Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Overview In this project, you will be building a program that: Can encrypt or de

by | Feb 28, 2022 | Computer Networking and Cybersecurity : Computer Networking and Cybersecurity | 0 comments

GET HELP WITH YOUR ESSAY

If you need assistance with writing your essay, our professional Essay Writing Service is here to help!

ORDER THIS OR A SIMILAR PAPER NOW

Overview
In this project, you will be building a program that:
Can encrypt or decrypt individual files, using a password.
Can allow you to search for key words in encrypted files.
In order to do this, you will use the following concepts, mostly from class:
You will use a password-based key derivation function to generate a “master” key.
You will use a simpler KDF scheme to generate a series of keys for further operations.
You will use two different PRFs to implement a four-round feistel cipher that you will use for encryption and decryption.
You will use HMAC-SHA2-256 in order to detect attempts to tamper with files.
You will use HMAC-SHA2-256 in order to support encrypted search terms.
Basic command-line operation
You will supply an executable called ‘fencrypt’.
Your file will take command line arguments.
If no flags are provided, your program will encrypt. It must accept a -d flag to specify decryption. You may optionally accept an -e flag for encryption, and should not allow both flags to appear in the same command line.
Your program will also need to accept an -s flag for search, which also may not appear with other flags. When -s is provided, any further arguments will be interpreted as search terms.
Your program will accept a -j flag, which will cause you to output JSON to stdout, per the description below.
After any command-line flags are provided, if the operation is either encryption or decryption, then the remainder of the arguments shall be interpreted as files to operate upon.
If any of the provided file names cannot be found on the file system, then you should give an appropriate error, and do NO operations.
You will encrypt and decrypt files in-place.
For any file named (generically) F you operate on, you will also create a file named ‘.fenc-meta.F’, which will contain a single JSON object with state information about the file.
If any file is smaller than 32 bytes, you should give an error message, and fail to operate on any files.
Your program must properly encrypt and decrypt both binary and text files. Searching will only be supported on valid UTF-8 encoded files.
If any file in the list has already been encrypted (as evidenced by the contents of its metadata file), you should give an error, and perform NO operation.
Once command-line arguments are passed, you will prompt the user for a password. See the following section.
With the exeception of argument parsing errors, all errors must be output to stderr. Once argument parsing is done, you may only write to stdout to output JSON when the -j flag is provided, or when the -s flag is given, and you provide search outputs (see below). With argument parsing you may only give error output when the specification for flags in this document is not met, and such errors can go to either stdout or stderr (allowing you to get parsing help from third party libraries).
You may add your own flags if you want; we will ignore them in grading. (For instance, you might consider adding an ‘-r’ flag to support recursive operations).
Reading Passwords
For every operation, you will need to read a password from standard input. You will apply this password as an input to the key generation function.
Important
Make sure that the password is NOT echoed to the terminal.
Key Generation
For each file to be encrypted, you will need to generate a “master” key from a password, and you will need to generate a number of sub-keys from the master key.
For the master key, even though the professor typically recommends Balloon Hashing, we will be using PBKDF2, because implementations are widely available (for instance, in Python’s hashlib). When using PBKDF2:
You will use HMAC-SHA2-256 as the PRF.
When encrypting, your salt will be 16 randomly generated bytes from a secure random number generator. This will be unique on a per-encryption basis, and stored in the per-file metadata. Meaning, if you encrypt, decrypt, and re-encrypt, the second re-encryption will cause you to generate a new nonce for this operation.
When decrypting or searching, you will use the salt from the encryption metadata.
You will run PBKDF2 for exactly 250,000 iterations.
You will generate a 32 byte output value.
You will then use the 32-byte output to generate a series of key material. The first 16 bytes of output will be used to key AES in counter mode. The second 16 bytes will be used as the initial counter block. Note that, some implementations of counter mode want only an eight byte nonce, and start the second eight bytes zeroed out. You will not do this– the initial value of the counter block should be the full 16 bytes.
You will then use counter mode to generate a series of 16 byte values:
AES(Master_key, IV) : a password validator (see below).
AES(Master_key, IV + 1) : the first round key in the Feistel Cipher
AES(Master_key, IV + 2) : the second round key in the Feistel Cipher
AES(Master_key, IV + 3) : the third round key in the Feistel Cipher
AES(Master_key, IV + 4) : the fourth round key in the Feistel Cipher
AES(Master_key, IV + 5) : the MAC key.
AES(Master_key, IV + 6) : the key used for encrypting search terms.
While each invocation of your program may need to operate on multiple files (and generate new keys for each file), you will be able to operate on those files in any order.
Note that, if you need to build your own counter mode on top of ECB to get the bytes right, it will be important to handle the “add one” operation properly. You need to handle the carry correct when a byte overflows… it may cascade up. Expect us to test to make sure you’re doing this right. Also, you will need to treat bytes in Big Endian format when you do this, meaning you are best off operating on a byte-by-byte basis.
Important
If (and only if) the -j flag is provided, then you must output to stdout a JSON object containing as keys the filenames you’re operating on, and as values, the hex-encoded 32-byte output of PBKDF2 associated with each file. We will specify for each operation, at which point to output data, if -j is provided.
The Feistel Cipher
You will be implementing a simple, non-maleable encryption scheme using a four-round, unbalanced Feistel Network. This will allow you to take files of any length, and produce an encrypted file of the exact same length.
For our scheme, we will consider the “left” side to be the first 16 bytes of an input, and the “right” side to be the remaining bytes.
When encrypting, the PRF for rounds 1 and 3 will be CTR mode, where the initial input to CTR-mode (the initial counter) is the 16 bytes in the left side. In these rounds, generate a keystream, and XOR it with the right side.
The PRF for rounds 2 and 4 will be HMAC. HMAC the right side, and XOR first 16 bytes of the MAC with the left side.
You will use the round keys generated by the KDF function, as specified above.
Decryption should be the appropriate inverse operation.
AES-CTR Round
┌──────────────────────────────────────────────────────────────┐
│AES-CTR round                                                │
│                                                              │
│                                                              │
│      ┌──────────────┐              ┌──────────────┐        │
│      │    left    │              │    right    │        │
│      │  (16 bytes)  │              │ (rest bytes) │        │
│      └──────────────┘              └──────────────┘        │
│              │                k(i)        │                │
│              │                              │                │
│              ├────────┐        │          │                │
│              │        │        │          │                │
│              │        │        │          │                │
│              │        ▼        ▼          │                │
│              │    ┌─────────────────┐      │                │
│              │    │  iv        key  │      │                │
│              │    │    AES-CTR    │      │                │
│              │    └─────────────────┘      │                │
│              │            │                ▼                │
│              │            │keystream    ┌───┐              │
│              │            └─────────────▶│xor│              │
│              │                            └───┘              │
│              │                              │                │
│              │                              │                │
│              ▼                              ▼                │
│        this is NOT                      this has            │
│      “scrambled” in                  “scrambled”          │
│          any way                      right side          │
│                                                              │
│                                                              │
└──────────────────────────────────────────────────────────────┘
HMAC Round
┌──────────────────────────────────────────────────────────────┐
│HMAC round                                                    │
│                                                              │
│                                                              │
│      ┌──────────────┐              ┌──────────────┐        │
│      │    left    │              │    right    │        │
│      │  (16 bytes)  │              │ (rest bytes) │        │
│      └──────────────┘              └──────────────┘        │
│              │                k(i)          │                │
│              │                              │                │
│              │                │            │                │
│              │                │            │                │
│              │                │            │                │
│              │                ▼            │                │
│              │        ┌─────────────────┐  │                │
│              │        │      key      │  │                │
│              │        │  HMAC-SHA256  │◀──┤                │
│              │        └─────────────────┘  │                │
│              ▼                │            │                │
│            ┌───┐          MAC │            │                │
│            │xor│◀──────────────┘            │                │
│            └───┘                            │                │
│              │                              │                │
│              │                              │                │
│              ▼                              ▼                │
│          this has                      this is NOT          │
│        “scrambled”                  “scrambled” in          │
│          left side                      any way            │
│                                                              │
│                                                              │
└──────────────────────────────────────────────────────────────┘
The MAC
Use HMAC-SHA2-256 and your MAC key to MAC the ciphertext. This will allow you to determine tampering without having to pay the price of a decryption operation.
Search Terms
When encrypting, you will index files, and use HMAC-SHA2-256 with the final derived key to MAC search terms.
You will only collect search terms for files that are properly UTF-8 encoded. We will do a reasonable, but not perfect, job of breaking a UTF-8 string into words. This is the approach taken by many regular expression libraries that will split on words:
You will treat words as contiguous sequences of Unicode letters (character classes Lu, Ll, Lt, Lm, Lo), non-spacing marks (class Mn), decimel digits (Nd) and connector punctuation (Pc).
Anything else (Punction, Symbols, Separators, and Other characters) can only separate words, not be part of them.
You will index all words that have 4-12 codepoints, before casefolding and normalization.
You will casefold words to lowercase, using the Unicode casefold algorithm.
After casefolding, you will normalize unicode strings before generating search terms, using the NFC normalization form.
After normalization, you will create encrypted full-match search terms by MACing them.
You will also support asterisk matches by MACing all the search terms for each letter length from 4-12 codepoints.
You will remove duplicates from your encrypted search terms, and will sort them in ascending order, based on the raw binary data.
Important
Figuring out how to break up UTF-8 into words might sound challenging, but most languages and libraries that have Unicode capabilities will have a capability to extract words (or at least find word boundaries). Just use that!
Similarly, libraries and languages will have casefolding and normalization capabilities.
Encryption
When the user specifies encryption, take the following actions:
Check to see that the files being encrypted exist, and are not already encrypted. Bail if there are any errors at this point.
Read the password from the user.
Generate the master key.
If the -j flag was specified, output the requested data, before transforming files.
Transform each file to be encrypted into a binary, encrypted file of exactly the same size as the input.
Output a metadata file, with the file name as specified above. The contents of the metadata file should be a single JSON object with the following fields:
salt: Set to the 16 byte salt last used to encrypt this file. Hex-encode the nonce to make it acceptable to be in a JSON string.
validator: Set to the 16 byte validator generated from the password/salt combination, hex-encoded.
mac: Set to the 32 byte MAC output, generated from running HMAC-SHA2-256 with the appropriate round key, over the ciphertext.
terms: Set to a JSON list with ALL of the encryption search terms, hex encoded.
You must add no other fields to the JSON, and you must not write to any other files on the file system during encryption.
Decryption
When the user specifies decryption, take the following actions:
Read the associated meta-data for all files where decryption was requested. If one or more files do NOT have an associated metadata file (i.e., are unencrypted), then do not decrypt ANYTHING. Instead, give an error that specifies all files that are no actually encrypted. Make it clear from the error message no files were decrypted, and exit.
Read the password from stdin, as specified above.
Generate the password validator and key schedule for each file, per above.
If the -j flag was provided, dump json to stdout, before doing any of the below items.
Compare the password validator against each file, and give a warning for each file where the password does not match (i.e., you must output the file names that fail, and make it clear that the passwords did not match for those files). If any file’s validator does not match, then DO NOT DECRYPT ANYTHING; exit once you’ve printed error messages for every file that cannot be decrypted with the given password.
For each encrypted file, validate the MACs. For any file where the MAC does not validate, write an appropriate error message to stdout including the name of the file (one line per error). Do NOT attempt to decrypt that file.
For each file where the MAC validated, decrypt the file, removing the associated metadata file once done.
When all files are decrypted, you may optionally output (to stderr) a success message of your choice, on a new line.
Search
For each plaintext search term, you will conceptually look through each encrypted file in the local directory (you should not recurse), and output to stderr a success message for any file that matches any of the provided search terms.
Note that you will only need to look through the metadata file. Do NOT open and decrypt the file to perform the search operation (we will test to ensure you do not).
For this operation, do the following:
Read all associated meta-data files for any file in the current directory.
Read the password from stdin, as specified above.
Generate the password validator for each file, per above.
For any file where the password validator doesn’t match, give a warning to stderr, indicating so (one line per file that fails).
For each file where the password validator did match, perform the search operation.
If -j is supplied, output key information only for files if the password validator matches, and do it before providing output.
For each file that matches, output one line to stdout for each match, indicating the name of the file that matched, and nothing else.
If no files match, you may optionally output an error message to stderr, indicating that fact.
Final thoughts
Get the basic functionality working first, but then try to put some effort into making your program as robust as possible. For instance, what will your program do if we ask you to operate on files that don’t exist? Or if we break out of it while it’s encrypting or decrypting?
We will not put MUCH weight on general robustness outside what’s specified here, but it is really good practice for you to give it some serious thought.

ORDER THIS OR A SIMILAR PAPER NOW

Our Services

Top quality papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university, or professional, and we will assign a writer who has a respective degree.

Professional writers

We have hired a team of professionals who provide expert academic help. Most of them are native speakers and PhD holders who are able to take care of any assignment you need help with.

 

Free Revision

If you feel that we missed something, send the order for a free revision. You will have 10 days to send the order for revision after you receive the final paper. You can either do it on your own after signing in to your personal account or by contacting our support team.

On Time Delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

24/7 Support

Our support agents are available 24/7 and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Original

We use several checkers to make sure that all papers you receive are plagiarism-free. Our editors carefully go through all sources and in-text citations. We also promise full confidentiality in all our services.

 

Pediatric Care

Customer satisfaction has always been one of our basic concerns. If you don’t feel satisfied with our delivered work, you can request for a refund.

 

Authentic Source

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

 

Our confidential essay writing service protects your privacy

We cherish your trust and do our best to protect you. Anything that you share with our private essay writing service is never misused as the access to your personal data is very limited. Your payment details and credit card number also fall under strict protection when you buy a custom essay online from us.

    Meet Our Team

    Wondering who’s working behind the scenes of our professional essay writing service? We have over 700 amazing people on our team including developers, QA engineers, designers, managers, HR specialists, marketers, essay writers, and many more. See who takes care of the orders you place.

     

    Super writers

    There are 400+ essay writers from all over the world on our team who go through a 3-step hiring process. We call them super-writers because most of them have master’s degrees; therefore, they know the ins and outs of the discipline in which they specialize.

     

    WOW-support

    Our extra-fast and caring support assistants answer your questions 24/7 and resolve any of your troubles. Our team was even nominated for the 2019 Best Quality Management Team Award by the European Contact Centre & Customer Service.

    If you are looking for a reputable and cheapest college essay writing service or homework help websites for college students to write your essay for you or do your homework, you are at the right place. We have more than 1000 essay writers who can help you write your essays for you. Just fill the order form above to submit your instructions and get an online essay helper or essay writer who can “write my essay for me”. Once you do, you will be happy that you used our essay services instead of any other online essay writing service.

    Talk To Us

    Need any help? Feel free to Send Us a Note

    Email:  support@eliteacademicessays.com