Link Search Menu Expand Document
COSC 366 Spring 2024

Table of contents

  1. Assignment 2 Due Apr. 5th, 11:59pm EST
    1. Sharing files in Unix [20 points]
    2. Race-conditions [25 points]
    3. File permissions [25 points]
    4. Symmetric & Asymmetric Key Crypto [20 points]
    5. One-Way Hash Function [30 points]
    6. Programming Task 1: Symmetric Key
      1. Encryption and Decryption [5 points]
      2. ECB vs. CBC [15 points]
        1. Questions
      3. Padding [10 points]
        1. Questions
    7. Programming Task 2: Asymmetric Key [10 points]
      1. Deriving the private key [2 points]
      2. Encrypting a message [2 points]
      3. Decrypting a encrypted message [2 points]
      4. Signing a Message [2 points]
      5. Verifying a signature [2 points]

Assignment 2 Due Apr. 5th, 11:59pm EST

Submission: You need to submit a detailed lab report, with screenshots, to describe what you have done and what you have observed. You also need to provide explanation to the observations that are interesting or surprising. Please also list the important code snippets followed by explanation. Simply attaching code without any explanation will not receive credits.

Note: Some tasks and questions are Copyright 2006 - 2011 Wenliang Du, Syracuse University (with slight updates by Dr. Doowon Kim).

Sharing files in Unix [20 points]

Alice wants to be able to share read and write access to some of her files (on a unix system) with dynamically changing sets of users. Since she is not root, she can’t just construct new groups for each file, nor can she turn on the optional ACL feature available on some Linux systems. So she decides to write setuid programs that will implement ACLs for her friends. Alice designs two setuid, world-executable programs, alice-write and alice-read (e.g., programs that anyone can run as alice) that work as follows:

  • ./alice-write IN OUT: first checks a permission file written by Alice to make sure that the ruid of the process (the calling user) is allowed to write to the file out. If so, then the program reads the file in and writes it over out.
  • ./alice-read IN OUT: first checks a permission file written by Alice to make sure that the calling user is allowed to read the file in. If so, the the program reads in and writes it to the file out.

Assume Alice has been careful in her implementation, i.e., there are no buffer overflows in alice-read and alice-write, the permission file is properly protected (uniquely named in the program and set to permission 0400), the programs accept only file paths listed in the permissions file, and permissions on Alice’s files are preserved.

  1. Can you find any (≥ 1) potential security problems with this approach? Describe them, no code/visuals required. (e.g., suppose Bob can read and write some of Alice’s files but not others; can he use alice-write and alice-read to gain access to files he shouldn’t? Are there potential attacks that could allow third parties to read/write Alice’s files?) [10 points]
  2. How could you change interface (e.g., what is passed to the programs) and/or implementation (e.g., the description of the programs) of alice-write and alice-read to avoid your attacks? Describe only, no code necessary. [10 points]

Race-conditions [25 points]

if (!stat("file.dat", buf)) return;   // abort if file exists
sleep(10);                            // sleep for 10 seconds
fp = fopen("file.dat", "w" );         // open file for write
fprintf(fp, "Hello world" );
close(fp);
  1. Suppose this code is running as a setuid root program. Give an example of how this code can lead to unexpected behavior that could cause a security problem. Hint: try using symbolic links. [10 points]
  2. Suppose the sleep(10) is removed from the code above. Could the problem you identified in part (a) still occur? Please explain. [10 points]
  3. How would you fix the code to prevent the problem from part (a)? [5 points]

File permissions [25 points]

After discovering a vulnerability in the passwd utility, the Linux developers have decided that it is too dangerous to continue to run the utility as root (through setuid). Unfortunately, there’s no Linux capability that lets a process specifically edit /etc/shadow, the file that Linux uses to store password data.

Note: This problem incorrectly stated /etc/passwd instead of /etc/shadow when released. UNIX originally stored password data in /etc/passwd but this was later changed to /etc/shadow. The high-level idea of your solution should not change and we’ll accept answers assuming password data is stored in /etc/passwd or /etc/shadow.

  1. The kernel developers have asked you to devise a new mechanism where the passwd command no longer runs as root, but users can only change their own password and can’t change any other users’ passwords. Your solution can’t change the Linux kernel itself (e.g., introduce a new capability), but the developers have created a new service account passwd that you can use. If you change the ownership, permissions, or setuid bit on any files, you should note the new values in your solution. [10 points]
  2. What’s the worst damage that an attacker can do if a new vulnerability were to be found in passwd? [10 points]
  3. Does changing who runs the passwd utility meaningfully increase the security of the system? Hint: Think about the contents of the /etc/shadow file. [5 points]

Symmetric & Asymmetric Key Crypto [20 points]

  1. [5 points] Why do we use hybrid encryption? Why can’t we use public key to encrypt everything?
  2. [5 points] When a message is encrypted twice, the cipher text should be different. This is an important requirement for encryption. Please describe how AES-128-CBC and RSA encryption achieve this property.
  3. [5 points] What’s the benefit of public-key based authentication scheme, compared to the password-based scheme?
  4. [5 points] In the chip technology used in credit cards, how does the terminal know that a credit card is issued by an authorized bank?

One-Way Hash Function [30 points]

  1. [5 points] Why is the hash function f(x) = x mod 10000 not a good one-way hash function?
  2. [10 points] A developer writes the following in a post: “I am writing a login for a forum, and I would like to hash the password at the client side in JavaScript before sending it to the server. If the hash matches with the one stored on the server, the user will be allowed to log in.” The developer believes that by sending the hash of the password, instead of sending the password directly, can improve the security. Do you agree or not, why?
  3. [5 points] In Linux, the password hash is produced by applying a hash function for many rounds (e.g., 5000 rounds for SHA-512). This seems to waste time, Why does Linux do this?
  4. [10 points] Suppose that in 1998, Alice used MD5 to generate a hash from her novel, and published the hash in the Wall Street Journal. She never had a chance to publish her book. Recently, a movie was made based exactly on the ideas of her novel, and a lot of scripts in the movie are from her novel verbatim, but she has received no credit or loyalty from the movie. She decided to sue the movie studio, but she heard that MD5’s collision-resistance property had already been broken since 2004. She is not sure whether the hash she published can still serve as a valid timestamp. If you are a lawyer representing Alice, what would you do to convince the judge?

Programming Task 1: Symmetric Key

Encryption and Decryption [5 points]

In this homework assignment, you will be learning how to use the OpenSSL cryptographic library to perform some basic cryptography. OpenSSL provides the command line interface as well as the library interface to C programs. In this assignment, you will need to use the command-line interface, as well as the library interface of OpenSSL. (Interfaces to the OpenSSL C library exist in many other programming languages too. But if your language of choice does not provide the OpenSSL library interface, use the standard crypto library provided by the language.) Specfically, in this task, we will play with various encryption algorithms and modes. You can use the following openssl enc command to encrypt/decrypt a file. To see the manuals, you can type man openssl and man enc.

openssl enc -ciphertype -e -in plain.txt -out cipher.bin \
          -K 00112233445566778889aabbccddeeff \
          -iv 0102030405060708

Please replace the ciphertype with a specific cipher type, such as -aes-128-cbc, -bf-cbc, -aes-128-cfb, etc. In this task, you should try at least 3 different ciphers. You can find the meaning of the command-line options and all the supported cipher types by typing “man enc”. Please provide the screenshots of all encryption cipher type.

Here’s the corresponding decryption command:

openssl enc -aes256 -d -in ciphertext.txt -out plaintext.txt

The syntax is very similar, except for -d option, which tells OpenSSL to decrypt. You’ll be asked for the same password you used to encrypt. Just simply take a screenshot of your command. [5 points]

ECB vs. CBC [15 points]

This file (tux.bmp) contains a simple penguin image. We’d like to encrypt this image and send it to your secret agent so that other people without knowing the encryption keys cannot know what image is in the file. Please encrypt the image file using the ECB and CBC modes.

  1. Download the image file.
  2. Encrypt the image file with two different modes (ECB and CBC modes).
  3. To treat the encrypted picture as a picture and to properly display the encrypted one using a picture viewing software, we need to slightly hack the encrypted file. For a .bmp file, the first set bytes contains the header information about the picture, we have to set it correctly, so the encrypted file can be treated as a legitimate .bmp file and we can view it using a picture viewing software.
  4. We have provided header.bin for you that you can use to will replace the header of the encrypted picture with that of the original picture. So please download the header-new.bin.
  5. Use the command: cat header-new.bin yourEncryptedFile.bin > tux-enc-{cbc,ecb}.bmp. This will create a file appending the encrypted data onto the header.bin.
  6. Display the encrypted picture using any picture viewing software.

Questions

  1. A description of what the encrypted images look like. [5 points]
  2. Why is there a difference between the two? [5 points]
  3. Why is ECB not safe? [5 points]

Padding [10 points]

For block ciphers, when the size of a plaintext is not a multiple of the block size, padding may be required. The PKCS#5 padding scheme is widely used by many block ciphers. We will conduct the following experiments to understand how this type of padding works:

  1. Use ECB, CBC, CFB, and OFB modes to encrypt a file (you can pick any cipher).
  2. Let’s create three files, which contain 5 bytes, 10 bytes, and 16 bytes, respectively. We can use the following “echo -n” command to create such files. The following example creates a file f1.txt with length 5 (without the -n option, the length will be 6, because a newline character will be added by echo): $ echo -n "12345" > f1.txt We then use openssl enc -aes-128-cbc -e to encrypt these three files using 128-bit AES with CBC mode. Please describe the size of the encrypted files. We would like to see what is added to the padding during the encryption. To achieve this goal, we will decrypt these files using openssl enc -aes-128-cbc -d. Unfortunately, decryption by default will automatically remove the padding, making it impossible for us to see the padding. However, the command does have an option called -nopad, which disables the padding, i.e., during the decryption, the command will not remove the padded data. Therefore, by looking at the decrypted data, we can see what data are used in the padding. Please use this technique to figure out what paddings are added to the three files.

Questions

  1. Please report which modes have paddings and which ones do not. For those that do not need paddings, please explain why. [5 points]
  2. Report what you have observed in this task using your screenshots. [5 points]

Programming Task 2: Asymmetric Key [10 points]

Deriving the private key [2 points]

Let p, q, and e be three prime numbers. Let n = p*q. We will use (e, n) as the public key. Please calculate the private key d. The hexadecimal values of p, q, and e are listed in the following. It should be noted that although p and q used in this task are quite large numbers, they are not large enough to be secure. We intentionally make them small for the sake of simplicity. In practice, these numbers should be at least 512 bits long (the one used here are only 128 bits). In this task, for the sake of simplicity, please use Python. What’s the private key? Please provide your Python code, the screenshots of the results, and detailed explanations.

p = F7E75FDC469067FFDC4E847C51F452DF
q = E85CED54AF57E53E092113E62F436F4F
e = 0D88C3

Encrypting a message [2 points]

Let (e, n) be the public key. Please encrypt the message A top secret! (the quotations are not included). Please provide your Python code, the screenshots of the results, and detailed explanations.

Decrypting a encrypted message [2 points]

The public/private keys used in this task are the same as the ones used in the prior task. Please decrypt the following ciphertext C, and convert it back to a plain ASCII string. Please provide your Python code, the screenshots of the results, and detailed explanations.

C = 39cf8ba4e56530ae0a9d9d6072464fb253d55d4d5fdbd3789d28996a3f877879

Signing a Message [2 points]

The public/private keys used in this task are the same as the ones used in the prior task. Please generate a signature for the following message (please directly sign this message, instead of signing its hash value): Please provide your Python code, the screenshots of the results, and detailed explanations.

M = I owe you $2000

Verifying a signature [2 points]

Bob receives a message M = Launch a missile. from Alice, with her signature S. We know that Alice’s public key is (e, n). Please verify whether the signature is indeed Alice’s or not. The public key and signature (hexadecimal) are listed in the following. Please provide your Python code, the screenshots of the results, and detailed explanations.

M = Launch a missile.
S = 643D6F34902D9C7EC90CB0B2BCA36C47FA37165C0005CAB026C0542CBDB6802F
e = 010001 (this hex value equals to decimal 65537)
n = AE1CD4DC432798D933779FBD46C6E1247F0CF1233595113AA51B450F18116115

Suppose that the signature above is corrupted, such that the last byte of the signature changes from 2F to 3F, i.e, there is only one bit of change. Please repeat this task, and describe what will happen to the verification process.