Security and Cryptography (CSS 322)

Homework

You are expected to study the course content before and after lectures. Many students study only 1 day (or 1 hour!) before an upcoming assessment item, i.e. quiz or exam. To encourage more study through the semester, each week a set of homework tasks will be assigned. You should try to complete all tasks before the first lecture of the following week.

Selected homework tasks will be marked and require submission before a deadline. The homework items that will be marked will be clearly indicated when the homework is released. Others homework tasks will not be marked (i.e. you do not submit the homework solutions). The homework tasks will not be marked; you do not submit your homework. However even if the homework is not marked, some quiz/exam questions may be based on homework tasks. Completing the homework tasks will make it easier to follow the lectures and obtain high marks in the graded assessment items. Where relevant, answers to homework tasks will be given in class and/or on the course website.

Week 9

This homework is not assessed.

  1. Review your knowledge of authentication, passwords and key distribution by attempting the online quiz. Use your username/password for the IT server to log in - contact me if you've forgot/lost the password.

Week 8

This homework IS assessed. You must submit before the deadline of 10am Tuesday 13 March 2012. If you have not completed the week 7 homework (online quiz) before the deadline you will received no marks for this homework.

Complete the following tasks using OpenSSL. Submit your answers by saving files in the specified locations of your home directory on the IT server, it.siit.tu.ac.th. In the instructions below, where ID is given replace it with your actual ID. Record all the commands you use (e.g. copy and paste them to a text file), so that if you make a mistake I can later check what went wrong.

  1. Generate a 2048-bit RSA key pair using e=3. (Hint: genpkey and use the -pkeyopt options). Save the private key as: 
    /home/students/uID/public_html/private/css322/privkey-ID.pem
  2. View the values of the RSA private (and public) key, e.g. n, d. Hint: pkey and the -text option. Understand what the values relate to from your knowledge of the RSA algorithm.
  3. From your private key in step 1, output your public key to a file. Hint: pkey using -pubout option. Save the public key as: 
    /home/students/uID/public_html/pubkey-ID.pem
  4. Select a message (text only) and save it as: 
    /home/students/uID/public_html/private/css322/message-ID.txt
  5. Sign the message using SHA1. Hint: dgst and the -sign option. Save the signature as: 
    /home/students/uID/public_html/sign-ID.bin
  6. Encrypt the message using RSA to send confidentially to Steve (public key). Hint: . Save the ciphertext as: 
    /home/students/uID/public_html/ciphertext-ID.bin
  7. Save the set of commands you used in a file: 
    /home/students/uID/public_html/private/css322/commands-ID.txt

At the end you should have three public files available on your website (pubkey-ID.pem, sign-ID.bin and ciphertext-ID.bin) and three files in your private space of the website that only you can access (privkey-ID.pem, message-ID.txt and commands-ID.txt). When the deadline passes I will run a script that copies all files and checks them. Therefore you must carefully check the file names and locations are correct, otherwise my script will not find the file and you will not receive marks.

Week 7

This homework is not assessed, but you must attempt it to receive marks for the next assessed homework.

  1. Review your knowledge of cryptographic hash functions by attempting the online quiz. Use your username/password for the IT server to log in - contact me if you've forgot/lost the password.

Week 6

Study for the midterm exam.

Week 5

Study for the next quiz.

Week 4

This homework is not assessed - you do not need to submit it.

  1. Review your knowledge of the first few lectures by attempting the online quiz. Use your username/password for the IT server to log in - contact me if you've forgot/lost the password.

Week 3

This homework IS assessed. You must submit, by emailing your solution to me, before the deadline of 8:30am Monday 30 January 2012. Your mark will depend partially on when you submit compared to other students. The earlier the submission the more marks, but also the more students you submit before the more marks. So to get the most marks, submit early AND don't tell others the solutions!

  1. Try OpenSSL command line program. It is available for free for various operating systems, including being already installed on the it.siit.tu.ac.th server.
  2. Select a message (with size larger than 1KB and less than 100KB). Encrypt the message with DES using Cipher Block Chaining using OpenSSL. You must select a random 64 bit key (not a password). Do not use a salt. Use an initialisation vector of 0 if needed.
  3. Encode the ciphertext using Base64 (also with OpenSSL) and send it in an email to me with the following information (replace the <variables> with actual values): 
    Subject: CSS322 HW1 <your_id>
Body:
Name: <firstname_lastname>
ID: <your_id>
Key: <you_chosen_key>
Ciphertext:
--
<include_base64_encoded_ciphertext_here>
--
    (Note that in real-life you would not transmit the key and ciphertext together; the key would be sent across some secure channel. But for convenience you can send it in the email with the ciphertext).

Answers: a video of me encrypting and then decrypting using OpenSSL. Also contains example of generating random numbers using /dev/urandom. Results.

Week 2

This homework is not assessed - you do not need to submit it.

  1. The example one time pad in the lecture (slide 27) and textbook (pages 76 and 77 of the 5th edition) has errors. Find them and fix them, i.e. derive the keys such that the example is correct.
  2. For S-DES find the value of IP-1.
  3. Complete the S-DES example that was started in the lecture. The plaintext is 01110010 and the key is 1010000010. In the lecture we completed the first round, where the output of SWap operation was 10011101. The output of fk (that is, the input to IP-1 is 11101101. The final ciphertext should be 01110111.

Week 1

This homework is not assessed - you do not need to submit it.

  1. Encrypt (and then decrypt) some plaintext (e.g. your name) using the different ciphers covered in lectures.
  2. Review the examples demonstrated in class using the command line crypto program. In particular look at how the frequency analysis can be used to break the monoalphabetic cipher (see the detailed description)
  3. Try the crypto program on your own computer. crypto is a simple Bash shell script available for download. You can run it on most Linux operating systems, on Cygwin in Windows and probably on Mac OS. Alternatively it is available on the IT server: SSH into the IT server and type crypto.
  4. crypto was initially a quick script to test a cipher. I've added a few more ciphers and other operations. However it is incomplete, poorly coded, lacking some documentation and inefficient. Improve crypto by adding more ciphers (e.g. Playfair), optimising for performance and adding more help. Send me your code and I'll incorporate it into crypto during the semester.

Return to: CSS322 Home | Course List | Steven Gordon's Home | SIIT