ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

Similar documents
ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

ECE 646 Fall Lab 1: Pretty Good Privacy Setup

LAB :: PGP (Pretty Good Privacy)

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

Cryptography: Practice JMU Cyber Defense Boot Camp

Due: October 8, 2013: 7.30 PM

FRCC Secure Data Transfer. Users Guide V1.5

FRCC Secure Transfer & Storage Infrastructure. Training for new data transfer process

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Pretty Good Privacy (PGP)

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Lab: Securing with PGP

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Learn PGP. SIPB Cluedump, 19 October Anish Athalye (aathalye), Merry Mou (mmou), Adam Suhl (asuhl) 1 / 22

Mailvelope for Encryption

gpg4o Manual Version 5.0

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Network Encryption Methods

PGP Key Verification. Version 1.1, 08/26/2002. Stephen Gill Published: 08/26/2002

ECE 646 Fall 2008 Multiple-choice test

Pretty Good Privacy (PGP

ECE 646 Lecture 4A. Pretty Good Privacy PGP. Short History of PGP based on the book Crypto by Steven Levy. Required Reading

Pretty Good Privacy PGP. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

ECE 646 Lecture 4. Pretty Good Privacy PGP

INFORMATION SECURITY - PRACTICAL ASSESSMENT - TP3 - CRYPTOGRAPHY AND APPLICATIONS. GRENOBLE INP ENSIMAG

and File Encryption on ios with S/MIME and PGP

ADP Secure Client User Guide

The Research on PGP Private Key Ring Cracking and Its Application

Authentication KAMI VANIEA 1

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

Security Using Digital Signatures & Encryption

Public-Key Infrastructure NETS E2008

Public-key Cryptography: Theory and Practice

CSE 565 Computer Security Fall 2018

HOST Authentication Overview ECE 525

CS 425 / ECE 428 Distributed Systems Fall 2017

Key Management and Distribution

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Security and Privacy

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

PGP(R) Desktop Version 10.1 for Mac OS X Release Notes

Using Cryptography CMSC 414. October 16, 2017

Key management. Pretty Good Privacy

NetPGP BSD-licensed Privacy. Alistair Crooks c

Security in ECE Systems

WPA-GPG: Wireless authentication using GPG Key

Cryptographic proof of custody for incentivized file-sharing

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

4:40pm - 6:10pm (90 min)

CYBER SECURITY MADE SIMPLE

Oracle Communications Network Charging and Control. Voucher Print Shop Operations Guide Release 6.0.1

Authentication Part IV NOTE: Part IV includes all of Part III!

Public Key Infrastructures

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

You ve Got. Advanced . Location: Technology Room, Central Library Visit Schenectady County Public Library at

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Certificate-based authentication for data security

ECEN 5022 Cryptography

An Introduction to How PGP Works


Computer Security Spring 2010 Paxson/Wagner HW 4. Due Thursday April 15, 5:00pm

Internet Architecture

But where'd that extra "s" come from, and what does it mean?

Regulatory Reporting Hub SFTP Connection How to connect via SFTP & upload Files

Security and Anonymity

Authentication & Authorization

Lesson 13 Securing Web Services (WS-Security, SAML)

PKI Contacts PKI for Fraunhofer Contacts

Password. authentication through passwords

CS61A Lecture #39: Cryptography

APPLICATION LAYER APPLICATION LAYER : DNS, HTTP, , SMTP, Telnet, FTP, Security-PGP-SSH.

Send documentation comments to

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

HY-457 Information Systems Security

Configuring Certificate Authorities and Digital Certificates

BEST PRACTICES FOR PERSONAL Security

CPSC 467b: Cryptography and Computer Security

14. Internet Security (J. Kurose)

Computer Security module

The Network Security Model. What can an adversary do? Who might Bob and Alice be? Computer Networks 12/2/2009. CSC 257/457 - Fall

Overview of Authentication Systems

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

How to Configure S/MIME for WorxMail

Security Handshake Pitfalls

CT30A8800 Secured communications

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Chapter 9: Key Management

CS 161 Computer Security

Cryptography and Network Security

2. GETTING STARTED SECURE FILE TRANSFER PROTOCOL (SFTP) PROCEDURES A. Secure File Transfer Protocol (SFTP) Procedures

(Photos and Instructions Based on Microsoft Outlook 2007, Gmail, Yahoo! Mail, and Hotmail)

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

S/MIME Security Services

S/MIME Security Services

Adobe Acrobat DC Forms

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Poulsen, Kevin Wednesday, November 07, :54 PM Singel, Ryan FW: [hush.com # ] Journalist's query

Sharing your own BGSU Exchange calendar in Outlook 2007

Introduction to Cryptography. Ramki Thurimella

Transcription:

ECE646 Fall 2012 Lab 1: Pretty Good Privacy Instruction PLEASE READ THE FOLLOWING INSTRUCTIONS CAREFULLY: 1. You are expected to address all questions listed in this document in your final report. 2. All e-mails exchanged with other students as a part of this lab should be sent with CC: to gmuece646@gmail.com. 3. A LAB REPORT must be submitted using MyMason by Tuesday, October 9 th, 11:59 PM. In order to perform this lab, you are expected to have an understanding of LECTURES 1-4, Stallings, 5th ed., Chapter 18.1 Pretty Good Privacy (PGP), and Appendix 18 A Radix-64 Conversion. You can also use: The Gpg4win Compendium, English version, Version 3.0.0-beta1 from 31. August 2010, which should have been copied to your computer during the GPG installation. (You can also find it at http://www.gpg4win.org/doc/en/gpg4win-compendium.html ).

1. KEY DISTRIBUTION: DIRECT TRUST GROUP Export your public key to an ASCII file. Send your own public key to all members of your DIRECT TRUST GROUP by email. Please remember to CC: your communication to gmuece646@gmail.com Import public keys of your DIRECT TRUST GROUP members to your public key ring. Verify the public keys fingerprints of imported keys against the fingerprints listed on the cards, you received from your classmates. If this verification is successful, sign the keys of your DIRECT TRUST GROUP. Hint: You can use GPA: Keys => Sign Keys, or Kleopatra: Certificates => Certify Certificates (Certify for everyone to see). Set the trust you have in the owner of each public key you received, when this owner serves as an introducer of other users Hint: You can use GPA: Keys => Set Owner Trust, or Kleopatra: Certificates => Change Owner Trust If you are impatient and do not want to wait for responses from other students, you can start from exchanging public keys with your virtual friend Adele <adele@gnupp.de>. Adele will respond to your messages automatically, and she will send you her public key. You may afterwards exchange also signed and encrypted messages with her. Please be aware that Adele is German, so if you do not speak German, you may need to use Google Translate to understand some messages sent by her. 1. Which keys are protected by a passphrase and why? 2. How can you transfer your public keys to another user (list multiple ways, beyond those used in this lab) 3. How does the receiver know that a public key you sent really belongs to you? 4. Draw a hierarchal diagram showing your public key ring web of trust (including Adele if you exchanged public keys between each other) 2. KEY DISTRIBUTION: INTRODUCING NEW USERS Introduce two new users to each member of your DIRECT TRUST GROUP. For each pair of the new users, one of them should be a true member of your DIRECT TRUST GROUP, and the other should be a fake user, you created during the LAB SETUP (i.e., a user with a different name than yours, but with an e-mail account you fully control). Your introductions should include a short cover letter and a public key of the introduced user signed by you. Import all received public keys to your public key ring, unless you know for sure that they are fake (e.g., because a user introduced to you is already a member of your DIRECT TRUST GROUP). In this case, inform the sender immediately that you rejected his/her introduction. 5. List all fake (e-mail ID, key ID) pairs you created. 6. List two users introduced to each member of your DIRECT TRUST GROUP, and mark which one is true, and which one is fake.

7. Draw a hierarchical diagram showing your entire public-key-ring web-of-trust (keep updating this diagram as you are introduced to the new users). 3. SIGNATURE GENERATION Using an ASCII text editor, prepare a relatively small text file with a message revealing some information about you, which other students may not be aware of. Prepare similar files with messages pretended to be written by 2-3 students you are trying to impersonate. Sign all messages using respective private keys, and send them to the users who are in possession of the corresponding public keys. Please note that one of such users is your virtual friend Adele. Please note that you can use at least the following two methods to sign a file: Kleopatra: File => Sign/Encrypt Files (Sign, Sign with Open PGP), or Windows Explorer: choose a file, right click with your mouse, and choose More GpgEX Options (Sign). In each case, you can also choose whether your output will be stored in a binary file, or in an ASCII file composed of only visible characters (Option: Text Output (ASCII Armor)). Please try both values of this option to see the difference. Investigate all output files, looking at their contents and the length. Send the obtained files (all and only files which are required to verify the signature) to the intended recipients. 8. What transformations are performed during signing (with and without ASCII Armor set)? 9. Which algorithms are used during each of these transformations? 10. What keys are required to perform these transformations? 11. Where are these keys stored? Which of these keys are protected using a passphrase? What are the pros and cons of using passphrases. 12. Determine, compare, and explain the sizes of signatures for each message. 4. SIGNATURE VERIFICATION Verify all signatures generated by yourself, using your public key. Change a single character in each message, and do the verification again. Verify the signatures associated with messages you have received from other students. Decide whether these messages are authentic based on the factors such as: a) your trust in the public key of the sender b) your trust in a person who introduced a public key of the sender to you c) text of the message. 13. Describe and explain the behavior of the program during verification of correct and modified messages. 14. What transformations, algorithms, and keys are used during the signature verification?

15. Document your conclusions regarding the authenticity of the signed messages you received. 5. ENCRYPTION Using an ASCII text editor please prepare a few secret messages to be sent to users whose public keys are located in your public key ring. You can also encrypt larger binary files such as photos and PDF files. Encrypt these files, using the respective receiver s public keys, and then separately, for testing purposes only, using your public key. Send the obtained files to the intended recipients, using your true e-mail account, as well as fake accounts of other students, which you control. Investigate the encrypted files, looking at their contents and length. 16. How would you explain the relations between the length of the file before and after the encryption for each set of options? 17. What transformations are performed during encryption (with and without ASCII Armor set)? 18. What keys are required to perform these transformations? Where are these keys stored? Which of these keys are protected using a passphrase? 19. Can you change the order of these transformations without affecting the program functionality or security? 20. Which algorithms are used during each of these transformations? What are the key sizes used in each of these algorithms? Can you change these key sizes? If so, how? 21. When you send an encrypted file to a recipient what kind of security service(s) are you using? 6. DECRYPTION Try to decrypt all files you have either encrypted by yourself or received from other students. 22. How can the receiver decrypt the file without having to agree with the sender in advance on using the same set of options and algorithms? 23. Can you be sure of the authenticity of the message sender? If not, how could you possibly change the encryption options to guarantee message authentication? 24. Can you be sure of the integrity of the message? If not, how could you possibly change the encryption options to guarantee message integrity? 25. What happens if you change a single byte in the encrypted file before the decryption? How reliable is the message integrity protection you observe?

7. REVEALING FAKE USERS (this step should be performed only on Monday or Tuesday, October 8-9) Make an educated guess regarding the authenticity of all messages you have received as a part of this lab so far. Communicate this guess to all users you have received messages from. Respond to these guesses, revealing your true identity. 26. Were any of your attempts to cheat successful? If no, why? If yes, what was the major weakness of the key distribution procedure used in this exercise that has made your attack successful? 27. Were you able to identify any fake messages by yourself? If yes, how? If no, why? 28. On the hierarchical diagram showing your web-of-trust, label each key as either legitimate or fake. If a key is fake, write the name of a real owner next to it. 8. OpenPGP CERTIFICATE SERVER Investigate the use of Kleopatra options Export Certificate to Server, and Lookup Certificate on Server. 29. Would the use of OpenPGP Certificate Server prevent any weaknesses of the key distribution scheme used in this lab. If yes, how? If no, why? 9. PGP & E-MAIL PROGRAMS (BONUS) GnuPG can be integrated into some popular e-mail programs, such as Outlook. 30. Describe all steps necessary to plug-in GnuPG into a selected e-mail program. 31. Using this integrated environment, send a signed message to gmuece646@gmail.com, the message should contain at least, your name, email address and public key fingerprint in HEX. Include your e-mail in the final report.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback