No More Worries!

image Our orders are delivered strictly on time without delay

Paper Formatting

  • Double or single-spaced
  • 1-inch margin
  • 12 Font Arial or Times New Roman
  • 300 words per page

No Lateness!

image Our orders are delivered strictly on time without delay

Our Guarantees

image

  • Free Unlimited revisions
  • Guaranteed Privacy
  • Money Return guarantee
  • Plagiarism Free Writing

Introduction to Information Security

Project 3:
All Things Cryptography
Project Files and PDF/docx Templates:
You can download a zip file with the starter files here.
Goals of the Project:
● Understand and advance their knowledge of cryptography and hashing
● Understanding how these are implemented by working through examples
● Understanding how and why the exploit could be completed on vulnerable systems
Information:
Before starting, make SURE you are using Python VERSION 3.7.x OR LOWER. Version 3.8 includes
some functionality that may not be compatible with the autograder environment, which runs Python
Version 3.6.7. To check your version of Python, open a command prompt and run the command:
python –version
For the established algorithms that you may need to use, you are allowed to reference and implement
pseudocode with PROPER CITATION. What is Pseudocode? https://en.wikipedia.org/wiki/Pseudocode
UNDER NO CIRCUMSTANCES should you copy/paste code into the project. Doing so is an honor code
violation (not to mention a real world security concern) and will result in a zero (Refer to syllabus for
more information).
The final deliverables:
You will submit gt_user_id_project3.pdf in 2 places.

  1. Project 3 – Essay on Gradescope.
  2. Project 3: Cryptography on Canvas.
    Submission name format is gt_user_id_project3.pdf. ex: ctaylor308_project3.pdf
    You will submit gt_user_id_project3.py in 2 places.
  3. Project 3 – Autograder on Gradescope.
  4. Project 3 .py file: Auto-Graded Portion on Canvas.
    Submission name format is gt_user_id_project3.py. ex: ctaylor308_project3.py
    Notes:
    ● Please ensure you submit BOTH files EVERY time you submit. If you do not, your submission might
    not be graded and you WILL receive a 0.
    ● If you do not submit to both (Canvas and Gradescope), you will receive a 0. This is
    non-negotiable and will be enforced heavily.
    ● Your written report must be submitted in the Joyner Document Format (JDF). A template has been
    provided for you in Microsoft Word format, but you may find further useful resources here.
    ● You MUST provide citations in JDF format which uses APA style; weblinks alone do NOT count.
    Refer to sections “3.1 In-line citations”, “3.2 Reference lists”, and “4 References”.
    ● We know Canvas adds -x (x being a number) to the end of your resubmissions. That is okay.
    Plagiarism will not be tolerated! For information: GT Academic Honor Code and the Syllabus.
    1
    GT CS 6035: Introduction to Information Security
    Intro :
    RSA is one of the most widely-used public key cryptosystems in the world. It’s composed of three
    algorithms: key generation (Gen), encryption (Enc), and decryption (Dec). In RSA, the public key is
    a pair of integers (𝑒, 𝑁), and the private key is an integer 𝑑.
    The key pair is generated by the following steps:
  5. Choose two distinct big prime numbers with the same bit size, say 𝑝 and 𝑞.
  6. Let 𝑁 = 𝑝 ∗ 𝑞, and φ(𝑁) = (𝑝 − 1) ∗ (𝑞 − 1).
  7. Pick up an integer 𝑒, such that 1 < 𝑒 < φ(𝑁) and 𝑔𝑐𝑑(𝑒, φ(𝑁)) = 1.
  8. Get the modular inverse of 𝑒: 𝑑 ≡ 𝑒 .
    −1
    𝑚𝑜𝑑 φ(𝑁) (𝑖. 𝑒., 𝑑 ∗ 𝑒 ≡ 1 𝑚𝑜𝑑 φ(𝑁))
  9. Return (𝑁, 𝑒) as public key, and d as private key.
    Enc – To encrypt integer m with public key (𝑁, 𝑒), the cipher integer 𝑐 ≡ 𝑚 .
    𝑒 𝑚𝑜𝑑 𝑁
    Dec – To decrypt cipher integer c with private key d, the plain integer 𝑚 ≡ 𝑐 .
    𝑑
    𝑚𝑜𝑑 𝑁
    Task 1 – Warm-up, Get Familiar with RSA – (5 points)
    The goal of this task is to get you familiar with RSA. You are given an RSA key pair (𝑁, 𝑒)and 𝑑, and
    a unique encrypted message 𝑐. You are required to get the decrypted message𝑚.
    TODO: In the provided project_3.py file, implement the stub method task_1. Hint: Don’t
    overthink it, this can be done with a single Python command…
    def task_1(self, n_str: str, d_str: str, c_str: str) -> str:

TODO: Implement this method for Task 1

n = int(n_str, 16)
d = int(d_str, 16)
c = int(c_str, 16)
m = 0
return hex(m).rstrip(‘L’)
2
GT CS 6035: Introduction to Information Security
Task 2 – Warm-up, Get Familiar with Hashes (7 points)
By now we’ve learned that hashes are one-way functions. Because of this unique feature,
passwords are often stored as hashes in order to protect them from prying eyes. Even if a hacker
infiltrated our state-of-the-art Georgia Tech security systems, he or she would not be able to derive
the plaintext passwords from the hashes. But what if we made the critical mistake of using a
common password? How safe would we be?
Let’s find out…
You are given a list of some of the most commonly-used passwords on the Internet. You are also
given the SHA256 hash of a password randomly selected from this list. Your job is to discover the
plaintext password behind the hash.
The complete list of common passwords is pre-loaded for you in project_3.py.
TODO: In the provided project_3.py file, implement the stub method task_2.
def task_2(self, password_hash: str) -> str:

TODO: Implement this method for Task 2

password = common_password_list[0]

This is how you get the SHA-256 hash:

hashed_password = hashlib.sha256(password.encode()).hexdigest()
return password
Reflection
In a maximum of 200 words, address the following prompt:
● Knowing that a lot of people like to use these common passwords, make one suggestion
for how you could implement improved password security.
3
GT CS 6035: Introduction to Information Security
Task 3 – Kernelcoin Part 1 (9 points)
Background: A blockchain is a distributed, immutable ledger that derives its security, in part, from a
chain of cryptographic hash values. For more detail, please read Section II of Hassan et al.,
Blockchain and the Future of the Internet: A Comprehensive Review, arXiv:1904.00733v1 (23 Feb.
2019), available online at: https://arxiv.org/pdf/1904.00733.pdf.
Today is your lucky day! You’ve discovered a brand new cryptocurrency called Kernelcoin (symbol:
RTI). There are rumors that Costco will soon announce Kernelcoin as the preferred payment
method in its warehouse stores. This news is sure to send the price of Kernelcoin to the moon, and
Kernelcoin holders to the nearest Lamborghini dealership.
You plan to start mining Kernelcoin so that you can earn even more. In order to do so, you need to
create a valid block to append to the previous block. A valid block contains the lowest nonce value
that, when concatenated with the transaction string, and the hash of the previous block (in that
order, i.e. nonce + transaction string + previous block hash), will produce a SHA256 hash with two
leading zeros (the proof-of-work for this particular blockchain). Transaction strings have the syntax
“UserID1:UserID2:X”, indicating that UserID1has transferred X Kernelcoin to UserID2. You are given
all of these values, and your goal is to find the lowest possible nonce value for the resulting block.
TODO: In the provided project_3.py file, implement the method task_3.
def task_3(self, user_id_1: str, user_id_2: str, amount: int, prev_block_hash:
str) -> int:

TODO: Implement this method for Task 3

nonce = 0
return nonce
Reflection
In a maximum of 200 words, address the following prompt:
The kernelcoin blockchain uses a proof-of-work scheme as a consensus mechanism (i.e., finding a
hash with a certain number of leading zeros).
● Name and briefly explain an alternative consensus mechanism.
● List its strengths and weaknesses compared to proof-of-work.
4
GT CS 6035: Introduction to Information Security
Task 4 – Kernelcoin Part 2 (9 points)
Sure enough, once /r/WallStreetBets found out about Kernelcoin the price rose to nosebleed levels.
The Kernelcoin that you mined is now worth a fortune! Feeling generous, you decide to donate a
small portion of your gains to Georgia Tech so that the school can give its TAs a much-deserved
raise. As you prepare to send the transaction, you start to wonder how Kernelcoin verifies that
transactions are valid…
After doing some research you find that a Kernelcoin transaction is hashed and encrypted with
your private key to create a digital signature. This signature is broadcast to the network along with
the original transaction string. If the signature checks out, then the transaction is a candidate for
inclusion in the next block.
TODO: In the provided project_3.py file, finish the code for signing a Kernelcoin transaction in
the method task_4. (You may find the code that you wrote in Task 1 helpful for this.)
def task_4(self, from_user_id: str, to_user_id: str, amount: int, d: int, e: int,
n: int) -> int:

TODO: Implement this method for Task 4

return signature
Reflection
In a maximum of 200 words, address the following prompt:
Imagine that you are coding a function that accepts a Kernelcoin transaction string and a digital
signature. The public address of the signer is also passed to the function. The purpose of the
function is to verify the validity of the transaction (i.e. it returns a boolean value).
● Explain the high-level steps necessary to implement this function. No code is required. You
should use your own words.
5
GT CS 6035: Introduction to Information Security
Task 5 – Attack A Small Key Space (15 points)
The algorithm you search for is dirt simple which makes it hard for attackers to traverse the entire
key space with limited resources. Now, you’re given a unique RSA public key with a relatively small
key size (64 bits).
Your goal is to get the private key.
TODO: In the provided project_3.py file, implement the method get_factors. 𝑛 is the given
public key, and your goal is to get its factors.
def get_factors(self, n: int):

TODO: Implement this method for Task 5, Step 1

p = 0
q = 0
return p, q
TODO: In the provided project_3.py file, implement the method
get_private_key_from_p_q_e to get the private key.
def get_private_key_from_p_q_e(self, p: int, q: int, e: int):

TODO: Implement this method for Task 5, Step 2

d = 0
return d
Reflection
In a maximum of 500 words, address the following prompts:
Explain in your own words how you were able to get the private key.
● What were the steps you followed?
● What was the underlying mathematical principle?
6
GT CS 6035: Introduction to Information Security
Task 6 – Where’s Waldo (25 Points)
Read the paper “Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices”,
which can be found at: https://factorable.net/weakkeys12.extended.pdf. You will not be able to
understand the purpose of this task nor write about it properly in your essay unless you read the
entire paper. Do not skip it, do not skim it, read the whole of it.
You are given a unique RSA public key, but the RNG (random number generator) used in the key
generation suffers from a vulnerability described in the paper above. In addition, you are given a list
of public keys that were generated by the same RNG on the same system. Your goal is to get the
unique private key from your given public key using only the provided information.
TODO: In the provided project_3.py file, implement the method task_6. (More information
about Waldo, and why everyone keeps looking for him can be found here:
https://en.wikipedia.org/wiki/Where%27s_Wally%3F. Knowledge of “Where’s Waldo?” isn’t strictly
necessary to solve this task, but it might give you a nudge in the right direction…)
def task_6(self,
given_public_key_n: int,
given_public_key_e: int,
public_key_list: list) -> int:

TODO: Implement this method for Task 6

d = 0
return d
Reflection
In a maximum of 500 words, address the following prompts:
● Why is the public key used in this task vulnerable? Explain this in your own words. Please
talk about the potential problems with the key generation and the associated mathematical
principles in your answer.
● What steps did you take to derive the private key result in this task? Please discuss the
underlying mathematical principles at a high level and explain how you arrived at your
answer.
7
GT CS 6035: Introduction to Information Security
Task 7 – Broadcast RSA Attack (30 Points)
A message was encrypted with three different 1,024-bit RSA public keys, resulting in three different
encrypted messages. All of them have the public exponent 𝑒 = 3.
You are given the three pairs of public keys and associated encrypted messages. Your job is to
recover the original message.
TODO: In the provided project_3.py file, implement the method task_7.
def task_7(self,
n_1_str: str, c_1_str: str,
n_2_str: str, c_2_str: str,
n_3_str: str, c_3_str: str) -> str:
n_1 = int(n_1_str, 16)
c_1 = int(c_1_str, 16)
n_2 = int(n_2_str, 16)
c_2 = int(c_2_str, 16)
n_3 = int(n_3_str, 16)
c_3 = int(c_3_str, 16)
msg = ”
m = 0

Solve for m, which is an integer value,

the line below will convert it to a string

msg = bytes.fromhex(hex(m).rstrip(‘L’)[2:]).decode(‘UTF-8’)
return msg
Reflection
In a maximum of 500 words, address the following prompts:
● How does the broadcast RSA attack work?
● What causes the vulnerability?
● Explain this in your own words and explain at a high level the mathematical principles
behind it.
● Explain how you recovered the message, ensuring that you give thorough detail on all of
your steps.

Sample Solution

Chinese militarization in the Spratly Islands has proven much more contentious in recent years as they have seen both rapid island reclamation as well as the introduction of unprecedented military capabilities. Moreover, the Spratly Islands are contested by China, Vietnam, Taiwan, the Philippines and Malaysia, and all have established constructions on some of the islands. China has been by far the most active in the expanding and equipping its islands, including the construction of large anti-aircraft guns. Experts also suspect that close-in weapons systems (CIWS) have been introduced to some of the islands to protect against cruise missile strikes. The placement of these defences shows how China is willing to defend these islands and are prepared to respond in the case of an attack. Of the islands China has developed, Fiery Cross, Mischief and Subi Reefs are the by far the most advanced (see Figure 3). Each has enough hangars to accommodate 24 combat aircraft and four larger transport planes, bunkers to house missile launchers, as well as radars that allow for the monitoring of the surrounding area (AMTI 2017). By March 2018, China had verifiably landed military transport aircraft on all three of its main islands in the Spratlys marking a major milestone in developing its military capabilities in the region. According to U.S. intelligence, China also deployed YJ-13B anti-ship cruise missiles and HQ-9B surface to air missiles on the 2nd May. Offensive capabilities such as air power, radars and missiles give China a sizable advantage in the region, causing concern for both the U.S. and other claimant countries. Overall, China’s military capabilities in the SCS are unparalleled, with Admiral Philip Davidson, Head of US Pacific Command stating that “China is now capable of controlling the South China Sea in all scenarios short of war with the United States” (CNN 2018). Figure 4 shows the observed, reported and expected capabilities China has or is likely to have from its four most equipped islands: Woody island in the Paracels and Firey Cross, Mischief and Subi Reef in the Spratlys. Once these capabilities are fully operational, China will have comprehensive control over the region. This military capacity gives China the upper hand in diplomacy and as of present, has granted it immunity from abiding to international arbitration. Further militarization has shown China’s commitment to its sovereignty claims and the lack of commitment it has to abiding by UNCLOS. The long-standing failure to comply with international l
PLACE AN ORDER NOW

Price Calculator

Subject:
Type:
Pages/Words:
Single spaced
approx 275 words per page
Urgency:
Level:
Currency:
Total Cost:

12% Discount

image

  • Research Paper Writing
  • Essay Writing
  • Dissertation Writing
  • Thesis Writing

Why Choose Us

image

  • Money Return guarantee
  • Guaranteed Privacy
  • Written by Professionals
  • Paper Written from Scratch
  • Timely Deliveries
  • Free Amendments