Secure Computer Systems

Project 1: Employing OpenSSL for encryption and cryptanalysis

Due date

Mar 6, 2017, 11:59pm (Please submit via Blackboard; you need to demo to me on Mar 7).

Goals

The goals of this project are to (1) learn about OpenSSL; (2) use OpenSSL commands and APIs for encryption; and (3) apply OpenSSL to simple cryptanalysis.

Setup

1. Install VirtualBox.
2. Download the virtual machine image and read Section 2.1 of the doc; import the VM into VirtualBox.
3. Compile and install OpenSSL (the source code has been downloaded at /home/seed/openssl-1.0.1 in the image; you can also choose to download the latest OpenSSL code from https://www.openssl.org/source/).
   1. cd /home/seed/openssl-1.0.1
   2. sudo ./config
   3. sudo make
   4. sudo make test
   5. sudo make install

Project Tasks

Task 1: Encryption using OpenSSL commands with different cipher and mode options

In this task, we will play with various encryption algorithms and modes. You can use the following command to encrypt/decrypt a file. To see the manual and understand the command options, you can type man enc or openssl enc --help.

% openssl enc -cipher-mode -e -in plain.txt -out cipher.bin -K 00112233445566778889aabbccddeeff -iv 0102030405060708

Here, "-iv" stands for the Initialization Vector; cipher-mode should be replaced by one of the supported cipher-mode option, such as aes-128-cbc, aes-128-cfb. Type man enc to get the list of supported cipher-mode options. In this task, you should try at least three different ciphers and three different modes.

Task 2: Encryption Mode – ECB vs. CBC

Please read Section 3.2 of Reference 1 for details. A hex editor "ghex" is already installed in the VM image. You can use the bitmap file pic_original.bmp or yolinux-mime-test.bmp for experiments.

Task 3: Padding

Please read Section 3.4 of Reference 1 for details.

Task 4: Dictionary Attack: Programming Using the Crypto Library

Please read Section 3.5 of Reference 1 for details. The "English Word List" can be downloaded here.

Optional Project: Assymetric Cryptography, SSL and Https

This project is not required but you are strongly encouraged to have a try.

Submission

Your submission should include the code, a readme file briefly describing how to compile/use your code, and a report including the contribution description of each team member and answers to the following questions:

• What is OpenSSL? What is it used for?
• Why are Initialization Vectors necessary? Can they be transmitted in plaintext over the Internet?
• Why are "modes" important?
• What is padding? What is PKCS padding? Why is padding needed for some modes and NOT needed for others?

Programming Languages

C/C++.

References

1. Crypto Lab – Secret-Key Encryption. SEED Labs, 2014. link
2. Encryption APIs and sample code (pay extra attention to the description of EVP_EncryptUpdate and EVP_EncryptFinal_ex.). link
3. Block cipher modes, padding and Initialization Vectors. link
4. OpenSSL Command-Line HOWTO. link
5. OpenSSL docs (You may find "EVP Symmetric Encryption and Decryption" particularly useful). link
6. Secure programming with the OpenSSL API (for the optional project). link
7. OpenSSL programming. link

Acknowledgment

Thanks to Dr. Wenliang Du for sharing his lab designs.