Transcript Document

Network Security: Lab#1
J. H. Wang
Apr. 14, 2011
Objectives
• To learn to use one of the symmetric block
cipher standards
– DES
– 3DES
– AES
• To learn to use random number generators
• To learn to use stream cipher methods
– RC4
Libraries Used in this Lab
• OpenSSL: an open source implementation
of SSL and TLS protocols
– Widely used on various platforms
• UNIX-like: Linux, Solaris, Mac OS X, BSD
• Windows
– Symmetric encryption algorithms supported
• DES, 3DES, AES
• RC4
AES
• Applications – archive and compression tools
– RAR: encryption algorithm for RAR3 is AES 128-bit
– WinZip: encryption algorithm AES 128-bit and 256-bit
– 7z: open source archive file format
• Encryption with AES 256-bit
• Libraries
– C: OpenSSL
– C++: Crypto++
7-Zip
• Homepage: http://www.7-zip.org/
• Current version: 9.20 for Windows (open
source)
• Steps
– Install
– Compress
– Decompress
OpenSSL
• Homepage: http://www.openssl.org/
• Current version: 1.0.0d (open source)
– Source:
• Unix/Linux: openssl-1.0.0d.tar.gz
– Binary:
• Win32 OpenSSL :
http://www.slproweb.com/products/Win32OpenSSL.html
– Win32 OpenSSL v1.0.0d
– Visual C++ 2008 Redistributables
• Steps
– Install
– OpenSSL command-line tool
– OpenSSL library
Installing OpenSSL in Linux/UNIX
• Download the tarball: openssl-1.0.0d.tar.gz
• Unpack the package
– gunzip openssl-1.0.0d.tar.gz
• Extracting files from the archive
– tar xvf openssl-1.0.0d.tar
• Install the package
–
–
–
–
–
cd openssl-1.0.0d
./config
make
make test
make install
Experiment Scenario
• Prepare a file for testing, say “original.txt”
• Also, prepare a key (for encryption and
decryption) on your own
• After encryption, we get an encrypted file
“enc.txt”
• Decrypting the encrypted file will give us
another file “dec.txt”
• Finally, we check if “original.txt” is the
same as “dec.txt”
OpenSSL Command-Line Tools
• OpenSSL command-line tool
– DES:
• Encryption: openssl des -in <file1> -out <file2>
• Decryption: openssl des -d -in <file1> -out <file2>
– 3DES:
• Encryption: openssl des3 -in <file1> -out <file2>
• Decryption: openssl des3 -d -in <file1> -out <file2>
– AES:
• Encryption: openssl aes-128-cbc -in <file1> -out <file2>
• Decryption: openssl aes-128-cbc -d -in <file1> -out <file2>
OpenSSL Command-Line Tools
• Alternative commands
– DES:
• Encryption: openssl enc -des -in <file1> -out <file2>
• Decryption: openssl enc -des -d -in <file1> -out <file2>
– 3DES: 2-, 3-key
• Encryption: openssl enc -des3 -in <file1> -out <file2>
• Decryption: openssl enc -des3 -d -in <file1> -out <file2>
– AES: 128-, 192-, 256-bit
• Encryption: openssl enc -aes-128-cbc -in <file1> -out <file2>
• Decryption: openssl enc -aes-128-cbc -d -in <file1> -out
<file2>
OpenSSL Libraries for symmetric
encryption
• OpenSSL crypto library
– DES, 3DES:
• #include <openssl/des.h>
• Set the parity of key to odd: DES_set_odd_parity()
• Generation of DES_key_schedule from a key and
check if it’s a weak key: DES_set_key_checked()
• Encryption/decryption:
– DES_ncbc_encrypt()
– DES_ede2_cbc_encrypt()
– DES_ede3_cbc_encrypt()
OpenSSL Documents
• http://www.openssl.org/docs/
• Manual pages
– openssl(1)
– crypto(3)
• HOWTO docs
– Under doc/HOWTO/ in OpenSSL distribution
• keys.txt
Random Number Generator
• Application
– OpenSSL command-line tool
• openssl rand <num>
• In C:
– #include <stdlib.h>
– srand(): initialize by a seed
– rand(): generate a random number
OpenSSL library for random
numbers
• OpenSSL crypto library
– rand:
• #include <openssl/rand.h>
• RAND_seed() or RAND_add()
• Generate a number of bytes: RAND_bytes()
RC4
• Applications
– WEP
– Remote Desktop Protocol
– PDF
– Skype
OpenSSL command-line tools
• OpenSSL command-line tool
– RC4:
• Encryption: openssl rc4 -in <file1> -out <file2>
• Decryption: openssl rc4 -d -in <file1> -out <file2>
– Or
• Encryption: openssl enc -rc4 -in <file1> -out <file2>
• Decryption: openssl enc -rc4 -d -in <file1> -out
<file2>
OpenSSL Libraries for stream
cipher
• OpenSSL crypto library
– RC4:
• #include <openssl/rc4.h>
• Key setup phase: RC4_set_key()
• Encryption/decryption phase: RC4()
OpenSSL Libraries for
cryptographic functions
• OpenSSL crypto library
– EVP: high-level interface to cryptographic functions
• #include <openssl/evp.h>
• EVP_CIPHER_CTX_init(): to initialize cipher context
• EVP_CipherInit(): to set up cipher context for encryption or
decryption
• EVP_CipherUpdate(): to encrypt or decrypt successive
blocks of data
• EVP_CipherFinal(): to finish the encryption or decryption
• EVP_CIPHER_CTX_cleanup: to cleaup cipher context
Summary
• Encrypting a file
• Decrypting a file
• Generating a random number