Project 6, 2015 Research Experience for Teachers Project 4, 2016
Secure Cyberspace

Secret Key, Public Key, Hash Algorithms, Protocols, Authentication, Integrity, Confidentiality, Availability

 

 

 
Contact Information:
 
    John Franco     Area Coordinator     franco@gauss.ececs.uc.edu     556-1817 / 787-9960
Carlo Perottino Graduate Assistant perottca@mail.uc.edu
Nick Maltbie Resource & Assistant nick.dmalt@gmail.com
 
Handy Information:
 
    Lab:     Old Chemistry, 838
Schedule: seven weeks
Description: abstract 2015
abstract 2016
 
Mathematics of Cryptography
 
    Math        Fermat, Chinese Remainder, Mod arithmetic, Z*n, Mod Inverse, Euler's algorithm, Testing for primes, Generating primes
 
What is Creativity?
 
    Creativity        Divergent/Convergent thinking, elevator puzzle, bellhop puzzle, Noah's ark puzzle, missing card puzzle, illusions, monk puzzle, Racetrack puzzle, lightbulb puzzle, language puzzle, pennies puzzle, pentagon puzzle, walking puzzle (mod), pipe puzzle, horse puzzle
 
Discovery Applets, 2016
 
           Caesar cipher
 
           Substitution cipher
 
           Arithmetic and logic operations
 
           XOR based ciphers
 
           Secret Key ciphers: encryption, message integrity, authentication
 
           Public Key ciphers
 
           Mathematics of cryptography
 
           Chat clients
 
Articles, Documentation, Surveys, etc.
 
 
 
 
 
 
 
 
 
 
 
 
 
        Curiosity (DAoM)        Independent learning relies on student curiosity
        Survey        Amanda Sopko has contributed a survey that was used in a recent 6th and 7th grade STEM class
        Encryption & Math        From about.com/education
        Cyber Kill Chain        Classic Lockheed-Martin anatomy of attack, intel-driven defense
        Monitoring        Slide presentation on network security monitoring
        Logging        SANS Institute paper on intrusion detection via logging and monitoring
        Attack Prevention        SANS Institute paper on attack prevention
        Common Criteria        The Common Criteria security evaluation
        Malware Analysis        Malware analysis tutorials
        Security Onion        Operating System with tools for defense
        Kali Linux        Operating System with tools for attack
        Virtualbox        Virtualizer for desktop computers - supports above OSes
        Vulnerability Assessment        Documentation on many kinds of attacks
 

Notes

 
        Can curiosity be increased by having students build their own experimental platforms (in this case with java applets) to test their own theories? This may be a hypothesis we could examine for this project.
 
        Should we give students a survey measuring their attitudes/dispositions toward mathematics (including their level of interest in STEM and STEM careers perhaps?) before the challenge-based unit, and then re-evaluate those same attitudes after the unit to try to measure how challenge-based and exploratory/inquiry learning impact students attitudes toward the subject and their interest in possible related careers?
 
        Maxims of cryptography
- never use the same key to encrypt two different messages
- never encrypt the same message twice with two different keys
- always assume the adversary knows the encryption algorithm
- never underestimate the adversary
- only a professional cryptanalyst can judge the security of a cryptosystem
- a cryptographer's error is the cryptanalyst's only hope (David Kahn)
 

What are we trying to accomplish?

 
        teach math (group theory & stats) with crypto as the motivator?
        encourage scientific exploration with math, crypto, logic as motivator?
        teach crypto - math is used as needed?
        teach a blend of crypto, math, and lab design?
        teach lab design with crypto experiments as the motivator?
 

How are we going to do this?

 
        mainly set up interactive virtual experiments for self discovery?
        mainly explain known results and have students verify them with virtual experiments?
        create a networked game where students acquire/steal wealth and use crypto algorithms for protection?
 

What Mathematics would we like the students to experiment with? (subject to change)

 
        Modular arithmetic
- Fermat's little theorem
- Square roots of N mod M
- Exponentiation of a to the power N mod M
- Inverse of N mod M
- Z*N
- Generators for cyclic groups
- R*S mod M = (R mod M)*(S mod M) mod M
- (gR mod M)S mod M = (gS mod M)R mod M
- Chinese Remainder Theorem
        Permutations
-  transpositions
-  products of permutations
-  conjugated permutations
-  cyclic structure
-  degree of permutations
-  two degree N permutations of disjoint transpositions have a product containing an even number of disjoint cycles of the same length.
-  If in any permutation of even degree there appears an even number of disjoint cycles of the same length, then the permutation can be regarded as a product of two permutations each of which consists only of disjoint transpositions.
-  Two permutations K,L on the same set X are conjugated if and only if they have the same cyclic structure.
        Statistics
- mean, standard deviation, moments
- correlation coefficients
 

What crypto algorithms would we like the students to experiment with? (subject to change)

 
        Euclid's algorithm
- Find the inverse of M mod N
        Miller-Rabin algorithm
- Generate a (probably) prime number
        Chinese Remainder Theorem
- Use in development of public key cryptosystems
- Use in attacking RSA and other cryptosystems
- Use in encrypting a secret
 

What crypto systems would we like the students to experiment with? (subject to change)

 
        Secret Key
- Enigma
- Simple XOR
- Double lock XOR
- Double lock randomize
- Karn "God Save" algorithm
- Data Encryption Standard (DES)
- 3-DES
- Advanced Encryption Standard (AES)
- Hashed Message Authentication Check (HMAC)
 
        Public Key
- Diffie-Hellman key exchange
- RSA encryption
- RSA signing
- Zero Knowledge authentication
 
        Stream Ciphers
- RC4
- WEP
- ZUC
- A4
 
        Authentication Systems
- Kerberos
- Challenge-Response
- Lamport's Hash
- Strong Password Protocol
 
        Key Handling
- Certificates
- Certification Authority (CA)
- Key Distribution Center (KDC)
 

How might a course on math and crypto progress?

 
        Experiment with the Ceaser cipher. See how easily it is cracked.
        Students propose variants like increasing the rotation with every keystroke
        Experiment with the Substitution cipher.
        Experiment with the Enigma cipher.
        Learn about and experiment with permutation groups (to be developed).
        Break Enigma using the math of permutation groups.
        Students think about the security associated with ciphers based on permutations.
        Introduction to math operations - bitwise representations of numbers and arithmetic operations.
        Introduction to logical operations - XOR is invertible and has maximum entropy.
        Experiment with XOR as cipher operation
        Experiment with Double Lock XOR to avoid sending keys over insecure channel
        Find the vulnerability of the Double Lock XOR cipher
        Propose more secure variants of the Double Lock Cipher
        Experiment with modular exponentiation
        Experiment with modular exponentiation
        Importance of prime numbers
        Fermat's little theorem and prime number
        Euler's Totient function
        Square roots of unity in modular arithmetic
        Prime number generator and verifier
        Experiment with Euclid's algorithm and mod inverse
        Experiment with Diffie-Hellman key exchange
        Experiment with Merkle-Hellman cipher
        Experiment with RSA cipher
        Hashing
        Message Digest
        Authentication with message digest
        Message integrity with message digest
 

Maybe a project to tie all the concepts together?

 
        final project.