CE348: Information Security 20CE054 Henil Mistry

Charotar University of Science and Technology [CHARUSAT]

Chandubhai S. Patel Institute of Technology [CSPIT]
U & P U. Patel Department of Computer Engineering

Practical - 6
Subject code : CE348 Semester : 6 Academic Year : 2022-23
Subject name : INFORMATION SECURITY

Sr. Aim
No.
6. Refer to the figure (a) attached here. Bob (Source A) is preparing to send message to Alice
(Destination B). Bob applies SHA256 hash algorithm on prepared message and append with
original message (M) which is further encrypted by single secret key. Alice will receive bundle of
encrypted H(M) and original message (M). Alice will first apply single secret key to decrypt the
entire bundle and collect H(M) and original message (M). Furthermore, Alice will apply the same
algorithm SHA256 which was used by Bob and produce hash of received message (H). Lastly,
Alice will verify the computed hash with received H(M) to make sure message is not altered by
any attackers.

Task to perform:
1) Use any Symmetric key/Asymmetric key algorithm to implement encryption
function and decryption.
2) Implementation can be done using any programming language such as c,
c++, java, python, c#, javascript, etc.
3) For SHA256 hashing, you may use library compatible as per your
programming language.
Discuss the issues causes with this scenario. What happened if we encrypt the
generated hash?

U & P U. Patel Department of Computer Engineering, CSPIT, CHARUSAT Page | 1

 CE348: Information Security 20CE054 Henil Mistry

Code from Crypto.Cipher import AES

import hashlib

# Encryption function
def encrypt_message(secret_key, message):
# Generate a 16-byte key from the secret key
key = hashlib.sha256(secret_key.encode()).digest()[:16]

# Create an AES cipher object with the generated key

cipher = AES.new(key, AES.MODE_EAX)

# Encrypt the message using the cipher object

ciphertext, tag = cipher.encrypt_and_digest(message.encode())

# Return the encrypted message and the nonce (used for decryption)
return ciphertext, cipher.nonce, tag

s# Decryption function
def decrypt_message(secret_key, ciphertext, nonce, tag):
# Generate a 16-byte key from the secret key
key = hashlib.sha256(secret_key.encode()).digest()[:16]

# Create an AES cipher object with the generated key and nonce
cipher = AES.new(key, AES.MODE_EAX, nonce=nonce)

# Decrypt the ciphertext using the cipher object

plaintext = cipher.decrypt_and_verify(ciphertext, tag)

# Return the decrypted plaintext as a string

return plaintext.decode()

U & P U. Patel Department of Computer Engineering, CSPIT, CHARUSAT Page | 2

CE348: Information Security 20CE054 Henil Mistry

There are several issues with the scenario presented:

1. The use of a single secret key for encryption and decryption is not secure. If an attacker
obtains the key, they can easily decrypt the message and manipulate it before re-encrypting it with
the same key.
2. The use of a hash function as a message authentication code (MAC) is not recommended.
Hash functions are not designed to be used as MACs, and can be vulnerable to attacks like length
extension attacks, where an attacker can append data to the message without knowing the secret
key.
3. There is no mechanism for key exchange or key management, which means that if the key is
compromised, all past and future messages encrypted with the key will be vulnerable to attacks.
4. The use of a single hash function for both message integrity and authenticity are not
recommended. Ideally, different hash functions should be used for different purposes.

U & P U. Patel Department of Computer Engineering, CSPIT, CHARUSAT Page | 3