The goals of this assignment are to get familiar with Dark Patterns, Basic Cryptography, AES, and Public Key Cryptography.
Create and Use a new Branch
We will create a new git branch called
hw7 for use in this assignment. The branch you create must exactly match the one I’ve given you for you to receive any credit for this homework.
Prior to creating this new branch make sure your working directory is “clean”, i.e., consistent with the last commit you did when you turned in homework 6. Follow the procedures in GitHub for Classroom Use to create the new branch, i.e.,
git checkout -b hw7. Review the section on submission for using push with a new branch.
README.md for Answers
You will modify the
README.md file in your repo to contain the answers to this homework.
Question 1. (10 pts) Dark Patterns
(a) What is it?
What is a dark pattern in your own words? Is it illegal? Is it unethical?
(b) Example Dark Pattern
Given an example of a dark pattern that you have experienced (in general, you don’t have to reveal your details)
(c) Roach Motel Dark Pattern
Read the example of the Roach Motel Dark Pattern. Is this an example of just one dark pattern or multiple? Look at the Dark Pattern Harms page. What are the harms experienced by users that fell for the roach motel example.
For your information. From Wikipedia: Roach Motel: “the phrase roach motel has come to be used as a reference to all traps that use a scent or other form of bait to lure cockroaches into a compartment in which a sticky substance causes them to become trapped.” Tag line: “Roaches check in, but they don’t check out!”
Question 2. (10 pts) Crypto Principles
(a) Open Design Principle
What is the “open design principle”? How does this contrast to “security by obscurity”? Should you trust a crypto system whose details have not been publicly reviewed?
(b) Plaintext versus Ciphertext
What is the difference between plaintext and ciphertext?
(c) Size of the Key Space
Why does the size of the key space for cipher systems matter? Is this related at all to password length requirements? Explain.
(d) Attacks on Cipher Systems
What is a “chosen plaintext” attack on a cipher system? Does it give the attacker more information to work with than a “ciphertext only” attack? Why might a “chosen plaintext” attack be more difficult to do in practice than a “ciphertext only” attack?
Question 3. (10 pts)
(a) Crack my shift Cipher examples
Crack with brute force the following shift cipher examples (each may use a different shift). You can use my Python examples from Crypto Basics or simpleCipher.ipynb which is an IPython/Jupyter notebook.
CSJSF, SJSF IGS N GVWTH QWDVSF! ESP ZPIE OLDP DEFNJ TD DSLNYH MCYVPCD IS TSY BWOYJ DSZW SBT HWDUYS FQLSWOYMR UTZ GRR GRMTXNZOSY GXK KWAGR!
(b) Create a double substitution Algorithm
Create a cipher algorithm that uses two different substitution ciphers alternatively on the letters in the plaintext. Show your python code and an example encryption and decryption here.
(c) Encode a book
Encrypt the sherlockHolmes.txt and show the results of the frequency analysis on the ciphertext here.
(d) Crack your Algorithm with a chosen plaintext
Show how to crack your algorithm with a chosen plaintext attack (like in the course notes and Python notebook).
Question 4. (10 pts)
(a) AES efficiency
What is a micro-controller? Is AES available for micro-controllers? (Hint: look for AES and Arduino). If AES is available for micro-controllers why is security of IoT a problem?
(b) Key Length Compromise
Why would using text directly as a key in AES potentially compromise security? A 256 bit AES key corresponds how many bytes? What equivalent portion of a byte isn’t being used for key material if we know that each byte in the key is an ASCII printable character? What does this imply for a 256 bit key? Rough approximations are sufficient here to justify your answer.
(c) Bad AES Use
As demonstrated in class even though AES is a very well proven encryption algorithm, its misuse can leave huge security holes. To see this yourself, take a screen shot of something without much detail on your computer. Save it in JPEG format. Using either the Python in the AES slides or this Jupyter notebook encrypt the raw bytes with AES-ECB and show me the result here.
Then encrypt it with AES-CBC and show me the result here.
Question 5. SSH and Public Keys (10 pts)
(a) Generate an Key pair for SSH
On your laptop or other machine generate a Public/Private key pair using
ssh-keygen. Show one of those pairs here. Which of the keys can you safely share on your homework?
(c) Demonstrate login without Password
Demonstrate that you can login to your account without a password, e.g., take a screenshot right after successfully logging in with your keys. Mine looks like: