Name: Email Username: Lab date and time: CSC 101: Lab #11 Manual and Report: Cryptography Due date: 5:00pm, day after lab session Purpose: The purpose of this lab is to reinforce the key ideas behind cryptography and to expose how some simple cryptography algorithms work. There are a set of questions on pages 1 through 8 of this document that you should submit answers to by the due date. Simple Cryptography Implementation To start off the lab, let s look at a very simple implementation of encryption and decryption. One of the earliest, and now simplest, encryption algorithms developed is called the Caesar Cipher. This approach to encryption was used by Julius Caesar to protect military messages. The key idea behind the Caesar Cipher is that every original letter of the alphabet in the message is substituted with another letter in the alphabet one that is some number of spaces to the right (called the Shift) in the alphabet from the original letter. For example, let s assume that Shift is 3. Then every A would be changed to a D, every B would be changed to an E, and so on. The complete mapping of letters for a Shift of 3 is shown below: Original: ABCDEFGHIJKLMNOPQRSTUVWXYZ Position: 01234567891111111111222222 0123456789012345 Encrypted: DEFGHIJKLMNOPQRSTUVWXYZABC (assuming Shift is 3) The value Shift is the key for this encryption algorithm. Knowing the Shift used to find the letter to use as a substitute during encryption allows one to decrypt the message by shifting back in the reverse direction (for example, if Shift is 3, then every D in the encrypted message becomes an A [i.e. shifting backwards 3] when decrypting). Question 1 [1 pt each]: For the following three problems, apply the specified shift, by hand, to either encrypt or decrypt the following message. You can leave punctuation as is (it stays the same). a. Encrypt the following message using a Shift of 4 Message: Go Deacs! Encrypted: b. Decrypt the following message that was previously encrypted using a shift of 2 Message: EUE ncd Decrypted: c. Decrypt the following message that was previously encrypted using a shift of 1 Message: X-T Ebti Decrypted: For long messages, it is tedious to perform encryption by hand accordingly, there is software that is available to help us do Caesar Cipher encryptions and decryptions. Go to the following webpage using your webbrowser: http://www.cs.wfu.edu/~turketwh/csc101/spring2011/lab11/caesar.html When this webpage opens you will see a picture that appears similar to the one at right. In this application, there are areas where you can type in a message to encrypt, a message to decrypt, and a shift amount.
Question 2 [1 pt each]: Using the encryption software you just opened, apply the specified shift to either encrypt or decrypt the following messages. You will need to type the messages in they don t copy and paste correctly. Be careful in typing the encrypted messages that you don t mistype something. a. Encrypt the following message using a Shift of 21 Message: Keep your friends close, but your enemies closer. Encrypted: b. Decrypt the following message that was previously encrypted using a shift of 8 Message: Bpmzm a vw xtikm tqsm pwum. Decrypted: c. Decrypt the following message that was previously encrypted using a shift of 17 Message: Efsfup glkj Srsp ze r tfievi. Decrypted: (You may want to go back and check your answers to Question 1 through this software as well!) In the pre-lab, we discussed that one important aspect of encryption algorithms was how many possible keys there were. If there are too few keys, it may be possible to generate all possible keys and try them on an encrypted message until something readable (interpretable as English) appears. Remember that for the Caesar cipher, the key is the Shift that is being used. Question 3: [(a) 4 pts, (b) 3 pts] a) Try Caesar Cipher encryptions using Shifts of 1, 2, and 3 on a simple word (such as BYE ), and then try Shifts of (24, 25, 26, 27, and 28). Message: BYE Encrypted with Shift 1: Encrypted with Shift 2: Encrypted with Shift 3: Encrypted with Shift 24: Encrypted with Shift 25: Encrypted with Shift 26: Encrypted with Shift 27: Encrypted with Shift 28: b) Given your work from Part (a), suggest how many different keys exist in the Caesar Cipher? For encryption approaches where there are a limited number of keys, it is very possible with modern computers to attack the encryption approach by generating all possible keys and trying them all out on the encrypted message. This is called a brute force attack. The encryption software you have opened in your webbrowser supports brute force attacking the Caesar Cipher algorithm. Question 4 [2 pts]: Type the following encrypted message into the Encrypted Text field of the application you opened previously. Repeatedly hit the Brute Force button until you see something that appears as recognizable English. Message: Ncpo pk, epno ncpo pk. Tjp cvy hz vo czggj. What was the message you decrypted: What was the key that was used to encrypt the message (record this from the Shift Amount text field):
The Caesar Cipher is an example of a broader class of encryption algorithms called substitution ciphers, in all of which one letter of the alphabet is substituted for another letter. For the Caesar Cipher, the substitution is chosen based on a shift right in the alphabet some number of locations. However, we are not limited to just shifting some number of letters right. In theory, we could imagine that we put all the letters of the alphabet in a hat and then randomly choose a substitution letter for letter A (say X ), another substitution for letter B (say L ), a third substitution for letter C (say Z ), and so on. Thus, the substitutions are no longer uniform shifts over some number of positions but are just mappings between letters as drawn randomly out of a hat. Question 5 [3, 3, 2] a) Assume that Alice is using a general substitution cipher as described above instead of the Caesar Cipher used previously; how much information would she have to provide to Bob to inform him of the appropriate key to use to decrypt messages? b) If Alice was informing Bob of the appropriate key to use to decrypt her simpler Caesar Cipherencrypted message, how much information would she have to provide to Bob? c) The number of possible keys using a general substitution cipher is different than the number you came up with in 3b for the Caesar Cipher. For the description discussed in the previous paragraph (drawing mappings out of a hat), the number of keys is 26! (26! means the factorial of 26 -- the factorial of a number is the product of all numbers from 1 up to the number, so 26! is 26*25*24*23*22*21*20.. *5*4*3*2*1). Go to http://www.google.com and type in 26! Write down the number that is returned below, and think about how much larger it is than 26! Frequency Analysis A weakness with any substitution cipher where letters are just replaced with another letter is that they may reveal the key through an analysis of the frequency of letters being used. There are definite biased frequencies in letters in common English usage (think of the number of times an E appears in a paragraph compared to a Q ). It is very simple to count the frequency of letters appearing in encrypted text and then to map that back to the expected frequencies of common letters. A table of the frequencies of the five most common letters in English text is below. Letter Frequency E 12.70% T 9.06% A 8.17% O 7.51% I 6.97% We will use software to help us perform frequency analysis on text encrypted with the Caesar Cipher algorithm and then attempt to come up with the key. Go to the following webpage http://www.cs.wfu.edu/~turketwh/csc101/spring2011/lab11/frequency.html
When the webpage opens, you should see a screen similar to the following, except the first box will have what looks like a lot of random text in it. In the first box, we can enter text would we like to perform a frequency analysis of. After pressing the Frequency Analysis button, the second box will provide us with the frequency of each letter. Question 6 [1.5,1.5,1.5,3,2]: a. Perform a frequency analysis on the text that is already in the program by hitting the Frequency Analysis button. Write down the top three most frequently used letters below and their percentage: Most commonly used: Second most commonly used: Third most commonly used: Percentage: Percentage: Percentage: b. If a Caesar cipher was used, and we have had enough text to come up with appropriate statistics, we can now come up with the key that was used to encrypt the text. Take the most commonly used letter as reported in Part A and determine how far right-shifted it is from E, the expected most commonly used letter. This is a possible key for the encryption. What key did you come up with? c. Go back to the Caesar Cipher application. Copy and paste the encrypted text from the Frequency application (this should copy and paste correctly) in the Encrypted Text field and type the key you came up with in (b) in the Shift Amount field. Hit the decrypt button and write down the first few words of the decrypted text below. d. The key you came up with in Part B should have not worked correctly. Try mapping the 2 nd most common letter in English, T, to the most commonly used letter in the text. What key did you come up with? Go back to the Caesar Cipher application. Type the key you came up with here (Part D) in the Shift Amount field. Hit the decrypt button and write down the first few words of the decrypted text below. You should be able to recognize the text now. e. What is it about the decrypted text you are now looking at which led to the top two letters being flipped in frequency?
Steganography: While encrypting messages is one technique to keep information private, another technique is to literally hide the information being sent in a message in another form of media, such as an image, and to send the image to the recipient. This technique is called steganography, and is very powerful as it is difficult to even tell that a hidden message is being sent. In working with digital images, you learned that every pixel in an image has associated with it R, G, and B color values. Typically, 8 bits are given to each R, G, and B value (meaning each pixel is assigned 24 total bits for colors). Steganography strategically changes these color bits to hide information inside an image. If we change the appropriate bits (usually the last bit of the eight, ordered left to right), it is often impossible to the eye to be able to tell that the color has been changed. Go to the website http://www.colorpicker.com where you will see a webpage like the one at right. Use this webpage to answer the next few questions. Question 7: [1,2,1] a. Enter FFFFFF in the box at the top (after the # symbol). What color did the small square at the top right turn? b. Explain why this is the appropriate color for #FFFFFF, given what you know about color models? c. The R, G, B fields should all read 255 at this point. Change the bottom B (not the middle one!) field from 255, to 254 and press enter, then to 253 and press Enter, all the way down to 248. Indicate below whether you could tell that the color of the small square you wrote down in step (a) changed for any of these values (255 to 248)? Changing these color bits in such a way that the color change is not visible to the naked eye is a way of storing information without it being known that the information has been embedded in the image. Question 8: [1,1,1,3] a) Given that in (7c), you should have discovered we could change the blue value from 255 to 247 (a shift of 8 colors) without a noticeable change in color, how many bits per pixel does this suggest we could encode information in without it being noticeable? b) For a 640x480 image, how many total bits could we then use to store our information in (using your answer from part (a)) in the image? c) Using your answer from part (b), how many bytes of information could we encode? d) If we are going to fiddle with bits that represent colors, suggest why we want to change the rightmost bits instead of the leftmost bits representing a color (i.e. why change the bits in italics instead of underlined, given what you know about binary numbers: 11001011)
Make a folder in your CSC101Lab folder called lab11 and download and save the following three files from the class website into that folder: mascot.bmp, deacon.bmp, and steg.zip. The first two files are images of the Demon Deacon mascot. The third contains a program that will allow us to work with steganography. Unzip the steg.zip file by right-clicking on it and choosing to unzip it using the 7-Zip option, then the Extract Here option. If you are unfamiliar with unzipping programs (you did this last week!), please ask one of the instructors. Once the program has been unzipped, double-click on the S- Tools.exe file. This will open a window that appears like the one at right. Now, drag the mascot.bmp and deacon.bmp files from your folder into this S-tools window. They should both appear in the window as shown diagonally at right. One, mascot.bmp, is an original image as distributed by WFU Athletics, while the other, deacon.bmp, has a message embedded in it. Viewing these files side by side on your computer screen, answer the questions below: Question 9: [1,1] a) Can you tell any differences visually between the two images? If so, describe them. b) Back in your lab 11 folder where you downloaded the files, click on each image so you can see at the bottom of the window their size and dimension information. Can you tell any differences in the size or dimensions of the two files? If so, what are they? Question 10: [1 pt each subanswer (8 total)] Right click on the deacon.bmp image in the S-tools program and choose the Reveal menu option. Enter 123 in both passphrase fields and keep the Encryption algorithm as IDEA. This should reveal a text file with a message I embedded in the image. 1. What is the name of the text file? 2. Right click on the name of the text file in the window that appears and choose Save as. Save the file in your lab11 folder and then double click it to open it. What is the codeword mentioned in the text file? 3. Now, back in the S-Tools program, right click on mascot.bmp and choose Properties. Write down or compute the information below: Width: Height: Determine total pixels (width x height): When mascot.bmp is clicked on S-Tools, it indicates in the lower right corner of the application that the image can hold how many bytes of information? How many bits is your answer to the above question? Approximately how many bits per pixel does this indicate could be used to hold a message?
Step to create a submission: Now we will ask you to hide your own message inside the mascot image. In your lab11 folder, right click on a blank space and choose the menu option New, followed by Text Document. This will create a new text document in your folder called New Text Document.txt. Rename this to MyLab11Message.txt. Double click the MyLab11Message.txt file and add to the document your name and any additional message you would like. Save the document. Then, drag the saved file into the S-Tools program and on top of the mascot.bmp image. This should bring up a window asking for a passphrase choose 123 and enter it in both passphrase fields (don t choose anything else otherwise we won t know what passphrase to use and won t be able to figure out your message). This will create a new image called hidden data. Right click on the hidden data image and choose the Save as option. Set the name to be mascotwithmessage.bmp Question 11: [3.5 each] Think about the two general techniques you saw for hiding sensitive information you experimented with today: cryptography and steganography and answer the following five thought questions. a. Suggest why real-world applications, such as online banking, prefer using cryptography instead of steganography for protecting their data. b. In our steganography examples, we hid plaintext messages inside of the images. Argue for whether or not we could have encrypted our messages first and then hidden them in the image? Why or why not? c. Someone might consider encrypting the private diary they are keeping on their computer to prevent their nosy siblings from looking at it. There is a potential problem with this, if the diary is kept for years and years why?
Question 11 (continued) d. Given what you know about the frequency analysis technique for figuring out the keys being used for ciphers, suggest whether, as a secret message writer, you would be better off sending short messages instead of long messages? e. In all of our scenarios used today, there was shared information between the sender and recipient of the message the Shift amount for the cryptography examples and the passphrase for the steganography examples (in steganography, it would also need to be shared in which bits to look for the data the S-Tools program has made the decision for us to only look in one place the rightmost bits). Reviewing your lecture notes, are our examples using secret key ciphers or public key ciphers? Choose one of the two types of ciphers, circle it below, and then argue why it is appropriate. Type of Cipher: secret key public key Argument: Submission: Upload the one mascotwithmessage.bmp file you created into Sakai under the Assignment named Lab 11 by 5:00pm the day after your lab session. This bitmap file is worth 10 of the 80 possible points for the lab. Submit this document with questions answered on paper by the same time. The points on the problems account for 70 of the 80 possible points.