user ID is in the subject of the email. (Ignore the From: line; I forwarded the message. Use the user ID to know the original sender. You can assume this is correct for the assignment, i.e. the attacker didn't change the user ID).

There were some attacks on the certificates distributes in Task 3. Updated certificates are available for download.

  1. Note the algorithm and destination user number listed in the signed message. You must use this algorithm in subsequent parts.
  2. Choose a password, and send it confidentially to destination D2 (as an attachment).
  3. Choose an image file (in jpg format) less than 500KB and name it image-ID.jpg (where ID is your student ID). Encrypt it using the algorithm above and the chosen password. Send the encrypted image (image-ID.enc) to destination D2 as an attachment, including the name of the algorithm in the body of the email.
  4. Email the original image you chose (image-ID.jpg) and the decrypted image you received (image-ID-rx.jpg) and the set of commands you used for submission (you don't have to explain anything; simply include the exact set of openssl commands you used to complete the task):
    To:
    css322-submit@ict.siit.tu.ac.th
    Attachment:
    image-ID.jpg; image-ID-rx.jpg
    Subject:
    Task 4: ID
    Body:
    openssl command1
    openssl command2
    ...
    openssl commandN
    

Deadline: 5pm Thursday 10 February 2011

Task 4 Answers

Again, some of the certificates posted on the website were modified by me (the attacker). You should verify all certificates you received, as well as the message2.sig that you received. If user 12 received a message from user 28, then first they need to obtain and verify the certificate of user 28:

$ openssl verify -CAfile cert-CA.pem cert-u28.pem

Now that we are sure the certificate is correct, we can use it (and the public key inside) to verify the received message, since it was signed with the private key of user 28:

$ openssl rsautl -verify -in message2.sig -certin -inkey cert-u28.pem -out message2.txt

Note that the -certin option above tells OpenSSL that the certificate containing a public key is input, rather than just the public key. (You could have also extracted the public key from the certificate and then the -certin optin would not be needed). The message indicates an algorithm and next destination:

$ cat message2.txt
D2: 14; M2: des-cbc

We now select a password (e.g. "stevespassword"), put it in a file, encrypt the file using RSA (and the destinations public key) and send to the destination. Of course, we also need to verify the destinations certificate (public key):

$ echo "stevespassword" > password.txt
$ openssl verify -CAfile cert-CA.pem cert-u14.pem
$ openssl rsautl -encrypt -in password.txt -certin -inkey cert-u14.pem -out password.ssl

Now we use the specified symmetric algorithm (e.g. des-cbc) and the chosen password to encrypt an image:

$ openssl enc -des-cbc -in image-ID.jpg -out image-ID.enc -kfile password.txt

Now email the two files, password.ssl and image-ID.enc, to the destination.

You will also received two files from another user. The password-rx.ssl file needs to be decrypted to find the password, and then the image can be decrypted:

$ openssl rsautl -decrypt -in password-rx.ssl -inkey privkey-ID.pem -out password-rx.txt
$ openssl enc -des-cbc -d -in image-ID-rx.enc -out image-ID-rx.jpg -kfile password-rx.txt

Task 5

I have posted all images received here. Check that the image is the same as what you sent. Let me know if it is or not, and how you know, by sending an email submission.

Also when you submit, I would like your thoughts on this assignment, such as:

This was the first time I held this assignment. I know there were some difficulties (e.g. with email), so would appreciate any feedback to determine whether to hold again. There is no wrong answer. You will not be penalised for saying ``This assignment was terrible''; however you may be penalised if you do not provide any feedback.

Email both of the above (answer about image, discussion on assignment):

To:
css322-submit@ict.siit.tu.ac.th
Attachment:
(none)
Subject:
Task 5: ID
Body:
Image answer
------------
Discussion on assignment

Deadline: 10am Tuesday 15 February 2011

Task 5 Answers

I modified all images you sent with a binary (hex) editor. I modified some bits in each image, however the file size and properties remained the same, and in most cases the image looked the same. But it was different!

To compare your original image to the image on the website you have several methods. First, since you have both images a simple file comparison will work. In Linux, diff compares two files:

$ diff myimage.jpg webimage.jpg
Binary files myimage.jpg and webimage.jpg differ

Often you may not have the original file, but only a hash of that file. Then you would need to compare the hash of the received (web) file with the expected hash value. OpenSSL allows you to calculate (MD5 and SHA) hash values. But most operating systems also have there own hash sum software:

$ md5sum myimage.jpg
f31a55220930c93a00a2ca82ca40964e  myimage.jpg
$ md5sum webimage.jpg
bee4d87105b2aac774302f495866160d  webimage.jpg

Because the two MD5 hash values are different, we conclude the two files are different.

OpenSSL

OpenSSL is an open source security toolkit. The core is a set of library functions that implement many security algorithms (ciphers, hash functions, key management). These library functions can be used when you write your own application. In addition, there is the command line program, openssl, that allows you to use these functions directly. We are only using the command line program (you do not need to write any software).

There are many operations that can be performed with openssl on the command line. Almost all operations take some input (in one format) and create some output (potentially in another format). Each set of operations is related to specific security mechanisms, e.g.:

Each operation has its own list of options (of the format -option), some of which have an argument. Hence the general structure of running openssl on the command line is:

$ openssl operation -option1 argument1 -option2 -option3 -in input -out output

For example, to encrypt the file message.txt with DES (CBC mode of operation) run:

$ openssl enc -des -in message.txt -out ciphertext.des3

A prompt for the password (from which a key will be generated) is given. The ciphertext is saved in the file ciphertext.des3. The file can be decrypted using a similar command, but with the -d option added.

From the main OpenSSL documentation page, if you click on the links for each of the standard commands (operations) you can find further examples.

Marking Scheme

For each task you will receive a score out of 10 (although some tasks will be weighted more than others, depending on their difficulty). To receive full marks (10) you need to follow all instructions correctly, sending the necessary emails, submitting the set of commands used. If you fail to verify received messages, you will lose marks. If you send an email to a css322-... address with the wrong information, you will lose marks.

Return to: CSS322 Home | Course List | Steven Gordon's Home | SIIT