Encryption-decryption algorithms and aes, Software Engineering

Introduction

The goal of the assignment is to build functionality on top of twitter that allows you to encrypt tweets to subgroups of your twitter

Background Material

Rather than completely rebuild twitter, we will use several useful tools to build our encrypted tweet system, so you should familiarize yourself with these before you get started. We list these here:

encryption/decryption algorithms you'll be running for the assignment.

GreaseMonkey: GreaseMonkey is a Firefox add-on that allows users to write scripts that change HTML content on-the-fly. This assignment will consist of a single GreaseMonkey script (most of which has already been done for you), so you will need to download GreaseMonkey and obtain some minimal understanding of how it works.

AES:

The large chunk of the assignment will involve building secure primitives with the Advanced Encryption Standard (AES). While no one knows exactly why AES is difficult to break, you should be somewhat familiar with how it works.

Pseudorandom Number Generator: Spoiler alert: at some point in the assignment, you will need to use a PRG. Understanding how these work will make this portion of the assignment much easier for you to understand.

Pseudorandom number generator wiki:

Message authentication code: Used to provide message integrity, these are just short bit strings used to verify that a message actually came from the purported sender. It may be helpful to understand what they do.

Chosen plaintext attack security: This is one model of security that cryptographers use to show properties of various cryptographic schemes.

IND-CPA: You need to understand it in order to complete this assignment.

Assignment Details

Let's get to the nuts and bolts of the assignment. As we have already established, you will be building an encrypted twitter system. But wait, good news! Most of this has already been done for you. If you look through it, you'll see there are five functions that you are responsible for completing: Encrypt, Decrypt, GenerateKey, SaveKeys, and LoadKeys(All available in started code). These are in the very first section of the code and it should be clear to see what to do with each one.

We will be doing more than basic encryption and decryption for one twitter account, though. In addition to this basic functionality, you will need the notion of groups. You will be able to create multiple groups, and assign each person following your tweets to a group. You will have a separate secret key for each group, so that people in one particular group cannot see tweets meant for another. Thus, you can update your family with "studying so hard omg lol omg lol" and your friends with "keg to finish, come now" and no one will be the wiser.

Hopefully it should be intuitive at this point what needs to be done. However, we will now specifically spell out the requirements. The specific requirements  are as follows:

Maintain a secure database of other people you are following on twitter that are using your encrypted key system. This entails: Securely storing each user, their key, and their group assignment for you (using the SaveKeys function and any helper functions that you deign to write). Note that there is UI framework in the code that eliminates all of the display issues, you only need to focus on the security/cryptography issues. You can find this UI framework in the code and under Settings on twitter.

{ Securely loading all of these things (using LoadKeys and whatever helper functions you choose) from a data store.

The database security can be a little thorny: obviously, if someone has taken over your browser, then they can get your keys and you are hosed. Thus, our requirement for the database security is that any attacker who has access to all of your stored material must not be able to learn any significant information about any of your keys. This means that an attacker that sits down at a computer you were using after you have closed the browser cannot get your keys (which are awesome if you have to share a computer).

Maintain a secure database of your groups and their respective keys. Thus you must:

Securely store/load each of these with the other sensitive data mentioned above Provide a function to generate keys for the user.  Note that these keys need to be indistinguishable from random. Remember, calling a function in the javascript math library is not indistinguishable from random.

Build encryption and decryption functions that provide CPA security for tweets.

This should be straightforward enough, but note that you are required to build on top of the AES protocol provided in the script. Do not attempt to implement RSA or Die- Hellman or some other protocol | it will probably not be a secure implementation and will take you much longer than doing it this way. { Why CPA security? If someone can predict or inuence your tweets, then this is a nice feature to have.

The requirements for message integrity are:

Build a MAC system based on the AES implementation given to you.

Note that you are NOT allowed to use the SHA-256 implementation lurking in the bottom of the script. The point of the assignment is to understand how to build primitives.

Use your MAC system to authenticate tweets. Use your MAC system to make sure keys in the key store haven't been changed between program runs.

Posted Date: 3/1/2013 7:36:08 AM | Location : United States







Related Discussions:- Encryption-decryption algorithms and aes, Assignment Help, Ask Question on Encryption-decryption algorithms and aes, Get Answer, Expert's Help, Encryption-decryption algorithms and aes Discussions

Write discussion on Encryption-decryption algorithms and aes
Your posts are moderated
Related Questions
Determine the Latest trend in software engineering Latest trend in software engineering includes the concepts of software reusability, reliability, scalabilityetc. More and mo

What is Prototype Prototype is developed so that customers, developers and users can learn more about problem. Hence prototype serves as a mechanism for identifying software r

CARS-LMS: In this section let us try to learn about a different software package, which is commonly used in some of the libraries abroad. The package is known as CAIRS/LMS or

Q. Explain the software life cycle model that incorporates risk factor. Ans. The problem with traditional software process models is that they don't deal sufficiently with th

Q. What is Equivalence Partitioning? Equivalence Partitioning:-Equivalence partitioning is black box testing method that divides the input domain of a program into classes of d

#questionFrame Diagrams We discussed the importance of framing a problem in order to understand the problem better and be able to develop a solution more quickly and easily. In thi

Q. What is Common coupling? Common coupling: With general coupling module A and module B have shared data. Global data areas are usually found in programming languages. Formu

Q. Write short notes on Quick-fix Model? Quick-fix Model: This is the simplest model utilized for the maintenance of the software. In this model modification at the code level

Q. What do you mean by Core dumps? Core dumps are a repairing technique. A printout of all applicable memory locations is obtained and studied. All dumps must be well documente

Explain Control Structure Testing Ans) Due to basis path testing alone is insufficient, other methods should be utilized. Condition testing can be utilized to design test cas