Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: THEend8_
FIT2093 Assignment
Submission Guidelines & Tasks
Guidelines Details
• Deadline: Assignment 1 Task 2 & 3 are due in Week 9 on 2 May 2024 at 11:55pm
Melbourne, Australia time (CL Campus) and 2 May 2024 at 11:55pm Malaysia time (MA
Campus). This Task is an individual (not group) work and it must be submitted by each
student individually.
• Submission Platform: Electronic submission via the `Assignment 1 Task 2 & 3
Submission’ link on the Moodle Assessments page (an Ed announcement will be sent once
the link is added).
• Required Files: Required data and numerical parameter files for the assignment will be
favailable for download via the Moodle `Asg 1 Task 2 & 3 Specification Download’ link.
• Submission File Format: Two PDF documents: one for Task 2 and one for Task 3.
• Submission Page Limit: Each submitted PDF document must be at most 20 pages,
excluding cover page and references. Any screenshots that cannot fit in the main 20
pages can be placed in an Appendix (which does not count in the page limit).
• Plagiarism: It is an academic requirement that your submitted work be original. Zero marks
will be awarded for the whole submission if there is any evidence of copying, collaboration,
pasting from web sites, or copying from textbooks.
• Use of Generative AI tools: ChatGPT or other AI tools may be used for study purposes, to
learn about your topic, and to develop your assignment. However, similar to citation
requirements for other references, you must include a clear declaration of all generative AI
tools used (e.g. ChatGPT, DALL-E, Grammarly, voice-to-text), how and where you have
used them. Please follow the Monash guidelines on how to acknowledge the use of
Generative AI.
Notes
● For each question, you need to answer both the computation result question and the
explanation questions about your working process such as the source code or the
commands you are using to solve the tasks.
● Note that if numbers in this assignment are specified in hexadecimal format, your
written answer and many software packages expect hexadecimal numbers to be input
a ‘0x’ prefix (e.g. ’0xa0b1c2d3’) for indicating the hexadecimal format. For example,
this prefix allows SageMath to interpret the value in hex.
• This Assignment 1 Tasks 2 & 3 are weighted 15% each, and together make up 30% of the
total unit marks.
• The assignment 1 Tasks 2 & 3 are each marked out of 100 nominal marks. Each
mark in Task 2 and Task 3 is thus worth 0.15% of the total unit marks.
Task 2 (100 marks) Marks
SubTask 2.1 (30 marks) ● Explanation of decryption steps (10 marks)
● Block diagram of decryption (7 marks)
● OpenSSL commands and decrypted values (7 marks)
● Presentation (6 marks)
SubTask 2.2 (40 marks) ● Discussion of CTR mode security considerations and
how well addressed in group encryption (7 marks)
● Explanation of security vulnerability in group
encryption (7 marks)
● Explanation of vulnerability exploitation (7 marks)
● Demonstration of attack (7 marks)
● Fix for vulnerability and reasoning (7 marks)
● Visual aids and presentation (5 marks)
SubTask 2.3 (30 marks) ● Explanation of modified group encryption (10 marks)
● Block diagram of modified group encryption (5 marks)
● Explanation of why modification is secure (5 marks)
● Demonstration of modification (5 marks)
● Visual aids and presentation (5 marks)
2
Task 3 (100 marks) Marks
SubTask 3.1 (40 marks) ● Missing steps for group session init protocol (8 marks)
● Explanation of purpose of missing steps (8 marks)
● Demonstration of missing SESSID and gsk decryption
steps with commands (8 marks)
● Correct computation of gsk and SESSID (8 marks)
● Presentation (8 marks)
SubTask 3.2 (40 marks) ● Explanation of both attack scenarios (8 marks)
● Discussion of security of protocols in these scenarios
(7 marks)
● Explanation of vulnerability in protocol (5 marks)
● Explanation of attack steps (5 marks)
● Demonstration of attack steps (5 marks)
● Computed attack results (5 marks)
● Visual aids and presentation (5 marks)
SubTask 3.3 (20 marks) ● Explanation and reasoning of modification of protocol
(8 marks)
● Block diagram of modification (5 marks)
● Discussion of modification impacts (4 marks)
● Visual aids and presentation (3 marks)
Task 2: Group Message Encryption for PeerHelper (15%)
After consideration of the Canary block cipher design, the project manager Reyes decided that due to
the more established and higher confidence in the security of AES, the PeerHelper development will
proceed with AES-256 as the block cipher for group message encryption.
For the next stage of the project, Reyes asked you to investigate the design of the group message
end-to-end encryption method, including using a block cipher mode of operation, and evaluating
different options for their confidentiality and authentication security.
Reyes proposes that to initialize a group messaging session, group members will run a group session
initialization key exchange process, to be investigated later in the following task (Task 3 below). For
this group message encryption task, Reyes said you may assume that the group initialization stage
has already been executed, resulting in the following information:
● a public 32-bit session identifier SESSID known and shared by all group members,
● a private AES-256 group session key gsk which is known and shared by all group members,
● a list of private group member IDs that belong to the group: ID_1, ID_2, … ID_n, where n is
the number of group members in the session. These group member IDs (96-bit per ID) are
known to the group members and the PeerHelper app server.
Reyes sent you the following proposal for the group message encryption method. To send a group
message m to the group, the sending group member Alice (say Alice is member 1 with identity ID_1)
does the following:
1. Prepares a 128-bit private message header hdr = (SESSID || ID_1).
Here, || denotes concatenation of strings, e.g. SESSID || ID_1 denotes the concatenation of
the two bit strings SESSID (session ID) and ID_1 (sender ID). For example, if SESSID =
“9S42” and ID_1 = “AliceKerr000” then hdr = SESSID||ID_1 = “9S42AliceKerr000” (note that
the SESSID consists of 4 ASCII characters and the ID_1 consists of 12 ASCII characters, to
make the total hdr length equal to 16 ASCII characters x 8 bit/char = 128 bit). Refer to Fig. 1
below for an illustration.
Fig. 1. Illustration of Step 1 of group message encryption.
4
2. Encrypts the bit string (hdr || m) using AES-256 in the CTR mode of operation, with the group
session key gsk to get a ciphertext C (note that C has the form IV||C[1]||C[2],...C[N], where IV
is the CTR mode Initial Value, and C[1],C[2],...,C[N] are N AES-256 ciphertext blocks, note
that in CTR mode, the last ciphertext block sent may be shorter than a full AES block,
depending on the length of the plaintext). The Initial Value IV for the CTR mode of operation is
derived from the time of day time (hours:minutes) by hashing: IV = H(time), where H(time) is
the leftmost 128-bit of the 256-bit output of the SHA256 cryptographic hash function on input
the string time. Refer to Fig. 2 below for an illustration.
Fig. 2. Illustration of Step 2 of group message encryption.
3. Sends SESSID || C to all the members of the group. Refer to Fig. 3 below.
Fig. 3. Illustration of Step 3 of group message encryption.
Reyes asked the developers Kira and Misao to implement this proposal and send you a sample
group encryption message SESSID||C encrypted with a sample group session key gsk.
Your goal: Reyes asked you to test and evaluate the functionality and security of this design and
implementation of the PeerHelper group message encryption method.
SubTask 2.1: Functionality Testing
2.1 Kira and Misao sent you a sample group encryption message SESSID||C encrypted with a
sample group session key gsk, using the OpenSSL cryptographic tool. The gsk and group
encryption messages are available in Moodle.
Write a response email to Kira and Misao explaining how you tested decryption of the group
encryption message. Include in your response:
5
● your explanation of the decryption method that you used to test the decryption by each group
member’s PeerHelper app,
● a block diagram of the decryption method supporting your explanation,
○ in the diagram, indicate the inputs parsed from the given encrypted message together
with their corresponding size in bits, and the flow of the block cipher CTR mode
operations (including any XOR operations), showing the number of decrypted blocks
and what information is in each block.
● your decrypted values of session ID, sender ID, and message obtained from the sample
encrypted message using appropriate commands,
● Your reasoning for the number of decrypted blocks used and their sizes, given the length of m,
● screenshots of your linux commands for parsing SESSID||C into the relevant information and
OpenSSL commands in your decryption process. Explain how you obtained each value.
Hint: Refer to Applied Session Week 4-7 for encryption and parsing functions.
SubTask 2.2 Security Evaluation: Confidentiality
To help evaluate the confidentiality of the group message encryption method, Kira and Misao sent
you five encrypted group messages SESSID_1 || C_1, SESSID_2 || C_2, SESSID_3 || C_3,
SESSID_4 || C_4, SESSID_5 || C_5 sent by group members during the indicated times (see Moodle).
Hint: To read the cipher binary file, use “bless ” or “xxd ” to copy the
relevant part of hex values.
Your task: Examine the group encryption method in Figs. 1-3. Based on the discussion in this unit,
consider:
● how block cipher modes of operation should be used securely
● common insecure misuses of them
Consider whether you think the group encryption method from Figs. 1-3 is secure or insecure in
terms of confidentiality, along with the reason.
Write an email to explain your confidentiality security findings to Kira and Misao. Your email should
include:
● discussion of the important security considerations for the CTR mode of operation and how
well you think they are addressed in this group encryption method in Figs. 1-3,
● explanation of any security vulnerability you identified in the encryption method,
● explanation of how one such vulnerability could be exploited by an attacker Zoe, who
eavesdropped on the encrypted group messages, to reveal some private information (such as
private identities of group members who sent the intercepted messages or the message
contents),
● what private information can be revealed by Zoe, from the given encrypted messages and the
message sending time,
● a recommendation to Kira and Misao on how to fix the vulnerability, and the reasons why it
fixes the problem,
● screenshots of any OpenSSL and/or SageMath commands you used in the decryption and
your explanations of how you got each value. You can acquire the values from the given
message by using the parsing techniques in Applied Session Week 7.
Hint: You may assume that prior to her attack, Zoe found out the ID “Delta Zhang00” who sent the
third message intercepted by Zoe. Zoe found this out by overhearing “DeltaZhang00”s private
conversation. However, prior to her attack, Zoe did not find the IDs of any other group members nor
the group session key gsk.
6
SubTask 2.3 Security Evaluation: Integrity/Authenticity
Kira and Misao came back to you for help on integrity evaluation of the group encryption method.
They realised that some group insiders (i.e. group members) may try to attack the integrity of the
system, and such attacks should also be prevented. Based on your studies in this unit, think about
how the group encryption method could be modified to protect against group insider integrity
attacks.
Your task: Write a follow-up email to Kira and Misao to describe your modified group encryption
method. Your email should include:
● an explanation of your modified group encryption method,
● a block diagram to illustrate your method,
● an explanation of why your method would protect against attacks by a malicious group insider
“BobHowes0000” who intercepts and modifies a group encryption message sent by honest
group member “DeltaZhang00” to a new encrypted message delivered to all other group
members,
● explain in particular why, with your encryption method, it would not be feasible for
“BobHowes000” to modify the group encryption message sent by “DeltaZhan00” such that all
group members decrypt the same message sent by “DeltaZhang00” but are fooled to think that
the message was sent by “BobHowes000”,
● explain any other assumptions (e.g. on the group key distribution setup phase) that your fix
entails.
● an example encrypted group message that would be computed by “DeltaZhang00” with your
modified group encryption method. For this example, you may modify the encrypted group
message SESSID_3 || C_3 sent by “DeltaZhang00” in SubTask 2.2,
● screenshots of any commands used and any other additional values generated by Delta to
compute your example modified encrypted group message.
Hint: Your modified encrypted message should have the form “SESSID_1|| C_1||Y”, where Y is some
additional value.
Submission: Submit your Task 2 report as a PDF file at the Moodle Assessment Page ‘Task
2&3 submission link.
Task 3: User Enrolment and Group Session Initialization for PeerHelper (15%)
7
To initialize a group messaging session, group members will run a group session initialization key
exchange process, so that the resulting session key can be used for the group session encryption
protocol from Task 2. Your task now is to help the PeerHelper developers Kira and Misao to
understand, analyse and improve the security of the group session initialization key exchange
protocol proposed by the manager Reyes. Reyes has provided his proposed two protocols which
are:
(1) A user enrolment protocol illustrated in Fig. 4 and detailed in Fig. 6.
Fig. 4. Illustration of the PeerHelper user enrolment protocol.
(2) A group session initialization protocol run by the group session Initiator User, illustrated in Fig.
5 and detailed in Fig. 7.
Fig. 5. Illustration of the PeerHelper group session initialization protocol.
SubTask 3.1: Completing the Group Session Initialization Protocol
8
In order for Kira and Misao to complete their implementation of the proposed protocol, they need to
also know the protocol steps to be followed by the other group members (besides the group session
Initiator User) in the protocol.
Write an email to Kira and Misao to explain the steps to be performed by the group member ID_i (for
any i=2,...,n) upon receiving the group session initialization message from the group initiator. Your
email should:
(1) detail the missing steps at the end of Fig. 3,
(2) explain the purpose of each missing step,
(3) demonstrate an example of how to carry out the SESSID extraction and group
session key gsk decryption steps on the group session protocol message given on
Moodle (note: you do not need to demonstrate the other missing steps from (1) and (2)
on the message given on Moodle).
For your example (3) above of the SESSID extraction and gsk decryption step in the group session
initialization protocol, assuming you are one of the group users to join a session initiated by Initiator,
you are given on Moodle:
● two key-pairs generated in user enrolment protocol,
● a message from Initiator, (SESSInit, Cert_{1,s}, SESSID, C_i, sig_i) in step 6 of Fig. 3,
● the server’s signature public key, PK_{S,s} for verification of signature.
In part (3) above of the email, you should
● demonstrate how to obtain the group session key gsk,
● show your computed values of the SESSID and gsk,
● provide screenshots of GPG commands to show workings and intermediate values to explain
your output results.