User Account

All Pages

Implement key exchange using the diffie-hellman algorithm

Assignment Help Python Programming
Reference no: EM131099134

Project - Defeating SkyNet Part 1: Security Essentials

Introduction

It's 2016. Almost every device with a CPU in it has been connected to the Internet. Whilst this is a stunning advance for humanity, the security for these devices has come as an afterthought or not at all. Millions of computers and devices, all with valuable information and processing power, are left vulnerable to attack.

Blackhats, and even possibly governments, have created viruses, worms and other dastardly schemes to mine for information and turn a profit using these weaknesses. In this project, we'll be specifically looking at botnets: how they work, why they're valuable and why it's so difficult to defeat them.

Botnets perform various tasks including but not limited to:
- Stealing confidential information (passwords, banking details, etc.)
- Sending spam email
- Distributed Denial of Service (DDoS) against chosen websites
- Mining for Bitcoins
- Hold files for ransom by encrypting them and charging for decryption
- Providing a secure proxy network for other illegal enterprises

Of course, such a valuable network is not likely to go unnoticed for long. You'll be having well funded organisations, government agencies and other hackers attacking you. For that reason, SkyNet will need advanced cryptography to ensure your blackhat plans can't be stopped.

Background & Disclaimer

This project has been created to help you gain an understanding of how prac- tical a massive cyber attack is and how complex it can be to defend against it. The basic technology of this project is pulled from the Conficker worm that ravaged the Internet in November 2008. At its peak, Conficker controlled up to 7 million computers across 200 countries. Conficker would only have needed 2 million of those machines to overpower the top 500 supercomputers at the time combined. To combat the threat, Microsoft formed an industry group to counter Conficker, composed of numerous security and technology companies. This group also conversed with government agencies around the world.

To understand why it was so difficult to slow down or defeat, we'll be implementing key components of this botnet that utilise advanced crypto- graphic techniques.

This is not an operational botnet nor do we intend you to create one. To defeat blackhats, you must understand how they work and the techniques they use. Recent botnets have used advanced computer science and crypto- graphic methods in order to remain secure from both blackhats, whitehats, well funded organisations and even governments. These advanced methods are what we intend you to learn and what we believe will give you the skills to detect, prevent and disassemble such attacks in the future.

Part 1 :: Securing the Channel

When you're transferring secrets, be they banking details or Bitcoins, you don't want to be overheard. Additionally, communicating in the open makes it easier for SkyNet to be detected via network analysis. Botnet authors don't like easy ways for computer admins to pinpoint infected machines.

In Part 1, you will need to:
- Implement key exchange using the Diffie-Hellman algorithm, when peer- to-peer connections are made between bots.
- Achieve confidentiality through encryption of the client-server commu- nications with an appropriate block or stream cipher.
- Enforce integrity through the use of a MAC appended to all messages.
- Implement resistance against replay attacks using a mechanism which you are to devise.

1 Key Exchange

In order to strengthen SkyNet's communications against eavesdropping, you are to implement a method of key exchange for each possible connection. If you leave your communications unencrypted, it would be trivial for network analysis to indicate which machines are infected with your bot. It would also be easy to steal secrets and confidential information you might be sending back and forth.

For this project, you'll be using the Diffie-Hellman key exchange method. You'll be implementing this yourself from two standards created by the Inter- net Engineering Task Force (IETF). RFC 2631 describes how Diffie-Hellman works and how the calculations are performed. RFC 3526 provides standard parameters for use in Diffie-Hellman key exchange and an estimation on the strength they provide for computing a shared key. A shortened version of each of these RFCs has been provided with the source code.

The key that results from this key exchange should be used to compute all the other settings, such as the the block cipher keys or seeds for the stream cipher. Remember that you should hash the secret and use it as the seed for a random number generator instead of using it directly.

Note: Each and every session should use a di?erent key. This means a new key exchange session must be run every time a new connection is made.

2 Confidentiality

The confidentiality of the channel should be achieved through encrypting each message sent using either a block cipher or a stream cipher. An appro- priate mode of operation for the cipher must also be considered. You may use any block or stream cipher you wish, provided it would remain reasonably secure against both government agencies and other hackers. The initialisa- tion vector (IV) and key must be derived through a key exchange mechanism as described above.

3 Integrity

Message integrity is to be achieved through appending a MAC to each mes- sage sent across the channel. This is to help prevent any active attacker from modifying messages whilst in transit. The key to the MAC must be derived from the key exchange. You may use any MAC that you wish as long as it provides adequate level of security against any potential attackers.

4 Preventing Replay

You must devise a scheme where SkyNet is resistant to messages being re- played by an active attacker. The exact mechanism by which this occurs is up to you.

Imagine your bot could be told to perform a denial of service against a website by sending the message [DDOS www.ebay.com]. If it was trivial for others to resend that same message, others would be able to hold EBay to ransom as they could control your botnet.

5 Implementation

The bot's code is out of your control, being run on unknown computers that may in fact be owned by hackers or governments. You may assume the command and control server's code is hidden, but remember, security can be reverse engineered.

An insecure skeleton framework written in Python 3 has been provided for you as a starting point. If you wish to use another language, such as Java with the Java Cryptography Extension (JCE), you may do so after seeking permission from your tutor. We can not provide technical support if you select another language however.

6 Documentation

You are to write a 2-3 page design document outlining the security you implemented with your system. You should justify the choices you have made for your implementation and specifically discuss:
- key exchange
- authentication
- confidentiality
- integrity
- replay prevention

You should aim to address these questions:
- What was your choice of Diffie-Hellman key exchange parameters and what made you select them specifically? Make reference to RFC 3526.
- What was your choice of cipher? What mode of operation does it use? Why did you make these choices?
- How do you prevent attackers from tampering with messages in transit?
- How do you prevent replay attacks?
- Why might we want to allow for peer-to-peer file transfers between bots? What are the advantages and disadvantages to using a central web server (pastebot.net in our case, similar to pastebin.com) to dis- tribute files when controlling a botnet?

- Explain how this botnet, if used in the real world, could be trivially controlled by other hackers or government agencies. How might one attempt to stop it?

8 Marking
While it is important to learn how to write secure code and utilise security protocols, an equally important skill is the ability to read and analyse the code that others have written.

After the due date of this assignment, you will be asked to assess the code of 3 or 4 other groups, and the code that you submit will also be exam- ined by a number of other groups1, as well as being checked by tutors.

Your final mark will be comprised of:
- The quality of your report, as assessed by tutors and dedicated markers, who will look at:
- Have you addressed the topics specified under section 6
- Does the report demonstrate an understanding of underlying cryp- tographic principles
- Is the report concise and professional, with appropriate use of academic language
- An assessment of your code by other class members, verified by tutors, assessing:
- Does it work?
- How strong is the implementation for each security goal?
- Is the code commented and easy to read?
- How well you have assessed other class members
- Code has been assessed
- Marks given are in agreement with other markers (including tu- tors)
- Relevant feedback is provided

Attachment:- Assignment.rar

Reference no: EM131099134

Questions Cloud

Describe the primary activities of the design phase of sdlc : Provide three different options that are available when selecting an identifier for a student entity. What are the pros and cons of each choice? Describe the primary activities of the design phase of the SDLC.
What is the mass of the moon according to these data : what is the mass of the Moon according to these data? G = 6.67 × 10-11 N· m2/kg2
Percentage yield per annum : Sinita bought unit trusts and invested for income. She invested £42,000 in a unit trust with an offer price of £75 per unit, and sold the units after 3 years at the same price. During this period she received income from the units of £9,744. This ..
Process of getting detailed information about jobs : 1. What is the process of getting detailed information about jobs?
Implement key exchange using the diffie-hellman algorithm : Implement key exchange using the Diffie-Hellman algorithm, when peer- to-peer connections are made between bots and achieve confidentiality through encryption of the client-server commu- nications with an appropriate block or stream cipher.
What is the minimum energy expenditure : What is the minimum energy expenditure required for the transfer?
Components of an organization strategic plan : Career development and succession planning are important components of an organization's strategic plan. Do you agree with this statement? Why or why not? In your opinion, what could be the impact of not having a succession plan in an organization..
What is the rejection rule using the critical value : A sample of 50 provided a sample mean of 19.4. The population standard deviation is 2. what is the rejection rule using the critical value? What is your conclusion?
Strategic approach to training is important : Define training in your own words and explain why a strategic approach to training is important. Identify the type of analysis you would use to determine training needs in your organization and explain why it is appropriate.

Reviews

Write a Review

Python Programming Questions & Answers

  Write a recursive function that takes in a list

For this part of the homework, you will write a recursive function that takes in a list of positive integers as a parameter, and prints out the maximum value in that list. Your recursive function should be called maxInt().

  The interest rate per period

The interest rate per period. For example, if your loan's interest is 6.5% per year, and you are paying monthly, this would be 6.5%/12. If you are paying every two weeks, r would be 6.5%/26, because there are 26 two-week periods in a year.

  Segment that prompts the user for an arithmetic operator

The variables x and y refer to numbers. Write a code segment that prompts the user for an arithmetic operator and prints the value abtained by appying that operator to x and y.

  Implement a simplified version of ssl

COMP 4337/9337 - Securing Wireless Networks - Implementation Assignment - Implement a simplified version of SSL/TLS (miniSSL) and a sim-plified application-layer protocol (miniGet) in this project.

  Implement functions for insertion sort

Implement functions for Insertion sort and bubble sort in python programming language and a function that calculates the function execution time.

  Let ll be a list of integers

Let LL be a list of integers. Use list comprehension to produce teh following lists. Each one should just take onel line. Anser questions as two comments.

  Integration of mnch commodities supply chain management

Objective of the study is to examine the outcome of integration of logistic and supply chain management of MNCH commodities on service delivery, specific objectives have been set to achieve the aim of the study.

  The initial number for generating the sequences

Then, after the functions, read in the initial number for generating the sequences. Here, check that it is a positive integer. If it is not, give an error message and exit the program.

  Email spam filter

Analyze the emails and predict whether the mail is a spam or not a spam - Create a training file and copy the text of several mails and spams in to it And create a test set identical to the training set but with different examples.

  Assume that the variables gpa , deanslist and studentname

Assume that the variables gpa , deansList and studentName , have been initialized. Write a statement that adds 1 to deansList and prints studentName to standard out if gpa exceeds 3.5.

  Write a python program that computes the mean, median, mode

How to write a python program that computes the mean, median, and mode?

  Create functions to simplify your code

Create functions to simplify your code. If you find yourself writing the same code over and over again, it should probably be made into a function.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd