USA: +1(669)289-8683 
Sign in
Subject : C/C++ Comments : I would like parts 3 and 4 of the attached file
done if possible. This assignment requires the use of Linux and the C
language. For part 4, the three user names would be tkclifton, ssiewert,
and guest.
Exercise#5 – Basic Encryption and Platform Security
DUE: 11/24/2013 on Blackboard (before Midnight)
Please thoroughly read Modern Operating Systems Chapter 9 and bring any questions you have to class.
Note that the slides for Chapter 9 have also been posted on Blackboard.
Please see example code provided for the class at –
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/EXAMPLES/
Exercise #5 Requirements:
1) [20 points] Read the following papers and provide a 2 to 3 paragraph summary of main
points:
a) [10 pts] Read and summarize “Big iron lessons, Part 5: Introduction to cryptography,
from Egypt through Enigma”,
http://www.cse.uaa.alaska.edu/~ssiewert/a320_doc/papers/big-iron-5
b) [10 pts] Read and summarize “Big iron lessons, Part 6: The right coprocessor can help
with encryption”, http://www.cse.uaa.alaska.edu/~ssiewert/a320_doc/papers/big-iron-6
2) [20 points] Download example simple Enigma encryption code and concepts available on our
example code web site (http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/Examples-
Crypto/) or from the paper.
a) [5 pts] Download, build, and run the example enigma code from pa-bigiron5 on your
name and provide plain and cyphertext output.
b) [5 pts] Modify the example code to use a substitution only with the ASCII table (disable
the transposition) – with this type of cypher, if you have the encryption engine, how can
you easily crack the code to decrypt all possible messages?
c) [5 pts] What methods might you use to crack the enigma code given that you know the
substitution cypher but not the transposition – demonstrate your ideas for cryptanalysis
with test messages and sequences (hint consider disabling the transposition, creating a
substitution look-up table, and then running known sequences through the rotor-based
transposition code). Show your cryptanalysis for a short string like your name or a
sequence of letters/numbers in ASCII (10 digits).
d) [5 pts] Read the Wikipedia summary of Decyphering Enigma coded messages –
http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma – without capture of an
encryption device, do you believe the code would have been cracked in the 1940’s – why
or why not? What about today?
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/EXAMPLES/
http://www.cse.uaa.alaska.edu/~ssiewert/a320_doc/papers/big-iron-5
http://www.cse.uaa.alaska.edu/~ssiewert/a320_doc/papers/big-iron-6
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/Examples-Crypto/
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/Examples-Crypto/
http://en.wikipedia.org/wiki/Cryptanalysis_of_the_Enigma
3) [30 points] Work with PGP for Linux known as GPG
(http://www.linuxjournal.com/video/linux-howto-secure-your-data-pgp,
http://www.gnupg.org/, http://linuxreviews.org/howtos/gnupg/mini/) and use of MD5 hashes
to verify image file modifications (and potentially hidden water-marks). Complete the
following:
a) [10 pts] Encrypt a file with a GPG public/private key pair, decrypt it, and then diff the
original and the resulting file after you have encrypted and decrypted file. Note any
differences between the original and the encrypted/decrypted file if any.
b) [20 pts] Download the example MD5 code and apply it to the Cactus image
(http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/EXAMPLES/Cactus-120kpixel.ppm) to
compute the MD5 for it – use the Linux “time” function and provide user and system
time required to compute the MD5. Now modify the 12K PPM Cactus image with a
program of your own design to hide the string “In Plain Sight” (in ASCII –
http://www.asciitable.com/) by modifying the RGB pixels every 10K pixels in the image
so that some function of the current R, G, B values encodes the ASCII character, but with
minimal change to the ratio of each compared to saturation – e.g. if the ASCII code is 73
decimal for ‘I’ and the original pixel is R=10, G=25, B=50, then you might re-encode to
subtract 12 from the 3 color bands equally for R=6, G=21, B=46 so that ‘I’=R+G+B).
Provide both image snapshots in your report (can you see a difference?) and provide
original and new MD5 (is there a difference).
4) [30 points] Concept – modify mini-shell (example code
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/EXAMPLES/Lab2-1/ ) to prompt you
for a username and password when it is run and embed 3 or more users (your UAA login, my
login ssiewert and guest) and give them initial passwords the same as their name, but allow
them to change their password to be stored in a binary file in your test directory called
.passwords with enigma encryption in case anyone copies this file. If .passwords does not
exist, have your mini-shell revert back to default passwords (a big security hole, but for ease
of testing your code). Provide a session that shows proper authentication, incorrect password
and failure to authenticate (should re-prompt 3 times and then go back to username prompt),
and ability to change a user passwd with “passwd” command like the standard Linux bash
shell. Provide an example of your .passwords file after all 3 passwords have been changed.
Passwords less than 8 characters long or those that are unchanged should be rejected by the
passwd command (invalid change) and password entered should be verified with a re-prompt
before being updated.
http://www.linuxjournal.com/video/linux-howto-secure-your-data-pgp
http://www.gnupg.org/
http://linuxreviews.org/howtos/gnupg/mini/
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/EXAMPLES/
http://www.asciitable.com/
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/EXAMPLES/Lab2-1/
Overall, provide a well-documented professional report of your findings, output, and tests so that
it is easy for a colleague (or instructor) to understand what you’ve done. Include any C/C++
source code you write (or modify) and Makefiles needed to build your code. I will look at your
report first, so it must be well written and clearly address each problem providing clear and
concise responses to receive credit.
Note: Linux manual pages can be found for all system calls (e.g. fork()) on the web at
http://linux.die.net/man/ – e.g. http://linux.die.net/man/2/fork
In this class, you’ll be expected to consult the Linux manual pages and to do some reading and
research on your own, so practice this in this first lab and try to answer as many of your own
questions as possible, but do come to office hours and ask for help if you get stuck.
Upload all code and your report completed using MS Word or as a PDF to Blackboard and
include all source code (ideally example output should be integrated into the report directly, but
if not, clearly label in the report and by filename if test and example output is not pasted directly
into the report). Your code must include a Makefile so I can build your solution on Ubuntu
VB-Linux or Beagle xM. Please zip or tar.gz your solution with your first and last name
embedded in the directory name.
Note 2: For your convenience, any example code posted at
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/ I will also copy to /tmp/src on
137.229.168.236, transformer.uaa.alaska.edu so you can scp it to your Beagle xM. E.g. use the
command scp –r
where you execute this command – e.g. here’s how I used it to grab a copy onto my VB-Linux:
Be careful to not do this to a location where you OVERWRITE your existing src directory!!
I would make a unique directory for each exercise to contain your sources (src) and make sure
you also backup what you develop onto your VB-Linux or at least one other machine. The scp
command is convenient and powerful for moving sources between Linux systems (and widely
used by systems programmers, but takes some getting used to).
http://linux.die.net/man/
http://linux.die.net/man/2/fork
http://www.cse.uaa.alaska.edu/~ssiewert/a320_code/
Grading Rubric
[20 points] Summary of Big Iron Lessons, Part 5 & 6:
[10 points] Part 5 Summary _________________________________________
[10 points] Part 6 Summary _________________________________________
[20 points] Download example simple Enigma encryption code:
[5 pts] Download, build, and run the example enigma code ________________
[5 pts] Modify the example code to use a substitution only _________________
[5 pts] What methods might you use to crack the enigma code? _____________
[5 pts] Capture of encryption device critical or not? _______________________
[30 points] Work with PGP for Linux:
[10 pts] Encrypt a file with a GPG public/private key pair, decrypt it _________
[20 pts] Download the example MD5 code and apply to Cactus image ________
[30 points] Concept – modify mini-shell to prompt for and manage passwords ________
