Cryptography

Lab 2: Secret Key Encryption Lab

Lab 2 Secret Key Encryption Lab

In this lab, students will understand
• The concepts in the secret-key encryption and some common attacks on encryption.
• Learn encryption algorithms, encryption modes, paddings, and initial vector (IV)
This lab particularly exposes students to some of the mistakes done by developer in using
encryption algorithm, and to launch attacks to exploit those vulnerabilities.

Table of Contents
Overview......................................................................................................................................2
Task 1: Installing OpenSSL package..............................................................................................2
Task 2: OpenSSL for encryption and decryption of images and text..............................................2
Task 2a: Encryption using different ciphers and modes..........................................................................2
Task 2b: Encryption Mode ECB vs CBC...................................................................................................3
Task 2c: Padding...................................................................................................................................4
Task 2d: Error propagation – corrupted Ciphertext................................................................................5
Task 2e: Initialization Vector.................................................................................................................6
Task 3: Programming Using the crypto Library.............................................................................6
Submission...................................................................................................................................8

1
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

Overview

The learning objective of this lab is for students to get familiar with the concepts in the
secret-key encryption and some common attacks on encryption. From this lab, students will
gain a first-hand experience on encryption algorithms, encryption modes, paddings, and
initial vector (IV). Moreover, students will be able to use tools and write programs to
encrypt/decrypt messages. Many common mistakes have been made by developers in using
the encryption algorithms and modes. These mistakes weaken the strength of the
encryption, and eventually lead to vulnerabilities. This lab exposes students to some of
these mistakes, and ask students to launch attacks to exploit those vulnerabilities.
This lab covers the following topics:

• Installation of OpenSSL package

• Secret-key encryption
• Encryption modes, IV, and paddings
• Common mistakes in using encryption algorithms
• Programming using the crypto libraryLab environment:
This lab has been tested on our pre-built Ubuntu 16.04 VM, which can be downloaded from the
SEED website. https://seedsecuritylabs.org/lab_env.html. Download the June 2019 version of
ubuntu 16.04

Lab Tasks
Task 1: Installing OpenSSL package
Step 1: install OpenSSL using following commands
sudo apt-get install openssl
or
sudo yum install openssl

Task 2: OpenSSL for encryption and decryption of images and text

Task 2a: Encryption using different ciphers and modes.
Step 1: create a plain Text File
The commands used to achieve this are shown below.

Commands:
$touch plain.txt
$gedit plain.txt
$cat plain.txt

2
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

Give your observation with screen shot

Step2: Encrypt the file using different ciphers and modes
The command used to encrypt the file is:
$openssl enc -cipehertype -in infile -out outfile -k key -iv initial_vector

In the command above

Cipehertype: stands for the cipher and mode to be used. Examples are aes-128-cbc, aes-
128-ofb,bf-ecb, rc4
Infile: is the input file which is to be encrypted
Outfile: is the output file which contains the encrypted data
Key is the key used for encryption
Initial_vector: is the initialization vector to be used

Command:
$openssl enc -aes-128-cbc -e -in plain.txt -out cipher1.bin -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0e0f

Execute the above command for different modes

Give your observation with screen shot

Step 3: verify the output

Once the files are encrypted as shown in the previous step, most of data in the file will not
be printable. To observe the contents of the output files, the command line hex viewing tool
“xxd” is used. This allows us to observe the encrypted contents of the file in hexadecimal
format.
Command:
$xxd cipher1.bin
Execute the above command for different modes of ciphertext.

Give your observation with screen shot

Task 2b: Encryption Mode ECB vs CBC

Step1: Download and encrypt the Image file
Download pic_original.bmp from website.
Encrypt the picture using AES in ECB mode and AES in CBC mode
Command:
$ openssl enc -aes-128-ecb -e -in pic_original.bmp -out pic_ecb.bmp -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
$ openssl enc -aes-128-cbc -e -in pic_original.bmp -out pic_cbc.bmp -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f

3
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

Give your observation with screen shot

Step 2:
Once the two encrypted files are generated appropriate headers need to be added so that
image viewing s/w recognise the image

$ head -c 54 pic_original .bmp > header

$ tail -c +55 pic_ecb.bmp > body_ecb
$ cat header body_ecb > new_ecb.bmp
$ tail -c +55 pic_cbc.bmp > body_cbc
$ cat header body_cbc > new_cbc.bmp

Step 3:
View the encrypted images and draw conclusion

$eog filename

Give your observation with screen shot.

Task 2c: Padding

For block ciphers, when the size of the plain text is not the multiple of the block size,
padding may be required. In this task, we will study the padding schemes

Step 1: create 3 files of size 5,10,15 bytes respectively (create text file)

Commands:
$ echo -n “12345”>f1.txt
$ echo -n “1234567890”>f2.txt
$ echo -n “1234567890abcdef”>f3.txt
$ ls – l f*.txt

Give your observation with screen shot.

Step 2:Encrypt the files using cbc mode of operation and Decrypt while disabling padding

$ openssl enc -aes-128-cbc -e -in f1.txt -out f1.bin -k 001122334455667788899aabbccddeeff

-iv 0102030405060708090a0b0c0d0e0f
$ openssl enc -aes-128-cbc -e -in f2.txt -out f2.bin -k 001122334455667788899aabbccddeeff
-iv 0102030405060708090a0b0c0d0e0f

4
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

$ openssl enc -aes-128-cbc -e -in f3.txt -out f3.bin -k 001122334455667788899aabbccddeeff

-iv 0102030405060708090a0b0c0d0e0f
$openssl enc -aes-128-cbc -d -in f1.bin -out p1.txt -nopad -k
001122334455667788899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f
$openssl enc -aes-128-cbc -d -in f2.bin -out p2.txt -nopad -k
001122334455667788899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f

$openssl enc -aes-128-cbc -d -in f3.bin -out p3.txt -nopad -k

001122334455667788899aabbccddeeff -iv 0102030405060708090a0b0c0d0e0f

Give your observation with screen shot.

$ls -l f*bin

Give your observation with screen shot.

Step 3: study the padding

$ xxd p1.txt
$ xxd p2.txt
$ xxd p3.txt

Repeat this task with ecb and other modes for more marks.

Task 2d: Error propagation – corrupted Ciphertext

In this task you will study how a corruption in the value of one bit in the ciphertext affects
the decryption process
Step 1: create a file which is atleast 1000 bytes big using touch and gedit command
Commands:
$ touch plain.txt
$ gedit plain.txt
$ ls -l plain.txt

Give your observation with screen shot.

Step 2: Encrypt the file using AES-128 cipher and manually corrupt one bit

Commands:
$openssl enc -aes-128-ecb -e -in plain.txt -out cipher1.bin -k
00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0e0f

5
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

$ ghex cipher.bin
Use hex editor ghex to change one bit.

Give your observation with screen shot.

Step 3: Decrypt the corrupted ciphertext and view the results

Give your observation with screen shot.

Step 4: Perform the same experiment for other modes of operation.
Give your observation with screen shot.

Task 2e: Initialization Vector

In this task you will see how improper use and selection of IV can lead to degradation of
security in the encryption performed

Task 6.1: Uniqueness of IV

Step 1: encrypt the same plaintext using different IV

Commands:

$openssl enc -aes-128-cbc -e -in plain.txt -out cipher1.bin -k

00112233445566778899aabbccddeeff -iv 0102030405060708090a0b0c0e0f

$openssl enc -aes-128-cbc -e -in plain.txt -out cipher2.bin -k

00112233445566778899aabbccddeeff -iv 102030405060708090a0b0c0d0e0f0

Give your observation with screen shot.

Compare two output files

Commands:
$xxd cipher1.bin
$xxd cipher2.bin

Give your observation with screen shot.

Step 2: Encrypt the same plaintext using same IV

6
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

Give your observation with screen shot.

Task 3: Programming Using the crypto Library
Write a simple program to find a key from a wordlist, given a plaintext, an IV and the
corresponding ciphertext.

7
BNM Institute of Technology Department of CSE
Cryptography
Lab 2: Secret Key Encryption Lab

$gcc secret.c -o secret -lcrypto

$./secret
Give your observation with screen shot.

Submission

You need to submit a detailed lab report to describe what you have done and what you have
observed, including screenshots and code snippets. You also need to provide explanation to the
observations that are interesting or surprising. You are encouraged to pursue further investigation,
beyond what is required by the lab description. Please submit in word or PDF format only.

8
BNM Institute of Technology Department of CSE