Reference no: EM132291880
Problem 1:
Please make yourself familiar with CTR mode encryption, using the resources above or anything else you can find.
Write a script/program/subroutine that allows you to easily do the following:
• given IV, key encoded in hex, and plaintext (as a normal ASCII string), output the result of AES-128-CTR decryption in hex
• given IV, key, and ciphertext encoded in hex, output the result of AES-128-CTR decryption (as a normal ASCII string).
The perl script uses openssl command-line tool to do the actual encryption. For example, you can do echo -n "plaintext data" | openssl enc -aes-128-ctr -K <hexkey> -iv <hexiv>
to encrypt the plaintext data (-n argument to echo suppresses trailing newline). You can use `xxd -p` and `xxd -r -p` to convert to/from hex.
AES-128-CTR is also a standard, and you are also welcome to use standard encryption libraries from whatever programming language you like. Please read ahead to see what else I'm asking you to do, and make sure you are comfortable doing it in the language of your choice (I can't actually think of a worse choice than bash).
Please show the source of your script/program, and say what is the result of encrypting plaintext "cs478" with key 5A557AC90890B2ACD59C536FE4279BBC and IV 5A557AC90890B2ACD59C536FE4279BBC.
Problem 2
Now play around with tampering the ciphertext. Generate a ciphertext under a known plaintext + IV + key. Then try removing different bytes from the beginning/middle/end of the ciphertext, and seeing what happens when the modified ciphertext is decrypted.
Explain any patterns that you are able to deduce, and show your reasoning/evidence.
Problem 3
In this problem it will be useful to view ciphertexts and plaintexts in binary. Play around and see what happens when you flip bitsin a ciphertext and then decrypt that modified ciphertexts.
Explain any patterns that you are able to deduce, and show your reasoning/evidence. Also show any code that you wrote to help understanding what's happening in binary.
Problem 4
Do your best job of justifying your pattern from the previous problem using the definition of CTR-mode decryption. Recall that CTR decryption is defined by mi=AES(k,iv+i)⊕ci. This expression involves the XOR operation, but your tampering of the ciphertext involved flipping bits. How can "flip this set of bits in c" be expressed as an XOR operation?
Problem 5
Using what you have observed, obtain "root" access to the Perl script described above. Tamper with the ciphertext in your access token, to turn it into an access token that authenticates the user "root".
Describe all your steps. What username did you use to get the initial access token? How did you tamper with the ciphertext received from the server? What was your reasoning in doing this? (refer to your reasoning in previous problems) How did you change the browser's cookie? What is the secret administrator message?
Attachment:- Encryption assignment.rar