Below is an assignment from my Graduate Program. I excluded some things, but below you will see that the main purpose of this assignment was to demonstrate encrypted communication using socket programming.
If you would like to review the entire set of code, please visit my GitHub account.
https://github.com/awilk54/Cyber550-Assignment-2
The Original Objective:
The original objective of this assignment was to create a client/server program that implemented AES 256-bit encryption to encrypt a secure message between a client and a server. The server would then Decrypt the message and deliver it to another client.
Assignment Deliverable:
For this assignment, It was decided to code in Python using TCP sockets so that we can establish multiple connections to our server at once. The below pieces of code snippets represent the server/client model using a server and two clients (A and B).
TCP_SERVER.PY
Here is some code snipets from the TCP Server (Figure 1) that handles receiving the encrypted message and then decrypting it. For this project I hard coded the encryption key that client A uses to encrypt the message onto the server for decryption.
Figure 1.
Figure 2 shows the rest of the server code. In the code you can see that it's been configured to initialize the TCP stream and bind it to a port/IP. The socket also listens for two incoming connections. Inside of our while loop, you can see that the message is being decrypted using the shared key that the server has hard coded.
Figure 2.
TCP_ClientA.py
Client A is one of two clients that connect to the server. Client A requires that the user type in there secret message to be sent to the server encrypted. Client A is using AES 256 to encrypt the message. The message encryption key is hard coded 32 byte key that is shared with the server. Figure 3 shows code for encryption of message using shared key and the Pycryptodome Python library.
Figure 3.
TCP_ClientB.py
Client B was created to connect after Client A and to receive the decrypted message from the server that was sent by Client A. Since Client B doesn’t actually do any encrypting/decrypting, the application simply creates a TCP socket to receive data.
Running the application yields the following results...
1. First you launch the TCP_Server.py script and the TCP_Client.py script.
Figure 4.
Figure 5.
When you launch Client_A it asks for a secret message to be typed. At the same time you can see that the server shows that a client connected and on what port it connected.
2. Once you type the secret message, Client_A will encrypt and send the cipher text over to the server and then close it’s connection. You can see in figure 6 that Client_A sent your typed secret message and then outputs the cipher text it is sending to the server.
Figure 6.
3. Once Client_A has closed it’s connection, then you launch Client_B. Client B will initiate the server to decrypt it’s message from Client_A and send the message to Client_B. You can see this in figure 7 and 8.
Figure 7.
Figure 8.
Analysis of communication using Wireshark:
Running Wireshark on the loopback connection during testing of the application showed the packet stream for the encrypted messaging. As you can see from the screenshot below, the TCP push packet is sending it’s data payload (cipher text) to the server on port 9000. You can see in Figure 9 that the push packet sends the cipher text data payload. Since this packet payload is technically encrypted, the data you see is actually the hex representation of the secret message. This HEX string is the cipher text. Even though our client software is encrypted in AES 256, the cipher text string is raw data that is being sent as bytes through the TCP socket. Wireshark can detect this byte string and it can be recorded. You can see this in figure 9 below.
Figure 9.
Figure 10.
Looking at figure 10 a bit closer, you can see the hex string. If you use a hex calculator you can start to rebuild the cipher text string that was sent in the snippet below.
Take “4e 32 31” down in the stream for instance in figure 11., That converted will give you the chunk N21. You can go through this piece by piece and rebuild the raw cipher text string.
Figure 11.
After the server decrypts the data, you can see the message in Wireshark. The message although sent via TCP, is still in clear text.
Since the data packet is still sending raw data, Wireshark can still sniff that traffic on the connection and see the data packet contents. Since the data was decrypted and sent as clear text, Wireshark can pickup on the clear text as seen in figure 12 below.
Figure 12.
Thanks for reading!
Sources Used:
If you would like to review the entire set of code, please visit my GitHub account.
https://github.com/awilk54/Cyber550-Assignment-2
The Original Objective:
The original objective of this assignment was to create a client/server program that implemented AES 256-bit encryption to encrypt a secure message between a client and a server. The server would then Decrypt the message and deliver it to another client.
Assignment Deliverable:
For this assignment, It was decided to code in Python using TCP sockets so that we can establish multiple connections to our server at once. The below pieces of code snippets represent the server/client model using a server and two clients (A and B).
TCP_SERVER.PY
Here is some code snipets from the TCP Server (Figure 1) that handles receiving the encrypted message and then decrypting it. For this project I hard coded the encryption key that client A uses to encrypt the message onto the server for decryption.
Figure 1.
Figure 2 shows the rest of the server code. In the code you can see that it's been configured to initialize the TCP stream and bind it to a port/IP. The socket also listens for two incoming connections. Inside of our while loop, you can see that the message is being decrypted using the shared key that the server has hard coded.
Figure 2.TCP_ClientA.py
Client A is one of two clients that connect to the server. Client A requires that the user type in there secret message to be sent to the server encrypted. Client A is using AES 256 to encrypt the message. The message encryption key is hard coded 32 byte key that is shared with the server. Figure 3 shows code for encryption of message using shared key and the Pycryptodome Python library.
Figure 3.
TCP_ClientB.py
Client B was created to connect after Client A and to receive the decrypted message from the server that was sent by Client A. Since Client B doesn’t actually do any encrypting/decrypting, the application simply creates a TCP socket to receive data.
Running the application yields the following results...
1. First you launch the TCP_Server.py script and the TCP_Client.py script.
Figure 4.
Figure 5.
When you launch Client_A it asks for a secret message to be typed. At the same time you can see that the server shows that a client connected and on what port it connected.
2. Once you type the secret message, Client_A will encrypt and send the cipher text over to the server and then close it’s connection. You can see in figure 6 that Client_A sent your typed secret message and then outputs the cipher text it is sending to the server.
Figure 6.
3. Once Client_A has closed it’s connection, then you launch Client_B. Client B will initiate the server to decrypt it’s message from Client_A and send the message to Client_B. You can see this in figure 7 and 8.
Figure 7.
Figure 8.
Analysis of communication using Wireshark:
Running Wireshark on the loopback connection during testing of the application showed the packet stream for the encrypted messaging. As you can see from the screenshot below, the TCP push packet is sending it’s data payload (cipher text) to the server on port 9000. You can see in Figure 9 that the push packet sends the cipher text data payload. Since this packet payload is technically encrypted, the data you see is actually the hex representation of the secret message. This HEX string is the cipher text. Even though our client software is encrypted in AES 256, the cipher text string is raw data that is being sent as bytes through the TCP socket. Wireshark can detect this byte string and it can be recorded. You can see this in figure 9 below.
Figure 9.
Figure 10.
Looking at figure 10 a bit closer, you can see the hex string. If you use a hex calculator you can start to rebuild the cipher text string that was sent in the snippet below.
Take “4e 32 31” down in the stream for instance in figure 11., That converted will give you the chunk N21. You can go through this piece by piece and rebuild the raw cipher text string.
Figure 11.
After the server decrypts the data, you can see the message in Wireshark. The message although sent via TCP, is still in clear text.
Since the data packet is still sending raw data, Wireshark can still sniff that traffic on the connection and see the data packet contents. Since the data was decrypted and sent as clear text, Wireshark can pickup on the clear text as seen in figure 12 below.
Figure 12.
Thanks for reading!
Sources Used:
Python for Windows 3.6.4
Npcap 0.99-r2 for windows
Wireshark 2.4.5
Comments
Post a Comment