1 Overview
The learning objective of this assignment is for students to get familiar with the concepts in the security techniques such as symmetric and asymmetric encryption, hashing and certificates in Public Key Infrastructure (PKI).
2 Environment
Installing OpenSSL. In this assignment, we will use openssl commands and libraries. We have al- ready installed openssl binaries in our VM. It should be noted that if you want to use openssl li- braries in your programs, you need to install several other things for the programming environment, in- cluding the header files, libraries, manuals, etc. We have already downloaded the necessary files under the directory /home/seed/openssl-1.0.1. To configure and install openssl libraries, go to the openssl-1.0.1 folder and run the following commands.
You should read the INSTALL file first:
% sudo ./config
% sudo make
% sudo make test
% sudo make install
Installing a hex editor. In this assignment, we need to be able to view and modify files of binary format. We have installed in our VM a hex editor called GHex. It allows the user to load data from any file, view and edit it in either hex or ascii. Note: many people told us that another hex editor, called Bless, is better; this tool may not be installed in the VM version that you are using, but you can install it yourself using the following command:
% sudo apt-get install bless
3 Tasks
Task 1: Encryption using different ciphers and modes
In this task, we will play with various encryption algorithms and modes. You can use the following openssl enc command to encrypt/decrypt a file. To see the manuals, you can type man openssl and man enc.
% openssl enc ciphertype -e -in plain.txt -out cipher.bin \
-K 00112233445566778889aabbccddeeff \
-iv 0102030405060708
Please replace the ciphertype with a specific cipher type, such as -aes-128-cbc, -aes-128-cfb,
-bf-cbc, etc. In this task, you should try at least 3 different ciphers and three different modes. You can find the meaning of the command-line options and all the supported cipher types by typing "man enc". We include some common options for the openssl enc command in the following:
-in input file
-out output file
-e encrypt
-d decrypt
-K/-iv key/iv in hex is the next argument
-[pP] print the iv/key (then exit if -P)
Task 2: Encryption Mode - ECB vs. CBC
The file pic original.bmp contains a simple picture. We would like to encrypt this picture, so people without the encryption keys cannot know what is in the picture. Please encrypt the file using the ECB (Electronic Code Book) and CBC (Cipher Block Chaining) modes, and then do the following:
1. Let us treat the encrypted picture as a picture, and use a picture viewing software to display it. How- ever, For the .bmp file, the first 54 bytes contain the header information about the picture, we have to set it correctly, so the encrypted file can be treated as a legitimate .bmp file. We will replace the header of the encrypted picture with that of the original picture. You can use a hex editor tool (e.g. ghex or Bless) to directly modify binary files.
2. Display the encrypted picture using any picture viewing software. Can you derive any useful infor- mation about the original picture from the encrypted picture? Please explain your observations.
Task 3: Encryption Mode - Corrupted Cipher Text
To understand the properties of various encryption modes, we would like to do the following exercise:
1. Create a text file that is at least 64 bytes long.
2. Encrypt the file using the AES-128 cipher.
3. Unfortunately, a single bit of the 30th byte in the encrypted file got corrupted. You can achieve this corruption using a hex editor.
4. Decrypt the corrupted file (encrypted) using the correct key and IV.
Please answer the following questions: (1) How much information can you recover by decrypting the corrupted file, if the encryption mode is ECB and CBC respectively? Please answer this question before you conduct this task, and then find out whether your answer is correct or wrong after you finish this task.
(2) Please explain why. (3) What are the implication of these differences?
Task 4: Generating Message Digest and MAC
In this task, we will play with various one-way hash algorithms. You can use the following openssl dgst command to generate the hash value for a file. To see the manuals, you can type man openssl and man dgst.
% openssl dgst dgsttype filename
Please replace the dgsttype with a specific one-way hash algorithm, such as -md5, -sha1, -sha256, etc. In this task, you should try at least 3 different algorithms, and describe your observations. You can find the supported one-way hash algorithms by typing "man openssl".
Task 5: Keyed Hash and HMAC
In this task, we would like to generate a keyed hash (i.e. MAC) for a file. We can use the -hmac option (this option is currently undocumented, but it is supported by openssl). The following example generates a keyed hash for a file using the HMAC-MD5 algorithm. The string following the -hmac option is the key.
% openssl dgst -md5 -hmac "abcdefg" filename
Please generate a keyed hash using HMAC-MD5, HMAC-SHA256, and HMAC-SHA1 for any file that you choose. Please try several keys with different length. Do we have to use a key with a fixed size in HMAC? If so, what is the key size? If not, why?
Task 6: The Randomness of One-way Hash
To understand the properties of one-way hash functions, we would like to do the following exercise for MD5 and SHA256:
1. Create a text file of any length.
2. Generate the hash value H1 for this file using a specific hash algorithm.
3. Flip one bit of the input file. You can achieve this modification using ghex or Bless.
4. Generate the hash value H2 for the modified file.
5. Please observe whether H1 and H2 are similar or not. Please describe your observations in the as- signment report. You can write a short program to count how many bits are the same between H1 and H2.
Task 7: Public Key Infrastructure (PKI)
A public key infrastructure (PKI) supports the distribution and identification of public keys using certificates, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party. Task 7-9 of this assignment relates to PKI.
A Certificate Authority (CA) is a trusted entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. A number of commercial CAs are treated as root CAs; VeriSign is the largest CA at the time of writing. Users who want to get digital certificates issued by the commercial CAs need to pay those CAs.
In this assignment, we need to create digital certificates, but we are not going to pay any commercial CA. We will become a root CA ourselves, and then use this CA to issue certificate for others (e.g. servers). In this task, we will make ourselves a root CA, and generate a certificate for this CA. Unlike other certificates, which are usually signed by another CA, the root CA's certificates are self-signed. Root CA's certificates are usually pre-loaded into most operating systems, web browsers, and other software that rely on PKI. Root CA's certificates are unconditionally trusted.
The Configuration File openssl.conf. In order to use OpenSSL to create certificates, you have to have a configuration file. The configuration file usually has an extension .cnf. It is used by three OpenSSL commands: ca, req and x509. The manual page of openssl.conf can be found using Google search. You can also get a copy of the configuration file from /usr/lib/ssl/openssl.cnf. After copying this file into your current directory, you need to create several sub-directories as specified in the configuration file (look at the [CA default] section):
For the index.txt file, simply create an empty file. For the serial file, put a single number in string format (e.g. 1000) in the file. Once you have set up the configuration file openssl.cnf, you can create and issue certificates.
Certificate Authority (CA). As we described before, we need to generate a self-signed certificate for our CA. This means that this CA is totally trusted, and its certificate will serve as the root certificate. You can run the following command to generate the self-signed certificate for the CA:
$ openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf
You will be prompted for information and a password. Do not lose this password, because you will have to type the passphrase each time you want to use this CA to sign certificates for others. You will also be asked to fill in some information, such as the Country Name, Common Name, etc. The output of the command are stored in two files: ca.key and ca.crt. The file ca.key contains the CA's private key, while ca.crt contains the public-key certificate.
Task 8: Create a Certificate for PKIassignmentServer.com
Now, we become a root CA, we are ready to sign digital certificates for our customers. Our first customer is a company called PKIassignmentServer.com. For this company to get a digital certificate from a CA, it needs to go through three steps.
Step 1: Generate public/private key pair. The company needs to first create its own public/private key pair. We can run the following command to generate an RSA key pair (both private and public keys). You will also be required to provide a password to encrypt the private key (using the AES-128 encryption algorithm, as is specified in the command option). The keys will be stored in the file server.key:
$ openssl genrsa -aes128 -out server.key 1024
The server.key is an encoded text file (also encrypted), so you will not be able to see the actual content, such as the modulus, private exponents, etc. To see those, you can run the following command:
$ openssl rsa -in server.key -text
Step 2: Generate a Certificate Signing Request (CSR). Once the company has the key file, it should generates a Certificate Signing Request (CSR), which basically includes the company's public key. The CSR will be sent to the CA, who will generate a certificate for the key (usually after ensuring that identity infor- mation in the CSR matches with the server's true identity). Please use PKIassignmentServer.com as the common name of the certificate request.
$ openssl req -new -key server.key -out server.csr -config openssl.cnf
It should be noted that the above command is quite similar to the one we used in creating the self-signed certificate for the CA. The only difference is the -x509 option. Without it, the command genreates a request; with it, the command generates a self-signed certificate.
Step 3: Generating Certificates. The CSR file needs to have the CA's signature to form a certificate. In the real world, the CSR files are usually sent to a trusted CA for their signature. In this assignment, we will use our own trusted CA to generate certificates. The following command turns the certificate signing request (server.csr) into an X509 certificate (server.crt), using the CA's ca.crt and ca.key:
$ openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key \
-config openssl.cnf
If OpenSSL refuses to generate certificates, it is very likely that the names in your requests do not match with those of CA. The matching rules are specified in the configuration file (look at the [policy match] section). You can change the names of your requests to comply with the policy, or you can change the policy. The configuration file also includes another policy (called policy anything), which is less restrictive. You can choose that policy by changing the following line:
"policy = policy_match" change to "policy = policy_anything".
Task 9: Use PKI for Web Sites
In this assignment, we will explore how public-key certificates are used by web sites to secure web browsing. First, we need to get our domain name. Let us use PKIassignmentServer.com as our domain name. To get our computers recognize this domain name, let us add the following entry to /etc/hosts; this entry basically maps the domain name PKIassignmentServer.com to our localhost (i.e., 127.0.0.1):
127.0.0.1 PKIassignmentServer.com
Next, let us launch a simple web server with the certificate generated in the previous task. OpenSSL
allows us to start a simple web server using the s server command:
# Combine the secret key and certificate into one file
% cp server.key server.pem
% cat server.crt >> server.pem
# Launch the web server using server.pem
% openssl s_server -cert server.pem -www
By default, the server will listen on port 4433. You can alter that using the -accept option. Now, you can access the server using the following URL: https://PKIassignmentServer.com:4433/. Most likely, you will get an error message from the browser. In Firefox, you will see a message like the following: "pkiassignmentserver.com:4433 uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown".
Had this certificate been assigned by VeriSign, we will not have such an error message, because VeriSign's certificate is very likely preloaded into Firefox's certificate repository already. Unfortunately, the certificate of PKIassignmentServer.com is signed by our own CA (i.e., using ca.crt), and this CA is not recognized by Firefox. There are two ways to get Firefox to accept our CA's self-signed certificate.
- We can request Mozilla to include our CA's certificate in its Firefox software, so everybody using Firefox can recognize our CA. This is how the real CAs, such as VeriSign, get their certificates into Firefox. Unfortunately, our own CA does not have a large enough market for Mozilla to include our certificate, so we will not pursue this direction.
- Load ca.crt into Firefox: We can manually add our CA's certificate to the Firefox browser by clicking the following menu sequence:
Edit -> Preference -> Advanced -> View Certificates.
You will see a list of certificates that are already accepted by Firefox. From here, we can "import" our own certificate. Please import ca.crt, and select the following option: "Trust this CA to identify web sites". You will see that our CA's certificate is now in Firefox's list of the accepted certificates.
Now, point the browser to https://PKIassignmentServer.com:4433. Please describe and explain your observations. Please also do the following tasks:
1. Modify a single byte of server.pem, and restart the server, and reload the URL. What do you observe? Make sure you restore the original server.pem afterward. Note: the server may not be able to restart if certain places of server.pem is corrupted; in that case, choose another place to modify.
2. Since PKIassignmentServer.com points to the localhost, if we use https://localhost: 4433 instead, we will be connecting to the same web server. Please do so, describe and explain your observations.
Task 10: Using EVP crypto library
So far, we have learned how to use the tools provided by openssl to encrypt and decrypt messages. In this task, we will learn how to use openssl's crypto library to encrypt/descrypt messages in programs.
OpenSSL provides an API called EVP, which is a high-level interface to cryptographic functions. Al- though OpenSSL also has direct interfaces for each individual encryption algorithm, the EVP library pro- vides a common interface for various encryption algorithms. To ask EVP to use a specific algorithm, we simply need to pass our choice to the EVP interface.
The following URLs https://wiki.openssl.org/index.php/EVP and https://www. openssl.org/docs/manmaster/crypto/EVP_EncryptInit.html provide introduction to EVP interface with sample programs. Based on you understanding of these programs, write a simple C program to demonstrate a symmetric encryption process or an asymmetric encryption process.
Note 1: In this task, you are supposed to write your own program to invoke the crypto library. No credit will be given if you simply use the openssl commands to do this task.
Note 2: To compile your code, you may need to include the header files in openssl, and link to openssl libraries. To do that, you need to tell your compiler where those files are. In your Makefile, you may want to specify the following:
INC=/usr/local/ssl/include/ LIB=/usr/local/ssl/lib/
all:
gcc -I$(INC) -L$(LIB) -o enc yourcode.c -lcrypto -ldl