Tash J. SU10 Program In this task, you will review the characteristic of a SUID program and threats it bears when it is root-owned and vulnerable. a. While logged in as alexa, create the set VID program named uid_demo.c discussed in the class. Compile and create an executable file named a.out. Then make a.out a SUID program. b. Now, open a new terminal and log in as seed and test the setUID program. Is your SUID program working correctly? Add a screenshot and explain what is shown in the screenshot (10 pts) c. exit from alexa account Task 4: Symmetric-key encryption with Mode of Operation In this task, you will compare ECB and CBC modes with AES algorithm by encrypting a graphic file named pic original.bmp as shown below. You can download this file from the dropbox link, However, the resulting encrypted graphic file will not be recognized as.bmp file because the 54-byte header of the bmp file is also encrypted along with data. So, in order to display the encrypted graphic file, replace the first 54-byte header with that of the original file by using the following commands or GHex editor Stepl: extract 54 bytes from the original graphic file and save it to the file named header Shead - 54 pic_original.bmp > header Step2: encrypt the graphic using AES with each mode of operation using the following command % ene algorithm in plain tucpher in K001122115566772abeddet IV 0102030405000 - openssl isopen source implementation of secure socket layer/transport layer security (SSL/TLS). - ene indicates encryption decryption with a given algorithm - algorithm must be replaced by aes-256-ecb or -aes- 256-cbc. - -e: indicate encryption. Usedd for decryption --in: followed by the input, plain.txt, which is pic original.bmp - cipher.bin is the output file name as an encrypted image --K00112233445566778889 ahhoeddeeff indicates the ddtil --K 00112233445566778889aabbccddeeff indicates the actual key used in encryption and decryption. With-K option, the key must be represented as a string comprised only of hex digits. Note that the hex string is 256 bits. We are using AES-256. -If-K option is used, -iv option must be defined, which represents the actual IV as a string of hex digits. Note that the hex string for iv is 128 bits. The key size and iv size of AES is 128 bits. Step3: extract encrypted data only without the header from your encrypted file and save it to a file Stail +55 encrypted_file_name > encrypted_data_only Step4: concatenate the original header with the encrypted data only Scat header encrypted data only > resulting_encrypted_data.bmp Step3: view the encrypted images with Eye of GNOME Image Viewer (eog) Seog resulting_encrypted_data.bmp You will go through the steps described above for each required mode of operation and draw your conclusions by viewing the encrypted images. a. Attach two screenshots of the encrypted images with ECB and CBC (5 pts) b. Explain why ECB shows the outline of the original picture, though CBC does not. (5 pts) c. Where is the openssl (an executable file) located in the file system? You can find it using locate or find command. (5 pts) Task 5: Padding For block ciphers, padding may be required when the size of the plaintext is not the multiple of the block size. In this task, you will investigate how a specific padding standard called Public-Key Cryptography Standard (PKCS) affects the size of output when it is used with different modes of operation. With PKCS#5, if the size of a plaintext message is multiple of the block size of a chosen encryption algorithm, it adds a full block of a byte with a designated value to the plaintext message. For examples, if the size of the plaintext is 16bytes and AED-128 is used, the size of the encrypted message is 32 bytes. In order to conduct an experiment, we will do the following Stepl: Used the given plaintexts plain20.txt and plain32.txt Task 5: Padding For block ciphers, padding may be required when the size of the plaintext is not the multiple of the block size. In this task, you will investigate how a specific padding standard called Public-Key Cryptography Standard (PKCS) affects the size of output when it is used with different modes of operation. With PKCS#5, if the size of a plaintext message is multiple of the block size of a chosen encryption algorithm, it adds a full block of a byte with a designated value to the plaintext message. For examples, if the size of the plaintext is 16bytes and AED-128 is used, the size of the encrypted message is 32 bytes. In order to conduct an experiment, we will do the following. Step1: Used the given plaintexts plain20.txt and plain32.txt whose sizes are exactly 20 bytes and 32 bytes, respectively. Step2: Encrypt each file with AES algorithm by using ECB, CBC, CFB, OFB, CTR modes. Wisely choose the names of the encrypted files. Step3: Observe the sizes of the output for each encryption with each plaintext. a. Add a screenshot of ls -al command to show the sizes of all encrypted outputs. (5pts) b. Which mode of operation produces the same size of output as that of the plaintext? (2.5 pts) Why do those not produce additional bytes? (2.5 pts) c. Which modes of operation cannot be used for parallel encryption and decryption? Answer all. What is the reason? (5pts) Lab2 Linux Basics & Symmetric-key Crytography Points: 90 This lab is to configure the prompt of each VM with a new hostname and practice basic Linux commands and symmetric- key encryption and decryption. All the data needed for this lab is uploaded to the Dropbox as a ciphertext using AES. You need to decrypt the file to get the data. The key and IV used in the encryption of the data can be found in Step 2 of Task4. Task 1: Configuring the prompt For each VM, add the hostname to the prompt by following Slide 2-3 of Lecture2: Linux Basics. a. Attach three screenshots of prompts of three VMs. (5pts) Task 2: Basic commands of Linux a. Add a new user named alexa. Find the ID of alexa using grep command and attach a screenshot. (5pts) b. Login with the new user's ID using "su alexa" c. Create a directory named Test and set its permission so that others can cd to the directory but not read or write in the directory. Test if your permission setting is correct by logging in as seed. Add a screenshot of permission change and test the permission setting. (5pts) d. Create a file named hello under Test. What is the octal value of the permission of the file? What is the value of the umask? (5pts) e. Change the permission of hello so that the owner can read/write, the group read/write and others no permission and show the permission after the change. After the change, what will be displayed in the first nine columns of the command, "Is al hello"? ( 5pts) f. Now, move to the home directory of alexa. What will be the simplest command to do so? (5pts) g. Confirm where you are in the file system. What will be the command to check that? (5pts) h. Use "rm Test" to delete the directory. Were you able to delete the directory? If not, What is the reason? ( 5pts) i. What command must be used to get Step 8 successfully done? (5pts) j. Do not exit in order to continue the next task. Tash J. SU10 Program In this task, you will review the characteristic of a SUID program and threats it bears when it is root-owned and vulnerable. a. While logged in as alexa, create the set VID program named uid_demo.c discussed in the class. Compile and create an executable file named a.out. Then make a.out a SUID program. b. Now, open a new terminal and log in as seed and test the setUID program. Is your SUID program working correctly? Add a screenshot and explain what is shown in the screenshot (10 pts) c. exit from alexa account Task 4: Symmetric-key encryption with Mode of Operation In this task, you will compare ECB and CBC modes with AES algorithm by encrypting a graphic file named pic original.bmp as shown below. You can download this file from the dropbox link, However, the resulting encrypted graphic file will not be recognized as.bmp file because the 54-byte header of the bmp file is also encrypted along with data. So, in order to display the encrypted graphic file, replace the first 54-byte header with that of the original file by using the following commands or GHex editor Stepl: extract 54 bytes from the original graphic file and save it to the file named header Shead - 54 pic_original.bmp > header Step2: encrypt the graphic using AES with each mode of operation using the following command % ene algorithm in plain tucpher in K001122115566772abeddet IV 0102030405000 - openssl isopen source implementation of secure socket layer/transport layer security (SSL/TLS). - ene indicates encryption decryption with a given algorithm - algorithm must be replaced by aes-256-ecb or -aes- 256-cbc. - -e: indicate encryption. Usedd for decryption --in: followed by the input, plain.txt, which is pic original.bmp - cipher.bin is the output file name as an encrypted image --K00112233445566778889 ahhoeddeeff indicates the ddtil --K 00112233445566778889aabbccddeeff indicates the actual key used in encryption and decryption. With-K option, the key must be represented as a string comprised only of hex digits. Note that the hex string is 256 bits. We are using AES-256. -If-K option is used, -iv option must be defined, which represents the actual IV as a string of hex digits. Note that the hex string for iv is 128 bits. The key size and iv size of AES is 128 bits. Step3: extract encrypted data only without the header from your encrypted file and save it to a file Stail +55 encrypted_file_name > encrypted_data_only Step4: concatenate the original header with the encrypted data only Scat header encrypted data only > resulting_encrypted_data.bmp Step3: view the encrypted images with Eye of GNOME Image Viewer (eog) Seog resulting_encrypted_data.bmp You will go through the steps described above for each required mode of operation and draw your conclusions by viewing the encrypted images. a. Attach two screenshots of the encrypted images with ECB and CBC (5 pts) b. Explain why ECB shows the outline of the original picture, though CBC does not. (5 pts) c. Where is the openssl (an executable file) located in the file system? You can find it using locate or find command. (5 pts) Task 5: Padding For block ciphers, padding may be required when the size of the plaintext is not the multiple of the block size. In this task, you will investigate how a specific padding standard called Public-Key Cryptography Standard (PKCS) affects the size of output when it is used with different modes of operation. With PKCS#5, if the size of a plaintext message is multiple of the block size of a chosen encryption algorithm, it adds a full block of a byte with a designated value to the plaintext message. For examples, if the size of the plaintext is 16bytes and AED-128 is used, the size of the encrypted message is 32 bytes. In order to conduct an experiment, we will do the following Stepl: Used the given plaintexts plain20.txt and plain32.txt Task 5: Padding For block ciphers, padding may be required when the size of the plaintext is not the multiple of the block size. In this task, you will investigate how a specific padding standard called Public-Key Cryptography Standard (PKCS) affects the size of output when it is used with different modes of operation. With PKCS#5, if the size of a plaintext message is multiple of the block size of a chosen encryption algorithm, it adds a full block of a byte with a designated value to the plaintext message. For examples, if the size of the plaintext is 16bytes and AED-128 is used, the size of the encrypted message is 32 bytes. In order to conduct an experiment, we will do the following. Step1: Used the given plaintexts plain20.txt and plain32.txt whose sizes are exactly 20 bytes and 32 bytes, respectively. Step2: Encrypt each file with AES algorithm by using ECB, CBC, CFB, OFB, CTR modes. Wisely choose the names of the encrypted files. Step3: Observe the sizes of the output for each encryption with each plaintext. a. Add a screenshot of ls -al command to show the sizes of all encrypted outputs. (5pts) b. Which mode of operation produces the same size of output as that of the plaintext? (2.5 pts) Why do those not produce additional bytes? (2.5 pts) c. Which modes of operation cannot be used for parallel encryption and decryption? Answer all. What is the reason? (5pts) Lab2 Linux Basics & Symmetric-key Crytography Points: 90 This lab is to configure the prompt of each VM with a new hostname and practice basic Linux commands and symmetric- key encryption and decryption. All the data needed for this lab is uploaded to the Dropbox as a ciphertext using AES. You need to decrypt the file to get the data. The key and IV used in the encryption of the data can be found in Step 2 of Task4. Task 1: Configuring the prompt For each VM, add the hostname to the prompt by following Slide 2-3 of Lecture2: Linux Basics. a. Attach three screenshots of prompts of three VMs. (5pts) Task 2: Basic commands of Linux a. Add a new user named alexa. Find the ID of alexa using grep command and attach a screenshot. (5pts) b. Login with the new user's ID using "su alexa" c. Create a directory named Test and set its permission so that others can cd to the directory but not read or write in the directory. Test if your permission setting is correct by logging in as seed. Add a screenshot of permission change and test the permission setting. (5pts) d. Create a file named hello under Test. What is the octal value of the permission of the file? What is the value of the umask? (5pts) e. Change the permission of hello so that the owner can read/write, the group read/write and others no permission and show the permission after the change. After the change, what will be displayed in the first nine columns of the command, "Is al hello"? ( 5pts) f. Now, move to the home directory of alexa. What will be the simplest command to do so? (5pts) g. Confirm where you are in the file system. What will be the command to check that? (5pts) h. Use "rm Test" to delete the directory. Were you able to delete the directory? If not, What is the reason? ( 5pts) i. What command must be used to get Step 8 successfully done? (5pts) j. Do not exit in order to continue the next task