IS 336 PRINCIPLES OF SYSTEM SECURITY

GROUP ASSIGNMENT 2
NO NAME REGISTRATION NO: COURSE

1 NADEIT, JEREMIAH DAUD 2021-04-09281 BIT

2 JOHN, JAMES ZACHARIA 2021-04-13269 CS

3 ERNEST,YUSTO RAPHAEL 2021-04-01747 BIT

4 MSUYA,IDRISSA WAHABU 2021-04-08127 BIT

5 LOTH, MEDSON MANASE 2021-04-04848 CS

Badges
Badges
Badges
Badges
1: Introduction to Cryptography
In the realm of cybersecurity, cryptographic techniques play a pivotal
role in safeguarding sensitive information and ensuring secure
communication channels.
One fundamental aspect of cryptography is encryption, which involves
transforming plaintext data into ciphertext using various algorithms and
keys. This process protects sensitive information from unauthorized
access and interception by encrypting it in a form that is unreadable
without the proper decryption key.
1: Introduction to Cryptography
The use of encryption techniques, such as the Caesar Cipher and Transposition
Cipher, highlights the historical evolution of cryptographic methods. However,
these techniques have vulnerabilities, such as susceptibility to brute force
attacks and frequency analysis, which can compromise the confidentiality of
encrypted data. Therefore, it is crucial to utilize strong encryption methods that
are practically secure, making it infeasible for adversaries to recover the original
message within a reasonable timeframe.

Symmetric encryption, exemplified by algorithms like DES and AES, employs a

single key for both encryption and decryption. While offering advantages in
terms of efficiency and simplicity, symmetric encryption faces scalability
challenges as the number of users increases due to the need for multiple keys
and key exchange complexities. However, it remains a vital tool for providing
confidentiality, integrity, and authenticity in encrypted communication.
1: Introduction to Cryptography
Asymmetric encryption, on the other hand, employs a key pair consisting of a public key and a private
key. This setup eliminates the need for a secure key exchange channel, as only the public keys are
exchanged, not the private ones. Asymmetric encryption algorithms, such as RSA, offer essential
security features like confidentiality, integrity, authenticity, and nonrepudiation, making them
indispensable for secure communication protocols.

Cryptographic hash functions play a crucial role in ensuring data integrity and authenticity by
generating fixed-size checksums, or message digests, from arbitrary data inputs. These functions
provide robust mechanisms for password storage, data integrity verification, and constructing
advanced cryptographic techniques like HMAC. Additionally, hash functions are utilized in the
construction of secure web communication protocols, where PKI and SSL/TLS certificates play a central
role in verifying the authenticity of servers and establishing encrypted connections.
1: Introduction to Cryptography
In the realm of password security, cryptographic techniques are employed to protect
sensitive user credentials stored in databases. Practices like salting and key derivation
functions enhance the security of password storage mechanisms, mitigating the risks
associated with data breaches and unauthorized access. By leveraging these
cryptographic practices, organizations can uphold the confidentiality, integrity, and
authenticity of user credentials and ensure the secure transmission of sensitive
information over communication channels.

Overall, the effective application of cryptographic techniques is essential for safeguarding

sensitive information, protecting data integrity, and ensuring secure communication in
the digital age. By understanding the principles and best practices of encryption,
organizations can mitigate cybersecurity risks, enhance data privacy, and maintain trust
and confidence among users and stakeholders.
2: Encrypting HTTP using SSL/TLS
How does HTTPS activity work?
HTTPS keeps passwords, communications and credit card details safe
on the wire between your computer and the servers you want to send
this data.
What is HTTPs and what does it do?
HTTPs stands for Hypertext Transfer protocol suite. It encrypts data
exchanged between browser/client and server. It also provides
confidentiality with the help of SSL and TLS.
SSL stands for Secure Socket Layer. It provides encryption,
authentication and data integrity for internet communication but it
later replaced by TLS for security and vulnerabilities limitations.
2: Encrypting HTTP using SSL/TLS
Purposes of SSL.
a.Verifying that your talking directly to the server that you think you’re talking to.
b.Ensuring that only the server can read what you send and only you can read what it sends back.
TLS stands for Transport Layer security. It replaces SSL as it secure various internet protocol.
How SSL Connection is Established?
Goals of SSL.
a.To satisfy client that it is talking to the right server.
b.For parties to have agree on a “cipher suite” which includes algorithm they will use to exchange
data.
c.For parties to have agreed on any necessary keys for this algorithm.
2: Encrypting HTTP using SSL/TLS
Handshake Phases
1.Hello: The handshake begins with the client sending a ClientHello
message. This contains all the information the server needs in order to
connect to the client via SSL, including the various cipher suites and
maximum SSL version that it supports. The server responds with a
ServerHello, which contains similar information required by the client,
including a decision based on the client’s preferences about which
cipher suites and version of SSL will be used.
Cipher suite is a set of cryptographic algorithms and it contains key
exchange, encryption and message authentication.
2: Encrypting HTTP using SSL/TLS
2: Encrypting HTTP using SSL/TLS
2.Key Exchange: here the encryption of actual message data exchanged
by client and server will be done using symmetric algorithm. It uses
single key for both encryption and decryption. Securely using
asymmetric encryption and server’s public and private key.
3.Certificate Exchange: here server has to prove its identity to the
client. The SSL certificate includes name of the owner,
property(domain), certified public key and digital signature. The client
checks for implicit trust.
2: Encrypting HTTP using SSL/TLS
Sensible reasons why to trust a certificate.
a.If it’s on a list of certificates that you trust implicit.
b.If it’s able to prove that is trusted by the controller of one of the certificates
on the above list.
Steps to trust a certificate.
a.Pre-installed list of trusted SSL certification for Certificate Authorities (CAs).
b.Signature.
Digital Signatures.
Client uses server’s public key to encrypt the symmetric key and send it
securely to server and server uses its private key to decrypt it.
2: Encrypting HTTP using SSL/TLS
Fun Facts.
Alice and Bob, standard placeholders in cryptography, represent two
communicating parties aiming to exchange information securely, while
Eve symbolizes an adversary attempting to intercept or tamper with the
communication. Through this trio, such as encryption, authentication,
and secure communication protocols are illustrated, aiding in the
analysis and development of robust cryptographic solutions against
potential threats posed by adversaries like Eve.
2: Encrypting HTTP using SSL/TLS
3: Breaking RSA encryptions
RSA stands for Rivest-Shavir-Adleman. It is a public-key cryptosystem
established in 1977 to describe an algorithm. It is oldest widely used for
secure data transmission.
In apublic key cryposystem, the encryprion key is public and distinct
from the decryption key which is kept secret(private).
RSA user creates and publishes a public key based on two large
numbers along with auxiliary value. Here prime numbers are kept
secret.
RSA is used to transmit shared keys for symmetric key cryptography
which are used for bulk encryption and decryption.
3: Breaking RSA encryptions
Steps for RSA algorithm.
a. Key generation.
b. Key distribution.
c. Encryption.
d. Decryption.
 Part 03
• Step 01: Clone the RSA tool from the git hub repository : git clone
https://github.com/RsaCtfTool/RsaCtfTool.git
• Step 02: Update the the libraries: sudo apt-get install libgmp3-dev libmpc-dev
• Step 03: Download dependecies: pip3 install -r "requirements.txt"
• Step 04: Use the tool to decrypt using the command:
python3 RsaCtfTool.py -n
6099835333221774024685803141390900069398779553342450682614696778061694340400690697709285357
0108636494198342809093379574585389674645847262045749199349951179853674766819718685785088799
0812746855062415626715645223089415186093589721763366994454776521466115355580659841153428179
997121984448771910872629371808169183 -e
3878253927872009066766311989610980709123328654421375399194137147903101396537130775865576544
0956545975213343900928084396585678915196286019383025824442414923004683247595985277113450375
4778007132465468717789936602755336332984790622132641288576440161244396963980583318569320681
953570111708877198371377792396775817 --decrypt
5800877046546527185480723477670877134416783750710004985649633532353745117770983334851903943
6685965120045368875723182950585855272528031187046209501776144472788010074832487490683529676
9310122754627620933554008332091299159978573396458947155647454747215038440028347688779707172
885517390987973184407689583941483511