Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

ECMM462:  Fundamentals of Security

Continuous Assessment (v22.4)

due date: Wednesday 7th December 2022

The CA is worth 40% of your final mark and intended to last for 40 hours. You can get up to 100 marks in total split into four exercises:

Topic

Marks

Target date

Symmetric Encryption

25

October 19

Asymmetric Encryption

25

November 02

Protocol Verification

25

November 16

Access Control

25

November 23

Format of Submission   Please prepare the following for your submission:

• ECMM462 .pdf which contains the following sections:

– Encryption” contains the solution to task 1 of exercise 2

– ”Verification” contains the solution to task 2 of exercise 2

– Protocol” contains the solution to task 2 of exercise 3

• feistel .py contains the solution to exercise 1

• protocol .AnB contains the solution to task 1 of exercise 3

fixed .AnB contains the solution to task 3 of exercise 3

• blpcheck .py contains the solution to exercise 4

Then, submit your solutions via the electronic submission system BART (https://bart.exeter.ac. uk/) by Wednesday 7th December 2022 noon GMT.

Python Libraries   For the exercises requiring you to implement something in Python do not use any advanced Python libraries.

Referencing, and academic conduct   You are required to cite the work of others used in your solution and include a list of references, and must avoid plagiarism, collusion and any academic misconduct behaviours: https://vle.exeter.ac.uk/course/view.php?id=1957

Questions   If you have any questions regarding the assessment brief please post them to the cor- responding topic in the discussion forum:  https://vle.exeter.ac.uk/mod/forum/view.php?id= 2446771.  If you don’t want to disclose your identity then the forum has the option to post anony- mously.

input

2w

w

w

w

Figure 1: Feistel structure.

kn

w

w

f

2w

output

1  Symmetric Encryption (25 marks)

In the lecture we discussed the Feistel structure as a foundation of many modern symmetric block ciphers. Its general structure is repeated in Figure 1. It requires an 2w bit input and splits it into a left (bottom) and right (top) part of w bit each.  It then proceeds in n rounds to produce a 2w bit output. Each round consists of the following steps:

• The top w bits are combined with the round key ki  by a round function f .

• The bottom w bits are combined with the output of f by bit-wise exclusive or.

• Then the top and bottom bits are swapped and passed on to the next round.

For this task you should implement a version of the Feistel structure in Python3.  To this end you should complete the template file feistel .py provided on the ELE page.

Your implementation should work on 8 bit inputs and use bitwise AND as its round function. Your program should be called feistel .py and take the following input parameters:

• The first parameter is an optional option -d (for decryption).

• The second parameter is an 8 bit input string.

• The third parameter is the number of rounds.

• The next parameters are the different round keys.

The program should return only the 8 bit result.

For example,


>python3   feistel . py   10101010   5   0101   1111   1010   0101   0101

>XXXXXXXX


should encrypt 10101010 in 5 rounds with round keys 0101, 1111, 1010, 0101, and 0101 respectively1. Marking: You will get a maximum of 15 marks for correctly implementing encryption and a maxi-

mum of additional 10 marks for correctly implementing decryption. Partial marks will be awarded if your implementation is partially correct, i.e., if it works correctly for some but not all inputs.

2  Asymmetric Encryption (25 marks)

Consider the following scheme by which B encrypts a message for A.

1. A chooses two large primes P and Q, such that

• P is relatively prime to Q − 1,

• and Q is relatively prime to P − 1.

2. A publishes N = PQ as its public key.

3. A calculates P\  and Q\ , such that

• PP\ 1 (mod Q − 1),

• and QQ\ 1 (mod P − 1).

4. B encrypts message M as C = MN  mod N .

5. A finds M by solving

• M  CP\   (mod Q),

• and M  CQ\   (mod P).

2.1  Task 1 (10 marks)

For this part you should first encrypt the number 5555555 and then decrypt the number 5555555 using the above scheme.

• The prime numbers you choose should be between 5000 and 10000.

List every intermediate steps for encryption and decryption.

You may use the following tools:

• Chinese Remainder Calculator: https://www.dcode.fr/chinese-remainder

• Modular exponentiation: https://www.dcode.fr/modular-exponentiation

• Coprime checker: https://www.dcode.fr/coprimes

2.2  Task 2 (15 marks)

For this part you should verify that the scheme is correct. To this end you should prove that encrypting a message with a public key and decrypting it again with the corresponding private key yields the original message.

For your proof you may use

Fermats little theorem

 Chinese remainder theorem

described in the following.

2.2.1  Fermats little theorem

This theorem states that if p is a prime number, then

ap 三 a (mod p)

In addition, if a is not divisible by p Fermat’s little theorem guarantees that ap 1 mod p)

(1)

(2)

2.2.2  Chinese reminder theorem

The Chinese reminder theorem states that for a sequence of congruences

北  a1  (mod n1 )

北  ak  (mod nk)

such that ni are pairwise co-prime, the system has a unique solution in (mod N) where N = n1 ∗ ⋅ ⋅ ⋅∗nk .

3  Protocol Verification (25 marks)

Consider the following protocol where X《M》denotes a message M digitally signed by agent X:


A,B

 

 

 

 

 

 

 

 

KDCB,pk(B)》

{Na ,A}pk(B)

 

 

 

 

 

 

 

A,B,{Na }pk(KDC)

 

KDCA,pk(A)》, {KDCNa ,Ks ,B}pk(B)

{KDCNa ,Ks ,B,Nb }pk(A)

 

{∣NB ∣}Ks

 

 

 


 

Note that in this scenario, A does not know the public key of B and B does not know the public key of A. The aim of the protocol is to allow Agent A and Agent B to exchange a shared secret key Ks .

Task 1 (10 marks)  Formalize the protocol and the corresponding security property in OFMC. Task 2 (5 marks)  The protocol does not meet its goal. Explain why.

Task 3 (10 marks)  Fix the protocol.

Note that OFMC might take some time to find a possible attack so you should wait until it was at least able to verify 2 sessions before you stop it.

4  Access Control (25 marks)

For this exercise you should implement a tool in Python3 to validate properties of a given Bell- LaPadula configuration. To this end you should complete the template file blpcheck .py provided on the ELE page.

The system should work for a fixed set of subjects, objects, security levels, and categories:

• Subjects: Alice (A), Bob (B), Charlie (C)

• Objects: Document 1 (1), Document 2 (2), Document 3 (3)

• Security levels: low (l), high (h)

• Categories: A, B, and C

The objects are assumed to require the following security levels:

• Document 1: low for categories A and B

• Document 2: high for category C

• Document 3: high for category B

Subject-specific configurations are given in text files alice .txt, bob .txt, and charlie .txt. Each file contains the following information for the corresponding subject:

• The first row contains the access rights for the documents.

• The second row contains the maximum security level and corresponding categories.

• The third row contains the current security level and corresponding categories.

For example, a configuration file in which Alice has

• write rights for Document 1, no rights for Document 2, and append rights for Document 3

• a maximum security level of high for categories A and B

• a current security level of low for category A

looks as follows:

Listing 1: alice.txt

w, , a

h :A,B

l :A

The currently executed rights are provided as command line parameters.  The tool should output whether the model satisfies the Simple security condition, the star property, and/or the discretionary security property.

For example, in the following we check whether a state in which Alice writes to doc1 and Bob reads doc2 is secure:


>python3   blpcheck . py   Alice :doc1:w   Bob:doc2:r

>SSC:   yes

>Star:   yes

>DS:   no