Question

Secret-Key Encryption Lab

Answer 1

The learning objective of this lab is for students to get familiar with the concepts in the secret-key encryption and some common attacks on encryption. From this lab, students will gain a first-hand experience on encryption algorithms, encryption modes, paddings, and initial vector (IV). Moreover, students will be able to use tools and write programs to encrypt/decrypt messages. Many common mistakes have been made by developers in using the encryption algorithms and modes. These mistakes weaken the strength of the encryption, and eventually lead to vulnerabilities. This lab exposes students to some of these mistakes, and ask students to launch attacks to exploit those vulnerabilities. This lab covers the following topics: • Secret-key encryption • Substitution cipher and frequency analysis • Encryption modes, IV, and paddings • Common mistakes in using encryption algorithms • Programming using the crypto library.

Task 1: Frequency Analysis

It is well-known that monoalphabetic substitution cipher (also known as monoalphabetic cipher) is not secure, because it can be subjected to frequency analysis. In this lab, you are given a cipher-text that is encrypted using a monoalphabetic cipher; namely, each letter in the original text is replaced by another letter, where the replacement does not vary (i.e., a letter is always replaced by the same letter during the encryption).

Task 2: Encryption using Different Ciphers and Modes

In this task, we will play with various encryption algorithms and modes.

Task 3: Encryption Mode – ECB vs. CBC

Task 4: Padding

Task 5: Error Propagation – Corrupted Cipher Text To understand the error propagation property of various encryption modes, we would like to do the following exercise: 1. Create a text file that is at dleast 1000 bytes long. 2. Encrypt the file using the AES-128 cipher. 3. Unfortunately, a single bit of the 55th byte in the encrypted file got corrupted. You can achieve this corruption using the bless hex editor. 4. Decrypt the corrupted ciphertext file using the correct key and IV.

Task 6: Initial Vector (IV) and Common Mistakes Most of the encryption modes require an initial vector (IV). Properties of an IV depend on the cryptographic scheme used. If we are not careful in selecting IVs, the data encrypted by us may not be secure at all, even though we are using a secure encryption algorithm and mode.

Task 7: Programming using the Crypto Library This task is mainly designed for students in Computer Science/Engineering or related fields, where programming is required. Students should check with their professors to see whether this task is required for their courses or not.