Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due

ELEC 5150/6150 Lab 1 – Secret-Key Encryption

1 Overview

The learning objective of this lab is for you to get familiar with the concepts in the secret-key encryption. After finishing the lab, you should be able to gain a first-hand experience on encryption algorithms, encryption modes, paddings, and initial vector (IV). Moreover, you will be able to use tools and write programs to encrypt/decrypt messages.

2 Lab Environment

Setup Lab Environment. In all the labs, we will use the free VirtualBox and the VM image provided by SEED labs. Please follow the instructions at https://seedsecuritylabs.org to set up your lab environment.

Installing OpenSSL. In this lab, we will use openssl commands and libraries. We have already in stalled openssl binaries in our VM. It should be noted that if you want to use openssl libraries in your programs, you need to install several other things for the programming environment, including the header files, libraries, manuals, etc. We have already downloaded the necessary files under the directory /home/seed/openssl-1.0.1. To configure and install openssl libraries, go to the openssl-1.0.1 folder and run the following commands.

You should read the INSTALL file first:

% sudo ./config

% sudo make

% sudo make test

% sudo make install

Installing a hex editor. In this lab, we need to be able to view and modify files of binary format. We have installed in our VM a hex editor called GHex. It allows the user to load data from any file, view and edit it in either hex or ascii. Note: many people told us that another hex editor, called Bless, is better; this tool may not be installed in the VM version that you are using, but you can install it yourself using the following command:

% sudo apt-get install bless

3 Lab Tasks

3.1 Task 1: Encryption using different ciphers and modes (25 points)

In this task, we will play with various encryption algorithms and modes. You can use the following openssl enc command to encrypt/decrypt a file. To see the manuals, you can type man openssl and man enc.3.2 Task 2: Encryption Mode – ECB vs. CBC (25 points)

% openssl enc ciphertype -e -in plain.txt -out cipher.bin \

-K 00112233445566778889aabbccddeeff \

-iv 0102030405060708

Please replace the ciphertype with a specific cipher type, such as -aes-128-cbc, -aes-128-cfb, -bf-cbc, etc. In this task, you should try at least 3 different ciphers and three different modes. You can find the meaning of the command-line options and all the supported cipher types by typing "man enc". We include some common options for the openssl enc command in the following:

-in <file> input file

-out <file> output file

-e encrypt

-d decrypt

-K/-iv key/iv in hex is the next argument

-[pP] print the iv/key (then exit if -P)

3.2 Task 2: Encryption Mode – ECB vs. CBC (25 points)

The file pic original.bmp contains a simple picture. We would like to encrypt this picture, so people without the encryption keys cannot know what is in the picture. Please encrypt the file using the ECB (Electronic Code Book) and CBC (Cipher Block Chaining) modes, and then do the following:

1. Let us treat the encrypted picture as a picture, and use a picture viewing software to display it. However, for the .bmp file, the first 54 bytes contain the header information about the picture, we have to set it correctly, so the encrypted file can be treated as a legitimate .bmp file. We will replace the header of the encrypted picture with that of the original picture. You can use a hex editor tool (e.g. ghex or Bless) to directly modify binary files.

2. Display the encrypted picture using any picture viewing software. Can you derive any useful infor mation about the original picture from the encrypted picture? Please explain your observations.

3.3 Task 3: Encryption Mode – Corrupted Cipher Text (25 points)

To understand the properties of various encryption modes, we would like to do the following exercise:

Create a text file that is at least 64 bytes long.
Encrypt the file using the AES-128 cipher.
Unfortunately, a single bit of the 30th byte in the encrypted file got corrupted. You can achieve this corruption using a hex editor.
Decrypt the corrupted file (encrypted) using the correct key and IV.

Please answer the following questions: (1) How much information can you recover by decrypting the corrupted file, if the encryption mode is ECB, CBC, CFB, or OFB, respectively? Please answer this question before you conduct this task, and then find out whether your answer is correct or wrong after you finish this task. (2) Please explain why. (3) What are the implication of these differences?3.4 Task 4 : Padding (25 points)

3.4 Task 4 : Padding (25 points)

For block ciphers, when the size of the plaintex is not the multiple of the block size, padding may be required. In this task, we will study the padding schemes. Please do the following exercises:

1. The openssl manual says that openssl uses standard block padding (aka PKCS padding) for its padding. It works by adding n padding bytes of value n to make the total length of the encrypted dataa multiple of the block size.

Please design an experiment to verify this. In particular, use your experiment to figure out the paddings in the AES encryption when the length of the plaintext is 20 octets and 32 octets.

2. Please use ECB, CBC, CFB, and OFB modes to encrypt a file (you can pick any cipher). Please report which modes have paddings and which ones do not. For those that do not need paddings, please explain why.

4 Submission

You need to submit a detailed lab report to Canvas. In your report, you should describe what you have done and what you have observed; you also need to provide explanation to the observations that are interesting or surprising. In your report, you need to answer all the questions listed in this lab.

文章