UFCFT4-15-3 加密系统算法

MODULAR PROGRAMME
COURSEWORK ASSESSMENT SPECIFICATION

Module Details
Module Code
UFCFT4-15-3 Run sem 3
FIRST SIT 2023/24 Module Title
Cryptography
Module Leader
Module Tutors
SM LAU
Component and Element Number
Program (including source code and executable) and Individual Report Weighting: (% of the Module’s assessment)
75%
Element Description
Implementation of what have learnt in the module in terms of programs and research of topics expressed in a report Total Assignment time
20 hours

Dates
Date Issued to Students
(To be confirmed) Date to be Returned to Students
TBC
Submission Place
SHAPE MOODLE Submission Date:
27-August-2023
Submission Time:
23:55

Deliverables
Program Sources, Compiled Programs, Report

Module Leader Signature

Contents
1. Overview of the Assignment
2. Task A
3. Task B
4. Task C
5. Report Requirements
6. Deliverables and Demonstration
7. Plagiarism
8. Marking Criteria

1.Overview of the Assignment
This is an individual assignment.
Module learning outcomes are described in the module specification and the ones that are relevant to this assignment are:
Understand and manipulate the mathematical and theoretical methods on which designs are based.
Implement algorithms and protocols for particular coding schemes, recognising the need for efficiency in terms of delay, throughput, jitter, computing resources and quality of service.
Use cryptographic and coding classes available in modern programming language environments, such as Java Security, to implement secure applications
Evaluate the performance of various coding schemes under application load and change configuration parameters to optimise them
Explain the strategies that need to be employed whilst attempting to break a cipher.

This assignment requires you to work on four programming tasks and to run the programs for data collection and subsequent analysis. You are then required to write a report to discuss your findings in the empirical studies. The programming tasks, presentation plus demonstration, and the report contribute 60%, 10% and 30% of the marks in this coursework, respectively.

Working on this assignment will help you to consolidate your understanding of the material that is presented in the lecture. You will also improve your general software development and problem solving skills. If you have questions about this assignment, please send email to the lecturer and discuss them in tutorials.

2.Task A – BCH Error Detection and Correction
You are required to develop a program for implementing BCH(10, 6) codeword generation, error detection and error correction.
The program performs the followings:
Asks whether codeword generation or codeword verification is needed
For codeword generation (encoding),
oinputs a 6-digit decimal value, and
ooutputs a 10-digit codeword with the checksum digits appended.
For codeword verification (decoding),
oinputs the codeword received by a recipient, and
oreports if the codeword is correct, or else outputs the corrected codeword.
oIf the codeword cannot be corrected, outputs a warning message.

Sample executions of the program follows. User inputs are highlighted in italics.

c:\> java BCH
Encoding (e) or Decoding (d)? e
Input value? 888888
Codeword = 8888880747

c:\> java BCH
Encoding (e) or Decoding (d)? d
Received codeword? 8899880747
The syndrome vector is (2, 7, 3, 3)
P = 10, Q=7, R=10
The codeword has a double-error at position 3 and 4 and is corrected as: 8888880747.

You are free to change the dialogue to make the program more easy and intuitive to use. The above are just samples to facilitate your understanding on the requirements.

Further note on program development: While you are advised to use the Java language to implement the program, you are free to use any programming languages that you feel competent and comfortable. However, the algorithms and calculation steps are to be implemented with your own program statements, rather than calling ready-to-use libraries/APIs.

3.Task B – Dictionary Attack
You are required to develop a program
Task B Program 1 – Building a dictionary for password attack
You are required to develop a program for building a dictionary (in form of a plain text file) that stores the password strings and corresponding hash values. Details below.
A password has a length of 4 characters (in 8-byte ASCII)
Alphabet of a password is limited to {a, b, c, …, y, z}, altogether 26 characters.
MD5 is used as the hashing algorithm.
The total number of possible passwords = 264 = 456976
Number of bytes in each dictionary record = 4 + (128 bits / 8) = 20 bytes
Size of dictionary = 456976 * 20 = 8.7 Mbytes

NOTE: (1) Each row contains only a password and a hash value. There is no need to have separation character between the two. It is fine if you wish to have but this may cause some additional storage requirements. (2) If you have a newline character at the end of each row, the dictionary consumes additional 456976 bytes.

Task B Program 2 – Using the dictionary to hack a password
You are required to write a program for the user to enter the hash value. Your program then searches the dictionary you built above to find out the corresponding password. You may consider using some ways to speed up the search, as sequential search is obviously not an efficient one.

Sample executions of the program follows. User inputs are highlighted in italics.

c:\> java DicAttack
Hash value in Hex? CBA20C8E9943D2B98E1C66E18A9CD62A
Cracking…please wait……
Password is abbd
Time needed: 10130 ms

You are free to change the dialogue to make the program more easy and intuitive to use. The above is just a sample to facilitate your understanding on the program requirements.

4.Task C – RSA Cryptanalysis
You are required to develop a program to perform RSA cryptanalysis. The program reads from the user a public key {e, n} and finds the corresponding private key {d, n} and reports the time needed. A time-out feature should be implemented in your program if the cracking process takes too long.
Sample executions of the program follows. User inputs are highlighted in italics.

c:\> java RSACrack
Public key value e? 5
Public key value n? 119
Cracking…please wait……
Private key {d, n} = {77, 119}
Time needed: 102820 ms

You are free to change the dialogue to make the program more easy and intuitive to use. The above is just a sample to facilitate your understanding on the program requirements.

Further note on program development: While you are advised to use the Java language to implement the program, you are free to use any programming languages that you feel competent and comfortable. You are NOT allowed to use Java class KeyPairGenerator and its related classes. Instead, you are required to implement the cracking algorithm on your own using basic programming constructs. If needed, you may use the Java class BigInteger for implementation.

5.Report Requirements
General Requirements
The program must be professional formatted with high clarity and neatness. References and proper citations must be included. Clear instructions on how to install and run the programs should be included as an appendix. Essential sections such as coverage page, table of contents, references and appendix are to be included. All major sections and sub-sections must be numbered.
Below is a suggested report structure (For your reference only. You may change it according to your own writing logic and style):
Cover page
Table of contents
1.Task A – BCH Error Detection and Correction
2.Task B – Dictionary Attack
3.Task C – RSA Cryptanalysis
References
Appendix A
Specific Requirement for Task A (BCH)
Provide an overview on what BCH is and what it can do.
You are not required to explain how the generator matrix G and the parity check matrix H are generated and used, nor how the syndrome vector is derived.
Your discussion should focus on how the four possible cases when decoding a codeword are identified and how a codeword is corrected (if it can be) by using the syndrome vector. (The four possible cases are: no error, single-error, double-error, more than two errors.)

Specific Requirement for Task B (Dictionary Attack)
Provide an overview on what Dictionary Attack is.
Explain in details the dictionary structure. How the passwords and hash values are stored? Is there any delimiter to separate a password and the corresponding hash value? Is there any delimiter to separate each record?
Explain how the rows are being ordered in the dictionary file. Is there any special design to facilitate searching?
Explain the searching steps. Is sequential search from top to bottom or any other search algorithm, such as binary search, being used?
Discuss the effect of increasing password alphabet size and increasing password length on the size of a dictionary, and thus also the average cracking time needed.

Specific Requirement for Task C (RSA Cryptanalysis)
You are not required to explain the technical details of the RSA algorithms. Instead, you should focus on analysing the time needed for cracking the key when the values of e and n become larger and larger. (You may wish to visit https://en.wikipedia.org/wiki/List_of_prime_numbers or other online resources for a list of prime numbers.)
You have to record the experimental results with Excel spreadsheets. Make sure that you organize the spreadsheets neatly with clear remarks so that the marker can trace how you designed your experiments. You have to submit the Excel file to Moodlesp for inspection.
You need to analyse the experimental results. In particular, what is the trend in the time needed to crack a public key when the prime values are getting larger and larger? What is the subsequent implication on the trend in practical usage?

6.Deliverables and Demonstration
Students are required to submit the following through Moodlesp:
1.Presentation PPT
2.Report (in MS-Word or PDF format)
3.Complete source code and executable (each task in a separate folder labelled as TaskA, TaskBP1, TaskBP2, and TaskC). Compress all folders into ONE SINGLE .zip file (no RAR, no 7-zip).
4.Experiment results for Task C in Excel format.

For presentation: You are required to deliver a presentation of 5 minutes, showing what you have done in this coursework (all tasks are to be included) and the key findings in your empirical study in Task C.

For demonstration: Testing instructions will be released after the submission deadline. You have to follow the instructions to test your programs during a live demonstration.

7.Plagiarism
While it is acceptable to discuss with your peers, this coursework is strictly an individual work. Works that are substantially similar will be subject to investigation according to University regulations. Directly copying entire lines of code from the Internet or other public sources is strictly forbidden. You may use partial lines of code from the Internet. However, you must clearly reference the source.

Appendix - Marking Criteria

0-19% 20-39% 40-49% 50-59% 60-69% 70-100%
Task A:
BCH Error Detection and Correction’

(15 marks) Little or no attempt at the task Only produced partial code for some minor functions. For example, generating BCH(10,6) code but missing error detection/correction Can detect and correct both single error and double errors for some simple cases. But code still contains logic errors and generates incorrect outputs Can detect and correct single and double errors for all test cases, but failed to detect cases with more than two errors Can detect and correct not only single error and double errors but also identity cases with more than two errors. Code is almost perfect but it fails to pass a few more complex cases. Fully working and passing all random tests cases. With comprehensive checking for input errors etc.
The code is robust and efficient.
Task B Program 1:
Building dictionary

(15 marks) Little or no attempt at the task The code can’t compile, but it shows some correct understanding on hashing. The code is able to generate some correct hash values but not all possible strings are included. The dictionary may have some incorrect structure. The code is able to generate hash values for all possible strings but the ordering may make the searching steps difficult (e.g. the strings are not being ordered appropriately in the dictionary file). The code is able to generate hash values for all possible strings with careful thought on how the rows (string + hash value) are ordered to facilitate searching during password cracking. On top on those characteristics for the mark range 60-69%, there are some careful thoughts on the file structure to try minimizing the file size (e.g. without the use of delimiter nor newline/carriage return).
Task B Program 2:
Password cracking

(15 marks) Little or no attempt at the task The code can’t compile, but it shows some correct understanding on how a dictionary can be employed for password cracking. The code is able to return the correct result for some but not all test cases. The code is able to return the correct result for most test cases, with only one or two failures. The code is able to return the correct result for all test cases. On top on those characteristics for the mark range 60-69%, there are some careful design in dictionary structure to facilitate efficient dictionary search (e.g. binary search)
Task C Program 3:
RSA Cryptanalysis

(15 marks)
Little or no attempt at the task The code can’t compile but it shows some effort and understanding in the cryptanalysis process. The code can break some RSA keys but not all, even some cases with small key values failed. The code can break most test cases but fail in some boundary test cases, possibly those with large key values. The code can break all test cases but may not run efficiently. The code breaks all tests cases including those with large key values. For those exceptionally large key values, a graceful way to terminate the execution is provided.
Presentation & Demonstration

(10 marks) Little or no attempt at the task Presentation contents are superficial without explaining the mission of the tasks clearly, nor proper presentation/analysis of the empirical results. Poor communication skill. Some background information, design of experiments, results and analysis are presented but not in-depth enough. Weak analysis and insufficient effort in preparing the presentation. Reasonable details in the presentation contents. Able to identify key contents to be delivered in the presentation and demo. Fair communication skill. In depth presentation to cover all important contents but not overwhelming. Concisely and precisely provide a whole picture of the tasks, experiments and findings. Good communication skill and able to interact with the marker. Excellent presentation and demonstration. Self-motivated to drive the entire demonstration. Excellent preparation in demo steps and able to discuss the findings.
Report

(30 marks) Little or no attempt at the task. No discussion; no results and/or analysis. Little evidence of insight into the implications of the work completed Poor design of experiments that cannot provide insights or implications. Bad presentation of experiment results and poor discussion and analysis.
Experiments were performed but not comprehensive enough to provide adequate amount of results for meaningful analysis and discussion. Only minimal work in the analysis and discussion. Adequate amount of experiments and empirical results to support meaningful analysis and discussion. Reasonable presentation and analysis of quantitative results. Discussion is reasonable but not very comprehensive. Comprehensive and carefully designed experiments. Clear and appropriate presentation of empirical results. In-depth analysis and discussion with good reference to the theoretical/mathematical principles behind.

An excellent discussion of what was learnt through the experiments, possibly with some “suggestions” on how to improve security level with support from the findings. Results are well-presented and analysed in depth. All programming tasks are completed.