IT-801 Information Security Lab File
IT-801 Information Security Lab File
IT-801 Information Security Lab File
BHOPAL
Lab File
Submitted by
Name:-
Enrollment no:-
LIST OF EXPERIMENTS
EXP GRAD
NO. EXPERIMENT NAME CO
E/SIGN
4
In a typical situation where cryptography is used, two parties (X and Y) communicate over an
insecure channel. X and Y want to ensure that their communication remains incomprehensible
by anyone who might be listening. Furthermore, because X and Y are in remote locations, X
must be sure that the information she receives from Y has not been modified by anyone during
transmission. In addition, she must be sure that the information really does originate from Y and
not someone impersonating Y. Cryptography is used to achieve the following goals:
Confidentiality
To ensure data remains private. Confidentiality is usually achieved using encryption. Encryption
algorithms (that use encryption keys) are used to convert plain text into cipher text and the
equivalent decryption algorithm is used to convert the cipher text back to plain text. Symmetric
encryption algorithms use the same key for encryption and decryption, while asymmetric
algorithms use a public/private key pair.
Data integrity
To ensure data is protected from accidental or deliberate (malicious) modification. Integrity is
usually provided by message authentication code or hashes. A hash value is a fixed length
numeric value derived from a sequence of data. Hash values are used to verify the integrity of
data sent through insecure channels. The hash value of received data is compared to the hash
value of the data as it was sent to determine if the data was altered.
Authentication
To assure that data originates from a particular party.Digital certificates are used to provide
authentication. Digital signatures are usually applied to hash values as these are significantly
smaller than the source data that they represent.
TYPES OF CRYPTOGRAPHY
Cryptography is a process which is associated with scrambling plaintext (ordinary text, or
cleartext) into ciphertext (a process called encryption), then back again (known as decryption).
There are several ways to classify the various algorithms. The most common types are i) Secret
Key Cryptography which is also known as Symmetric Key Cryptography and ii) Public Key
Cryptography which is also known as Asymmetric Key Cryptography.
In other words, if the same key is used for encryption and decryption, we call the mechanism as
Symmetric Key Cryptography. However, if two different keys are used in a cryptographic
mechanism, wherein one key is used for encryption, and another, different key is used for
decryption; we call the mechanism as Asymmetric Key Cryptography. This is shown in Figure 1
5
Cryptographic
Techniques
In secret key cryptography, a single key is used for both encryption and decryption. As shown in
Figure 2, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the
ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover
the plaintext. Because a single key is used for both functions, secret key cryptography is also
called symmetric encryption. With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with
this approach, of course, is the distribution of the key .
6
A block cipher is so-called because the scheme encrypts one block of data at a time using the
same key on each block. In general, the same plaintext block will always encrypt to the same
ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to
different ciphertext in a stream cipher .Stream ciphers come in several flavors but two are worth
mentioning here. Self-synchronizing stream ciphers calculate each bit in the keystream as a
function of the previous n bits in the keystream. It is termed "self-synchronizing" because the
decryption process can stay synchronized with the encryption process merely by knowing how
far into the n-bit keystream it is. Synchronous stream ciphers generate the keystream in a
fashion independent of the message stream but by using the same keystream generation function
at sender and receiver.
While stream ciphers do not propagate transmission errors, they are, by their nature, periodic so
that the keystream will eventually repeat.
Block ciphers can operate in one of several modes; the following four are the most important:
Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB) mode and
Output Feedback (OFB) . The most common secret-key cryptography scheme used today is the
Data Encryption Standard (DES), designed by IBM in the 1970s and adopted by the National
Bureau of Standards (NBS) [now the National Institute for Standards and Technology (NIST)]
in 1977 for commercial and unclassified government applications. DES has been adopted as
Federal Information Processing Standard 46 (FIPS 46- 3) and by the American National
Standards Institute as X3.92). DES is a block- cipher employing a 56-bit key that operates on
64-bit blocks .
There are a number of other secret-key cryptography algorithms that are also
in use today like CAST-128 (block cipher), RC2(block cipher) RC4 (stream
cipher), RC5 (block cipher), Blowfish (block cipher), Two fish (block cipher).
In 1997, NIST initiated a process to develop a new secure cryptosystem for
U.S. government applications. The result, the Advanced Encryption Standard
(AES), became the official successor to DES in December 2001.
7
0 0 1 0 1 0 1 0
Step 4: After reversing the number it would be 01010100 i.e. ASCII 84 in decimal i.e. “T” as
character which was the original text
CONCLUSION
Cryptography is used to achieve few goals like Confidentiality, Data integrity, Authentication
etc. of the send data
Now, in order to achieve these goals various cryptographic algorithms are developed by various
people. For a very minimal amount of data those algorithms wouldn’t be cost effective since
those are not designed for small amount of data. The aim of this work was to design and
implement a new algorithm to address this issue so that we don’t have to apply those algorithms
(which are not cost-effective) to encrypt a small amount of data. Keeping this goal in mind the
proposed algorithm has been designed in a quite simple manner but of-course not sacrificing the
security issues. A single is used for both encryption and decryption i.e. it is fallen under secret
key cryptographic algorithm. But as public key cryptography is more secured then secret key
cryptography our next task would be to develop and design a public key cryptographic algorithm
in a simple manner as it is done in this paper.
8
Experiment No. 2
In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
1. The message is written out in rows of a fixed length, and then read out again column by
column, and the columns are chosen in some scrambled order.
2. Width of the rows and the permutation of the columns are usually defined by a keyword.
3. For example, the word HACK is of length 4 (so the rows are of length 4), and the
permutation is defined by the alphabetical order of the letters in the keyword. In this case, the
order would be “3 1 2 4”.
void setPermutationOrder()
{
// Add the permutation order into map
for(int i=0; i < key.length(); i++)
{
keyMap[key[i]] = i;
}
}
// Encryption
string encryptMessage(string msg)
{
int row,col,j;
string cipher = "";
if (msg.length() % col)
row += 1;
char matrix[row][col];
9
for (int i=0,k=0; i < row; i++)
{
for (int j=0; j<col; )
if(msg[k] == '\0')
{
/* Adding the padding character '_' */
matrix[i][j] = '_';
j++;
}
// getting cipher text from matrix column wise using permuted key
for (int i=0; i<row; i++)
{
if( isalpha(matrix[i][j]) || matrix[i][j]==' ' || matrix[i][j]=='_')
cipher += matrix[i][j];
}
}
return cipher;
}
// Decryption
string decryptMessage(string cipher)
{
/* calculate row and column for cipher Matrix */
int col = key.length();
// Driver Program
int main(void)
{
/* message */
string msg = "Geeks for Geeks";
setPermutationOrder();
return 0; 1
1
}
Experiment No. 3
#include<stdio.h>
#include<math.h>
void main() {
getKeyMessage();
encryption();
decryption();
}
void encryption() {
int i, j, k;
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
encrypt[i][j] = encrypt[i][j] + a[i][k] * mes[k][j];
printf("\nEncrypted string is: ");
for(i = 0; i < 3; i++)
printf("%c", (char)(fmod(encrypt[i][0], 26) + 97));
void decryption() {
int i, j, k;
inverse();
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
decrypt[i][j] = decrypt[i][j] + b[i][k] * encrypt[k][j];
printf("\nDecrypted string is: ");
for(i = 0; i < 3; i++)
printf("%c", (char)(fmod(decrypt[i][0], 26) + 97));
printf("\n");
}
void getKeyMessage() {
int i, j;
char msg; 1
2
printf("Enter 3x3 matrix for key (It should be inversible):\n");
void inverse() {
int i, j, k;
float p, q;
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++) {
if(i == j)
b[i][j]=1;
else
b[i][j]=0;
}
for(k = 0; k < 3; k++) {
for(i = 0; i < 3; i++) {
p = c[i][k];
q = c[k][k];
for(j = 0; j < 3; j++) {
if(i != k) {
c[i][j] = c[i][j]*q - p*c[k][j];
b[i][j] = b[i][j]*q - p*b[k][j];
}
}
}
}
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++)
b[i][j] = b[i][j] / c[i][i];
printf("\n\nInverse Matrix is:\n");
for(i = 0; i < 3; i++) {
for(j = 0; j < 3; j++)
printf("%d ", b[i][j]);
printf("\n");
}
}
Decryption
#include<iostream>
#include<math.h>
1
using namespace std; 3
float encrypt, decrypt, a, b, mes, c;
int main() {
getKeyMessage();
encryption();
decryption();
}
void encryption() {
int i, j, k;
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
encrypt[i][j] = encrypt[i][j] + a[i][k] * mes[k][j];
cout<<"\nEncrypted string is: ";
for(i = 0; i < 3; i++)
cout<<(char)(fmod(encrypt[i][0], 26) + 97);
}
void decryption() {
int i, j, k;
inverse();
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
decrypt[i][j] = decrypt[i][j] + b[i][k] * encrypt[k][j];
cout<<"\nDecrypted string is: ";
for(i = 0; i < 3; i++)
cout<<(char)(fmod(decrypt[i][0], 26) + 97);
cout<<"\n";
}
void getKeyMessage() {
int i, j;
char msg;
void inverse() {
int i, j, k;
float p, q;
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++) {
if(i == j)
b[i][j]=1;
else
b[i][j]=0;
}
for(k = 0; k < 3; k++) {
for(i = 0; i < 3; i++) {
p = c[i][k];
q = c[k][k];
for(j = 0; j < 3; j++) {
if(i != k) {
c[i][j] = c[i][j]*q - p*c[k][j];
b[i][j] = b[i][j]*q - p*b[k][j];
}
}
}
}
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++)
b[i][j] = b[i][j] / c[i][i];
cout<<"\n\nInverse Matrix is:\n";
for(i = 0; i < 3; i++) {
for(j = 0; j < 3; j++)
cout<<b[i][j]<<" ";
cout<<"\n";
}
}
1
5
Experiment No. 4
int main()
{
int array_a1[30], array_a2[30], array_a3[30], array_a4[30], array_a5[30], array_a6[30],
array_a7[30], array_a8[30];
int div, count, j, key, m, plaintext, temp, dec = 0;
printf("\nEnter a Plain-Text value:\t");
scanf("%d", &plaintext);
printf("\nEnter the Key:\t");
scanf("%d", &key);
printf("\nEnter the Bit-Stream\n");
for(count = 0; count < plaintext; count++)
{
scanf("%d", &array_a1[count]);
}
div = plaintext / 2;
temp = div - key;
for(count = 0; count <= temp; count++)
{
array_a3[count] = 0;
dec++;
}
dec = dec - 1;
printf("Enter the Key Bit Stream\n");
for(count = 0; count < key; count++)
{
scanf("%d", &array_a3[dec++]);
}
for(count = 0; count < 2; count++)
{
printf("%d", array_a8[count]);
}
printf("Left Hand\n");
for(count = 0; count < div; count++)
{
array_a5[count] = array_a1[count];
printf("%d", array_a1[count]);
}
printf("Right Hand\n");
for(count = div; count < plaintext; count++)
{
array_a2[count] = array_a1[count];
printf("%d", array_a1[count]);
}
for(j = 0, m = div; j < dec, m < plaintext; j++, m++) 1
6
{
if(array_a2[m] == 1 && array_a3[j] == 1)
array_a6[j] = 0;
}
else if(array_a2[m] == 1 && array_a3[j] == 0)
{
array_a6[j] = m;
}
else
{
array_a6[j] = 0;
}
}
printf("\nFirst XOR\n");
for(count = 0; count < div; count++)
{
printf("%d", array_a6[count]);
}
for(j = 0, m = 0; j < div, j++; j++, m++)
{
if(array_a5[m] = 1 && array_a6[j] == 1)
{
array_a4[j] = 0;
}
else if(array_a5[m] = 1 && array_a6[j] == 0)
{
array_a4[j] = m;
}
else if(array_a5[m] == 0 && array_a6[j] == 1)
{
array_a4[j] = 0;
}
}
printf("\nSecond XOR\n");
for(count = 0; count < div; count++)
{
printf("%d", array_a4[j]);
}
return 0;
}
#include <iostream>
#include <bitset>
using namespace std;
typedef bitset<8> byte;
typedef bitset<32> word;
1
7
const int Nr = 10; //AES-128 requires 10 rounds of encryption
const int Nk = 4; //Nk Represents the number of word s that are input keys
byte S_Box = {
{0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0
xAB, 0x76},
{0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0
x72, 0xC0},
{0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0
x31, 0x15},
{0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0x
B2, 0x75},
{0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3,
0x2F, 0x84},
{0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C,
0x58, 0xCF},
{0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0
x9F, 0xA8},
{0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0
xF3, 0xD2},
{0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D,
0x19, 0x73},
{0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0
x0B, 0xDB},
{0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0
xE4, 0x79},
{0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A,
0xAE, 0x08},
{0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD,
0x8B, 0x8A},
{0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x
1D, 0x9E},
{0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x
28, 0xDF},
{0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0
xBB, 0x16}
};
/**
* Convert four byte s to one word.
*/
word Word(byte& k1, byte& k2, byte& k3, byte& k4)
{
word result(0x00000000);
word temp;
temp = k1.to_ulong(); // K1 1
8
temp <<= 24;
result |= temp;
temp = k2.to_ulong(); // K2
temp <<= 16;
result |= temp;
temp = k3.to_ulong(); // K3
temp <<= 8;
result |= temp;
temp = k4.to_ulong(); // K4
result |= temp;
return result;
}
/**
* Cyclic left shift by byte
* That is to say, [a0, a1, a2, a3] becomes [a1, a2, a3, a0]
*/
/**
* S-box transformation for each byte in input word
*/
word SubWord(word& sw)
{
word temp;
for(int i=0; i<32; i+=8)
{
int row = sw[i+7]*8 + sw[i+6]*4 + sw[i+5]*2 + sw[i+4];
int col = sw[i+3]*8 + sw[i+2]*4 + sw[i+1]*2 + sw[i];
byte val = S_Box[row][col];
for(int j=0; j<8; ++j)
temp[i+j] = val[j];
}
return temp;
}
/**
* Key Extension Function - Extended 128-bit key to w[4*(Nr+1)]
*/
void KeyExpansion(byte key[4*Nk], word w[4*(Nr+1)])
{
word temp;
int i = 0; 1
9
//The first four of w [] are input key s
while(i < Nk)
{
w[i] = Word(key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]);
++i;
}
i = Nk;
{
temp = w[i-1]; //Record the previous word
if(i % Nk == 0)
w[i] = w[i-Nk] ^ SubWord(RotWord(temp)) ^ Rcon[i/Nk-1];
else
w[i] = w[i-Nk] ^ temp;
++i;
}
}
int main()
{
word w[4*(Nr+1)];
KeyExpansion(key, w);
//Testing
for(int i=0; i<4*(Nr+1); ++i)
cout << "w[" << dec << i << "] = " << hex << w[i].to_ulong() << endl;
return 0;
}
2
0
Experiment No. 5
import java.util.*;
class DiffieHellman {
public static void main(String args[])
{
Scanner sc=new Scanner(System.in);
System.out.println("Enter the value of modulo(p)");
int p=sc.nextInt();
System.out.println("Enter the root of "+p);
int g=sc.nextInt();
System.out.println("select 1st secret no of Alice");
int a=sc.nextInt();
System.out.println("select 2nd secret no of Bob");
int b=sc.nextInt();
int A = (int)Math.pow(g,a)%p;
int B = (int)Math.pow(g,b)%p;
int S_A = (int)Math.pow(B,a)%p;
int S_B =(int)Math.pow(A,b)%p;
if(S_A==S_B) {
System.out.println("They shared a secret key is = "+S_A); }
else { System.out.println("Alice and Bob cannot exchange information with each other");
}
}
}
OUTPUT
enter the value of modulo(p)
23
enter the root of 7
9
select 1st secret no of Alice
4
select 2nd secret no of Bob
3
They shared a secret key is =9.
2
Experiment No. 6 1
Aim: - Write a program to generate SHA-1 hash.
// Java program to calculate SHA-1 hash value
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
// Driver code
public static void main(String args[]) throws
NoSuchAlgorithmException
{
2
3
Experiment No. 7
package java_cryptography;
// Imports
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.Scanner;
import javax.xml.bind.DatatypeConverter;
// Signing Algorithm
private static final String
SIGNING_ALGORITHM
= "SHA256withRSA";
private static final String RSA = "RSA";
private static Scanner sc;
{
SecureRandom secureRandom
= new SecureRandom();
KeyPairGenerator keyPairGenerator
= KeyPairGenerator
.getInstance(RSA);
keyPairGenerator
.initialize(
2048, secureRandom);
return keyPairGenerator
.generateKeyPair();
}
// Driver Code 2
public static void main(String args[]) 5
throws Exception
{
String input
= "GEEKSFORGEEKS IS A"
+ " COMPUTER SCIENCE PORTAL";
KeyPair keyPair
= Generate_RSA_KeyPair();
// Function Call
byte[] signature
= Create_Digital_Signature(
input.getBytes(),
keyPair.getPrivate());
System.out.println(
"Signature Value:\n "
+ DatatypeConverter
.printHexBinary(signature));
System.out.println(
"Verification: "
+ Verify_Digital_Signature(
input.getBytes(),
signature, keyPair.getPublic()));
}
}
2
6
Experiment No. 8
several reasons such as loss of private key, compromise key or the lifetime of the
certificate is terminated, etc. If any one of these situations happened; the entity who issued
the certificate should be requested to invalidated (revoke) the certificate of public key.
There are multiple revocation mechanisms to revoke the certificate and to allow the user to
be able to check the validity of the certificate (the certificate still valid or has been
revoked). All revocations mechanism needs to be timely and efficient. One of the
revocation mechanism is CRL (Certificate Revocation List) which is a list contains
certificate the have been revoked and signed digitally by the entity who had issued those
certificates previously .
• Registration Authority (RA): is used to submit all the requests to the CA and authenticates
all the users identities and registers the end user’s information before certification. The
services given by RA can be accessible through two ways:
1) Logging the administrator through the browser to the system.
2) Calling the web services interface through the application system.
RA has only one super administrator which can access all the functions provided by RA
where this super administrator can add more administrators if needed. Every administrator
who wants managing the system must use its own smart card to prevent unauthenticated
people from making any operations to the registration authority (RA) .
• Distribution System and Certificate Repository: are used to provide storing mechanism,
they store the certifications and CRL information . The complexity of PKI can be hidden
from client system by adding one more component which is Validation Authority (VA)
which responds to the client requests for certificates.
2
8
Figure 1. Taxonomy of the survey
Figure 2. PKI’s components.
2
9
revocation status and doing the accessibility valuation of certificates on the behalf of the client
system . The protocol operations of the PKI and actors are shown in Figure 3 where the protocol
operations indicated
by numbers. The protocol operations of the PKI in the figure above are:
• Certificate generation and Key: Registration Authority establishes the key holder identity and
passes his/her information with the public key for certification to the CA. Then the CA or the
owner of key can generate the key pair, where the most important point is the safe transportation
of the private key to the holder of key. A typical lifetime is one year for a certificate after which a
new certificate is issued.
• Revocation list generation: Making a list of all non-expired or revoked certificates where the CA
signed these lists then sent them either to the VA or sent them immediately to the relying parties
where there is no need for online status provider to doing the validation. The revocation lists
generation interval is four hours.
• Signature generation: The holder of key making signs for a message including his/her public key
certificate with the signature data. The frequency was chosen of the signed messages is 300
messages per day for every active user where this number has been chosen for the purpose of the
forthcoming calculations.
• Certificate validation: The status of revocation of the signer’s certificate must be checked by the
relying party where it can be done either by checking the revocation list that most recently
available or by querying the VA. The frequency of the operations that belongs to the validation is
the aggregate frequency of the received messages—among all users—by the relying party .
4. Well Known PKIs
Taking trust as a classification scheme, PKIs can be distributed into several trust models. Some PKIs
relies on the trust of a single authority “CA” and some other relies on the trust of users between each
other. In this section, two of the most common models are to be discussed.
3
3
Experiment No. 9
Aim: - Study and use the Web Security for the various network.
1. INTRODUCTION
Nowadays, due to the boom in the usage of internet by people one of the most important aspects of
networks is their security. Network security in today’s world plays very important role there are many
researches going on this domain by various people to provide more better security to the existing
network. The network security and firewalls are two words which seem to be closely related to each
other as we are aware of the fact that firewall provides security to network in organization efficiently.
The need of firewall is not required to great extent if the network is only intranet based from network
security point of view in comparison to the scenario where all the users are connecting with internet
which acts as a medium from where the traffic (data) travel from outside to inside and vice-versa, in
such case firewall are the first line of defense required at large because the surveillance of attackers
increase and hence its mandatory to secure users data as well as to protect unauthorized user cum data
to enter in network. In1980s emerged the concept of Firewall technology. The basic function of
firewall is to provide access control between networks and to mediate connection requests based on
predefined set of rules or policies of packet filters.
Firewalls generally comprise of some form of inspection engine that analyzes IP, TCP, and UDP
packet headers and (possibly) packet application data against a “rule base”. Due to large number of
threats of network attacks, firewalls have become more important elements for defense than ever for
any kind of network. Firewalls have been ideally designed for filtering out unwanted network traffic
coming from or going to the secured network. The filtering decision is based on the firewall policy [1]
which is a set of ordered filtering rules defined according to predefined security policy requirements.
The sequence of rules plays very important role in the firewall policy because matching will take place
on the basis of first-match semantics where the firewall will take decision for accepting or rejecting a
on the basis of the first rule that the packet matches. A firewall [6] is generally placed at the entry point
between a private network and the outside Internet so that it can check all incoming and outgoing
packets and decide whether to accept or discard a packet based on its policy. Firewall allows traffic
with desired IP addresses and ports to pass through it, but it cannot identify whether the traffic is
normal or Malicious one. Firewall no doubt has certain
3
4
Start
Apply Rules
Match?
? (no)Discard
(yes)Accept
3
6
Client
Response Request
Internal Interface
Proxy
External Interface
Response Request
Server
B) IP Spoofing
The Process of manipulation of IP source address data in packets to achieve a match with a ruleset or
packet filter configured on a firewall or access control device is known as IP Spoofing.If an attacker is
able to spoof a source address associated with a “trusted” host, the attacker may be able to penetrate the
firewall and enable the passing of packets to the target host.
C) Denial-of-Service
Firewalls and access control devices can be equally as vulnerable to application- or network-based
denial-of- service as other devices, applications, and OS. If a firewall does not implement adequate
resource safeguards, an attacker may be able to flood a target firewall with connection requests in an
attempt to circumvent the firewall and operating systems TCP SYN Flood Attack Protection
Mechanism: TCP SYN Flood Protection and connection rate limiters
D) Tiny Fragment Attack
TCP services are targeted by “Tiny Fragment” attack and they make use of IP packet fragmentation
functionality to create small fragments that will force some of the TCP header information into a
3
separate fragment. Such kind of attack can be used to bypass certain types of packet filtering devices
7
where the device is unable to handle this type of exception.
Table.1. Different Firewalls
3
8
Distributed IDSs collect information from multiple host and the network that connects the hosts. They
are Capable of detecting attacks that involves multiple hosts.Network-Based IDSs make use of
network traffic as the source of information, trying to reduce the burden of normal computing services
provided by the hosts that .They are used to determine attacks from network.There are two basic types
of IDS techniques, which are signature-based and anomaly based.
2.1) Signature based IDS (Misuse Detection)
On the basis of known list of attack signatures it detects malicious network packets. Database contains
known list for latter comparison in real time mode. Advantage: It is very effective against known
signatures of attacks Disadvantage lacks in detecting unknown attacks.
2.2) Anomaly based IDS
System profile is used to detect any anomaly in the data packets. Initially, system is trained with a
normal expected traffic and a profile is built with normal system behavior. Later on the trained profile
is used to detect anomalous activities. Advantage it is more effective against unknown attacks.
Disadvantage: it has a high false positive rate.
2.3) Hybrid based approach
To block the malicious network packets this approach combines the signature-based IDS and anomaly -
based IDS techniques. The strengths of both the techniques are combined to overcome their drawbacks.
Table.2.IDS Techniques
4.2. Denial-of-Service
IDS can be affected by denial-of-service attack which can flood IDS with port probes or connection
requests.
4.3. Packet Fragmentation and “Session Splicing.”
IDS systems that are not able to perform appropriate packet reassembly may be vulnerable to attacks
that fragment packets in a manner that splices an attack signature over multiple packets Packet
fragmentation attacks against IDS involve using some of the packet fragmentation techniques to evade
an IDS.
4.4. Port Scan Evasion
An attacker may be able to evade an IDS by slowing port scans over an extended time period, while
conducting a portscan of a system or network. Attacker can circumvent an IDS by coordinating a scan
among multiple machines or utilizing scan decoy or proxy bounce scanning options.
4.5. TCP Session Synchronization Attacks.
Some IDS evasion tactics involve “desynchronizing” the TCP session that is being monitored to
confuse the IDS, and undermine its ability to maintain a sense of session “state.
4.6. Web Evasion Techniques.
Certain tools have the ability to bypass IDS systems by employing various forms of HTTP evasion
techniques.Such as premature request ending, Parameter hiding, Misformatting, Long URLs.
• Intrusion Detection and Prevention System (IDPS):
IDS have ability to detect attack and generate alert but it cannot block the attack on its own. This
limitation of IDS is overcome by Intrusion detection and prevention systems IDPS [5] which not only
detects the attack, but also stops it from entering into the network or system. IDPS works as network
based IDS (NIDPS) and host based IDS (HIDPS).
4
0
Parameter Anomaly Signature Hybrid
4
1
5.1. Network intrusion detection and prevention system (NIDPS)
It works at point from where it can monitor the traffic and block the malicious traffic on basis of
either signature or anomaly methods.
Host Based IDS detect security violations from abnormal patterns of system usage. Security violations
include attempted break-in, masquerading or successful breaking, penetration by legitimate user and
etc. Abnormal activity in a host is detected by HIDPS by monitoring the logs such as Kernel logs and
application logs. Insider attacks happening in a host are also handled by HIDPS.
4
2
Experiment No. 10
Aim: - Study and use the System Security for the various network.
Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity
of the OS.
A system is said to be secure if its resources are used and accessed as intended under all the
circumstances, but no system can guarantee absolute security from several of the various malicious
threats and unauthorized access.
Security of a system can be threatened via two violations:
Threat: A program which has the potential to cause serious damage to the system.
Attack: An attempt to break security and make unauthorized use of an asset.
Security violations affecting the system can be categorized as malicious and accidental. Malicious
threats, as the name suggests are a kind of harmful computer code or web script designed to create
system vulnerabilities leading to back doors and security breaches. Accidental Threats, on the other
hand, are comparatively easier to be protected against. Example: Denial of Service DDoS attack.
Security can be compromised via any of the breaches mentioned:
Breach of confidentiality: This type of violation involves the unauthorized reading of data.
Breach of integrity: This violation involves unauthorized modification of data.
Breach of availability: It involves an unauthorized destruction of data.
Theft of service: It involves an unauthorized use of resources.
Denial of service: It involves preventing legitimate use of the system. As mentioned before,
such attacks can be accidental in nature.
Security System Goals –
Henceforth, based on the above breaches, the following security goals are aimed:
1. Integrity:
The objects in the system mustn’t be accessed by any unauthorized user & any user not having
sufficient rights should not be allowed to modify the important system files and resources.
2. Secrecy:
The objects of the system must be accessible only to a limited number of authorized users. Not
everyone should be able to view the system files.
3. Availability:
All the resources of the system must be accessible to all the authorized users i.e only one
user/process should not have the right to hog all the system resources. If such kind of situation
occurs, denial of service could happen. In this kind of situation, a malware might hog the
resources for itself & thus preventing the legitimate processes from accessing the system
resources.
4
3
1. Program Threats:
A program written by a cracker to hijack the security or to change the behaviour of a normal
process.
2. System Threats:
These threats involve the abuse of system services. They strive to create a situation in which
operating-system resources and user files are misused. They are also used as a medium to launch
program threats.
1. Virus:
An infamous threat, known most widely. It is a self-replicating and a malicious thread which
attaches itself to a system file and then rapidly replicates itself, modifying and destroying
essential files leading to a system breakdown.
Further, Types of computer viruses can be described briefly as follows:
– file/parasitic – appends itself to a file
– boot/memory – infects the boot sector
– macro – written in a high-level language like VB and affects MS Office files
– source code – searches and modifies source codes
– polymorphic – changes in copying each time
– encrypted – encrypted virus + decrypting code
– stealth – avoids detection by modifying parts of the system that can be used to detect it, like the
read system
call
– tunneling – installs itself in the interrupt service routines and device drivers
– multipartite – infects multiple parts of the system
2. Trojan Horse:
A code segment that misuses its environment is called a Trojan Horse. They seem to be attractive
and harmless cover program but are a really harmful hidden program which can be used as the
virus carrier. In one of the versions of Trojan, User is fooled to enter its confidential login details
on an application. Those details are stolen by a login emulator and can be further used as a way of
information breaches.
Another variance is Spyware, Spyware accompanies a program that the user has chosen to install
and downloads ads to display on the user’s system, thereby creating pop-up browser windows and
when certain sites are visited by the user, it captures essential information and sends it over to the
remote server. Such attacks are also known as Covert Channels.
3. Trap Door:
The designer of a program or system might leave a hole in the software that only he is capable of
using, the Trap Door works on the similar principles. Trap Doors are quite difficult to detect as to
analyze them, one needs to go through the source code of all the components of the system.
4. Logic Bomb:
5.
A program that initiates a security attack only under a specific situation. 4
4
Types of System Threats –
Aside from the program threats, various system threats are also endangering the security of our
system:
1. Worm:
An infection program which spreads through networks. Unlike a virus, they target mainly LANs.
A computer affected by a worm attacks the target system and writes a small program “hook” on
it. This hook is further used to copy the worm to the target computer. This process repeats
recursively, and soon enough all the systems of the LAN are affected. It uses the spawn
mechanism to duplicate itself. The worm spawns copies of itself, using up a majority of system
resources and also locking out all other processes.
The basic functionality of a the worm can be represented as:
2. Port Scanning:
It is a means by which the cracker identifies the vulnerabilities of the system to attack. It is an
automated process which involves creating a TCP/IP connection to a specific port. To protect the
identity of the attacker, port scanning attacks are launched from Zombie Systems, that is systems
which were previously independent systems that are also serving their owners while being used
for such notorious purposes.
3. Denial of Service:
Such attacks aren’t aimed for the purpose of collecting information or destroying system files.
4
5
Rather, they are used for disrupting the legitimate use of a system or facility.
These attacks are generally network based. They fall into two categories:
– Attacks in this first category use so many system resources that no useful work can be
performed.
For example, downloading a file from a website that proceeds to use all available CPU time.
– Attacks in the second category involves disrupting the network of the facility. These attacks are
a result of the abuse of some fundamental TCP/IP principles.
fundamental functionality of TCP/IP.
Security Measures Taken –
To protect the system, Security measures can be taken at the following levels:
Physical:
The sites containing computer systems must be physically secured against armed and malicious
intruders. The workstations must be carefully protected.
Human:
Only appropriate users must have the authorization to access the system. Phishing(collecting
confidential information) and Dumpster Diving(collecting basic information so as to gain
unauthorized access) must be avoided.
Operating system:
The system must protect itself from accidental or purposeful security breaches.
Networking System:
Almost all of the information is shared between different systems via a network. Intercepting
these data could be just as harmful as breaking into a computer. Henceforth, Network should be
properly secured against such attacks.
Usually, Anti Malware programs are used to periodically detect and remove such viruses and threats.
4
6
4
7