CCTF: Secure Communication - USC/ISI

Created by: Jelena Mirkovic, USC/ISI, sunshine@isi.edu
Contents
  1. Overview
  2. Blue Team Tasks
  3. Red Team Tasks
  4. Scoring
  5. Exercise Dynamics
  6. Grading
  7. Useful Links

Overview

This exercise lets students practice their understanding of encryption, decryption and attacks on cryptographic protocols. Students will be divided into 3-4 person teams. Each team will play the defender role (Blue team) for their own system and the attacker role (Red team) for another team's system.

Each network in the exercise will consist of three machines - a server and a client machine under the control of the Blue Team and a mitm machine, sitting on the path from the client to the server, under the control of the Red Team. The image below shows a sample network in DETERLab.

Blue Team Tasks

Develop a client and a server in DETERLab that talk between themselves using custom encryption/decryption. In the exercise you will be tasked to use one of the following crypto schemes:

  • Monoalphabetic cipher
  • Polyalphabetic cipher - your teacher will specify the number of maps during the exercise
  • Homophonic cipher
  • Polygram cipher - your teacher will specify the length of the block during the exercise
Since your team does not know which cipher it will be asked to use you will need to develop and test each one before the exercise. You can choose the key length and the key itself. Choose wisely. You will store the keys on the client and the server machines prior to the exercise, i.e., you are not doing online key exchange. You also cannot distribute new keys during the exercise but you can program your client and server to switch to a new key you have stored on them prior to the exercise. This switch needs to happen automatically, i.e. without human intervention.

Assumptions and Requirements

Assume that you are encrypting messages byte by byte.

You MUST write all the code yourself. You are not allowed to use crypto libraries in the OS nor to copy code from online sources, but you can read the code from online sources and use the ideas from it to write your own code.

You can assume that your messages will be in spoken English. They will be up to 100 characters long and will have only lower case letters, punctuation marks (.,!? no quotes) and spaces. The teacher will supply the messages to each team at the beginning of the exercise.

There will be total of 10 unique messages to send, and they can be repeated multiple times during the exercise.

The client reads messages from a file, supplied by the teacher and sends a message to the server once per minute. The message file contains one message per line. The file will contain enough message lines for the duration of the exercise (e.g., 60 lines for 60 minute exercise).

The client prepends each message by a sequence number, before sending it to the server. You can choose how the sequence number changes and whether it is encrypted or not.

The server prints each received message to a file called messages.txt upon receipt.

You MUST encrypt each message using the same approach, i.e. you cannot change crypto scheme on the fly, unless it is broken by the Red Team and you are fixing vulnerabilities. You can change the encryption key any time, but the change must be automated, i.e. it needs to happen at a given time, or upon sending a given number of messages, or upon some other trigger, and must not involve any human intervention.

Milestones

Here are some milestones that your team must reach BEFORE the exercise.

  1. Write two simple client and server programs. The client should read messages from a file and send them to the server at the rate of 1 per minute. The server should recieve these and store to a file. Once you verify that this is working correctly on DETERLab (you must verify it there, not on your local machine) modify the client to prepend a sequence number to each message.
  2. Implement a monoalphabetic cipher.
  3. Extend the monoalphabetic cipher code to implement a polyalphabetic cipher. Make the number of maps a variable that can be entered as command line argument.
  4. Extend the monoalphabetic cipher code to implement a homophonic cipher.
  5. Implement a polygram cipher. Make the block size a variable that can be entered as command line argument.
  6. For each of the ciphers you are implementing ensure that you can encrypt and decrypt properly, i.e. that you can retrieve original messages at the server side.
  7. Integrate your ciphers with the client and the server.
Tasks 1,2 and 5 can be done in parallel. Tasks 3 and 4 can also be done in parallel, and have to occur after task 2. Tasks 6 and 7 have to occur in the end.

Red Team Tasks

The goal of the Red Team is to break encryption and obtain secret messages and/or decryption key. Since you don't know which crypto scheme the Blue Team will be using you need to develop analysis approaches for each listed scheme.

Assumptions and Requirements

You MUST write all the code yourself. You are not allowed to use crypto libraries in the OS nor to copy code from online sources, but you can read the code from online sources and use the ideas from it to write your own code.

You can assume that your router (mitm node) sits in between the client and the server. You can observe message exchanges but you are not allowed to perform any man-in-the-middle attacks, except sniffing the traffic.

You must be able to read and analyze binary code, i.e., you must be able to work with non-printable characters.

Milestones

Here are some milestones that your team must reach BEFORE the exercise.

  1. Intercept messages between client and server and print their content into a file. Print bytes of message as decimal numbers, not as characters.
  2. Implement a cracking code for monoalphabetic cipher.
  3. Implement a cracking code for polyalphabetic cipher. Assume that the number of maps will be given as a command line argument.
  4. Implement a cracking code for homophonic cipher.
  5. Implement a cracking code for polygram cipher. Assume that the block size will be given as a command line argument.
  6. Link the cracking code with the interception code. Translate the final message into printable characters and store into a file. DON'T FORGET to store the sequence number as well.
Tasks 1, 2, 3, 4 and 5 can be done in parallel. Tasks 6 has to occur in the end.

Scoring

The Blue Team receives a point for each message they send to the server that is not broken by the Red Team. The Red Team receives a point for each message they break. The Red Team proves that it broke the message by printing it into a file. We can then compare this file with the server's output file. These two files need to include sequence numbers along with the message content.

Exercise Dynamics

Teams will need to simultaneously act as Blue Team and Red Team throughout the 2h exercise. We will then have a 10 min break followed by a post-mortem discussion and selection of a winning team.

Grading

Each team member will be graded based on their contribution to the team effort, not based on the team's performance. After the exercise each team member will submit a report containing the list of contributions they made to the team effort - e.g., modules that they coded, testing and setup they performed, etc. All team members must sign each report. Reports will be delivered to the instructor in class on . The grades will be assigned based on the report.

Useful Links

You can use any programming language you like for any part of your assignment.
  • The Blue Team needs to write client and server code. If you have never written a client or a server this link shows how to do this quickly in Python.
  • The Red Team will need to capture messages as they go through the router. This page tells you how to use netfilter and iptables to do that.

    Note that the example there affects OUTPUT queue on the machine. In your exercise you will need to work on the FORWARD queue. Make sure you understand how iptables command works before you use it as you may cut off your access to a given machine in DeterLab if you filter out some specific traffic to/from it, e.g., all outgoing traffic. The only way to recover from this is to reboot the machine using Web portal for DeterLab. Click on your Experiment, then click on the machine's name in the Node List (e.g., pc133) and then choose "Reboot node" from the top left menu. It usually takes 5-10 minutes for the machine to come up again.

    You are allowed to use these libraries but you need to write your own code to mimic what the code on that Web page does. The callback function can be your encryption-breaking function or you can just write messages to a file and break encryption offline.

  • The Blue Team may produce some non-printable code during encryption This page talks about packing binary values into a string and unpacking them. In case that Blue Team produces some non-printable characters in encrypted messages the Red Team must be prepared to deal with them.
Questions & Comments: Prof. Mirkovic at USC-ISI (sunshine at isi.edu)