jueves, 8 de noviembre de 2012

Screen cast

Blabla, futura investigación

jueves, 1 de noviembre de 2012

Steganography (Program 4)


Hi, this is a post to explain how to put mi message in the three images, the method that i used is the LSB (Less Significative Bit).
The method LSB (as your name says) modifies the last (less significative) bit of a string of bits. 

Ok, the library used in my program is called Image, this library allows me work easier with the pixels of the images, for example the function size returns the size(obviously) of the complete image(it helps to make a path of all the image). Image library contains the put.pixel() function to draw a new image whit the parameters that you wish.
In my code you will understand all these things easier and faster.

This is an example how mi program works...

Firstly makes a list with the content of all the binaries values of the message, for example let's to suppose letter 'a' is equal 1001011, and the first pixel of my image (in RGB format: 30,45,10) is (0011110, 0101101, 0001010), so i replace each bit of the string of bits of the letter 'a' in the last bit of the RGB value.

Like this : 

Old RGB value ---> (0011110, 0101101, 0001010)
Letter 'a' (is not the correct binary value of 'a' but is an example!!!):   1001011

New RGB value ---->  (0011111, 0101101, 0001010)

Ok, this is my code: 

It only fail when there are spaces in blank(" ") .
Any doubt you can leave it in comments.

miércoles, 31 de octubre de 2012

Program 4


Hi there, this is my post for the homework(program number 4), my 6 images are the next:
3 of the 6 images(from internet to make it easier :P) have the message, so  let's to hack :P

arsenalforever :)

miércoles, 24 de octubre de 2012

Extra Points

Quantum stream cipher based on optical communications

Hello, for extra points i investigated about quantum stream cipher based on optical communication.

There is no much information about this topic (at least i did not find too much information) but, i found a notice about  Yuen protocol, Yuen protocol or Y-00 can realize a randomized stream cipher with high bit rate(Gbps) for long distance(several hundreds km). The randomized stream cipher with randomization by quantum noise based on Y-00 is called quantum stream cipher and it may have security against known plaintext attacks which has no analog with any conventional symmetric key ciphers.

In other publication of this notice i found that Y-00 is a physical cipher that has a possibility to avoid the decipher and hence it is a promising candidate to realize secure networks. The key to success of high capacity transmission was the use of wavelength division multiplexing (WDM) scheme.

Four lights with different wavelengths each carrying 10-Gbit/sec Y-00 encrypted optical signals were multiplexed into an optical fiber to attain the aggregate capacity of 40 Gbit/sec. In the experiment, it has been proved that the transmission capacity of Y-00 signals was increased by employing the WDM (Wave Division Multiplexing, this is a technology of transmission in optical fiber) scheme. The capacity can be further increased with use of more number of lights with different wavelengths. The result made a step closer to practical use of Y-00 stream cipher in the real network services. 

Tamagawa University is advancing the research on developing a cipher that is capable of disabling the decipher and realizing secure communications. The University aims at practical use of the cipher in a network to realize the unbreakable system. The quantum noise randomized stream cipher, Y-00, the University is developing is categorized into the multi-level intensity modulation from the viewpoint of modulation scheme. That is, it features that Y-00 requires no excess bandwidth. Therefore, the transmission capacity has been expected to increase with the WDM scheme that multiplexes the lights in wavelength. The scheme is widely utilized in the modern optical fiber communication for high capacity transmissions.

I know this is a short post, but i did not find more information, altough i´m not sure this is the correct topic cause i didn't prompt the the topic :S

Any doubt you can leave it in comments, however you can find more of this information in the next links(bibliography).



Report 3

Stream Cipher

Hi, this is the report 3, this report is about stream ciphers, the teacher let us choose a stream cipher, i choose Phelix Stream Cipher.

The total homework is:

- Choose a stream cipher.
- Describe its operation.
- Describe known attacks and vulnerabilities.

Ok, firstly i'm going to explain what the hell is a stream cipher and then i will conclude explaining  the stream cipher that i choose (Phelix).

Stream Cipher

Stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream.. In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the cyphertext stream. An alternative name is a state cipher as the encryption of each digit is dependent on the current state. In practice, a digit is typically a bit and the combining operation an xor

The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers. The seed value serves as the cryptographic key for decrypting the ciphertext stream.



Ok, now Phelix is a high speed stream cipher with a built-in single-pass message authentication code (MAC, don't confuse with Mac address hehe) functionality. Phelix was submitted in 2004 by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller.

Phelix operation is as follows:

The origin of Phelix is a modified form of Helix (another stream cipher), is the strengthened version of Helix.

Phelix uses a 256-bit key and a 128-bit nonce. The key is secret, and the nonce is typically public knowledge. Phelix is optimized for 32-bit platforms; all operations are on 32-bit words. The only operations used are addition modulo 2^32, exclusive or, and rotation by ¯xed numbers of bits. The design philosophy of Phelix can be summarized as many simple rounds.

Phelix has a state that consists of nine words of 32 bits each. The state is broken up into two groups: 5 "active" state words, which participate in the block update function, and 4 "old" state words that are only used in the keystream output function. A single round of Phelix consists of adding (or xoring) one active state word into the next, and rotating the first word. This is shown in Figure 1, where the active state words are shown as vertical lines. Multiple rounds are applied in a cyclical pattern to the active state. The horizontal lines of the rounds wind themselves in helical fashion through the active state words. Twenty rounds make up one block (see Figure 2). Phelix actually uses two intertwined helices; a single block contains two full turns of each of the helices. 

I made a diagram to explain better the previous explanatio (is very simple, but it help to understand easily).

During each block, several other activities occur. During block i, one word of keystream is generated (Si), two words of key material are added (Xi;0 and Xi;1), and one word of plaintext is added (Pi). The output state of one block is used as input to the next, so the computations shown in ¯gure 2 are all that is required to process 4 bytes of the message. As with any stream cipher, the ciphertext is created by xoring the plaintext with the keystream.

At the start of an encryption, a starting state is derived from the key and nonce. The key words Xi;j depend on the key, the length of the input key, the nonce, and the block number i. State-guessing attacks are made more di±cult by adding key material at double the rate at which key stream material is extracted. At the end of the message, some extra processing is done, after which a 128-bit MAC tag is produced to authenticate the message.


A Phelix encryption is started by setting

Z^(-8) := K(j+3) "XOR" Nj         for j = 0, ... ,3

Z4^(-8) := K7

Z4^(i) := 0                                   for i = -12, ... , -9

Pi := 0                                         for i = -8, ..., -1

Eight blocks are then applied, using block number i = -8, ... ,-1. For these blocks, the generated keystream words are discarded.


After the initialization, the plaintext is encrypted. Let k := [(L(P) + 3)/4] be the number of words in the plaintext. The encryption consists of k blocks numbered 0 to k -1. Each block generates one word of keystream, which is used to encrypt one word of the plaintext. Depending on L(P) mod 4, between 1 and 4 of the bytes of the last keystream word are used.

Computing the mask

Just after the block that encrypted the last plaintext byte, one of the state words is modified. The internal state word Z0^(k) is xored with the value 0x912d94f1.

Using this modifed state, eight blocks, numbered k; ... ,k + 7 are applied for post-mixing. For these blocks, the plaintext word Pi is defined as L(P) mod 4, and the generated keystream is discarded . After the post-mixing, four more blocks, numbered k + 8, ... , k + 11, are applied, using the same plaintext input word (i.e., L(P) mod 4).


Decryption is almost identical to encryption. The only diferences are:

-The keystream "Si" generated after the first application of the H function in each block is used to decrypt the ciphertext, producing the plaintext word that is used in the second application of the H function within the block. The implementation must insure that any unused bytes of the final plaintext word are taken as zero for purposes of computing the block function, regardless of value of the extra keystream bytes.

- Once the tag has been generated, it is compared to the tag provided. If the two values are not identical, all generated data (i.e., the keystream, plaintext, and tag) is destroyed.

The keystream words generated by these four blocks form the MAC tag.

Attacks and vulnerabilities. 

- Only bruteforce attack is proved to be possible till now.

- Salehani, Ahmadi claimed an attack but later withdrew the claim.

- Wu,Preneel pointed out attacks against senders who do not follow the Phelix specifcation.

pyPhelix (library in python)

A very nice nice library of python of this stream cipher is  pyPhelix, you can found more information, and examples in this site (it is very good, i recomend it): http://www.seanet.com/~bugbee/crypto/phelix/

This is a very simple example of Phelix stream cipher implementation:

I can't run the program cause i had a lot of problems compiling pyPhelix.c file(this file is necessary compile it to import pyPhelix library).
There is no much information about pyPhelix :(



If you have any doubt you can leave it in comments.


miércoles, 17 de octubre de 2012

Report 2


Hi, this is the report number 2, in past week we talked about the block ciphers.
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data.

When performing encryption, block cipher unit takes as input a block of plaintext (or light) and produces a block cipher of equal size. The exact transformation is controlled using a second input: the secret key provided by the user.

To perform the reverse process, decryption, entering a ciphertext block and produces original plaintext.

The block cipher encryption differs from the flow (stream ciphers) in that, in the latter, operates in individual digits one by one, and the processing varies during the encryption process.

The type of block that i chose is the Skipjack cypher.


Skiperjack origin

Skipjack was developed in the USA by the NSA (National Security Agency) initially for Clipper and Capstone chips. The design began in 1985 and completed its evaluation in 1990.

The purpose of Skipjack

The main purpose of skipjack is for militar application, Skipjack was used in hardware stuff (microchips).

Skipjack is a symmetric cipher using 64-bit blocks and a 80-bit key. It was used in the Clipper program (draft chip) but he had the key holder (key escrow) built (the keyring was part of the key exchange mechanism and no data encryption).

It is slower than Blowfish and AES any of the proposals, but still and is twice faster than DES 32-bit micros. It's fast when used in smart cards and efficient in hardware.

How Skipjack works (with example)

Ok, first, we are going to talk about the design principles:

-Symmetry in encryption & decryption, protects against choosen plaintext and chosen ciphertext attacks.

- Not too much Symmetry. Symmetry is broken with round counters. protects against symmetry based attacks.

- 80-bit Key. Effective size against differential & linear attacks.

Skipjack works with:

*64-bit block size and 80-bit key

*32 rounds , composed of round functions
*Two round functions RuleA, RuleB and their inverses (decryption)

Ok, let´s to see the Skipjack cipher operations (and decipher too).

W1 is the first quarter of the block, W2 is the second quarter and successively, it means each W has 16 bits,

Skipjack has 32 rounds. These rounds are of two types, A and B. A type A round proceeds as follows:

The first quarter of the block (called W1) is enciphered by the "G permutation", which is actually a four-round Feistel cipher. The result, and the round number (where round numbers go from 1 through 32), are XORed with the fourth quarter of the block (W4). Then each quarter of the block is moved to the next position; W1 to W2, W2 to W3, W3 to W4, and W4 back to W1.

A type B round proceeds as follows:
The second quarter of the block (W2) is XORed with the round number and the first quarter of the block (W1). Then the first quarter of the block is enciphered by the "G permutation". Again, each quarter of the block is moved to the next position; W1 to W2, W2 to W3, W3 to W4, and W4 back to W1.

The rotation of quarters of the block is not omitted after the last round. The 32 rounds of Skipjack consists of eight type A rounds, eight type B rounds, eight type A rounds, and eight type B rounds. Note that by having a type A round first, and a type B round last, the form of the first quarter on the "inside" is XORed with one of the other quarters in the first and last rounds.
Permutation G is a four-round Feistel cipher, involving dividing its 16-bit input into two 8-bit halves. Like DES, the left half of the block is not changed in each round, but acts as input to the f-function, the output of which is XORed to the right half. Unlike DES, the two halves are swapped after the last round (as the algorithm has only four rounds, all four iterations of the f-function can be illustrated, going alternately from right to left, and then from left to right; in that form, no swaps at all are required).

The f-function of the G permutation is as simple as one might expect for an f-function only 8 bits wide: the input is first XORed with the current round's subkey, and then the result is substituted according to a lookup table, called F.
The subkeys for G, each one byte long, are simply four consecutive bytes of the 80-bit key. The first four bytes are used in the first round, the next four bytes in the second, the last two bytes followed by the first two bytes in the third, and so on.

The images of the previous explanation are the following:

Rule A, and B previously commented, and A^-1, B^-1 (it means the inverse, decipher)

Permutations to cipher and decipher (G, and G^-1 )

Decipher (previous images illustrate the decryption too)

For decipherment, each round is replaced by a corresponding deciphering round, and these rounds are, of course, executed in the reverse of the enciphering order.
The deciphering equivalent of a type A round is as follows:
The first quarter, W1, is XORed with W2 and the round number (rounds now counting down from 32 to 1). Then the second quarter, W2, is subjected to the inverse of the G permutation. Then, each quarter is moved to the position of the preceding one; W1 to W4, W2 to W1, W3 to W2, and W4 to W3.
The deciphering equivalent of a type B round is the following:
The second quarter, W2, is subjected to the inverse of the G permutation. The third quarter, W3, is then XORed with the round number and the changed value of W2. Again, each quarter is moved to the position of the preceding one; W1 to W4, W2 to W1, W3 to W2, and W4 to W3.
The deciphering equivalent of the G permutation involves using the four subkeys in reverse order - and reversing the roles of the right and left halves of the 16-bit quarter block.

Attacks and vulnerabilities

Algorithm is a high risk, which means that there was a high risk that was committed. Therefore, it is unlikely that the NSA put in him their most secret designs.
It not takes a lot of time the key prepararación, the size of the key is small (80 bits).

Skipjack was declassified in order to facilitate finding private companies to manufacture devices using that algorithm for use by the U.S. Government. Some people have called attention to the fact that only a short time previously, government spokespersons were saying that the disclosure of that algorithm would harm national security.
However, I have noted that the inconsistency involved may be more apparent than real. Between the statements cited, and the declassification of Skipjack, a paper was published by an academic researcher noting that Feistel ciphers of a particular type, specifically those in which the f-function was itself a series of Feistel rounds, could be proven to be immune to differential cryptanalysis.
SKIPJACK, although not precisely of that type, is closely related: one of the four subblocks undergoes Feistel rounds, but in addition to the result being used, as an f-function output, on another subblock, the subblock is also retained in its modified state.

The book "Top Secret Intranet", reveals that SKIPJACK was considered adequate to safeguard information classified SECRET but not information classified TOP SECRET.


* Less diffusion in B rounds and A-1 rounds

* Bad interactions between the round-types
* A one bit difference in input to the F Table may cause a difference of only one bit in its output
* Eli Biham had shown an attack on 31 round skipjack using impossible differentials
* Less security margin

Some of code in Perl (obtained from this webpage: http://search.cpan.org/~jcduque/Crypt-Skipjack-1.0.2/Skipjack.pm
). It was not made for me, but if you want to study the code you can visit the webpage, it is more explicit in the webpage.


    use diagnostics;
    use strict;
    use warnings;
    use Crypt::Skipjack;

    # key must be 10 bytes long
    my $key = "0123456789";

    my $cipher = new Crypt::Skipjack $key;

    print "blocksize = ", $cipher->blocksize, " bytes \n";
    print "keysize = ", $cipher->keysize, " bytes \n";

    # block must be 8 bytes long
    my $plaintext1 = "abcdef01";

    my $ciphertext = $cipher->encrypt($plaintext1);
    my $plaintext2 = $cipher->decrypt($ciphertext);

    print "Decryption OK\n" if ($plaintext1 eq $plaintext2);


miércoles, 19 de septiembre de 2012

Program 3 RSA

Implementing RSA algorithm in a HTTP Server(Authentication)

Hi there, in this homework we made a HTTP authentication implementing RSA algorithm.
This homework is similar to the past homework, but in this case we implemented the RSA algorithm in a HTTP server, but both are authentications.

Ok, i'm gonna explain what i made, and what do my programs :P.

Firstly i installed LAMP in my computer, to get PHP and Apache(is the important for this homework), cause i developed almost all the homework in PHP, just the "r" generator was developed in Python.
Ok, the next are the codes of PHP, in this case, Cripto01.php, Cripto02.php and Cripto03.php.



Ok, the first code is the main page of the authentication, it just shows you the buttons of Download the code in python to get "r", and the button of Authenticate, Authenticate is the link to the Cripto02.php.

The second code shows you the x value and the textfields to set "r" and your "username".
When you push "send", the php links you to the Cripto03.php code (the last one page).

 The last code(Cripto03.php) just show you the values calculated and the state of authentication (Success or failed)

This is the Python, it is used to get r value, thanks to my friend Avendaño for the help (algoritmo de exponenciación modular).

I got mi d value from de past homework (the past post), this is an image of the calculates:

And this is the screen shot when i calculated "r" value.

This is the link of my work: http://alejandroave.260mb.org/triana/Triana/
I save it in the server of my friend Avendaño because i was a lot of troubles with my server, but it works anyway (i guess) XD.
Any doubt you can leave it in comments

Sorry for my poor english XD

martes, 11 de septiembre de 2012

RSA Authentication

RSA Authentication

Hi, the homework of this week is implement RSA authentication in Python for a client-server system with sockets.

RSA (Rivest, Shamir, Adlemna) algorithm is an algorithm for public-key criptography that is based on the presumed difficulty of factoring large integers, the factoring problem.

RSA Algorithm basicly consists in this:

A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.


So, we (my partners and me) must to implement an authentication using RSA algorithm, and this authnetication will be between a server and a client sockets.

Ok, im going to explain whit an example how works RSA Authentication, let's supose Alice wants to establish a communication with Bob and Alice sends to Bob a communication request, so, Bob responds to Alice sending a random number, lets called x, and Bob generates a "p" and "q" values too (p and q are primes), whit that values he will obtain the value of "n", n = pq.

Ok, Bob will generate "Phi(x)" and "e" value too, Phi(x) = (p-1)(q-1) and "e" value must be a number that is not divisible by a prime number.

So, "e" value will be our public key, we can share "e" value with everyone.

And then from "e" value and Phi(n) Bob must to obtain "d" value, d value is a private key, he don't must to share that value. The value of "d" can be determinated by Euclidean extended algorithm (link for more information: http://es.wikipedia.org/wiki/Algoritmo_de_Euclides)

Ok.... then Alice receives that random value (x) and makes a hash called f(x) or "y", the funtion "y" could be whatever, like f(x) = 3x+5, then with "y" and public key (e) value makes the cyphred message or the cyphred value, with this formula: r = ( y^e) mod (n), and then Alice sends to Bob the value of "r"(message or value cyphred).

Finally Bob decrypts the value using "r" and his public key by the next formula : y = (r^d)mod (n), then if the y decrypted is equal than "y" value generated by Alice, Bob sends to Alice the "Flag" or signal that the request communication is acepted :), if the "y" values are different, Bob will denied the access to Alice :(.

Ok, i made all the algorithm in paper and pencil, including Euclidean extended algorithm, just to probe that all my calculation were good, and mi calculations were good :)

The next image is my calculation of p, q, n, Phi(n), e, and d(using Euclidean extended algorithm):

As you can see, "e" is a value between 1 and Phi(n), so  1=>e>=192, e = 53, n = 221, p = 13, q = 17.

All the next is the Euclidean extended algorithm, and finally beside of "e" value(53) is the "e" value(private key), e = 29.
To probe that "d" is the correct value we can use this formula: e*d = 1mod(Phi(n)). Where the  = operator means "The result to 1mod(Phi(n)) must be the same using (ed)mod(Phi(n))".

In my example "d" value was correct :).

Now with e(public key) and d(private key) values we can make the example of Client-Server (or Alice Bob example :P)

In this example Alice is the client and Bob the server:

As you can see, p, q, Phi(n), n, e and d values are the same that in the past exercise (Euclidean extended algorithm, my idea is to connect all the problem).

So, here in this example is all the theory that i explained  previously.

1 - First the client (Alice) is sending a request to the server (Bob).
2 - Server sends to Client the public key that he generates, and sends the x value too (random value).
3 - Then client generates the f(x) = 3x+5, and x = 2(for this example), so f(x) = 3(2) + 5 = 11.
4 - Then with "y" value the client calculates the r, r = (y^e) mod (n), we must to remember that e is the public key.
5 - Client sends to the sever the value of r and f(x), or y.
6 - Server calculates y, by this formula: y = (r^d) mod (n), d is the private key, the "d"value is just to Server or the person who must to decrypt the values or messages.
7 - If "y" value calculated is the same that the "y" value sent by Client, the communication request is accepted :). If not , the server sends to client the message of "Request denied".

As you can see, my y's values are the same, "y" calculated by Server and "y" sent by Client are 11, that is the reason why i put "Access Acepted".

Next is the same exercise, but in Python code, using sockets:   



But, i have some problems running my code, in specific this: ValueError: invalid literal for int() with base 10.(I will fix this problems, and i will upload the correct code in this post)

These are the screen shots of the program running:

I probe this code of sockets with my partner Pedro, and it works, but you must to change of the ip address, from: "localhost", to: the ip address of your partner.
Any doubt you can leave it in comments.

Cheers ;)

miércoles, 5 de septiembre de 2012

Diffie-Hellman Protocol

Hacking to my partners 

Hi, in the past week class, we saw some key changes algorithms and the homework is about a protocol called Diffie-Hellman Protocol, this protocol is a key establishment between parties who have had no previous contact, using an insecure channel, and an anonymous (unauthenticated).
It is generally used as a means to agree to be symmetric keys used for encryption of a session (session key establishment). Unauthenticated being, however, provides the basis for various protocols authenticated.
The safety is in the extreme difficulty (conjectured, not proven) to compute discrete logarithms in a finite field.

Ok, the protocol consists in 2 persons (or machines, whatever) and one Hacker, so one of the 2 persons (any person) establishes a number "p"(prime number) and a number g( 0, p-1), these numbers must be known also by the other person (Bob), and the Hacker, and then chose a number(any number) called private key(0=>x<=p-1), and generate X (public key) to share it to Bob, and Hacker, this person generally is called Alice, the other person (Bob) must to invent a private key too (y) and genarate Y (public key), then Bob shares X value to Alice and Hacker (hacker generally is called "Eve").

Alice gets the value of X by this formula: X = (g^x) mod (p)
Bob gets the value of Y by this formula: Y = (g^y) mod (p)

Finally when both get the X and Y values, they calculate K value, K value is the number of the key that they will use to establish the secure session (K value must be the same for Alice and Bob, obviously hehe).

Alice get the value of K by this formula: K = (Y^x)mod(p)
Bob get the value of K by this formula: K = (X^y)mod(p)

So my homework is about to get the x,y values (private keys), and K value too.
The method that i used to find all this values was the brutal force.

The values used by my partners were:

p = 7, g = 5, X = 6, Y = 3  

And all the steps that i followed are in the next images (this homework should be on paper and pencil).

In this picture i got the values of X (and Y too) with the possibles values of x(and y too), the possible values of x,y are: 0,1,2,3,4,5,6. Because p = 7, and x,y must be in the range [0, p-1]. After i calculated all the values of X,Y, I quickly realized by comparison (comparing the values ​​of X and Y that I got my team mates) what were the values ​​of x, y. In the next step I checked just getting the values ​​of K.

And in this image i got the values of K, whit the values of x,y that corresponding to X and Y. After I got the values ​​of K, and make sure they were the same, I warned my friends (Alice and Bob :P) that had the values ​​of K, x, y and then they told me I got the values ​​were correct :)


So, final results:

p = 7, g = 5, X = 6, Y = 3
private keys: x = 3, y = 5
K = 6 

Bibliography: http://es.wikipedia.org/wiki/Diffie-Hellman

Any doubt leave it in comments.
Sorry for my bad english.

Cheers :)