EECS 588: HW 2

Due Sept. 25th.

If you work in groups, please acknowledge your collaborator(s) (or do a joint submission), and acknowledge any resources used. Preferably, submit via email to the instructor (email id: aprakash).

1. Suppose the university uses a block mode of encryption for encrypting student records, which have the following fields: student name, student ID, course#, grade, and date. Assume that each of these fields within the record corresponds to one block of data for the purpose of encryption. A malicious student receives a D in a course and wants to change the grade to an A. He manages to get an opportunity to modify the ciphertext for the record. Explain how the student could change the grade to an A in the following two schemes and whether any other fields in the record will get affected as a result.

Electronic Code Book (ECB) scheme
Cipher-block chaining (CBC) scheme

2. Party A wants to send a sequence of messages to party B in a manner that allows party B to detect any tampering of the message along the way. A and B share a common symmetric key k, which is not known to the attacker. Explain why the following strategy for encoding each message Mi in the sequence is not sufficient.
A -> B: Mi || HMAC(k, Mi)

Suggest a fix to the above protocol using the fewest possible additional bits.

3. Get the sample code for a SSL client server from the course web site or from the original source: the book Network Security with OpenSSL .
Go to the subdirectory ssl and compile the code. I compiled it on Linux. You require openssl, if it is not already installed.

Now answer the following questions about the code (it may help to look at the code to answer the questions):

a. Identify the purpose/content of each file with the .pem suffix. From a security perspective, should any of these files be available only to the server? To the CA? To the client?

b. What are each of the PEM passwords during the building of the code and running of the code being used for?

c. What is the chain of trust for the client in order to establish identity of the server? Identify certificates and files used in establishing that chain of trust. List the contents of each certificate in a human-readable text format. You can use the following command to see contents of a X509 certificate that is PEM-encoded:

openssl x509 -in certfile.pem -noout -text

d. In client3, what checks is the client code currently doing on the certificates in order to establish that the server certificate is? Are these checks sufficient?
e. (for Check + grade) Use a network packet monitoring tool (e.g., tcpdump or ethereal) to trace the messages in the SSL handshake. Give your analysis as to what is likely to be happening at each step in the monitored traffic.

Some resources:

An Introduction to SSL: A nice overview article from Sun

An Introduction to OpenSSL. One level down from the previous article.

An Introduction to OpenSSL programming: Part I and Part II
Openssl library functions and man pages:
http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS

Openssl use to verify x509 certificates:
http://www-128.ibm.com/developerworks/library/l-openssl2.html