Cryptography system security, Study notes of Cryptography and System Security

CSS lab manual can be used for experiment in your college.

Typology: Study notes

2018/2019

Uploaded on 04/19/2019

ravi-mourya
ravi-mourya 🇮🇳

4.5

(2)

1 document

1 / 105

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
LAB MANUAL [SSL] Page 1
System Security Lab(CSL604)
Lab Manual
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Cryptography system security and more Study notes Cryptography and System Security in PDF only on Docsity!

System Security Lab(CSL604)

Lab Manual

Lab Outcome: Learner will be able to :

  1. Apply the knowledge of symmetric cryptography to implement simple ciphers.
  2. Analyze and implement public key algorithms like RSA and El Gamal.
  3. Analyze and evaluate performance of hashing algorithms.
  4. Explore the different network reconnaissance tools to gather information about networks.
  5. Explore and use tools like sniffers, port scanners and other related tools for analyzing packets in a network.
  6. Set up firewalls and intrusion detection systems using open source technologies and to explore email security. 7. Explore various attacks like buffer-overflow, and web-application attacks. Hardware Requirements PC With following Configuration
  7. Intel Core i3/i5/i7 Processor
  8. 4 GB RAM
  9. 500 GB Harddisk Software Requirements
  10. Windows or Linux Desktop OS
  11. wireshark
  12. ARPWATCH

Experiment No. 1 Aim: Design and Implementation of a product cipher using Substitution and Transposition Objectives:

  • To understand the encryption and decryption fundamentals.
  • To understand the concepts of the product cipher. Outcomes: The learner will be able to
  • Understand the principles and practices of cryptographic techniques Hardware / Software Required: C/C++/JAVA Theory: Substitution cipher is a method of encryption by which units of plaintext are replaced with ciphertext according to a regular system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution. Transposition cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed. Substitution ciphers can be compared with Transposition ciphers. In a transposition cipher, the units of the plaintext are rearranged in a different and usually quite complex order, but the units themselves are left unchanged. By contrast, in a substitution cipher, the units of the plaintext are retained in the same sequence in the ciphertext, but the units themselves are altered.
  1. Caesar Cipher: In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it to communicate with his generals.

Example: The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as the key): Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC

  1. Columnar Transposition: In a columnar transposition, the message is written out in rows of a fixed length, and then read out again column by column, and the columns are chosen in some scrambled order. Both the width of the rows and the permutation of the columns are usually defined by a keyword. In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an irregular columnar transposition cipher, the spaces are left blank. Finally, the message is read off in columns, in the order specified by the keyword. Algorithm/Procedure:
    • Substitution
      1. Display menu of operation – e for encryption and d for decryption.
      2. Accept choice from user
      3. If choice is encryption- a. Accept plaintext from user b. Accept key from user. c. Take k = 0. d. Extract kth^ character from string. e. Add key to it and get new value. f. If new value > 26 New value = New value % 26. g. Add as kth^ character of ciphertext. h. Increment k. i. If(k < length(plaintext)) goto step ‘d’. j. Display plaintext and ciphertext(output).
      4. If choice is decryption- k. Accept cipher text from user l. Accept key from user. m. Take k = 0.

// Substitution encryption StringBuffer substitutionOutput = new StringBuffer(); for(int i=0 ; i<substitutionInput.length() ; i++) { char c = substitutionInput.charAt(i); substitutionOutput.append((char) (c+5)); } System.out.println("\nSubstituted text:"); System.out.println(substitutionOutput); // Transposition encryption String transpositionInput = substitutionOutput.toString(); int modulus; if((modulus = transpositionInput.length()%n) != 0) { modulus = n-modulus; // ‘modulus’ is now the number of blanks/padding (X) to be appended for( ; modulus!=0 ; modulus--) { transpositionInput += "/"; } } StringBuffer transpositionOutput = new StringBuffer(); System.out.println("\nTransposition Matrix:"); for(int i=0 ; i<n ; i++) { for(int j=0 ; j<transpositionInput.length()/n ; j++) { char c = transpositionInput.charAt(i+(jn)); System.out.print(c); transpositionOutput.append(c); } System.out.println(); } System.out.println("\nFinal encrypted text:"); System.out.println(transpositionOutput); // Transposition decryption n = transpositionOutput.length()/n; StringBuffer transpositionPlaintext = new StringBuffer(); for(int i=0 ; i<n ; i++) { for(int j=0 ; j<transpositionOutput.length()/n ; j++) { char c = transpositionOutput.charAt(i+(jn)); transpositionPlaintext.append(c); } } // Substitution decryption

StringBuffer plaintext = new StringBuffer(); for(int i=0 ; i<transpositionPlaintext.length() ; i++) { char c = transpositionPlaintext.charAt(i); plaintext.append((char) (c-5)); } System.out.println("\nPlaintext:"); System.out.println(plaintext); } }

Output:

Enter the input to be encrypted: sangita Enter a number: 3 Substituted text: xfslnyf Transposition Matrix: xlf fn/ sy/ Final encrypted text: xlffn/sy/ Plaintext: sangita Conclusion : A product cipher is a composite of two or more elementary ciphers with the goal of producing a cipher which is more secure that any of the individual components. In product cipher substitution and transposition are applied to create confusion and diffusion in the text message.

○ The pair of numbers (n, e) form the RSA public key and is made public. ○ Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA. ● Generate the private key ○ Private Key d is calculated from p, q, and e. For given n and e, there is unique number d. ○ Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the number less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1 modulo (p - 1)(q

  • 1). ○ This relationship is written mathematically as follows − ed = 1 mod (p − 1)(q − 1) The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output. Example An example of generating RSA Key pair is given below. (For ease of understanding, the primes p & q taken here are small values. Practically, these values are very high). ● Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91. ● Select e = 5, which is a valid choice since there is no number that is common factor of 5 and (p − 1)(q − 1) = 6 × 12 = 72, except for 1. ● The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to anyone whom we wish to be able to send us encrypted messages. ● Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d =

● Check that the d calculated is correct by computing − de = 29 × 5 = 145 = 1 mod 72 ● Hence, public key is (91, 5) and private keys is (91, 29). Encryption and Decryption Once the key pair has been generated, the process of encryption and decryption are relatively straightforward and computationally easy. RSA Encryption ● Suppose the sender wish to send some text message to someone whose public key is (n, e). ● The sender then represents the plaintext as a series of numbers less than n.

● To encrypt the first plaintext P, which is a number modulo n. The encryption process is simple mathematical step as − C = Pe^ mod n ● In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then reduced modulo n. This means that C is also a number less than n. ● Returning to our Key Generation example with plaintext P = 10, we get ciphertext C − C = 10 5 mod 91 RSA Decryption ● The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key pair (n, e) has received a ciphertext C. ● Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P. Plaintext = Cd^ mod n ● Returning again to our numerical example, the ciphertext C = 82 would get decrypted to number 10 using private key 29 − Plaintext = 82^29 mod 91 = 10

Source Code:

import java.util.; class Exp { public static void main(String args[]) { Scanner sc=new Scanner(System.in); int d=0; System.out.println("Enter two prime numbers"); int p=sc.nextInt(); int q=sc.nextInt(); int n=pq; System.out.println("n="+n); int e=0; int pn=(p-1)*(q-1);

System.out.println("The public key is (n,e) "+n+", "+e); String t; int c; System.out.println("Enter plaintext"); t=sc.next(); int m = 0; for (int i = 0; i < t.length(); i++){ m += (int)t.charAt(i); } c=((m)^e)%n; System.out.println("The Encryted message is "+m); m=(c^d)%n; System.out.println("The decrypted message is "+t); } } Output: Enter two prime numbers 7 11 n= e= d= The private key is (d) 43 The public key is (n,e) 77, 7 Enter plaintext hello The Encrypted message is 682 The decrypted message is hello

b) RSA Digital signature scheme A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, that the sender cannot deny having sent the message (authentication and non-repudiation), and that the message was not altered in transit. To sign: use a private signing algorithm To verify: use a public verification algorithm Alice wants to sign message m. She computes the signature of m (let’s call it y) and sends the signed message (m,y) to Bob. Bob gets (m,y), runs the verification algorithm on it. The algorithm returns “true” iff y is Alice’s signature of m. The basic protocol:

  1. Alice encrypts the document with her private key.
  2. Alice sends the signed document to Bob.
  3. Bob decrypts the document with Alice’s public key. RSA Signature Scheme
  4. Alice chooses secret odd primes p,q and computes n=pq.
  5. Alice chooses eA with gcd(eA,Φ(n))=1.
  6. Alice computes dA = eA-^1 mod Φ(n).
  7. Alice’s signature is y = mdA mod n.
  8. The signed message is (m,y).
  9. Bob can verify the signature by calculating z = yea mod n. (The signature is valid iff m=z).

Source Code:

import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.Signature; import sun.misc.BASE64Encoder; public class MainClass {

Experiment No. 3 Aim: Write a program to implement Diffie-Hellman Algorithm. Objectives:

  • To understand the principles of symmetric key cryptography.
  • To understand the Diffie-Hellman Key exchange algorithm.
  • To understand the possible attacks on Diffie-Hellman. Outcomes: The learner will be able to Apply the cryptosystem to ensure secure key exchange between sender and receiver. Hardware / Software Required: C/C++/JAVA. Theory: Diffie-Hellman key exchange is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. The Diffie–Hellman key exchange algorithm solves the following dilemma. Alice and Bob want to share a secret key for use in a symmetric cipher, but their only means of communication is insecure. Every piece of information that they exchange is observed by their adversary Eve. How is it possible for Alice and Bob to share a key without making it available to Eve? At first glance it appears that Alice and Bob face an impossible task. It was a brilliant insight of Diffie and Hellman that the difficulty of the discrete logarithm problem for F*p provides a possible solution. The simplest, and original, implementation of the protocol uses the Multiplicative group of integers modulo p, where p is prime and g is primitive root mod p. Here is an example of the protocol:
  1. Alice and Bob agree to use a prime number p=23 and base g=5.
  2. Alice chooses a secret integer Xa=6, then sends Bob (g^XA) mod p. 56 mod 23 = 8.
  3. Bob chooses a secret integer Xb=15, then sends Alice (g^XB) mod p. 515 mod 3 = 19.
  4. Alice computes YA = (g^XA) mod p. 196 mod 23 = 2.
  5. Bob computes YB = (g^XB) mod p. 815 mod 23 = 2.

In the original description, the Diffie-Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack. A person in the middle may establish two distinct Diffie-Hellman key exchanges, one with Alice and the other with Bob, effectively masquerading as Alice to Bob, and vice versa, allowing the attacker to decrypt (and read or store) then re-encrypt the messages passed between them. A method to authenticate the communicating parties to each other is generally needed to prevent this type of attack. Algorithm: Alice and Bob, two users who wish to establish secure communications. We can assume that Alice and Bob know nothing about each other but are in contact.

  1. Communicating in the clear, Alice and Bob agree on two large positive integers, p and g, where p is a prime number and g is a primitive root mod p.
  2. Alice randomly chooses another large positive integer, XA, which is smaller than p. XA will serve as Alice's private key.
  3. Bob similarly chooses his own private key, XB.
  4. Alice computes her public key, YA, using the formula YA = (g^XA) mod p.
  5. Bob similarly computes his public key, YB, using the formula YB = (g^XB) mod p.
  6. Alice and Bob exchange public keys over the insecure circuit.
  7. Alice computes the shared secret key, k, using the formula k = (YB ^XA) mod p.
  8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod p.
  9. Alice and Bob communicate using the symmetric algorithm of their choice and the shared secret key, k, which was never transmitted over the insecure circuit.

Source Code:

import java.util.*; import java.math.BigInteger; public class DiffieHellman { final static BigInteger one = new BigInteger("1"); public static void main(String args[]) { Scanner stdin = new Scanner(System.in); BigInteger n; // Get a start spot to pick a prime from the user. System.out.println("Enter the first prime no:");

System.out.println("The Key B calculates is" + KeyBCalculates + "."); } public static BigInteger getNextPrime(String ans) { BigInteger test = new BigInteger(ans); while (!test.isProbablePrime(99)) test = test.add(one); return test; } }

Output:

Enter the first prime no: 7 First prime is: 7. Enter the second prime no(between 2 and n-1): 3 Person A: enter your secret number now.i.e any random no(x) 10 Person A sends4to person B. Person B: enter your secret number now.i.e any random no(y) 6 Person B sends1to person A. A takes1raises it to the power10mod The Key A calculates is 1. B takes4raises it to the power6mod The Key B calculates is 1. Conclusion: The Diffie-Hellman key exchange algorithm is used to make secure channel to share secret key between sender and receiver.

Experiment No. 4 Aim: For varying message sizes, test integrity of message using MD-5, SHA-1, and analyse the performance of the two protocols. Use crypt APIs Objectives:

  • To understand the applications of cryptographic hash functions.
  • To distinguish between MD5 & SHA-1.
  • To differentiate between hashing and encryption. Outcomes: The learner will be able to Apply security techniques and technologies to solve real-life security problems in practical systems. Hardware / Software Required: C/C++/JAVA. Theory: MD5 (Message Digest algorithm 5) is a widely used cryptographic hash function with a 128 bit hash value. An MD5 hash is typically expressed as a 32 digit hexadecimal number. MD5 processes a variable length message into a fixed length output of 128 bits. The input message is broken up into chunks of 512 bit blocks (sixteen 32bit little endian integers) ; The message is padded so that its length is divisible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits less than a multiple of 512. The remaining bits are filled up with a 64bit integer representing the length of the original message, in bits. Figure 1: One MD5 operation. MD5 consists of 64 of these operations, grouped in four rounds of 16 operations. F is a nonlinear function; one function is used in each round. Mi denotes a 32bit block of the message input, and Ki denotes a 32bit constant, different for each operation.