computer science lab#5

fadoo

LabCH20.pdf

Home >Computer Science homework help >computer science lab#5

■■ Define■“cryptography.” ■■ Encode■and■decode■messages■using■a■Caesar■cipher■and■a■transposition■cipher.

■No■software■is■needed.

OBJECTIVES

REFERENCES

LABORATORY Cryptography

Cryptography | 229

BACKGROUND Review these topics from your textbook, lecture notes, or online resources:

■ Computer security, cryptography, encryption, decryption, ciphertext, plaintext ■ Substitution cipher, Caesar cipher, transposition cipher, route cipher

ACTIVITY Computer security is a rapidly advancing field in computer science, with applications in virtually all sectors of our economy and government. The field is broad and evolving, and it includes often overlapping areas such as information security, access control, prevention of cyberattacks and malicious code, cryptography, and issues of privacy.

Broadly, the area of information security can be summarized by the three points of the Central Intelligence Agency’s (CIA’s) “triad of information security”: confidentiality, integrity, and availability. “Confidentiality” means data are protected from access by unauthorized persons, whether internal to an organization or outside of it. “Integrity” refers to the ideal that data can be modified only by appropriate mechanisms. For example, some websites use two-factor authentication, such as a password and a text message code, for users to log in from an unrecognized device and gain access to data. “Availability” is a measure of the access available to authorized users for standard purposes. For example, a university course registration system that crashes under the heavy usage load of preregistration week is a system with substandard availability.

The area of access control broadly encompasses the procedures we have in place to make sure users are who they say they are. The two-factor authentication to one’s email inbox is an example, but so too would be an RFID (radiofrequency identification) chip in a student’s ID card that allows entry into one’s student housing complex. The requirements for passwords (which differ from system to system) are a prime example of access control standards as well. Perhaps you have become frustrated when forced to think of a new password that does not allow a special character you tend to use in your other passwords. Many banking websites also include mechanisms such as a security image or other phrase that only a legitimate user would recognize in order to reduce the risk of a user inadvertently entering login information on a fake website. Along a similar line, you have no doubt entered the hard-to-read text from a CAPTCHA image before completing an online purchase or registration. (“CAPTCHA” is an acronym for the rather wordy phrase “completely automated public Turing test to tell computers and humans apart.”) Steps like these ensure that a user is a human and not an automated bot, thereby maintaining the system’s availability to legitimate users. As technology evolves, many devices now include standard biometric access controls, such as fingerprint scanners on laptops and on some new smartphone models. And, of course, fancy retina scanners guarding entrances to gigantic data centers (like you’ve seen in the movies!) also count as biometric access control mechanisms.

Anyone who has personally dealt with a computer virus on his or her own system, or had to deal with the effects of a virus on another system, will appreciate the importance of preventive countermeasures to malicious code. Viruses are malicious code that embed themselves in otherwise legitimate software, allowing them to carry out their purpose in a hidden way. Worms are like viruses, but are self-replicating, and they quickly regenerate on one computer as well as propagate to other computers. Trojan horse programs appear legitimate or helpful, but once allowed in by the user, they begin to

230 | Laboratory 20

execute their nefarious purposes. Perhaps you have seen banner advertisements online for something such as, “Free PC scans! Speed up your system! Click here!” Hopefully you have been wise enough not to agree to this free “help”! Having good antivirus and antimalware software installed and running at all times is the best way to protect yourself against malicious code.

Security attacks strike at one or more of the three pillars of information security— gaining unauthorized access to systems, modifying what should be private data, and rendering a system unavailable to its users. Password-cracking software can be used to break user passwords that are too simple or insufficiently secured. Having strong passwords, which can be achieved by including special characters and avoiding dictionary words, will make cracking your password harder than cracking someone else’s. Instead of cracking passwords, security attacks can use social engineering or phishing attacks to try to obtain a user’s password. Social engineering can involve using public data, such as an Instagram caption listing the name of one’s pet or one’s listing of family connections on Facebook, to answer password reset questions and gain access. Phishing attacks typically involve a phony email that appears legitimate, such as a supposed message from one’s banking company. The message will contain a link that redirects the user to a fake website designed to look like the real site; the user is prompted to enter his or her login credentials, thus providing dangerous personal information to a malicious host. These mechanisms are all used to gain unauthorized access to systems. Attackers may attempt to install a “backdoor” into systems, giving them the ability to access and modify private data. Finally, attackers often attempt to render a service unavailable to legitimate users by using distributed denial of service (DDoS) attacks. DDoS attacks involve many computers, sometimes hundreds and even thousands, all inundating a target system with standard requests. The target system, unable to respond to the flood of simultaneous requests, becomes unavailable to its normal users.

At the heart of all of these issues is an area known as “cryptography,” which literally means “secret writing.” Despite all of the rapid advances in technology, cryptography remains our link to the past, as people have been encoding messages for millennia. Modern cryptography techniques can get quite fancy, but understanding some of the historical methods of encrypting and decrypting a message provides a basis for understanding the evolution to modern computational methods. If you ever got a decoder ring toy inside a box of breakfast cereal as a kid, there is a good chance you already have experience with our next topic: the substitution cipher.

By using a substitution cipher, a person can take an original message, which is called “plaintext,” and translate it into an encoded version, which is called “ciphertext.” The process of translating the plaintext into ciphertext is known as “encryption,” and the reverse process is called “decryption.” When you encrypt a message, you choose an encryption key; anyone who has this key along with the ciphertext can reproduce the original plaintext.

The most well-known substitution cipher is the “Caesar cipher,” which was used by Julius Caesar to send encoded messages to his generals in ancient Rome. The Caesar cipher essentially shifts the alphabet by a certain number of positions (the key) and transposes the letters. As an example, let’s encrypt the plaintext message ALPHABRAVOCHARLIE using a key of three.

First, we will list the letters of the alphabet, A to Z. Then below them, we will list the alphabet A to Z shifted three place to the right, wrapping around when we get to the end.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Cryptography | 231

Next, we will take our plaintext, one letter at a time, locate it on the top row, and write down the corresponding letter on the bottom. So the A in ALPHA becomes D; L becomes O; P becomes S; H becomes K; and so on. After transposing all letters, we get the following ciphertext:

DOSKDEUDYRFKDUOLH

To translate this message back into plaintext, a third party needs either the encryption key or software that can crack that encryption key. At this point you are probably glad that the Caesar cipher is NOT how we store passwords online! To recreate the plaintext, simply reverse the above process—except this time, find the ciphertext character in the bottom row and write down the corresponding character from the top row. Ciphers like these can easily be extended to include other characters, numbers, and symbols.

Another kind of cipher is called a “transposition cipher,” which rearranges the ordering of message characters in a particular way. Just as the offset in a Caesar cipher serves as the encryption key, the method of arrangement in a transposition cipher becomes the encryption key. One type of transposition cipher is known as a “route cipher.” In a route cipher, the plaintext message is arranged into a grid, and the ciphertext is generated by following a precise route through that grid. The dimensions of the grid and the route serve as the encryption key needed to decode the ciphertext back into plaintext. Here is an example of a route cipher that arranges the plaintext message ENTRYCODEEIGHTFOURTWO into a 6 × 4 grid, filling down the columns from left to right, with the letters X, Y, and Z used to fill in the last three spaces.

E Y E H U O

N C E T R X

T O I F T Y

R D G O W Z

The only step missing to create the ciphertext is a route through this grid. As an example, let’s trace a route starting from the top-right corner and spiraling inward in a clockwise direction. This produces the ciphertext OXYZWOGDRTNEYEHURTFIOCET, which is pretty complex! This ciphertext would be sent to the recipient, who would either know or be told (in a different message!) to arrange a 6 × 4 grid spiraling clockwise from the top-right corner, then reading the plaintext down the columns. This is a much more complex encryption key than the key of three we used in the Caesar cipher!

Computer security is an exciting field in which to apply your computer science skills, and cryptography is (and will remain) a fun and fascinating area to work, as it has been through the ages. These simple ciphers will give you an introductory glance into what is a rapidly expanding area of very relevant work in computing.

232 | Laboratory 20

Name_____________________________________ _ Date_____________________

Section____________________________________

EXERCISE 1

Your job is to decrypt the intercepted message CQNTNHRBDWMNACQNVJC, which is believed to reveal the location of an important item. Your hint is that it is encrypted using a Caesar cipher, but we do not know the key. However, you have intercepted another message that may provide some useful information.

1) Since we know that the recipient of a ciphertext message must know the encryption key to decode the message, we were looking for a second message containing the key to our ciphertext, and we may have found it. We intercepted the encrypted message NEXYIYECEHTIRISNEHPK. Via social engineering, we believe the message sender likes to use route ciphers in a five-row by four-column grid. Past efforts lead us to believe she prefers to encrypt the message by writing the plaintext down the columns from right to left, and then spiraling counter-clockwise from the top-left corner. If the plaintext doesn’t fill the grid, she often uses X and Y to fill in the spaces. Reverse her process to reveal the plaintext!

2) If you correctly decrypted the message from step 1, you now have the encryption key for the original ciphertext, CQNTNHRBDWMNACQNVJC. Use this key and your knowledge of Caesar ciphers to decrypt the first message and find the location of the secret object.

Cryptography | 233

DELIVERABLES Turn in your handwritten answers on a sheet of paper. Be sure to show your work, especially the grid you constructed for the route cipher and the alphabet substitution table you used for the Caesar cipher.