Question 2 The aim of this question is to practice one of the theoretical computer security concepts you have seen in Block-II–Part 2: the cryptanalysis, by using a cryptographic tool called CrypTool [1]. CrypTool – as introduced by its developers - is a "comprehensive free educational program about cryptography and cryptanalysis offering extensive online help and many visualizations". In order to complete this question, you need to install CrypTool-1 on your personal computer/notebook. You can download it from the Cryptool-1 download page [2]. The software will also be made available on the Moodle course website. Alternatively, you may use computers located in the computer lab which have CrypTool-1 already installed on them (refer to your course coordinator regarding the Moodle course website and the computer lab information). In this question, you will experiment one of the basic cryptanalysis techniques which is the use of letter-frequency analysis. Although such technique is inefficient against most of the ciphers nowadays, but it constitutes a starting point to understand one of the weaknesses of some classic ciphers and how cryptanalysis techniques can take advantage of this weakness to break the cipher. In the following, you will apply this cryptanalysis technique on one of the oldest known ciphers: the Caesar cipher. 1- Understand Letter-Frequency analysis (10 marks) a. Using the internet and/or any other reliable resource, you are asked to prepare a brief explanation, using your own words, of the letter-frequency cryptanalysis technique. 2- Prepare the plaintext (4 marks) a. Select from the internet (or any electronic resource you have) one relatively long (of the size of 10,000 or more letters) English text (newspaper, reference manual, novel, etc.). b. In addition, Find on the Internet a similar single text (more than 10,000 letters) written in an arbitrary foreign language (Latin characters, e.g. French). c. Copy these two selected texts in two text files (.txt): "plaintext-english-xxxx.txt" and "plaintext-foreign-xxxx.txt" (xxxx should be replaced with your student ID, for instance if the student ID is 090011, the file names will be plaintext-english-090011.txt and plaintext-foreign-090011.txt). d. In order to customize your files and differentiate your work from other's work, write your full name in the first line of each text file. 3- Analyze the plaintext using Cryptool-1 a. Using Cryptool-1' "Tools for Analysis" functions, determine and provide for each of the plaintexts you have selected in 2, the following: i. A histogram showing in the graphical form the relative frequency of letters in the two texts (4 marks) ii. Textual listings of 26 most frequent diagrams (two letters block) (4 marks) iii. Textual listings of 26 most frequent trigrams (three letters block) (4 marks) b. Compare the results obtained in 3-a between the two plaintexts. What is your observation? (4 marks) 4- Analyze the impact of short texts on frequency analysis a. Take a small subset of the English text prepared in (2-a); for instance the first 200 letters, save this file in one text file (.txt): "plaintext-english-short-xxxx.txt" (xxxx should be replaced with your student ID, for instance if the student ID is 090011, the file name will be plaintext-english-short-090011.txt). (2 marks) b. Re-compute all frequency distributions of part 3-a. (6 marks) c. Compare the results obtained in (3-a) and (4-b) (for the English plaintext only). What is your observation regarding the matching between frequency distributions for short texts and long texts of the same type, written in the same language? (4 marks) 5- Encrypt the plaintext using Caesar cipher a. Encrypt separately the long and short English texts of parts (2-a) and (4-a), using the classical Caesar cipher available in CrypTool-1, with a key of your choice (you should indicate the key in your report) (4 marks) b. Save the two encrypted text in two text files (.txt): "ciphertext-english-xxxx.txt" and "ciphertext-english-short-xxxx.txt" (xxxx should be replaced with your student ID, for instance if the student ID is 090011, the file names will be ciphertext-english-090011.txt and ciphertext-english-short-090011.txt). (2 marks) 6- Analysis of the ciphertext a. Compute the frequency distribution of single letters for the two obtained ciphertexts (4 marks) b. Compare this frequency distribution with that obtained in (3-a) and (4-b). What is your observation? (4 marks) c. Can you deduce the key of the Caesar cipher based on the comparison? Explain how. (8 marks) 7- Breaking the Caesar cipher using Cryptool-1 a. Launch the cryptanalysis of the encrypted texts (both short and long) using the "ciphertext-text only" mode of Caesar cipher analysis in Cryptool. Explain the different steps of this process. (6 marks) The deliverables of this question are: • A report that explains the different steps you have made and the results you obtained. You should take screenshots of the cryptool-1 software for each step you followed (each part can have several screenshots). The screenshot should be clear and at the same time you should not use a very high resolution in order to keep the size of the TMA file reasonable. In addition, you should clearly explain the findings and observations you are requested to present. • The five text files you have generated during the exercise. The question will not be validated if the files are not uploaded along with the TMA Important notes • Not listing the references of your answer in part (1-a) will be considered as a plagiarism act and will lead to the application of plagiarism penalty as per the AOU regulations. • Up to 5 marks deduction can be applied for not using your own words in question 1-a The deliverables of this question are: • A report that explains the different steps you have made and the results you obtained. You should take screenshots of the cryptool-1 software for each step you followed (each part can have several screenshots). The screenshot should be clear and at the same time you should not use a very high resolution in order to keep the size of the TMA file reasonable. In addition, you should clearly explain the findings and observations you are requested to present. • The five text files you have generated during the exercise. The question will not be validated if the files are not uploaded along with the TMA Important notes • Not listing the references of your answer in part (1-a) will be considered as a plagiarism act and will lead to the application of plagiarism penalty as per the AOU regulations. • Up to 5 marks deduction can be applied for not using your own words in question 1-a References [1] Cryptool project website, URL: http://www.cryptool.org , Last accessed on September 9, 2014 [2] Cryptool-1 download page, URL: http://www.cryptool.org/en/ct1-download-en , Last accessed on September 9, 2014