Encryption-decryption algorithms and aes, Software Engineering

Introduction

The goal of the assignment is to build functionality on top of twitter that allows you to encrypt tweets to subgroups of your twitter

Background Material

Rather than completely rebuild twitter, we will use several useful tools to build our encrypted tweet system, so you should familiarize yourself with these before you get started. We list these here:

encryption/decryption algorithms you'll be running for the assignment.

GreaseMonkey: GreaseMonkey is a Firefox add-on that allows users to write scripts that change HTML content on-the-fly. This assignment will consist of a single GreaseMonkey script (most of which has already been done for you), so you will need to download GreaseMonkey and obtain some minimal understanding of how it works.

AES:

The large chunk of the assignment will involve building secure primitives with the Advanced Encryption Standard (AES). While no one knows exactly why AES is difficult to break, you should be somewhat familiar with how it works.

Pseudorandom Number Generator: Spoiler alert: at some point in the assignment, you will need to use a PRG. Understanding how these work will make this portion of the assignment much easier for you to understand.

Pseudorandom number generator wiki:

Message authentication code: Used to provide message integrity, these are just short bit strings used to verify that a message actually came from the purported sender. It may be helpful to understand what they do.

Chosen plaintext attack security: This is one model of security that cryptographers use to show properties of various cryptographic schemes.

IND-CPA: You need to understand it in order to complete this assignment.

Assignment Details

Let's get to the nuts and bolts of the assignment. As we have already established, you will be building an encrypted twitter system. But wait, good news! Most of this has already been done for you. If you look through it, you'll see there are five functions that you are responsible for completing: Encrypt, Decrypt, GenerateKey, SaveKeys, and LoadKeys(All available in started code). These are in the very first section of the code and it should be clear to see what to do with each one.

We will be doing more than basic encryption and decryption for one twitter account, though. In addition to this basic functionality, you will need the notion of groups. You will be able to create multiple groups, and assign each person following your tweets to a group. You will have a separate secret key for each group, so that people in one particular group cannot see tweets meant for another. Thus, you can update your family with "studying so hard omg lol omg lol" and your friends with "keg to finish, come now" and no one will be the wiser.

Hopefully it should be intuitive at this point what needs to be done. However, we will now specifically spell out the requirements. The specific requirements  are as follows:

Maintain a secure database of other people you are following on twitter that are using your encrypted key system. This entails: Securely storing each user, their key, and their group assignment for you (using the SaveKeys function and any helper functions that you deign to write). Note that there is UI framework in the code that eliminates all of the display issues, you only need to focus on the security/cryptography issues. You can find this UI framework in the code and under Settings on twitter.

{ Securely loading all of these things (using LoadKeys and whatever helper functions you choose) from a data store.

The database security can be a little thorny: obviously, if someone has taken over your browser, then they can get your keys and you are hosed. Thus, our requirement for the database security is that any attacker who has access to all of your stored material must not be able to learn any significant information about any of your keys. This means that an attacker that sits down at a computer you were using after you have closed the browser cannot get your keys (which are awesome if you have to share a computer).

Maintain a secure database of your groups and their respective keys. Thus you must:

Securely store/load each of these with the other sensitive data mentioned above Provide a function to generate keys for the user.  Note that these keys need to be indistinguishable from random. Remember, calling a function in the javascript math library is not indistinguishable from random.

Build encryption and decryption functions that provide CPA security for tweets.

This should be straightforward enough, but note that you are required to build on top of the AES protocol provided in the script. Do not attempt to implement RSA or Die- Hellman or some other protocol | it will probably not be a secure implementation and will take you much longer than doing it this way. { Why CPA security? If someone can predict or inuence your tweets, then this is a nice feature to have.

The requirements for message integrity are:

Build a MAC system based on the AES implementation given to you.

Note that you are NOT allowed to use the SHA-256 implementation lurking in the bottom of the script. The point of the assignment is to understand how to build primitives.

Use your MAC system to authenticate tweets. Use your MAC system to make sure keys in the key store haven't been changed between program runs.

Posted Date: 3/1/2013 7:36:08 AM | Location : United States







Related Discussions:- Encryption-decryption algorithms and aes, Assignment Help, Ask Question on Encryption-decryption algorithms and aes, Get Answer, Expert's Help, Encryption-decryption algorithms and aes Discussions

Write discussion on Encryption-decryption algorithms and aes
Your posts are moderated
Related Questions
Explain in detail about Black box testing. Black box or behavioural testing focuses on the functional needs of the software. It is applied during the last stage of testing.

Differentiate between functional testing and structural testing. Functional testing also known as behavioural testing or  Black box testing. In this methods, tester design te

data dictionary on library management system

OO system testing is actually identical to its counterpart in the procedural environment.

Q. Define capability. What are the quantities that determine the degree of capability of a software reliability model? Ans: Capability demotes to the ability of the model to

Product metrics: explain the characteristics of the product such as size, complexity, design features, performance, efficiency, reliability, portability, etc.

Mention some of the drawbacks of RAD model. Not suitable for largescale projects. Commitment of developers & customers are required. Not appropriate when technical ris

Question: a. Assume that you have three similar projects, and, in each, the ratios of problems found during system test versus first year in the field have been 1.5, 1.2, and

What is Stress testing - It checks the robustness of application. - It verifies that application consistently provides satisfactory performance under unfavourable and extre

Advantage of software package: Advantages accrue from this situation. Some of these are mentioned below:  i)  An efficient software package requires at least 4 to 5 man yea