1. Home

Cryptographic Protocol on a PICO

You are reading a single comment by @ClearMemory041063 and its replies. Click here to read the full conversation.

  • Cryptomsg3.js
    In this version a user ID and password have been added
    The following is the output of one session. The setup function creates the cryptographic keys used in the client and server objects. Note that client and server have different random number keys and permutations. None of the permutation arrays are shown.

    PICO 1v86 
>echo(0);
In left pane enter setup(); and press return.
=undefined
>setup();
Client Random # keys
147,218,39,254,251,124,105,20,249,242,17­6,254,251,124,105,138
124,171,219,12,155,172,248,197,93,220,85­,14,86,211,101,122
Msg Hash keys
183,198,0,48,252,124,105,20,27,113,129,4­8,252,124,105,170
232,149,224,242,228,159,142,123,127,115,­23,205,73,51,112,58
Auth Hash keys
82,25,235,120,252,124,105,20,163,183,112­,121,252,124,105,248
90,33,23,232,223,50,115,84,170,190,44,13­9,113,153,65,249
IDPW Hash keys
179,197,74,194,252,124,105,20,240,89,206­,194,252,124,105,142
23,120,142,240,228,46,156,128,54,32,224,­158,21,49,50,162
IDPWkey Hash keys
254,143,24,11,253,124,105,20,217,234,155­,11,253,124,105,49
255,224,2,245,157,160,44,204,179,206,10,­57,236,82,67,23
Server Random # keys
53,87,29,162,253,124,105,20,95,37,162,16­2,253,124,105,26
78,233,136,63,69,30,248,93,255,66,4,177,­179,192,75,192
To setup a User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter setupID(); and press return.
=undefined

    The setupID() function performs a hash of the ID and Password and stores it in the server object for later reference.

    >ID="sam"
="sam"
>PW="a1234";
="a1234"
>setupID();
IDPW_hash
20,198,57,30,198,43,156,233,212,6,187,24­6,210,28,110,194
In left pane enter connect(); and press return.
=undefined

    The setup process is completed at this point.
    The connect() function sends a command from the client to the server. The message in the text, a random number Rnum, and a MHash of the text and Rnum blocks.
    The server calculated the hash1 of the text and Rnum blocks of the received message and performs a comparison.
    The server creates a reply message.

    >connect();
{
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107]),
  "Auth": new Uint8Array(16),
  "Mhash": new ArrayBuffer([67, 224, 209, 99, 57, 134, 239, 227, 82, 141, 121, 73, 1, 34, 87, 53])
 }
Client msg 1 hash OK

    The server creates a reply.
    It generates a new random number Rnum.
    It calculates the Auth value by hashing the Rnum in the clients message
    It calculates the MHash of the text, Rnum, and Auth blocks.

    {
  "text": [
    new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95]),
  "Auth": new ArrayBuffer([177, 4, 182, 80, 32, 193, 133, 253, 206, 70, 222, 40, 50, 103, 253, 84]),
  "Mhash": new ArrayBuffer([174, 166, 145, 239, 250, 142, 29, 89, 132, 47, 94, 235, 3, 148, 16, 180])
 }

    The client validates the Mhash, and the Auth and asked the user for ID and password.

    Server msg1 hash OK
Server is authentic
Enter User ID and password
In the left pane enter ID="<user ID>";
In the left pane enter PW="<password>";
In left pane enter login(); and press return.
=undefined
>

    The user enters the ID and password and the client sends a message to the server using the login() function.
    The message contains the text[0] block with the command, the text[1] block, a Rnum random number block, the Auth block and a Mhash of both text blocks, the Rnum and Auth blocks.
    An encryption key is created using a hash of the Rnum in the last server message.
    The encryption key is used to encrypt the hash of the ID and password.
    Text[1]= the permutation of the encrypted hash of ID and password.
    Note: the permutation uses an array of 128 values to swap bits in the block thus increasing the difficulty level for a hacker.

    >ID
="sam"
>PW
="a1234"
>login();
{
  "text": [
    new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
    new ArrayBuffer([188, 251, 96, 214, 196, 152, 12, 153, 116, 62, 142, 67, 36, 191, 9, 37])
   ],
  "Rnum": new Uint8Array([231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231]),
  "Auth": new ArrayBuffer([85, 202, 193, 237, 229, 82, 213, 28, 17, 66, 76, 168, 105, 110, 34, 181]),
  "Mhash": new ArrayBuffer([246, 246, 153, 109, 110, 234, 46, 198, 250, 173, 197, 70, 46, 130, 198, 8])
 }
Client msg 2 hash OK
Client is authentic
User ID and password valid

    The server validates the Mhash, and the Auth blocks.
    The server reverses the permutation and decrypts the text[1] block and uses the previously saved IDPW hash to validate the user ID and password.
    The server replies as follows:

    {
  "text": [
    new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197]),
  "Auth": new ArrayBuffer([203, 178, 225, 223, 185, 157, 208, 10, 205, 106, 25, 48, 148, 14, 178, 244]),
  "Mhash": new ArrayBuffer([136, 235, 215, 192, 46, 125, 93, 102, 232, 66, 154, 94, 254, 96, 125, 171])
 }

    The client validates the Mhash, and the Auth blocks.

    Server msg1 hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
=undefined
>

    The user enters LEDon() and the client sends a message with text[0][1]=153

    >LEDon();
{
  "text": [
    new Uint8Array([67, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245]),
  "Auth": new ArrayBuffer([84, 61, 229, 17, 188, 93, 153, 84, 8, 11, 141, 163, 234, 109, 215, 22]),
  "Mhash": new ArrayBuffer([161, 191, 122, 233, 14, 1, 107, 240, 101, 7, 97, 214, 109, 87, 47, 227])
 }

    The server validates the Mhash and Auth blocks and uses the value on text[0][1] to turn the Green LED on the PICO on or off.

    Client msg 3 hash OK
Client is authentic
{
  "text": [
    new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9]),
  "Auth": new ArrayBuffer([25, 138, 122, 203, 160, 27, 197, 203, 83, 67, 94, 253, 166, 101, 177, 61]),
  "Mhash": new ArrayBuffer([156, 67, 30, 184, 3, 5, 237, 23, 4, 169, 138, 33, 245, 137, 166, 242])
 }
Server msg hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
=undefined

    The user enters LEDoff(), and the client sends the following message to the server.

    >LEDoff();
{
  "text": [
    new Uint8Array([67, 152, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32]),
  "Auth": new ArrayBuffer([173, 227, 7, 74, 231, 212, 57, 149, 211, 167, 182, 168, 50, 163, 100, 136]),
  "Mhash": new ArrayBuffer([166, 234, 76, 46, 39, 225, 249, 161, 72, 87, 168, 112, 131, 189, 17, 179])
 }
Client msg 3 hash OK
Client is authentic

    The server turns the LED off and replies as follows.

    {
  "text": [
    new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
   ],
  "Rnum": new Uint8Array([91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91]),
  "Auth": new ArrayBuffer([69, 156, 77, 140, 124, 163, 20, 171, 113, 5, 219, 192, 52, 186, 236, 247]),
  "Mhash": new ArrayBuffer([58, 187, 167, 69, 103, 61, 35, 28, 56, 158, 186, 83, 30, 230, 152, 10])
 }
Server msg hash OK
Server is authentic
In left pane enter replay(); or LEDon(); or LEDoff(); and press return.

    Along the way the client and server messages have been saved by Bill the black hat hacker. So Bill tries sending the client’s messages to the server with the following results.

    >replay();
Trying to replay
Client msg 1 hash OK
Client msg 2 hash OK
Client not authentic
((the calculated and message Auth values are shown here))
73,37,138,217,81,69,32,247,92,136,225,15­4,124,8,83,157
85,202,193,237,229,82,213,28,17,66,76,16­8,105,110,34,181
=undefined

    Try it and have the client enter the wrong ID or password.
    The random number generator uses Date.now, and Math.random() as a seed.
    A permutation followed by encryption or decryption is applied to the seed.
    A one way matrix operation is applied followed by a second permutation and finally a second encryption or decryption. Again this makes life hard for hackers as compared to a simple counter applied to the AES algorithm.
    The hash function does a similar process permutation1, encrypt, one way, permutation2, encrypt. For the first block the one way is initialized. For subsequent blocks the one way uses the results from the previous block.

    1 Attachment

About

Avatar for ClearMemory041063 @ClearMemory041063 started

© Espruino, powered by microcosm.

About Terms of Use Privacy Policy Cookie Policy Report a problem