Secret-Key Encryption Lab网安实验
Secret-Key Encryption Lab網安實驗
實驗站點
文章目錄
- Secret-Key Encryption Lab網安實驗
- Task 1: Frequency Analysis Against Monoalphabetic Substitution Cipher
- Task 2: Encryption using Different Ciphers and Modes
- Task 3: Encryption Mode – ECB vs. CBC
- -aes-128-ecb
- -aes-128-cbc
- Task 4: Padding
- Task 5: Error Propagation – Corrupted Cipher Text
- ECB
- CBC
- CFB
- OFB
- Task 6: Initial Vector (IV)
- Task 7: Programming using the Crypto Library
Task 1: Frequency Analysis Against Monoalphabetic Substitution Cipher
It is well-known that monoalphabetic substitution cipher (also known as monoalphabetic cipher) is not secure, because it can be subjected to frequency analysis. In this lab, you are given a cipher-text that is encrypted using a monoalphabetic cipher; namely, each letter in the original text is replaced by another letter, where the replacement does not vary (i.e., a letter is always replaced by the same letter during the encryption). Your job is to find out the original text using frequency analysis. It is known that the original text is an English article.
In the following, we describe how we encrypt the original article, and what simplification we have made. Instructors can use the same method to encrypt an article of their choices, instead of asking students to use the ciphertext made by us.
- Step 1: let us do some simplification to the original article. We convert all upper cases to lower cases, and then removed all the punctuations and numbers. We do keep the spaces between words, so you can still see the boundaries of the words in the ciphertext. In real encryption using monoalphabetic cipher, spaces will be removed. We keep the spaces to simplify the task. We did this using the following command:
- Step 2: let us generate the encryption key, i.e., the substitution table. We will permute the alphabet from a to z using Python, and use the permuted alphabet as the key. See the following program.
- Step 3: we use the tr command to do the encryption. We only encrypt letters, while leaving the space and return characters alone.
We have created a ciphertext using a different encryption key (not the one described above). You can download it from the lab’s website. Your job is to use the frequency analysis to figure out the encryption key and the original plaintext.
ciphertext.txt
總結:可以正常統計出各個字母的出現頻率并根據公開單字母頻率制作對照表,但似乎仍未能正確解密原文,推測還需要制作雙字母對照表,限于時間未能進一步完善。
Task 2: Encryption using Different Ciphers and Modes
In this task, we will play with various encryption algorithms and modes. You can use the following openssl enc command to encrypt/decrypt a file. To see the manuals, you can type man openssl and man enc.
$ openssl enc -ciphertype -e -in plain.txt -out cipher.bin \ -K 00112233445566778889aabbccddeeff \ -iv 0102030405060708-ciphertype可以選擇想要使用的加密方式
Please replace the ciphertype with a specific cipher type, such as -aes-128-cbc, -bf-cbc, -aes-128-cfb, etc. In this task, you should try at least 3 different ciphers. You can find the meaning of the command-line options and all the supported cipher types by typing “man enc”. We include some common options for the openssl enc command in the following:
-in <file> input file -out <file> output file -e encrypt -d decrypt -K/-iv key/iv in hex is the next argument -[pP] print the iv/key (then exit if -P)使用案例:
$ openssl enc -des -e -in ./plaintext.txt -out cipher.bin -K 0011223344 -iv 0102030405060708Task 3: Encryption Mode – ECB vs. CBC
The file pic original.bmp can be downloaded from this lab’s website, and it contains a simple picture. We would like to encrypt this picture, so people without the encryption keys cannot know what is in the picture. Please encrypt the file using the ECB (Electronic Code Book) and CBC (Cipher Block Chaining) modes, and then do the following:
pic_original.bmp
-aes-128-ecb
加密指令:
openssl enc -aes-128-ecb -in ./pic_original.bmp -out ./p2.bmp -e -K 12345678-aes-128-cbc
加密指令:
openssl enc -aes-128-cbc -in ./pic_original.bmp -out ./p_cbc.bmp -e -K 12345678 -iv 12345678Observation:
越是復雜的圖片加密的效果越好,但ECB的加密強度會比CBC差很多,這點可以由簡單圖片的加密得出。
Task 4: Padding
For block ciphers, when the size of a plaintext is not a multiple of the block size, padding may be required. All the block ciphers normally use PKCS#5 padding, which is known as standard block padding. We will conduct the following experiments to understand how this type of padding works:
1.Use ECB, CBC, CFB, and OFB modes to encrypt a file (you can pick any cipher). Please report which modes have paddings and which ones do not. For those that do not need paddings, please explain why.
$ echo -n "12345" > f1.txt$ openssl enc -aes-128-ecb -in f1.txt -out f1_ecb -e -K 12345678 $ openssl enc -aes-128-cbc -in f1.txt -out f1_cbc -e -K 12345678 -iv 12345678 $ openssl enc -aes-128-cfb -in f1.txt -out f1_cfb -e -K 12345678 -iv 12345678 $ openssl enc -aes-128-ofb -in f1.txt -out f1_ofb -e -K 12345678 -iv 12345678ECB、CBC出現填充,CFB、OFB沒有填充。因為CFB、OFB可以將DES轉換為流密碼。
2.Let us create three files, which contain 5 bytes, 10 bytes, and 16 bytes, respectively. We can use the following “echo -n” command to create such files. The following example creates a file f1.txt with length 5 (without the -n option, the length will be 6, because a newline character will be added by echo):
$ echo -n "12345" > f1.txtWe then use “openssl enc -aes-128-cbc -e” to encrypt these three files using 128-bit AES
with CBC mode. Please describe the size of the encrypted files.
We would like to see what is added to the padding during the encryption. To achieve this goal, we will decrypt these files using “openssl enc -aes-128-cbc -d”. Unfortunately, decryption by default will automatically remove the padding, making it impossible for us to see the padding.
However, the command does have an option called “-nopad”, which disables the padding, i.e., during the decryption, the command will not remove the padded data. Therefore, by looking at the decrypted data, we can see what data are used in the padding. Please use this technique to figure out what paddings are added to the three files.
It should be noted that padding data may not be printable, so you need to use a hex tool to display the content. The following example shows how to display a file in the hex format:
作者選擇使用xxd
xxd第一部分為這一行第一個byte的位置;
xxd第二部分為這一行ASCII碼轉十六進制
xxd第三部分為這一行原本的內容
根據輸出,我們發現,CBC的填充內容每個字節都為該行的大小與滿編的距離,例如該行有5字節,則空余部分每個字節均填充(0x10-0x05)=0x0b=11
Task 5: Error Propagation – Corrupted Cipher Text
To understand the error propagation property of various encryption modes, we would like to do the following exercise:
Please answer the following question: How much information can you recover by decrypting the corrupted file, if the encryption mode is ECB, CBC, CFB, or OFB, respectively? Please answer this question before you conduct this task, and then find out whether your answer is correct or wrong after you finish this task. Please provide justification.
預測:
ECB將只有第四組解密錯誤
CBC將有第四組與第五組的解密錯誤
CFB根據加解密的設置不同可造成影響不同,但至少當前組與下一組組將出現錯誤
OFB將只有當前組解密錯誤
事先創建并加密文件
如圖依次完成4份加密文件的修改,以下為進入bless的方法
bless xxx.txt
完成第55字節的修改后按之前的方式對加密文件進行解密,并通過xxd查看文件二進制內容
ECB
如圖,ECB加密方式64bit為一組,其中一個字節出現錯誤,整組解密均錯誤
CBC
如圖,當前一組64bit均解密錯誤,并且因為與下一組進行異或,下一組的第7個字節出現錯誤
CFB
如圖,當前組與流密碼異或,第55個字節出現錯誤,但該組進入下一組的移位寄存器參與AES,使得下一組整組錯誤
OFB
如圖,OFB不存在擴散問題,且因為與流密碼異或加密,所以一個字節錯誤不會影響整組的解密錯誤,僅第55字節錯誤
Task 6: Initial Vector (IV)
Most of the encryption modes require an initial vector (IV). Properties of an IV depend on the cryptographic scheme used. If we are not careful in selecting IVs, the data encrypted by us may not be secure at all, even though we are using a secure encryption algorithm and mode. The objective of this task is to help students understand the problems if an IV is not selected properly. Please do the following experiments:
- Task 6.1. A basic requirement for IV is uniqueness, which means that no IV may be reused under the same key. To understand why, please encrypt the same plaintext using (1) two different IVs, and (2) the same IV. Please describe your observation, based on which, explain why IV needs to be unique.
可以發現,在相同key下,使用相同iv將導致加密結果相同,使用iv等于變相增強加密密鑰的復雜度
- Task 6.2. One may argue that if the plaintext does not repeat, using the same IV is safe. Let us look at the Output Feedback (OFB) mode. Assume that the attacker gets hold of a plaintext (P1) and a ciphertext (C1) , can he/she decrypt other encrypted messages if the IV is always the same? You are given the following information, please try to figure out the actual content of P2 based on C2, P1, and C1.
Plaintext (P1): This is a known message!
Ciphertext (C1): a469b1c502c1cab966965e50425438e1bb1b5f9037a4c159
Plaintext (P2): (unknown to you)
Ciphertext (C2): bf73bcd3509299d566c35b5d450337e1bb175f903fafc159
P1保存為文件,C1C2保存為二進制文件
P2=P1 ? \bigoplus ?C1 ? \bigoplus ?C2
使用python對P1 C1 C2的三份二進制文件進行異或,得到P2的二進制為4f726465723a204c61756e63682061206d697373696c6521
If we replace OFB in this experiment with CFB (Cipher Feedback), how much of P2 can be revealed? You only need to answer the question; there is no need to demonstrate that.
如果是CFB,那么視iv的長度得到可以解密的長度,長于iv的內容都無法正常解密。
因為已知明文攻擊可以通過異或得到iv但是無法得到K值,那么使用CFB加密,攻擊者將在解出K前無法算出流密碼,即無法解密接下來的內容。相反,已知明文后攻擊OFB無需得到K即可獲得長度相當于明文的流密碼,只要K與iv不變,可以攻擊任何長度不大于已知明文長度的密文。
The attack used in this experiment is called the known-plaintext attack, which is an attack model for cryptanalysis where the attacker has access to both the plaintext and its encrypted version (ciphertext). If this can lead to the revealing of further secret information, the encryption scheme is not considered as secure.
- Task 6.3. From the previous tasks, we now know that IVs cannot repeat. Another important requirement on IV is that IVs need to be unpredictable for many schemes, i.e., IVs need to be randomly generated. In this task, we will see what is going to happen if IVs are predictable.
Assume that Bob just sent out an encrypted message, and Eve knows that its content is either Yes or No; Eve can see the ciphertext and the IV used to encrypt the message, but since the encryption algorithm AES is quite strong, Eve has no idea what the actual content is. However, since Bob uses predictable IVs, Eve knows exactly what IV Bob is going to use next. The following summarizes what Bob and Eve know:
A good cipher should not only tolerate the known-plaintext attack described previously, it should also tolerate the chosen-plaintext attack, which is an attack model for cryptanalysis where the attacker can obtain the ciphertext for an arbitrary plaintext. Since AES is a strong cipher that can tolerate the chosen-plaintext attack, Bob does not mind encrypting any plaintext given by Eve; he does use a different IV for each plaintext, but unfortunately, the IVs he generates are not random, and they can always be predictable.
Your job is to construct a message P2 and ask Bob to encrypt it and give you the ciphertext. Your objective is to use this opportunity to figure out whether the actual content of P1 is Yes or No.
已知Bob的明文有兩種情況:(1)“Yes”(2)“No”。
根據task5我們知道, “Yes”在CBC加密中會被補全到16字節:59 65 73 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 。“No”會被補全為:4E 6F 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E
因為Bob的明文只有兩種情況,所以我們可以先假設上一條明文為Yes,構造P2驗證C2與Yes加密后結果相同,若不同則上一條為No。
所以我們構造的P2(Yes)的十六進制形式為:59 65 73 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0C。(P2(No)的十六進制形式為4E 6F 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0E 0F)注意到我們只修改了最后一個字節。將我們構造的P2發送給Bob請求加密,并與C1比對即可得知上一條密文的明文。
我們根據task5可以知道16字節文件加密會被補全到32字節,但根據CBC加密特點,我們只需要關注前16個字節即可,后16字節對結果無影響
對“Yes”的猜測回文:
對“No”的猜測回文:
Task 7: Programming using the Crypto Library
This task is mainly designed for students in Computer Science/Engineering or related fields, where programming is required. Students should check with their professors to see whether this task is required for their courses or not.
In this task, you are given a plaintext and a ciphertext, and your job is to find the key that is used for the encryption. You do know the following facts:
- The aes-128-cbc cipher is used for the encryption.
- The key used to encrypt this plaintext is an English word shorter than 16 characters; the word can be found from a typical English dictionary. Since the word has less than 16 characters (i.e. 128 bits), pound signs (#: hexadecimal value is 0x23) are appended to the end of the word to form a key of 128 bits.
Your goal is to write a program to find out the encryption key. You can download a English word list from the Internet. We have also linked one on the web page of this lab. The plaintext, ciphertext, and IV are listed in the following:
Plaintext (total 21 characters): This is a top secret. Ciphertext (in hex format): 764aa26b55a4da654df6b19e4bce00f4ed05e09346fb0e762583cb7da2ac93a2 IV (in hex format): aabbccddeeff00998877665544332211You need to pay attention to the following issues:
- If you choose to store the plaintext message in a file, and feed the file to your program, you need to check whether the file length is 21. If you type the message in a text editor, you need to be aware that some editors may add a special character to the end of the file. The easiest way to store the message in a file is to use the following command (the -n flag tells echo not to add a trailing newline):
- In this task, you are supposed to write your own program to invoke the crypto library. No credit will be given if you simply use the openssl commands to do this task. Sample code can be found from the following URL:
https://www.openssl.org/docs/man1.0.2/crypto/EVP_EncryptInit.html - When you compile your code using gcc, do not forget to include the -lcrypto flag, because your code needs the crypto library. See the following example:
話不多說,先上代碼:
// main.cpp #include <openssl/aes.h> #include <stdio.h> #include <string.h> #include <assert.h> #include <stdlib.h>#define charMaxLeng 20//函 數 名:AscToHex() //功能描述:把ASCII轉換為16進制 unsigned char AscToHex(unsigned char Char){int aChar = (int)Char;if((aChar>=0x30)&&(aChar<=0x39))aChar -= 0x30;else if((aChar>=0x41)&&(aChar<=0x46))//大寫字母aChar -= 0x37;else if((aChar>=0x61)&&(aChar<=0x66))//小寫字母aChar -= 0x57;else aChar = 0xff;return aChar; }//函 數 名:HexToAsc() //功能描述:把16進制轉換為ASCII unsigned char HexToAsc(unsigned char aHex){if((aHex>=0)&&(aHex<=9))aHex += 0x30;else if((aHex>=10)&&(aHex<=15))//A-FaHex += 0x37;else aHex = 0xff;return aHex; }unsigned char* str2hex(char *str) {unsigned char *ret = NULL;int str_len = strlen(str);int i = 0;// printf("%d \n", str_len);// printf("%s\n", str);assert((str_len%2) == 0);ret = (char *)malloc(str_len/2);for (i =0;i < str_len; i = i+2 ) {sscanf(str+i,"%2hhx",&ret[i/2]);}return ret; }//填充 char *padding_buf(char *buf,int size, int *final_size) {char *ret = NULL;int pidding_size = AES_BLOCK_SIZE - (size % AES_BLOCK_SIZE);int i;*final_size = size + pidding_size;ret = (char *)malloc(size+pidding_size);memcpy( ret, buf, size);if (pidding_size!=0) {for (i =size;i < (size+pidding_size); i++ ) {ret[i] = pidding_size;}}return ret; }void printf_buff(char *buff,int size) {int i = 0;for (i=0;i<size;i ++ ) {// printf( "%02X ", (unsigned char)buff[i] );printf( "%02X", (unsigned char)buff[i] );if ((i+1) % 8 == 0) {// printf("\n");}}printf("\n"); }void encrpyt_buf(char *raw_buf, char **encrpy_buf, int len, char* kkey) {AES_KEY aes;unsigned char *key = str2hex(kkey);unsigned char *iv = str2hex("aabbccddeeff00998877665544332211");AES_set_encrypt_key(key,128,&aes);AES_cbc_encrypt(raw_buf,*encrpy_buf,len,&aes,iv,AES_ENCRYPT);free(key);free(iv); }void decrpyt_buf(char *raw_buf, char **encrpy_buf, int len, char* kkey) {AES_KEY aes;unsigned char *key = str2hex(kkey);unsigned char *iv = str2hex("aabbccddeeff00998877665544332211");AES_set_decrypt_key(key,128,&aes);AES_cbc_encrypt(raw_buf,*encrpy_buf,len,&aes,iv,AES_DECRYPT);free(key);free(iv); }int main(int argc, char* argv[]) {char* target="764AA26B55A4DA654DF6B19E4BCE00F4ED05E09346FB0E762583CB7DA2AC93A2";FILE* p=NULL;if((p=fopen("words.txt","r"))==NULL) //以只讀的方式打開test。{printf("ERROR"); }char buffer[charMaxLeng];char buf2[charMaxLeng];int flag=0;while (!feof(p)){int i=0;memset(buffer,'\0', charMaxLeng * sizeof(char));memset(buf2,'\0', charMaxLeng * sizeof(char));fgets(buffer, charMaxLeng, p);while(i<charMaxLeng){buf2[i]=buffer[i];i+=1;}size_t len = strlen(buffer);if (len == 1) continue;// printf("%s", buffer);char *raw_buf = NULL;char *after_padding_buf = NULL;int padding_size = 0;char *encrypt_buf = NULL;char *decrypt_buf = NULL;i=0;unsigned char* key=NULL;key=(unsigned char*)malloc(33);while(i < strlen(buffer)){unsigned char letter = buffer[i];key[2*i] = HexToAsc(letter/0x10);key[2*i+1] = HexToAsc(letter%0x10);// printf("%d\n", i);++i;if(i==0x0f || buffer[i] < 0x20)break;}while(i < 0x10){key[2*i] = '2';key[2*i+1] = '3';++i;}key[0x20]='\0';// printf("%s\n", key);raw_buf = (char *)malloc(21);memcpy(raw_buf,"This is a top secret.",21);after_padding_buf = padding_buf(raw_buf,21,&padding_size);encrypt_buf = (char *)malloc(padding_size);encrpyt_buf(after_padding_buf,&encrypt_buf, padding_size, key);// printf("%d\n", strlen(target));i=0;char temp='\0';flag=1;while(i<padding_size){temp = HexToAsc((unsigned char)encrypt_buf[i]/0x10);if(temp!=target[2*i]){flag=0;break;}temp = HexToAsc((unsigned char)encrypt_buf[i]%0x10);if(temp!=target[2*i+1]){flag=0;break;}i+=1;}if(flag==0){continue;}printf("%s", buf2);printf_buff(encrypt_buf,padding_size);printf("%s\n", target);free(raw_buf);free(after_padding_buf);free(encrypt_buf);free(decrypt_buf);// printf("%02X\n", (unsigned char)('T'));break;}fclose(p);return 0; }如圖,答案是Syracuse
總結
以上是生活随笔為你收集整理的Secret-Key Encryption Lab网安实验的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java 僵尸进程_神奇的Java'僵尸
- 下一篇: 暄桐林曦老师浅谈“如何加强专注自律”