**Assessment: Crypt Lab Report**

**Objectives:**

• Provide an understanding of the concept of entropy in the context of written language.

• Give a better understanding of how unicity distance is calculated.

• Illustrate the weakness of classical ciphers

• Reinforce understanding of the calculation of unicity distance

• Demonstrate the utility of knowledge of known plaintext to the cryptanalyst.

• Be aware of the main differences between DES and AES.

• Understand the advantages of the CBC mode of operation over the ECB mode of operation of a symmetric key block cipher.

• Understand the vulnerability of the ECB mode of operation and the CBC modes of operation of a symmetric key block cipher to cut and paste attacks.

• Understand the significance of the key length of a modern cipher.

• Understand the Diffie-Hellman key exchange algorithm and its vulnerability to attack.

• Understand how to do a byte addition attack on a hash function and its significance in practice.

• Understand how the RSA key cryptosystem operates upon its input by treating it as an integer value.

• Understand the significance of the size of the value of the modulus used in RSA.

**Brief Description: **Students are required to finish the lab using free software CrypTool and carry out some analysis. A lab report needs to be submitted afterwards.

**Learning outcome 1:** Critically analyse the relative merits of the major types of cryptographic algorithm in current use and the contexts in which they are used

**Learning outcome 2:** Apply comprehensive knowledge in components and principles of implementation of authentication and authorization in controlling access to the resources of a communications network

**1. Aims**

The aims of this practical work are PART A:

• Provide an understanding of the concept of entropy in the context of written language.

• Give a better understanding of how unicity distance is calculated.

• Illustrate the weakness of classical ciphers

• Reinforce understanding of the calculation of unicity distance

• Demonstrate the utility of knowledge of known plaintext to the cryptanalyst.

**PART B:**

• To reinforce understanding of the DES symmetric key cipher.

• To reinforce understanding of the AES symmetric key cipher.

• To illustrate the differences between the DES and AES encryption algorithms.

• To highlight the vulnerability of the ECB and CBC modes of operation of a symmetric block cipher to attack.

• To reinforce understanding of the Diffie-Hellman key exchange algorithm.

• To reinforce understanding of the behaviour and use of hash functions.

• To reinforce understanding of the RSA public key cipher.

• To reinforce understanding of public key infrastructure

• To reinforce understanding of hybrid ciphers.

**PART A:**

Frequency Analysis

**Question 1.** Prepare three relatively long English texts (each of the size of 15,000 or more letters) taken from a

o novel or story

o news report

o technical report

, respectively, and save each as a word document.

Find on the Internet a similar single text (≥ 15,000 letters) written in an arbitrary foreign language, copy it and save it as a word document.

Determine and provide a histogram showing in the graphical form the relative frequency of letters in all four prepared long texts, as well, as the textual listings of 26 most frequent digrams and trigrams. This can be done using CrypTool. In Cryptool from the menu File>Open open the word document containing the text you want to analyse. The histogram can be obtained by selecting Analysis>Tools for Analysis >Histogram and the the digrams and trigrams by selecting Analysis>Tools for Analysis >N- Gram and selecting the appropriate option.

Do the frequency distributions depend significantly on the type of text in English? Do these distributions depend significantly on the language in which the message was written?

**Question 2.** For the English language novel/story text of Q1, using the N-Gram tool in Cryptool, note down the five most frequent letters in the text. For first 500, 1K, 2K, 5K, 10K, and 15K letters in the text, record the estimated probabilities of each of the five letters you noted down; The estimated probability of a letter is its frequency in a sample of text divided by the total number of letters in the sample of text.

Plot the estimated probabilities against the number of letters for the five most probable letters on a single graph and discuss what you observe.

**Question 3.** For the English language novel/story text of Q1, using Cryptool; Analysis>Tools for Analysis>Entropy

Give the Entropy of the first 10, 20, 50, 100, 200, 500, 1K, 2K, 5K, 10K, and 15K letters and discuss what you observe.

**Question 4.** For the English text taken from a novel of Q1, for the first 1,000 letters and then the entire text give the frequency distribution of the 26 most frequent N-Grams of single letters, diagrams, and trigrams. Now encrypt the first 1,000 letters and then the entire text using the following 3 classical ciphers available in CrypTool: Vigenere, Hill, and Substitution. Give the frequency distribution of the 10 most frequent N-Grams of single letters, diagrams, and trigrams for all 6 obtained ciphertexts.

What are the characteristic features of the obtained distributions? How you could use them to determine which cipher was used to obtain the given ciphertext?

**Question 5**. If the above text is to be encrypted using a random permutation of the letters (i.e. by replacing each letter with another), assuming that only letters that appear in the plaintext can be used to create ciphertext, determine the unicity distance of the encryption algorithm giving all your workings. What information does the value you determined provide?

**Question 6.** Below please find 5 ciphertexts of the same message encrypted using the following 5 classical ciphers available in CrypTool: Caesar, Vigenere, Hill, Substitution and Playfair. Using the tools available in Cryptool under Analysis > Symmetric Encryption (classic) do your best to match each ciphertext with the cipher used to generate it and if possible give the key used in each case. Find the plaintext, by breaking the Caesar (shift) cipher or the Vigenere Cipher, and then use the plaintext if necessary to identify the other ciphers used to encrypt the now known plaintext. All attacks must be documented.

Brute-force attacks do not count.

Note that the analysis tool for the Playfair cipher requires the plaintext in Playfair ‘form` which can be obtained by encrypting then decrypting the plaintext under a key of your choice. If the tool asks you to save a recovered key it may be viewed under Edit > Show Key after saving it. In some cases plaintext and ciphertext has to be loaded into the tool as .txt files.

**Ciphertext 1**

Je wecaxsksrjuc, l lewi woagemsr jj u zeeliqbkcpew jyrdkcbr elex urerw tr mrqln qeee sj bes fmki ere glbhfgiw b wckio-wmdf fogtfx, gemcyq e sewl pi grwdeki ezarwe. Lewi woagemsrt rlr athipz lmrh tr gvzgnbkcetlz wie zlvmsvj jhvaswit jopl lw hmhznnp dmkrbkoeid, tewtnieh dxsvbxy, nro qiwtrar efxliokcpeemsr. Pey bj eli mngiexlrx tsfjrvemiw pw u tszh lety zhrnxmso zm gllx mx tyihpo fi gpdjhxlxmsorfyc trjibjcopp xs jjex gaz hmjgvlrre mrtvk pnpfiw xirn cvzhygf kbr wlqi lbjb byetyx. Uycf tcstisks vw neppfu wbpwmwmpe lrwtwxeoty. Gs oijiou utetrwx czlgloec eukupod, mx mt zgcscxeru ki hwp lewi woagemsrt ncgl l wyjgzwviyxpc mrlti zyxtvk mvdp erh uf ofi avstfi wecaxsksrjumn xigiecdypw wydy uf wlpxmox uah vic wuiyggsmrk uf gnop mx qpiy qmqjmgvcn ssc exxbtervd xs jjex pswpmwjfhf.

**Ciphertext 2**

It wxurxqidahpy, o hyut lslmxqgj um i umtdoaghyguh dinubqap tdgh pquwy ij unhol tspq op khs eatw avh jxypiyka y hktun-yinm ecfdol, qkbrun o hyun yb akamiiq fsiqiv. Fyqv dinubqapm ipa kozsbe gyun it wxurxqidahpy hiv nqhqggy hkznocka qiux yu fsoqpqf eegxutqpac, vyugigph sxqjaiq, khl skamiiq outdwnbqqkbqap. Ape av vly aglkfnkhf drajkfnogu iz i kqyp fyqv dinubqap wg tdgh et qvecpr tc ykkzolghqgxubrq elhwayixps no pitp fgo fsnvcnwnb qnhol vgveka tdgh jxypiys nly miam fyqv ecfdol. Tdwg jxqpcnzq wg qkbrun ykbrwgqgd hkawgpqnus. Ny pknwnt scqitiv zcfndluu ghpqsky, ib qy ikzgppqth xq gya nyut lslmxqglu kotd y ugllickwnzdo rqhiq ecfdol yinm khp fe csi jxqpcn wxurxqidahrym xmaflggyya iiyf ya iuhbqtu khv sga ivpafqrytu xq umuw et cmpa fsnvygcld dgp ghpqskcni vo pitj skpdeyiape.V

**Ciphertext 3**

Pu jyfwavnyhwof, h ohzo mbujapvu pz h thaolthapjhs mbujapvu aoha ahrlz pu puwba khah vm huf zpgl huk wyvkbjlz h mpelk-zpgl vbawba, jhsslk h ohzo vy tlzzhnl kpnlza. Ohzo mbujapvuz hyl dpklsf bzlk pu jyfwavnyhwof mvy chypvbz wbywvzlz zbjo hz kpnpahs zpnuhabylz, whzzdvyk zavyhnl, huk tlzzhnl hbaoluapjhapvu. Vul vm aol ptwvyahua wyvwlyaplz vm h nvvk ohzo mbujapvu pz aoha pa zovbsk il jvtwbahapvuhssf pumlhzpisl av mpuk adv kpmmlylua puwba chsblz aoha wyvkbjl aol zhtl ohzo vbawba. Aopz wyvwlyaf pz jhsslk jvsspzpvu ylzpzahujl. Av klmluk hnhpuza ipyaokhf haahjrz, pa pz ptwvyahua av bzl ohzo mbujapvuz dpao h zbmmpjpluasf shynl vbawba zpgl huk av bzl wyvwly jyfwavnyhwopj aljoupxblz zbjo hz zhsapun huk rlf zaylajopun av thrl pa tvyl kpmmpjbsa mvy haahjrlyz av mpuk jvsspzpvuz.**Ciphertext 4**

Rs xlepjqclzpae, z azka uisxjrqs rk z tzjavtzjrxzn uisxjrqs jazj jzovk rs rspij wzjz qu zse krdv zsw plqwixvk z urfvw-krdv qijpij, xznnvw z azka ql tvkkzcv wrcvkj. Azka uisxjrqsk zlv grwvne ikvw rs xlepjqclzpae uql hzlrqik pilpqkvk kixa zk wrcrjzn krcszjilvk, pzkkgqlw kjqlzcv, zsw tvkkzcv zijavsjrxzjrqs. Qsv qu jav rtpqljzsj plqpvljrvk qu z cqqw azka uisxjrqs rk jazj rj kaqinw yv xqtpijzjrqsznne rsuvzkrynv jq ursw jgq wruuvlvsj rspij hznivk jazj plqwixv jav kztv azka qijpij. Jark plqpvlje rk xznnvw xqnnrkrqs lvkrkjzsxv. Jq wvuvsw zczrskj yrljawze zjjzxok, rj rk rtpqljzsj jq ikv azka uisxjrqsk grja z kiuurxrvsjne nzlcv qijpij krdv zsw jq ikv plqpvl xlepjqclzparx jvxasrmivk kixa zk kznjrsc zsw ove kjlvjxarsc jq tzov rj tqlv wruurxinj uql zjjzxovlk jq ursw xqnnrkrqsk.

**Ciphertext 5**

AM EP WR UT MO KS MW KN FZ NC AG BW UR MA ZF NI WG MR UZ KE VN BA HF YU SG WG UZ ZU IC RA MA HS BU FV ZU SB FS ZR AY FI LF QS QB KB FR FN VY FE RA YF TB WO BU FK QV MD FV NK PN PS RM QZ ZF MB EV MB OZ NK PN BA HF YU SG ZF YM YK EF MX AO FE AM EP WR UT MO KS MW BS QI IS UR AO OK SQ PO FR OA HP FZ EV MU ZU NQ UM SF UB YM OQ FZ PZ PS FQ UT SI MB FS EL FR ZF MB UK WG FM YU FK YU SG SG BR BZ MC ER QP OY FS WO SP RC OY EM OP NF OT QB NK PN BA HF YU SG AR WG UZ UY PN TB QL CF BP HR BU UZ UR SF QV MX AM BF FZ UE MD UT EA LF WX QB AE BF YM GZ AM OK XU VN IB OZ NK WO SP BV DF WG FR IN CM FZ GP BU OK WY WG AR QS PQ MY WZ AR FK QV MD ED QG MV RA SG YM RA OZ FS DF UT EF BF LF UN UA SZ UG EY WG FV ZI WY ZU HC RA YU RA HR PS ZU GZ UT AO CM FZ NC AG BW UR SZ YK WG FZ AB EA EK FM XG XM IS MB TB WO BU RA YF FS BX TB RF QS PQ MY EP WR UT MO KS MK BW FD LG VR IB QZ OA HP FZ ZF GX AM NU LF IC ZR YO BY HP AM OU RG UV ME YG PS FE AE EA BK GX BS SI WY ZU HC MY OZ SB AM ED QG MV RA SG QZ

**Question 7.** For any four of the ciphertexts of Q6 explain how the analysis tool you used to answer Q6 enabled identification of key used to create the ciphertext.

One-time Pad Cipher

**Question 8.** Consider the following letter encodings: letter encoding

A |
E |
I |
N |
O |
S |
U |
W |

111 |
101 |
000 |
110 |
001 |
100 |
010 |
011 |

A message M = SUSAN is Vernam encrypted into ciphertext C = WIOES. Find the corresponding encryption key. Provide details of your cryptanalysis.

**Question 9.** Consider the following two ciphertexts C1 = UNSI and C2 = EAUW that are obtained by Vernam encrypting messages M1 and M2, under the same encryption key which is different from the key obtained in Q8. The plaintext letter encodings are the same as Q8. The encrypted messages are two names. Let us denote with mi,k the kth letter in message Mi. The following is known about messages (names): m1,1 = I and m2,4 = E. Using this information, try to recover messages M1 and M2, as well as the encryption key. Provide details of your cryptanalysis. What does this tell you about the use of keys in the one-time cipher?

**Question 10**. Give the major conclusions that you draw from this laboratory.

**PART B:**

**Using DES with CrypTool**

In Cryptool open a new file, type a plaintext message (of more than 32 characters) and save the file. Next click from the menu Crypt/Decrypt > Symmetric (modern) > DES (ECB). This presents a key entry window. The key entry must be 64 bits long (but only 56 bits will be used in the actual key), which equates to 16 hexadecimal figures. Enter a key of your choice that you can remember. Select Encrypt and there should be presented a window showing the data encrypted in hexadecimal form and its corresponding ASCII representation. Save and then close the window displaying the original message. To decrypt the ciphertext select Crypt/Decrypt > Symmetric (modern) > DES (ECB), enter the key used to encrypt the file in the key selection window displayed and select Decrypt.

**Question 1.** Provide screenshots of the message and the ciphertext. Provide a screenshot of the window showing the decrypted ciphertext. Give the key you used.

Encrypt the same plaintext message using the same process and the same key as above only selecting Crypt/Decrypt > Symmetric (modern) > DES (CBC) instead.

**Question 2.** Provide a screenshot of the resulting ciphertext. Compare the ciphertext with that obtained using DES (ECB), and report what you notice.

**Comparison of ECB and CBC**

Now create a new plaintext file, choose an 8 letter word (or string of 8 characters) and type it in, now copy and paste this word until there are 24 repetitions of it and save the file. Encrypt this with the ECB variant of the DES cipher

**Question 3.** Provide a screenshot of the ciphertext and report what you notice about it.

Close the window showing the ciphertext of Q3. and then encrypt the plaintext file with the CBC variant of the DES cipher.

**Question 4**. Provide a screenshot of the ciphertext obtained using the CBC variant of DES, compare it with that of Q3. and report what you notice. What do you think the significance of what you notice is?

Select Indiv. Procedures > Visualization of Algorithms > DES and watch through the whole of the demonstration of DES provided. This should help to reinforce your understanding of this cipher.

**Question 5.** What impression do you get of the nature of the DES encryption process from the demonstration?

**AES demonstration**

Select Indiv. Procedures > Visualization of Algorithms > AES > Rijndael Animation and watch through the whole of the demonstration of AES provided. This should help to reinforce your understanding of this cipher.

**Question 6.** What main differences do you notice between the AES encryption process and the DES encryption process from the demonstration?

**Question 7.** Compare the total size of the S boxes of DES with that of the S box of AES.

**Analysis of modern symmetric key ciphers**

**Question 8.** Encrypt a plaintext message of at least 32 characters with DES (ECB), DES (CBC), and AES. For each ciphertext use the corresponding analysis tool provided in Cryptool to attempt to decrypt the ciphertext. In each case give the time it will take to do the decryption (provided by the analysis tool). Compare the three values and explain their relative magnitudes.

**Diffie-Hellman Key exchange demonstration**

**Question 9.** In cryptool select

Indiv. Procedures>Protocols>Diffie-Hellman key demonstration

Work through the Diffie-Hellman demonstration starting by clicking on the box Set public parameters and then generate a prime number with a bit length of 128 bits. At each set in the demonstration that follows give the parameters you obtain and explain how these parameters are determined.

Man-in-the-middle attack against Diffie-Hellman

**Question 10**. Let YA = gXA mod p, and YB = gXB mod p be Diffie-Hellman exchanged values of Alice and Bob, respectively. Secret values XA and XB and remain known only to their respective owners Alice and Bob. Suppose that the Attacker wants to establish a single Diffie-Hellman key, KABM = gXAXBXM mod p, that the Attacker, Alice and Bob all share. XM is a secret value known only to the attacker. How does the attacker accomplish this? Explain your answer.

"Cut-and-Paste" attack on ECB and CBC modes Q11. Consider the following message M: M=Ann`s_salary_is_£84000_-Sue`s_salary_is_£14000.

Break the message (plaintext) up into 64 bit long plaintext segments (M1 M2 ... Mk) .

Note that each letter in the message is an 8 bit ASCII character. Each "space" (_) counts as a single ASCII character.

Use ? to denote blank characters. For example, the first 64 bit plaintext segment is

M1 = Ann`s_sa

**Question 12**. Using CrypTool, encrypt the above message with DES in the ECB mode using keyK = 01 12 23 34 45 56 67 78Write down resulting 64 bit ciphertext blocks C1 C2 ... Ck.

**Question 13.** Exchange ciphertext blocks C1 and C4 in the above sequence ofciphertext blocks to obtain the following sequence of ciphertext blocks C4 C2 C3 C1 C5...CkDecrypt the resulting ciphertext using the key from step 2. What message do you obtain? Please explain.

**Question 14**. Repeat steps 2-3 but now use DES in the CBC mode. Contrast the decrypted text with the one obtained when the ECB mode is used. Explain your observations.

**Question 15**. Your task is to cause a controlled change in the decrypted message by modifying an appropriate CBC ciphertext block.

Use CrypTool and encrypt message M=Don`s_salary_is_£32000--Joe`s_salary_is_£96000. with DES in the CBC mode. Choose the encryption key at will.

In the resulting ciphertext sequence modify an appropriate ciphertext block so that it causes the following change in the decrypted message: £32000 to £96000.

Provide details of your actions. (Hint: Use CrypTool to accomplish this task.) Do all ciphertext blocks decrypt correctly after this modification? Explain your answer.

**Question 16.** Does the CBC (and/or ECB) mode of encryption ensure data integrity? Please explain using experience gained from the present and the previous task.

**SHA-1**

Create a new document in CrypTool by clicking on the icon "New". Write some text in the new document (of at least 32 characters) and save it. Next click from the menu Indiv. Procedures > Hash > Hash Demonstration to open the Hash demonstration window. Select the hash function SHA-1

**Question 17.** Modify the text of your new document that appears in Modified document window and observe what happens to the hash value of the modified document. Explain your observation.

Save startingexample-en under a different name. Modify the renamed file and save the resulting document under a different name. Use CrypTool to find a collision in the first (most significant) 32 bits of a hash value produced by SHA-1 of renamed copy of startingexample-en and the first 32 bits of the hash value of the modified version of it. In main menu click Analysis > Hash > Attack on the Hash Value of the Digital Signature and click on Options and set the necessary parameters and apply them.

**Question 18.** Provide the messages which collide in the first 32 bits. Explain why the attack strategy is not a problem in practice. Does the attack strategy differ from that of a birthday attack and if so how?

**RSA demonstration**

Demonstration material for the RSA cipher may be accessed through Indiv. Procedures > RSA Cryptosystem > RSA Demonstration or Crypt/Decrypt > Asymmetric > RSA Demonstration. This presents a window with a series of options.

Make sure that the radius option of using p and q is selected, not the N and e option.

To run the demonstration you need to enter some prime numbers for p and q. As thinking of large prime numbers can be a daunting task, CrypTool has included a prime number generator which can be accessed by clicking the button Generate prime numbers. Here make sure the option for independent values is selected.

The algorithm used does not really matter as they all produce prime numbers. For both p and q for the lower limit value use 500 and for the upper limit value 1000. It is worth noting here that these limits may also be entered in the form of binary length, using the notation 2^x where x is the number of binary bits used to represent a number.

Once all that has been completed click Generate prime numbers, and prime numbers will be generated, this may be clicked several times to generate different numbers. Select Apply primes and these will be entered as the values for p and q. The values for N and Ø(N) will be automatically calculated. Now enter a value for e, this should be coprime to Ø(N).

**Question 19.** Give your numbers for p, q, and e.

Select input as text, and enter as the message you wish to be encrypted, a word or phrase (of at least 8 characters), and then select Encrypt.

**Question 20.** Give the message you encrypted and the corresponding ciphertext.

Copy the ciphertext of Q20, select input as numbers, and paste the ciphertext into the white ‘input` box then select Decrypt. You should see your original message decrypted.

**Question 21.** Give a screenshot of the RSA demonstration screen showing your plaintext in the plaintext box for the input as numbers option.

Run the RSA demonstration again encrypting the same message as before but this time generating prime numbers using lower and upper limits for p and q of 10,000 and 100,000, respectively.

**Question 22.** Give the ciphertext you obtain. What do you notice about the segment size of this ciphertext compared to that of Q20? Explain what you notice.

**Question 23.** How secure is the RSA modulus

N = 4960345275737677027 ? Justify your answer.

Public Key Infrastructure

Select Digital Signatures/PKI > PKI > Generate/Import Keys. This is where you can create a pair of asymmetric keys, one public and one private, using user details to do so. The user details are used in the creation of a Digital Certificate which associates the key pair to you. Three ciphers are available RSA, DSA and elliptic curve. Use RSA and select a bit size of 2048 bits. Enter the user details requested on the right. Once all this has been done select Generate new key pair (at this point you may be required to move the mouse so as the system has some data to generate a random input). To view the public key you have generated and the corresponding digital certificate select Digital Signatures/PKI > PKI > Key Display/Export Keys.

**Question 24.** Give the public key you have generated. Describe the information given in the Digital Certificate

Now that an asymmetric key pair is available you may encrypt/ decrypt data using the RSA cipher. Open a text file with CrypTool that contains at least 1000 words (create a suitable file if you have to). Select Encrypt/Decrypt > Asymmetric > RSA Encryption. Check the box Display the Encryption Time. Select the line identifying your newly created key and then press Encrypt. The encrypted form of the text should appear.

**Question 25**. Give the time it took to encrypt your file.

Now decrypt the encrypted file. To do this select Encrypt/Decrypt > Asymmetric > RSA Decryption

**Question 26.** Give the time it took to decrypt your file. How does the decryption time compare with the encryption time? What extra thing did you need to do to decrypt that you did not need to do to encrypt?

Note that to remove the hexadecimal representation from the view of the decrypted file and display the message in a more readable way, select View

> Show as Text, and should you wish to revert to the hexadecimal view select View > Show as HexDump.

**Hybrid encryption**

This uses both symmetric and asymmetric ciphers. Select Encrypt/Decrypt

> Hybrid > RSA-AES Encryption Then a GUI will be presented. This display demonstrates the processes of hybrid encryption in an easy to understand way.

Click on the Generate session key button, you may be asked again to move the cursor for random input. Once successfully completed this button should turn green and the session key will have been generated. Click on the Select asymmetric key button and choose the key you made during the RSA encryption exercise. Now click on the Open document button and open a text file of your choice, to view the text of your document click on the Document button. Click on the remaining two red boxes, and then on Save. You should now see your data encrypted with the hybrid cipher.

**Question 27**. Provide a screenshot of the encrypted document.

To decrypt the encrypted document select Encrypt/Decrypt > Hybrid > RSA-AES Decryption. Read the instructions shown and select Continue, then select the asymmetric key pair used in encrypting the document and enter the PIN number used to open it. Read the dialogue shown and press continue. Selecting Continue once more, you can see the AES session key used to encrypt the document, and then press Decrypt.

**Question 28**. Describe the information shown in the dialogue boxes that appears when you carry out the above steps. Explain why hybrid encryption is widely used.

Conclusions

**Question 29**. Give the major conclusions that you draw from this exercise.