Compare commits

..

21 Commits

Author SHA1 Message Date
064c6bf599 Removed unssesary /
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-31 12:31:05 +00:00
b01f672c15 Finished Computer Security
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-31 11:07:50 +00:00
f798fd98a2 fix: spelling
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-30 16:32:06 +00:00
546f20f261 Finished question 2
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-13 23:11:04 +00:00
37e7b11a7f Started working on question 2
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-13 20:47:17 +00:00
a2ca86c82e Done 1.4
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-12 19:11:04 +00:00
5597311f67 Typed initial answer to 1.3 2023-12-11 21:13:32 +00:00
c3149da051 Fixed protocol
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-11 18:18:47 +00:00
6911a16ab1 Fixed protocol
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-07 20:21:10 +00:00
c7f331cb56 Finished 1.2
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-02 17:49:09 +00:00
c8acc8a00d Added question 2
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-01 19:55:06 +00:00
0afb4d093a Fix quotations
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-01 18:13:07 +00:00
aac17e07fb Add drone
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-01 18:11:08 +00:00
506076f5a4 Fixed cw2 file name
Some checks failed
continuous-integration/drone/push Build is failing
2023-12-01 18:09:34 +00:00
2374a814b5 Fixed cw2
All checks were successful
continuous-integration/drone/push Build is passing
2023-12-01 18:08:08 +00:00
64be075085 Test
Some checks failed
continuous-integration/drone/push Build is failing
2023-12-01 18:05:16 +00:00
ac6f905357 Update the second cw
Some checks failed
continuous-integration/drone/push Build is failing
2023-12-01 18:03:33 +00:00
866b5dbbfa updated second cw
Some checks failed
continuous-integration/drone/push Build is failing
2023-12-01 18:01:28 +00:00
545b8c9957 removed litting
Some checks failed
continuous-integration/drone/push Build is failing
2023-12-01 17:58:13 +00:00
39a6fbde61 add second cw
Some checks reported errors
continuous-integration/drone/push Build encountered an error
2023-12-01 17:55:41 +00:00
d21224ac4c Moved the first course work to a new folder
Some checks failed
continuous-integration/drone/push Build is failing
2023-11-21 13:30:17 +00:00
39 changed files with 834 additions and 58 deletions

View File

@ -4,69 +4,76 @@ type: exec
name: Build and deploy
steps:
- name: Linting
commands:
- bash linting.sh
- name: Build Cw1
commands:
- cd firstcw/cw
- pdflatex cw.tex
# Prepare bib
- /usr/bin/vendor_perl/biber cw
# Compile twice for the table of contents and for bib text
- pdflatex cw.tex
- pdflatex cw.tex
- cd -
- name: Build UPDS-1
commands:
- cd cw
- pdflatex cw.tex
# Prepare bib
- /usr/bin/vendor_perl/biber cw
# Compile twice for the table of contents and for bib text
- pdflatex cw.tex
- pdflatex cw.tex
- cd -
- name: Build Cw2
commands:
- cd secondcw/cw
- pdflatex cw.tex
# Prepare bib
- /usr/bin/vendor_perl/biber cw
# Compile twice for the table of contents and for bib text
- pdflatex cw.tex
- pdflatex cw.tex
- mv cw.pdf cw2.pdf
- cd -
# - name: Build Report
# commands:
# - cd report
# - cp ../upds-1/UPDS-content.tex UPDS-1-content.tex
# - cp ../upds-2/UPDS-content.tex UPDS-2-content.tex
# - pdflatex report.tex
# # Prepare bib
# - /usr/bin/vendor_perl/biber report
# # Compile twice for the table of contents and for bib text
# - pdflatex report.tex
# - cd -
#
# - name: Generate text
# commands:
# - pnpm i
# - pnpm ts-node main.ts report/report.tex
# - name: Build Report
# commands:
# - cd report
# - cp ../upds-1/UPDS-content.tex UPDS-1-content.tex
# - cp ../upds-2/UPDS-content.tex UPDS-2-content.tex
# - pdflatex report.tex
# # Prepare bib
# - /usr/bin/vendor_perl/biber report
# # Compile twice for the table of contents and for bib text
# - pdflatex report.tex
# - cd -
#
# - name: Generate text
# commands:
# - pnpm i
# - pnpm ts-node main.ts report/report.tex
- name: gitea_release
environment:
TOKEN:
from_secret: token
commands:
- tea login add --url https://git.andr3h3nriqu3s.com --token "$TOKEN"
- tea r rm -y current || echo "Release not found"
# - tea r c --title "Latest Report" --asset report/report.pdf --asset upds-1/UPDS12-1.pdf --asset upds-2/UPDS12-2.pdf --asset results.txt --asset poster/poster.pdf current
- tea r c --title "1st cw work" --asset cw/cw.pdf first-cw-work
- name: gitea_release
environment:
TOKEN:
from_secret: token
commands:
- tea login add --url https://git.andr3h3nriqu3s.com --token "$TOKEN"
- tea r rm -y latest || echo "Release not found"
- tea r c --title "Latest" --asset firstcw/cw/cw.pdf --asset secondcw/cw/cw2.pdf latest
- name: Remove current on failure
environment:
TOKEN:
from_secret: token
commands:
- tea login add --url https://git.andr3h3nriqu3s.com --token "$TOKEN"
- tea r rm -y current || echo "Release not found"
trigger:
status:
- failure
when:
status:
- failure
- name: Remove current on failure
environment:
TOKEN:
from_secret: token
commands:
- tea login add --url https://git.andr3h3nriqu3s.com --token "$TOKEN"
- tea r rm -y latest || echo "Release not found"
trigger:
status:
- failure
when:
status:
- failure
#- name: latest
# environment:
# TOKEN:
# from_secret: token
# commands:
# - tea r rm -y "3rd-metting" || echo "Release not found"
# - tea r c --title "Last Metting Report" --asset report/report.pdf --asset upds-1/UPDS12-1.pdf --asset upds-2/UPDS12-2.pdf "3rd-metting"
# - name: latest
# environment:
# TOKEN:
# from_secret: token
# commands:
# - tea r rm -y "3rd-metting" || echo "Release not found"
# - tea r c --title "Last Metting Report" --asset report/report.pdf --asset upds-1/UPDS12-1.pdf --asset upds-2/UPDS12-2.pdf "3rd-metting"
trigger:
branch:

1
secondcw/aes256key Normal file
View File

@ -0,0 +1 @@
e><3E>Џ<EFBFBD>2<EFBFBD>Yu<>уW<D183> И( `НЕ№ШЙТ<D099>м<EFBFBD>

View File

@ -0,0 +1,74 @@
/*
* Coursework 2 PI protocol
*/
usertype String;
usertype Timestamp;
usertype Sessionkey;
hashfunction Mac;
protocol protocolPI(Network, Application, Phone) {
/* Role R - Phone
*
* has keys k(N,R)
*
*/
role Phone {
var SesK: SessionKey;
var tl: Timestamp;
recv_keysPhone(Network, Phone, {Mac(SesK, tl)}k(Network, Phone), {SesK, tl}k(Network, Phone));
var mApp: String;
recv_1(Application,Phone, {mApp}SesK);
fresh mPhone: String;
send_2(Phone,Application, {mApp, mPhone}SesK);
}
/* Role S - Application
*
* has keys k(N,S)
*
*/
role Application {
send_refreshKeys(Application,Network, Application, Phone);
var SesK: SessionKey;
var tl: Timestamp;
recv_keysApp(Network,Application, {Mac(SesK, tl)}k(Network, Application), {SesK, tl}k(Network, Application));
fresh mApp: String;
var mPhone: String;
send_1(Application,Phone, {mApp}SesK);
recv_2(Phone,Application, {mApp, mPhone}SesK);
}
/* Role N - Network
*
* has keys k(N,R) and k(N,S)
*
*/
role Network {
recv_refreshKeys(Application,Network, Application, Phone);
fresh SesK: SessionKey;
fresh tl: Timestamp;
send_keysApp(Network,Application, {Mac(SesK, tl)}k(Network, Application), {SesK, tl}k(Network, Application));
send_keysPhone(Network,Phone, {Mac(SesK, tl)}k(Network, Phone), {SesK, tl}k(Network, Phone));
}
}

View File

@ -0,0 +1,93 @@
/*
* Coursework 2 PI protocol
*/
usertype String;
usertype Timestamp;
usertype Sessionkey;
hashfunction Mac;
protocol protocolPI(Network, Application, Phone) {
/* Role R - Phone
*
* has keys k(N,R)
*
*/
role Phone {
var SesK: SessionKey;
var tl: Timestamp;
recv_keysPhone(Network, Phone, {Mac(SesK, tl)}k(Network, Phone), {SesK, tl}k(Network, Phone));
var mApp: String;
recv_1(Application,Phone, {mApp}SesK);
fresh mPhone: String;
claim_phone1(Phone, Running, Application, mApp);
send_2(Phone,Application, {mApp, mPhone}SesK);
claim_phone2(Phone, Secret, SesK);
claim_application1(Phone, Commit, Application, mApp);
claim_network2(Phone, Commit, Network, SesK, tl);
claim_phone3(Phone, Nisynch);
}
/* Role S - Application
*
* has keys k(N,S)
*
*/
role Application {
send_refreshKeys(Application,Network, Application, Phone);
var SesK: SessionKey;
var tl: Timestamp;
recv_keysApp(Network,Application, {Mac(SesK, tl)}k(Network, Application), {SesK, tl}k(Network, Application));
fresh mApp: String;
var mPhone: String;
claim_application1(Application, Running, Phone, mApp);
send_1(Application,Phone, {mApp}SesK);
recv_2(Phone,Application, {mApp, mPhone}SesK);
claim_application2(Application, Secret, SesK);
claim_phone1(Application, Commit, Phone, mApp);
claim_network1(Application, Commit, Network, SesK, tl);
claim_application3(Application, Nisynch);
}
/* Role N - Network
*
* has keys k(N,R) and k(N,S)
*
*/
role Network {
recv_refreshKeys(Application,Network, Application, Phone);
fresh SesK: SessionKey;
fresh tl: Timestamp;
claim_netwrok1(Network, Running, Application, SesK, tl);
send_keysApp(Network,Application, {Mac(SesK, tl)}k(Network, Application), {SesK, tl}k(Network, Application));
claim_network2(Network, Running, Phone, SesK, tl);
send_keysPhone(Network,Phone, {Mac(SesK, tl)}k(Network, Phone), {SesK, tl}k(Network, Phone));
claim_network3(Network, Secret, SesK);
}
}

View File

@ -0,0 +1,99 @@
/*
* Coursework 2 PI protocol
*/
usertype String;
usertype Timestamp;
usertype Sessionkey;
hashfunction H1;
protocol protocolPI(Network, Application, Phone) {
/* Role R - Phone
*
* has keys k(N,R)
*
*/
role Phone {
var SesK: SessionKey;
var tl: Timestamp;
recv_keysPhone(Network,Phone, {H1(SesK, tl, Application)}k(Network, Phone), {SesK, tl, Application}k(Network, Phone));
var mApp: String;
recv_1(Application,Phone, {mApp, Application, Phone }SesK);
fresh mPhone: String;
claim_phone1(Phone, Running, Application, mApp, SesK);
send_2(Phone,Application, {mApp, mPhone}SesK);
claim_phone2(Phone, Secret, SesK);
claim_application1(Phone, Commit, Application, mApp, SesK);
claim_network2(Phone, Commit, Network, SesK, tl);
claim_phone3(Phone, Nisynch);
}
/* Role S - Application
*
* has keys k(N,S)
*
*/
role Application {
fresh nApp: Nonce;
send_refreshKeys(Application,Network, Application, Phone, nApp);
var SesK: SessionKey;
var tl: Timestamp;
recv_keysApp(Network,Application, {H1(SesK, tl, nApp, Phone)}k(Network, Application), {SesK, tl, nApp, Phone}k(Network, Application));
fresh mApp: String;
var mPhone: String;
claim_application1(Application, Running, Phone, mApp, SesK);
send_1(Application,Phone, {mApp, Application, Phone}SesK);
recv_2(Phone,Application, {mApp, mPhone}SesK);
claim_application2(Application, Secret, SesK);
claim_phone1(Application, Commit, Phone, mApp, SesK);
claim_network1(Application, Commit, Network, SesK, tl);
claim_application3(Application, Nisynch);
}
/* Role N - Network
*
* has keys k(N,R) and k(N,S)
*
*/
role Network {
var nApp: Nonce;
recv_refreshKeys(Application,Network, Application, Phone, nApp);
fresh SesK: SessionKey;
fresh tl: Timestamp;
claim_netwrok1(Network, Running, Application, SesK, tl);
send_keysApp(Network,Application, { H1(SesK, tl, nApp, Phone) }k(Network, Application) , {SesK, tl, nApp, Phone}k(Network, Application));
claim_network2(Network, Running, Phone, SesK, tl);
send_keysPhone(Network,Phone, {H1(SesK, tl, Application)}k(Network, Phone), {SesK, tl, Application}k(Network, Phone));
claim_network3(Network, Secret, SesK);
}
}

View File

@ -0,0 +1,113 @@
/*
* Coursework 2 PI protocol
*/
usertype String;
usertype Timestamp;
usertype Sessionkey;
hashfunction H1;
protocol protocolPI(Network, Application, Phone) {
/* Role R - Phone
*
* has keys k(N,R)
*
*/
role Phone {
var SesK: SessionKey;
var tl: Timestamp;
var TApp: Ticket;
recv_keysPhone(Network,Phone, {H1(SesK, tl)}k(Network, Phone), {SesK, tl}k(Network, Phone), TApp);
var mApp: String;
var temp: Ticket;
recv_1(Application,Phone, {mApp, {Network, Application, Phone, tl}k(Network, Phone), Application, Phone }SesK);
fresh mPhone: String;
claim_phone1(Phone, Running, Application, mApp);
fresh nApp3: Nonce;
send_2(Phone,Application, {mApp, mPhone, TApp, nApp3}SesK);
recv_3(Application,Phone, {nApp3}SesK);
claim_phone2(Phone, Secret, SesK);
claim_application1(Phone, Commit, Application, mApp);
claim_network2(Phone, Commit, Network, SesK, tl);
claim_phone3(Phone, Nisynch);
}
/* Role S - Application
*
* has keys k(N,S)
*
*/
role Application {
fresh nApp: Nonce;
send_refreshKeys(Application,Network, Application, Phone, nApp);
var SesK: SessionKey;
var tl: Timestamp;
var TPhone: Ticket;
recv_keysApp(Network,Application, {H1(SesK, tl)}k(Network, Application), {SesK, tl, nApp}k(Network, Application), TPhone);
fresh mApp: String;
var mPhone: String;
claim_application1(Application, Running, Phone, mApp);
send_1(Application,Phone, {mApp, TPhone, Application, Phone}SesK);
var nApp3: Nonce;
recv_2(Phone,Application, {mApp, mPhone, {Network, Application, Phone, tl}k(Network, Application), nApp3}SesK);
send_3(Application,Phone, {nApp3}SesK);
claim_application2(Application, Secret, SesK);
claim_phone1(Application, Commit, Phone, mApp);
claim_network1(Application, Commit, Network, SesK, tl);
claim_application3(Application, Nisynch);
}
/* Role N - Network
*
* has keys k(N,R) and k(N,S)
*
*/
role Network {
var nApp: Nonce;
recv_refreshKeys(Application,Network, Application, Phone, nApp);
fresh SesK: SessionKey;
fresh tl: Timestamp;
claim_netwrok1(Network, Running, Application, SesK, tl);
send_keysApp(Network,Application, { H1(SesK, tl) }k(Network, Application) , {SesK, tl, nApp}k(Network, Application), {Network, Application, Phone, tl}k(Network, Phone));
claim_network2(Network, Running, Phone, SesK, tl);
send_keysPhone(Network,Phone, {H1(SesK, tl)}k(Network, Phone), {SesK, tl}k(Network, Phone), {Network, Application, Phone, tl}k(Network, Application));
claim_network3(Network, Secret, SesK);
}
}

View File

@ -0,0 +1,94 @@
/*
* Coursework 2 PI protocol
*/
usertype String;
usertype Timestamp;
usertype Sessionkey;
hashfunction H1;
protocol protocolPI(Network, Application, Phone) {
/* Role R - Phone
*
* has keys k(N,R)
*
*/
role Phone {
var SesK: SessionKey;
var tl: Timestamp;
var mApp: String;
recv_1(Application,Phone, ({H1(SesK, tl, Application)}k(Network, Phone), {SesK, tl, Application}k(Network, Phone)), {mApp, Application, Phone }SesK);
fresh mPhone: String;
claim_phone1(Phone, Running, Application, mApp, SesK);
send_2(Phone,Application, {mApp, mPhone}SesK);
claim_phone2(Phone, Secret, SesK);
claim_application1(Phone, Commit, Application, mApp, SesK);
//claim_network2(Phone, Commit, Network, SesK, tl);
claim_phone3(Phone, Nisynch);
}
/* Role S - Application
*
* has keys k(N,S)
*
*/
role Application {
fresh nApp: Nonce;
send_refreshKeys(Application,Network, Application, Phone, nApp);
var SesK: SessionKey;
var tl: Timestamp;
var T1: Ticket;
recv_keysApp(Network,Application, {H1(SesK, tl, nApp, Phone, T1)}k(Network, Application), {SesK, tl, nApp, Phone, T1}k(Network, Application));
fresh mApp: String;
var mPhone: String;
claim_application1(Application, Running, Phone, mApp, SesK);
send_1(Application,Phone, T1, {mApp, Application, Phone}SesK);
recv_2(Phone,Application, {mApp, mPhone}SesK);
claim_application2(Application, Secret, SesK);
claim_phone1(Application, Commit, Phone, mApp, SesK);
claim_network1(Application, Commit, Network, SesK, tl);
claim_application3(Application, Nisynch);
}
/* Role N - Network
*
* has keys k(N,R) and k(N,S)
*
*/
role Network {
var nApp: Nonce;
recv_refreshKeys(Application,Network, Application, Phone, nApp);
fresh SesK: SessionKey;
fresh tl: Timestamp;
claim_netwrok1(Network, Running, Application, SesK, tl);
send_keysApp(Network,Application, { H1(SesK, tl, nApp, Phone, ({H1(SesK, tl, Application)}k(Network, Phone), {SesK, tl, Application}k(Network, Phone))) }k(Network, Application) , {SesK, tl, nApp, Phone, ({H1(SesK, tl, Application)}k(Network, Phone), {SesK, tl, Application}k(Network, Phone))}k(Network, Application));
claim_network3(Network, Secret, SesK);
}
}

216
secondcw/cw/cw.tex Normal file
View File

@ -0,0 +1,216 @@
%%% Preamble
\documentclass[11pt, a4paper]{article}
\usepackage[english]{babel} % English language/hyphenation
\usepackage{url}
\usepackage{tabularx}
\usepackage{pdfpages}
\usepackage{float}
\usepackage{amsmath, amssymb}
\usepackage{systeme}
\usepackage{graphicx}
\graphicspath{ {../images for report/} }
\usepackage[margin=2cm]{geometry}
\usepackage{hyperref}
\hypersetup{
colorlinks,
citecolor=black,
filecolor=black,
linkcolor=black,
urlcolor=black
}
\usepackage{cleveref}
%%% Custom headers/footers (fancyhdr package)
\usepackage{fancyhdr}
\pagestyle{fancyplain}
\fancyhead{} % No page header
\fancyfoot[L]{} % Empty
\fancyfoot[C]{\thepage} % Pagenumbering
\fancyfoot[R]{} % Empty
\renewcommand{\headrulewidth}{0pt} % Remove header underlines
\renewcommand{\footrulewidth}{0pt} % Remove footer underlines
\setlength{\headheight}{13.6pt}
% numeric
\usepackage[style=ieee,sorting=none,backend=biber]{biblatex}
\addbibresource{../main.bib}
% Write the approved title of your dissertation
\title{Automated image classification with expandable models}
% Write your full name, as in University records
\author{Andre Henriques, 6644818}
\date{}
%%% Begin document
\begin{document}
\section*{1}
\subsection*{1.1}
The file ag01598\_6644818\_1\_1.spdl contains the base model of $\text{protocol}\Pi$.
I choose the names of the roles based on their functions since it would make the file more readable, so R is Phone, S is Application, N is Network.
As the diagram shows, the first message is sent from the phone to the network to request the generation of a new session key.
The keys were modelled using a custom usertype called ``SessionKey'' and the time to live has modelled using a custom usertype called ``Timestamp''
The network then answers to the Phone and the Application the keys and the time to live and the hashed value of that using a hash function named ``Mac''.
The Phone and the Application verify the Mac and then the phone sends a nonce to the phone and the phone answers back with a new nonce and the original nonce.
The Mac was modelled as a hashing function, then encryption. This was done this way because Scyther does not have a way of creating a mac function with keys, so the hashing is done first followed by the encrypted so that an attacker cannot modify it.
Scyther does not have a way to model the refresh/time to live parts, so that was not modelled.
\subsection*{1.2}
The file ag01598\_6644818\_1\_2.spdl contains the base model of $\text{protocol}\Pi$ and the claims.
I added non-injective synchronization(nisynch) to the Phone and Network, at least, some roles communicated as described by the protocol.
I added a secret claim to SesK (Session key) to all roles, as the session key should be private.
Furthermore, I added Commit and Running claims between some roles to check for agreement between some variables:
\begin{itemize}
\item{Agreement between Phone and Network over the time to live and the session key}
\item{Agreement between Application and Network over the time to live and the session key}
\item{Agreement between Application and Phone over the message and the message m}
\end{itemize}
These claims were chosen because they check agreement on message m between the Application Function and the Phone; The secrecy of SesK; And the synchronization and agreement between the Application Function, Phone, and Network.
There are 9 overall claims, where only three do not fail. The secrecy of SesK from the perspective of the Network. And agreement over the SesK and the time to live between the Phone and the Network, and the Application and the Network.
The protocol as it stands does not guarantee secrecy and agreement.
\subsection*{1.3}
The file ag01598\_6644818\_1\_3.spdl contains the fixed version of $\text{protocol}\Pi$.
The first change was to require the refresh keys request was to require the application to send a nonce. This nonce is then sent back to the application to verify that the key was generated, was requested by the application and not by the attacker.
The second change was to make the network send the identity of the other party to the party that is receiving the message. i.e. Sending the identity of the Phone to the Application encrypted with the key Network, Application. This is done to guarantee that the Party receiving the communication is using a key that was intended for this communication.
\subsection*{1.4}
The original $\text{protocol}\Pi$ is not an appropriate solution to the third-party problem as it cannot guarantee the secrecy of the session key, and since an attacker can obtain the session key, $\text{protocol}\Pi$ is not an appropriate solution to the presented problem. As Scyther, showed that there are attacks on the Dolev-Yao model. There are also some attacks outside the Dolev-Yao model.
For example:
With the assumptions, that:
\begin{itemize}
\item{Dolev-Yao attacker.}
\item{Strong cryptographic primitives}
\item{The time to live is implemented as a counter, and not as an end date timestamp.}
\item{One of the previous keys, where the encrypted version of the key and timestamp were recorded and leaked.}
\end{itemize}
In this scenario, an attacker can record the messages where the key and the time to live were encrypted. When the key gets leaked, the attacker can perform a replay attack.
The attacker resends the previously recorded keys to the application server and the phone because the time to live is based on a counter and not on a timestamp, the phone, and the server accept the ``new'' key. And since the attacker already knows this key, the protocol failed to guarantee, the secrecy of the session key.
% Other possible attacks are possible, for example a senario where the time to live is large, and the cryptographic primitives are weak for that time frame, i.e. RSA with 100 decimal digits and time to live of 2 days, an attacter with enought computer power would be abble to obtain the key
But it can be improved, as we saw in the answers for the question 1.3 by modifying the protocol slightly we can achieve secrecy of the session key in the Dolev-Yao model. Although it does not resolve issues related with the time to live if the protocol was implemented with counters for time to live instead of timestamp.
\subsection*{1.5}
The file ag01598\_6644818\_1\_5.spdl contains a more communication efficient version of the $\text{protocol}\Pi$.
This version trades off computational power for communication efficiency. This version creates bigger encrypted messages, and as a trade-off reduces the number of messages that are sent.
The message that is removed is the message where the network sends the key to the phone. This data in this message is still sent, but it's sent when the application sends the m message.
And the data is sent to the Application inside the encrypted packed that is already sent to the Application when the phone receives the keys from the network.
It sends the session key that was sent by the network, to the phone, with the message m.
\section*{2}
\subsection*{2.1}
Using a system like GPG, you can generate keys by running the command \begin{verbatim}gpg --gen-key\end{verbatim}.
\subsection*{2.2}
There are multiple ways of securely exchanging the keys.
For example, if meeting in person was a possibility, the keys cloud be put onto USB drives and the drives exchanged in person. And this would guarantee 100\% authentication, but meeting in person could not be feasible.
If meeting in person is not feasible, an alterative method would be sending the public key via email, and then calling the colleague on the phone. Both parties would then hash key using for example \begin{verbatim}sha512sum key\end{verbatim} and both parties would read out their public keys hash to each other. Since the parties know each other, and would recognize the voice, this would be a feasible way to exchange the public keys. With this, they could verify that the key came from the correct person.
\subsection*{2.3}
Assuming that the peers were able to exchange public keys.
One of the Peer A would generate a random 256-bit key.
Peer A would then encrypt the key using Peer B's public key, and sign it using its own private key.
Peer A would then send the signed and encrypted symmetric key to Peer B in an insecure channel.
Peer B upon receiving the encrypted and signed symmetric key, would verify the signature, and decrypt the message and obtain the key.
After this, both A and B can communicate using the symmetric key.
Example:
Peer A:
\begin{verbatim}
head -c32 /dev/random > aes256key
gpg --output key.gpg --encrypt --recipient b@example.com aes256key
gpg --output key.gpg.sig --sign key.gpg
\end{verbatim}
send key.gpg.sig to peer b
Peer B:
\begin{verbatim}
gpg --output key.gpg.sig --decrypt key.gpg
gpg --output key.gpg --decrypt key
\end{verbatim}
Now both Peer A and Peer B have the same key and can start communicating between each other.
\begin{verbatim}
# Encrypting
openssl aes-256-cbc -in message.file -out message.file.enc -iter 10000 -kfile aes256key
# Decrypting
openssl aes-256-cbc -in message.file.enc -out message.file -d -iter 10000 -kfile aes256key
\end{verbatim}
\subsection*{2.4}
A secure communication channel for the purposes of this answer is a communication channel that can maintain the secrecy, and integrity.
A communication channel can be achieved by trading 2 symmetric keys.
One of the keys would be used to encrypt the messages and the other would be used to MAC the messages. This would guarantee that the messages are secret because of the encryption and that they have integrity because of the MAC.
The 2 different keys guarantee that the MAC that is generated is significantly different from the encrypted message.
In this system, messages should also contain the timestamp of when the messages were sent. This is useful to maintain freshness, it's also useful to provide different messages every time.
\subsection*{2.5}
The system would work under a computational system, as the cryptographic primitives that were selected are computationally challenging to break.
The system would also work with a man in the middle attacker, as the attacker cannot change the messages without one of the people feeling suspicious and calling for a restart of the system.
This system would not work if the method for exchanging keys was via phone, and the attacker had a method of replicating the voice of one of the participants of the system, i.e. using an AI.
The system can maintain integrality, in the public key exchange phase with the phone call and the hash, in the symmetric key exchange phase with the signatures, and in the message exchange phase with the MAC.
The system can maintain secrecy throughout the entire process by using strong cryptographic functions, and having all messages that are sent that contain sensitive information encrypted.
\subsection*{2.6}
An alterative solution to the problem is if both parties have a third party that they both know and trust. This system would have less communication and computational overhead, as the public key exchange could have been skipped and the symmetric key could have been exchanged from the begging.
This solution would have a less level of security as the system relies on the trust of a third party, this includes more levels of failures as the third party could get corrupted, making the system less secure.
\end{document}

68
secondcw/lab9.spdl Normal file
View File

@ -0,0 +1,68 @@
/*usertype Timestamp;
protocol LaTe(C, S)
{
role C {
fresh nc: Nonce;
var ts: Timestamp;
send_1(C,S, C, nc);
recv_2(S,C, nc, ts, {nc, ts}k(S, C));
claim_C1(C,Nisynch);
claim_C2(C,Niagree);
claim_C3(C,Alive);
claim_C4(C,Weakagree);
claim_C5(C, Commit, S, nc, ts);
}
role S {
var nc: Nonce;
fresh ts: Timestamp;
//send_!timestampSet(S,S, ts);
recv_1(C,S, C, nc);
claim_C5(S, Running, C, nc, ts);
send_2(S,C, nc, ts, {nc, ts}k(S, C));
claim_S1(S,Nisynch);
claim_S2(S,Niagree);
claim_S3(S,Alive);
claim_S4(S,Weakagree);
}
}*/
usertype TimeStamp;
hashfunction H1;
protocol LATe(I,R)
{
role I # Time Client - Initiator
{
fresh Na : Nonce;
var T : TimeStamp;
send_1(I,R,I,Na);
recv_2(R,I,Na,T,H1({Na,T}k(I,R)));#encrypt-then-hash
claim_I1(I,Nisynch); #encrypt-then-hash
claim_I2(I,Niagree);
claim_I3(I,Alive);
claim_I4(I,Weakagree);
claim_I5(I, Commit, R, Na, T);
}
role R # Time Server - Responder
{
var Na : Nonce;
fresh T : TimeStamp;
recv_1(I,R,I,Na);
claim_C5(R, Running, I, Na, T);
send_2(R,I,Na,T,H1({Na,T}k(I,R)));#encrypt-then-hash
}
}

8
secondcw/main.bib Normal file
View File

@ -0,0 +1,8 @@
@misc{cadonfs,
author={The CADO-NFS Development Team},
title={{CADO-NFS}, An Implementation of the Number Field Sieve
Algorithm},
note={Release 2.3.0},
year={2017},
url={http://cado-nfs.inria.fr/}
}

1
secondcw/test Normal file
View File

@ -0,0 +1 @@
This is a message

1
secondcw/test.enc Normal file
View File

@ -0,0 +1 @@
Salted__Eõa…g!/úŸ‰éÇì{ûi;N„vhÚ,Šæ2jçWêeËœ

1
secondcw/test.out Normal file
View File

@ -0,0 +1 @@
This is a message