CYBR 372 Applications of Cryptography
Te Aromatawai Tuatahi--Assignment 1
Ngā Whāinga --Objectives
In this assignment,you will learn how to use the Java Cryptography Extension(JCE)to:
perform. symmetric encryption and decryption
■use password-based key derivation for encryption/decryption
■evaluate the effect of different parameters of encryption on its overhead
■ implement a brute-force attack
Te Whakariterite--Preparation
This is based upon the following resources, note that some are from O'Reilly (Safari books online)and require you to initially access them via the library and create an account.
O'Reilly videos that provide a great hands-on introduction to the JCE:
Basic Encryption with Symmetric Ciphers(6 minutes,42 seconds)video,code Encrypting and Decrypting Files(8 minutes,20 seconds)video,code
Common Security Flaws When Using Symmetric Ciphers(6 minutes,20 seconds) video
Note that the code above uses a Util class available from here.
Oracle provides these useful reference materials that will help with completing the assignment:
Java Cryptography Architecture(JCA)Reference Guide
Java""Crvptoqraphv Architecture Standard Alqorithm Name Documentation
What to Submit?
Submit a zip file containing a directory for each part (i.e.part1,part2,part3,and part4).Each subdirectory should contain the following:
Code:
o Must also have standard comments to help the marker understand your code.
o The code should output human-readable error messages that will help users correct their mistakes rather thanjust providing a stack trace.
■A file named README.md listing any references used,and optionally,explaining your design choice and explaining why it is secure and how it meets the requirement.
■For part3,it should also have the raw results of vour timing experiments saved as either
results.csv,results.json,or results.xml file.Moreover,you should also include a file
report.pdf where you presentand discuss your findings.The pdf file should clearly have your
|
assignment1
一 s r c
-- part1
-- README.md -- Part1.java -- Util.java
-- part2
-- README.md --Part2.java —- Util.java
part3
--README.md
--results.cSv --report.pdf
--Part3.java
--Util.java part4
--README.md
-- Part4.java --Util.java
|
Part 1:Perform. symmetric encryption and decryption (25%)
Extend the existing FileEncryptor.java to allow the user to specify: Encryption or decryption operation.
■Secret key and initialisation vector (IV)in Base64 encoding as input files. ■AES mode of operation.
Input file(path and name). ■Output file(path and name).
The encryption operation is indicated by the keyword enc and the decryption operation is indicated
by the keyword dec.This is a mandatory parameter,and always appears first.
The other parameters are not positional (can appear in any order).They are identified by their name.
Si e,cike(fic)y(a)ll-yfi(:)le:what comes after is interpreted as the path to the file containing the secret key
(in Base64 encoding).This parameter isoptional for encryption but is mandatory for decryption.
If this option is not provided (for encryption),then a secret key is randomly generated and used,
■ -iv,--initialisation-vector:what comes after is interpreted as the path to the file vector is randomly generated and used,which is also saved in a file iv.base64 encoded in
(ECB/CBC/CTR/OFB/CFB/GCM).This is an_optional parameter.If not provided,the default of AES/CBC/PKCS5PADDING should be used.For padding,use the same PKCS5PADDING for other modes too.
-i,--input-file:this is a mandatory parameter.For enc,this the file containing the data to be
encrypted(the plaintext).For dec,this is the file containing the encrypted data(thē ciphertext).
■ -o,--output-file:this is an optional parameter.For enc,this the file will contain the
encrypted data,for dec,this is the file containing the decrypted data.If this option is not
message.txt.enc,becomes message.txt.dec,and message.dat becomes message.dat.dec.
Some example usage:
|
java Part1 enc --input-file plaintext.txt —output-file ciphertext.enc
java Part1 enc -i plaintext.txt -o ciphertext.enc
java Part1 enc -o ciphertext.enc -i plaintext.txt
java Part1 enc -i plaintext.txt
java Part1 enc -i plaintext.txt -o ciphertext.enc -k key.base64-m GCM
java Part1 enc -iv iv.base64-m CFB-i plaintext.txt -o ciphertext.enc
java Part1 dec --input-file ciphertext.enc -o plaintext.txt
java Part1 dec -i ciphertext.enc -o plaintext.txt -m OFB-k key2.base64-iv iv3.base64
|
Part 2:Password-Based Key Derivation for encryption/decryption (25%)
Keys are hard to remember by humans so using a password is a work-around option.The password
can be used to generate a key using a secure password-based key derivation function like Password-
Based Key Derivation Function 2(PBKDF2).They involve adding "salt"and iteratively apply a hash
function.Java provides implementation of key derivation functions to make this easy,see here for a
code example. This follows NIST recommendations(found here PBKDF2 and here RFC2898 ).You
should also readthe OWASP advice on password storage.
This requires adding an option to our file encryptor to allow a password to be specified instead of a
key,designated byā named parameter -p or --pass.You should also output(print)the secret key
and the IV as generated from the password in base64 encoding for marking purposes.Use the
default AES/CBC/PKCS5PADDING mode with key-length of 128 bits for encryption.
Some examples:
|
|
java
|
Part2
|
enc
|
--pass
|
"my password"-i plaintext.txt
|
-o ciphertext.enc
|
|
java
|
Part2
|
dec
|
-p"my
|
password"-i ciphertext.enc -o
|
plaintext.txt
|
|
Note that the decryption worked without providing the password salt.In your readme file of this part,
Note: For this part,your code must not create any new files,e.g.,it should not save the key to a file,
or the IV,or the sait,etc.Anything that is needed (excluding the key!duh!)can be put in the header of
the ciphertext itself(we do this trick all the time with almost any file format:we put necessary
information to read the file in its header).
Part 3:Evaluation of Parameters on Performance
(25%)
Use the code in part 1 to evaluate the effect of the following parameters on the runtime of encryption and decryption:
■ Key length(128/192/256) ■Mode of operation
■Size of the plaintext file
Keep the following notes in mind:
Make sure you are only measuring the time it takes for the actual encryption(and decryption),
and not the reading of the input file and writing of the output file to disk(reading and writing from storage is slow,and may skew the results).
among multiple processes).So make sure you are not reporting based only on single measurements.
Record your measurements in a csv (or json,or xml)file results.csv in the same directory.The fields should be explained in the readme file.
Provide a report in pdf report.pdf including a presentation and discussion of your findings.This
report is strictly limited to 5001000 words (excluding your references)and the values reported
should match your results file.
You do not need to provide the reasoning behind your observations,just a description of patterns
and your take-home lessons/recommendations.
Part 4:Brute-Force Attack(25%)
If we wanted to launch a brute-force attack on the AES directly,it will be impossible,because even for
128-bit long key,the key-space size of 2^128 is too large to be brute-forced (it will take billions of
years on our best computers).However,when password-based key derivation is used,then the story
is different!Human-memorable password have much less 'entropy":Small passwords are doomed
even more,because they can be brute-forced,as you are asked to show here.
Assume the password is limited to at most 6 characters long.Write a code that can decrypt a
ciphertext by brute-force(without knowing the key).The ciphertext is
■the first parameter is a mandatory positional parameter which is the ciphertext file.
the second parameter is a mandatory named argument using the keyword -t or --type followed by a number(0/1/2)with the following interpretation:
o 0:password is at most 6 characters long,composed only of lowercase letters.
o1:password is at most 6 characters long,composed only of lowercase letters and numbers.
o 2:password is at most 6 characters long,composed only of lowercase and uppercase letters.
It should print the password (and nothing else)once it is found. Here are some example usages:
|
java java
|
Part4 Part4
|
ciphertext.enc -t0 ciphertext.enc -t 1
|
|
java
|
Part4
|
ciphertext.enc -t 2
|
Use your implementation to estimate the time it takes to crack a sample ciphertext for each of these
various types,and report it in your readme file of this section.