Information Security Laboratory

LAB MANUAL
Information
SECURITY
B.Tech Programme
CSE
(ETCS-401)

Maharaja Surajmal Institute of Technology

Affiliated: GGSIPU
C-4, Janakpuri, New Delhi-110058
 Information Security Laboratory

CONTENTS

1. Introduction

2. Hardware and Software requirements

3. Marking scheme for the practical lab exam

4. Detail of Experiments

5. Expected viva voce questions

6. References
 Information Security Laboratory

1. INTRODUCTION
With the introduction of the computer, the need for automated tools for protecting files
and other information stored on the computer became evident. This is especially the case
for a shared system, such as time-sharing system, and the need is even more acute for
systems that can be accessed over a public telephone network, data network or the
Internet. The generic name for the collection of tools designed to protect data and to
thwart hackers is computer security.
The second major change that affected security is the introduction of distributed systems
and the use of networks and communications facilities for carrying data between terminal
user and computer and between computer and computer. Information security measures
are needed to protect data during their transmission. In fact the term network security is
somewhat misleading, because virtually all business, government, and academic
organizations interconnect their data processing equipment with a collection of
interconnected networks. Such a collection is often referred to as an internet and the term
internet security is used.
Security aspects come into play when it is necessary or desirable to protect the
information transmission from an opponent who may present a threat to
confidentiality, authenticity and so on. All the techniques for providing security
have two components:
(a) A security-related transformation on the information to be sent. Examples
include the encryption of the message, which scrambles the message so
that it is unreadable by the opponent, and the addition of a code based on
the contents of the message, which can be used to verify the identify of the
sender.
(b) Some secret information shared by the two principals and it is hoped,
unknown to the opponent. An example is an encryption key used in
conjunction with the transformation to scramble the message before
transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For

example, a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.
 Information Security Laboratory

2. Lab Requirements

Software requirements: C, C++

Operating System: Windows - XP

Hardware requirements:

P-IV 2.8 GHz

Intel 845 MB/40 GB HDD/ 512 MB

RAM

LAN Card (10/100 Mbps)

 Information Security Laboratory

3. Marking Scheme for the Practical Lab Exam

There will be two practical exams in each semester.

 Internal Practical Exam

 External Practical Exam

Internal Practical Exam:

It is taken by the concerned Faculty member of the batch.
Marking Scheme:
Total Marks: 40
Division of 40 marks is as follows:

1. Regularity: 30
 Weekly performance in the lab
 Attendance
 File

2. Viva Voce: 10

NOTE: For the regularity, marks are awarded to the student out of 10 for
each experiment performed in the lab and at the end the average marks
are giving out of 30.
 Information Security Laboratory

External Practical Exam:

It is taken by the concerned faculty member of the batch and by an external
examiner. In this exam student needs to perform the experiment allotted at
the time of the examination, a sheet will be given to the student in which
Information Security Laboratory some details asked by the examiner needs to

be written and at last viva will be taken by the external examiner.

Marking Scheme:
Total Marks: 60

Division of 60 marks is as follows:

a. Evaluation of the answer sheet 20

b. Viva Voce 15
c. Experiment performance 15
d. File submitted 10
NOTE:
 Internal marks + External marks = Total marks given to the
students
(40 marks) (60 marks) (100 marks)

 Experiments given to perform can be from any section of

the lab.
 Information Security Laboratory

4. Detail of Experiments

Sub Code: ETCS 451

The following experiments shall be conducted using C/C++

1. Write a program to make study of different security protocols like WEP/ WPA2
PSK, 802.1x EAP security protocol. And Implement RC4 Algorithm.
2. Write a Program to implement AES.
3. Write a program to perform Encryption / Decryption using Caesar cipher.

4. Write a program to perform Encryption / Decryption using Mono

alphabetic techniques
5. Write a program to perform Encryption / Decryption using playfair
system.
6. Write a program to perform Encryption / Decryption using Hill cipher
Technique.
7. Write a program to perform Encryption / Decryption using transposition
technique.
8. Write a program to perform Encryption/Decryption using Diffie-Helmen
Key exchange.
9. Write a program for simple RSA algorithm to encrypt and decrypt the
data.
10.Write a program for DES algorithm to encrypt and decrypt the data.
11.Write a program to study a simulation tool related to Information Security.
12. Write a program to study the steps of implementation of VPN using Packet
tracer.
 Information Security Laboratory

Experiment No 1

Study of WEP, WPA2 PSK, 802.1x

EAP

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced

as part of the original 802.11 standard ratified in 1997, its intention was to provide
data confidentiality comparable to that of a traditional wired network.[1] WEP, recognizable by the key
of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice
presented to users by router configuration tools.[2][3]

In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA).
In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both
WEP-40 and WEP-104 have been deprecated

WEP was included as the privacy component of the original IEEE 802.11 standard ratified in 1997.[5]
[6]
 WEP uses the stream cipher RC4 for confidentiality,[7] and the CRC-32checksum for integrity.[8] It
was deprecated in 2004 and is documented in the current standard. [9]

Basic WEP encryption: RC4 keystream XORed with plaintext

Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-
bit initialization vector (IV) to form the RC4 key. At the time that the original WEP standard was
drafted, the U.S. Government's export restrictions on cryptographic technology limited the key size.
Once the restrictions were lifted, manufacturers of access points implemented an extended 128-bit
WEP protocol using a 104-bit key size (WEP-104).

A 64-bit WEP key is usually entered as a string of 10 hexadecimal (base 16) characters (0–9 and A–F).
Each character represents 4 bits, 10 digits of 4 bits each gives 40 bits; adding the 24-bit IV produces
the complete 64-bit WEP key (4 bits × 10 + 24 bits IV = 64 bits of WEP key). Most devices also allow
the user to enter the key as 5 ASCII characters (0–9, a–z, A–Z), each of which is turned into 8 bits
 Information Security Laboratory

using the character's byte value in ASCII (8 bits × 5 + 24 bits IV = 64 bits of WEP key); however, this
restricts each byte to be a printable ASCII character, which is only a small fraction of possible byte
values, greatly reducing the space of possible keys.

A 128-bit WEP key is usually entered as a string of 26 hexadecimal characters. 26 digits of 4 bits each
gives 104 bits; adding the 24-bit IV produces the complete 128-bit WEP key (4 bits × 26 + 24 bits IV =
128 bits of WEP key). Most devices also allow the user to enter it as 13 ASCII characters (8 bits × 13
+ 24 bits IV = 128 bits of WEP key).

A 152-bit and a 256-bit WEP systems are available from some vendors. As with the other WEP variants,
24 bits of that is for the IV, leaving 128 or 232 bits for actual protection. These 128 or 232 bits are
typically entered as 32 or 58 hexadecimal characters (4 bits × 32 + 24 bits IV = 152 bits of WEP key, 4
bits × 58 + 24 bits IV = 256 bits of WEP key). Most devices also allow the user to enter it as 16 or 29
ASCII characters (8 bits × 16 + 24 bits IV = 152 bits of WEP key, 8 bits × 29 + 24 bits IV = 256 bits of
WEP key).

WPA2

WPA2 is a security scheme that specifies two main aspects of your wireless security:

 Authentication: Your choice of PSK ("Personal") or 802.1X ("Enterprise").

 Encryption: Always AES-CCMP.

If you're using WPA2 security on your network, you have two authentication choices: You either have to
use a single password for the whole network that everyone knows (this is called a Pre-Shared Key or
PSK), or you use 802.1X to force each user to use his own unique login credentials (e.g. username and
password).

Regardless of which authentication type you've set up your network to use, WPA2 always uses a scheme
called AES-CCMP to encrypt your data over the air for the sake of confidentiality, and to thwart
various other kinds of attacks.[Ref]
So when the system use AES-CCMP, which user with which username/password has the key of the AES
encryption?

It means after that each user is authenticated, the system encrypts all traffic with temporal 128-bit key and
AES.
 Information Security Laboratory

WPA is an 802.11i-based security solution from the Wi-Fi Alliance that addresses the vulnerabilities of
WEP. WPA uses Temporal Key Integrity Protocol (TKIP) for encryption and dynamic encryption key
generation by using either a pre-shared key, or RADIUS/802.1x-based authentication. The mechanisms
introduced into WPA were designed to address the weakness of the WEP solution without requiring
hardware upgrades. WPA2 is the next generation of Wi-Fi security and is also based on the 802.11i
standard. It is the approved Wi-Fi Alliance interoperable implementation of the ratified IEEE 802.11i
standard. WPA 2 offers two classes of certification: Enterprise and Personal. Enterprise requires
support for RADIUS/802.1x-based authentication and pre-shared key (Personal) requires only a
common key shared by the client and the AP.

the key exchange will be done by using PMK(Pairwise Master Key) and EAP-TLS

Key Management for Link Layer Security Key Management for Link Layer Securit
If you're using WPA2 security on your network, you have two authentication choices: You either have to
use a single password for the whole network that everyone knows (this is called a Pre-Shared Key or
PSK), or you use 802.1X to force each user to use his own unique login credentials (e.g. username and
password).

Regardless of which authentication type you've set up your network to use, WPA2 always uses a scheme
called AES-CCMP to encrypt your data over the air for the sake of confidentiality, and to thwart
various other kinds of attacks.

802.1X is "EAP over LANs" or EAPoL. EAP stands for "Extensible Authentication Protocol", which
means it's kind of a plug-in scheme for various authentication methods. Some examples:
 Information Security Laboratory

 Do you want to authenticate your users with usernames and passwords? Then "PEAP" is a good
EAP type to use.
 Do you want to authenticate your users via certificates? Then "EAP-TLS" is a good EAP type to
use.

 Are the devices on your network all GSM smartphones with SIM cards? Then you can use
"EAP-SIM" to do GSM SIM-card style authentication to get on your network. etc. etc.
If you set up your wireless router to use 802.1X, it needs to have a way to authenticate your users via some
EAP type. Some routers may have the ability for you to input a list of usernames and passwords right
on the router, and the router knows how to do the whole authentication all by itself. But most will
probably require you configure RADIUS. RADIUS is a protocol that allows you to keep your
username and password database on a central server, so you don't have to make changes on each
separate wireless router each time you add or delete a user or a user changes his password or
something. Wireless routers that do 802.1X generally don't know how to authenticate users directly,
they just know how to gateway between 802.1X and RADIUS so that the wireless client machines are
actually getting authenticated by a RADIUS server on the network, and it's the RADIUS server that
knows how to deal with various EAP types.

If your wireless router's user interface has "802.1X" on a list of encryption types, then it probably means
"802.1X with dynamic WEP", which is an old scheme where 802.1X is used for authentication, and
per-user per-session WEP keys are dynamically generated as part of the authentication process, and
thus WEP is ultimately the encryption method used.

RC4 Algorithm:

import java.io.*;
class rc4
{

public static void main(String args[])throws IOException

int temp=0;
String ptext;
String key;
 Information Security Laboratory

int s[]=new int[256]; int

k[]=new int[256];
DataInputStream in=new DataInputStream(System.in);
System.out.print(“\nENTER PLAIN TEXT\t”);
ptext=in.readLine();
System.out.print(“\n\nENTER KEY TEXT\t\t”);
key=in.readLine();
char ptextc[]=ptext.toCharArray();
char keyc[]=key.toCharArray();
int cipher[]=new int[ptext.length()]; int
decrypt[]=new int[ptext.length()];

int ptexti[]=new int[ptext.length()]; int

keyi[]=new int[key.length()];
for(int i=0;i<ptext.length();i++)
{

ptexti[i]=(int)ptextc[i];

for(int i=0;i<key.length();i++)

keyi[i]=(int)keyc[i];

for(int i=0;i<255;i++)

s[i]=i; k[i]=keyi[i
%key.length()];
}

int j=0;
 Information Security Laboratory

for(int i=0;i<255;i++)

{ j=(j+s[i]+k[i])%256;
temp=s[i];
s[i]=s[j];
s[j]=temp;
}

int i=0;
j=0;
int z=0;

for(int l=0;l<ptext.length();l++)

{ i=(l+1)%256;
j=(j+s[i])%256;

temp=s[i];
s[i]=s[j];
s[j]=temp;
z=s[(s[i]+s[j])%256];

cipher[l]=z^ptexti[l];
decrypt[l]=z^cipher[l];
}

System.out.print(“\n\nENCRYPTED:\t\t”);
display(cipher);
System.out.print(“\n\nDECRYPTED:\t\t”);

display(decrypt);

static void display(int disp[])

{
 Information Security Laboratory

char convert[]=new char[disp.length];

for(int l=0;l<disp.length;l++)
{

convert[l]=(char)disp[l];
System.out.print(convert[l]);
}

}}

OUTPUT:
ENTER PLAIN TEXT :RC4 PROGRAM
ENTER KEY TEXT A
ENCRYPTED: ??-??±?µFJ|
DECRYPTED: RC4 PROGRAM
 Information Security Laboratory

Experiment No 2

AES(Advanced Encryption Standard)

AES is based on a design principle known as a substitution-permutation network, combination of

both substitution and permutation, and is fast in both software and hardware. [10]Unlike its
predecessor DES, AES does not use a Feistel network. AES is a variant of Rijndael which has a
fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. By contrast, the Rijndael
specification per se is specified with block and key sizes that may be any multiple of 32 bits, both
with a minimum of 128 and a maximum of 256 bits.

AES operates on a 4 × 4 column-major order matrix of bytes, termed the state, although some

versions of Rijndael have a larger block size and have additional columns in the state. Most AES
calculations are done in a special finite field.

For instance, if there are 16 bytes, , these bytes are represented as this matrix:

The key size used for an AES cipher specifies the number of repetitions of transformation rounds
that convert the input, called the plaintext, into the final output, called the ciphertext. The number
of cycles of repetition are as follows:

 10 cycles of repetition for 128-bit keys.

 12 cycles of repetition for 192-bit keys.
 14 cycles of repetition for 256-bit keys.

Each round consists of several processing steps, each containing four similar but different stages,
including one that depends on the encryption key itself. A set of reverse rounds are applied to
transform ciphertext back into the original plaintext using the same encryption key.

#include<stdio.h>
#include <stdlib.h>
#include <string.h>
/*
* MCrypt API available online:
* http://linux.die.net/man/3/mcrypt
*/
#include <mcrypt.h>
#include <math.h>
#include <stdint.h>
 Information Security Laboratory

#include <stdlib.h> int

encrypt(
void* buffer,
int buffer_len, /* Because the plaintext could include null bytes*/ char*
IV,
char* key, int
key_len
){
MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL); int
blocksize = mcrypt_enc_get_block_size(td);
if( buffer_len % blocksize != 0 ){return 1;}
mcrypt_generic_init(td, key, key_len, IV);
mcrypt_generic(td, buffer, buffer_len);
mcrypt_generic_deinit (td);
mcrypt_module_close(td);
return 0;
}
int decrypt( void*
buffer, int
buffer_len, char*
IV, char* key,
int key_len
){
MCRYPT td = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL); int
blocksize = mcrypt_enc_get_block_size(td);
if( buffer_len % blocksize != 0 ){return 1;}
mcrypt_generic_init(td, key, key_len, IV);
mdecrypt_generic(td, buffer, buffer_len);
mcrypt_generic_deinit (td);
mcrypt_module_close(td);
return 0;
}
void display(char* ciphertext, int len){ int v;
for (v=0; v<len; v++){

printf("%d ", ciphertext[v]);

}
printf("\n");
}
int main()
{
MCRYPT td, td2;
char * plaintext = "test text 123";
char* IV = "AAAAAAAAAAAAAAAA";
char *key = "0123456789abcdef"; int
keysize = 16; /* 128 bits */ char*
buffer;
int buffer_len = 16;
buffer = calloc(1, buffer_len);
strncpy(buffer, plaintext, buffer_len);
printf("==C==\n");
printf("Plain Text: %s\n", plaintext); encrypt(buffer,
 Information Security Laboratory

buffer_len, IV, key, keysize); printf("Cipher Text: ");

display(buffer , buffer_len); decrypt(buffer, buffer_len,
IV, key, keysize); printf("Decrypt Text: %s\n", buffer);
return 0;
}

OUTPUT:
Plain Text : AES SymmetricEncryptionDecryption

Cipher Text
:sY6vkQrWRg0fvRzbqSAYxepeBIXg4AySj7Xh3x4vDv8TBTkNiTfca7wW/dxiMMJl

Decrypted Text : AES Symmetric Encryption Decryption

 Information Security Laboratory

Experiment No 3

Cesar cipher Algorithm

Problem Statement
Write a program for Cesar Cipher algorithm to Encrypt and Decrypt the data.

Theory

In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher,
Caesar's code or Caesar shift, is one of the simplest and most widely known encryption
techniques. It is a type of substitution cipher in which each letter in the plaintext is
replaced by a letter some fixed number of positions down the alphabet. For example, with
a shift of 3, A would be replaced by D, B would become E, and so on. The method is
named after Julius Caesar, who used it to communicate with his generals.

The encryption step performed by a Caesar cipher is often incorporated as part of more
complex schemes, such as the Vigenère cipher, and still has modern application in the
ROT13 system. As with all single alphabet substitution ciphers, the Caesar cipher is
easily broken and in practice offers essentially no communication security.

Example

The transformation can be represented by aligning two alphabets; the cipher alphabet is
the plain alphabet rotated left or right by some number of positions. For instance, here is a
Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as
the key):

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC

When encrypting, a person looks up each letter of the message in the "plain" line and
writes down the corresponding letter in the "cipher" line. Deciphering is done in reverse.

Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
Plaintext: the quick brown fox jumps over the lazy dog

The encryption can also be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1,..., Z = 25. Encryption of a
letter x by a shift n can be described mathematically, Decryption is performed similarly,

(There are different definitions for the modulo operation. In the above, the result is in the
range 0...25. I.e., if x+n or x-n are not in the range 0...25, we have to subtract or add 26.)
 Information Security Laboratory

Program for Caesar Cipher in C

Encryption

#include<stdio.h>
 
int main()
{
char message[100], ch;
int i, key;

printf("Enter a message to encrypt: ");

gets(message);
printf("Enter key: ");
scanf("%d", &key);

for(i = 0; message[i] != '\0'; ++i){

ch = message[i];

if(ch >= 'a' && ch <= 'z'){

ch = ch + key;

if(ch > 'z'){

ch = ch - 'z' + 'a' - 1;
}

message[i] = ch;
}
else if(ch >= 'A' && ch <= 'Z'){
ch = ch + key;

if(ch > 'Z'){

ch = ch - 'Z' + 'A' - 1;
}

message[i] = ch;
}
}

printf("Encrypted message: %s", message);

return 0;
}
Output
 Information Security Laboratory

Enter a message to encrypt: axzd

Enter key: 4
Encrypted message: ebdh

Decryption

1 #include<stdio.h>
2  
3 int main()
4 {
5 char message[100], ch;
6 int i, key;
7
8 printf("Enter a message to decrypt: ");
9 gets(message);
10 printf("Enter key: ");
11 scanf("%d", &key);
12
13 for(i = 0; message[i] != '\0'; ++i){
14 ch = message[i];
15
16 if(ch >= 'a' && ch <= 'z'){
17 ch = ch - key;
18
19 if(ch < 'a'){
20 ch = ch + 'z' - 'a' + 1;
21 }
22
23 message[i] = ch;
24 }
25 else if(ch >= 'A' && ch <= 'Z'){
26 ch = ch - key;
27
28 if(ch < 'A'){
29 ch = ch + 'Z' - 'A' + 1;
30 }
31
32 message[i] = ch;
33 }
34 }
35
36 printf("Decrypted message: %s", message);
37
38 return 0;
39 }
Output
Enter a message to decrypt: ebdh
Enter key: 4
Decrypted message: axzd
 Information Security Laboratory

Experiment No 4

Mono alphabetic Algorithm

Problem Statement
Write a program to perform Encryption / Decryption using Mono alphabetic techniques

Theory

Better than Caesar Cipher. If, instead the “cipher” line can be any permutation of the key
26 alphabetic characters, then there are 26! Or greater than 4 * 10 26 possible keys. This is
10 orders of magnitude greater than the key space for DES and would seem to as a Mono-
alphabetic substitution cipher, because a single cipher alphabet is used per message. There
is however, another line of attack. If one analytically knows the nature of the plain text,
then the analyst can exploit the regularities of the language.

A monoalphabetic substitution is one where a letter of plaintext always produces the same
letter of cipher text.

The operation is very similar to the Caesar Cipher and Atbash, with the exception that the
cipher alphabet does not have the order which it had in the previous examples (which are
just special cases of monoalphabetic substitutions). An example of a monoalphabetic
substitution is shown below.

PLAINTEXT abcdefghijklmnopqrstuvwxyz
CIPHERTEXT QRSKOWEIPLTUYACZMNVDHFGXJB

One may naïvely think that this cipher is secure, after all there are 26! Different cipher
26
alphabets (4 x 10 ) to choose from, however the letter frequencies and underlying
patterns will be unchanged - and as such the cipher can be solved by pen and paper
techniques. The best way to see how the cryptanalysis is performed is by doing some
analysis.

These more advanced techniques include looking systematically at the position of letters
in words in order to identify vowels, pattern words, and looking at the letter frequencies,
though common pairings (TH, HE etc.) may come up.

The most common English letters are ETAIN. It is highly likely that in any ciphertext, we
have some matches - though it is not a certainty. It should also be noted that the most
commontrigraph (three letter sequence) in English is 'THE'.

When cryptanalysing more complex ciphers such as Vigenère one of the first steps could
be to try and reduce the cipher into a series of monoalphabetic ciphers.

Of course the analysis may be done automatically by a computer program which observes
letter positions and frequencies etc.

Example
 Information Security Laboratory

For each character of alphabet, assign different-abrupt concerned character.

a b c d e f g h i j k l m
Z Y X W V U T S R Q P O N

n o p q r s t u v w x y Z
M L K J I H G F E D C B A
 

Plain text: goodmorning

Cipher text: TLLWNLIMRMT

                                             Limitations
Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original
alphabet.
A countermeasure is to provide multiple substitutes, known as homophones, for a single letter.
 

C code:
//MONOALPHABATIC CIPHER
#include<stdio.h>
#include<conio.h>
#include<string.h>
void main()
{
            char
pt[26]={'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'};
            char
ct[26]={'Z','Y','X','W','V','U','T','S','R','Q','P','O','N','M','L','K','J','I','H','G','F','E','D','C','B','A'};
            char p[20]={'\0'},c[20]={'\0'},r[20]={'\0'};
            int i,j;
            clrscr();
            printf("\n enter the plain text:");
            gets(p);
            //converting plain text into cipher text (encryption)
            for(i=0;i<strlen(p);i++)
            {
                        for(j=0;j<26;j++)
                        {
                        if(pt[j]==p[i])
                        {
                                    c[i]=ct[j];
                        }
                        }
            }
            printf("\n cipher text is: %s",c);

            //converting cipher text into plain text (decryption)

            for(i=0;i<strlen(c);i++)
 Information Security Laboratory

            {
                        for(j=0;j<26;j++)
                        {
                        if(ct[j]==c[i])
                        {
                                    r[i]=pt[j];
                        }
                        }
            }
            printf("\n \n plain text is: %s",r);
            getch();
}
Output:
 Information Security Laboratory

Experiment No 5

Play Fair Algorithm

Problem Statement
Write a program to perform Encryption / Decryption using Play Fair techniques
Theory

The Playfair cipher uses a 5 by 5 table containing a key word or phrase. Memorization of
the keyword and 4 simple rules was all that was required to create the 5 by 5 table and use
the cipher.

To generate the key table, one would first fill in the spaces in the table with the letters of
the keyword (dropping any duplicate letters), then fill the remaining spaces with the rest
of the letters of the alphabet in order (usually omitting "Q" to reduce the alphabet to fit,
other versions put both "I" and "J" in the same space). The key can be written in the top
rows of the table, from left to right, or in some other pattern, such as a spiral beginning in
the upper-left-hand corner and ending in the center.The keyword together with the
conventions for filling in the 5 by 5 table constitute the cipher key.

To encrypt a message, one would break the message into digraphs (groups of 2 letters)
such that, for example, "HelloWorld" becomes "HE LL OW OR LD", and map them out
on the key table. The two letters of the digraph are considered as the opposite corners of a
rectangle in the key table. Note the relative position of the corners of this rectangle. Then
apply the following 4 rules, in order, to each pair of letters in the plaintext:

1. If both letters are the same (or only one letter is left), add an "X" after the first
letter. Encrypt the new pair and continue. Some variants of Playfair use "Q"
instead of "X", but any uncommon monograph will do.
2. If the letters appear on the same row of your table, replace them with the letters to
their immediate right respectively (wrapping around to the left side of the row if a
letter in the original pair was on the right side of the row).
3. If the letters appear on the same column of your table, replace them with the
letters immediately below respectively (wrapping around to the top side of the
column if a letter in the original pair was on the bottom side of the column).
4. If the letters are not on the same row or column, replace them with the letters on
the same row respectively but at the other pair of corners of the rectangle defined
by the original pair. The order is important – the first letter of the encrypted pair is
the one that lies on the same row as the first letter of the plaintext pair.

To decrypt, use the INVERSE (opposite) of the first 3 rules, and the 4th as-is (dropping
any extra "X"s (or "Q"s) that don't make sense in the final message when finished).

Example

Using "playfair example" as the key, (assuming I and J are interchangeable) the table
becomes:

PLAYF
IREXM
 Information Security Laboratory

B C D G
H
 Information Security Laboratory

KNOQS
TUVWZ

Encrypting the message "Hide the gold in the tree stump":

HI DE TH EG OL DI NT HE TR EX ES TU MP
^
1. The pair HI forms a rectangle, replace it with BM
2. The pair DE is in a column, replace it with OD
3. The pair TH forms a rectangle, replace it with ZB
4. The pair EG forms a rectangle, replace it with XD
5. The pair OL forms a rectangle, replace it with NA
6. The pair DI forms a rectangle, replace it with BE
7. The pair NT forms a rectangle, replace it with KU
8. The pair HE forms a rectangle, replace it with DM
9. The pair TR forms a rectangle, replace it with UI
10. The pair EX (X inserted to split EE) is in a row, replace it with XM
11. The pair ES forms a rectangle, replace it with MO
12. The pair TU is in a row, replace it with UV
13. The pair MP forms a rectangle, replace it with IF
BM OD ZB XD NA BE KU DM UI XM MO UV IF

Thus the message "Hide the gold in the tree stump" becomes
"BMODZBXDNABEKUDMUIXMMOUVIF".
 Information Security Laboratory

Experiment No 6

Hill Cipher Algorithm

Problem Statement
Write a program to perform Encryption / Decryption using Hill Cipher techniques

Theory

In classical cryptography, the Hill cipher is a polygraphic substitution cipher based on

linear algebra. Invented by Lester S. Hill in 1929, it was the first polygraphic cipher in
which it was practical (though barely) to operate on more than three symbols at once. The
following discussion assumes an elementary knowledge of matrices.

Operation

Each letter is first encoded as a number. Often the simplest scheme is used: A = 0, B =1,
..., Z=25, but this is not an essential feature of the cipher. A block of n letters is then
considered as a vector of n dimensions, and multiplied by an n × n matrix, modulo 26. (If
one uses a larger number than 26 for the modular base, then a different number scheme
can be used to encode the letters, and spaces or punctuation can also be used.) The whole
matrix is considered the cipher key, and should be random provided that the matrix is
invertible in (to ensure decryption is possible). A Hill cipher is another way of
working out the equation of a matrix.

Consider the message 'ACT', and the key below (or GYBNQKURP in letters):

Since 'A' is 0, 'C' is 2 and 'T' is 19, the message is the vector:

Thus the enciphered vector is given by:

which corresponds to a ciphertext of 'POH'. Now, suppose that our message is instead
'CAT', or:
 Information Security Laboratory

This time, the enciphered vector is given by:

which corresponds to a ciphertext of 'FIN'. Every letter has changed. The Hill cipher has
achieved Shannon's diffusion, and an n-dimensional Hill cipher can diffuse fully across n
symbols at once.

Decryption

In order to decrypt, we turn the ciphertext back into a vector, then simply multiply by the
inverse matrix of the key matrix (IFKVIVVMI in letters). (There are standard methods to
calculate the inverse matrix; see matrix inversion for details.) We find that in the
inverse matrix of the one in the previous example is:

Taking the previous example ciphertext of 'POH', we get:

which gets us back to 'ACT', just as we hoped.

We have not yet discussed one complication that exists in picking the encrypting matrix.
Not all matrices have an inverse. The matrix will have an inverse if and only if its
determinant is not zero, and does not have any common factors with the modular base.
Thus, if we work modulo 26 as above, the determinant must be nonzero, and must not be
divisible by 2 or 13. If the determinant is 0, or has common factors with the modular base,
then the matrix cannot be used in the Hill cipher, and another matrix must be chosen
(otherwise it will not be possible to decrypt). Fortunately, matrices which satisfy the
conditions to be used in the Hill cipher are fairly common.

For our example key matrix:

 Information Security Laboratory

So, modulo 26, the determinant is 25. Since this has no common factors with 26, this
matrix can be used for the Hill cipher.The risk of the determinant having common
factors with the modulus can be eliminated by making the modulus prime.
Consequently a useful variant of the Hill cipher adds 3 extra symbols (such as a space, a
period and a question mark) to increase the modulus to 29.

Security

Unfortunately, the basic Hill cipher is vulnerable to a known-plaintext attack because it is

2
completely linear. An opponent who intercepts n plaintext/ciphertext character pairs can
set up a linear system which can (usually) be easily solved; if it happens that this system
is indeterminate, it is only necessary to add a few more plaintext/ciphertext pairs.
Calculating this solution by standard linear algebra algorithms then takes very little time.

While matrix multiplication alone does not result in a secure cipher it is still a useful step
when combined with other non-linear operations, because matrix multiplication can
provide diffusion. For example, an appropriately chosen matrix can guarantee that small
differences before the matrix multiplication will result in large differences after the matrix
multiplication. Some modern ciphers use indeed a matrix multiplication step to provide
diffusion. For example, the MixColumns step in AES is a matrix multiplication. The
function g in Twofish is a combination of non-linear S-boxes with a carefully chosen
matrix multiplication (MDS). Recently, some publications tried to make the Hill cipher
secure.

Key size

The key size is the binary logarithm of the number of possible keys. There are
2
matrices of dimension n × n. Thus or about 4.7n is an upper bound on the
key size of the Hill cipher using n × n matrices. This is only an upper bound because not
every matrix is invertible and thus usable as a key. The number of invertible matrices can
be computed via the Chinese Remainder Theorem. I.e., a matrix is invertible modulo 26 if
and only if it is invertible both modulo 2 and modulo 13. The number of invertible n × n
matrices modulo 2 is equal to the order of the general linear group GL(n,Z2). It is

Equally, the number of invertible matrices modulo 13 (i.e. the order of GL(n,Z13)) is

The number of invertible matrices modulo 26 is the product of those two numbers. Hence
it is

Additionally it seems to be prudent to avoid too many zeroes in the key matrix, since they
reduce diffusion. The net effect is that the effective keyspace of a basic Hill cipher is
2
about 4.64n − 1.7. For a 5 × 5 Hill cipher, that is about 114 bits. Of course, key search is
not the most efficient known attack.
 Information Security Laboratory

Experiment No 7

Transposition Technique

Problem Statement
Write a program to perform Encryption / Decryption using Transposition Technique
techniques .

Theory

In cryptography, a transposition cipher is a method of encryption by which the positions

held by units of plaintext (which are commonly characters or groups of characters) are
shifted according to a regular system, so that the ciphertext constitutes a permutation of
the plaintext. That is, the order of the units is changed. Mathematically a bijective
function is used on the characters' positions to encrypt and an inverse function to decrypt.

Rail Fence cipher

The Rail Fence cipher is a form of transposition cipher that gets its name from the way in
which it is encoded. In the rail fence cipher, the plaintext is written downwards on
successive "rails" of an imaginary fence, then moving up when we get to the bottom. The
message is then read off in rows. For example, using three "rails" and a message of 'WE
ARE DISCOVERED. FLEE AT ONCE', the cipherer writes out:

W...E...C...R...L...T...E
.E.R.D.S.O.E.E.F.E.A.O.C.
..A...I...V...D...E...N..

Then reads off:

WECRL TEERD SOEEF EAOCA IVDEN

(The cipherer has broken this ciphertext up into blocks of five to help avoid errors.)

Route cipher

In a route cipher, the plaintext is first written out in a grid of given dimensions, then read
off in a pattern given in the key. For example, using the same plaintext that we used for
rail fence:

WRIORFEOE
EESVELANJ
ADCEDETC
X

The key might specify "spiral inwards, clockwise, starting from the top right". That would
give a cipher text of:

EJXCTEDECDAEWRIORFEONALEVSE
 Information Security Laboratory

Route ciphers have many more keys than a rail fence. In fact, for messages of reasonable
length, the number of possible keys is potentially too great to be enumerated even by
modern machinery. However, not all keys are equally good. Badly chosen routes will
leave excessive chunks of plaintext, or text simply reversed, and this will give
cryptanalysts a clue as to the routes.

An interesting variation of the route cipher was the Union Route Cipher, used by Union
forces during the American Civil War. This worked much like an ordinary route cipher,
but transposed whole words instead of individual letters. Because this would leave certain
highly sensitive words exposed, such words would first be concealed by code. The cipher
clerk may also add entire null words, which were often chosen to make the ciphertext
humorous. See for an example.

Columnar transposition

In a columnar transposition, the message is written out in rows of a fixed length, and then
read out again column by column, and the columns are chosen in some scrambled order.
Both the width of the rows and the permutation of the columns are usually defined by a
keyword. For example, the word ZEBRAS is of length 6 (so the rows are of length 6), and
the permutation is defined by the alphabetical order of the letters in the keyword. In this
case, the order would be "6 3 2 4 1 5".

In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an
irregular columnar transposition cipher, the spaces are left blank. Finally, the message is
read off in columns, in the order specified by the keyword. For example, suppose we use
the keyword ZEBRAS and the message WE ARE DISCOVERED. FLEE AT ONCE. In a
regular columnar transposition, we write this into the grid as:

632415
WEARED
ISCOVE
REDFLE
EATONC
EQKJEU

Providing five nulls (QKJEU) at the end. The ciphertext is then read off as:

EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE

In the irregular case, the columns are not completed by nulls:

632415
WEARED
ISCOVE
REDFLE
EATONC
E

This results in the following ciphertext:

EVLNA CDTES EAROF ODEEC WIREE

 Information Security Laboratory

To decipher it, the recipient has to work out the column lengths by dividing the message
length by the key length. Then he can write the message out in columns again, then re-
order the columns by reforming the key word.

Columnar transposition continued to be used for serious purposes as a component of more

complex ciphers at least into the 1950's.

Double transposition

A single columnar transposition could be attacked by guessing possible column lengths,

writing the message out in its columns (but in the wrong order, as the key is not yet
known), and then looking for possible anagrams. Thus to make it stronger, a double
transposition was often used. This is simply a columnar transposition applied twice. The
same key can be used for both transpositions, or two different keys can be used.

As an example, we can take the result of the irregular columnar transposition in the
previous section, and perform a second encryption with a different keyword, STRIPE,
which gives the permutation "564231":

564231
E V L N A
CDTESE
A R O F O
DEECWI
REE

As before, this is read off columnwise to give the ciphertext:

CAEEN SOIAE DRLEF WEDRE EVTOC

If multiple messages of exactly the same length are encrypted using the same keys, they
can be anagrammed simultaneously. This can lead to both recovery of the messages, and
to recovery of the keys (so that every other message sent with those keys can be read).

During World War I, the German military used a double columnar transposition cipher,
changing the keys infrequently. The system was regularly solved by the French, naming it
Übchi, who were typically able to quickly find the keys once they'd intercepted a number
of messages of the same length, which generally took only a few days. However, the
French success became widely-known and, after a publication in Le Matin, the Germans
changed to a new system on 18 November 1914.

During World War II, the double transposition cipher was used by Dutch Resistance
groups, the French Maquis and the British Special Operations Executive (SOE), which
was in charge of managing underground activities in Europe. It was also used by agents
of the American Office of Strategic Services and as an emergency cipher for the German
Army and Navy.

Until the invention of the VIC cipher, double transposition was generally regarded as the
most complicated cipher that an agent could operate reliably under difficult field
conditions.
 Information Security Laboratory

Experiment No 8

Diffie-Hellmen Key Exchange

Problem Statement
Write a program to perform Encryption/Decryption using Diffie-Helmen Key exchange.
techniques

Theory
Diffie Hellman was the first public key algorithm ever invented, in 1976. Alice and Bob
want to be able to generate a key to use for subsequent message exchange. The key
generating exchange can take place over an unsecure channel that allows eavesdropping.
The ingredients to the protocol are: p, a large prime and g, a primitive element of Zn. This
i
means that all numbers n=1, ... , p-1 can be represented as n = g . These two numbers do
not need to be kept secret. For example, Alice could send them to Bob in the open. The
protocol runs as follows:

1. Alice choses a large random integer x and sends Bob

x
X=g mod p

2. Bob choses a large random integer y and sends Alice

y
Y=g mod p

3. Alice computes
x
k=Y mod p

4. Bob computes
y
k=X mod p
 Information Security Laboratory

Experiment No 9

RSA Algorithm

Problem Statement
Write a program for simple RSA algorithm to encrypt and decrypt the data.

Theory
Cryptography has a long and colorful history. The message to be encrypted, known as
the plaintext, are transformed by a function that is parameterized by a key. The output of
the encryption process, known as the ciphertext, is then transmitted, often by messenger
or radio. The enemy, or intruder, hears and accurately copies down the complete
ciphertext. However, unlike the intended recipient, he does not know the decryption key
and so cannot decrypt the ciphertext easily. The art of breaking ciphers is called
cryptanalysis the art of devising ciphers (cryptography) and breaking them
(cryptanalysis) is collectively known as cryptology.
There are several ways of classifying cryptographic algorithms. They are generally
categorized based on the number of keys that are employed for encryption and
decryption, and further defined by their application and use. The three types of algorithms
are as follows:
1. Secret Key Cryptography (SKC): Uses a single key for both encryption and
decryption. It is also known as symmetric cryptography.
2. Public Key Cryptography (PKC): Uses one key for encryption and another for
decryption. It is also known as asymmetric cryptography.
3. Hash Functions: Uses a mathematical transformation to irreversibly "encrypt"
information

Public-key cryptography has been said to be the most significant new development in
cryptography. Modern PKC was first described publicly by Stanford University professor
Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a
two-key crypto system in which two parties could engage in a secure communication over
a non-secure communications channel without having to share a secret key.Generic PKC
employs two keys that are mathematically related although knowledge of one key does
not allow someone to easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the ciphertext. The important point here is
that it does not matter which key is applied first, but that both keys are required for the
process to work. Because pair of keys is required, this approach is also called asymmetric
cryptography.In PKC, one of the keys is designated the public key and may be advertised
as widely as the owner wants. The other key is designated the private key and is never
revealed to another party. It is straight forward to send messages under this scheme.

The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who
invented it in 1977. The RSA algorithm can be used for both public key encryption and
digital signatures. Its security is based on the difficulty of factoring large integers.

Algorithm
1. Generate two large random primes, P and Q, of approximately equal size.
2. Compute N = P x Q
3. Compute Z = (P-1) x (Q-1).
4. Choose an integer E, 1 < E < Z, such that GCD (E, Z) = 1
5. Compute the secret exponent D, 1 < D < Z, such that E x D ≡ 1 (mod Z)
 Information Security Laboratory

6. The public key is (N, E) and the private key is (N, D).

Note: The values of P, Q, and Z should also be kept secret.

The message is encrypted using public key and decrypted using private key.

An example of RSA encryption

1. Select primes P=11, Q=3.
2. N = P x Q = 11 x 3 = 33
Z = (P-1) x (Q-1) = 10 x 2 = 20
3. Lets choose E=3
Check GCD(E, P-1) = GCD(3, 10) = 1 (i.e. 3 and 10 have no common factors except
1),
and check GCD(E, Q-1) = GCD(3, 2) = 1
therefore GCD(E, Z) = GCD(3, 20) = 1
4. Compute D such that E x D ≡ 1 (mod Z)
^-1 ^-1
compute D = E mod Z = 3 mod 20
find a value for D such that Z divides ((E x D)-1)
find D such that 20 divides 3D-1.
Simple testing (D = 1, 2, ...) gives D = 7
Check: (E x D)-1 = 3.7 - 1 = 20, which is divisible by Z.
5. Public key = (N, E) = (33, 3)
Private key = (N, D) = (33, 7).

Now say we want to encrypt the message m = 7,

^E
Cipher code = M mod N
^3
= 7 mod 33
= 343 mod 33
= 13.
Hence the ciphertext c = 13.
^D
To check decryption we compute Message’ = C mod N
^7
= 13 mod 33
= 7.

Note that we don't have to calculate the full value of 13 to the power 7 here. We can
make use of the fact that a = bc mod n = (b mod n).(c mod n) mod n so we can break
down a potentially large number into its components and combine the results of easier,
smaller calculations to calculate the final value.
 Information Security Laboratory

Experiment No 10

DES Algorithm

Problem Statement
Write a program for DES algorithm to Encrypt and Decrypt the data.

Theory

The DES (Data Encryption Standard) algorithm is the most widely used encryption
algorithm in the world. For many years, and among many people, "secret code making"
and DES have been synonymous. And despite the recent coup by the Electronic Frontier
Foundation in creating a $220,000 machine to crack DES-encrypted messages, DES will
live on in government and banking for years to come through a life- extending version
called "triple-DES."

How does DES work? This article explains the various steps involved in DES-encryption,
illustrating each step by means of a simple example. Since the creation of DES, many
other algorithms (recipes for changing data) have emerged which are based on design
principles similar to DES. Once you understand the basic transformations that take place
in DES, you will find it easy to follow the steps involved in these more recent algorithms.

But first a bit of history of how DES came about is appropriate, as well as a look toward
the future.

The National Bureau of Standards Coaxes the Genie from the Bottle

On May 15, 1973, during the reign of Richard Nixon, the National Bureau of Standards
(NBS) published a notice in the Federal Register soliciting proposals for cryptographic
algorithms to protect data during transmission and storage. The notice explained why
encryption was an important issue.

Over the last decade, there has been an accelerating increase in the accumulations and
communication of digital data by government, industry and by other organizations in the
private sector. The contents of these communicated and stored data often have very
significant value and/or sensitivity. It is now common to find data transmissions which
constitute funds transfers of several million dollars, purchase or sale of securities,
warrants for arrests or arrest and conviction records being communicated between law
enforcement agencies, airline reservations and ticketing representing investment and
value both to the airline and passengers, and health and patient care records transmitted
among physicians and treatment centers.

The increasing volume, value and confidentiality of these records regularly transmitted
and stored by commercial and government agencies has led to heightened recognition and
concern over their exposures to unauthorized access and use. This misuse can be in the
form of theft or defalcations of data records representing money, malicious modification
of business inventories or the interception and misuse of confidential information about
people. The need for protection is then apparent and urgent.

It is recognized that encryption (otherwise known as scrambling, enciphering or privacy

transformation) represents the only means of protecting such data during transmission and
 Information Security Laboratory

a useful means of protecting the content of data stored on various media, providing
encryption of adequate strength can be devised and validated and is inherently integrable
into system architecture. The National Bureau of Standards solicits proposed techniques
and algorithms for computer data encryption. The Bureau also solicits recommended
techniques for implementing the cryptographic function: for generating, evaluating, and
protecting cryptographic keys; for maintaining files encoded under expiring keys; for
making partial updates to encrypted files; and mixed clear and encrypted data to permit
labelling, polling, routing, etc. The Bureau in its role for establishing standards and aiding
government and industry in assessing technology, will arrange for the evaluation of
protection methods in order to prepare guidelines.

NBS waited for the responses to come in. It received none until August 6, 1974, three
days before Nixon's resignation, when IBM submitted a candidate that it had developed
internally under the name LUCIFER. After evaluating the algorithm with the help of the
National Security Agency (NSA), the NBS adopted a modification of the LUCIFER
algorithm as the new Data Encryption Standard (DES) on July 15, 1977.

DES was quickly adopted for non-digital media, such as voice-grade public telephone
lines. Within a couple of years, for example, International Flavors and Fragrances was
using DES to protect its valuable formulas transmitted over the phone ("With Data
Encryption, Scents Are Safe at IFF," Computerworld 14, No. 21, 95 (1980).)

Meanwhile, the banking industry, which is the largest user of encryption outside
government, adopted DES as a wholesale banking standard. Standards for the wholesale
banking industry are set by the American National Standards Institute (ANSI). ANSI
X3.92, adopted in 1980, specified the use of the DES algorithm.

Some Preliminary Examples of DES

DES works on bits, or binary numbers--the 0s and 1s common to digital computers. Each
group of four bits makes up a hexadecimal, or base 16, number. Binary "0001" is equal to
the hexadecimal number "1", binary "1000" is equal to the hexadecimal number "8",
"1001" is equal to the hexadecimal number "9", "1010" is equal to the hexadecimal
number "A", and "1111" is equal to the hexadecimal number "F".

DES works by encrypting groups of 64 message bits, which is the same as 16

hexadecimal numbers. To do the encryption, DES uses "keys" where are also apparently
16 hexadecimal numbers long, or apparently 64 bits long. However, every 8th key bit is
ignored in the DES algorithm, so that the effective key size is 56 bits. But, in any case, 64
bits (16 hexadecimal digits) is the round number upon which DES is organized.

For example, if we take the plaintext message "8787878787878787", and encrypt it with
the DES key "0E329232EA6D0D73", we end up with the ciphertext
"0000000000000000". If the ciphertext is decrypted with the same secret DES key
"0E329232EA6D0D73", the result is the original plaintext "8787878787878787".

This example is neat and orderly because our plaintext was exactly 64 bits long. The same
would be true if the plaintext happened to be a multiple of 64 bits. But most messages
will not fall into this category. They will not be an exact multiple of 64 bits (that is, an
exact multiple of 16 hexadecimal numbers).
For example, take the message "Your lips are smoother than vaseline". This plaintext
 Information Security Laboratory

message is 38 bytes (76 hexadecimal digits) long. So this message must be padded with
some extra bytes at the tail end for the encryption. Once the encrypted message has been
decrypted, these extra bytes are thrown away. There are, of course, different padding
schemes--different ways to add extra bytes. Here we will just add 0s at the end, so that the
total message is a multiple of 8 bytes (or 16 hexadecimal digits, or 64 bits).

The plaintext message "Your lips are smoother than vaseline" is, in hexadecimal,

"596F7572206C6970 732061726520736D 6F6F746865722074 68616E2076617365

6C696E650D0A".

(Note here that the first 72 hexadecimal digits represent the English message, while "0D"
is hexadecimal for Carriage Return, and "0A" is hexadecimal for Line Feed, showing that
the message file has terminated.) We then pad this message with some 0s on the end, to
get a total of 80 hexadecimal digits:

"596F7572206C6970 732061726520736D 6F6F746865722074 68616E2076617365

6C696E650D0A0000".

If we then encrypt this plaintext message 64 bits (16 hexadecimal digits) at a time, using
the same DES key "0E329232EA6D0D73" as before, we get the ciphertext:

"C0999FDDE378D7ED 727DA00BCA5A84EE 47F269A4D6438190

9DD52F78F5358499 828AC9B453E0E653".

This is the secret code that can be transmitted or stored. Decrypting the ciphertext restores
the original message "Your lips are smoother than vaseline". (Think how much better off
Bill Clinton would be today, if Monica Lewinsky had used encryption on her Pentagon
computer!)

How DES Works in Detail

DES is a block cipher--meaning it operates on plaintext blocks of a given size (64-bits)

and returns ciphertext blocks of the same size. Thus DES results in a permutation among
the 2^64 (read this as: "2 to the 64th power") possible arrangements of 64 bits, each of
which may be either 0 or 1. Each block of 64 bits is divided into two blocks of 32 bits
each, a left half block L and a right half R. (This division is only used in certain
operations.)

Example: Let M be the plain text message M = 0123456789ABCDEF, where M is in

hexadecimal (base 16) format. Rewriting M in binary format, we get the 64-bit block of
text:

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110
1111
L = 0000 0001 0010 0011 0100 0101 0110 0111
R = 1000 1001 1010 1011 1100 1101 1110 1111

The first bit of M is "0". The last bit is "1". We read from left to right.
 Information Security Laboratory

DES operates on the 64-bit blocks using key sizes of 56- bits. The keys are actually stored
as being 64 bits long, but every 8th bit in the key is not used (i.e. bits numbered 8, 16, 24,
32, 40, 48, 56, and 64). However, we will nevertheless number the bits from 1 to 64,
going left to right, in the following calculations. But, as you will see, the eight bits just
mentioned get eliminated when we create subkeys.

Example: Let K be the hexadecimal key K = 133457799BBCDFF1. This gives us as the

binary key (setting 1 = 0001, 3 = 0011, etc., and grouping together every eight bits, of
which the last one in each group will be unused):

K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001

The DES algorithm uses the following steps:

Step 1: Create 16 subkeys, each of which is 48-bits long.

The 64-bit key is permuted according to the following table, PC-1. Since the first entry in
the table is "57", this means that the 57th bit of the original key K becomes the first bit of
the permuted key K+. The 49th bit of the original key becomes the second bit of the
permuted key. The 4th bit of the original key is the last bit of the permuted key. Note only
56 bits of the original key appear in the permuted key.

PC-1

57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4

Example: From the original 64-bit key

K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001

we get the 56-bit permutation

K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111

Next, split this key into left and right halves, C0 and D0, where each half has 28 bits.

Example: From the permuted key K+, we get

C0 = 1111000 0110011 0010101 0101111

D0 = 0101010 1011001 1001111 0001111

With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1<=n<=16. Each pair
of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1, respectively, for n =
1, 2, ..., 16, using the following schedule of "left shifts" of the previous block. To do a left
 Information Security Laboratory

shift, move each bit one place to the left, except for the first bit, which is cycled to the end
of the block.

Iteration Number of
Number Left
Shifts

1 1
2 1
3 2
4 2
5 2
6 2
7 2
8 2
9 1
10 2
11 2
12 2
13 2
14 2
15 2
16 1

This means, for example, C3 and D3 are obtained from C2 and D2, respectively, by two
left shifts, and C16 and D16 are obtained from C15 and D15, respectively, by one left shift.
In all cases, by a single left shift is meant a rotation of the bits one place to the left, so that
after one left shift the bits in the 28 positions are the bits that were previously in positions
2, 3,..., 28, 1.

Example: From original pair pair C0 and D0 we obtain:

C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111

C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110

C2 = 1100001100110010101010111111
D2 = 0101010110011001111000111101

C3 = 0000110011001010101011111111
D3 = 0101011001100111100011110101

C4 = 0011001100101010101111111100
D4 = 0101100110011110001111010101

C5 = 1100110010101010111111110000
D5 = 0110011001111000111101010101

C6 = 0011001010101011111111000011
D6 = 1001100111100011110101010101
 Information Security Laboratory

C7 = 1100101010101111111100001100
D7 = 0110011110001111010101010110

C8 = 0010101010111111110000110011
D8 = 1001111000111101010101011001

C9 = 0101010101111111100001100110
D9 = 0011110001111010101010110011

C10 = 0101010111111110000110011001
D10 = 1111000111101010101011001100

C11 = 0101011111111000011001100101
D11 = 1100011110101010101100110011

C12 = 0101111111100001100110010101
D12 = 0001111010101010110011001111

C13 = 0111111110000110011001010101
D13 = 0111101010101011001100111100

C14 = 1111111000011001100101010101
D14 = 1110101010101100110011110001

C15 = 1111100001100110010101010111
D15 = 1010101010110011001111000111

C16 = 1111000011001100101010101111
D16 = 0101010101100110011110001111

We now form the keys Kn, for 1<=n<=16, by applying the following permutation table to
each of the concatenated pairs CnDn. Each pair has 56 bits, but PC-2 only uses 48 of
these.

PC-2

14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32

Therefore, the first bit of Kn is the 14th bit of CnDn, the second bit the 17th, and so on,
ending with the 48th bit of Kn being the 32th bit of CnDn.

Example: For the first key we have C1D1 = 1110000 1100110 0101010 1011111
1010101 0110011 0011110 0011110
 Information Security Laboratory

which, after we apply the permutation PC-2, becomes

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

For the other keys we have

K2 = 011110 011010 111011 011001 110110 111100 100111 100101

K3 = 010101 011111 110010 001010 010000 101100 111110 011001
K4 = 011100 101010 110111 010110 110110 110011 010100 011101
K5 = 011111 001110 110000 000111 111010 110101 001110 101000
K6 = 011000 111010 010100 111110 010100 000111 101100 101111
K7 = 111011 001000 010010 110111 111101 100001 100010 111100
K8 = 111101 111000 101000 111010 110000 010011 101111 111011
K9 = 111000 001101 101111 101011 111011 011110 011110 000001
K10 = 101100 011111 001101 000111 101110 100100 011001 001111
K11 = 001000 010101 111111 010011 110111 101101 001110 000110
K12 = 011101 010111 000111 110101 100101 000110 011111 101001
K13 = 100101 111100 010111 010001 111110 101011 101001 000001
K14 = 010111 110100 001110 110111 111100 101110 011100 111010
K15 = 101111 111001 000110 001101 001111 010011 111100 001010
K16 = 110010 110011 110110 001011 000011 100001 011111 110101

So much for the subkeys. Now we look at the message itself.

Step 2: Encode each 64-bit block of data.

There is an initial permutation IP of the 64 bits of the message data M. This rearranges
the bits according to the following table, where the entries in the table show the new
arrangement of the bits from their initial order. The 58th bit of M becomes the first bit of
IP. The 50th bit of M becomes the second bit of IP. The 7th bit of M is the last bit of IP.

IP

58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7

Example: Applying the initial permutation to the block of text M, given previously, we
get

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110
1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010
1010
 Information Security Laboratory

Here the 58th bit of M is "1", which becomes the first bit of IP. The 50th bit of M is "1",
which becomes the second bit of IP. The 7th bit of M is "0", which becomes the last bit
of IP.

Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32
bits.

Example: From IP, we get L0 and R0

L0 = 1100 1100 0000 0000 1100 1100 1111 1111

R0 = 1111 0000 1010 1010 1111 0000 1010 1010

We now proceed through 16 iterations, for 1<=n<=16, using a function f which operates
on two blocks--a data block of 32 bits and a key Kn of 48 bits--to produce a block of 32
bits. Let + denote XOR addition, (bit-by-bit addition modulo 2). Then for n going
from 1 to 16 we calculate

Ln = Rn-
1 Rn = Ln-1 + f(Rn-1,Kn)

This results in a final block, for n = 16, of L16R16. That is, in each iteration, we take the
right 32 bits of the previous result and make them the left 32 bits of the current step. For
the right 32 bits in the current step, we XOR the left 32 bits of the previous step with the
calculation f .

Example: For n = 1, we have

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0 + f(R0,K1)

It remains to explain how the function f works. To calculate f, we first expand each block
Rn-1 from 32 bits to 48 bits. This is done by using a selection table that repeats some of
the bits in Rn-1 . We'll call the use of this selection table the function E. Thus E(Rn-1) has a
32 bit input block, and a 48 bit output block.

Let E be such that the 48 bits of its output, written as 8 blocks of 6 bits each, are obtained
by selecting the bits in its inputs in order according to the following table:

E BIT-SELECTION TABLE

32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
 Information Security Laboratory

Thus the first three bits of E(Rn-1) are the bits in positions 32, 1 and 2 of Rn-1 while the
last 2 bits of E(Rn-1) are the bits in positions 32 and 1.

Example: We calculate E(R0) from R0 as follows:

R0 = 1111 0000 1010 1010 1111 0000 1010 1010

E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101

(Note that each block of 4 original bits has been expanded to a block of 6 output bits.)

Next in the f calculation, we XOR the output E(Rn-1) with the key Kn:

Kn + E(Rn-1).

Example: For K1 , E(R0), we have

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.

We have not yet finished calculating the function f . To this point we have expanded Rn-1
from 32 bits to 48 bits, using the selection table, and XORed the result with the key Kn .
We now have 48 bits, or eight groups of six bits. We now do something strange with each
group of six bits: we use them as addresses in tables called "S boxes". Each group of six
bits will give us an address in a different S box. Located at that address will be a 4 bit
number. This 4 bit number will replace the original 6 bits. The net result is that the eight
groups of 6 bits are transformed into eight groups of 4 bits (the 4-bit outputs from the S
boxes) for 32 bits total.

Write the previous result, which is 48 bits, in the form:

Kn + E(Rn-1) =B1B2B3B4B5B6B7B8,

where each Bi is a group of six bits. We now calculate

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)

where Si(Bi) referres to the output of the i-th S box.

To repeat, each of the functions S1, S2,..., S8, takes a 6-bit block as input and yields a 4-
bit block as output. The table to determine S1 is shown and explained below:

S1

Column Number
Row
No. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
 Information Security Laboratory

2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

If S1 is the function defined in this table and B is a block of 6 bits, then S1(B) is
determined as follows: The first and last bits of B represent in base 2 a number in the
decimal range 0 to 3 (or binary 00 to 11). Let that number be i. The middle 4 bits of B
represent in base 2 a number in the decimal range 0 to 15 (binary 0000 to 1111). Let that
number be j. Look up in the table the number in the i-th row and j-th column. It is a
number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the
output S1(B) of S1 for the input B. For example, for input block B = 011011 the first bit is
"0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits are
"1101". This is the binary equivalent of decimal 13, so the column is column number 13.
In row 1, column 13 appears 5. This determines the output; 5 is binary 0101, so that the
output is 0101. Hence S1(011011) = 0101.

The tables defining the functions S1,...,S8 are the following:

S1

14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

S2

15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

S3

10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12

S4

7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

S5

2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3
 Information Security Laboratory

S6

12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

S7

4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

S8

13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

Example: For the first round, we obtain as the output of the eight S boxes:

K1 + E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000 0010 1011 0101

1001 0111

The final stage in the calculation of f is to do a permutation P of the S-box output to

obtain the final value of f:

f = P(S1(B1)S2(B2)...S8(B8))

The permutation P is defined in the following table. P yields a 32-bit output from a 32-bit
input by permuting the bits of the input block.

16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25

Example: From the output of the eight S boxes:

 Information Security Laboratory

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000 0010 1011 0101

1001 0111

we get

f = 0010 0011 0100 1010 1010 1001 1011 1011

R1 = L0 + f(R0 , K1 )

= 1100 1100 0000 0000 1100 1100 1111 1111

+ 0010 0011 0100 1010 1010 1001 1011 1011
= 1110 1111 0100 1010 0110 0101 0100 0100

In the next round, we will have L2 = R1, which is the block we just calculated, and then
we must calculate R2 =L1 + f(R1, K2), and so on for 16 rounds. At the end of the sixteenth
round we have the blocks L16 and R16. We then reverse the order of the two blocks into
the 64-bit block

R16L16
-1
and apply a final permutation IP as defined by the following table:

IP-1

40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

That is, the output of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as
its second bit, and so on, until bit 25 of the preoutput block is the last bit of the output.

Example: If we process all 16 blocks using the method defined previously, we get, on the
16th round,

L16 = 0100 0011 0100 0010 0011 0010 0011 0100

R16 = 0000 1010 0100 1100 1101 1001 1001 0101

We reverse the order of these two blocks and apply the final permutation to

R16L16 = 00001010 01001100 11011001 10010101 01000011 01000010 00110010

00110100
-1
IP = 10000101 11101000 00010011 01010100 00001111 00001010 10110100
00000101

which in hexadecimal format is

 Information Security Laboratory

85E813540F0AB405.

This is the encrypted form of M = 0123456789ABCDEF: namely, C =

85E813540F0AB405.

Decryption is simply the inverse of encryption, follwing the same steps as above, but
reversing the order in which the subkeys are applied.

DES Modes of Operation

The DES algorithm turns a 64-bit message block M into a 64-bit cipher block C. If each
64-bit block is encrypted individually, then the mode of encryption is called Electronic
Code Book (ECB) mode. There are two other modes of DES encryption, namely Chain
Block Coding (CBC) and Cipher Feedback (CFB), which make each cipher block
dependent on all the previous messages blocks through an initial XOR operation.

Cracking DES

Before DES was adopted as a national standard, during the period NBS was soliciting
comments on the proposed algorithm, the creators of public key cryptography, Martin
Hellman and Whitfield Diffie, registered some objections to the use of DES as an
encryption algorithm. Hellman wrote: "Whit Diffie and I have become concerned that the
proposed data encryption standard, while probably secure against commercial assault,
may be extremely vulnerable to attack by an intelligence organization" (letter to NBS,
October 22, 1975).

Diffie and Hellman then outlined a "brute force" attack on DES. (By "brute force" is
meant that you try as many of the 2^56 possible keys as you have to before decrypting the
ciphertext into a sensible plaintext message.) They proposed a special purpose "parallel
computer using one million chips to try one million keys each" per second, and estimated
the cost of such a machine at $20 million.

Fast forward to 1998. Under the direction of John Gilmore of the EFF, a team spent
$220,000 and built a machine that can go through the entire 56-bit DES key space in an
average of 4.5 days. On July 17, 1998, they announced they had cracked a 56-bit key in
56 hours. The computer, called Deep Crack, uses 27 boards each containing 64 chips, and
is capable of testing 90 billion keys a second.

Despite this, as recently as June 8, 1998, Robert Litt, principal associate deputy attorney
general at the Department of Justice, denied it was possible for the FBI to crack DES:
"Let me put the technical problem in context: It took 14,000 Pentium computers working
for four months to decrypt a single message . . . . We are not just talking FBI and NSA
[needing massive computing power], we are talking about every police department."

Responded cryptograpy expert Bruce Schneier: " . . . the FBI is either incompetent or
lying, or both." Schneier went on to say: "The only solution here is to pick an algorithm
with a longer key; there isn't enough silicon in the galaxy or enough time before the sun
burns out to brute- force triple-DES" (Crypto-Gram, Counterpane Systems, August 15,
1998).
 Information Security Laboratory

Triple-DES

Triple-DES is just DES with two 56-bit keys applied. Given a plaintext message, the first
key is used to DES- encrypt the message. The second key is used to DES-decrypt the
encrypted message. (Since the second key is not the right key, this decryption just
scrambles the data further.) The twice-scrambled message is then encrypted again with
the first key to yield the final ciphertext. This three-step procedure is called triple-DES.

Triple-DES is just DES done three times with two keys used in a particular order. (Triple-
DES can also be done with three separate keys instead of only two. In either case the
resultant key space is about 2^112.)
 Information Security Laboratory

Experiment No 11

Make a study of any simulation tool related to Information Security

Wireshark:
Wireshark is a free and open source packet analyzer. It is used for network troubleshooting,
analysis, software andcommunications protocol development, and education. Originally
named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues. [4]
Wireshark is cross-platform, using the Qt widget toolkit in current releases to implement its user
interface, and using pcap to capture packets; it runs on Linux, OS X, BSD, Solaris, some
other Unix-like operating systems, and Microsoft Windows. There is also a terminal-based (non-
GUI) version called TShark. Wireshark, and the other programs distributed with it such as
TShark, are free software, released under the terms of the GNU General Public License.
Functionality:
Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting
and filtering options.
Wireshark lets the user put network interface controllers that support promiscuous mode into that
mode, so they can see all traffic visible on that interface, not just traffic addressed to one of the
interface's configured addresses and broadcast/multicast traffic. However, when capturing with
a packet analyzer in promiscuous mode on a port on a network switch, not all traffic through the
switch is necessarily sent to the port where the capture is done, so capturing in promiscuous mode
is not necessarily sufficient to see all network traffic. Port mirroring or various network
taps extend capture to any point on the network. Simple passive taps are extremely resistant to
tampering[citation needed].
On GNU/Linux, BSD, and OS X, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also
put wireless network interface controllers into monitor mode.
If a remote machine captures packets and sends the captured packets to a machine running
Wireshark using the TZSP protocol or the protocol used by OmniPeek, Wireshark dissects those
packets, so it can analyze packets captured on a remote machine at the time that they are captured

History:
In the late 1990s, Gerald Combs, a computer science graduate of the University of Missouri–
Kansas City, was working for a small Internet service provider. The commercial protocol analysis
products at the time were priced around $1500[5] and did not run on the company's primary
platforms (Solaris and Linux), so Gerald began writing Ethereal and released the first version
around 1998.[1] The Ethereal trademark is owned by Network Integration Services.
In May 2006, Combs accepted a job with CACE Technologies. Combs still held copyright on
most of Ethereal's source code (and the rest was re-distributable under the GNU GPL), so he used
the contents of the Ethereal Subversion repository as the basis for the Wireshark repository.
However, he did not own the Ethereal trademark, so he changed the name to Wireshark. [6] In
2010 Riverbed Technology purchased CACE[7] and took over as the primary sponsor of
Wireshark. Ethereal development has ceased, and an Ethereal security advisory recommended
switching to Wireshark.[8]
Wireshark has won several industry awards over the years, [9] including eWeek,[10] InfoWorld,[11]
[12][13][14][15]
 and PC Magazine.[16] It is also the top-rated Information Security Laboratory
 Information Security Laboratory

packet sniffer in the Insecure.Org network security tools survey and was the SourceForge Project
of the Month in August 2010.
Combs continues to maintain the overall code of Wireshark and issue releases of new versions of
the software. The product website lists over 600 additional contributing authors.

Features:
Wireshark is a data capturing program that "understands" the structure (encapsulation) of different
networking protocols. It can parse and display the fields, along with their meanings as specified
by different networking protocols. Wireshark uses pcap to capture packets, so it can only capture
packets on the types of networks that pcap supports.

 Data can be captured "from the wire" from a live network connection or read from a file of
already-captured packets.
 Live data can be read from a number of types of networks, including Ethernet, IEEE
802.11, PPP, and loopback.
 Captured network data can be browsed via a GUI, or via the terminal (command line)
version of the utility, TShark.
 Captured files can be programmatically edited or converted via command-line switches to
the "editcap" program.
 Data display can be refined using a display filter.
 Plug-ins can be created for dissecting new protocols. [19]
 VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the
media flow can even be played.
 Raw USB traffic can be captured.[20]
 Wireless connections can also be filtered as long as they transverse the monitored Ethernet.
[clarification needed]

 Various settings, timers, and filters can be set that ensure only triggered traffic appear.
[clarification needed]

Wireshark's native network trace file format is the libpcap format supported by libpcap and
WinPcap, so it can exchange captured network traces with other applications that use the same
format, including tcpdump and CA NetMaster. It can also read captures from other network
analyzers, such as snoop, Network General's Sniffer, and Microsoft Network Monitor.

Security:
Capturing raw network traffic from an interface requires elevated privileges on some platforms.
For this reason, older versions of Ethereal/Wireshark and tethereal/TShark often ran
with superuser privileges. Taking into account the huge number of protocol dissectors that are
called when traffic is captured, this can pose a serious security risk given the possibility of a bug
in a dissector. Due to the rather large number of vulnerabilities in the past (of which many have
allowed remote code execution) and developers' doubts for better future
development, OpenBSD removed Ethereal from its ports tree prior to OpenBSD 3.6. [21]
Elevated privileges are not needed for all operations. For example, an alternative is to run
tcpdump or the dumpcap utility that comes with Wireshark with superuser privileges to capture
packets into a file, and later analyze the packets by running Wireshark with restricted privileges.
 Information Security Laboratory

To emulate near realtime analysis, each captured file may be merged bymergecap into growing
file processed by Wireshark. On wireless networks, it is possible to use the Aircrack wireless
security tools to capture IEEE 802.11 frames and read the resulting dump files with Wireshark.
As of Wireshark 0.99.7, Wireshark and TShark run dumpcap to perform traffic capture. Platforms
that require special privileges to capture traffic need only dumpcap run with those privileges.
Neither Wireshark nor TShark need to or should be run with special privileges.
 Information Security Laboratory

Experiment No 12

To study the steps of implementation of VPN through Packet Tracer.

Packet Tracer – Configuring VPNs (Optional)

Topology

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

G0/0 192.168.1.1 255.255.255.0 N/A

R1
S0/0/0 10.1.1.2 255.255.255.252 N/A
G0/0 192.168.2.1 255.255.255.0 N/A
S0/0/0 10.1.1.1 255.255.255.252 N/A
R2
S0/0/1 10.2.2.1 255.255.255.252 N/A
G0/0 192.168.3.1 255.255.255.0 N/A
R3
S0/0/1 10.2.2.2 255.255.255.252 N/A
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1
PC-B NIC 192.168.2.3 255.255.255.0 192.168.2.1
PC-C NIC 192.168.3.3 255.255.255.0 192.168.3.1
ISAKMP Phase 1 Policy Parameters

Parameters R1 R3

Key distribution method Manual or ISAKMP ISAKMP ISAKMP

Encryption algorithm DES, 3DES, or AES AES AES
Hash algorithm MD5 or SHA-1 SHA-1 SHA-1
Authentication method Pre-shared keys or RSA pre-share pre-share
Key exchange DH Group 1, 2, or 5 DH 2 DH 2
IKE SA Lifetime 86400 seconds or less 86400 86400
ISAKMP Key cisco cisco

Bolded parameters are defaults. Other parameters need to be explicitly configured.

IPsec Phase 2 Policy Parameters

Parameters R1 R3

Transform Set VPN-SET VPN-SET

Peer Hostname R3 R1
Peer IP Address 10.2.2.2 10.1.1.2

Network to be encrypted 192.168.1.0/24 192.168.3.0/24

Crypto Map name VPN-MAP VPN-MAP
SA Establishment ipsec-isakmp ipsec-isakmp

Objectives
Part 1: Enable Security Features
Part 2: Configure IPsec Parameters on R1
Part 3: Configure IPsec Parameters on R3
Part 4: Verify the IPsec VPN

Scenario
In this activity, you will configure two routers to support a site-to-site IPsec VPN for traffic flowing from
their respective LANs. The IPsec VPN traffic will pass through another router that has no knowledge of the
VPN. IPsec provides secure transmission of sensitive information over unprotected networks such as the
Internet. IPsec acts at the network layer, protecting and authenticating IP packets between participating IPsec
devices (peers), such as Cisco routers.

Part 1: Enable Security Features

Step 1: Activate securityk9 module.
The Security Technology Package license must be enabled to complete this activity.
 Note: Both the user EXEC and privileged EXEX pass word is cisco.
a. Issue the show version command in the user EXEC or privileged EXEC mode to verify that the Security
Technology Package license is activated.
----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc None None None
data None None None

Configuration register is 0x2102

b. If not, activate the securityk9 module for the next boot of the router, accept the license, save the
configuration, and reboot.
R1(config)# license boot module c2900 technology-package securityk9
R1(config)# end
R1# copy running-config startup-config
R1# reload
c. After the reloading is completed, issue the show version again to verify the Security Technology
Package license activation.
Technology Package License Information for Module:'c2900'

----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Evaluation securityk9
uc None None None
data None None None
d. Repeat Steps 1a to 1c with R3.

Part 2: Configure IPsec Parameters on R1

Step 1: Test connectivity.
Ping from PC-A to PC-C.

Step 2: Identify interesting traffic on R1.

Configure ACL 110 to identify the traffic from the LAN on R1 to the LAN on R3 as interesting. This interesting
traffic will trigger the IPsec VPN to be implemented whenever there is traffic between R1 to R3 LANs. All
other traffic sourced from the LANs will not be encrypted. Remember that due to the implicit deny any, there is
no need to add the statement to the list.
R1(config)# access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.3.0
0.0.0.255
Step 3: Configure the ISAKMP Phase 1 properties on R1.
Configure the crypto ISAKMP policy 10 properties on R1 along with the shared crypto key cisco. Refer to
the ISAKMP Phase 1 table for the specific parameters to configure. Default values do not have to be
configured therefore only the encryption, key exchange method, and DH method must be configured.
R1(config)# crypto isakmp policy 10
R1(config-isakmp)# encryption aes
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# exit
R1(config)# crypto isakmp key cisco address 10.2.2.2

Step 4: Configure the ISAKMP Phase 2 properties on R1.

Create the transform-set VPN-SET to use esp-3des and esp-sha-hmac. Then create the crypto map VPN-
MAP that binds all of the Phase 2 parameters together. Use sequence number 10 and identify it as an ipsec-
isakmp map.
R1(config)# crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
R1(config)# crypto map VPN-MAP 10 ipsec-isakmp
R1(config-crypto-map)# description VPN connection to R3
R1(config-crypto-map)# set peer 10.2.2.2
R1(config-crypto-map)# set transform-set VPN-SET
R1(config-crypto-map)# match address 110
R1(config-crypto-map)# exit

Step 5: Configure the crypto map on the outgoing interface.

Finally, bind the VPN-MAP crypto map to the outgoing Serial 0/0/0 interface. Note: This is not graded.
R1(config)# interface S0/0/0
R1(config-if)# crypto map VPN-MAP

Part 3:Configure IPsec Parameters on R3

Step 1: Configure router R3 to support a site-to-site VPN with R1.
Now configure reciprocating parameters on R3. Configure ACL 110 identifying the traffic from the
LAN on R3 to the LAN on R1 as interesting.
R3(config)# access-list 110 permit ip 192.168.3.0 0.0.0.255 192.168.1.0
0.0.0.255

Step 2: Configure the ISAKMP Phase 1 properties on R3.

Configure the crypto ISAKMP policy 10 properties on R3 along with the shared crypto key cisco.
R3(config)# crypto isakmp policy 10
R3(config-isakmp)# encryption aes
R3(config-isakmp)# authentication pre-share
R3(config-isakmp)# group 2
R3(config-isakmp)# exit
R3(config)# crypto isakmp key cisco address 10.1.1.2
Step 3: Configure the ISAKMP Phase 2 properties on R1.
Like you did on R1, create the transform-set VPN-SET to use esp-3des and esp-sha-hmac. Then create the
crypto map VPN-MAP that binds all of the Phase 2 parameters together. Use sequence number 10 and
identify it as an ipsec-isakmp map.
R3(config)# crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
R3(config)# crypto map VPN-MAP 10 ipsec-isakmp
R3(config-crypto-map)# description VPN connection to R1
R3(config-crypto-map)# set peer 10.1.1.2
R3(config-crypto-map)# set transform-set VPN-SET
R3(config-crypto-map)# match address 110
R3(config-crypto-map)# exit

Step 4: Configure the crypto map on the outgoing interface.

Finally, bind the VPN-MAP crypto map to the outgoing Serial 0/0/1 interface. Note: This is not graded.
R3(config)# interface S0/0/1
R3(config-if)# crypto map VPN-MAP

Part 4:Verify the IPsec VPN

Step 1: Verify the tunnel prior to interesting traffic.
Issue the show crypto ipsec sa command on R1. Notice that the number of packets encapsulated, encrypted,
decapsulated and decrypted are all set to 0.
R1# show crypto ipsec sa

interface: Serial0/0/0
Crypto map tag: VPN-MAP, local addr 10.1.1.2

protected vrf: (none)

local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer 10.2.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.1.1.2, remote crypto endpt.:10.2.2.2

path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0/0
current outbound spi: 0x0(0)
<output omitted>

Step 2: Create interesting traffic.

Ping PC-C from PC-A.
 Step 3: Verify the tunnel after interesting traffic.
On R1, re-issue the show crypto ipsec sa command. Now notice that the number of packets is
more than 0 indicating that the IPsec VPN tunnel is working.
R1# show crypto ipsec sa

interface: Serial0/0/0
Crypto map tag: VPN-MAP, local addr 10.1.1.2

protected vrf: (none)

local ident (addr/mask/prot/port):
(192.168.1.0/255.255.255.0/0/0) remote ident
(addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer 10.2.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 0
#pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0

local crypto endpt.: 10.1.1.2, remote crypto

endpt.:10.2.2.2 path mtu 1500, ip mtu 1500, ip mtu idb
Serial0/0/0
current outbound spi: 0x0A496941(172583233)
<output omitted>

Step 4: Create uninteresting traffic.

Ping PC-B from PC-A.

Step 5: Verify the tunnel.

On R1, re-issue the show crypto ipsec sa command. Finally, notice that the number of packets has not changed
verifying that uninteresting traffic
 5. Viva Questions

1. If you are a victim of Denial of Service (Dos) then what you do?

2. What are Brute force Attacks?

3. How do you use RSA for both authentication and secrecy?

4. If you have to generate a hash function then what characteristics are needed in a
secure hash function?

5. What is digital signature? Differentiate between Physical and Digital Signature?

6. What is Authentication Header and how it provides the protection to IP header?

7. Explain SSL Protocol. How does it protect internet users from various threats?

8. What is PIX firewall security? How does it differ from a firewall?

9. What is plain text? What is cipher text? Give an example of transformation of

plain text into cipher text.

10. What are replay attacks? Give an example of replay attack

11. What are the two basic ways of transforming plain text into cipher text?

12. ‘What is Symmetric-Key cryptography and Asymmetric-Key cryptography?

13. Explain the use of SSL to secure the network.

14. What is the difference between Substitution Cipher and Transposition Cipher?

15. Discuss the concepts of Caesar Cipher.

16. Explain RSVP. How does it work?

17. What is the goal of Information Security in an organization?

18. What is the output of plain text Hello there, my name is Atul if we use Ceasar
Cipher to encode it?

19. How can Ceasar Cipher be cracked?

20. What is non-repudiation? How can it be achieved in designing e-cash based

system? Give a suitable algorithm.

21. Discuss the algorithm for Rail Fence Technique.

22. How does an authentication system differ from a firewall in functioning?

23. Distinguish between stream and block ciphers.

24. Write a note on the security and possible vulnerabilities of the various algorithm
modes.

25. What is an Initialization Vector (IV)? What is its significance?

26. Explain the main concepts in DES?

27. Discuss the history of asymmetric key cryptology in brief.

28. If A wants to send a message securely to B, what would be the typical steps
involved?

29. What is the real crux of RSA?

30. Describe the advantages and disadvantages of symmetric and asymmetric key
cryptology.

31. What is key wrapping? How is it useful?

32. What are the key requirements of message digests?

33. How does an authentication system differ from a firewall in functioning?

34. What is the important aspect that establishes trust in digital signatures?

35. What is an application gateway?

36. Why is the SSL layer positioned between the application lyer and the transport
layer?

37. What is the purpose of the SSL alert protocol?

38. Which are the key participants in SET?

39. Explain the concept of key rings in PGP.

40. Explain briefly how firewalls protect network.

6. References

TEXT BOOKS:
1. Godbole," Information Systems Security", Wiley
2. Merkov, Breithaupt," Information Security", Pearson Education