Eastern Illinois University



April 4, 2016

Cryptography

[pic]

Due date: Wednesday April 6, 2016 in class

Take-Home Assignment

Note: What needs to be turned in are the completed Report #1, Report #2, and Report #3 templates included in the MIS4850Lab4Report.doc file posted to the Assignments section. You may do the assignment in the computer lab or at home using the same programs (md5deep-3.6.zip and hashcalc.zip). A copy of the programs can be downloaded from the Assignments section of the class website.

Project 1: Authenticating a download

Read this before you start:

VMware Workstation Player (formerly known as Player Pro) is a desktop virtualization application that runs one or more operating systems on the same computer without rebooting. In this hands-on, you will download a copy of VMware Workstation Player and use hashing techniques to determine whether the copy you downloaded was authentic. Therefore, you will use hashing for authentication.

1) Log on to the web site to download the free version of the VMware Workstation Player. You should download the VMware Workstation 12.1.0 Player for Windows 64-bit operating systems (69.73 MB). Check under Downloads > Free Products Downloads > Workstation Player. You may or may not need to create an account. When you get to the Download VMware Workstation Player page in the process of downloading the software ((see illustration below), make sure you click Show Details to reveal the MD5 and SHA1 hashes. Also make sure you selected the latest version (12.0) as shown in the illustration below. Print (or write down) both the MD5 hash and the SHA1 hash (referred to as MD5SUM and SHA1SUM on the site). To avoid mistakes, I suggest that you copy the MD5SUM and SHA1SUM hashes and paste them to a Word or Notepad file for accurate use in your reports

2) Take the necessary steps to generate the hash for the downloaded software using MD5deep making sure that you capture the screenshots (Crtl+Alt+PrintScreen) of the Windows command prompt because you will need to paste them to your report (see next step).

3) Use the Report #1 template in the MIS4850Lab4Report.doc file to explain what you did to generate the MD5 hash and determine the authenticity of the downloaded program.

4) Take the necessary steps to generate the hash for the downloaded software using SHA1deep making sure that you capture the screenshots (Crtl+Alt+PrintScreen) of the Windows command prompt because you will need to paste them to your report (see next step).

5) Use the Report #2 template in the MIS4850Lab4Report.doc file to explain what you did to generate the SHA1 hash and determine the authenticity of the downloaded program.

6) Use the HashCalc program to generate the MD5 and the SHA1 Message Authentication Codes for the downloaded file assuming that the key is cryptolab. Make sure that you capture the screenshot (Crtl+Alt+PrintScreen) of HashCalc window showing the result because you will need to paste it to your report (see next step).

7) Use the Report #3 template in the MIS4850Lab4Report.doc file to report your results.

Project 2: Authenticating digital artwork

You got hired as a junior security analyst at InfoSec Inc. to work for their Forensic unit.. Your boss has received two image files from a client. The images represent artwork. A visual look at the content of the files seem to suggest the two images are identical. Your boss wants you to use your expertise in the area of encryption and forensic to give a definite answer to the question of whether the two art works are identical. You should use the best tools you know to do the determination and, then, write a memo to your boss (see below for how the memo should be structured).

Before writing the memo, you should do the following:

a) Download the cat2.jpg and cat3.jpg files from the following links to your flash drive:





b) After downloading the files, open the folder in which you downloaded them to compare the two pictures in terms of their size in KB and their dimensions/resolution. You may also open the pictures in Windows Viewer to see how the two pictures compare visually.

c) Take the necessary steps to generate the hash for each of the pictures using MD5deep (or a newer version of it) making sure that you capture the screenshots (Crtl+Alt+PrintScreen) of the windows.

d) Write the memo to your boss using the Memo template (memo.doc) found in the Assignments section of the class Website. The memo should have the following sections:

Purpose of the memo

This section is a kind of introduction telling the reader (a) what the memo is about, (b) what is hashing and what it can be used for, and (c) announcing the reminder of the memo.

Tools used

In this section, you should tell the reader (your boss), (a) generally speaking what tools are used for authenticating digital artwork like the one that you are asked to examine and authenticate, (c) What tool (or tools) you have chosen to use in this case, and (d) how the tool(s) you chose works

Results

In this section, you should present and discuss the result of using the selected tool(s) for making the determination. You should tell the reader how the two artwork compare visually and in terms of other characteristics like size. You should include evidence (like screenshots, etc.) in support of what you have found and indicate the degree of certainty of the finding. This means you may need to search the Web for evidence of whether or not the tool you chose to use have been compromised (i.e. is collision resistant or not). Citing your source is required.

-----------------------

[pic]

Take-Home Lab

Read this carefully

Read this carefully

[pic]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download