Public-key cryptographic, code verification and network security.
Complete parts 1 and 2. Graduate students should additionally complete part 3.
Part 1: Public-key cryptography
-
Given an RSA cryptosystem with prime values $p = 11$ and $q = 17$, as well as a public-key exponent $b = 7$ and private-key component $a = 23$:
-
Show how a sender can encrypt the plaintext block $P = 25$.
-
Show how the received ciphertext can be decrypted to yield $P$.
-
Bonus: Show how the Extended Euclidean Algorithm can be used to compute $a$ from $p$, $q$ and $b$. You may use, e.g., the Python
egcd
module in lieu of computing the EEA by hand.
-
-
Read the "JAR file verification" section of the manual page for the Java
jarsigner
tool (runman jarsigner
on just about any Unix machine, or else on a web page).-
Use
jarsigner
to verify the signature of this JAR file. What cryptographic hash function was used to hash the manifest file? What algorithm was used to sign the JAR file? (provide evidence for your claims) -
Extract the JAR file. Compare the SHA-1 sum of any file within the extracted JAR file (e.g., using the
shasum
command) to that contained within the signed manifest fileMETA-INF/MANIFEST.MF
. How do they differ? -
Using a Base64 encoder (e.g.,
base64
oropenssl base64
at the command line or an online tool, obtain the Base64-encoded SHA-1 hash of any.class
file from the JAR file. How that that compare with the value inMETA-INF/MANIFEST.MF
?
-
Part 2: Network security
-
Does your home network use NAT? Provide evidence to support your claim.
-
Firewalls
-
Identify three Memorial hostname/port pairs that are accessible from outside of the University network.
-
Explain how you could access an on-campus service (e.g., a website) from off campus when that service is blocked by Memorial’s perimeter firewall.
-
-
Using Verisign’s DNSSEC Debugger, inspect the DNSSEC signature chain for www.cl.cam.ac.uk. Graph this chain of DNS records, by hand or using GraphViz (e.g., via GraphViz Online). For each Resource Record in the chain, include the type of RR (e.g.,
DNSKEY
) as well as any relevant Key IDs.
Part 3: Protocol dissection
Capture some HTTPS traffic using tcpdump or Wireshark. Explain, with reference to selected information from the packet capture, the process by which the communication begins, starting from the initial DNS lookup. Show all DNS and TLS packets up to the point where encrypted communication begins.