CS477 01 Computer Security October Madness Description In this exercise you will be divided into teams and each team takes turns to play attacker and defender The defending team will be further divided into two groups one plays sender and the other plays receiver During the exercise sender will be given 5 messages and needs to transmit the messages to receiver THROUGHT ATTACKER messages Sender group of defending team Attack team Receiver group of defending team Goal for defending team The goal for the defending team is to make sure that receiver can correctly identify the authenticity of the message and no one else than receiver can read it If the message is changed or created by attacker then receiver needs to point out the falseness of the message Goal for attack team Attack team can try different types of attack such as eavesdropping or man in themiddle in order to confuse receiver and steal the information in the original message Preparation Tools for defending team Encryption simplified DES used in cracking game RSA Authentication HMAC with bitwise XOR RSA Diffie Hellman Combination of encryption and authentication for example use public key to transmit a session key for encryption Note before the game starts sender and receiver in the defending team need to have agreements on the tools that will be used For example if RSA is chosen as the tool sender and receiver need to pick e d n before starting the game Tools for attack team Eavesdropping reply man in the middle cryptanalysis brute force Message Format and Representation The message given to the sender will contain two characters or numbers The binary and decimal representations of characters and numbers are listed in Table 1 Notice that some encryption methods ex DES HMAC take binary as input while others RSA D H take number For defending team make sure that sender and receiver have an agreement on the format of the message representation More importantly defending team may need to think about if the message format reveals information about the tools they choose to use For example if attacker sees the message in binary representation then attacker knows either DES or HMAC is used Table 1 Binary and decimal representations of characters and numbers Message 0 1 2 3 4 5 6 7 8 9 A B C D E F G H I Binary Rep 000000 000001 000010 000011 000100 000101 000110 000111 001000 001001 001010 001011 001100 001101 001110 001111 010000 010001 010010 Decimal Rep Message 0 J 1 K 2 L 3 M 4 N 5 O 6 P 7 Q 8 R 9 S 10 T 11 U 12 V 13 W 14 X 15 Y 16 Z 17 space 18 Binary Rep 010011 010100 010101 010110 010111 011000 011001 011010 011011 011100 011101 011110 011111 100000 100001 100010 100011 100100 Decimal Rep 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36