Cryptography and Network Security Research and Programming Projects (mostly from William Stallings)
Session Keys
Examine the establishment of session keys such that the session key is uncomputable, and unspoofable. You may wish to study systems that rely on:
• A shared secret
• Authenticated public keys (including Diffie-Hellman)
• A single public key
• One time passwords (including Lamport's Hash)
To better understand how these methods are used, study their implementation in various protocols/products, such as:
• Kerberos V4
• Kerberos V5
• Secure Socket Layer
Show attacks and defenses to these session key establishment protocols at all levels, including one or both of the communicating machines being compromised.
The Security of Diffie-Hellman Algorithm.
The security of Diffie-Hellman relies on the difficulty of the discrete logarithm problem. This project describes attempts to determine what size primes are required for security. In particular, evaluate the secure identification option of the Sun Network File System, which uses Diffie-Hellman algorithm with a prime p of 192 bits.
Objectives:
•To describe the different steps necessary to solve the discrete logarithm problem (DLP).
•To discuss the state-of-the-art results obtained for the solution of DLP.
•Present the SUN NFS cryptosystem, and discuss some of its deficiencies.
•Recommendations in order to have a secure size for the prime number p used in the Diffie-Hellman algorithm.
Key Escrow System
Investigate key escrow and its implementations by government and commercial groups. Key escrow system (KES) can be defined as an encryption system with a decryption capability that allows authorized persons (e.g. officers of an organization and government officials) to decrypt the ciphertext with the help of trusted parties holding special data recovery keys. The aspects that will be covered about key escrowed system will be security, its operation, and the security measures taken in programming the chips.
In addition to a general discussion, examine the Escrowed Encryption Standard (EES), Yaksha (commercial key escrow) , and Entrust (commercial key recovery). Then describe the philosophical and technical approaches of each one.
Programming Projects
Virtual Election Booth
This project implements the secure election protocol described in [SCHN96], p. 127 (Voting with Two Central Facilities). A more theoretical discussion is found in [SALO96]. The implementation will provide a secure way for people to vote online, which eliminates the hassle of physically being present at designated election locations.
Since computerized voting will not replace general elections unless there is a protocol that both maintains individual privacy and prevents cheating, the ideal protocol must meet these requirements:
•Only authorized voters can vote.
•No one can vote more than once.
•No one can determine for whom anyone else voted.
•No one can duplicate anyone else's votes.
•Every voter can make sure that his vote has been taken into account in the final tabulation.
•Everyone knows who voted and who didn't
Your design should use two central facilities: Central Tabulating Facility (CTF) and Central Legitimization Agency (CLA). CLA's main function is to certify the voters. Each voter will send a message to the CLA asking for a validation number, and CLA will return a random validation number. The CLA retains a list of validation numbers as well as a list of validation numbers' recipients to prevent a voter from voting twice. Then, the CLA completes its task by sending the list of validation number to the CTF. CTF's main function is to count votes. CTF checks the validation number against the list received from the CLA. If the validation number is there, the CTF crosses it off (to prevent someone from voting twice). The CTF adds the identification number to the list of people who voted for a particular candidate and adds one to the tally. After all the votes have been received, the CTF publishes the outcome.
An effective way to implement this is via the web, using CGI programs to implement CTF and CLA, and a Java applet to do encryption on the client side.
Poker on the Internet
This project implements poker on the Internet. It will accept one to five players. More than five players tends to spread the deck out to much.
Every player will need a public/private key to play. They will also need to have an account with the house. Startup will have to be coordinated amongst the players. Session keys will be established between the house and the players. The session key is used to encrypt players. cards and for players to sign their bets. The house is responsible for totaling the pot and announcing bets to all players and tracking players banks. Session keys will be destroyed after a players leaves a current session.
Implementation of a Symmetric Block Cipher
Implement one of the more straightforward block ciphers, such as IDEA, RC5 or Tiny Encryption Algorithm (http://www.cl.cam.ac.uk/ftp/papers/djw-rmn/djw-rmn-tea.html). Verify that the implementation works, then perform some experiments, such as timing trials, exhaustive key search, randomness checks, etc. For the IDEA system include a discussion of fast multiplication mod 216 + 1.
Zero Knowledge Proof System
Implement the Zero Knowledge Authentication system described on pages 179-181 in the text.
Simple Version of PGP
Write Java programs to do the following:
A program to generate an RSA public/private key pair and write the modulus n and the encryption exponent e to a file.
A program for encryption to:
Include a program for the recipient to: