Crypto Lab: Secret
Key Encryption
Overview
The learning objective of this lab is for
students to become familiar with the
concepts used in secret-key encryption.
In this lab, you will use encryption
algorithms, encryption modes, paddings,
and initial vector (IV) parameters. After
completing the lab, you will be able to
use tools and write programs to encrypt
and decrypt messages.
Note
Note: This lab is based on the
Secret Key Encryption Labs from
Wenliang Du from Syracuse
University.
Lab Environment
You will complete this lab using the AWS
Educate classroom. Specifically, you will
use an AWS EC2 Linux instance to
complete the majority of the steps. Other
tools that will be used for this lab
include:
PuTTY, an SSH tool to connect the
Linux environment
FileZilla (or similar), a secure FTP
tool to transfer files to and from the
Linux environment
Lab Submission
After you have completed this lab,
document your findings, addressing and
responding to all the questions and
actions required in each step. When
documenting your findings, provide
screen captures with detailed, well-
written descriptions of the results and
fully answer each question. Use the
provided Secret Key Lab Instructions
Template to submit your lab findings.
Lab Tasks
To successfully complete this lab, you
must perform all of the following tasks.
Start Your EC2 Instance
To start an EC2 Linux instance, log in to
your AWS Educate classroom and open
the AWS console. Detailed instructions
for starting EC2 instance are found
in Starting an EC2 Instance .
Configure the Security Group
Now that the instance is running,
we can connect to it. However, we
must make sure that connections
are limited to the individual
student who created the instance.
Security groups provide this ability
by allowing the user to specify a
unique IP address to connect to
the instance.
Detailed instructions for configuring the
security group are found in Configuring
the Security Group .
Record the Instance IP Address
To connect to the EC2 instance, the IP
address must be known. To determine
the IP address, open the EC2 dashboard
and click on the running instances. Click
on the specific instance you previously
launched and record the IPv4 Public IP
address.
Source: AWS Educate, UMGC Virtual Labs
In this example, the IPv4 Public IP
address is 18.234.249.107. Your IPv4
Public IP will be different.
Connect to the Server
You can use PuTTY to SSH from your
desktop. You can also use SSH directly
from Windows 10 or Mac machines. If
you are using PuTTY to SSH from a
Windows machine, the private key you
previously downloaded from AWS must
be modified to work within PuTTY. Use
PuTTYGen to generate the key.
Directions on how to install and use
PuTTYGen are found here:
https://www.puttygen.com/
Once the PuTTY key has been generated,
launch PuTTY and connect to the
instance by using the ec2-
user@IPaddress for the SSH port 22,
then click Open.
AWS Educate, UMGC Virtual Labs
You will receive a security alert the first
time you connect. Accept that to
continue.
Once connected, you will see the
command prompt as shown below.
Source: AWS Educate, UMGC Virtual Labs
Introduction
Encryption is used in our lives in a daily
basis with applications including
protecting data transmitted between two
devices, online banking, e-commerce
using HTTPS protocols, Voice-Over-IP
and many other application. If conducted
properly, only authorized parties are able
to read the contents of the transmitted
messages.
Many secure cryptographic algorithms
exist to protect the transmission of our
private and sensitive data. When
vulnerabilities occur, they are often
caused by incorrect use or
implementation of an encryption
algorithm.
Recall secret-key encryption uses the
same key for both encryption and
decryption. Secret-key encryption is also
referred to as symmetric encryption
whereas public-key encryption, which
uses different keys for encryption and
decryption, is referred to as asymmetric
encryption.
In this lab, we will research common
implementation errors in secret-key
encryption algorithms that may result in
security breaches. Specifically, we will
look at the following case studies:
Monoalphabetic Substitution
Cipher
Different Ciphers and Modes
Initial Vectors
Monoalphabetic Substitution Cipher
In a substitution cipher, the letters of a
message are changed but their positions
do not. For example, consider the
following original message:
Meet Joe at the
Coffee Shop. He
has the
instructions for
you.
If we substitute the letter e for w, the
original message becomes:
Mwwt Jow at thw
Coffww Shop. Hw
has thw
instructions for
you.
If we continue to substitute each letter of
the alphabet with another letter, make all
letters lower case, and remove
punctuation, the original message begins
to look quite different.
dwwi cyw zi ihw
tyqqww jhyv hw
hzj ihw
kfjisxtikyfj qys
byx
It is well known that monoalphabetic
substitution ciphers (also known as
monoalphabetic ciphers) are not secure,
because they can be subjected to
frequency analysis.
Specifically, this cipher could be broken
through frequency analysis where certain
letters and combinations of letters occur
more frequently than others. A clever
analyst can start with commonly used
one-, two-, or three-letter word
combinations and substitute into the
encrypted message until a pattern begins
to emerge. In this case, we already know
the original message, but even if we
didn’t, we could start guessing common
alphabet patterns and decrypt the
message.
Using the common single and double
letters for the English language, we can
begin to piece the message together.
According to information from
http://www.richkni.co.uk/php/crypta/fre
q.php , the most commonly used
letters are “e”, ”a”, “o”, ”i”, “n”, “s”, “h”, and
“r”. The most commonly used trigrams (3-
letter combinations) according to
https://en.wikipedia.org/wiki/Trigram
are: “the”, “and”, “tha”, “ent”, “ing”, “ion”,
“tio”, and “for”.
When doing this manually, looking for
patterns in trigrams first, may lead to
some initial success. If we assume we
have a popular 3-letter trigram in our
message we could initial substitute “the”
for “ihw”. There are quite a few “ihw’s”
found. Substituting all of them yields this
revised and partially decoded message:
deet cye zt the
tyqqee jhyv he
hzj the
kfjtsxttkyfj qys
byx
Looking at common bigrams from
https://en.wikipedia.org/wiki/Bigram ,
we see additional patterns to consider
such as “at”, “he” , “an”, “on”, and “in”. The
word “he” is probably already decoded
properly, but “zt” could be “at” which
means “z” should be replaced “a”. If
replace all “z’s” with “a’s” the following
message is revealed.
deet cye at the
tyqqee jhyv he
haj the
kfjtsxttkyfj qys
byx
At any point, you can begin guessing
letters to complete words and
substituting. For example, “he haj”
probably should be “he has”. Replacing j’s
with an s yields this message.
deet cye at the
tyqqee shyv he
has the
kfstsxttkyfs qys
byx
The next steps can take some trial and
error by replacing other trigrams with
common 3-letter words. If we replace
“qys” with “for” the message seems to be
taking a more readable form. It is still not
quite there but better.
deet coe at the
toffee shov he
has the
kfstrxttkofs for
box
Here is where a longer message may
actually help you decode. I have one long
word that have many unknown letters.
Continuing on, we would look at each
word or phrase and begin to make
assumptions and try combinations to see
if patterns emerge.
The first word seems close to “beet”,
“feet” or “meet”. Including the next word
leads me to believe “meet” would work
and “coe” should become “Joe”.
Substituting “m” for “d” and “j” for “c” we
get the following:
meet joe at the
toffee shov he
has the
kfstrxttkofs for
box
More trial and error is needed. Toffee is
certainly a good word but if we replaced
“toffee” with “coffee” the next word
begins to resolve to shop.
meet joe at the
coffee shop he
has the
kfstrxctkofs for
box
That last phrase still is elusive. However,
if we go back and consider popular
bigrams such as “in” and replace that for
one of the remaining bigrams (“kf”) the
most complex word in our message is
turning into something we recognize.
meet joe at the
coffee shop he
has the
instrxctions for
box
The “x” clearly needs to be a “u”.
meet joe at the
coffee shop he
has the
instructions for
bou.
The last word looks like it should actually
be “you”. Substituting “b” for “y” and
adding punctuation yields our original
phrase.
Meet Joe at the
coffee shop. He
has the
instructions for
you.
As you can see, this can be tedious and
requires the use of the common letters,
bigrams, trigrams and pattern completion
techniques. Also, you have to keep track
of the letters you have solved for as you
move through the decoding process so
you don’t accidentally change a letter you
already changed. One approach to
accomplish this is to use capital letters
for plaintext, so for each letter, we know
which is plaintext and which is
ciphertext. You can use the tr command
to do this. For example, in the following,
we replace letters a, e, and t in in.txt with
letters X, G, E, respectively; the results
are saved in out.txt.
tr ‘aet’ ‘XGE’ < in.txt > out.txt
To become comfortable in how the
monoalphabetic substitution cipher
works, use the AWS Educate classroom
to launch an EC2 instance. Then, connect
to the instance and create a file. Copy
and paste several hundred words into the
file. You can use any words you want –
perhaps from a speech or part of a book
you like. Consider the following as an
example that you can use by coping and
pasting directly into a file on your EC
Instance. Name the file “myfile.txt”.
“The nations in which women have
influenced national aims face the nation
that glorifies brute force. America
opposes the exaltation of the glittering
sword; oppose the determination of one
nation to dominate the world; opposes
the claim that the head of one ruling
family is the direct and only
representative of the Creator; and, above
all, America opposes the idea that might
makes right.
Let us admit the full weight of the
paradox that a people in the same of
peace turns to force of arms. The tragedy
for us lay in there being no choice of
ways, since pacific groups had failed to
create machinery to adjust vital
international differences, and since the
Allies each in turn, we the last, had been
struck by a foe determined to settle
disagreements by force.
Never did a nation make a crusade more
just 12 than this of ours. We were
patient, too long patient, perhaps, with
challenges. We seek no conquest. We
fight to protect the freedom of our
citizens. On America’s standard is written
democracy, on that of Germany
autocracy. Without reservation women
can give their all to attain our end.”
(Blatch, Harriot Stanton, Mobilizing
woman-power)
Source: AWS Educate, UMGC Virtual Labs
To create the cipher text version of this
file, several steps are required:
1. Convert all capital letters to
lowercase.
2. Preserve the spacing, but remove
punctuation.
3. Generate the alphabetic
substitution table (encryption key).
4. Encrypt the text.
On the EC2 instance, the following Linux
commands can be used to accomplish the
first two tasks. You run these commands
at the shell prompt.
tr [:upper:]
[:lower:] <
myfile.txt >
lowercase.txt
tr -cd ‘[a-z][n]
[:space:]’ <
lowercase.txt >
plaintext.txt
Source: AWS Educate, UMGC Virtual Labs
Python can be used to accomplish the
third task. Python has already been
installed on the AWS Linux instance. To
launch Python, type Python at the shell
prompt and then enter the following
commands.
import random
s =
“abcdefghijklmnop
qrstuvwxyz”
list =
random.sample(s,
len(s))
”.join(list)
The output of running this Python code
will be alphabetic substitution table. In
this example, the results were:
fpdyehjbgiknvrmlu
sxwotczaq
You results will be different.
Source: AWS Educate, UMGC Virtual Labs
The final task can be accomplished using
Linux commands (executed at the Linux
shell prompt):
tr
‘abcdefghijklmnop
qrstuvwxyz’
‘aecpqwjrhftbsulo
zmnxgydvki’
< plaintext.txt >
ciphertext.txt
Notice in each step the output of the
previous step was used as the input for
the next step. Also, be reminded the ‘’
character, at the end of the long lines,
tells the Linux process to continue to the
next line.
If you use the nano editor to view the
resulting ciphertext.txt file you will see
the resulting encrypted message.
Source: AWS Educate, UMGC Virtual Labs
Experiment with frequency analysis to
demonstrate how you can effectively
determine the encryption key and
reconstruct the original message. Your
goal is to determine the encryption key,
so that any future messages can easily be
decrypted. The encryption key (i.e.,
alphabetic substitution table) in this
specific example is:
‘fpdyehjbgiknvrml
usxwotczaq’
You can test your key by using the tr
command:
tr
‘fpdyehjbgiknvrml
usxwotczaq’
‘abcdefghijklmnop
qrstuvwxyz’
< ciphertext.txt
> decrypt.txt
Source: AWS Educate, UMGC Virtual Labs
Once you are comfortable with the
process, use the same process to
determine the encryption key used to
decrypt the lab secret message (found in
the lab1cipher.txt file ). Submit the
decrypted lab secret message, along with
the encryption key with your lab
deliverable.
There are many online resources that
have been mentioned before you can
use. Here are some useful links:
http://www.richkni.co.uk/php/crypta/freq.php.
This website can produce the
statistics for a ciphertext, including
Course Resource
5/6/21, 2:39 PM
Page 1 of 1
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more