Introduction to Information Security

SOLUTION AT Australian Expert Writers

GT​ CS 6035: Introduction to Information SecurityProject ​3​ :All Things CryptographySpring 2021The goals of this project :Students will advance their knowledge of cryptography and hashing by working through exampleexercises and then trying to exploit vulnerable systems.Preface :Before starting, make SURE you are using Python ​VERSION3.7.x OR LOWER​. ​Version 3.8 includes some functionality thatmay not be compatible with the autograder environment whichruns Python Version 3.6.9. To check your version of Python,open a command prompt and run the command:python –versionFor the established algorithms that you may need to use, you areallowed to reference and implement pseudocode with ​PROPERCITATION​.What is Pseudocode? ​ NO CIRCUMSTANCES ​should you copy/paste code intothe project. Doing so is an honor code violation (not to mention areal world security concern) and will result in a zero.1GT​ CS 6035: Introduction to Information SecurityIntro :RSA is one of the most widely-used public key cryptosystems in the world. It’s composed of threealgorithms: key generation (Gen), encryption (Enc), and decryption (Dec). In RSA, the public key isa pair of integers (e, N) , and the private key is an integer d .The key pair is generated by the following steps:1. Choose two distinct big prime numbers with the same bit size, say p and q .2. Let N = p ∗ q , and φ(N) = (p – 1) ∗ (q – 1) .3. Pick up an integer e , such that 1 < e < φ(N) and gcd(e, φ(N)) = 1 .4. Get the modular inverse of e : d ≡ e-1 mod φ(N) (i.e., d ∗ e ≡ 1 mod φ(N)) .5. Return (N, e) as public key, and d as private key.Enc -​ To encrypt integer m with public key (N, e) , the cipher integer c ≡ m e mod N .Dec​ – To decrypt cipher integer c with private key d, the plain integer m ≡ c d mod N .Task 1 – Warm-up, Get Familiar with RSA – (​5​ points)The goal of this task is to get you familiar with RSA. You are given an RSA key pair (N, e) and d ,and a unique encrypted message c . You are required to get the decrypted message m .TODO:​ In the provided ​​ file, implement the stub method ​task_1​. ​Hint:​ Don’toverthink it, this can be done with a single Python command…2def​ ​task​_​1​(self, n_str: str, d_str: str, c_str: str) -> str:# TODO: Implement this method for Task 1n = int(n_str, 16)d = int(d_str, 16)c = int(c_str, 16)m = ​0​return​ hex(m).rstrip(​’L’​)GT​ CS 6035: Introduction to Information SecurityTask 2 – Warm-up, Get Familiar with Hashes (​7​ points)By now we’ve learned that hashes are one-way functions. Because of this unique feature,passwords are often stored as hashes in order to protect them from prying eyes. Even if a hackerinfiltrated our state-of-the-art Georgia Tech security systems, he or she would not be able to derivethe plaintext passwords from the hashes. But what if we made the critical mistake of using acommon password? ​How safe would we be?Let’s find out…You are given a list of some of the most commonly-used passwords on the Internet. You are alsogiven the ​SHA256​ hash of a password randomly selected from this list. Your job is to discover theplaintext password behind the hash.The complete list of common passwords is pre-loaded for you in ​​.TODO:​ In the provided ​​ file, implement the stub method ​task_2​.ReflectionIn a maximum of 200 words, address the following prompt:● Knowing that a lot of people like to use these common passwords, make one suggestionfor how you could implement improved password security.3def​ ​task​_​2​(self, password_hash: str) -> str:# TODO: Implement this method for Task 2password = common_password_list[0]# This is how you get the SHA-256 hash:hashed_password = hashlib.sha256(password.encode()).hexdigest()return​ passwordGT​ CS 6035: Introduction to Information SecurityTask 3 – Kernelcoin Part 1 (​9​ points)Background: A blockchain is a distributed, immutable ledger that derives its security, in part, from achain of cryptographic hash values. For more detail, please read Section II of Hassan et al.,Blockchain and the Future of the Internet: A Comprehensive Review, arXiv:1904.00733v1 (23 Feb.2019), available online at: ​​.Today is your lucky day! You’ve discovered a brand new cryptocurrency called Kernelcoin (symbol:RTI). There are rumors that Costco will soon announce Kernelcoin as the preferred paymentmethod in its warehouse stores. This news is sure to send the price of Kernelcoin to the moon, andKernelcoin holders to the nearest Lamborghini dealership.You plan to start mining Kernelcoin so that you can earn even more. In order to do so, you need tocreate a valid block to append to the previous block. A valid block contains the lowest nonce valuethat, when concatenated with the transaction string, and the hash of the previous block (in thatorder, i.e. nonce + transaction string + previous block hash), will produce a SHA256 hash with twoleading zeros (the proof-of-work for this particular blockchain). Transaction strings have the syntax“UserID1:UserID2:X”, indicating that UserID1has transferred X Kernelcoin to UserID2. You are givenall of these values, and your goal is to find the lowest possible nonce value for the resulting block.TODO:​ In the provided ​​ file, implement the method ​task_3​.ReflectionIn a maximum of 200 words, address the following prompt:The kernelcoin blockchain uses a proof-of-work scheme as a consensus mechanism (i.e., finding ahash with a certain number of leading zeros).● Name and briefly explain an alternative consensus mechanism.● List its strengths and weaknesses compared to proof-of-work.4def​ ​task​_​3​(self, user_id_1: str, user_id_2: str, amount: int, prev_block_hash:str) -> int:# TODO: Implement this method for Task 3nonce = 0​return​ nonceGT​ CS 6035: Introduction to Information SecurityTask 4 – Kernelcoin Part 2 (​9​ points)Sure enough, once /r/WallStreetBets found out about Kernelcoin the price rose to nosebleed levels.The Kernelcoin that you mined is now worth a fortune! Feeling generous, you decide to donate asmall portion of your gains to Georgia Tech so that the school can give its TAs a much-deservedraise. As you prepare to send the transaction, you start to wonder how Kernelcoin verifies thattransactions are valid…After doing some research you find that a Kernelcoin transaction is hashed and encrypted withyour private key to create a digital signature. This signature is broadcast to the network along withthe original transaction string. If the signature checks out, then the transaction is a candidate forinclusion in the next block.TODO:​ In the provided ​​ file, finish the code for signing a Kernelcoin transaction inthe method ​task_4​. (You may find the code that you wrote in Task 1 helpful for this.)ReflectionIn a maximum of 200 words, address the following prompt:Imagine that you are coding a function that accepts a Kernelcoin transaction string and a digitalsignature. The public address of the signer is also passed to the function. The purpose of thefunction is to verify the validity of the transaction (i.e. it returns a boolean value).● Explain the high-level steps necessary to implement this function. No code is required. Youshould use your own words.5def​ ​task​_​4​(self, from_user_id: str, to_user_id: str, amount: int, d: int, e: int,n: int) -> int:# TODO: Implement this method for Task 4​return​ signatureGT​ CS 6035: Introduction to Information SecurityTask 5 – Attack A Small Key Space (​15​ points)The algorithm you search for is dirt simple which makes it hard for attackers to traverse the entirekey space with limited resources. Now, you’re given a unique RSA public key with a relatively smallkey size (​64 bits​).Your goal is to get the private key.TODO:​ In the provided ​​ file, implement the method ​get_factors​. n is the givenpublic key, and your goal is to get its factors.TODO:​ In the provided ​​ file, implement the methodget_private_key_from_p_q_e​ to get the private key.ReflectionIn a maximum of 500 words, address the following prompts:Explain in your own words how you were able to get the private key.● What were the steps you followed?● What was the underlying mathematical principle?6def​ ​get​_​factors​(self, n: int):# TODO: Implement this method for Task 5, Step 1p = ​0q = ​0​return​ p, qdef​ ​get_private_key_from_p_q_e​(self, p: int, q: int, e: int):# TODO: Implement this method for Task 5, Step 2d = ​0​return​ dGT​ CS 6035: Introduction to Information SecurityTask 6 – Where’s Waldo (​25​ Points)Read the paper “Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices”,which can be found at: ​​. ​You will not be able tounderstand the purpose of this task nor write about it properly in your essay unless you read theentire paper​. Do not skip it, do not skim it, read the whole of it.You are given a unique RSA public key, but the RNG (random number generator) used in the keygeneration suffers from a vulnerability described in the paper above. In addition, you are given a listof public keys that were generated by the same RNG on the same system. Your goal is to get theunique private key from your given public key using only the provided information.TODO:​ In the provided ​​ file, implement the method ​task_6​. (More informationabout Waldo, and why everyone keeps looking for him can be found here:​. Knowledge of “Where’s Waldo?” isn’t strictlynecessary to solve this task, but it might give you a nudge in the right direction…)ReflectionIn a maximum of 500 words, address the following prompts:● Why is the public key used in this task vulnerable? Explain this in your own words. Pleasetalk about the potential problems with the key generation and the associated mathematicalprinciples in your answer.● What steps did you take to derive the private key result in this task. Please discuss theunderlying mathematical principles at a high level and explain how you arrived at youranswer.7def​ ​task​_​6​(self,given_public_key_n: int,given_public_key_e: int,public_key_list: list) -> int:# TODO: Implement this method for Task 6d = 0​return​ dGT​ CS 6035: Introduction to Information SecurityTask 7 – Broadcast RSA Attack (​30​ Points)A message was encrypted with three different 1,024-bit RSA public keys, resulting in three differentencrypted messages. All of them have the public exponent e = 3 .You are given the three pairs of public keys and associated encrypted messages. Your job is torecover the original message.TODO:​ In the provided ​​ file, implement the method ​task_7​.ReflectionIn a maximum of 500 words, address the following prompts:● How does the broadcast RSA attack work?● What causes the vulnerability?● Explain this in your own words and explain at a high level the mathematical principlesbehind it.● Explain how you recovered the message, ensuring that you give thorough detail on ​all​ ofyour steps.8def​ ​task_7​(self,n_1_str: str, c_1_str: str,n_2_str: str, c_2_str: str,n_3_str: str, c_3_str: str) -> str:n_1 = int(n_1_str, 16)c_1 = int(c_1_str, 16)n_2 = int(n_2_str, 16)c_2 = int(c_2_str, 16)n_3 = int(n_3_str, 16)c_3 = int(c_3_str, 16)msg = ​”m = ​0# Solve for m, which is an integer value,# the line below will convert it to a stringmsg = bytes.fromhex(hex(m).rstrip(​’​L​’​)[2:]).decode(​’​UTF-8​’​)​return​ msgGT​ CS 6035: Introduction to Information SecurityImportant Notes :The skeleton code in the ​​ file has all of the packages that you will need imported foryou. You are ​NOT​ allowed to import anything else.Your entire submission must run in 10 minutes or less. ​The autograder will not give you anyfeedback if it times out. We encourage you to test locally to avoid unnecessarily usingsubmissions.Your code will run in an autograded environment in Gradescope and give you immediate feedbackand a grade.​ However, you are limited to 10 autograder submissions in Gradescope. After 10submissions, penalties will be assessed as follows:You will be able to keep the score of your highest run.Gradescope can get very busy and even potentially unavailable near submission deadlines. ​Pleasedo not wait until the last minute to make your submissions to the autograder. ​Try to get them inas early as possible. ​Late deductions due to Gradescope being busy for last minute submissionswill not be removed.You are also given a unit test file (​​)​ to help you test your program. Weencourage you to read up on Python unit tests, but in general, the syntax should resemble either:python -m unittest test_project_3or:python test_project_3.pyHowever, keep in mind that passing the unit test does NOT guarantee that your code will pass theautograder!9
10 < # submissions <=20
20 < # submissions <=30
30 < # submissions <=40
40 < # submissions <=50
50 < # submissions <=60
# submissions > 60
GT​ CS 6035: Introduction to Information SecurityThe final deliverables:In total, please submit the following files:1. ​project_3.py2. ​project_3_report.pdf​ ​: An essay with all of your answers to the reflection questions.Your written report ​must​ be submitted in the Joyner Document Format (JDF). A template has beenprovided for you in Microsoft Word format, but you may find further useful resources here:​.Direct quotes from source material may comprise a ​maximum​ of 10% of your essay – you shouldsummarize concepts and put them in your own words (with proper citation of course!).You ​MUST​ provide citations in ​JDF format​ which uses APA style; weblinks alone do NOT count. Referto sections “3.1 In-line citations”, “3.2 Reference lists”, and “4 References”.Plagiarism will not be tolerated!​ For information: ​GT Academic Honor Code​ and the ​Syllabus​.You will need to submit your essay to both Canvas and Gradescope!NOTE: ​If you do not submit to both places, you will receive a 0. This is non-negotiable and will beenforced heavily.Good luck!10

Order from Australian Expert Writers
Best Australian Academic Writers