Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Final Lab Manual CRNS

Download as pdf or txt
Download as pdf or txt
You are on page 1of 62

Chandubhai S.

Patel Institute of Technology-Changa


Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-1
Aim: Implement Virus/Antivirus.
VIRUS(Vital Information Resources Under Seize): A computer virus is a program or piece
of code that is loaded onto your computer without your knowledge and runs against your
wishes.
What Does Computer virus do?
Through the course of using the Internet and your computer, you may have come in to
contact with computer viruses. Many computer viruses are stopped before they can start, but
there is still an ever growing concern as to what do computer viruses do and the list of
common computer virus symptoms. A computer virus might corrupt or delete data on your
computer, use your email program to spread itself to other computers, or even erase
everything on your hard disk.
Computer viruses are often spread by attachments in email messages or instant messaging
messages. That is why it is essential that you never open email attachments unless you know
who it's from and you are expecting it.
Viruses can be disguised as attachments of funny images, greeting cards, or audio and video
files. Computer viruses also spread through downloads on the Internet. They can be hidden in
illicit software or other files or programs you might download.
Classification of virus according to it’s working
Macro viruses: A macro is a piece of code that can be embedded in a data file. A macro
virus is thus a virus that exists as a macro attached to a data file. In most respects, macro
viruses are like all other viruses. The main difference is that they are attached to data files
(i.e., documents) rather than executable programs. Document-based viruses are, and will
likely continue to be, more prevalent than any other type of virus.
Worms: Worms are very similar to viruses in that they are computer programs that
replicate functional copies of themselves (usually to other computer systems via network
connections) and often, but not always, contain some functionality that will interfere with the
normal use of a computer or a program. Unlike viruses, however, worms exist as separate

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
entities; they do not attach themselves to other files or programs. Because of their similarity
to viruses, worms also are often referred to as viruses.
Trojan horses: A Trojan horse is a program that does something undocumented which the
programmer intended, but that users would not accept if they knew about it. By some
definitions, a virus is a particular case of a Trojan horse, namely, one which is able to spread
to other programs (i.e., it turns them into Trojans too). According to others, a virus that does
not do any deliberate damage (other than merely replicating) is not a Trojan.

Finally, despite the definitions, many people use the term "Trojan" to refer only to a non-
replicating malicious program.

How to attach a file with executable files.

ains virus also will run without


knowledge of user.

How to create Batch file to shutdown

* @echo off
shutdown -s -t 05 -c "comment"

Then follow procedure describe above. You will find that your machine will shutdown after 1
min.
Note: Implement your own virus
How Does ANTI VIRUS Works

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual

s behaviour from any computer program which might indicate


infection

Note: Study different approaches for Anti-virus software and make one document.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical -2
Aim :- Practical Approach to study Steganography.
-Using Dos Commands
-Using OpenPuff Tool
Solution:
What is a steganography?
The word “steganography” comes from the Greek words steganos, meaning hidden or
covered,
and graphia, meaning to write. Thus, steganography refers to hidden writing or to methods
for
concealing messages. The advantage of steganography is that it allows sensitive information
to
be hidden in ordinary and innocuous carrier files.
Using Dos Commands:
Step 1: You need to write the message in notepad and must select an image to hide that
message with steganography. For Example secret.txt file with message ” I love Charusat.”.
Step 2: select an image. Here for example my image name is input.jpg
Step 3: Combine this image with secret file using dos command
D:> copy /b “d:\input.jpg” + “d:\secret.jpg” output.jpg
Copy /b “c:\img1.jpg” + “c:\test.txt” output.jpg
Step 4: Read secret data.
Just right click on the file that’s just created. In this case it will be crnew.jpg and after that go
to “open with” then select Notepad. After that you will see many lines of code, After that just
get to the end and the message will be there like this below:

Using OpenPuff Tool


It is a professional steganography tool, with unique features you won't find among any other
free or commercial software. OpenPuff is 100% free and suitable for highly sensitive data
covert transmission.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
OpenPuff is a portable/stealth software:

Faster processing
Data Hiding Step By Step :
BEGIN: Open the application and press Hide Button
Step 1: Select passwords to be used while encoding data and hiding it in image. You can
select one or two or three passwords, For better protection select three different passwords.
Step 2: Select the file with secret message that is to be concealed in the image.
Step 3: Select the carrier, that is to be used for hiding the secret message, the carrier can be
any of the supported formats by this tool. The secret message will be embedded into this
carrier file.

Data is split among many carriers. Only the correct carrier sequence enables unhiding.
Moreover, up to 256Mb can be hidden, if you have enough carriers at disposal. Last carrier
will be filled with random bits in order to make it undistinguishable from others.
Supported formats: Images, audios, videos, flash, adobe. Images (BMP, JPG, PCX, PNG,
TGA)
Audio support (AIFF, MP3, NEXT/SUN, WAV)
Video support (3GP, MP4, MPG, VOB)
Flash-Adobe support (FLV, SWF, PDF)
Step 4: Select the Bit-Selection option, this shows how many bits are to be used out of
original data file.
Download the OpenPuff user’s manual: http://embeddedsw.net/doc/OpenPuff_Help_EN.pdf

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical -3
Aim: Implement Ceaser cipher Algorithm and apply brute force attack on above algorithm.
Background
The Caesar cipher is named after the Roman military and political leader Gaius Julius Caesar
(100 BC – 44 BC).1Caesar used this relatively simple form of ciphering to encode military
messages.
Type: Traditional Symmetric/Monoalphabetic/Substitution/Additive/Encryption Algorithm
The classic version uses the capital letters A-Z, but, in principle, an arbitrary alphabet can be
used. then have Caesar cipher as: The alphabet is shifted by an arbitrary number of positions.
The number of positions is the key-value. Shifting the bottom alphabet 3 positions to the right
yields the following result:

ABCDEFGHIJKLMNOPQRSTUVWXYZ
DEFGHIJKLMNOPQRSTUVWXYZABC

as:
C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
The letter A becomes the letter D. B is replaced by E and C replaced by F, etc. The word
"example" would be encoded by: "hadpsoh".
Security:
The key length is identical to the size of the given alphabet. Using the capital letters A-Z
as alphabet allows 26 different keys, with the 26th key rendered meaningless because it
would map each letter to itself.
Cryptanalysis : The art or process of deciphering coded messages without knowing the key.
technique of trying every possible decryption key is called a brute-force attack.

correct one is found (brute-force analysis). The Caesar cipher can also easily be cracked
with a frequency-analysis.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Kerckhoffs’s Principle : “The enemy knows the system.” a cipher should still be secure
even if
everyone else knows how the cipher works and has the ciphertext (that is, everything except
the key).

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical 4
Aim: Implement Euclidean and extended Euclidean and fast exponential Algorithm.
I. Euclidean Algorithm
The Euclidean Algorithm finds greatest common divisor (GCD) of two positive integers for
large numbers.
Algorithm:
Extended_ Euclidean (a,b)
{
r1 a; r2b;
while(r2>0)
{
qr1 / r2;
rr1 – q*r2;
r1r2;
r2r;
}
GCD(a,b) r1
}

II. Extended Euclidean Algorithm


The Extended Euclidean algorithm finds the multiplicative inverse of b in Zn. When n and b
are given and gcd(n,b)=1.
Algorithm:
Extended_Euclidean(n,b)
{
r1 n; r2b;
t10; t2 1;
while(r2>0)
{

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
qr1 / r2;
rr1 – q*r2;
r1r2;
r2r;
tt1 – q*t2;
t1t2;
t2t;
}
if(r1==1)
{
if(t1<0)
{
b-1  t1+ n
}
else
b-1  t1;
}
else
print "Inverse is not Possible
}

III. Fast Exponential Algorithm


In Cryptography, a common modular operation is Exponential. That is need to calculate
y=ax mod n
Most computer languages have no operator that can efficiently compute exponentiation,
particularly when the exponent is very large. In traditional algorithms only multiplication is
used to simulate exponentiation, but the Fast Exponentiation algorithm uses both squaring
and multiplication.
Main idea behind this method is to treat the exponent as a binary number of n .

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Example x=22=(10110)2.
a22 mod n = a (10110)2 mod n.
Algorithm: To calculate ax mod n
Fast_ Exponential (a,x,n)
{
c  0;
d 1;
for i k down to 0 (MSB to LSB)
do
c2*c;
d (d*d) mod n
if( bi==1)
then
c c+1
d (d*a) mod n
return d;
}

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical 5
Aim: Implement RSA Algorithm.
The most common public-key algorithm is the RSA cryptosystem, named for its inventors
(Rivest, Shamir, and Adleman).
The RSA algorithm involves three steps:
1. Key generation
2. Encryption
3. Decryption.

Step 1: Use Practical 4 Euclidian and Extended Euclidian Function

Step2 and 3 : Use Practical 4 Fast Exponential Function

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual

Example:
Jennifer creates a pair of keys for herself. She chooses p = 397 and q = 401. She calculates n
= 159197. She then calculates f(n) = 158400. She then chooses e = 343 and d = 12007. Show
how Ted can send a message to Jennifer if he knows e and n.
Suppose Ted wants to send the message “NO” to Jennifer. He changes each character to a
number (from 00 to 25), with each character coded as two digits. He then concatenates the
two coded characters and gets a four-digit number. The plaintext is 1314. Figure 10.7 shows
the

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical 6
Aim: Implement S-DES symmetric encryption Algorithm.

Assume input 10-bit key, K, is: 1010000010


Then the steps for generating the two 8-bit round keys, K1 and K2, are:
1. Rearrange K using P10: 1000001100
2. Left shift by 1 position both the left and right halves: 00001 11000
3. Rearrange the halves with P8 to produce K1: 10100100
4. Left shift by 2 positions the left and right halves: 00100 00011
5. Rearrange the halves with P8 to produce K2: 01000011

K1 and K2 are used as inputs in the encryption and decryption stages.


Assume a 8-bit plaintext, P: 01110010

Then the steps for encryption are:


1. Apply the initial permutation, IP, on P: 10101001
2. Assume the input from step 1 is in two halves, L and R: L=1010, R=1001

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
3. Expand and permutate R using E/P: 11000011
4. XOR input from step 3 with K1: 10100100 XOR 11000011 = 01100111

5. Input left halve of step 4 into S-Box S0 and right halve into S-Box S1:
a. For S0: 0110 as input: b1,b4 for row, b2,b3 for column
b. Row 00, column 11 -> output is 10
c. For S1: 0111 as input:
d. Row 01, column 11 -> output is 11
6. Rearrange outputs from step 5 (1011) using P4: 0111
7. XOR output from step 6 with L from step 2: 0111 XOR 1010 = 1101
8. Now we have the output of step 7 as the left half and the original R as the right half.
Switch the halves and move to round 2: 1001 1101
9. E/P with right half: E/P(1101) = 11101011
10. XOR output of step 9 with K2: 11101011 XOR 01000011 = 10101000
11. Input to s-boxes:
a. For S0, 1010
b. Row 10, column 01 -> output is 10

c. For S1, 1000


d. Row 10, column 00 -> output is 11
12. Rearrange output from step 11 (1011) using P4: 0111
13. XOR output of step 12 with left halve from step 8: 0111 XOR 1001 = 1110
14. Input output from step 13 and right halve from step 8 into inverse IP
a. Input us 1110 1101
b. Output is: 01110111
So our encrypted result of plaintext 01110010 with key 1010000010 is: 01110111

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-7
Aim: Practical approach to study Footprinting: Gathering Target Information.

THEORY:

Footprinting is defined as the process of creating a blueprint or map of an organization’s


network and systems. Information gathering is also known as Footprinting an organization.
Footprinting begins by determining the target system, application, or physical location of the
target. Once this information is known, specific information about the organization is
gathered using nonintrusive methods. For example, the organization’s own web page may
provide a personnel directory or a list of employee bios, which may prove useful if the hacker
needs to use a social-engineering attack to reach the objective.

The information the hacker is looking for during the Footprinting phase is anything that gives
clues as to the network architecture, server, and application types where valuable data is
stored. Before an attack or exploit can be launched, the operating system and version as well
as application types must be uncovered so the most effective attack can be launched against
the target. Here are some of the pieces of information to be gathered about a target during
Footprinting:

 Domain name
 Network blocks
 Network services and applications
 System architecture
 Intrusion detection system
 Authentication mechanisms
 Specific IP addresses
 Access control mechanisms
 Phone numbers
 Contact addresses

Once this information is compiled, it can give a hacker better insight into the organization,
where valuable information is stored, and how it can be accessed.

Reference: Certified Ethical Hacker Study Guide (Book)

CODE: // Times New Roman 14

OUTPUT: // (SCREENSHOT) // Times New Roman 14

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Demo of Followings Tools

1. Dmitry –Deepmagic Reference : https://goo.gl/6jmBrr


2. UA Tester Reference : https://goo.gl/L13ovz
3. Whatweb Reference : https://goo.gl/0lCGdK

QUESTION/ANSWERS: // Times New Roman 14

1. How to use features of Dmitry –Deepmagic ?


// Times New Roman 12
2. How to use features of UA Tester ?
// Times New Roman 12
3. How to use features of Whatweb ?
// Times New Roman 12

CONCLUSION: // Times New Roman 14

// Times New Roman 12

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-8
Aim:Practical approach to study Scanning and Enumeration Techniques.

Scanning and Enumeration- Second Step Of Ethical Hacking.

After Completing 1st step of Ethical Hacking: Information Gathering, Will perform step 2

Scanning:
Scanning is a common technique used by a penetration tester to find out the open doors.

Enumeration:
Enumeration is the first attack on target network; enumeration is the process to gather the
information about a target machine by actively connecting to it.

Q:1 Using Scanning Which information can found?

Q:2 What is open port, null session, reverse_tcp?

Q:3 Study nmap and metasploit software of kali linux.

Q:4 Understand following terms:


1. Vulnerability
2. Exploit
3. Payload

Q:5Exercise

Ping target Machine to check is it live?

1. Find open ports of Target Machine.

$namp –T4 –A –v Targetpcip

(check 445 port is open?)

2. Gather Operating system Information of Target Machine.

Goto--> Terminal
Type
$ msfconsole
msf>use auxiliary/scanner/portscan/syn
> set RHOSTS targetmachine ip

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
>set PORTS 445
> run

if you succeed then

Note: TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block)
protocol is used among other things for file sharing in Windows
Again goto terminal--> your home dir

-Find Operating system type and version


- Windows having more vulnerability

$ msfconsole
msf> use auxiliary/scanner/smb/smb_version
>set RHOSTS Targetmachineip
>run

3. You found target machine's OS version- now find its vulnerability and perform attack

$ msfconsole
msf> use auxiliary/dos/windows/rdp/ms12_0_020_maxchannelids
>show options
>set RHOST targetip
>exploit

Check target PC. (Blue screen error)

4. What are the countermeasures for this attack?


5. Demonstrate any two other vulnerability of Windows or Linux.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-9
Aim: Practical approach to study System Hacking.

1) How to crack a password?


Ans:
 Many hacking attempts start with getting a password to a target system. Passwords are
the key piece of information needed to access a system, and users often select
passwords that are easy to guess. Information gathering and reconnaissance can help
give away information that will help a hacker guess a user’s password.
 Once a password is guessed or cracked, it can be the launching point for escalating
privileges, executing applications, hiding files, and covering tracks. If guessing a
password fails then passwords may be cracked manually or with automated tools such
as a dictionary or brute-force method.
 Manual password cracking involves attempting to log on with different passwords.
The hacker follows these steps:
1. Find a valid user account (such as Administrator or Guest).
2. Create a list of possible passwords.
3. Rank the passwords from high to low probability.
4. Key in each password.
5. Try again until a successful password is found.
 A hacker can also create a script file that tries each password in a list. This is still
considered manual cracking, but it’s time consuming and not usually effective.
 A more efficient way of cracking a password is to gain access to the password file on
a system. Most systems hash (one-way encrypt) a password for storage on a system.
During the logon process, the password entered by the user is hashed using the same
algorithm and then compared to the hashed passwords stored in the file.
 A hacker can attempt to gain access to the hashing algorithm stored on the server
instead of trying to guess or otherwise identify the password. If the hacker is
successful, they can decrypt the passwords stored on the server.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
2) How to use Ophcrack to Crack Passwords
1. Download and install ophcrack from http://ophcrack.sourceforge.net/.
2. Run the ophcrack program and set the number of threads under the Preferences tab to the
number of cores of the computer running ophcrack plus one. If you change this value, you
have to exit ophcrack and restart it in order to save the change.
Note: This step is optional but will speed up the cracking process.
3. Click the Load button to add hashes. There are numerous ways to add the hashes:
 Enter the hash manually (NN Single Hash option)
 NN Import a text file containing hashes you created with pwdump, fgdump, or similar
third-party tools (PWDUMP File option)
 NN Extract the hashes from the SYSTEM and SAM files (Encrypted SAM option)
 NN Dump the SAM from the computer ophcrack is running on (Local SAM option)
 NN Dump the SAM from a remote computer (Remote SAM option)

4. Click the Tables button.


5. Click the enable (green and yellow) buttons.
6. Using the up and down arrows, sort the rainbow tables you are going to use. Keep in mind
that storing the rainbow tables on a fast medium like a hard disk will significantly speed up
the cracking process.
7. Click the Crack button to start the cracking process. You’ll see the progress of the cracking
process in the bottom boxes of the ophcrack window. When a password is found, it will be
displayed in the NT Pwd field. You can save the results of a cracking session at any time by
clicking the Save button.

3) Explain LAN Manager Hash method.

Ans:

Windows 2000 uses NT LAN Manager (NTLM) hashing to secure passwords in transit on the
network. Depending on the password, NTLM hashing can be weak and easy to break.
For example, let’s say that the password is 123456abcdef.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
 When this password is encrypted with the NTLM algorithm, it’s first converted to all
uppercase: 123456ABCDEF.
 The password is padded with null (blank) characters to make it 14 characters long:
123456ABCDEF__.
 Before the password is encrypted, the 14-character string is split in half: 123456A and
BCDEF__. Each string is individually encrypted, and the results are concatenated.
 123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15.
4) Explain Key loggers.
Ans:
 If all other attempts to gather passwords fail, then a keystroke logger is the tool of
choice for hackers. Keystroke loggers (keyloggers) can be implemented either using
hardware or software.
 Hardware keyloggers are small hardware devices that connect the keyboard to the PC
and save every keystroke into a file or in the memory of the hardware device. In order
to install a hardware keylogger, a hacker must have physical access to the system.
 Software keyloggers are pieces of stealth software that sit between the keyboard
hardware and the operating system so that they can record every keystroke. Software
keyloggers can be deployed on a system by Trojans or viruses.
 Spector is spyware that records everything a system does on the Internet, much like a
surveillance camera. Spector automatically takes hundreds of snapshots every hour of
whatever is on the computer screen and saves these snapshots in a hidden location on
the system’s hard drive. Spector can be detected and removed with Anti-spector.

 eBlaster is Internet spy software that captures incoming and outgoing emails and
immediately forwards them to another email address. eBlaster can also capture both
sides of an Instant Messenger conversation, perform keystroke logging, and record
websites visited.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
 Invisible KeyLogger Stealth (IKS) Software Logger is a high-performance virtual
device driver (VxD) that runs silently at the lowest level of the Windows 95, 98, or
ME operating system. All keystrokes are recorded in a binary keystroke file.
 Fearless Key Logger is a Trojan that remains resident in memory to capture all user
keystrokes. Captured keystrokes are stored in a log file and can be retrieved by a
hacker.
 E‑mail Keylogger logs all emails sent and received on a target system. The emails can
be viewed by sender, recipient, subject, and time/date. The email contents and any
attachments are also recorded.
5) What are the different ways for hiding files?
Ans:
A hacker may want to hide files on a system to prevent their detection. These files may then
be used to launch an attack on the system. There are two ways to hide files in Windows.
 The first is to use the attrib command. To hide a file with the attrib command, type the
following at the command prompt:
attrib +h [file/directory]
 The second way to hide a file in Windows is with NTFS alternate data streaming.
To create and test an NTFS file stream:

1. At the command line, enter notepad test.txt.


2. Put some data in the file, save the file, and close Notepad. Step 1 will open
Notepad.
3. At the command line, enter dir test.txt and note the file size.
4. At the command line, enter notepad test.txt:hidden.txt. Type some text
into
Notepad, save the file, and close it.
5. Check the file size again (it should be the same as in step 3).
6. Open test.txt. You see only the original data.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
7. Enter type test.txt:hidden.txt at the command line. A syntax error message
is displayed.

6) What are the different Steganography technologies?

Ans:

Steganography is the process of hiding data in other types of data such as images or text files.
The most popular method of hiding data in files is to utilize graphic images as hiding places.
Attackers can embed any information in a graphic file using steganography. The hacker can
hide directions on making a bomb, a secret bank account number, or answers to a test. Any
text imaginable can be hidden in an image.

ImageHide is a steganography program that hides large amounts of text in images. Even after
adding bytes of data, there is no increase in the image size. The image looks the same in a
normal graphics program. It loads and saves to files and therefore is able to bypass most
email sniffers.

Blindside is a steganography application that hides information inside BMP (bitmap) images.
It’s a command-line utility.

MP3Stego hides information in MP3 files during the compression process. The data is
compressed, encrypted, and then hidden in the MP3 bitstream.

Snow is a whitespace steganography program that conceals messages in ASCII text by


appending whitespace to the end of lines. Because spaces and tabs generally aren’t visible in
text viewers, the message is effectively hidden from casual observers. If the built-in
encryption is used, the message can’t be read even if it’s detected.

Conclusion:

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual

By this practical, we get to learn different types of ways to crack password,


steganography techniques and how a system can be hacked.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-10
Aim: Practical approach to study Social Engineering and reverse social engineering to perform
ethical hacking.

1) Explain Social Engineering.


Ans :

 Social engineering is a non-technical method of breaking into a system or network. It


is the process of deceiving users of a system and convincing them to perform acts
useful to the hacker, such as giving out information that can be used to defeat or
bypass security mechanisms.
 Social engineering is important to understand because hackers can use it to attack the
human element of a system and circumvent technical security measures. This method
can be used to gather information before or during an attack.
 A social engineer commonly uses the telephone or Internet to trick people into
revealing sensitive information or to get them to do something that is against the
security policies of the organization. By this method, social engineers exploit the
natural tendency of a person to trust their word, rather than exploiting computer
security holes.
 The most dangerous part of social engineering is that companies with authentication
processes, firewalls, virtual private networks, and network-monitoring software are
still wide open to attacks, because social engineering doesn’t assault the security
measures directly.

2) Explain different types of Social Engineering attacks.


Ans:
Social engineering can be broken into two common types:
Human-Based: Human-based social engineering refers to person-to-person interaction to
retrieve the desired information. An example is calling the help desk and trying to find out a
password.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Computer-Based: Computer-based social engineering refers to having computer software
that attempts to retrieve the desired information. An example is sending a user an email and
asking them to re-enter a password in a web page to confirm it. This social-engineering attack
is also known as phishing.
3) Explain different types of Human Based Social Engineering techniques.
Ans:
Human-based social engineering techniques can be broadly categorized as follows:
Impersonating an Employee or Valid User In this type of social-engineering attack, the
hacker pretends to be an employee or valid user on the system. A hacker can gain physical
access by pretending to be a janitor, employee, or contractor. Once inside the facility, the
hacker gathers information from trashcans, desktops, or computer systems.
Posing as an Important User In this type of attack, the hacker pretends to be an important
user such as an executive or high-level manager who needs immediate assistance to gain
access to a computer system or files. The hacker uses intimidation so that a lower-level
employee such as a help desk worker will assist them in gaining access to the system. Most
low-level employees won’t question someone who appears to be in a position of authority.
Using a Third Person Using the third-person approach, a hacker pretends to have permission
from an authorized source to use a system. This attack is especially effective if the supposed
authorized source is on vacation or can’t be contacted for verification.
Calling Technical Support Calling tech support for assistance is a classic social-engineering
technique. Help desk and technical support personnel are trained to help users, which makes
them good prey for social-engineering attacks.
Shoulder Surfing Shoulder surfing is a technique of gathering passwords by watching over a
person’s shoulder while they log in to the system. A hacker can watch a valid user log in and
then use that password to gain access to the system.
Dumpster Diving Dumpster diving involves looking in the trash for information written on
pieces of paper or computer printouts. The hacker can often find passwords, filenames, or
other pieces of confidential information.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
4) Explain Reverse Social Engineering.
Ans:
Using this technique, a hacker creates a persona that appears to be in a position of authority
so that employees ask the hacker for information, rather than the other way around. For
example, a hacker can impersonate a help desk employee and get the user to give them
information such as a password.
Conclusion:

By this practical, we get to learn different types of ways to crack password,


steganography techniques and how a system can be hacked.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-11
Aim: Attacking Web Application: SQL injection and Buffer overflows.

Background
Data is one of the most vital components of information systems. Database powered web
applications are used by organization to get data from customers. In the Web application
attack, there are different types of attacks such as buffer overflows, SQL injection, cross-site
scripting and distributed denial-of-service (DDoS) attacks.

SQL Injection
SQL is the acronym for Structured Query Language. It is used to retrieve and manipulate data
in the database. SQL Injection is an attack that poisons dynamic SQL statements to comment
out certain parts of the statement or appending a condition that will always be true.
How SQL Injection Works
The types of attacks that can be performed using SQL injection vary depending on the type of
database engine. The attack works on dynamic SQL statements. A dynamic statement is a
statement that is generated at run time using parameters password from a web form or URI
query string.
Let’s consider a simple web application with a login form. The code for the HTML form is
shown below.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
 The above form accepts the email address and password then submits them to a PHP file
named index.php.
 It has an option of storing the login session in a cookie. We have deduced this from the
remember_me checkbox. It uses the post method to submit data. This means the values are
not displayed in the URL.

Let’s suppose the statement at the backend for checking user ID is as follows

SELECT * FROM users WHERE email = $_POST['email'] AND password =


md5($_POST['password']);

 The above statement uses the values of the $_POST[] array directly without sanitizing
them.
 The password is encrypted using MD5 algorithm.
We will illustrate SQL injection attack using sqlfiddle. Open the
URLhttp://sqlfiddle.com/#!2/3286e/1 in your web browser. You will get the following
window.

Step 1) Enter this code in left pane


CREATE TABLE `techpand`.`users` (`id` INT NOT NULL AUTO_INCREMENT, `email`
VARCHAR(45) NULL, `password` VARCHAR(45) NULL, PRIMARY KEY (`id`));

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
insert into users (email,password) values ('m@m.com',md5('abc'));

Step 2) Enter this code in right pane


select * from users;
Step 3) Click Build Schema
Step 4)Click Run SQL. You will see following result

Suppose a user supplies admin@admin.sys and 1234 as the password. The statement to be
executed against the database would be

SELECT * FROM users WHERE email = 'admin@admin.sys' AND password = md5('1234');


The above code can be exploited by commenting out the password part and appending a
condition that will always be true. Let’s suppose an attacker provides the following input in
the email address field.
xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ]
xxx for the password.
The generated dynamic statement will be as follows.
SELECT * FROM users WHERE email = 'xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ] AND
password = md5('1234');
HERE,

 xxx@xxx.xxx ends with a single quote which completes the string quote
 OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to
only one record.
 -- ' AND … is a SQL comment that eliminates the password part.
Copy the above SQL statement and paste it in SQL FiddleRun SQL Text box as shown below

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual

Hacking Activity: SQL Inject a Web Application

We have a simple web application at http://www.techpanda.org/ that is vulnerable to SQL


Injection attacks for demonstration purposes only. The HTML form code above is taken
from the login page. The application provides basic security such as sanitizing the email field.
This means our above code cannot be used to bypass the login.

To get round that, we can instead exploit the password field. The diagram below shows the
steps that you must follow:

Let’s suppose an attacker provides the following input

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
 Step 1: Enter xxx@xxx.xxx as the email address
 Step 2: Enter xxx') OR 1 = 1 -- ]

 Click on Submit button


 You will be directed to the dashboard
The generated SQL statement will be as follows

SELECT * FROM users WHERE email = 'xxx@xxx.xxx' AND password = md5('xxx') OR 1


= 1 -- ]');

The diagram below illustrates the statement has been generated.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
 The statement intelligently assumes md5 encryption is used
 Completes the single quote and closing bracket
 Appends a condition to the statement that will always be true
In general, a successful SQL Injection attack attempts a number of different techniques such
as the ones demonstrated above to carry out a successful attack.

Buffer Overflows
A buffer overflow is an exploit that takes advantage of a program that is waiting on a user's
input. There are two main types of buffer overflow attacks: stack based and heap based. Heap-
based attacks flood the memory space reserved for a program, but the difficulty involved with
performing such an attack makes them rare. Stack-based buffer overflows are by far the most
common.
In a stack-based buffer overrun, the program being exploited uses a memory object known as
a stack to store user input. Normally, the stack is empty until the program requires user input.
At that point, the program writes a return memory address to the stack and then the user's
input is placed on top of it. When the stack is processed, the user's input gets sent to the
return address specified by the program.
However, a stack does not have an infinite potential size. The programmer who develops the
code must reserve a specific amount of space for the stack. If the user's input is longer than
the amount of space reserved for it within the stack, then the stack will overflow. This in
itself isn't a huge problem, but it becomes a huge security hole when combined with
malicious input.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-12
Aim: Demonstrate how Diffie-Hellman key exchange works with Man-In-The-Middle attack.

The Diffie-Hellman protocol is a method for two computer users to generate a shared private
key with which they can then exchange information across an insecure channel. Let the users
be named Alice and Bob. First, they agree on two prime numbers and , where is large
(typically at least 512 bits) and is a primitive root modulo . (In practice, it is a good idea to
choose such that is also prime.) The numbers and need not be kept secret from
other users. Now Alice chooses a large random number as her private key and Bob
similarly chooses a large number . Alice then computes , which she sends to
Bob, and Bob computes , which he sends to Alice.

Now both Alice and Bob compute their shared key , which Alice computes as

and Bob computes as

Alice and Bob can now use their shared key to exchange information without worrying
about other users obtaining this information. In order for a potential eavesdropper (Eve) to do
so, she would first need to obtain knowing only ,
, and .

This can be done by computing from and from . This is


the discrete logarithm problem, which is computationally infeasible for large . Computing
the discrete logarithm of a number modulo takes roughly the same amount of time as
factoring the product of two primes the same size as , which is what the security of the RSA
cryptosystem relies on. Thus, the Diffie-Hellman protocol is roughly as secure as RSA.

In the original description, the Diffie–Hellman exchange by itself does not


provide authentication of the communicating parties and is thus vulnerable to a man-in-the-
middle attack. Mallory may establish two distinct key exchanges, one with Alice and the
other with Bob, effectively masquerading as Alice to Bob, and vice versa, allowing her to
decrypt, then re-encrypt, the messages passed between them. Note that Mallory must
continue to be in the middle, transferring messages every time Alice and Bob communicate.
If she is ever absent, her previous presence is then revealed to Alice and Bob. They will know
that all of their private conversations had been intercepted and decoded by someone in the
channel.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Verify your answer with the following link:
http://www.irongeek.com/diffie-hellman.php

CODE:
#include <iostream>
#include <cstdlib>
using std::cout;
using std::cin;
using std::endl;
using std::system;

long long Exp(const long long& base,long long exp)


{
long long i=1;
for(;i<exp;i++)
i*=base;

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
return i;
}

int main()
{
long long A,B;
long long base,mod;
for(;;)
{
cout << "Base: " << endl;
cin >base;
cout << "Modulus: " << endl;
cin >mod;
cout << "Alice, choose your secret number: " << endl;
cin >A;
cout << "Bob, choose your secret number: " << endl;
cin >B;
long long a=Exp(base,A)%mod;
long long b=Exp(base,B)%mod;
cout << "Alice's value: " << a << endl;
cout << "Bob's value: " << b << endl;
long long akey=Exp(b,A)%mod;
long long bkey=Exp(a,B)%mod;
cout << "Alice's key: " << akey << endl;
cout << "Bob's key: " << bkey << endl;
}
system("PAUSE");
return EXIT_SUCCESS;
}

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-13
Aim: Practical approach to study Wireshark & SNORT (Intrusion Detection System and
Prevention System).

Theory:
Wireshark: Will Cover in CN lab
SNORT(Intrusion Detection/Prevention System).

What is IDS?

The principle of intrusion detection isn’t new. Whether it’s car alarms or closed-circuit
televisions, motion detectors or log analyzers, many folks with assets to protect have a vested
interest in knowing when unauthorized persons are probing their defenses, sizing up their
assets, or running off with crucial data. With respect to computer networks, and how using
Snort can help overworked security administrators know when someone is running off with
their digital assets.
Webster’s defines an intrusion as:

“The act of thrusting in, or of entering into a place or state without invitation, right, or
welcome.”

Like firewalls, IDSes can be software based or can combine hardware and software in the
form of preinstalled and preconfigured stand-alone IDS devices. IDS software may run on the
same devices or servers where firewalls, proxies, or other boundary services operate, though
separate IDS sensors and managers are more popular. Nevertheless, an IDS not running on
the same device or server where the firewall or other services are installed will monitor those
devices with particular closeness and care. Although such devices tend to be deployed at
network peripheries, IDSes can detect and deal with insider attacks as well as external
attacks, and are often very useful in detecting violations of corporate security policy and
other internal threats.

IDSes are classified by their functionality and are loosely grouped into the following
three main categories:

1. Network-based intrusion detection system (NIDS):


IDSes that monitor network links and backbones looking for attack signatures
are called network-based IDSes.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual

2. Host-based intrusion detection system (HIDS)


IDSes that operate on hosts and defend and monitor the operating and file systems for
signs of intrusion and are called hostbased IDSes

3. Distributed intrusion detection system (DIDS)


Groups of IDSes functioning as remote sensors and reporting to a central

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
management station are known as distributed IDSes (DIDSes).

IDS Different Approach:

1. signature detection:
This resembles the way many antivirus programs use virus signatures to recognize and
block infected files, programs, or active Web content from entering a computer system,
except that it uses a database of traffic or activity patterns related to known attacks, called
attack signatures. Indeed, signature detection is the most widely used approach in
commercial IDS technology today.

2. anomaly detection
It uses rules or predefined concepts about “normal” and “abnormal” system activity
(called heuristics) to distinguish anomalies from normal system behavior and to monitor,
report, or block anomalies as they occur. Some anomaly detection IDSes implement user
profiles.These profiles
are baselines of normal activity and can be constructed using statistical sampling, rule-
base approaches, or neural networks.

Introduction

As described in SNORT official web site, “SNORT is an open source network intrusion
prevention and detection system utilizing a rule-driven language, which combines the

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
benefits of signature, protocol and anomaly based inspection methods”. SNORT is most
widely used open source IDS till date. Many UTMs uses SNORT to provide services to their
clients. SNORT has introduced inline mode which can be used to drop packets. Thus using
inline mode, SNORT can be used as firewall as well. Let us go over all modes in which
SNORT can be run

SNORT Modes

SNORT can be configured to run in one of the following modes

• Sniffer mode – If SNORT is ran in sniffer mode, it captures all the packets and shows it to
screen. By redirecting screen output, it is possible to capture all packets in file. This mode is
widely used to troubleshoot network problems.

• Packet Logger mode: This mode is similar to sniffer mode, In stead of showing packets to
screen, SNORT logs all the packets to log file if running in Packet logger mode.

• Network Intrusion Detection System (NIDS) mode – NDIS is most widely used mode for
SNORT. When SNORT is running in NDIS mode, It allows to write rules (using regex).
SNORT checks each packet with matching expression and performs predefined operation.

• Inline mode – This is most important mode for writing any firewall rule. When SNORT is
running in inline mode, it captures packets, analyze it and drop/pass packet depending on
rule. It uses iptables to drop packets.

Typical SNORT Rule

Any typical SNORT rule can be divided in two different parts – Rule Header and Rule
Options .

The rule header contains the information that defines the who, where, and what of a packet,
as well as what to do in the event that a packet with all the attributes indicated in the rule
should show up. The first item in a rule is the rule action. The rule action tells Snort what to
do when it finds a packet that matches the rule criteria.

Here's the general form of a Snort rule:

Action protocol src_ip src_port direction dst_ip dst_port (options)

Rule Header :

Rule header consists of following variables •

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Rule Action - This variable indicates what operation needs to perform when matching
packet has arrived. Possible values are alert, drop, pass, reject

 Alert – generate an alert using the selected alert method, and then log the packet
 Drop – block and log the packet
 Pass – ignore the packet
 Reject – block the packet, log it, and then send a TCP reset if the protocol is TCP or
an ICMP port unreachable message if the protocol is UDP.

Protocol – This variable indicates which protocol SNORT has to look for. Possible values
are
IP,ICMP,TCP and UDP.
 IP Address – It is possible to block requests from certain IP addresses only. SNORT will
analyze only packets from specified IP in this variable. If value “any” is specified in this
variable, SNORT will analyze all the packets for the rule
 Port– It is possible to block requests for certain Port only. SNORT will analyze only
packets for specified Port in this variable. If value “any” is specified in this variable,
SNORT will analyze all the packets.
 Direction operator – It is possible to configure SNORT to check only either inbound
traffic or inbound/outbound traffic. To specify this, there are two different operators
which need to use. “->” can be used to specify all inbound traffic (Requests), “<-” can be
used to specify inbound/outbound traffic

Rule Options
Writing rule options are equally important as writing rule headers. Following are some key
information about rule options.
 All SNORT rule options are separated from each other using “;”
 Rules argument are supplied using “:”
 Word “PCRE” is used to specify support for PERL style regex
 In case of web application rules, when PCRE is used without a “uricontent”, SNORT
evaluates the first URI only thus it is advisable to use either content or uricontent to
search pattern in all URI. (Chances of bypassing is possible if not used)

Necessary documents are attached on Edmodo group

Installing Snort 2.9 on Windows 7

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Go to this link:
http://www.itmasterservices.com/wordpress/2013/10/installing-snort-2-9-on-
windows-7/

Generating Snort Rule:

http://paginas.fe.up.pt/~mgi98020/pgr/writing_snort_rules.htm
Sample Rules

Example: generate alert message if other machine ping your machine.

alert icmp 192.168.0.1 any <- any any (msg:”some one is pinging you”;sid:1)

 The word “alert” shows that this rule will generate an alert message when the criteria are
met for a captured packet. The criteria are defined by the words that follow.

 The “icmp” part shows that this rule will be applied on icmp packets.

 192.168.0.1 Source IP
 any source Port
 Destination IP is any
 Destination Port any
 Message that generated by IDS rule.

Example - Blocking Special characters for SQL Injection

drop TCP any any -> 10.18.19.201 80 (flow:to_server; content:!"GET"; nocase;


pcre="[\'\"\;\:\|\&\$\%\@\\\/<>()+,]")

Above rule will


• Drop all request matching criteria
• Performs analysis for TCP packets
• From any Source IP
• From any source Port
• Destination IP is 10.18.19.201

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
• Destination Port is 80 (HTTP)
• Content should have value “GET “ – This rule will only work on GET requests, similarly
rule
can be written for POST request as well.
• Word “nocase” specifies matching is not case sensitive
• Regular expression mentioned in “pcre="[\'\"\;\:\|\&\$\%\@\\\/<>()+,]” will not allow ' " ; : |
& @ \ / < > ( ) + , characters in request. Thus above rule will drop all packets which has GET
request and ' " ; : | & @ \ / < > ( ) + , characters in URL.

Limitations of SNORT :As we saw, Generic and application specific rules can be written in
SNORT to provide defense for web application. Up to certain extend, SNORT can replace
your paid web application firewall. But SNORT has following limitations

• It is not possible to send error page to client as SNORT does not work on HTTP(S).
• It is not possible just to write rule on outbound traffic. Rule can be written either for
both (inbound/outbound) or inbound traffic.

Configure snort in IDS(Intrusion Detection mode):

C:\snort\bin\snort –A console –c c:\snort\etc\snort.conf –l c:\snort\log

Configure snort in IPS (Intrusion Prevention mode -Test InlineMode):

C:\snort\bin\snort --enable-inline-test -c c:\snort\etc\snort.conf -l c:\snort\log

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-14
Aim: Practical approach to Study Penetration Testing.

THEORY:
A penetration test simulates methods that intruders use to gain unauthorized access to an
organization’s network and systems and to compromise them. The purpose of a penetration
test is to test the security implementations and security policy of an organization. The goal is
to see if the organization has implemented security measures as specified in the security
policy.

A hacker whose intent is to gain unauthorized access to an organization’s network is different


from a professional penetration tester. The professional tester lacks malice and intent and
uses their skills to improve an organization’s network security without causing a loss of
service or a disruption to the business.

There are two types of security assessments: external and internal assessments. An external
assessment tests and analyzes publicly available information, conducts network scanning and
enumeration, and runs exploits from outside the network perimeter, usually via the Internet.
An internal assessment is performed on the network from within the organization, with the
tester acting either as an employee with some access to the network or as a black hat with no
knowledge of the environment.

Reference: Certified Ethical Hacker Study Guide (Book)

CODE: // Times New Roman 14

--------------------------------------------------------------------------------------------------------

OUTPUT: // (SCREENSHOT) // Times New Roman 14

Demo of Followings Tools

1. Nmap - Network Mapper Reference : https://goo.gl/1VxFEJ


2. Lynis - Vulnerability Analysis Reference : https://goo.gl/wz4FWl

QUESTION/ANSWERS: // Times New Roman 14

1. How to use features of Nmap?


// Times New Roman 12
2. How to find Vulnerability Analysis of your Operating System?

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-15

Aim: Practical approach to study Web Application Vulnerability.

THEORY:

Web Application analysis is an important part of securing your enterprise. By identifying


vulnerability in software before it is deployed or purchased, Web application testing tools
help ward off threats and the negative impact they can have on competitiveness and profits.
But not all application analysis and security application testing tools are the same. Many
solutions can be a drain on productivity and profits, as they may be expensive to purchase,
cumbersome to maintain, and time-consuming to execute within the application development
security lifecycle. Inaccurate solutions can produce false positives that prevent developers
from solving the most pressing problems in a timely basis.

Reference: http://www.veracode.com/security/application-testing-tool (Web)

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for
finding vulnerabilities in web applications. It is designed to be used by people with a wide
range of security experience and as such is ideal for developers and functional testers who are
new to penetration testing. ZAP provides automated scanners as well as a set of tools that
allow you to find security vulnerabilities manually.

Reference: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project (Web)

CODE: // Times New Roman 14

--------------------------------------------------------------------------------------------------------

OUTPUT: // (SCREENSHOT) // Times New Roman 14

Demo of Followings Tool

OWASP-ZAP Reference : https://goo.gl/qH7Xa7

QUESTION/ANSWERS: // Times New Roman 14

1. Explain alert feature of OWASP-ZAP ?

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-16
Aim: Perform Phishing Attack/Detection/Prevention.

1) What is phishing?
Ans:
- Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-
looking email in an attempt to gather personal and financial information from
recipients.

- Phishing is a term used to describe a malicious individual or group of individuals


scamming users by sending e-mails or creating web pages that are designed to collect
an individual's online bank, credit card, or other login information.

-Phishing is a fraudulent attempt, usually made through email, to steal your personal
information. The best way to protect yourself from phishing is to learn how to
recognize a phish.

2) How to send fake mail? How to detect and prevent phishing attack using email?
Ans:
Send Fake Mail:
1) Start communication with the server.
2) Create the mail using your fake address.
3) Enter in the recipient's address.
4) Start entering the email information.
5) Create the header.
6) Type the body of your email.
7) Send the email.

Prevent Phishing Attack:

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
1) Guard against spam
2) Communicate personal information only via phone or secure web sites.
3) Do not click on links, download files or open attachments in emails from
unknown senders. It is best to open attachments only when you are expecting them
and know what they contain, even if you know the sender.
4) Never email personal or financial information, even if you are close with the
recipient. You never know who may gain access to your email account, or to the
person’s account to whom you are emailing.
5) Beware of links in emails that ask for personal information, even if the email
appears to come from an enterprise you do business with. Phishing web sites
often copy the entire look of a legitimate web site, making it appear authentic.
To be safe, call the legitimate enterprise first to see if they really sent that email
to you. After all, businesses should not request personal information to be sent
via email.
6) Beware of pop-ups and follow these tips:
-Never enter personal information in a pop-up screen.
-Do not click on links in a pop-up screen.
-Do not copy web addresses into your browser from pop-ups.
-Legitimate enterprises should never ask you to submit personal information in pop-
up screens, so don’t do it.
7) Protect your computer with a firewall, spam filters, anti-virus and anti-
spyware software. Do some research to ensure you are getting the most up-to-
date software, and update them all regularly to ensure that you are blocking
from new viruses and spyware.
8) Check your online accounts and bank statements regularly to ensure that no
unauthorized transactions have been made.

Detect Phishing Attack:

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
4 methods to detect phishing attack:
1. Use a Custom DNS Service
2. Use Your Browser’s Phishing List
3. Use Sites To Check Links
4. Use Your Own Ninja Skills

3) Perform Desktop Phishing by domain spoofing.


Ans:
1. Attacker sends an executable/batch file to victim and victim is supposed to double
click on it. Attacker's job is done.
2. Victim types the domain name of original/genuine website and is taken to our fake
login page. But the domain name remains the same as typed by victim and victim
doesn't come to know.
3. Rest of the things are same as in normal phishing.

Conclusion:

By this practical, we get detailed information about Phishing attack

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-17
Aim: Create an Application to protect Password using “Salted Password Hashing” Technique.

What is password hashing?

Hash algorithms are one way functions. They turn any amount of data into a fixed-length
"fingerprint" that cannot be reversed. They also have the property that if the input changes by
even a tiny bit, the resulting hash is completely different (see the example above). This is
great for protecting passwords, because we want to store passwords in a form that protects
them even if the password file itself is compromised, but at the same time, we need to be able
to verify that a user's password is correct.

The general workflow for account registration and authentication in a hash-based account
system is as follows:

1. The user creates an account.


2. Their password is hashed and stored in the database. At no point is the plain-text
(unencrypted) password ever written to the hard drive.
3. When the user attempts to login, the hash of the password they entered is checked
against the hash of their real password (retrieved from the database).
4. If the hashes match, the user is granted access. If not, the user is told they entered invalid
login credentials.
5. Steps 3 and 4 repeat everytime someone tries to login to their account.

In step 4, never tell the user if it was the username or password they got wrong. Always
display a generic message like "Invalid username or password." This prevents attackers from
enumerating valid usernames without knowing their passwords.

It should be noted that the hash functions used to protect passwords are not the same as the
hash functions you may have seen in a data structures course. The hash functions used to
implement data structures such as hash tables are designed to be fast, not secure.
Only cryptographic hash functions may be used to implement password hashing. Hash
functions like SHA256, SHA512, RipeMD, and WHIRLPOOL are cryptographic hash
functions.

It is easy to think that all you have to do is run the password through a cryptographic hash
function and your users' passwords will be secure. This is far from the truth. There are many
ways to recover passwords from plain hashes very quickly. There are several easy-to-

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
implement techniques that make these "attacks" much less effective. To motivate the need for
these techniques, consider this very website. On the front page, you can submit a list of
hashes to be cracked, and receive results in less than a second. Clearly, simply hashing the
password does not meet our needs for security.

How Hashes are Cracked

 Dictionary and Brute Force Attacks

The simplest way to crack a hash is to try to guess the password, hashing each guess, and
checking if the guess's hash equals the hash being cracked. If the hashes are equal, the guess
is the password. The two most common ways of guessing passwords are dictionary
attacks and brute-force attacks.

A dictionary attack uses a file containing words, phrases, common passwords, and other
strings that are likely to be used as a password. Each word in the file is hashed, and its hash is
compared to the password hash. If they match, that word is the password. These dictionary
files are constructed by extracting words from large bodies of text, and even from real
databases of passwords. Further processing is often applied to dictionary files, such as
replacing words with their "leet speak" equivalents ("hello" becomes "h3110"), to make them
more effective.

A brute-force attack tries every possible combination of characters up to a given length.


These attacks are very computationally expensive, and are usually the least efficient in terms
of hashes cracked per processor time, but they will always eventually find the password.
Passwords should be long enough that searching through all possible character strings to find
it will take too long to be worthwhile.

There is no way to prevent dictionary attacks or brute force attacks. They can be made less
effective, but there isn't a way to prevent them altogether. If your password hashing system is
secure, the only way to crack the hashes will be to run a dictionary or brute-force attack on each hash.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
 Lookup Tables

Lookup tables are an extremely effective method for cracking many hashes of the same type
very quickly. The general idea is to pre-compute the hashes of the passwords in a password
dictionary and store them, and their corresponding password, in a lookup table data structure.
A good implementation of a lookup table can process hundreds of hash lookups per second,
even when they contain many billions of hashes.

 Rainbow Tables
Rainbow tables are a time-memory trade-off technique. They are like lookup tables, except
that they sacrifice hash cracking speed to make the lookup tables smaller. Because they are
smaller, the solutions to more hashes can be stored in the same amount of space, making
them more effective. Rainbow tables that can crack any md5 hash of a password up to 8
characters long exist.

Adding Salt

Lookup tables and rainbow tables only work because each password is hashed the exact same
way. If two users have the same password, they'll have the same password hashes. We can
prevent these attacks by randomizing each hash, so that when the same password is hashed
twice, the hashes are not the same.

We can randomize the hashes by appending or prepending a random string, called a salt, to
the password before hashing. As shown in the example above, this makes the same password
hash into a completely different string every time. To check if a password is correct, we need
the salt, so it is usually stored in the user account database along with the hash, or as part of
the hash string itself.

The salt does not need to be secret. Just by randomizing the hashes, lookup tables, reverse
lookup tables, and rainbow tables become ineffective. An attacker won't know in advance
what the salt will be, so they can't pre-compute a lookup table or rainbow table. If each user's
password is hashed with a different salt, the reverse lookup table attack won't work either.

Link for source code: https://crackstation.net/hashing-security.htm

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-18
Aim: Write a program to generate Digital Certificate.

THEORY:
Digital certificates are electronic 'credit cards' that establish your credentials when doing
business or other transactions on the Web. It is issued by a certification authority (CA). It
contains your name, a serial number, expiration dates, a copy of the certificate holder's public
key (used for encrypting messages and digital signatures), and the digital signature of the
certificate-issuing authority so that a recipient can verify that the certificate is real. Some
digital certificates conform to a standard, X.509. Digital certificates can be kept in registries
so that authenticating users can look up other users' public keys.

Link : http://docs.oracle.com/javase/tutorial/security/apisign/

CODE:
Sender Side:
import java.io.*;
import java.security.*;
class GenSig {
public static void main(String[] args) {
//Generate a DSA signature
if (args.length != 1) {
System.out.println("Usage GenSig nameOfFileToSign");
}
else try{
//Generate a key pair
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey priv = pair.getPrivate();
PublicKey pub = pair.getPublic();
//Create a Signature object and initialize it with the private key
Signature dsa = Signature.getInstance("SHA1withDSA", "SUN");
dsa.initSign(priv);
//Update and sign the data
FileInputStream fis = new FileInputStream(args[0]);
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
};
bufin.close();
//Now that all the data to be signed has been read in,
//generate a signature for it

byte[] realSig = dsa.sign();


//Save the signature in a file
FileOutputStream sigfos = new FileOutputStream("sig");
sigfos.write(realSig);
sigfos.close();
//Save the public key in a file
byte[] key = pub.getEncoded();
FileOutputStream keyfos = new FileOutputStream("suepk");
keyfos.write(key);
keyfos.close();
} catch (Exception e) {
System.err.println("Caught exception "+ e.toString());
}
};
}

Receiver Side:
import java.io.*;
import java.security.*;
import java.security.spec.*;
class VerSig {
public static void main(String[] args) {
/* Verify a DSA signature */
if (args.length != 3) {
System.out.println("Usage: VerSig publickeyfile signaturefile datafile");
}
else try{
/* import encoded public key */
FileInputStream keyfis = new FileInputStream(args[0]);
byte[] encKey = new byte[keyfis.available()];
keyfis.read(encKey);
keyfis.close();
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encKey);
KeyFactory keyFactory = KeyFactory.getInstance("DSA", "SUN");

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
/* input the signature bytes */
FileInputStream sigfis = new FileInputStream(args[1]);
byte[] sigToVerify = new byte[sigfis.available()];
sigfis.read(sigToVerify );
sigfis.close();
/* create a Signature object and initialize it with the public key */
Signature sig = Signature.getInstance("SHA1withDSA", "SUN");
sig.initVerify(pubKey);
/* Update and verify the data */
FileInputStream datafis = new FileInputStream(args[2]);
BufferedInputStream bufin = new BufferedInputStream(datafis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
sig.update(buffer, 0, len);
};
bufin.close();
boolean verifies = sig.verify(sigToVerify);
System.out.println("signature verifies: " + verifies);
} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
};

}
}

OUTPUT:

QUESTION-ANSWER:
1) What is digital certificate?
2) What makes up a digital certificate?
3) Why should I use a digital certificate?

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-19
Aim: Implement simple utility to encrypt a file using inbuilt security function.

THEORY:

Encryption and decryption are fundamental requirements of every secure-aware


application, therefore the Java platform provides strong support for encryption and decryption
through its Java Cryptographic Extension (JCE) framework which implements the
standard cryptographic algorithms such as AES, DES, DESede and RSA. This tutorial shows
you how to basically encrypt and decrypt files using the Advanced Encryption Standard
(AES) algorithm. AES is a symmetric-key algorithm that uses the same key for both
encryption and decryption of data.
The Java Security API is a new Java core API, built around the java.security package
(and its subpackages). This API is designed to allow developers to incorporate both low-level
and high-level security functionality into their Java applicationsThe "Java Cryptography
Architecture" (JCA) refers to the framework for accessing and developing cryptographic
functionality for the Java Platform. It encompasses the parts of the JDK 1.1 Java Security
API related to cryptography (currently, nearly the entire API), as well as a set of conventions
and specifications provided in this document. It introduces a "provider" architecture that
allows for multiple and interoperable cryptography implementations.
The Java Cryptography Extension (JCE) extends the JCA API to include encryption
and key exchange. Together, it and the JCA provide a complete, platform-independent
cryptography API. The JCE will be provided in a separate release because it is not currently
exportable outside the United States.
The Java Cryptography Architecture (JCA) was designed around these principles:
 implementation independence and interoperability
 algorithm independence and extensibility
Architecture:

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Cryptography Package Providers
The Java Cryptography Architecture introduces the notion of a Cryptography Package
Provider ("provider" for short). This term refers to a package (or a set of packages) that
supply a concrete implementation of a subset of the cryptography aspects of the Java Security
API. A provider may, for example, contain an implementation of the Digital Signature
Algorithm (DSA) and/or the RSA Cryptosystem (RSA). JDK 1.1 comes standard with a
default provider, named "SUN". The "SUN" provider package includes:
 An implementation of the Digital Signature Algorithm (NIST FIPS 186).
 An implementation of the MD5 (RFC 1321) and SHA-1 (NIST FIPS 180-1) message
digest algorithms.
Each JDK installation has one or more provider packages installed. New providers may be
added statically or dynamically (see the Provider and Security classes). The Java
Cryptography Architecture offers a set of APIs that allow users to query which providers are
installed.
Clients may configure their runtime with different providers, and specify a preference
order for each of them. The preference order is the order in which providers are searched for
requested algorithms when no specific provider is requested.
Key Management
Each Java Virtual Machine has a "system identity scope" (an IdentityScope) which manages
a repository of keys, certificates and trust levels. That repository is available to applications
that need it for authentication or signing purposes. A default IdentityScope for a persistent
database is supplied by the default Cryptography Package Provider, named "SUN". A
different IdentityScope could be utilized as the system scope, if desired.
Engine Classes and Algorithms
Engine classes are classes that provide the functionality of a type of cryptographic algorithm.
The JCA defines a Java class for each engine class. For example, there is
a MessageDigest class, aSignature class, and a KeyPairGenerator class. Users of the API
request and utilize instances of these engine classes to carry out corresponding operations. A
Signature instance is used to sign and verify digital signatures, a MessageDigest instance is
used to calculate the message digest of specified data, and a KeyPairGenerator is used to
generate pairs of public and private keys suitable for a specified algorithm.
An engine class provides the interface to the functionality of a specific type of algorithm,
while its actual implementations (from one or more providers) are those for specific
algorithms. The Signature engine class, for example, provides access to the functionality of a
digital signature algorithm. The actual implementation supplied in a Signature subclass could
be that for any kind of signature algorithm, such as SHA-1 with DSA, SHA-1 with RSA, or
MD5 with RSA.
Core Classes and Interfaces
This section provides a discussion of the core classes and interfaces provided in the general

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
release of the Java Cryptography Architecture:
 the Provider and Security classes
 the MessageDigest, Signature, and KeyPairGenerator engine classes
 the Key and related classes
This section shows the signatures of the main methods in each class and interface. Usage
examples for some of these classes (MessageDigest, Signature, and KeyPairGenerator) are
supplied in the corresponding Examples sections. The complete reference documentation for
the Security API packages can be found in:
 java.security package
 java.security.acl package
 java.security.interfaces package

Basic Steps:
Here are the general steps to encrypt/decrypt a file in Java:
 Create a Key from a given byte array for a given algorithm.
 Get an instance of Cipher class for a given algorithm transformation. See document
of the Cipher class for more information regarding supported algorithms and
transformations.
 Initialize the Cipher with an appropriate mode (encrypt or decrypt) and the given
Key.
 Invoke doFinal(input_bytes) method of the Cipher class to perform encryption or
decryption on the input_bytes, which returns an encrypted or decrypted byte array.
 Read an input file to a byte array and write the encrypted/decrypted byte array to an
output file accordingly.
Key terms:
 java.security.Key
Package java.security Provides the classes and interfaces for the security framework.
The Key interface is the top-level interface for all keys. It defines the functionality shared
by all key objects.
 public class SecretKeySpec extends Object implements KeySpec, SecretKey
This class specifies a secret key in a provider-independent fashion.
It can be used to construct a SecretKey from a byte array, without having to go through a
(provider-based) SecretKeyFactory.
This class is only useful for raw secret keys that can be represented as a byte array and
have no key parameters associated with them, e.g., DES or Triple DES keys.
 public class Cipher extends Object
This class provides the functionality of a cryptographic cipher for encryption and
decryption. It forms the core of the Java Cryptographic Extension (JCE) framework.
In order to create a Cipher object, the application calls the Cipher's getInstance method,
and passes the name of the requested transformation to it.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
A transformation is a string that describes the operation (or set of operations) to be
performed on the given input, to produce some output. A transformation always includes
the name of a cryptographic algorithm (e.g., DES), and may be followed by a feedback
mode and padding scheme.
A transformation is of the form:
"algorithm/mode/padding" or
"algorithm"

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
CODE:
//import packages for file handling.
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
//import package for the cryptography
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.SecretKeySpec;

public class FileEncryption


{
private String algorithm;
private File file;
public FileEncryption(String algorithm,String path)
{
this.algorithm=algorithm;
this.file=new File(path);
}
public void encrypt() throws Exception
{
FileInputStream fis =new FileInputStream(file);
file=new File(file.getAbsolutePath()+".enc");
FileOutputStream fos =new FileOutputStream(file);
//generating key
byte k[] = "AparajitAparajit".getBytes();
SecretKeySpec key = new SecretKeySpec(k,"AES");
//creating and initialising cipher and cipher streams
Cipher encrypt = Cipher.getInstance(algorithm);
encrypt.init(Cipher.ENCRYPT_MODE, key);
CipherOutputStream cout=new CipherOutputStream(fos, encrypt);
byte[] buf = new byte[1024];
int read;
while((read=fis.read(buf))!=-1) //reading data
cout.write(buf,0,read); //writing encrypted data

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
//closing streams
fis.close();
cout.flush();
cout.close();
}
public void decrypt() throws Exception
{
//opening streams
FileInputStream fis =new FileInputStream(file);
file=new File(file.getAbsolutePath()+".dec");
FileOutputStream fos =new FileOutputStream(file);
//generating same key
byte k[] = "AparajitAparajit".getBytes();
SecretKeySpec key = new SecretKeySpec(k,"AES");
//creating and initialising cipher and cipher streams
Cipher decrypt = Cipher.getInstance(algorithm);
decrypt.init(Cipher.DECRYPT_MODE, key);
CipherInputStream cin=new CipherInputStream(fis, decrypt);
byte[] buf = new byte[1024];
int read=0;
while((read=cin.read(buf))!=-1) {
fos.write(buf,0,read); //writing decrypted data
}
//closing streams
cin.close();
fos.flush();
fos.close();
}
public static void main (String[] args)throws Exception
{
//create a file name called test.txt then execute it else Excpetion occurs
new FileEncryption("AES/ECB/PKCS5Padding","C:\\\\Users\\\\
Desktop\\\\suhani\\\\aes\\dec.txt").encrypt();
new FileEncryption("AES/ECB/PKCS5Padding","C:\\\\Users\\\\
Desktop\\\\suhani\\\\aes\\dec.txt.enc").decrypt();
}
}

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
OUTPUT:
Plain text: Encrypted text:

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala
Chandubhai S. Patel Institute of Technology-Changa
Department of Information Technology
Subject Name: Cryptography and Network Security Semester : 6th /B.Tech
Subject Code: IT306.02 Academic Year: Dec-June 2015-2016
Lab Manual
Practical-20
Aim: Implement Caesar cipher using Kernel programming.

Step 1:

Understand linux kernel module.

 Initialization function. Declared by the module_init() macro.


 Clean up function. Declared by the module_exit() macro.

Step 2:

Create Make File using make command.

obj-m+=hello-1.o
 obj–m States that there is one module to be built from the object file hello1.o
 The resulting module is named hello1.ko after being built from the object file

Step 3:

Insert ko file in insmod structure. Find major and minor number for character driver.

Step 4:

Run program.

Practical-21 (Case Study)


Aim: Case Study on Cryptool, Firewall Configuration in Linux, Secure Electronic Transaction
(SET Poster), study Trojan and Backdoors.

Prepared By: Ayesha Shaikh, Neha Patel, Pritesh Prajapati & Vishwa Vala

You might also like