Security Lab 2: Encryption
Name:
Date:
Introduction
The lab aims to provide students with practical experience using encryption tools. The lab addresses symmetric encryption, hashing, and asymmetric encryption. Furthermore, the lab demonstrates how each technique can be used to solve particular practical problems in computer security.
Vocabulary Review
Plaintext: the original message or data passed into an encryption algorithm
Encryption Algorithm: a method that performs substitutions and transformations on the plaintext to obscure its content
Secret Key: input into the Encryption Algorithm that along with plaintext affects the nature of the ciphertext. The same encryption algorithm and plaintext will produce different ciphertext when the secret key is changed.
Ciphertext: The scrambled message produced as output from the
Encryption Algorithm. The exact content depends on the plaintext, secret key, and specific algorithm.
Encryption Tools: Primer
Advanced Encryption Standard (AES) is a symmetric block cipher that utilizes a block length of 128 bits. AES supports key lengths of 128, 192, and 256 bits. The U.S. government accepted AES as an official standard in 2001 (FIPS 197). Rijndael is the name of the algorithm that underpins AES.
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
AES Crypter is a Windows utility that permits drag and drop encryption from the Windows desktop. Simply select a mode (Encrypting, Decrypting, Auto Mode) and drag the file onto the Window to perform the operation.
Simply double-click aes.exe to launch the application.
For those who wish to experiment with AES, the application can also be launched from the command line. Use aesc –h to view the help file. Note: this implementation allows for different modes of operation, key, and block lengths. We will discuss many of these topics in more detail later in the course.
We will use this application to explore hashing techniques.
GNU Privacy Guard (GPG)
GPG provides a suite of command line security tools for performing
symmetric and asymmetric encryption. GPG employs Elgamal and Digital Signature Algorithm (DSA) to provide a public key/private key (asymmetric encryption) security solution.
Help File
C:\>gpg -h
List Keys in Database
Generate New Keys
C:\>gpg –gen-key
Digitally Sign a Message
C:\>gpg –sign important_message.txt
C:\>gpg –detach-sign important_message.txt
Verify a Signature
C:\>gpg –verify important_message.txt.gpg C:\>gpg –verify important_message.txt.sig
Encrypt a Message
C:\>gpg –encrypt important_message.txt
Decrypt a Message
C:\gpg –decrypt important_message.txt.gpg
Sign and Encrypt a Message for a Specific User
C:\gpg –se -u “sender” –r “recipient” important_message.txt
Exercise 1: Encrypting Files on Hard Disk
1) Create a text file with a secret message 2) Open AES Crypter
3) Select encrypting mode
4) Enter a password (we will need this later) 5) Drag the text file to the AES Crypter window
What happens to the file after it is dragged to the AES Crypter window?
Open and examine the encrypted file. Can you deduce or infer anything about the content of the plaintext from the encrypted file?
1) Select decrypting mode
What happens when you attempt decrypt a file with the wrong password?
1) Change the password to the correct value
2) Drag the encrypted file to the AES Crypter window
Can you read your original message?
1) Select a partner.
2) Encrypt your message again.
3) Send your encrypted message to your partner (or switch seats) 4) Share your password with your partner
5) Decrypt your partner's file
Can you read your partner's original message?
Based on this exercise, what are the weaknesses with using symmetric encryption? What applications are particularly well-suited (or poorly suited) for symmetric encryption?
Exercise 2: Determine the Integrity of a Downloaded File
1) Download software1.zip from the Week 2 folder 2) Download software2.zip from the Week 2 folder 3) Notice the md5 hash for each file
4) Use HashCalc to calculate the md5 hash for each zip file 5) Compare the hashes you generated to those published
Which file has been altered or tampered with? How do you know?
Exercise 3: Determine the Integrity of an Email Attachment
1) Select a partner
2) Write a text message in notepad
3) Calculate an md5 hash for the text file
4) Save the md5 hash in a separate text file called integrity.md5
5) Send the text file and the md5 file to your partner in email attachment 6) When you receive your partner's email, check the integrity of the
Based on your experiences in exercises 2 and 3, what risks should one associate with using hashes to verify the integrity of a message?
Exercise 4: Generate a Public/Private Key Pair
1) Select a partner and use the same machine for this exercise
2) Each partner should create a public key/private key pair with gpg 3) When prompted, select the default settings where appropriate
4) After each partner has created a key pair, create a third pair for testing purposes
5) When you are finished, list all of the keys in your key database to confirm that you have three key pairs
How does the key size selected during key generation affect security and performance? Why does the program ask you to type and use the mouse during key generation?
Exercise 5: Create a Digital Signature for a Text File
1) Each partner should create a text message 2) Each partner should digitally sign the message
3) Experiment with the different methods of signing the message
4) After each partner has a created a digitally signed message, attempt to verify the message.
When you verify the message what happens? How do you know who sent the message?
Exercise 6: Encrypt a File
1) Each partner should create a text message
2) Each partner should encrypt the message for their partner
3) After encrypting the messages, each partner should decrypt the encrypted file
4) Attempt to decrypt the encrypted file by the third user in your system
Were you able to open your partner's file?
Exercise 7: Sign and Encrypt a File
1) Each partner should create a text message
2) Each partner should sign and encrypt the message for the partner 3) Use gpg to decrypt and verify the message
4) Attempt to decrypt and verify the message with the third party user
Do you think that signing and encrypting a file is more secure than only performing one of the operations on a file?
Can you think of a circumstance where you would not want to perform both operations?
Exercise 8: Defense in Depth: Combining Techniques
1) Combine the various techniques and tools we have used in this lab to enhance the security of a message intended for your partner.
2) Think about how these different technologies can be combined to improve confidentiality, integrity, and overall security of your message.
Write a brief description of how you used these technologies together to increase the security of your message.
What limitations did you encounter when attempting to combine these technologies?
Conclusion
In this lab, you used encryption tools to address many practical problems in computer security. Moreover, you should acquired an intuitive sense of the problems with each of the techniques we used. In future discussions, we will explore how to address these weaknesses and mitigate associated risks with a combination of technical and managerial measures.
