While you are waiting for the session to start, can you familiarise yourself with the OWASP website. Its link https://owasp.org/ What is OWASP is about etc? Find any events that you can attend virtually
Catch-up
&
Tasks on DH, RSA and Padding
Lec 6a
1
Overview
By the end of the session, you should :
know what we have done in the module so far? [like a summary of key points]
Be able to solve DH, RSA and padding related
problems.
What we have done so far?
Week 1
a) CIA & Authentication and Accountability
b) Types of threats: Active/Passive, Insider/Outsider
c) Attack surface and attack trees
d) Other key terms like vulnerability etc
Week 2
a) General intro to malware
b) Basic operation of viruses, worms and trojans
c) Payload types
d) bots, spyware and rootkits
e) Countermeasures
What we have done so far?
Weeks 3-6 Cryptography
a) General introduction
b) Cryptographic system categories
– Substitution/Transposition
Single letter, multi-letter substitutions
Rail-fence and route transposition techniques
– Block/Stream
Padding techniques: Random,Zelolen, Null etc
Salt: playback issue, CBC, CFB, OFB, CTR
GCM
– Symmetric/Asymmetric
Explained role of keys
Symmetric: DES, 3DES and AES
Asymmetric: RSA, DH, Elliptic Curve
Digital signature, certificates
c) Cryptographic hashing (Friday’s lecture)
What we have covered in labs?
CIA concepts based on scenario
Behaviours of malware
PHP application
Used different ciphers to secure an asset
Cryptographic standard OpenSSL library
Some Mac users have issue installing OpenSSL – only two students reported it to me. It is solved, check discussion pages on Canvas.
Module learning aims
Systematically discuss key dimensions of computer security (e.g. secrecy, authentication, integrity, anonymity), and their relationship to the main threats and attack techniques relevant to computer security.
Systematically describe the main building blocks of cryptography (e.g. public and private key encryption, cryptographic hashing), and their relationship with the key dimensions of computer security from LO1.
Deploy up-to-date tools and techniques for finding vulnerabilities in computer systems. Draft security policies and implement policy enforcement processes and mechanisms.
Design secure computer systems by using established computer security principles.
Quiz
How are you attempting lab work? Are you using your own PC?
If NOT, I need to know by end of this week to avoid any problem in setting up SQLi and XSS labs.
https://canvas.sussex.ac.uk/courses/13026/quizzes/17639
Catch-up
You have interim report for FYP but make sure that you progress in computer security module
Use this week to catch up with this module
both in theory and labs work
Next week – Web security [ SQLi and XSS Attacks], HTTP
Revise it for Exam
Study examples of DH, RSA and Padding then attempt tasks provided on each of the three topics
Task – DH
Examples of DH are on the next two slides.
Problem-1
Suppose that two parties A and B wish to set up a common secret key (D-H key) between themselves using the Diffie Hellman key exchange technique. They agree on 7 as the modulus and 3 as the primitive root. Party A chooses 2 and party B chooses 5 as their respective secrets. Find the DH key.
Problem-2
In a Diffie-Hellman Key Exchange, Alice and Bob have chosen prime value q = 17 and primitive root = 5. If Alice’s secret key is 4 and Bob’s secret key is 6, what is the secret key they exchanged?
Once you attempt, check your solution against:
https://www.gatevidyalay.com/tag/diffie-hellman-key-exchange-tutorial/
Example of DH protocol
Task – RSA
In an RSA cryptosystem, a particular A uses two prime numbers p = 13 and q =17 to generate her public and private keys. If the public key of A is 35. Then the private key of A is?
RSA – example01
Encryption
Decryption
Public key: (5,14)
Plaintext: B 2 index
( mod ) 14
= 32 (mod 14)
= 4 (mod) 14
= D = 4 index
Private key (11, 14)
Note: 14 is the same
Ciphertext: D 4
(mod)14
= 4194304 (mod 14)
= 2 (mod 14)
= B = 2 index
C= mod N
M= mod N
How does it work?
1st step: two primes number p and q
p=2 and q=7
2nd step: product of p and q = p x q = 14 = N
which is mod in public and private key, it is publicise
3rd step: (pronounced as PHI(N) = (p-1)(q-1)
=(2-1)(7-1)
= 6 = total number of co-prime
4th step: Choose e 1< e < (N) = 2,3,4,5
{ co-prime with N, (N) = 2,3,4,5
N=14, (N)=6;
public key = 5, 14
5th step: choose d: de (mod (N)) = 1
5d (mod 6) = 1
d should be such a number that when it multiplies with 5 and find mod by 6, it should give you 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
d 1 2 3 4 5 …..
5d 5 10 15 20 25 ……
mod 6 5 4 3 2 1 0
This pattern repeat, pick any number that give you mod 1
How many coprime below 14?
14=2x7 2=2x1
4=2x2
6=3x2
8=2x2x2
12=2x2x3
14=2x7 1=1x1
3=3x1
5=5x1
7=7x1
9=3x3
11=11x1
13=13x1
Coprime
1=1x1
3=3x1
5=5x1
9=3x3
11=11x1
13=13x1
RSA - example02
Encryption Decryption
two primes p x q ; p=3, p=11
N = p x q = 3 x 11 = 33
(N) = (p-1)(q-1) = (3-1) (11-1) = 2 x 10 = 20 [this will be our mod] = Both parties will have this value
Selecting e
1< e < (N) = 1