200 likes | 337 Views
Network Security: Lab#1. J. H. Wang Apr. 14, 2011. Objectives. To learn to use one of the symmetric block cipher standards DES 3DES AES To learn to use random number generators To learn to use stream cipher methods RC4. Libraries Used in this Lab.
E N D
Network Security: Lab#1 J. H. Wang Apr. 14, 2011
Objectives • To learn to use one of the symmetric block cipher standards • DES • 3DES • AES • To learn to use random number generators • To learn to use stream cipher methods • RC4
Libraries Used in this Lab • OpenSSL: an open source implementation of SSL and TLS protocols • Widely used on various platforms • UNIX-like: Linux, Solaris, Mac OS X, BSD • Windows • Symmetric encryption algorithms supported • DES, 3DES, AES • RC4
AES • Applications – archive and compression tools • RAR: encryption algorithm for RAR3 is AES 128-bit • WinZip: encryption algorithm AES 128-bit and 256-bit • 7z: open source archive file format • Encryption with AES 256-bit • Libraries • C: OpenSSL • C++: Crypto++
7-Zip • Homepage: http://www.7-zip.org/ • Current version: 9.20 for Windows (open source) • Steps • Install • Compress • Decompress
OpenSSL • Homepage: http://www.openssl.org/ • Current version: 1.0.0d (open source) • Source: • Unix/Linux: openssl-1.0.0d.tar.gz • Binary: • Win32 OpenSSL : http://www.slproweb.com/products/Win32OpenSSL.html • Win32 OpenSSL v1.0.0d • Visual C++ 2008 Redistributables • Steps • Install • OpenSSL command-line tool • OpenSSL library
Installing OpenSSL in Linux/UNIX • Download the tarball: openssl-1.0.0d.tar.gz • Unpack the package • gunzip openssl-1.0.0d.tar.gz • Extracting files from the archive • tar xvf openssl-1.0.0d.tar • Install the package • cd openssl-1.0.0d • ./config • make • make test • make install
Experiment Scenario • Prepare a file for testing, say “original.txt” • Also, prepare a key (for encryption and decryption) on your own • After encryption, we get an encrypted file “enc.txt” • Decrypting the encrypted file will give us another file “dec.txt” • Finally, we check if “original.txt” is the same as “dec.txt”
OpenSSL Command-Line Tools • OpenSSL command-line tool • DES: • Encryption: openssl des -in <file1> -out <file2> • Decryption: openssl des -d -in <file1> -out <file2> • 3DES: • Encryption: openssl des3 -in <file1> -out <file2> • Decryption: openssl des3 -d -in <file1> -out <file2> • AES: • Encryption: openssl aes-128-cbc -in <file1> -out <file2> • Decryption: openssl aes-128-cbc -d -in <file1> -out <file2>
OpenSSL Command-Line Tools • Alternative commands • DES: • Encryption: openssl enc -des -in <file1> -out <file2> • Decryption: openssl enc -des -d -in <file1> -out <file2> • 3DES: 2-, 3-key • Encryption: openssl enc -des3 -in <file1> -out <file2> • Decryption: openssl enc -des3 -d -in <file1> -out <file2> • AES: 128-, 192-, 256-bit • Encryption: openssl enc -aes-128-cbc -in <file1> -out <file2> • Decryption: openssl enc -aes-128-cbc -d -in <file1> -out <file2>
OpenSSL Libraries for symmetric encryption • OpenSSL crypto library • DES, 3DES: • #include <openssl/des.h> • Set the parity of key to odd: DES_set_odd_parity() • Generation of DES_key_schedule from a key and check if it’s a weak key: DES_set_key_checked() • Encryption/decryption: • DES_ncbc_encrypt() • DES_ede2_cbc_encrypt() • DES_ede3_cbc_encrypt()
OpenSSL Documents • http://www.openssl.org/docs/ • Manual pages • openssl(1) • crypto(3) • HOWTO docs • Under doc/HOWTO/ in OpenSSL distribution • keys.txt
Random Number Generator • Application • OpenSSL command-line tool • openssl rand <num> • In C: • #include <stdlib.h> • srand(): initialize by a seed • rand(): generate a random number
OpenSSL library for random numbers • OpenSSL crypto library • rand: • #include <openssl/rand.h> • RAND_seed() or RAND_add() • Generate a number of bytes: RAND_bytes()
RC4 • Applications • WEP • Remote Desktop Protocol • PDF • Skype
OpenSSL command-line tools • OpenSSL command-line tool • RC4: • Encryption: openssl rc4 -in <file1> -out <file2> • Decryption: openssl rc4 -d -in <file1> -out <file2> • Or • Encryption: openssl enc -rc4 -in <file1> -out <file2> • Decryption: openssl enc -rc4 -d -in <file1> -out <file2>
OpenSSL Libraries for stream cipher • OpenSSL crypto library • RC4: • #include <openssl/rc4.h> • Key setup phase: RC4_set_key() • Encryption/decryption phase: RC4()
OpenSSL Libraries for cryptographic functions • OpenSSL crypto library • EVP: high-level interface to cryptographic functions • #include <openssl/evp.h> • EVP_CIPHER_CTX_init(): to initialize cipher context • EVP_CipherInit(): to set up cipher context for encryption or decryption • EVP_CipherUpdate(): to encrypt or decrypt successive blocks of data • EVP_CipherFinal(): to finish the encryption or decryption • EVP_CIPHER_CTX_cleanup: to cleaup cipher context
Summary • Encrypting a file • Decrypting a file • Generating a random number