CS448- Assignment 1: Introduction to Information Security, KAIST Solved

INSTRUCTIONS TO STUDENTS:

Any collaboration or assistance of any kind is strictly prohibited; all work must be your own.
Your submission will surely be compared with the submissions for your peers for plagiarism detection Any academic dishonesty will be
1           True-False Questions 
True or false: Message Authentication Code (MAC) prevents an adversary from modifying or injecting messages between two parties with a symmetric secret key; thus, it makes replay attacks ineffective. (A) True, (B) False
True or false: In the Needham-Schroeder protocol, each participating party (e.g., A or B) becomes an encryption oracle to the other; i.e., provide a ciphertext for a plaintext chosen by another party. (A) True, (B) False
True or false: All entity authentication protocols require on-line (i.e., always on, always accessible) trusted third parties.
(A) True, (B) False

True or false: The Diffie-Hellman key exchange protocol needs a trusted third party to determine the group parameters used for shared-secret generation.
(A) True, (B) False

True or false: Whenever n = pq, where p and q are distinct primes, finding Euler’s totient function of n, denoted by φ(n), allows finding secret key d efficiently (i.e., in polynomial time in the length of n). (A) True, (B) False
True or false: A hash function that is second pre-image resistant is not necessarily pre-image resistant. (A) True, (B) False
1.1     Submission

Submission. Write a text file p1S #.txt, where # denotes your student id. In the text file, write your answer letters (i.e., A or B) for six questions and use newline to separate them. For example,

In p1_S_20210001.txt file:

A

B

A

B

A

B

Include this text file into the final tar file of your padding oracle attack; see the next section.

2           Padding Oracle Attack 
For this assignment, you will implement a padding attack discussed in class. This attack was first discussed in the paper “Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS...” by S. Vaudenay. You should read the paper (http://dx.doi.org/10.1007/3-540-46035-7_35) and implement the described attack.

You will have the opportunity to create your own padding attack discussed in class to extract a message from a ciphertext. You can find a set of valid ciphertexts on the KLMS assignment #1 handout section. The ciphertexts will be given as a 128-bit hexadecimal number (starting with 0x...) computed as follows:

                                                                           C = C0kC1 = CBCEncryptK (PAD(M)),                                                                     (1)

where the word M is shorter than or equal to 8 ASCII characters (i.e., 64 bits). The block size of the cipher and the length of the secret key K are 64 bits. The first 64-bit block of C is the initialization vector (IV), which we denote C0, and the last 64-bit block is the first cipher block, C1. Note that we assume the randomized CBC encryption; that is, the IV (C0) is randomly selected for every message.

You are given a padding oracle, which can be accessed by function calls; see Section 2.2 for the details. You can access the padding oracle as many times as you want. You will have two language options to develop your padding attack program: Java or Python. The padding oracle will accept both C0 and C1 (each 64 bits long), and return a 1 or a 0, indicating correct or incorrect padding respectively. The padding oracle works as follows:

                                                                          {0,1} = CheckPAD(CBCDecryptK (C)),                                                                    (2)

where you provide the C; i.e., you are a chosen-ciphertext attacker.

2.1       Where to obtain the ciphertext?

KLMS assignment #1.

2.2       How to access the oracle?

You will be given the following list of files:

pad oracle.jar: Padding oracle (Java bytecode).
oracle python v1 2.py: Padding and decryption oracles (Python functions).
python interface v1 2.jar: Java bytecode for interfacing Python scripts and oracle Java bytecodes.
bcprov-jdk15-130.jar: Crypto library.
We recommend these versions for your assignment: Java 11, Python 3.6.

Here are the example codes that access the oracles. Java:

2

// query padding oracle pad_oracle p = new pad_oracle ();

boolean isPaddingCorrect = p.doOracle("0x1234567890abcdef", "0x1234567890abcdef");

Python:

Execute the Java-Python interface class by

java -cp pad_oracle.jar:bcprov-jdk15-130.jar:python_interface_v1_2.jar python_interface_v1_2 In your Python script, from oracle_python_v1_2 import pad_oracle

# query padding oracle

ret_pad = pad_oracle(’0x1234567890abcdef’, ’0x1234567890abcdef’);