SAGAR INSTITUTE OF RESEARCH AND TECHNOLOGY,

BHOPAL

Department of Computer Science & Information Technology

Lab File

(IT-801 /Information Security)

VIII SEM/ IV YEAR
SESSION: JAN-JUN 2024

Submitted by
Name:-
Enrollment no:-
 LIST OF EXPERIMENTS

EXP GRAD
NO. EXPERIMENT NAME CO
E/SIGN

01 Study and use of Symmetric Cipher Model. CO-01

02 Implement Transposition Techniques encryption-decryption. CO-01

03 Implement Hill cipher encryption-decryption. CO-02

04 To implement Simple DES or AES. CO-02

05 Implement Diffie -Hellmen Key exchange Method. CO-03
06 Write a program to generate SHA-1 hash. CO-03

07 Implement a digital signature algorithm. CO-03

08 Study and use the Public key infrastructure CO-04

09 Study and use the Web Security for the various network protocols. CO-04
Study and use the System Security for the various network
10 CO-05
protocols.
 Experiment No. 1

Aim: - Study and use of Symmetric Cipher Model.

INTRODUCTION
During this time when the Internet provides essential communication between tens of
millions of people and is being increasingly used as a tool for commerce, security
becomes a tremendously important issue to deal with. There are many aspects to
security and many applications, ranging from secure commerce and payments to private
communications and protecting passwords.One essential aspect for secure
communications is that of Cryptography. The concept of securing messages through
cryptography has a long history. Indeed, Julius Caesar is credited with creating one of
the earliest cryptographic systems to send military messages to his generals.
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure
networks (like the Internet) so that it cannot be read by anyone except the intended
recipient. While cryptography is the science of securing data, cryptanalysis is the
science of analyzing and breaking secure communication. Classical cryptanalysis
involves an interesting combination of analytical reasoning, application of
mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are
also called attackers. Cryptology embraces both cryptography and cryptanalysis.
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption
and decryption process. A cryptographic algorithm works in combination with a key—a
3
word, number, or phrase—to encrypt the plaintext. The same plaintext encrypts to
different ciphertext with different keys. The security of encrypted data is entirely
dependent on two things: the strength of the cryptographic algorithm and the secrecy of
the key. A cryptographic algorithm, plus all possible keys and all the protocols that
make it work comprise a cryptosystem. "Cryptography" derives from the Greek word
kruptos, meaning "hidden". The key to hiding data is to devise a hiding (encryption)
mechanism that is very difficult to reverse (i.e., to find the original data) without using
the decryption key.
Usually, the harder it is to discover the key, the more secure the mechanism. In
symmetric (also called "secret-key" and, unfortunately, "private key") encryption, the
same key (or another key fairly easily computed from the first) is used for both
encryption and decryption. In asymmetric (also called "public- key") encryption, one
key is used for encryption and another for decryption. A new Symmetric Key
cryptographic algorithm has been proposed in this paper with its advantages and
disadvantages.
CRYPTOGRAPHY
Data that can be read and understood without any special measures is called
plaintext or clear-text. The method of disguising plaintext in such a way as to hide
its substance is called encryption. Encrypting plaintext results in unreadable
gibberish called cipher- text. The process of reverting cipher-text to its original
plaintext is called decryption.

4
In a typical situation where cryptography is used, two parties (X and Y) communicate over an
insecure channel. X and Y want to ensure that their communication remains incomprehensible
by anyone who might be listening. Furthermore, because X and Y are in remote locations, X
must be sure that the information she receives from Y has not been modified by anyone during
transmission. In addition, she must be sure that the information really does originate from Y and
not someone impersonating Y. Cryptography is used to achieve the following goals:
Confidentiality
To ensure data remains private. Confidentiality is usually achieved using encryption. Encryption
algorithms (that use encryption keys) are used to convert plain text into cipher text and the
equivalent decryption algorithm is used to convert the cipher text back to plain text. Symmetric
encryption algorithms use the same key for encryption and decryption, while asymmetric
algorithms use a public/private key pair.

Data integrity
To ensure data is protected from accidental or deliberate (malicious) modification. Integrity is
usually provided by message authentication code or hashes. A hash value is a fixed length
numeric value derived from a sequence of data. Hash values are used to verify the integrity of
data sent through insecure channels. The hash value of received data is compared to the hash
value of the data as it was sent to determine if the data was altered.

Authentication
To assure that data originates from a particular party.Digital certificates are used to provide
authentication. Digital signatures are usually applied to hash values as these are significantly
smaller than the source data that they represent.

TYPES OF CRYPTOGRAPHY
Cryptography is a process which is associated with scrambling plaintext (ordinary text, or
cleartext) into ciphertext (a process called encryption), then back again (known as decryption).
There are several ways to classify the various algorithms. The most common types are i) Secret
Key Cryptography which is also known as Symmetric Key Cryptography and ii) Public Key
Cryptography which is also known as Asymmetric Key Cryptography.

In other words, if the same key is used for encryption and decryption, we call the mechanism as
Symmetric Key Cryptography. However, if two different keys are used in a cryptographic
mechanism, wherein one key is used for encryption, and another, different key is used for
decryption; we call the mechanism as Asymmetric Key Cryptography. This is shown in Figure 1

5
 Cryptographic
Techniques

Symmetric Key Asymmetric Key

Cryptography Cryptography

Figure 1 Cryptography techniques

Secret key cryptography

In secret key cryptography, a single key is used for both encryption and decryption. As shown in
Figure 2, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the
ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover
the plaintext. Because a single key is used for both functions, secret key cryptography is also
called symmetric encryption. With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with
this approach, of course, is the distribution of the key .

Public key cryptography

Public or asymmetric key cryptography involves the use of key pairs: one private key and one
public key. Both are required to encrypt and decrypt a message or transmission. The private key,
not to be confused with the key utilized in private key cryptography, is just that, private. It is not
to be shared with anyone. The owner of the key is responsible for securing it in such a manner
that it will not be lost or compromised.
On the other hand, the public key is just that, public. Public key cryptography intends for public
keys to be accessible to all users. In fact, this is what makes the system strong. If a person can
access anyone public key easily, usually via some form of directory service, then the two parties
can communicate securely and with little effort, i.e. without a prior key distribution
arrangement. Figure 3 describes the Public Key Cryptography .

SYMMETRIC KEY CRYPTOGRAPHY

Secret key cryptography schemes are generally categorized as being either stream ciphers or
block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time, and
implement some form of feedback mechanism so that the key is constantly changing.

6
A block cipher is so-called because the scheme encrypts one block of data at a time using the
same key on each block. In general, the same plaintext block will always encrypt to the same
ciphertext when using the same key in a block cipher whereas the same plaintext will encrypt to
different ciphertext in a stream cipher .Stream ciphers come in several flavors but two are worth
mentioning here. Self-synchronizing stream ciphers calculate each bit in the keystream as a
function of the previous n bits in the keystream. It is termed "self-synchronizing" because the
decryption process can stay synchronized with the encryption process merely by knowing how
far into the n-bit keystream it is. Synchronous stream ciphers generate the keystream in a
fashion independent of the message stream but by using the same keystream generation function
at sender and receiver.
While stream ciphers do not propagate transmission errors, they are, by their nature, periodic so
that the keystream will eventually repeat.

Block ciphers can operate in one of several modes; the following four are the most important:
Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB) mode and
Output Feedback (OFB) . The most common secret-key cryptography scheme used today is the
Data Encryption Standard (DES), designed by IBM in the 1970s and adopted by the National
Bureau of Standards (NBS) [now the National Institute for Standards and Technology (NIST)]
in 1977 for commercial and unclassified government applications. DES has been adopted as
Federal Information Processing Standard 46 (FIPS 46- 3) and by the American National
Standards Institute as X3.92). DES is a block- cipher employing a 56-bit key that operates on
64-bit blocks .

There are a number of other secret-key cryptography algorithms that are also
in use today like CAST-128 (block cipher), RC2(block cipher) RC4 (stream
cipher), RC5 (block cipher), Blowfish (block cipher), Two fish (block cipher).
In 1997, NIST initiated a process to develop a new secure cryptosystem for
U.S. government applications. The result, the Advanced Encryption Standard
(AES), became the official successor to DES in December 2001.

7
 0 0 1 0 1 0 1 0

Step 4: After reversing the number it would be 01010100 i.e. ASCII 84 in decimal i.e. “T” as
character which was the original text
CONCLUSION
Cryptography is used to achieve few goals like Confidentiality, Data integrity, Authentication
etc. of the send data
Now, in order to achieve these goals various cryptographic algorithms are developed by various
people. For a very minimal amount of data those algorithms wouldn’t be cost effective since
those are not designed for small amount of data. The aim of this work was to design and
implement a new algorithm to address this issue so that we don’t have to apply those algorithms
(which are not cost-effective) to encrypt a small amount of data. Keeping this goal in mind the
proposed algorithm has been designed in a quite simple manner but of-course not sacrificing the
security issues. A single is used for both encryption and decryption i.e. it is fallen under secret
key cryptographic algorithm. But as public key cryptography is more secured then secret key
cryptography our next task would be to develop and design a public key cryptographic algorithm
in a simple manner as it is done in this paper.

8
 Experiment No. 2

Aim: - Implement Transposition Techniques encryption-decryption.

In a transposition cipher, the order of the alphabets is re-arranged to obtain the cipher-text.
1. The message is written out in rows of a fixed length, and then read out again column by
column, and the columns are chosen in some scrambled order.
2. Width of the rows and the permutation of the columns are usually defined by a keyword.
3. For example, the word HACK is of length 4 (so the rows are of length 4), and the
permutation is defined by the alphabetical order of the letters in the keyword. In this case, the
order would be “3 1 2 4”.

// CPP program for illustrating

// Columnar Transposition Cipher
#include<bits/stdc++.h>
using namespace std;

// Key for Columnar Transposition

string const key = "HACK";
map<int,int> keyMap;

void setPermutationOrder()
{
// Add the permutation order into map
for(int i=0; i < key.length(); i++)
{
keyMap[key[i]] = i;
}
}

// Encryption
string encryptMessage(string msg)
{
int row,col,j;
string cipher = "";

/* calculate column of the matrix*/

col = key.length();

/* calculate Maximum row of the matrix*/

row = msg.length()/col;

if (msg.length() % col)
row += 1;

char matrix[row][col];
9
for (int i=0,k=0; i < row; i++)
{
 for (int j=0; j<col; )

if(msg[k] == '\0')
{
/* Adding the padding character '_' */
matrix[i][j] = '_';
j++;
}

if( isalpha(msg[k]) || msg[k]==' ')

{
/* Adding only space and alphabet into matrix*/
matrix[i][j] = msg[k];
j++;
}
k++;
}
}

for (map<int,int>::iterator ii = keyMap.begin(); ii!=keyMap.end(); ++ii)

{
j=ii->second;

// getting cipher text from matrix column wise using permuted key
for (int i=0; i<row; i++)
{
if( isalpha(matrix[i][j]) || matrix[i][j]==' ' || matrix[i][j]=='_')
cipher += matrix[i][j];
}
}

return cipher;
}

// Decryption
string decryptMessage(string cipher)
{
/* calculate row and column for cipher Matrix */
int col = key.length();

int row = cipher.length()/col;

char cipherMat[row][col];

/* add character into matrix column wise */

for (int j=0,k=0; j<col; j++) 1
0
for (int i=0; i<row; i++)
 cipherMat[i][j] = cipher[k++];

/* update the order of key for decryption */

int index = 0;
for( map<int,int>::iterator ii=keyMap.begin(); ii!=keyMap.end(); ++ii)
ii->second = index++;

/* Arrange the matrix column wise according

to permutation order by adding into new matrix */
char decCipher[row][col];
map<int,int>::iterator ii=keyMap.begin();
int k = 0;
for (int l=0,j; key[l]!='\0'; k++)
{
j = keyMap[key[l++]];
for (int i=0; i<row; i++)
{
decCipher[i][k]=cipherMat[i][j];
}
}

/* getting Message using matrix */

string msg = "";
for (int i=0; i<row; i++)
{
for(int j=0; j<col; j++)
{
if(decCipher[i][j] != '_')
msg += decCipher[i][j];
}
}
return msg;
}

// Driver Program
int main(void)
{
/* message */
string msg = "Geeks for Geeks";

setPermutationOrder();

// Calling encryption function

string cipher = encryptMessage(msg);
cout << "Encrypted Message: " << cipher << endl;

// Calling Decryption function

cout << "Decrypted Message: " << decryptMessage(cipher) << endl;

return 0; 1
1
}
 Experiment No. 3

Aim: - Implement Hill cipher encryption-decryption.

Encryption

#include<stdio.h>
#include<math.h>

float encrypt, decrypt, a, b, mes, c;

void encryption(); //encrypts the message

void decryption(); //decrypts the message
void getKeyMessage(); //gets key and message from user
void inverse(); //finds inverse of key matrix

void main() {
getKeyMessage();
encryption();
decryption();
}

void encryption() {
int i, j, k;
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
encrypt[i][j] = encrypt[i][j] + a[i][k] * mes[k][j];
printf("\nEncrypted string is: ");
for(i = 0; i < 3; i++)
printf("%c", (char)(fmod(encrypt[i][0], 26) + 97));

void decryption() {
int i, j, k;
inverse();
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
decrypt[i][j] = decrypt[i][j] + b[i][k] * encrypt[k][j];
printf("\nDecrypted string is: ");
for(i = 0; i < 3; i++)
printf("%c", (char)(fmod(decrypt[i][0], 26) + 97));
printf("\n");
}

void getKeyMessage() {
int i, j;
char msg; 1
2
printf("Enter 3x3 matrix for key (It should be inversible):\n");

for(i = 0; i < 3; i++)

for(j = 0; j < 3; j++) {
scanf("%f", &a[i][j]);
c[i][j] = a[i][j];
}
printf("\nEnter a 3 letter string: ");
scanf("%s", msg);
for(i = 0; i < 3; i++)
mes[i][0] = msg[i] - 97;
}

void inverse() {
int i, j, k;
float p, q;
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++) {
if(i == j)
b[i][j]=1;
else
b[i][j]=0;
}
for(k = 0; k < 3; k++) {
for(i = 0; i < 3; i++) {
p = c[i][k];
q = c[k][k];
for(j = 0; j < 3; j++) {
if(i != k) {
c[i][j] = c[i][j]*q - p*c[k][j];
b[i][j] = b[i][j]*q - p*b[k][j];
}
}
}
}
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++)
b[i][j] = b[i][j] / c[i][i];
printf("\n\nInverse Matrix is:\n");
for(i = 0; i < 3; i++) {
for(j = 0; j < 3; j++)
printf("%d ", b[i][j]);
printf("\n");
}
}
Decryption
#include<iostream>
#include<math.h>
1
using namespace std; 3
float encrypt, decrypt, a, b, mes, c;

void encryption(); //encrypts the message

void decryption(); //decrypts the message
void getKeyMessage(); //gets key and message from user
void inverse(); //finds inverse of key matrix

int main() {
getKeyMessage();
encryption();
decryption();
}

void encryption() {
int i, j, k;
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
encrypt[i][j] = encrypt[i][j] + a[i][k] * mes[k][j];
cout<<"\nEncrypted string is: ";
for(i = 0; i < 3; i++)
cout<<(char)(fmod(encrypt[i][0], 26) + 97);
}

void decryption() {
int i, j, k;
inverse();
for(i = 0; i < 3; i++)
for(j = 0; j < 1; j++)
for(k = 0; k < 3; k++)
decrypt[i][j] = decrypt[i][j] + b[i][k] * encrypt[k][j];
cout<<"\nDecrypted string is: ";
for(i = 0; i < 3; i++)
cout<<(char)(fmod(decrypt[i][0], 26) + 97);
cout<<"\n";
}

void getKeyMessage() {
int i, j;
char msg;

cout<<"Enter 3x3 matrix for key (It should be inversible):\n";

for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++) {
cin>>a[i][j];
c[i][j] = a[i][j];
}
cout<<"\nEnter a 3 letter string: ";
cin>>msg; 1
4
for(i = 0; i < 3; i++)
mes[i][0] = msg[i] - 97;
}

void inverse() {
int i, j, k;
float p, q;
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++) {
if(i == j)
b[i][j]=1;
else
b[i][j]=0;
}
for(k = 0; k < 3; k++) {
for(i = 0; i < 3; i++) {
p = c[i][k];
q = c[k][k];
for(j = 0; j < 3; j++) {
if(i != k) {
c[i][j] = c[i][j]*q - p*c[k][j];
b[i][j] = b[i][j]*q - p*b[k][j];
}
}
}
}
for(i = 0; i < 3; i++)
for(j = 0; j < 3; j++)
b[i][j] = b[i][j] / c[i][i];
cout<<"\n\nInverse Matrix is:\n";
for(i = 0; i < 3; i++) {
for(j = 0; j < 3; j++)
cout<<b[i][j]<<" ";
cout<<"\n";
}
}

1
5
 Experiment No. 4

Aim: - To implement Simple DES or AES.

#include<stdio.h>

int main()
{
int array_a1[30], array_a2[30], array_a3[30], array_a4[30], array_a5[30], array_a6[30],
array_a7[30], array_a8[30];
int div, count, j, key, m, plaintext, temp, dec = 0;
printf("\nEnter a Plain-Text value:\t");
scanf("%d", &plaintext);
printf("\nEnter the Key:\t");
scanf("%d", &key);
printf("\nEnter the Bit-Stream\n");
for(count = 0; count < plaintext; count++)
{
scanf("%d", &array_a1[count]);
}
div = plaintext / 2;
temp = div - key;
for(count = 0; count <= temp; count++)
{
array_a3[count] = 0;
dec++;
}
dec = dec - 1;
printf("Enter the Key Bit Stream\n");
for(count = 0; count < key; count++)
{
scanf("%d", &array_a3[dec++]);
}
for(count = 0; count < 2; count++)
{
printf("%d", array_a8[count]);
}
printf("Left Hand\n");
for(count = 0; count < div; count++)
{
array_a5[count] = array_a1[count];
printf("%d", array_a1[count]);
}
printf("Right Hand\n");
for(count = div; count < plaintext; count++)
{
array_a2[count] = array_a1[count];
printf("%d", array_a1[count]);
}
for(j = 0, m = div; j < dec, m < plaintext; j++, m++) 1
6
{
 if(array_a2[m] == 1 && array_a3[j] == 1)

array_a6[j] = 0;
}
else if(array_a2[m] == 1 && array_a3[j] == 0)
{
array_a6[j] = m;
}
else
{
array_a6[j] = 0;
}
}
printf("\nFirst XOR\n");
for(count = 0; count < div; count++)
{
printf("%d", array_a6[count]);
}
for(j = 0, m = 0; j < div, j++; j++, m++)
{
if(array_a5[m] = 1 && array_a6[j] == 1)
{
array_a4[j] = 0;
}
else if(array_a5[m] = 1 && array_a6[j] == 0)
{
array_a4[j] = m;
}
else if(array_a5[m] == 0 && array_a6[j] == 1)
{
array_a4[j] = 0;
}
}
printf("\nSecond XOR\n");
for(count = 0; count < div; count++)
{
printf("%d", array_a4[j]);
}
return 0;
}
#include <iostream>
#include <bitset>
using namespace std;
typedef bitset<8> byte;
typedef bitset<32> word;
1
7
const int Nr = 10; //AES-128 requires 10 rounds of encryption
const int Nk = 4; //Nk Represents the number of word s that are input keys

byte S_Box = {
{0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0
xAB, 0x76},

{0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0
x72, 0xC0},
{0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0
x31, 0x15},
{0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0x
B2, 0x75},
{0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3,
0x2F, 0x84},
{0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C,
0x58, 0xCF},
{0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0
x9F, 0xA8},
{0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0
xF3, 0xD2},
{0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D,
0x19, 0x73},
{0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0
x0B, 0xDB},
{0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0
xE4, 0x79},
{0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A,
0xAE, 0x08},
{0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD,
0x8B, 0x8A},
{0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x
1D, 0x9E},
{0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x
28, 0xDF},
{0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0
xBB, 0x16}
};

//Round constant, used in key expansion. (AES-128 only takes 10 rounds)

word Rcon = {0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000,
0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000};

/**
* Convert four byte s to one word.
*/
word Word(byte& k1, byte& k2, byte& k3, byte& k4)
{
word result(0x00000000);
word temp;
temp = k1.to_ulong(); // K1 1
8
temp <<= 24;
 result |= temp;
temp = k2.to_ulong(); // K2
temp <<= 16;
result |= temp;
temp = k3.to_ulong(); // K3
temp <<= 8;

result |= temp;
temp = k4.to_ulong(); // K4
result |= temp;
return result;
}

/**
* Cyclic left shift by byte
* That is to say, [a0, a1, a2, a3] becomes [a1, a2, a3, a0]
*/

word RotWord(word& rw)

{
word high = rw << 8;
word low = rw >> 24;
return high | low;
}

/**
* S-box transformation for each byte in input word
*/
word SubWord(word& sw)
{
word temp;
for(int i=0; i<32; i+=8)
{
int row = sw[i+7]*8 + sw[i+6]*4 + sw[i+5]*2 + sw[i+4];
int col = sw[i+3]*8 + sw[i+2]*4 + sw[i+1]*2 + sw[i];
byte val = S_Box[row][col];
for(int j=0; j<8; ++j)
temp[i+j] = val[j];
}
return temp;
}

/**
* Key Extension Function - Extended 128-bit key to w[4*(Nr+1)]
*/
void KeyExpansion(byte key[4*Nk], word w[4*(Nr+1)])
{
word temp;
int i = 0; 1
9
//The first four of w [] are input key s
 while(i < Nk)
{
w[i] = Word(key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]);
++i;
}

i = Nk;

while(i < 4*(Nr+1))

{
temp = w[i-1]; //Record the previous word
if(i % Nk == 0)
w[i] = w[i-Nk] ^ SubWord(RotWord(temp)) ^ Rcon[i/Nk-1];
else
w[i] = w[i-Nk] ^ temp;
++i;
}
}

int main()
{

byte key = {0x2b, 0x7e, 0x15, 0x16,

0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c};

word w[4*(Nr+1)];

cout << "KEY IS: ";

for(int i=0; i<16; ++i)
cout << hex << key[i].to_ulong() << " ";
cout << endl;

KeyExpansion(key, w);
//Testing
for(int i=0; i<4*(Nr+1); ++i)
cout << "w[" << dec << i << "] = " << hex << w[i].to_ulong() << endl;

return 0;
}

2
0
 Experiment No. 5

Aim: - Implement Diffie-Hellmen Key exchange Method.

import java.util.*;
class DiffieHellman {
public static void main(String args[])
{
Scanner sc=new Scanner(System.in);
System.out.println("Enter the value of modulo(p)");
int p=sc.nextInt();
System.out.println("Enter the root of "+p);
int g=sc.nextInt();
System.out.println("select 1st secret no of Alice");
int a=sc.nextInt();
System.out.println("select 2nd secret no of Bob");
int b=sc.nextInt();
int A = (int)Math.pow(g,a)%p;
int B = (int)Math.pow(g,b)%p;
int S_A = (int)Math.pow(B,a)%p;
int S_B =(int)Math.pow(A,b)%p;
if(S_A==S_B) {
System.out.println("They shared a secret key is = "+S_A); }
else { System.out.println("Alice and Bob cannot exchange information with each other");
}
}
}

OUTPUT
enter the value of modulo(p)
23
enter the root of 7
9
select 1st secret no of Alice
4
select 2nd secret no of Bob
3
They shared a secret key is =9.

2
Experiment No. 6 1
 Aim: - Write a program to generate SHA-1 hash.
// Java program to calculate SHA-1 hash value

import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class GFG {

public static String encryptThisString(String input)
{
try {
// getInstance() method is called with algorithm SHA-1
MessageDigest md = MessageDigest.getInstance("SHA-1");

// digest() method is called

// to calculate message digest of the input string
// returned as array of byte
byte[] messageDigest = md.digest(input.getBytes());

// Convert byte array into signum representation

BigInteger no = new BigInteger(1, messageDigest);

// Convert message digest into hex value

String hashtext = no.toString(16);

// Add preceding 0s to make it 32 bit

while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}

// return the HashText

return hashtext;
}

// For specifying wrong message digest algorithms

catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}

// Driver code
public static void main(String args[]) throws

NoSuchAlgorithmException
{

System.out.println("HashCode Generated by SHA-1 for: ");

2
2
String s1 = "GeeksForGeeks";
System.out.println("\n" + s1 + " : " + encryptThisString(s1));

String s2 = "hello world";

System.out.println("\n" + s2 + " : " + encryptThisString(s2));
}
}

2
3
 Experiment No. 7

Aim: - Implement a digital signature algorithm.

// Java implementation for Generating
// and verifying the digital signature

package java_cryptography;

// Imports
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.Scanner;

import javax.xml.bind.DatatypeConverter;

public class Digital_Signature_GeeksforGeeks {

// Signing Algorithm
private static final String
SIGNING_ALGORITHM
= "SHA256withRSA";
private static final String RSA = "RSA";
private static Scanner sc;

// Function to implement Digital signature

// using SHA256 and RSA algorithm
// by passing private key.
public static byte[] Create_Digital_Signature(
byte[] input,
PrivateKey Key)
throws Exception
{
Signature signature
= Signature.getInstance(
SIGNING_ALGORITHM);
signature.initSign(Key);
signature.update(input);
return signature.sign();
} 2
4
 // Generating the asymmetric key pair
// using SecureRandom class
// functions and RSA algorithm.
public static KeyPair Generate_RSA_KeyPair()
throws Exception

{
SecureRandom secureRandom
= new SecureRandom();
KeyPairGenerator keyPairGenerator
= KeyPairGenerator
.getInstance(RSA);
keyPairGenerator
.initialize(
2048, secureRandom);
return keyPairGenerator
.generateKeyPair();
}

// Function for Verification of the

// digital signature by using the public key
public static boolean
Verify_Digital_Signature(
byte[] input,
byte[] signatureToVerify,
PublicKey key)
throws Exception
{
Signature signature
= Signature.getInstance(
SIGNING_ALGORITHM);
signature.initVerify(key);
signature.update(input);
return signature
.verify(signatureToVerify);
}

// Driver Code 2
public static void main(String args[]) 5
 throws Exception
{

String input
= "GEEKSFORGEEKS IS A"
+ " COMPUTER SCIENCE PORTAL";

KeyPair keyPair
= Generate_RSA_KeyPair();

// Function Call
byte[] signature
= Create_Digital_Signature(
input.getBytes(),
keyPair.getPrivate());

System.out.println(
"Signature Value:\n "
+ DatatypeConverter
.printHexBinary(signature));

System.out.println(
"Verification: "
+ Verify_Digital_Signature(
input.getBytes(),
signature, keyPair.getPublic()));
}
}

2
6
 Experiment No. 8

Aim: - Study and use the Public key infrastructure

1. INTRODUCTION
The demand for securing communications is increasing dramatically day by day. Along with
this demand, more techniques have been proposed to achieve the maximum security. The
most commonly used technique is the encryption with two kinds of cryptography. First one is
called private key or symmetric cryptography; it can be applied really fast but the key is hard
to be managed since there is just one key each user. Despite this issue, it still plays a role in
the most encryption systems. Other kind of cryptography is proposed to overcome this issue
under the name of public key or asymmetric cryptography where each user is provided with a
pair of keys: public and private keys. Since the public key is not a secret, then the key
management problem was solved but equivalent problem was raised which is the
authentication or name management problem. Public key infra-structure (PKI) was developed
to solve this problem and support the public key cryptography. Authentication is the process
of using all PKIs. We have introduced several PKIs with different architectures and processes
and briefly discussed a comprehensive survey of these PKIs.2. PKI Overview
PKI is an abbreviation of the Public Key Infrastructure, it was developed to support the public
key (asymmetric) cryptography. In this type of cryptography, the message is going to be
encrypted by the sender using the public key of the receiver and then this receiver,
presumably, is the only one who can decrypt this message using the corresponding private
key. This direction in cryptography was introduced since 1976 , to solve the key management
problem, using a directory called Public File in which entries are name, number and public
key. The sender looks the recipient up in the Public File by his name to find his public key.
By this scenario, the sender does not have the complete confidence that the key truly belong
to desired recipient. Kohnfelder proposed a solution by certificate or digitally sign each entry
in the “Public File”, so the certificates could be distributed through a network securely.
In the 1980’s, International Telecommunication Union (ITU) decided to build a larger
directory to cover all people and devices all over the world, so the result was a standard called
X.500 , defining all characteristics of that directory. Another standard called X.509 was
proposed for authentication purposes, nobody could change any entry in a directory except if
he has permission. A X.509 standard defines the certificate format; it binds the identity of the
key holder to the holders public key. All theses evolutions in public key cryptography have
lead to build a public key infrastructure (PKI) in which the digital certificates present the
heart of it. For more trust authority, Certification Authority (CA) was introduced , which is a
trusted party responsible for verify and sign the certificates. Therefore, PKI has helped the
sender to retrieve the public key of desired recipient with the confidence that this key is really
recipient’s public key. Recently, various models of PKI have developed with different
schemes; the paper will present some of these models and discuss the most popular ones.
Taxonomy of the survey is shown in Figure 1.
3. PKI’s Component and Operation
The basic common operations in all PKIs are certification and validation. The fundamental
function in all PKIs is certification where it is the binds the value of public key to an entity in
an authentic way. The other operation is validation, it is the process of verifying the validity
of the certifications (still valid or not) . A complete public key infrastructure is composed of 2
several components which are: registration authority (RA), certificate authority (CA), security 7
policy, PKI-enabled applications, distribution system, and certificate repository . The
components of the PKI are shown in Figure 2 and are described as.
• Certificate Authority (CA): It’s also called Certificate Issuer, which is used to issues the
certificates and the revocation lists. A certificate is a data structure composed of both the
public key value and the identified information that belong to the holder of the
corresponding private key . Each public key certificate is issued to an individual and each
certificate has a digital signature of the issuing CA. The certificates have a lifetime of one
or two years. The certificate might be revoked for

several reasons such as loss of private key, compromise key or the lifetime of the
certificate is terminated, etc. If any one of these situations happened; the entity who issued
the certificate should be requested to invalidated (revoke) the certificate of public key.
There are multiple revocation mechanisms to revoke the certificate and to allow the user to
be able to check the validity of the certificate (the certificate still valid or has been
revoked). All revocations mechanism needs to be timely and efficient. One of the
revocation mechanism is CRL (Certificate Revocation List) which is a list contains
certificate the have been revoked and signed digitally by the entity who had issued those
certificates previously .
• Registration Authority (RA): is used to submit all the requests to the CA and authenticates
all the users identities and registers the end user’s information before certification. The
services given by RA can be accessible through two ways:
1) Logging the administrator through the browser to the system.
2) Calling the web services interface through the application system.
RA has only one super administrator which can access all the functions provided by RA
where this super administrator can add more administrators if needed. Every administrator
who wants managing the system must use its own smart card to prevent unauthenticated
people from making any operations to the registration authority (RA) .
• Distribution System and Certificate Repository: are used to provide storing mechanism,
they store the certifications and CRL information . The complexity of PKI can be hidden
from client system by adding one more component which is Validation Authority (VA)
which responds to the client requests for certificates.

2
8
Figure 1. Taxonomy of the survey
Figure 2. PKI’s components.

2
9
revocation status and doing the accessibility valuation of certificates on the behalf of the client
system . The protocol operations of the PKI and actors are shown in Figure 3 where the protocol
operations indicated
by numbers. The protocol operations of the PKI in the figure above are:
• Certificate generation and Key: Registration Authority establishes the key holder identity and
passes his/her information with the public key for certification to the CA. Then the CA or the
owner of key can generate the key pair, where the most important point is the safe transportation
of the private key to the holder of key. A typical lifetime is one year for a certificate after which a
new certificate is issued.
• Revocation list generation: Making a list of all non-expired or revoked certificates where the CA
signed these lists then sent them either to the VA or sent them immediately to the relying parties
where there is no need for online status provider to doing the validation. The revocation lists
generation interval is four hours.
• Signature generation: The holder of key making signs for a message including his/her public key
certificate with the signature data. The frequency was chosen of the signed messages is 300
messages per day for every active user where this number has been chosen for the purpose of the
forthcoming calculations.
• Certificate validation: The status of revocation of the signer’s certificate must be checked by the
relying party where it can be done either by checking the revocation list that most recently
available or by querying the VA. The frequency of the operations that belongs to the validation is
the aggregate frequency of the received messages—among all users—by the relying party .
4. Well Known PKIs
Taking trust as a classification scheme, PKIs can be distributed into several trust models. Some PKIs
relies on the trust of a single authority “CA” and some other relies on the trust of users between each
other. In this section, two of the most common models are to be discussed.

Figure 3. Protocol operations and actors of the PKI.

3
0
 4.1. Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is common Public Key Infrastructures and one of the most popular
ones being used. Phil Zimmermann is the designer of this infrastructure in 1991, it uses a concept
called “Web-of-Trust” where users generates their own key pairs and publish them to be signed by
other PGP users to build up a trusting relationship between the generators and the signers.
Most PKIs uses some authority to define the level of trust among users; so an advantage of using
PGP arises. The independence of a governor over keys due to trust constructed between users
makes using PGP easier. Each user has a public-ring where received keys are being stored and
assigned levels of trust depending on a decision of the end user, while other infrastructures use a
central authority to perform validation and verification. A user can set policies and rules on the
level of trust; for example: a key will not be accepted unless it was signed by three other trusted
keys. On the other hand, a user can accept a non-signed key on a user’s own risk .
Regarding revocation of keys, it is also the authority of the key holder to revoke the key using a
signed message for revocation and then posted to a public server. When a user sees such message,
he/she has to remove the key from the public-ring storage. Revocation messages have to be signed
by the key holder, so it is quite impossible to send a fake revocation message unless the key has
been compromised. If a revocation message has been produced from a compromised key; it is a
good improvement for security of the overall system, as a consequence of considering such
message as a warning for the other users so they would not trust that key . Even though such a
warning message might be sent to the other users to avoid communication with the key, the holder
cannot guarantee that every other user has received and read the revocation message. To avoid
such problem, the key holder can add an option field to the certificate including an address to a
personal web site where other key holders can check the holder’s key status. Many different places
PGP users can use to check the status of the keys but they would not be sure if the information is
being updated or not.
4.2. Internet X.509 Public Key Infrastructure (PKIX)
Since 1995, working group to support PKIs has been established under the name of PKIX
“Internet X.509 Public Key Infrastructure”. As we have mentioned in the overview section, X.509
carries the authentication role in X.500 directory services and both of them are proposed by
“International Telecommunications Union
Telecommunications Standardization Sector” . PKIX model is based on a Certifying Authority (CA)
system that issues public key certificates (PKCs) in order to distribute public keys among the end
entities that hold private keys .
To start using the PKI, user first needs to register by sending a request for a PKC to a CA. This
request contains some required information like the user’s name and some attributes put in his PKC.
A CA before issue certificate, it will verify the provided information either by itself or by registration
authority (RA) then it signed with private key of CA. A PKC contains some information like CA’s
name, end entity’s name with its public key, a certificate serial number, a validity period and other
associated information. In order to validate a certificate, the relying party calls the public key of CA
and verifies the certificates signature, checks that date is within the validity period, and may also
perform other online checks .
In this model, there is a hierarchic chain of CAs to validate the certificate; starts by the self-signed
root certificate until reaches the end entity certificate. Once the chain has been verified by the relying
3
1
party, signature on the end-entity’s certificate is trusted to be proper, and then go to validate other
information such as public key, validity periods to fully trust the certificate by contacting the CA .
PKIX comes with few protocols that aim to perform on line status checking on the certificates; one
most widely used is Online Certificate Status Protocol (OCSP). And for more specification, PKIX
proposes periodically published certificate revocation lists (CRLs) to check revocation status of a
certificate.
4.3. Comparison between PGP and PKIX
On the following table some of the differences have been pointed out to compare between the two
PKIs.
5. Current Implementations of PKI
During the last decades, many improvements have been introduced to the traditional public key
infrastructure to make it suitable for different platforms such as mobile environment, smart grid
applications, etc. In this section we will briefly present some of the recent models.
• WPKI: Wired infrastructure usually deals with devices with high computational power with large
memory size and robust source of power. On the other hand, wireless devices have more technical
limitations such as less powerful CPU with lower memory size and limited source of power
(battery), which made the need for another infrastructure that complies with the wireless
limitations and capabilities. Wireless Public Key Infrastructure (WPKI) provides wireless devices
(mobile phones for an instance) with the same security level as a wired PKI.
• LPKI: Lightweight Public Key Infrastructure (LPKI) is proposed to support the mobile
environments. It applies the features of elliptic curve cryptography and signcryption . LPKI
establishes many enhance-ments to the conventional PKIX in order to make it cost-effectively and
more appropriate for the mobile environment and other resource constrained platforms. In this
model, a new unit was introduced called Validation Authority (VA) to eliminate all computational
costs of required validations. LPKI has a compact compatibility with PKIX infrastructure since the
certificates in both of them are based on the format of the X.509v3 certificates.
6. Risk and Challenges of PKI
Overall security of electronic transactions is almost impossible although it is designed to secure PKI
transactions. Cases of security breach are still occurring due to human error or slackness. This section
will take a look at some of the risks related to PKI.
6.1. Private Key Protection
The core foundation of PKI is the key pair public and private keys. Particularly, customer’s private
keys are the major components of the PKI. If the private key of the client was stolen, And Can be
used to digitally sign the private key by fraud steers as if the same client. If the private key of the CA
is stolen, fraud steer can use this key for generate a lot of digital fraud.
6.2. Non-Repudiation in PKI
Although PKI provides a level of trust between individuals, as mentioned in the previous section,
the attacker can access the private key of someone, and then he or she can generate messages
signed by the key holder. In this case, it would be almost impossible to prove that key holder did
not send the message. PKI is created to cover such problem.
The user can perform necessary to ensure that the end of the infrastructure is safe, but cannot be
confident if the other users (or even CA) are doing their part. The question here is: Is CA doing3 a
2
comprehensive verification of the identity of all customers. CA aims to ensure that all certificates
issued by the old keys are not being used again. Such questions increase doubts about the security
and reliability of the PKI .
6.3. Open PKI Liability Risks
PKI has many applications, which reduces the administrative burden and improve the experience
for the end user, for example; Reducing the number of passwords makes it easier for the user to
remember .Of the biggest challenges is how to PKI allows the applications especially the best-of-
kind applications required enterprise customers generally. Two approaches are used by PKI
vendors:
• Closed PKI: is a kind of proprietary software issued a limited number of digital certificates,
therefore can control the applications and users who need communicate securely. But the
closed PKI systems need a lot of training, software, hardware, and maintenance
• Open PKI: “Applications interface seamlessly with certificates issued under an open PKI, the
roots of which are already embedded. Open PKI systems allow enterprises to become their own
CA, while taking advantage of the PKI vendor’s service and support.
In the field of e-commerce, cheating and theft are inevitable. Although the PKI is established to
prevent these threats from happening, but they might occur if all parties involved in the PKI are
open to a reasonable extent. Risk management is fundamental in both types of PKI; closed and
open PKI. And the responsibility control is easy because they are limited in scope and which is
supposed to be performed by the CA. Positive aspect of the closed PKI is that it can predict the
potential risks, the owner can either imbibe the losses himself, or he can pass it off to his
customer. Certificate Authorities bear the a larger role in protecting an open PKI model because
board certified are referenced to verify the identity of individuals or certain institutions, and issued
this body digital certificates to prove that the individual or organization known by this authority,
depends on this body in ensuring the rights of dealers via the Internet as they provided documents
proving get deal between two parties specific. So it should CA to verify that the vendors they deal
with their trusted .
Responsibility is not taken only by the CA. CA customers should take the necessary measures to
save their own data. The most important reviewing contracts and certificates from CA to ensure
lack of erroneous data. Customer holds a great deal of risk if used fakes certificates are no longer
supported by the CA. Despite the lack of an ideal solution for the protection of electronic data
transfer. PKI is a good solution at the present time. It combines the functionalities of
public/private key, digital certificates, and hashing algorithms to reach a high level Security and
confidentiality of data and non-repudiation. There are those criticize the way in which the
ratification of the certificates in the PKI [18]. These terms refer to the weakness of reliability in
the verification process carried out by the CA in proof of identity certificate applicant. As there
are those who question the extent of confidentiality and security of the devices that match the
signatures or those used In keeping private keys. However, many believe that the Internet has
opened up many opportunities require secure infrastructure, such as those available by the
technique remained. Despite the constraints and uncertainties, but it can be solved by the creation
of the necessary laws to ensure the safety of electronic trading and trust in him.

3
3
 Experiment No. 9

Aim: - Study and use the Web Security for the various network.

1. INTRODUCTION

Nowadays, due to the boom in the usage of internet by people one of the most important aspects of
networks is their security. Network security in today’s world plays very important role there are many
researches going on this domain by various people to provide more better security to the existing
network. The network security and firewalls are two words which seem to be closely related to each
other as we are aware of the fact that firewall provides security to network in organization efficiently.
The need of firewall is not required to great extent if the network is only intranet based from network
security point of view in comparison to the scenario where all the users are connecting with internet
which acts as a medium from where the traffic (data) travel from outside to inside and vice-versa, in
such case firewall are the first line of defense required at large because the surveillance of attackers
increase and hence its mandatory to secure users data as well as to protect unauthorized user cum data
to enter in network. In1980s emerged the concept of Firewall technology. The basic function of
firewall is to provide access control between networks and to mediate connection requests based on
predefined set of rules or policies of packet filters.
Firewalls generally comprise of some form of inspection engine that analyzes IP, TCP, and UDP
packet headers and (possibly) packet application data against a “rule base”. Due to large number of
threats of network attacks, firewalls have become more important elements for defense than ever for
any kind of network. Firewalls have been ideally designed for filtering out unwanted network traffic
coming from or going to the secured network. The filtering decision is based on the firewall policy [1]
which is a set of ordered filtering rules defined according to predefined security policy requirements.
The sequence of rules plays very important role in the firewall policy because matching will take place
on the basis of first-match semantics where the firewall will take decision for accepting or rejecting a
on the basis of the first rule that the packet matches. A firewall [6] is generally placed at the entry point
between a private network and the outside Internet so that it can check all incoming and outgoing
packets and decide whether to accept or discard a packet based on its policy. Firewall allows traffic
with desired IP addresses and ports to pass through it, but it cannot identify whether the traffic is
normal or Malicious one. Firewall no doubt has certain

3
4
 Start

Read Header Information

Apply Rules

Match?
? (no)Discard

(yes)Accept

Fig.1. Packet Filter Firewall

advantages, but it lacks ability to detect attacks. On the other hand Intrusion detection system has the
ability to detect threats and attacks by monitoring the network traffic. Whenever an intrusion occurs in
a network, an alert is generated by IDS to the network administrator for taking an action to block the
attack.History of intrusion events has proved that only detection is not enough to block the intruders
from attacking the networks which brought intrusion detection and prevention system into existence
(IDPS). IDPS not only report attack events to the administrator but also block them instantly. The
paper is organized into different sections which include Introduction, Types of Firewall, Shortcomings
Of firewall, Types Of Ids , IDPS, Conclusion .
← BACKGROUND AND RELATED WORK
• Different Types Of Firewall
Since firewall technology [2] evolved in era of 1980’s there has been various changes made in their
filtering techniques [4] adopted by them till now in order to make them more and more accurate so that
they can provide high level of security to the network this lead into classification of firewall into
different generation of firewalls. There are three different types of firewall First Generation Firewall
evolved in (1988), Second Generation Firewall evolved in (1989-1990), Third Generation Firewall
evolved in (1995–1998) now let’s discuss each of them in detail.
1.1) First Generation Firewall (Packet Filters)
In 1988 evolved the first generation firewall which performed the filtering of the packet by evaluating
the header contents of the packet .It have the ability to perform layers 3 or 4 inspection of packet data.
IP Packet Filter Firewall takes decision whether to accept or to discard packet based on the header
content of the packet’s. Packet filter firewall uses the rule set to decide whether to accept or reject
3
packet if the packet finds match against the rule set then packet is allowed otherwise it’s discarded if it
5
does not match with nay of the rules defined in the rule set. Packet filter firewall works on the network
layer, physical layer, and transport layer of the OSI model .Packet filters maintain no state information
(Connection State) to know whether the traffic is of existing stream or not which is one of the major
drawback of First Generation firewall. This drawback lead to the evolution of Second Generation
Firewall.
1.2) Second Generation Firewall ( Statefull Filters)
In 1989-1990 evolved the Second generation firewall which performed the filtering of the packet by
evaluating the header contents of the packet as well as overcome the drawback of First Generation
Firewall by maintaining state table for each connection. Second generation firewall also known as
Stateful packet filtering firewalls. Stateful Filters do not perform directly the filtering of the packets
based on their header information but they retain packets until enough information is obtained in order
to make decision about its state. It Have similar packet inspection capabilities, as that of Packet Filter
Firewalls but it add the ability to interpret TCP session flags and establish a state table to monitor TCP
connections. Second generation firewall records all connections that passes through it and decides
whether a packet is new connection, or an existing connection, or not a connection. Now the rules
contain connection state as one of their test criteria. What if an intruder performed Certain Denial of
service attack in which attacker can attack firewall with thousands of fake connection requestto
overflow the Stateful firewall connection state table. This leads to drawback and reason for evolution
of Third Generation Firewall which will handle this kind of attack.
1.3) Third Generation Firewall (Application Layer)
Third Generation Firewall also known as Application Layer Firewall [6] evolved in 1995-1998 which
worked on all the layers of OSI model specially more focus on the application layer to handle all the
web attacks, traffic that come to or from the internet via application layer
.It have the ability to inspect packet data all the way up through layer 7 of OSI model. Application
Firewall is commonly known as proxy server. External network and internal network communicate via
Proxy. It provides higher security than packet filtering Firewall. Application Firewall requires to
inspect only few allowable Applications. All incoming traffic can be easily logged. Drawback of
Application Firewall is that it requires Additional processing overhead on each connection. When the
users wish to communicate, they do not communicate directly, instead proxy will act as intermediately
between them. Function Offered by Proxy are Authentication mechanism, Content Filtering, Mature
Log.
1.4) Shortcomings of Firewall
The Different Shortcomings [3] of Firewall includes Following Aspects. Firewall is not able to destroy
the attack source. By setting appropriate Firewall it can stop internet virus, Trojan but can’t clear the
attack source. Firewall can’t resist internal attacks behind of tight defensive firewalls; the internal
network is likely confused. For example, attackers through social engineering will send Trojan, Trojan
email with URL in the way of internal host inject Trojan, and then the Trojan machine initiative
connects to the attacker and destroy the firewall instantly. Own vulnerability Regardless of the
hardware firewall or software firewall, there exists soft/hardware troubles, also more or less design
flaws. The criminals may adopt these design problems to passthe firewall and launch attacks to the
system. Firewall cannot analyze the network packets on the basis of signatures. It cannot detect
malwares and viruses coming in from the known ports like port 80 and 110. Therefore we need a
system which can analyze network traffic to detect malicious activity.

3
6
 Client

Response Request

Internal Interface

Proxy

External Interface

Response Request

Server

Fig.2.Application Firewall 1.5) Attacks On Firewalls

A) TCP attack on firewall

As dynamic state table is not maintained by packet filtering firewalls they are not able to purely
evaluate incoming packets against the packet filters. By manipulating the TCP flags in the TCP packet
header attacker can make it possible to force a TCP packet to pass through a packet filtering firewall by
setting the “ACK” flag in the TCP header, which produces a match against a packet filter intended to
allow return packets for outbound (Internet-bound) Domain Name System (DNS) requests.

B) IP Spoofing
The Process of manipulation of IP source address data in packets to achieve a match with a ruleset or
packet filter configured on a firewall or access control device is known as IP Spoofing.If an attacker is
able to spoof a source address associated with a “trusted” host, the attacker may be able to penetrate the
firewall and enable the passing of packets to the target host.
C) Denial-of-Service
Firewalls and access control devices can be equally as vulnerable to application- or network-based
denial-of- service as other devices, applications, and OS. If a firewall does not implement adequate
resource safeguards, an attacker may be able to flood a target firewall with connection requests in an
attempt to circumvent the firewall and operating systems TCP SYN Flood Attack Protection
Mechanism: TCP SYN Flood Protection and connection rate limiters
D) Tiny Fragment Attack
TCP services are targeted by “Tiny Fragment” attack and they make use of IP packet fragmentation
functionality to create small fragments that will force some of the TCP header information into a
3
separate fragment. Such kind of attack can be used to bypass certain types of packet filtering devices
7
where the device is unable to handle this type of exception.
Table.1. Different Firewalls

Firewall License Cost OS

Cisco Proprietary Included On Cisco Switches Cisco Hardware

and routers
Comodo Proprietary Free Windows
Internet 7,8, Vista
Security

IpFilter GPlv2 Free Unix

IPCop Various Free Linux

IPFire GPL Free Linux

2) Intrusion Detection System

An act of entering into a network or system forcibly with intent of either stealing information or
damaging the system is known as “Intrusion”. Intrusion detection system resides on the gateways or
on the host machines to monitor the network traffic. If any malicious traffic is identified, an alert is
generated by the IDS, informing responsible person to take action. The terminology “Intrusion
Detection” addresses a range of technologies that are involved in the detection, reporting, and
correlation of system and network security events. Intrusion detection technologies are detective
rather than preventative they provide a security administrator with information on attempted or actual
security events. Intrusion Detection Systems look for attack signatures, which are specific patterns
that usually indicate malicious or suspicious intent.It can alleviate the following types of risks
• Data destruction
• Denial-of-service
• Hostile code
• Network or system eavesdropping
• System or network mapping
• System or network intrusion
• Unauthorized access
The IDSs are classified into three categories which are as follows .Host-based IDSs gets
audit data from host audit trails. They are used to detect attacks against a single host. Security
violations include attempted break-in, masquerading or successful breaking, penetration by legitimate
user and etc.

3
8
Distributed IDSs collect information from multiple host and the network that connects the hosts. They
are Capable of detecting attacks that involves multiple hosts.Network-Based IDSs make use of
network traffic as the source of information, trying to reduce the burden of normal computing services
provided by the hosts that .They are used to determine attacks from network.There are two basic types
of IDS techniques, which are signature-based and anomaly based.
2.1) Signature based IDS (Misuse Detection)
On the basis of known list of attack signatures it detects malicious network packets. Database contains
known list for latter comparison in real time mode. Advantage: It is very effective against known
signatures of attacks Disadvantage lacks in detecting unknown attacks.
2.2) Anomaly based IDS
System profile is used to detect any anomaly in the data packets. Initially, system is trained with a
normal expected traffic and a profile is built with normal system behavior. Later on the trained profile
is used to detect anomalous activities. Advantage it is more effective against unknown attacks.
Disadvantage: it has a high false positive rate.
2.3) Hybrid based approach
To block the malicious network packets this approach combines the signature-based IDS and anomaly -
based IDS techniques. The strengths of both the techniques are combined to overcome their drawbacks.

Table.2.IDS Techniques

IDS Advantage Disadvantag

TECHNI E
QUE

Misuse Accurately Cannot detect

Detection and generate novel or
much fewer Unknown
false alarm Attacks

Anomaly detect High false-

Detection unknown Alarm
attacks

3) Snort open Source IDS

Snort is an widely used open source intrusion detection system that has capability of performing traffic
analysis based on the rules, content searching or content matching and can be used to detect a variety
of attacks like OS fingerprinting ,buffer overflows, SMB probes, stealth port scans, CGI attacks, and so
on
. An example of widely used NIDS is Snort .Snort has Detection Engine which has ability to detect the
threats and generate alert to administrator. The Architecture of snort is depicted in the figure below.
Packets from different types of network interfaces are taken by Packet Decoder which then prepares
packets for processing. Preprocessor detect anomalies in packet headers ,keeps data ready for detection
3
9
 engine, reassemble TCP streams ,packet defragmentation ,decode HTTP URL. Detection Engine
applies rules to packets and then outputs the alert
4) IDS Hacking Exploits
Different hacking Exploits for Intrusion Detection System (IDS) are as follows:
4.1. Address Spoofing or Proxying
IP spoofing or ARP spoofing techniques can be used to destabilize an IDS in the sense that they may
impact the IP information and IDS logs related to a particular security event.

4.2. Denial-of-Service
IDS can be affected by denial-of-service attack which can flood IDS with port probes or connection
requests.
4.3. Packet Fragmentation and “Session Splicing.”
IDS systems that are not able to perform appropriate packet reassembly may be vulnerable to attacks
that fragment packets in a manner that splices an attack signature over multiple packets Packet
fragmentation attacks against IDS involve using some of the packet fragmentation techniques to evade
an IDS.
4.4. Port Scan Evasion
An attacker may be able to evade an IDS by slowing port scans over an extended time period, while
conducting a portscan of a system or network. Attacker can circumvent an IDS by coordinating a scan
among multiple machines or utilizing scan decoy or proxy bounce scanning options.
4.5. TCP Session Synchronization Attacks.
Some IDS evasion tactics involve “desynchronizing” the TCP session that is being monitored to
confuse the IDS, and undermine its ability to maintain a sense of session “state.
4.6. Web Evasion Techniques.
Certain tools have the ability to bypass IDS systems by employing various forms of HTTP evasion
techniques.Such as premature request ending, Parameter hiding, Misformatting, Long URLs.
• Intrusion Detection and Prevention System (IDPS):
IDS have ability to detect attack and generate alert but it cannot block the attack on its own. This
limitation of IDS is overcome by Intrusion detection and prevention systems IDPS [5] which not only
detects the attack, but also stops it from entering into the network or system. IDPS works as network
based IDS (NIDPS) and host based IDS (HIDPS).

4
0
 Parameter Anomaly Signature Hybrid

Resistance to Medium Low High

Evasion

High accuracy Medium Medium High

rate

Market Share Medium High Medium

Scalability Medium High Medium

Maturity Level High High Medium

Overhead on Medium Low Medium

Monitored System

Maintenance Low Medium Medium

Performance Medium High Medium

Easy to Configure No Yes No

Easy to Use Medium Low Low

Protection against High Low High

New Attacks
False Positives High Low Low
False Negatives High Medium Low

Table.3.Parameters for Evaluating IDS

4
1
5.1. Network intrusion detection and prevention system (NIDPS)

It works at point from where it can monitor the traffic and block the malicious traffic on basis of
either signature or anomaly methods.

5.2. Host based (HIDPS)

Host Based IDS detect security violations from abnormal patterns of system usage. Security violations
include attempted break-in, masquerading or successful breaking, penetration by legitimate user and
etc. Abnormal activity in a host is detected by HIDPS by monitoring the logs such as Kernel logs and
application logs. Insider attacks happening in a host are also handled by HIDPS.

4
2
 Experiment No. 10

Aim: - Study and use the System Security for the various network.

Security of a computer system is a crucial task. It is a process of ensuring confidentiality and integrity
of the OS.
A system is said to be secure if its resources are used and accessed as intended under all the
circumstances, but no system can guarantee absolute security from several of the various malicious
threats and unauthorized access.
Security of a system can be threatened via two violations:
 Threat: A program which has the potential to cause serious damage to the system.
 Attack: An attempt to break security and make unauthorized use of an asset.
Security violations affecting the system can be categorized as malicious and accidental. Malicious
threats, as the name suggests are a kind of harmful computer code or web script designed to create
system vulnerabilities leading to back doors and security breaches. Accidental Threats, on the other
hand, are comparatively easier to be protected against. Example: Denial of Service DDoS attack.
Security can be compromised via any of the breaches mentioned:
 Breach of confidentiality: This type of violation involves the unauthorized reading of data.
 Breach of integrity: This violation involves unauthorized modification of data.
 Breach of availability: It involves an unauthorized destruction of data.
 Theft of service: It involves an unauthorized use of resources.
 Denial of service: It involves preventing legitimate use of the system. As mentioned before,
such attacks can be accidental in nature.
Security System Goals –
Henceforth, based on the above breaches, the following security goals are aimed:
1. Integrity:
The objects in the system mustn’t be accessed by any unauthorized user & any user not having
sufficient rights should not be allowed to modify the important system files and resources.
2. Secrecy:
The objects of the system must be accessible only to a limited number of authorized users. Not
everyone should be able to view the system files.
3. Availability:
All the resources of the system must be accessible to all the authorized users i.e only one
user/process should not have the right to hog all the system resources. If such kind of situation
occurs, denial of service could happen. In this kind of situation, a malware might hog the
resources for itself & thus preventing the legitimate processes from accessing the system
resources.

Threats can be classified into the following two categories:

4
3
1. Program Threats:
A program written by a cracker to hijack the security or to change the behaviour of a normal
process.
2. System Threats:
These threats involve the abuse of system services. They strive to create a situation in which
operating-system resources and user files are misused. They are also used as a medium to launch
program threats.

Types of Program Threats –

1. Virus:

An infamous threat, known most widely. It is a self-replicating and a malicious thread which
attaches itself to a system file and then rapidly replicates itself, modifying and destroying
essential files leading to a system breakdown.
Further, Types of computer viruses can be described briefly as follows:
– file/parasitic – appends itself to a file
– boot/memory – infects the boot sector
– macro – written in a high-level language like VB and affects MS Office files
– source code – searches and modifies source codes
– polymorphic – changes in copying each time
– encrypted – encrypted virus + decrypting code
– stealth – avoids detection by modifying parts of the system that can be used to detect it, like the
read system
call
– tunneling – installs itself in the interrupt service routines and device drivers
– multipartite – infects multiple parts of the system
2. Trojan Horse:

A code segment that misuses its environment is called a Trojan Horse. They seem to be attractive
and harmless cover program but are a really harmful hidden program which can be used as the
virus carrier. In one of the versions of Trojan, User is fooled to enter its confidential login details
on an application. Those details are stolen by a login emulator and can be further used as a way of
information breaches.
Another variance is Spyware, Spyware accompanies a program that the user has chosen to install
and downloads ads to display on the user’s system, thereby creating pop-up browser windows and
when certain sites are visited by the user, it captures essential information and sends it over to the
remote server. Such attacks are also known as Covert Channels.

3. Trap Door:

The designer of a program or system might leave a hole in the software that only he is capable of
using, the Trap Door works on the similar principles. Trap Doors are quite difficult to detect as to
analyze them, one needs to go through the source code of all the components of the system.

4. Logic Bomb:
5.
A program that initiates a security attack only under a specific situation. 4
4
Types of System Threats –

Aside from the program threats, various system threats are also endangering the security of our
system:

1. Worm:

An infection program which spreads through networks. Unlike a virus, they target mainly LANs.
A computer affected by a worm attacks the target system and writes a small program “hook” on
it. This hook is further used to copy the worm to the target computer. This process repeats
recursively, and soon enough all the systems of the LAN are affected. It uses the spawn
mechanism to duplicate itself. The worm spawns copies of itself, using up a majority of system
resources and also locking out all other processes.
The basic functionality of a the worm can be represented as:

2. Port Scanning:

It is a means by which the cracker identifies the vulnerabilities of the system to attack. It is an
automated process which involves creating a TCP/IP connection to a specific port. To protect the
identity of the attacker, port scanning attacks are launched from Zombie Systems, that is systems
which were previously independent systems that are also serving their owners while being used
for such notorious purposes.

3. Denial of Service:

Such attacks aren’t aimed for the purpose of collecting information or destroying system files.
4
5
 Rather, they are used for disrupting the legitimate use of a system or facility.
These attacks are generally network based. They fall into two categories:

– Attacks in this first category use so many system resources that no useful work can be
performed.

For example, downloading a file from a website that proceeds to use all available CPU time.
– Attacks in the second category involves disrupting the network of the facility. These attacks are
a result of the abuse of some fundamental TCP/IP principles.
fundamental functionality of TCP/IP.
Security Measures Taken –

To protect the system, Security measures can be taken at the following levels:

 Physical:
The sites containing computer systems must be physically secured against armed and malicious
intruders. The workstations must be carefully protected.

 Human:
Only appropriate users must have the authorization to access the system. Phishing(collecting
confidential information) and Dumpster Diving(collecting basic information so as to gain
unauthorized access) must be avoided.

 Operating system:
The system must protect itself from accidental or purposeful security breaches.

 Networking System:
Almost all of the information is shared between different systems via a network. Intercepting
these data could be just as harmful as breaking into a computer. Henceforth, Network should be
properly secured against such attacks.

Usually, Anti Malware programs are used to periodically detect and remove such viruses and threats.

4
6
4
7