CS-2910 Network Protocols

Dr. Mark Sebern -- Fall quarter 2014-2015


Lab 8: RSA public key encryption

Revised: 5 November 2014

Acknowledgement

This lab was developed by Dr. Yoder.

Lab assignment

This is a team assignment; each team should be three members (playing the roles of "Alice", Bob, and "Trudy"), unless a different size is approved by the instructor.

Introduction

In this lab, you will play out several encryption scenarios using simple 16-bit RSA. The scenarios you will play out:

Before you can play out these scenarios, you will need the following:

Procedure

  1. Download the skeleton Python template: cs2910-labrsa-template-py.txt
  2. Rename the template file to cs2910-lab08-username1-username2-username3.py, where each "usernameN" is the MSOE email username (e.g., "smithj") of a team member, in alphabetical order.
  3. Edit the header of the file to include your team members' names, in the format provided.
  4. Create and document (in comments) a design for the methods create_keys, compute_checksum, and apply_key. See the documentation for these methods in the template.
  5. Implement in code the design for these methods.
  6. According to each team member's assigned "persona" (role), do the following steps in sequence:
    1. Bob:
      • Run the program with the compute_checksum option to create an encrypted checksum for the message “Bob owes Trudy $100.99”.
      • Save the public & private keys, as well as the encrypted checksum for your records.
      • Provide Alice and Trudy with the public key.
      • Provide Trudy with the message and encrypted checksum. (Suppose that Trudy runs an unscrupulous online store…)
    2. Trudy:
      • Create a message that results in the same checksum as Bob’s message, but implies that Bob owes a larger amount of money.
        (Hint: If you rearrange the characters in the string, how does that change the checksum?)
      • Supply Alice with the forged message and the encrypted checksum that Bob gave you.
    3. Alice:
      • Check Trudy’s message using the verify_checksum option of the program. Does it check out OK?
      • If not, Trudy should keep trying.
      • If so, how could Trudy be prevented from performing this trick in a real application?
        (Suppose Alice is the banker responsible for transferring the money from Bob to Trudy.)
  7. As a team, create a design for the method break_key, and implement it.
  8. According to each team member's assigned "persona" (role), do the following steps in sequence:
    1. Bob:
      • Run the program and create a public key.
      • Deliver this key to Alice. (You can reuse the key from above if you like.)
    2. Alice:
      • Create a secret message.
      • Encrypt it with Bob’s private key using the encrypt_message option of the program.
      • Supply Bob and Trudy with the message. (You may need to email the hexadecimal characters to Bob and Trudy, or share them in a direct message.)
    3. Bob:
      • Run the program with the decrypt_message option to read Alice’s secret message.
    4. Trudy:
      • Run the program with the break_key option to read Alice’s secret message.
  9. Together, as a team, modify and add to the comments at the end of your Python file, with the following information:
    • Answer the questions posed in the template text.
    • Comment about what you learned in the lab. Your comments should include:
      1. A description of the functionality you implemented and the results of your testing.
      2. Comments on your experience in completing the lab, including any problems you encountered. Briefly explain what you learned.
      3. Questions and suggestions.

Additional implementation details will be discussed in class. If you have questions about these requirements, ask in class or lab.

Submission (Due Thursday, 11/13/2014, 9PM)

One team member should submit your Python file by uploading to the CS-2910-031 Submissions folder on box.msoe.edu. If you have questions about this process, consult the instructor well in advance of the submission deadline.

Please follow these submission instructions exactly, including details of the filename, or your submission may be rejected, resulting in a "F" grade.