|
|
||||||
|
|||||||
|
Research Systems & Architecture Bio & Medical |
Cyber-security Remote Education Access Toolkits (CREAT)OverviewThe Cyber-Security Remote Education Access Toolkits (CREAT) is a self-learning tool for modern cryptographic protocols and their relationship with network security. CREAT is sponsored by the National Science Foundation (NSF) through the award number #0516825. As a proof-of-concept prototype, CREAT is built upon a set of expandable building blocks to implement a set of cryptographic mathematics, and a basic on-line chatting tool to enable user communications. This design choice is based on the observation that among numerous textbooks related to cryptography, very few programming examples are available for computer science students to learn the basic programming techniques to implement cryptographic protocols. With the aid of graphic user interfaces (GUI) in CREAT, users of all levels can learn the relationship between keys, plaintexts, ciphers, in an interactive manner, and at their own pace. With the source code modules for each step readily available through a display window, the user would have a direct reference between the mathematics, protocols, inputs, computing steps, and outputs. In addition to a set of basic encryption algorithms, two high security protocols “E-cash” and “secret handshaking” protocols were used as the case studies for advanced cryptography learning. Our goal is to let users see the deep and sophisticated computing steps that would be needed to implement off-line authentication and quota control protocols. All these protocols must have integrity as the overall system basis, and therefore these protocols will guide students through the maze of sophisticated mathematical steps to cover different aspects of the security management functions. Again, integrated presentation of the plaintexts, ciphers, source codes, and the protocol steps, users can observe some of the most important yet basic building blocks to advance their learning goals. Group learning is usually more effective for difficult subjects like cryptography and networking security. To support group interaction, CREAT includes simple matching database and chat clients to test the concept of group learning in a virtual community setting. Users can open a chatting session to exchange their thoughts while the security protocols are being executed step by step. Initial tests show that adding the on-line matching and chatting tools significantly enhances the learning the learning quality. CREAT has a library to perform big integer and other number theory related computations. These basic building blocks (GCD, CRT, factorization, prime test, SHA-1, ECC pointer operations and random number generation), as shown in Fig. 1 were used to build the set of security management protocols. They provide four different levels of programming exercises for the users to advance their knowledge starting from the basic number theory computing to advanced cryptographic protocols.
Fig. 1 CREAT Menu Major Modules
Source Code Display The user can view the source code of each cryptographic algorithm/protocol at the click of a button with the
Fig. 2 Source Code Display User CommunicationsA user can chat with other users after the registration procedure. The registration information includes some basic personal profile to facilitate group communications. This functionality is provided in “CREAT tools” tab. Users who wish to set up their own server can refer to the folder “CREATDatabase” in Source Code for more details. One user can choose to act as the chat server and another user can connect to it (chat as client) through the published IP address and port number. More details about this function can be found in chat.txt. Demonstration CasesCREAT provides demo of the E-cash system, based on the zero knowledge proof theory . We acknowledge that the E-cash has relatively high computing cost, yet it represents an elegant example on the balance between anonymity, integrity, and accountability. Many variations of the E-cash algorithms exist. As a generic example, the E-cash system has the following general framework. A user U first registers with the bank, and then can withdraw some (encoded) strings that represents certain amount of credit/values, or e-cash. U can use the e-cash to render certain service from another user V. Before V accepts the e-cash and render the service, it gives U a random input and U must produce a result for V to verify its validity. If V determines that U does produce a valid result, then the transaction can proceed, and the e-cash is considered spent. The spent e-cash can be sent back to the bank to check if U has over spent its withdrawn e-cash, i.e., quota control. U can also transfer its e-cash to another user W, and W can use it to render service without violating the quota. The system guarantees that U can keep its unique private information (identity) protected from the bank and all others if the quota is not violated. But if the quota is violated, the system guarantees that the bank can uniquely decode the identity of the offender. More detail about how to set up the server and implement the E-cash system can be found in The Zero-Knowledge Proof Simulation Software. In-Class TestSome of the material was tested in a week-long short course designed for undergraduate students interested in the cybersecurity. The tool was well received by the students. The handout and slides can be downloaded. DownloadsAs of release of this software, only the Microsoft XP operating system is supported .
Third party software libraryIn the secret handshake protocol designed by the project members, the ECC point operations were implemented using the MIRACL (Multiprecision Integer and Rational Arithmetic C/C++ Library) published by Shamus Software Company . ContributorsJonas Tan Dr. Steve Liu (Project Lead) | ||||||
for almost every step of an algorithm/protocol, see the example shown in Fig. 2. This feature is not provided for some of the most complicated algorithms, because it would be too difficult for users to understand the source code without considering the context.
