Teaching Public-Key Cryptography to Engineering Technology Students: A Practical Approach, Study notes of Engineering

Download Teaching Public-Key Cryptography to Engineering Technology Students: A Practical Approach and more Study notes Engineering in PDF only on Docsity! Computer Projects Designed to Enhance Student’s Learning Experience with Public-Key Cryptography Abstract Cryptography plays a fundamental role in safeguarding today’s information infrastructure. Public-key cryptography is a cryptographic approach utilized by many cryptographic algorithms and cryptosystems. In contrast to symmetric key systems, it eliminates the need to share a key secretly. This distinguishing characteristic makes it a widely and successfully used technology around the world. It is the foundation for public-key infrastructure (PKI) and Internet standards such as Transport Layer Security (TLS) and Pretty Good Privacy (PGP). A thorough understanding of public-key cryptography is indispensable to not only engineering and science students, but also engineering technology students in the general fields of computing, networking, communications and information technology. This paper describes an approach to teaching public-key cryptography to electrical and computer engineering technology students utilizing three computer projects designed to provide hands-on experience with public-key cryptography. These projects introduce students JAVA BigInteger class and its built-in methods and open source cryptography libraries such as crypto++ allowing students develop public-key cryptographic applications. Instead of using a small modulus for solely instructional demonstration, these projects allow student’s natural curiosity to be stimulated and result in a deeper understanding of real world applications. To date, feedback from students has been very positive. Introduction With the increasing dependence of industry, businesses, education and society on computing and digital communications, the need for providing security through effective and efficient cryptographic algorithms has became more important than ever. Cryptography is the science of using mathematics to encrypt and decrypt data. Besides its traditional role of ensuring confidentiality, it has been utilized to ensure integrity, authentication, and non-repudiation which are the basic requirements in today’s information systems or data communications. It is imperative to teach cryptography to students in the general areas of computing, information, networking and data communications. Recently, educators have also confirmed the importance of teaching encryption basics to general students 1. Public-key cryptography is one of the major topics in our computer security course. Thought students seem to be very interested in this topic, teaching public-key cryptography is somewhat challenging since understanding the theory requires a high level of mathematical knowledge and skills. This particularly presents a challenge to engineering technology students. This paper shares our experience of teaching engineering technology students public-key cryptography. The paper is organized as follows. First, it briefly introduces the public-key cryptography basics and describes our approach to teach public-key cryptography. Then, it describes the computer projects we developed to enhance the student’s learning experience. Finally, it illustrates the P age 15.305.1 sample projects accomplished by students in our computer security class taught last year, and presents our conclusion. Basic Concepts and Teaching Approach Prior to teaching public-key cryptography, the authors introduce basic security requirements within the context of application to application communications over the Internet. Four security requirements concepts of confidentiality, integrity, authentication and non-repudiation are introduced to students. In addition, concrete examples are used so that students are aware that each ensures one aspect of information security---authentication is the process of confirming or establishing something (or someone) as authentic, confidentiality ensures privacy so that no one else except the intended receiver can read the message. Integrity ensures the receiver that the received message has not been altered in any way from the original and non-repudiation is a mechanism to prove that the sender really sent this message. Upon the completion of this learning module, students should be able to identify and comprehend these requirements. We start to teach students cryptography with a traditional cryptography (i.e., one-time pad, Caesar cipher and Wheatstone-Playfair cipher2 etc.,) where both the sender and receiver of a message know and use the same secret key; the sender uses the secret key to encrypt the message, and the receiver uses the same secret key to decrypt the message. This method is also known as secret key or symmetric cryptography. Students are guided to discuss how to use cryptographic schemes to achieve the security requirements mentioned above and identify the problem of how to communicate the secret key in an open environment such as Internet applications and E-business. A packet sniffer (i.e., Wireshark3) is utilized to demonstrate that confidentiality can be compromised if messages are exchanged without encryption. This naturally leads to the discussion of an asymmetric cryptography and its applications. The theory of public-key algorithms is beyond the scope the course. Consequently, only a brief outline of the operation of public-key algorithms will be given. The emphasis is to show students that it works, and involve them in developing public-key cryptosystem applications. As a relatively new cryptographic approach, public-key cryptography’s distinguishing characteristic is the use of a pair of keys including a secret private key and a published public- key which, unlike the symmetric key algorithms, does not require a secure initial exchange of secret key between the sender and receiver. The RSA cryptosystem, named after its inventors R. Rivest, A. Shamir, and L. Adleman, is the most widely used public-key cryptosystem. RSA cryptosystem is used as an example to teach public-key cryptography. As illustrated in Figure 1, public-key algorithms use a pair of keys. One key is used for encryption and the other is used for decryption. The keys are chosen so that if one is used to encrypt a message the other must be used to decrypt and vice versa. They are chosen in such a way that even if an attacker knows one of them, finding the other is computationally infeasible due to the intractability of the integer factorization problem. The general idea of ensuring confidentiality is to use a public-key, which can be made available to the public or distributed in an open environment, to encrypt the message, and the cipher text can only be decrypted by the corresponding private key. P age 15.305.2 Project 2: Implementing a 768 or 1024-Bit Public-Key Cryptosystem This computer project requires students develop a JAVA program for a 768 or 1024- bit modulus public-key cryptosystem. They are required to: (1) Implement the key generation algorithm, i.e., steps 1 through 5 as illustrated in Table 1; (2) Accept a plain message from the key board and print it out; (3) Convert the message into integer numbers at the student’s choice and print the numbers out; (4) Encrypt the numbers from (3) using the public-key generated in (1) and print the result out; (5) Decrypt the cipher text from (4) using the private key and print the decrypted message out; (6) Compare results from (5) and (2). Without using any existing resources, it will be very challenging for engineering technology students to complete this weekly project. However, Java offers a class named BigInteger6 which provides immutable arbitrary-precision integers. All operations behave as if BigIntegers were represented in two's-complement notation (like Java's primitive integer types). BigInteger provides analogues to all of Java's primitive integer operators, and all relevant methods from java.lang.Math. Additionally, BigInteger provides operations for modular arithmetic, GCD calculation, primality testing, prime generation, bit manipulation, and a few other miscellaneous operations. JAVA BigInteger class together with its built-in methods makes the implementation of RSA public-key algorithms fairly straightforward and fast. The following examples and demos are introduced to students so that they can utilize these resources to complete the project. To generate a random prime number p, it simply needs to add the following codes SecureRandom randomNumber = new SecureRandom(); BigInteger p = new BigInteger(modulusbits / 2, 100, randomNumber) where modulusbits are the number of bits for the modulus. It can be either 768 or 1024, depending on the student’s choice. BigInteger class has built-in methods including add, subtract, multiply and divide. Given the two random number p, q and theModulus, the calculation of the modulus can be done by: theModulus = p.multiply(q) and the Euler Totient can be calculated by EulerTotient= p.subtract(p.ONE).multiply(q.subtract(q.ONE)) A public-key can be randomly generated by the method introduced above and the following conditions have to be tested prior to acceptance: theModulus.compareTo(publicKey) == 1 publicKey.gcd(EulerTotient)==1 P age 15.305.5 Note that the first statement ensures the public-key selected is less than the modulus and the second statement ensures the selected public-key and Euler Totient are relatively prime numbers. Once a public-key has been found, the next step is to find the corresponding private key which can be obtained by the following code: privateKey = publicKey.modInverse(EulerTotient) which basically finds a BigInteger privateKey such that (privateKey*publicKey) mod (EulerTotient) = 1. Most of our students have basic JAVA programming experience, once they are familiar with the statements above; they are capable to complete the programming assignment. A sample work is shown in next section. Project 3: Application of Crypto++ Crypto++ Library7 authored by Wei Dai (http://weidai.com), is a free C++ class library of cryptographic schemes. Currently the library contains most of the symmetric cryptographic algorithms (i.e., AES and other block ciphers) and asymmetric cryptographic schemes such as RSA, DSA and key exchange protocols7. The library is a powerful and elegant tool for performing complex cryptography. It uses advanced C++ features such as templates, multiple inheritance, and exceptions to achieve that power and elegance. For people who are familiar with C++, the library will appear intuitive and easy to use. Others may need to view it as a learning opportunity. Sufficient information regarding how to use the library is available online. There are four sources of documentation for Crypto++. They are the source code, the Crypto++ Usenet group, the Crypto++ FAQ, and the Crypto++ Wiki7-8. In addition, a user guide and help file authored by Dennis Bider is also available9. In the laboratory class, students are guided to use these recourses. Students need to download the open source code from cryptopp.com, and build a static library and the instructors show them how to incorporate the library into the Microsoft Visual C++ (MSVC) integrated development environment (IDE) 8. To integrate crypto++ library into MSVC IDE, the compiled library should be moved to the location of the header and source files, and then the location of the header files, source files, and libraries should be added to the VC++ Environment, and finally the location of the header files, source files, and libraries should be added to MSVC Project. The sample project (called Cryptest) provided with the source code package demonstrates both symmetric and public-key library functions. After reviewing those demonstrations, students are asked to modify the source codes and build a digital signature application including key generation process, encryption, signing a document and then verify the document. P age 15.305.6 Student’s Project Samples We observed that students were very interested in these exercises. These three projects ranging from concept demonstration to practical application development meet the diverse needs of students and have them gain hands-on experience with mathematically challenging cryptography. This experience is helpful to the later study of public-key infrastructure topic as well. Instead of using small modulus for solely instructional demonstration, the second project allows student’s natural curiosity to be stimulated resulting in a deeper understanding of real world applications. Since the instructors have provided the necessary information of BigInteger and its build-in methods and how to use those methods for public-key cryptography, students are able to develop public-key cryptosystem applications. Figure 2 is one of the projects completed by students in the computer security class. In addition to implementing key generation, encryption and decryption, the students have developed a GUI together with RSA cracking demonstration. Figure 2: A Student’s Project To date, feedbacks from students regarding computer projects 1 and 2 have been very positive. Meanwhile, we found that a few students struggled with project 3. This may be due to the lack of sufficient C++ programming skills or the lack of necessary detailed examples of library P age 15.305.7