Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1) Alice and Bob are communicating(digitally). You think they may be encrypting

ID: 3883699 • Letter: 1

Question

1) Alice and Bob are communicating(digitally). You think they may be encrypting their transmissions. Suppose you manage to intercept a part of communication between alice and bob. Lets say you get a chunk of a few megabytes of data; you dont know if its a text or part of a video.

a) what steps would you take to see if the intercept was encrypted? your solution should be effective(i.e efficient and implementable)

2) a)The Diffie- Hellman key protocol employs a primitive root. Suppose that you were not allowed to use a base value of g that is primitive root.Redesign the protocol to make it work- you want to make the protocol as secure as possible and discuss how to choose your (non primitive) g and why would you do it this way and quantify the security change in doing so. give a primitive root g, explicitly construct your base value from g.

b)The Diffie-Hellman protocol employs a prime modulus. Suppose that you were not allowed to use a modulus p that is prime. You must use an odd modulus and it has to be square free(i.e. not divisible by any the square of any prime) but it cant be prime. Redesign the protocol to make it work- you want to make the new protocol as safe as possible and discuss how to choose your (non- prime modulus) and why would you do it this waay and quantify the security in doing so.

Explanation / Answer

Given Alice and Bob are communicating(digitally) and it is assumed that they may be encrypting their transmission. Its given that if I manage to intercept a part of communication between them and I don't know its type and still I want to know whether the intercepted data is encrypted or not.

See its really difficult to check whether any given data is encrypted or not. Although there are a few tools which can help us evaluate the content of packet captures to determine if the traffic if the traffic is encrypted or just obfuscated.

One of them is String Utility (Unix Tool: To be performed on Unix/Linux Platform):

The strings utility can be used to evaluate the contents of a packet capture to pull out any content that is within the ASCII character set. First, for a packet capture I know to contain unencrypted content. Consider the captured data file id cap1.dump:

In Terminal:

This content isn't particularly illustrative, since these strings aren't ASCII words or other content that would immediately identify the presence of unencrypted traffic. We can modify the strings command to only show longer strings by adding the "-n" argument:

This is more interesting, allowing us to easily recognize plaintext strings representing hostnames and Windows client traffic. It's not always this easy though; consider the case of obfuscated traffic, even something as simple as XOR with a fixed value. This would obscure the presence of plaintext strings, but not actually be encrypted.

Another tool can be Packet Payload Histogram:

We have a golden rule with encryption: encrypted content should be indistinguishable from random content. This is an attribute we can use to visually assess the bytes of a packet payload. A packet payload histogram tool reads through a packet capture and counts how frequently each byte of packet payload occurs. My pcaphistogram tool identifies TCP and UDP packets, counting the payload data and creating a gnuplot-compatible script to graph the results. Lets look at an example using the capturte1.dump packet capture:

You can check the generated Image which is in png format. You can check the histogram which plots a graph of Frequency Vs Byte Values in which the “+” signs map out the frequency of each byte of the packet capture with frequency on the Y-axis and the byte values themselves (in hex) on the X-axis. You can determine whether the data is encypted or not by analyzing the bytes. If the content appears randomly, its an attribute of Encrypted Traffic.

You can also study about Entropy Analysis with Ent to study more about the encyption and check whether any data is encrypted or not.

Related Questions

1) According to Freud, the _________ is the thinking element of the mind, which
Question #3466756
1) According to Le Châtelier\'s principle, if the volume of the vessel containin
Question #878536
1) According to Model 1, the average increase in sales (in million) per quarter
Question #2909604
1) According to Newton\'s third law, each team in a tug of war(Fig. 4-31) pulls
Question #1668932
1) According to The Arthur M. Sackler Gallery and Freer Gallery of Art, “The Gre
Question #3499664
1) According to a particular survey of 1,400 dog owners, approximately 61% of al
Question #3067658
1) According to a recent regression result, you find that GM stock has a market
Question #2792525
1) According to a study done by De Anza students, the height for Asian adult mal
Question #2922019

Navigate

Previous
1) Alex just started his first job as a new manager after he graduated from coll
Next
1) All atoms consist of a central nucleus surrounded by one or more orbital elec

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.