HW1- CSCI454/554

Homework Assignment #1 (Due by 02/25/2016)

Note:
(1). This homework assignment covers topics 1 -- 3.
(2). You must use text editor (e.g. MS Word or Latex) to complete your homework.
(3). You should submit an e-copy through blackboard.
(4). The programming assignment (Problem 14) should be submitted according to requirements and notes.

1. (10 points) Research by yourself and explain the following concepts. Try google.

What are botnets?
What's phishing?
What's rootkit?
What's heartbleed bug?
What is Stuxnet?

2. (5 points) Problem 2 on page 57 in textbook.

3. (5 points) Problem 3 on page 57 in textbook.

4. (5 points) Problem 5 on page 58 in textbook.

5. (5 points) Problem 3 on page 92 in textbook.

6. (10 points) Problem 6 on page 92 in textbook.

7. (5 points) Problem 8 on page 93 in textbook.

8. (5 points) Problem 9 on page 94 in textbook.

9. (5 points) Problem 12 on page 94 in textbook.

10. (5 points) Problem 1 on page 114 in textbook.

11. (5 points) Problem 5 on page 114 in textbook.

12. (10 points) Problem 6 on page 114 in textbook.

13. (5 points) Alice is establishing an account with Bob, a discount on-line broker. She wants her trading to be private. Since both Alice and Bob have heard that the one-time pad is a very secure cryptosystem, they generate a 96-bit-long random pad K for Alice to use in the future for encrypting all her buy/sell orders to Bob. They agree on the following format for each order: First, Alice writes down a single character, either `B' for `Buy' or `S' for `Sell.' Then she puts a single space, followed by a five-digit decimal number for the number of shares she wants to buy or sell (if she doesn't need to use all five digits, she puts zeros in the front). Finally, she puts another space followed by the four-letter ticker symbol of the stock she wants to buy or sell (if not all four letters are needed, she puts spaces in the front). Thus, for example, ``B 00100 MSFT'' means "Buy 100 shares of Microsoft" and "S 25000 AOL'' means "Sell 25,000 shares of AOL Time Warner." Whenever Alice wants to send an order to Bob, she puts her order in the above format, converts the resulting 12-character string to ASCII to get 12 bytes (=96 bits), and encrypts it using the Vernam cipher with the agreed-upon key K.

Describe at least one attack against this scheme. You may have certain assumptions (e.g., you may get a copy of a plaintext message). In your submission, you need to clearly state your assumption(s), describe the procedure of your attack, and give an example illustrating your idea. (Hints: there are four types of cryptanalysis techniques: plaintext-only, known plaintext, chosen plaintext, and chosen ciphertext.)

14. (20 points) Implement AES CTR mode and AES CBC modes. You are required to use Java for this implementation. Exceptions have to get explicit permission from the instructor. You should use the basic AES algorithm as the block cipher. Each time when you call the encryption/decryption function, you should supply one block. Your algorithm should implement the actual feedback modes.

Requirements and notes

Java Crypto extension reference guide.

An online example to help you get started.

Download Bouncy Castle Security Provider.