Information Security Lab File: Name - Harkirat Singh Class - CSE - 3 Enrollment No - 01976802717
Information Security Lab File: Name - Harkirat Singh Class - CSE - 3 Enrollment No - 01976802717
LAB FILE
Name – HARKIRAT
SINGH
Class – CSE -3
Enrollment No - 01976802717
INDEX
3. To Implement 3 9 10/09/2020
Diffie-Hellman
algorithm .
4. To Make an 4 12 17/09/2020
experiment to
implement
WEP/WPA2 PSK,
802.1x EAP security
protocol.
5. To Implement 5 16 24/09/2020
firewall through
App to login into
bank-site; to
implement E-
commerce, debit
card transaction
through payment
gateway.
6. To Implement 6 19 1/10/2020
biometric system
to have physical
security through
different access
control
permissions.
Code:
import
java.math.BigInteger;
import
java.util.Random;
import java.io.*; public
class RSAISexp5 {
public static void main(String[] args) throws
IOException { BigInteger p,q,N,z,e,d; int bitlength =
1024; Random r; r = new Random();
p = BigInteger.probablePrime(bitlength,
r); q =
BigInteger.probablePrime(bitlength, r);
N = p.multiply(q);
z=
p.subtract(BigInteger.ONE).multiply(q.subtract(BigInteger.ONE));
e = BigInteger.probablePrime(bitlength/2, r);
while (z.gcd(e).compareTo(BigInteger.ONE) > 0 && e.compareTo(z) < 0 )
{
e.add(BigInteger.ONE);
}
d = e.modInverse(z);
DataInputStream in=new DataInputStream(System.in);
String msg ;
System.out.println("Enter the plain
text:"); msg = in.readLine(); //
encrypt int sum=0, rem=0;
byte[] encrypted = new BigInteger(msg.getBytes()).modPow(e, N).toByteArray(); for(int i=0;
i<encrypted.length; i++)
{
sum +=(int)(Math.abs(encrypted[i]));
}
StringBuffer sb = new StringBuffer();
rem = sum%10;
sum/=10;
sb.append((char)(rem+97));
}
System.out.println("Encrypted text is: "+sb);
// decrypt
byte[] decrypted = new BigInteger(encrypted).modPow(d, N).toByteArray();
System.out.println("Decrypted String: " + new String(decrypted));
}
}
Output:
Experiment No – 2
Code:
import
java.io.*;
import
java.lang.*;
class SDES {
public int K1,
K2;
public static final int P10[] = { 3, 5, 2, 7, 4, 10, 1, 9,
8, 6}; public static final int P10max = 10; public
static final int P8[] = { 6, 3, 7, 4, 8, 5, 10, 9};
public static final int P8max = 10; public
static final int P4[] = { 2, 4, 3, 1}; public
static final int P4max = 4; public static final
int IP[] = { 2, 6, 3, 1, 4, 8, 5, 7}; public static
final int IPmax = 8; public static final int
IPI[] = { 4, 1, 3, 5, 7, 2, 8, 6}; public static
final int IPImax = 8; public static final int
EP[] = { 4, 1, 2, 3, 2, 3, 4, 1};
public static final int EPmax = 4;
public static final int S0[][] = {{ 1, 0, 3, 2},{ 3, 2, 1, 0},{ 0, 2, 1,
3},{ 3, 1, 3, 2}};
public static final int S1[][] = {{ 0, 1, 2, 3},{ 2, 0, 1, 3},{ 3, 0, 1,
2},{ 2, 1, 0, 3}};
public static int permute( int x, int p[], int pmax)
{
int y = 0;
for( int i = 0; i < p.length; ++i)
{
y <<= 1;
y |= (x >> (pmax - p[i])) & 1;
}
return y;
}
}
public byte decrypt( int m)
{
System.out.println("\nDecryption Process
Starts........\n\n"); printData( m, 8); m = permute( m,
IP, IPmax); System.out.print("\nAfter Permutation : ");
printData( m, 8); m = fK( m, K2);
System.out.print("\nbefore
Swap : "); printData( m, 8); m =
SW( m);
System.out.print("\nAfter
Swap : "); printData( m, 8); m
= fK( m, K1);
System.out.print("\nBefore Extraction
Permutation : "); printData( m, 4); m = permute(
m, IPI, IPImax);
System.out.print("\nAfter Extraction Permutation : "); printData( m, 8);
return (byte) m;
}
public static void printData( int x, int n)
{
int mask = 1 << (n-1);
while( mask > 0)
{
System.out.print( ((x & mask) == 0) ? '0' : '1');
mask >>= 1;
}
}
public SDES( int K)
{
K = permute( K, P10, P10max); int t1
= (K >> 5) & 0x1F; int t2 = K & 0x1F;
t1 = ((t1 & 0xF) << 1) | ((t1 & 0x10)
>> 4); t2 = ((t2 & 0xF) << 1) | ((t2 &
0x10) >> 4); K1 = permute( (t1 <<
5)| t2, P8, P8max); t1 = ((t1 & 0x7)
<< 2) | ((t1 & 0x18) >> 3); t2 = ((t2 &
0x7) << 2) | ((t2 & 0x18) >> 3);
K2 = permute( (t1 << 5)| t2, P8, P8max);
}
}
// Main operations
public class DES
{
public static void main( String args[]) throws Exception
{
DataInputStream inp=new
DataInputStream(System.in);
System.out.println("Enter the 10 Bit Key :"); int K =
Integer.parseInt(inp.readLine(),2);
SDES A = new SDES( K);
System.out.println("Enter the 8 Bit message To be Encrypt :
"); int m = Integer.parseInt(inp.readLine(),2);
System.out.print("\nKey K1: ");
SDES.printData( A.K1, 8);
System.out.print("\nKey
K2: "); SDES.printData(
A.K2, 8); m = A.encrypt(
m);
System.out.print("\nEncrypted Message: ");
SDES.printData( m,
8); m = A.decrypt(
m);
System.out.print("\nDecrypted Message: ");
SDES.printData( m, 8);
}
}
Output:
Experiment No – 3
Aim: Implement Diffie-Hellman algorithm
Code:
import java.util.Scanner; import
java.util.*; public class ISdel {
public static void main(String[]
args) { Scanner sc = new
Scanner(System.in); int
n,g,x,a,y,b;
System.out.println("Enter the value of n and g: ");
n=
sc.nextInt();
g=
sc.nextInt();
System.out.println("Enter the value of x for the first
person: "); x = sc.nextInt(); a = (int) power(g,x,n);
System.out.println("Enter the value of y for the second
person: "); y = sc.nextInt(); b = (int) power(g,y,n);
System.out.println("Key for first person is "+" "+(int) power(b,x,n));
System.out.println("Key for second person is "+" "+(int) power(a,y,n));
}
public static long power(int a,int b,int mod)
{
long t;
if(b==1)
return a;
t=power(a,b/2,mod);
if(b%2==0)
return (t*t)%mod;
else
return (((t*t)%mod)*a)%mod;
}
public static long calculateKey(int a,int x,int n)
{
return power(a,x,n);
}
Output:
Experiment No – 4
Aim: To Make an experiment to implement WEP/WPA2 PSK, 802.1x EAP security protocol.
WEP: WEP relies on a broken RC4 implementation and has severe flaws in various aspects of its
protocol, which make breaking WEP near trivial. Anyone with a laptop and a $20 Wi-Fi antenna can
send special deauth packets, which cause legitimate clients to re-authenticate to the AP. The attacker
can then capture the initialization vectors from these re-authentication packets and use them to crack
the WEP key in minutes. Due to the severity of the break, WEP is now considered deprecated
WPA: WPA improves upon this, by combining RC4 with TKIP, which helps defend against the IV-based
attacks found in WEP. It also improves upon the old handshake mechanism, to make it more resistant
to de-auth attacks. Whilst this makes a large improvement, vulnerabilities were found in the way that
the protocol worked, allowing an attacker to break TKIP keys in about 15-20 minutes.
WPA2: WPA2 closes holes in WPA, and introduces an enhanced version of TKIP, as well as CCMP. The
standard also bring support for AES, which provides even further security benefits. At current, there
are no known generic attacks against WPA2.
By 2001, hacker attacks on WEP had made strengthened wireless security imperative. The IEEE began
work on 802.11i, an improved standard. In 2003, rather than wait until final approval of the standard,
the Wi-Fi Alliance created Wi-Fi Protected Access (WPA), which is based on a subset of the then-
current 802.11i draft.
Authentication
• Personal mode: This utilizes manually configured keys in the same manner as WEP. All
clients use the same initial master key.
• Enterprise mode: The AP uses Extensible Authentication Protocol (EAP) to negotiate a pair-
wise master key with each client individually. The AP then verifies the identity of the client
with an 802.1x server. The result is that each client that is permitted to use the network is
validated against information configured in the 802.1x server and uses a key different from
the keys used by other clients.
EAP, defined by RFC 3748, is an extensible protocol. It does not define a specific authentication
protocol but simply specifies a set of functions and formats. A large number of EAP methods have
been defined. The Wi-Fi Alliance has chosen a subset of the available methods.
In Enterprise mode, after successfully authenticating -- using one of the EAP methods -- the client
and AP receive messages from the 801.1x server that both use to create the PMK. They then
exchange messages to create the PTK. The PTK is then used to encrypt and decrypt messages.
In both cases, Personal and Enterprise, a group temporal key (GTK) is created during the exchange
between the client and AP. The GTK is used to decrypt broadcast and multi-cast messages.
WPA2 also adds methods to speed the handoff as a client moves from AP to AP. The process of
authenticating with an 802.1x server and generating keys takes enough time to cause a noticeable
interruption of a voice over wireless call. WPA2 specifies ways in which a client can pre-authorize with
neighboring APs. APs and clients can also retain keys so that a client returning to an AP can quickly
resume communication.
These security features protect the data traffic on your wireless LAN:
• TKIP (Temporal Key Integrity Protocol)—TKIP is a suite of algorithms surrounding WEP that is
designed to achieve the best possible security on legacy hardware built to run WEP. TKIP
adds four enhancements to WEP:
• CKIP (Cisco Key Integrity Protocol)—Cisco's WEP key permutation technique based on an
early algorithm presented by the IEEE 802.11i security task group.
• CMIC (Cisco Message Integrity Check)—Like TKIP's Michael, Cisco's message integrity check
mechanism is designed to detect forgery attacks.
Beginning in privileged EXEC mode, follow these steps to create a WEP key and set the key
properties: This example shows how to create a 128-bit WEP key in slot 2 for VLAN 1 and sets the
key as the transmit key:
bridge# configure terminal
bridge(config)# configure interface dot11radio 0
bridge(config-if)# encryption vlan 1 key 2 size 128 12345678901234567890123456 transmit-key
bridge(config-if)# end
Flow diagram:
Experiment No – 5
Aim: Implement firewall through App to login into bank-site; to implement E-commerce,
debit card transaction through payment gateway.
Source: Specify source zone and host IP address/network address to which the rule applies.
To define host group based firewall rule you need to define host group.
Under Select Address, click Create Host Group to define host group from firewall rule itself or from
Firewall Host GroupCreate
Under Select Address, click Add Host to define host group from firewall rule itself rule itself or from
Firewall HostAdd Host
Check Identity
Destination
Under Select Address, click Create Host Group to define host group from firewall rule itself or from
Firewall Host Group Create
Under Select Address, click Add Host to define host group from firewall
Service/Service Group
Under Select Here, click Create Service Group to define service group from firewall rule itself rule
itself or from Firewall ServiceCreate Service
Cyberoam provides several standard services and allows creating the custom services also. Under
Select Here, click Create Service to define service from firewall rule itself rule itself or from
Firewall ServiceCreate Service
Action
For
example,
If the request is received on the LAN port using a spoofed IP address (public IP address or the IP
address not in the LAN zone network) and specific route is not defined, Cyberoam will send a response
to these hosts using default route. Hence, response will be sent through the WAN port.
Experiment No – 6
Aim: Implement biometric system to have physical security through different access control
permissions.
Language Used: MATLAB
Algorithm:
Flow Chart:
Result: The desired biometric system performs in a correct manner, thus performs
normally.
Experiment No – 7
Aim: Make a study of anyone simulation tool based on parameters of information security.
Simulation is the imitation of the operation of a real-world process or system over time. The act of
simulating something first requires that a model be developed; this model represents the key
characteristics or behaviors/functions of the selected physical or abstract system or process. The
model represents the system itself, whereas the simulation represents the operation of the system
over time. Simulation is used in many contexts, such as simulation of technology for performance
optimization, safety engineering, testing, training, education, and video games.
Nessi
With NeSSi, we aim to provide a network simulation tool specifically tailored to meet the needs of
security experts and network administrators. This target group will be able to test and evaluate the
performance of commonly available security solutions as well as new research approaches. As a
distinguishing feature to the previous tools described above. NeSSi provides extensive support of
complex application-level scenarios on top of a faithful simulation of the TCP/IP protocol stack.
Simulated networks are modeled to reflect real-world network topologies by supporting subnet-layer
modeling and different node types with varying capabilities (Core and Access subnets, wireless
networks etc.). In particular, NeSSi follows a strict object-oriented design pattern and fosters the
integration of third-party applications via a standardized socket interface. Furthermore, it provides a
comprehensive Detection API for the integration and evaluation of predefined as well as external
detection units. In particular, special common attack scenarios are supported and can be simulated,
for example worm-spread scenarios, botnet-based DDoS attacks and many more. In addition,
customized profiles expressing the node behavior can be applied within the simulation.
The application layer simulation capabilities in NeSSi are provided by distributed software agents,
introducing another layer of complexity. In order to maintain scalability, a parallel execution model is
used in conjunction with a discrete event model. In this context, the agent platforms are running on
multiple parallel machines and connect independently to a central database module. A graphical user
front-end allows for real-time inspection and configuration of scenarios
Nessi2
NeSSi2 aims to fill the gap by offering simulation and evaluation features specifically tailored to meet
the needs of security experts and network administrators. This target group will be able to test and
evaluate the performance of commonly available security solutions as well as new research
approaches. As a distinguishing feature to the previous tools described above, NeSSi2 provides
extensive support of complex application-level scenarios on top of a faithful simulation of the TCP/IP
protocol stack. Simulated networks are modeled to reflect real-world network topologies by
supporting subnet-layer modeling and different node types with varying capabilities (Core and Access
subnets, wireless networks etc.). In particular, NeSSi2 adheres to a modular design pattern and fosters
the integration of third-party applications via a standardized plugin interface.
Furthermore, it provides a comprehensive Detection API for the integration and evaluation of
simulated as well as external detection units. In particular, special common attack scenarios are
supported and can be simulated, worm-spread scenarios and botnet-based DDoS attacks are only two
of the example scenarios supported by NeSSi2. In addition, customized profiles expressing the node
behavior can be applied within the simulation.
The application layer simulation capabilities in NeSSi2 are provided by distributed software agents,
introducing another layer of abstraction. In order to maintain scalability, a parallel execution model
is used in conjunction with a discrete event model. In this context, the agent platforms are running
on multiple parallel machines and connect independently to a database server from which simulation
results can be retrieved in an asynchronous and concurrent fashion. The graphical user interface
allows for realtime inspection and configuration of scenarios.
NeSSi2 is designed to extend conventional network simulation tool features by supporting detailed
examination and testing opportunities of security-related network algorithms, detection units and
frameworks. The main focus of NeSSi2 is to provide a realistic packet-level simulation environment as
a testbed for the development of new detection units as well as existing ones.
1. Traffic Generation: Network traffic in the form of IP packets, complete with header and
body, can be generated by different means. Implementing the TCP/IP protocol stack, NeSSi2
features an application layer module which is based on standard Java socket
implementations. NeSSi2 incorporates several application level protocols (HTTP, SMTP, etc.)
and supports static and dynamic routing protocols which can be selected by the user.
2. Protocol Stack: The TCP/IP reference model is the de-facto standard for Internet
communication.
Due to its importance, NeSSi2 also offers an implementation for
it.
3. Security Feature: The distinguishing feature of NeSSi2 is the focus on network security
framework and algorithm evaluation.
The simulation setup in NeSSi2 is not only comprised of network creation and attachment of traffic
profiles, but additionally security related settings can be configured.
When a security framework composed of several detection units is to be tested, profiles can also be
used in NeSSi2 to simulate attacker behavior and attack patterns. Accordingly, NeSSi2 provides out-
of-the box support for various attack scenarios such as bot networks initiating DDoS attacks. Here,
infected end device nodes, “zombies”, are controlled by the bot net commander via the Internet Relay
Chat application. The commander is capable of initiating different kinds of DDoS attacks like the SYN
Flooding or UDP Storm. To this end, the attacker connects to an IRC communication server and sends
attack commands to a chat channel all the bots are listening to. As a result, the bots execute the
desired attack.
The actual simulation is performed on a machine with hardware dedicated solely to this purpose, the
simulation backend. At the Berlin Institute of Technology for example, the NeSSi2 simulation backend
runs on a Sun XFire 4600 blade server (8 blades, 8 cores per blade). Once a simulation is submitted
for execution, the simulation backend parses the desired simulation parameters (which event types
to log, how many runs to execute etc.), creates a corresponding simulation environment, sets up the
database connection and schedules the simulation to run as soon as the necessary processing
resources are available.
Experiment No – 8
Aim: Implement VPN through Packet-Tracer or any other network simulation tool.
Procedure/Algorithm