Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

EECE 5699: Computer Hardware and System Security

Lab 1 Fall 2023

Lab 1: Basic Cryptography - AES and RSA

Due on Sept. 29th (F), 2023 Noon on Github

1 Overview

In this Lab, you will learn to use AES and RSA for secure network communications. These two cryptographic algorithms are used in our daily life (e.g. HTTPS protocol). You will need to analyze the performance of OpenSSL implementations of both algorithms, and then you will use them to set up secure communication between yourself (client) and our server to obtain a secret.

We recommend you to start working on this lab as soon as possible, especially if you are not familiar with working in Linux or Unix like environment. If you do not have a Linux machine, you could use the COE Linux server(gateway.coe.neu.edu) for Modules 1 and 2. However, Module 3 cannot run on the COE server and you have to get your own Linux machine ready for it.

2 Accept your Assignment on Github

The class adopts the GitHub Classroom platform for code development and submission. For each lab assignment, we make a repository for the necessary files.

For this lab, please click the following link to accept assignment: https://classroom.github.com/a/toV8YbG9 (Note that you should have a Github account with your Northeastern Email Address, so that it is convenient for the TA to grade your submissions.). Clone the assignment repository to your computer and you will have a root directory for assignment 1. If you are new to git commands, you can find a Git tutorial at https://product.hubspot.com/blog/git-and-github-tutorial-for-beginners: For this assignment, start from Step 2.

3 Using OpenSSL Library

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used in Internet web servers, serving a majority of all web sites. You will need to checkout the repository from https://github.com/openssl/openssl.git to your local computer and compile. However, as OpenSSL library is big, you should not put it under the root directory for assignment 1 (if you are pushing the entire directory to the GitHub repository for submission).

To checkout the repository:

$ git clone https://github.com/openssl/openssl.git

To compile it on your machine:

$ cd openssl

$ ./config

$ make

Once it is compiled, you will see a static library libcrypto.a in the OpenSSL directory. This library will be statically linked against your executable if you are going to use its RSA and AES implementations.

4 Lab Module 1: Performance of Ciphers (30 pt)

The OpenSSL library has the following APIs for RSA

1. RSA public encrypt

2. RSA public decrypt

3. RSA private decrypt

4. RSA private encrypt

and for AES

1. AES encrypt

2. AES decrypt

First understand how to use these ciphers, and write your programs to measure the performance of RSA public encrypt and AES encrypt functions. Use and time these functions to encrypt a 16-byte data. Collect one million timing samples for each function. You will need to look up the appropriate timmer and also the parameters for AES encrypt() and RSA public encrypt().

The pseudo code for measuring AES is:

for (i = 0; i < 1000000; i++){

t1 = timer_start()

AES_encrypt()

t2 = timer_stop()

timearray[i] = t2 - t1

}

plot_distribution(timearray);

The pseudo code for measuring RSA public key implementation is:

for (i = 0; i < 1000000; i++){

t1 = timer_start()

RSA_public_encrypt()

t2 = timer_stop()

timearray[i] = t2 - t1}

plot_distribution(timearray);

To allow your programs to use these cryptographic functions included in the OpenSSL library, you can refer to the following Makefile example for header files inclusion and static library linking. Note to update OPENSSL setting to the directory of your downloaded OpenSSL:

CC=gcc

OPENSSL=../../openssl /* This line sets the relative directory of the OpenSSL you have downloaded

and installed to your current directory*/

INCLUDE=$(OPENSSL)/include/

CFLAGS=-c -I$(INCLUDE)

all: program

program: program.c

$(CC) program.c -I$(INCLUDE) -o program $(OPENSSL)/libcrypto.a -ldl -lpthread

clean:

rm -rf program

Plot timing distributions of these samples and find the mean for each function.

Question 1: First compare the performance of RSA and AES-128 (on the same size of plaintext - 16 bytes). Choose the appropriate key size for RSA to achieve the same security level as AES-128. How much slower is RSA than AES? With this implementation cost, discuss what scenario is RSA mainly used in and what is AES mainly used for?

5 Lab Module 2: AES Encryption Mode (20 pt)

There are several operation modes of AES. In this section, you will explore two of them: ECB and CBC. Using each of these two modes to encrypt an image file and report your findings. You can experiment with any images, and are provided with two samples in the GitHub repository.

To simplify the experiment, we will be using an image in the PPM format. First, separate the header and body sections of the image:

$ head -n 3 penguin.PPM > header.txt

$ tail -n +4 penguin.PPM > body.bin

Encrypt the body sections and reconstruct the image using the header and encrypted body sections.

$ openssl enc -aes-128-ecb -nosalt -pass pass:"A" -in body.bin -out enc_body.bin

$ cat header.txt enc_body.bin > ecb_penguin.ppm

Question 2: Compare these two encrypted images and comment on the security. What is the downside of CBC mode in terms of performance? Suggest one operation mode you think is the best and give your reason.

6 Lab Module 3: Secure Communication (50 pt)

You will need to use both AES and RSA to communicate with a service we host on hardware-security.nueess.tk or 10.75.9.63 at port 12000 and obtain a 16-byte secret. This address cannot be accessed from the public Internet. You would need the NEU VPN(click here for instructions). Please reach NEU ITS for support should you have any questions about VPN. The following is the communication protocol:

server -> [size of server’s public key] -> client

server -> [server’s public key] -> client

server <- [size of the client’s AES key encrypted using server’s public key] <- client

server <- [encrypted client’s AES key <- client

server -> [encrypted secret message using client’s AES key] -> client connection close

You can test on your own computer first. The server.c is given in the GitHub - you can pick your own message “secret”, and debug/test with your own client program.

You can find a good tutorial about socket programming at: https://www.geeksforgeeks.org/socket-programming-cc/

7 What You Need to Turn In

When you accept the assignment and clone the Lab1, you are provided with Lab1 folder that includes: a sample timer.c for Module 1, penguin.PPM and puppy.PPM for Module 2, and a sample server.c file for Module 3. You are also given a hints file for the flow and an example Makefile.

For Lab1 assignment, you will write programs for Module 1 to use AES and RSA for encryption and evaluate their performance; generate two different encrypted images under different AES modes for the given penguin.ppm and understand the pro and con of each mode; write your client program for Module 3 to communicate with the service running on the lab server, compile and run it and retrieve (decrypt) the secret message.

For the lab submission, you will need to put two things under your Lab1 root directory and push them to our Github Classroom repository. One is a PDF writeup which contains:

1. Plots showing the timing distribution for AES and RSA functions. Your Makefile should contain a target p1. When we run the command make p1, it should compile and run your program, which generates aes.txt and rsa.txt. Each text file should contain timing samples you used to generate your submitted plots.

2. Answers to Question 1 and Question 2.

3. The secret message in characters. Your Makefile should contain a target p3. When we run the command make p3, it should compile and run you program, which will output the text message to a file secret.txt. Note that what the client receives from the server will be 16 bytes (after decryption). Look up the ASCII codes to convert each byte to a character for the message.

The other thing to submit is a folder (named codes) which should include all your code files, Makefile, and a README (how to compile and run your programs). Please commit and push these two things to your Github repository. Please be mindful of the submission deadline - the TA will grade the last commit (with the time stamp).

Please do NOT push OpenSSL library to Github, because it is a huge library and will clutter the server. The TA will test your code on his local computer with his own OpenSSL library.

8 Resources

Your best friend, when working with programming, software, and security, is Google. The following resource links may be useful in addition to the ones included in lecture slides.

• Getting started with Git: https://product.hubspot.com/blog/git-and-github-tutorial-for-beginners

• Getting started with Linux Commands: http://www.usm.uni-muenchen.de/people/puls/lessons/intro_general/Linux/Linux_for_beginners.pdf

• Getting started with C programming: https://www.programiz.com/c-programming

• Getting started with Makefile: http://faculty.chas.uni.edu/~wallingf/teaching/cs4550/support/make/Makefiles.pdf

• Getting started with Matlab programming: http://mayankagr.in/images/matlab_tutorial.pdf

• Getting started with Python programming: https://www.python.org/about/gettingstarted/