From: "Saved by Windows Internet Explorer 7" Subject: COMP 150-CA Special Topics: Computer and Network Security Date: Sat, 16 Feb 2008 02:16:57 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.ccs.neu.edu/course/csg254/ProblemSet-V.htm X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16545 COMP 150-CA = Special Topics: Computer and Network Security

           &nbs= p;            = ;    =20         =20 Problem=20 Set - V           &nbs= p;            = ;            = =20       =20 11/13/07

(Due at the = beginning of=20 class on 11/20/07)

 

CS = G254/U645=20 Network Security

This problem set = will be=20 graded out of 60 points. It will count for 8% of your final=20 grade.

 

1)     =20 Number=20 theory

a)     =20 What is 32007 mod 17 (your = answer=20 should be in 0=8516)?=20 [2]

b)     =20 Consider the = numbers in=20 1..16; show that for each number I there = exists an=20 inverse, i.e., a number J such that I*J =3D 1 mod 17. = [2]

c)     =20 Let S(n) be the = subset, of=20 (1..n-1), of numbers coprime to n. Show that = for each=20 I in S(n) there exists a J in S(n) such that I*J =3D 1 mod n.=20 [3]

d)     =20 Find = 38 mod 14. Find x = such that=20 3x =3D 14 mod 17. = Which is=20 easier to compute - exponentiation or discrete log? [3] =

 

2)     =20 RSA & Diffie-Hellman

a)     =20 Describe in detail = how RSA=20 works for encryption. What are the public and private keys, how is the = message=20 encrypted and how is the ciphertext = decrypted?=20 [3]

b)     =20 Describe how RSA = is used for=20 signatures. [2]

c)     =20 Describe in detail = how Diffie-Hellman can be used for encryption. What = are the=20 public and private keys, how is the message encrypted and how is the = ciphertext decrypted? [3]

d)     =20 Consider the ElGamal signature scheme with public key <g, p, gS mod p> where message M is signed using gRm, Rm + = M * S mod=20 (p =961). Why is it necessary to have a different Rm for each message M? [2]

 

3)     =20 Crypto systems and = network=20 protocols

a)     =20 Which is more = secure:=20 112-bit 3DES or 112 bit RSA and why? [2]

b)     =20 Describe the basic = SSL=20 handshake. [5]

c)     =20 When you use your = browser to=20 connect to your bank=92s server using https how come the client (your = browser)=20 does not need its own (public and private) keys? = [3]

 

Programming=20

 

The=20 Secure Sockets Layer, SSL, (and its successor TLS) is by far the most = widely=20 deployed security protocol in the world. Essentially every commercial = web=20 browser and server supports secure transactions using SSL. Although its = most=20 common use is for securing web traffic, SSL is actually quite a general = protocol=20 suitable for securing a wide variety of traffic types. The goal of this=20 assignment is to understand the basics of SSL and to learn to use it by=20 implementing a client, either in C or in Java, which securely converses = with a=20 server using SSL.

 

The=20 server is implemented and listening on port 12345 on denali. The source code for the server is in = http://www.ccs.neu.edu/course/csg254/local/ssl/openssl_server.c. You do = not have=20 to implement the clients from scratch. A framework for both the C and = Java=20 clients is available in=20 http://www.ccs.neu.edu/course/csg254/local/ssl/framework. You can copy = the=20 skeleton file (openssl_client.c or SSLClient.java) from the framework directory to = your own=20 directory and modify them to include the actual calls to the SSL = library. You=20 will need to provide the complete source code for your client in one of = the two=20 languages =96 C or Java. Pick a string =93STR=94 of your choice. The = goal of your=20 clients is to send =93STR:MD5HASH(STR|SECRET_KEY)=94 to the=20 server and get an error code of 0 (note that neither the quotes =93=94 = nor the pipe=20 | are to be included in the string you send the server, the | just = indicates=20 concatenation, and the SECRET_KEY can be obtained from the source code = for the=20 server). In both C and Java the SSL library/toolkit provides a = socket-like=20 interface that is secure. For documentation on the C version see http://www.openssl.org/= docs/ssl/ssl.html.=20 For documentation on the Java version see http://java.sun.com/j2se/1.4.2/docs/api/javax/net/ssl/package-= summary.html.=20 For general socket programming see http://www.ec= st.csuchico.edu/~beej/guide/net/html/.=20

 

For=20 this assignment you will need to work on the Solaris machines in the = UNIX lab.=20 You cannot work from your own machine unless you create an ssh tunnel for your = packets=20 destined for port 12345, because of the firewall. Alternately you can = install=20 the server on your own machine as well (remember to set up a cert and = pkey).

 

A=20 prebuilt client already exists that you can = use to=20 experiment with the server. Use =93openssl = s_client =96host denali.ccs.neu.edu =96port = 12345=94 at the shell=20 prompt. This drops you into the input for openssl and=20 you can then input whatever it is you want to send the server. Note that = you=20 have only 10 seconds before the connection times out. You can compute an = MD5HASH=20 of =93STR=94 by doing =93echo =96n STR | md5sum=94 at the shell prompt. = For example if you=20 input =93ravi:4c633e4eb1e674437c48a5163c30cb6b=94 in the=20 openssl input then you should get a success = code of 0=20 before the connection is closed

 

4)     =20 Pick your favorite = language=20 - C or Java. Implement the client in this language (you only need to do = one=20 language, not both). Submit the source code for your (C or Java) client = (by=20 email). Indicate any changes you made to client with comments. Also = indicate in=20 comments the string STR you picked. We will check your code by compiling = and=20 running against the server to see we get a successful return code of 0. = If=20 needed provide a README file. [30]