Oriental Institute of Science & Technology, Bhopal

DEPARTMENT OF INFORMATION
TECHNOLOGY

LAB FILE

Session : Jan-Jun 2021

Enrolment No : 0105IT171052
Name : Manish Kumar
Subject Code : IT801
Subject Name : Information Security

Submitted to:
Prof. Sarika Khatarkar
Index
S. No. Particulars Page No
1 Vision and Mission of the Institute
2 Vision and Mission of the Department
3 Program Educational Objective (PEOs)
4 program Specific Outcomes (PSOs)
5 Program Outcomes (POs)
6 Course Outcomes (COs)
7 University Scheme
8 Syllabus
9 List of Experiments
10 Experiments
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

VISION AND MISSIONS OF THE INSTITUTE

VISION

The Institute aspires to become a “center of excellence” with emphasis on quality

teaching and research so as to deliver comprehensively trained, innovative engineers
and enterprising, competent professionals, who are ethically responsible to serve the
society.

MISSION

To create an academic ambience this nurtures the students to attain domain

knowledge, lifelong learning skills and ethical inputs to sustain in a highly competitive
environment.

To establish state of art infrastructure and facilities, this will pave the way for
dissemination of technical knowledge with passion and commitment.

To impart industry relevant skill based training and aid in overall development of
students.

To foster research and consultancy in collaboration with Institutes of National repute

and industry, so that students can come up with innovative technology, that caters to
the needs of the society.
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

VISION AND MISSION OF THE DEPARTMENT

VISION

To become a National Center of Excellence in the field of information

technology with a strong teaching learning environment that adapts rapidly to
the challenges of the industries.

MISSION

Providing quality education and spawn knowledge by engaging

M1: students in learning, leading to careers as IT professionals in the
widely diversified domains of industry and academic world.

To make our students up-to-date on curriculum and nurture them in

M2: information technology field for better carrier as software
professional.

To promote skill development of our graduates for leadership in the

M3:
profession.
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

Program Educational Objective (PEOs)

Able to apply concepts of mathematics, science, hardware and software aspects of

PEO 1:
computing to Computer Science and Engineering

Able to design and develop interdisciplinary and innovative hardware and

PEO 2:
software solutions.

Able to inculcate effective communication skills, team work, ethics, leadership in

PEO 3: preparation for a successful career in government, academia, industry and R&D
organizations.
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

Programme Specific Outcomes (PSOs)

PSO1: Develop skills to design, analyze algorithms and implement those using recent
programming languages.

Apply learning of courses related to web engineering, networking, database

PSO2: management, security and interdisciplinary domain to derive solutions of real world
problems.
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

Program Outcomes (POs)

Engineering Graduates will be able to:

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering

fundamentals, and an engineering specialization to the solution of complex engineering
problems.
2. Problem analysis: Identify, formulate, reviewer search literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of
mathematics, natural sciences, and engineering sciences.
3. Design/development of solutions: Design solutions for complex engineering problems and
design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
4. Conduct investigations of complex problems: Use research-based knowledge and research
methods including design of experiments, analysis and interpretation of data, and synthesis
of the information to provide valid conclusions.
5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modeling to complex Engineering
activities with an understanding of the limitations.
6. The engineer and society: Apply reasoning informed by the contextual knowledge to assess
societal, health, safety, legal and cultural issues and the consequent responsibilities relevant
to the professional engineering practice.
7. Environment and sustainability: Understand the impact of the professional engineering
solutions in societal and environmental contexts, and demonstrate the knowledge of, and
need for sustainable development.
8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practices.
9. Individual and teamwork: Function effectively as an individual, and as a member or leader
in diverse teams, and in multidisciplinary settings.
10. Communication: Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and
write effective reports and design documentation, make effective presentations, and give and
receive clear instructions.
11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member
and leader in a team, to manage projects and in multidisciplinary environments.
12. Life-long learning: Recognize the need for, and have the preparation and ability to engage
in independent and life-long learning in the broadest context of technological change.
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

Information Security

Course Outcomes

Upon the completion of Information Security Laboratory, the student will be able to:

Understand key terms and concepts in information security and Cryptography

IT801.1
and evaluate the cyber security needs of an organization
Acquire knowledge to secure computer systems, protect personal data, and
IT801.2
secure computer networks in an organization
Apply knowledge of various encryption algorithms and authentication
IT801.3
mechanisms to secure information in computer systems and networks
Understand principles of web security to secure network by monitoring and
IT801.4 analyzing the nature of attacks and design/develop security architecture for an
organization.
IT801.5 Design operational and strategic information security strategies and policies.
ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

SCHEME
ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

SYLLABUS
 ORIENTAL INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL
DEPARTMENT OF INFORMATION TECHNOLOGY

LIST OF EXPERIMENTS

Exp. Course Date of

Experiment Sign
No. Outcome Completion

Study of Network Security fundamentals - Ethical Hacking,

1 C01
Social Engineering practices.

Study of System threat attacks - Denial of Services.

2 C01

Study of Sniffing and Spoofing attacks.

3 C02

Study of Techniques uses for Web Based Password

4 C02
Capturing.

Study of Different attacks causes by Virus and Trojans.

5 C03

6 Study of Anti-Intrusion Technique – Honey pot.

C03

7 Study of Symmetric Encryption Scheme – RC4.

C04

8 . Implementation of S-DES algorithm for data encryption

C04

9 Implementation of Asymmetric Encryption Scheme – RSA

C05
10 Study of IP based Authentication. C05
Experiment No. 1
AIM: Study of Network Security fundamentals - Ethical Hacking, Social
Engineering practices.

Ethical Hacking- Ethical hacking and a ethical hacker are terms that describe hacking performed to
help a company or individual identify potential threats on the computer or network. An ethical hacker
attempts to hack their way past the system security, finding any weak points in the security that could
be exploited by other hackers. The organization uses what the ethical hacker finds to improve the
system security, in an effort to minimize, if not eliminate any potential hacker attacks.

In order for hacking to be deemed ethical, the hacker must obey the below rules.

1. You have permission to probe the network and attempt to identify potential security risks.
It's recommended that if you are the person performing the tests that you get written
consent.
2. You respect the individual's or company's privacy and only go looking for security issues.
3. You report all security vulnerabilities you detect to the company, not leaving anything
open for you or someone else to come in at a later time.
4. You let the software developer or hardware manufacturer know of any security
vulnerabilities you locate in their software or hardware if not already known by the
company.
The term "ethical hacker" has received criticism at times from people who say that there is no such
thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the
hacking are commonly referred to as computer criminals. However, the work that ethical hackers do for
organizations has helped improve system security and can be said to be quite successful. Individuals
interested in becoming an ethical hacker can work towards a certification to become a Certified Ethical
Hacker. This certification is provided by the International Council of E-Commerce Consultants (EC-
Council).

Social Engineering practices: The practice of deceiving someone, either in person, over the phone, or
using a computer, with the express intent of breaching some level of security either personal or
professional. Social engineering techniques are considered con games which are performed by con
artists. The targets of social engineering may never realize they have been victimized.

Also Known As: Con Games

Examples:
Using social engineering techniques, the hacker managed to get the network administrator to provide
him the username and password needed to gain access to the company's server.
SOCIAL ENGINEERING TACTICS AND TOOLS –
USING DECEPTION TO BREAK IN
Social engineering attacks are based on one thing – information. Without information about your
customers, social engineers aren’t able to use the elicitation and pretesting tactics that are described
below.
This information is relatively simple to obtain. A good social engineer can spend a few hours researching
a target online and have enough information to make even the most seasoned contact center agent
believe the social engineer is someone they are not. The increasing amount of personal information
that’s available using search engines, who is databases, social media (Facebook, LinkedIn, MySpace,
Twitter, etc.), blogs, wikis, and photo sharing sites makes it very simple for them to find or determine:
Even social security numbers are available from some paid research services.
Once the social engineer has relevant information, they use it in these highly effective human hacking
tactics:
• Elicitation
• Pretexting
Experiment No. 2
Aim: Study of System threat attacks - Denial of Services.

Denial of Service: The goal of a denial of service attack is to deny legitimate users access to a
particular resource. An incident is considered an attack if a malicious user intentionally disrupts service
to a computer or network resource. Denial of service (DoS) attacks has become a major threat to
current computer networks. To have a better understanding on DoS attacks, In particular, we network
based and host based DoS attack techniques to illustrate attack principles. DoS attacks are classified
according to their major attack characteristics. Current counterattack technologies are also reviewed,
including major defense products in deployment and representative defense approaches in research.
Finally, DoS attacks and defenses in 802.11 based wireless networks are explored at physical, MAC and
network layers.

OVERVIEW OF DOS ATTACKS IN THE INTERNET

In this section, we overview the common DDoS attack techniques and discuss why attacks
succeed fundamentally.

Attack Techniques
Many attack techniques can be used for DoS purpose as long as they can disable service, or
downgrade service performance by exhausting resources for providing services. Although it is
Impossible to enumerate all existing attack techniques, we describe several representatives network
based and host based attacks in this section to illustrate attack principles. Readers can also find
complementary information on DoS attacks in Handley et al. 2006 and Mirkovic et al. 2005.

Network Based Attacks

TCP SYN Flooding. DoS attacks often exploit stateful network protocols (Jian 2000, Shannon et al.
2002), because these protocols consume resources to maintain states. TCP SYN flooding is one of such
attacks and had a wide impact on many systems. When a client attempts to establish a TCP connection
to a server, the client first sends a SYN message to the server. The server then acknowledges by
sending a SYN-ACK message to the client. The client completes the establishment by responding with
an ACK message. The connection between the client and the server is then opened, and the service-
specific data can be exchanged between them. The abuse arises at the half-open state when the server
is waiting for the client’s ACK message after sending the SYN-ACK message to the client (CERT 1996).
The server needs to allocate memory for storing the information of the half-open connection. The
memory will not be released until either the server receives the final ACK message or the half-open
connection expires. Attacking hosts can easily create half-open connections via spoofing source IPs in
SYN messages or ignoring SYN-ACKs. The consequence is that the final ACK message will never be sent
to the victim. Because the victim normally only allocates a limited size of space in its process table, too
many half-open connections will soon fill the space. Even though the half-open connections will
eventually expire due to the timeout, zombies can aggressively send spoofed TCP SYN packets
requesting connections at a much higher rate than the expiration rate. Finally, the victim will be
unable to accept any new incoming connection and thus cannot provide services.

ICMP Smurf Flooding. ICMP is often used to determine if a computer in the Internet is responding. To
achieve this task, an ICMP echo request packet is sent to a computer. If the computer receives the
request packet, it will return an ICMP echo reply packet. In a smurf attack, attacking hosts forge ICMP
echo requests having the victim's address as the source address and the broadcast address of these
remote networks as the destination address (CERT 1998). As depicted in Figure 1, if the firewall or
router of the remote network does not filter the special 6/28
crafted packets, they will be delivered (broadcast) to all computers on that network. These computers
will then send ICMP echo reply packets back to the source (i.e., the victim) carried in the request
packets. The victim’s network is thus congested.

UDP Flooding. By patching or redesigning the implementation of TCP and ICMP protocols, current
networks and systems have incorporated new security features to prevent TCP and ICMP attacks.
Nevertheless, attackers may simply send a large amount of UDP packets towards a victim. Since an
intermediate network can deliver higher traffic volume than the victim network can handle, the flooding
traffic can exhaust the victim's connection resources. Pure flooding can be done with any type of
packets. Attackers can also choose to flood service requests so that the victim cannot handle all
requests with its constrained resources (i.e., service memory or CPU cycles). Note that UDP flooding is
similar to flash crowds that occur when a large number of users try to access the same server
simultaneously. However, the intent and the triggering mechanisms for DDoS attacks and flash crowds
are different.
Intermittent Flooding. Attackers can further tune their flooding actions to reduce the average flooding
rate to a very low level while achieving equivalent attack impacts on legitimate TCP connections. In
shrew attacks (Kuzmanovic et al. 2003), attacking hosts can flood packets in a burst to congest and
disrupt existing TCP connections. Since all disrupted TCP connections will wait a specific period (called
retransmission-time-out (RTO)) to retransmit lost packets, attacking hosts can flood packets at the next
RTO to disrupt retransmission. Thereby, attacking hosts can synchronize their flooding at the following
RTOs and disable legitimate TCP connections as depicted in Figure 2. Such collaboration among
attacking hosts not only reduces overall flooding traffic, but also helps avoid detection. Similar attack
techniques targeting services with congestion control mechanisms for Quality of Service (QoS) have
been discovered by Guirguis et al. (2005). When a QoS enabled server receives a burst of service
requests, it will temporarily throttle incoming requests for a period until previous requests have been
processed. Thus, attackers can flood requests at a pace to keep the server throttling the incoming
requests and achieve the DoS effect. Guirguis’s study showed that a burst of 800 requests can bring
down a web server for 200 seconds, and thereby the average flooding rate could be as low as 4
requests per second.
Experiment No. 3
Aim: Study of Sniffing and Spoofing attacks.

Packet sniffing and spoofing are the two important concepts in network security; they are two major
threats in network communication. Being able to understand these two threats is essential for
understanding security measures in networking. There are many packet sniffing and spoofing tools, such
as Wireshark, Tcpdump, Netwox, etc. Some of these tools are widely used by security experts, as well
as by attackers.Being able to use these tools is important for students, but what is more important for
students in a network security course is to understand how these tools work, i.e., how packet sniffing
and spoofing are implemented in software. The objective of this lab is for students to master the
technologies underlying most of the sniffing and spoofing tools.
Students will play with some simple sniffer and spoofing programs, read their source code, modify
them, and eventually gain an in-depth understanding on the technical aspects of these programs.

Spoofing is an active attack by one machine on another. A dishonest person with less-than-
honorable motives represents himself as being someone else or coming from somewhere else. The
spoofer appears to be familiar. It’s a way of gaining access that is otherwise denied to the individual.
Perhaps the person intends to cause problems or perhaps the individual just wants to have a look
around where he’s not supposed to be.

Sniffing refers to the use of software or hardware to watch data as it travels over the Internet. There
are some legitimate uses for the process. It is then called network analysis and helps network
administrators diagnose problems. In the hands of the wrong person, however, a sniffing program can
collect passwords and read email. Sniffing is considered a passive security attack, according to
TechiWarehouse.

What problems can result?

Sniffing means a loss of privacy for those on a network. Along with the loss of privacy goes a loss of
trust, which is necessary in many situations.

Sniffing can compromise the privacy of passwords. An Ethernet sniffer can easily detect
passwords.
Sniffing can allow unauthorized persons access to financial information, including account
numbers for banking and credit cards.
Sniffing private and confidential information contained in email is very common. Having an email
viewed by someone other than the intended recipient can cause problems ranging from
embarrassment to a breach of national security.
Sniffing can yield low-level protocol information. Anyone who is interested in attacking a network
will then have the needed information.
Prevention

New data suggests that there is no way to detect when your computer has been sniffed. They also
advise that while people can take measures to make sniffing difficult, it may be almost impossible to
totally prevent being sniffed.

Encryption helps. Replacing the hub with a switch may also add protection. Taking care when using public
Wi-Fi may also help reduce exposure.

Consumer Fraud Reporting adds that you can help protect against spoofing by following these
suggestions:

Don’t click on an email link that requests personal information, even if it looks like a
legitimate site.
Be suspicious of anyone asking for personal information.
Don’t send personal information or financial information through a Web site.

If you’ve been caught in a moment of carelessness and provided information you should not have,
such as passwords or personal identification, notify the companies you do business with right away to
put a fraud alert on your account. Also contact Consumer Fraud Reporting, a free service that helps
protect consumers against fraud.
Experiment No. 4
Aim: Study of Techniques uses for Web Based Password Capturing.

Many people don’t understand how easy it is for attackers to take advantage of weak passwords, and
therefore don’t use a password manager or other means to make their passwords stronger.
This post describes 9 common ways passwords get captured, roughly ordered from most to least
common. Proper use of a password manager can thwart some of these attacks and limit damages from
most other types of attacks.

1: You Hand it Over Voluntarily

People frequently hand over their passwords via phishing, other forms of social engineering, or when
a person or entity asks for temporary use of a password.

Protection: The simplest defense is to NEVER share your password for any account with any person,
organization, or web site. An additional good defense is to develop “net smarts” analogous to “street
smarts” to avoid phishing scams or other forms of social engineering. If you must temporarily share
your password (i.e. to import contacts into Facebook), then change your password immediately after
its temporary use is complete.

Damage Control: Your damages are limited to one account if you have a unique password for each
account. Immediately change the password of the affected account.

2: You Hand it Over Unknowingly

This overlaps with the previous attack. You think you are on the web site you intended but you
actually mistyped it by one character, you clicked a bad link to get there, or you were tricked by tab
napping. So you end up on a fake or spoof web site that looks legitimate. When you log in, it collects
your credentials then passes you on to the real site. A variation on this theme is an attack which
layers extra fields over a legitimate web site. You are tricked into typing private personal information
such as birthday, mother’s maiden name, social security number, etc. and then this information is
used to “recover” your account .

Protection: A good defense against this ploy is to only login to a web site by selecting it from your
password manager’s drop down menu (even if the tab was one you thought you opened yourself). This
will automatically log you in to the correct site, which the password manager stores. Another type of
defense is for your browser to use a security service that warns you when you might be about to open
a hazardous web site – but this may slow down browsing.

Damage Control: Your damages are limited to one account if you have a unique password for each
account. Immediately change the password of the affected account.
3: Mass Theft of Password Files
Most people don’t realize that user names and passwords routinely get stolen while your computer is
off and disconnected from the internet. How? Web sites with many users and weak security are prime
targets for attackers who want to steal a password file which lists all user names and passwords.
Recent examples include Monster.com and RockYou.com. While most sites do not store passwords as
clear text, many sites store passwords in a form that can be read using widely available rainbow table
software. For people who use the same password on many sites, the theft of this password on one site
can be the starting point for an attack on all of your accounts.

Protection: A simple and effective defense for users is to only use long, randomly generated
passwords. How long? 15 characters. Rainbow tables easily crack passwords 8 or fewer characters
long and in some cases up to 14 characters.

Damage Control: In the unlikely case that a rainbow table attack manages to crack one of your 15
character passwords, at least your damages will be limited to one account if you have a unique
password for each account. Change the password of any account that becomes compromised due to
mass theft.

4: Brute Force

Brute Force refers to discovering passwords through trial and error, similar to trying every possible
combination on a lock. The most well known form of brute force attack is for password cracking
software to methodically try millions of passwords on one specific user name on a specific account. A
typically weak password can be cracked in less than a day using this method.

Security conscious online vendors like banks or e-mail services provide some protection against such
brute force attempts by denying access if there are too many attempts per hour. However, different
forms of brute force can be used to get around these safeguards. A common example is software
which automatically logs in to millions of different accounts per day by combining popular user names,
passwords, and web sites (i.e. try password1 at [email protected], 123456 at [email protected], qwerty
at [email protected], etc.). As such methods become more widely adopted, it would not be
surprising if nearly all accounts with short user names and short passwords get compromised.

Brute force is also used as a supplementary attack after a first password is captured. For example, if the
password badpassword1 was captured by phishing, brute force can be used to try similar passwords on
other accounts.

Protection: Brute force attacks are highly unlikely to crack very strong passwords. So just use
strong passwords. I suggest randomized 15 character jumbles.

Damage Control: Your damages are limited to one account if you have a unique password for each
account. Immediately change the password of the affected account.
5: Eavesdropping: Keystroke Logger on Your Browser

Many people believe that nothing bad can happen to people who only visit safe, well respected sites.
They are wrong. Malicious JavaScript can be injected into any browser on any system, visiting any
web site. Keystroke logging is something that is done by some of these JavaScript injections. In most
browsers, malicious JavaScript can log keystrokes in all open tabs, until the browser is closed.
Usernames and passwords entered during the session can be captured this way.

Protection: Keystroke logging via browser is growing more common but is unfortunately one of the
more difficult threats to defend against. Defenses include:

Use Firefox in conjunction with the No Script extension. While this is a strong defense, the
overall complication of using No Script (popup, white lists, and blacklists) is more of a hassle
than the average Joe wants to deal with.

Some security suites attempt to defend against this threat with browser plug-ins, but these can
dramatically slow down browsing.

A simpler option is to only access the internet using the Google Chrome browser, which is
designed so that malicious JavaScript can be theoretically contained to a single tab. At least
other tabs will be safe.

Some password managers such as RoboForm enter passwords and usernames in a way which
most JavaScript keystroke loggers cannot intercept.

None of these suggestions are sure to stop browser-based keystroke loggers, but if you implement
one or more of these suggestions you’ll at least reduce your chances of getting your usernames and
passwords logged by malicious JavaScript. The only perfect defense is to not connect to the internet at
all.

Damage Control: Your damages are limited to logins captured while browsing, so long as you have a
unique password for each account. Immediately change the password of the affected accounts. If
using a browser-based or web-based password manager, you should also change your master
password.

6: Eavesdropping: Public Wi-Fi Monitoring

Passwords are frequently stolen on public computers and over public Wi-Fi connections, using free
Wi-Fi traffic monitoring software that is simple to operate.

Protection: Never log in to online accounts using a public computer. When using open Wi-Fi hot
spots, you should only log in with your own notebook with services that enforce secure log- ins and
sessions (HTTPS), perhaps using the Firefox Add-on HTTPS Everywhere to help. It is far safer to
access email and other accounts using your phone data service, if you have one.

Damage Control: If you discover that this type of attack has occurred, then you will need to change
the password for all of your accounts as well as your master password. If you know exactly when the
attack occurred, you can change passwords only for the accounts you used during that session.
Experiment No. 5
Aim: Study of Different attacks causes by Virus and Trojans.

Virus: The most potent and vulnerable threat of computer users is virus attacks. Virus attacks hampers
important work involved with data and documents. It is imperative for every computer user to be aware
about the software and programs that can help to protect the personal computers from attacks. One
must take every possible measure in order to keep the computer systems free from virus attacks. The
top sources of virus attacks are highlighted below:

Downloadable Programs
Cracked Software
Email Attachments
Internet
Booting From CD

Trojans: Trojan horse attacks pose one of the most serious threats to computer security. If you were
referred here, you may have not only been attacked but may also be attacking others unknowingly. This
page will teach you how to avoid falling prey to them, and how to repair the damage if you already did.
According to legend, the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak
into the fortified city of Troy. In today’s computer world, a Trojan horse is defined as a “malicious,
security-breaking program that is disguised as something benign”. For example, you download what
appears to be a movie or music file, but when you click on it, you unleash a dangerous program that
erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger
hijack your computer to commit illegal denial of service attacks.

The following general information applies to all operating systems, but by far most of the damage is
done to/with Windows users due to its vast popularity and many weaknesses. Linux, MacOS X, and
other operating systems are not as frequently infected, but they are far from immune.

Repairing the Damage

1. Anti-Virus Software: Some of these can handle most of the well known trojans, but
none are perfect, no matter what their advertising claims. You absolutely MUST make
sure you have the very latest update files for your programs, or else they will miss the
latest trojans. Compared to traditional viruses, today’s trojans evolve much quicker and
come in many seemingly innocuous forms, so anti-virus software is always going to be
playing catch up. Also, if they fail to find every trojan, anti-virus software can give you a
false sense of security, such that you go about your business not realizing that you are
still dangerously compromised. There are many products to choose from, but the
following are generally effective: AVP, PC-cillin, and McAfee Virus Scan. All are
available for immediate downloading typically with a 30 day free trial. For a more
complete review of all major anti-virus programs, including specific configuration
suggestions for each, see
 the Hack Fix Project’s anti-virus software page .When you are done, make sure you’ve updated
Windows with all security patches .
2. Anti-Trojan Programs: These programs are the most effective against trojan horse
attacks, because they specialize in trojans instead of general viruses. A popular choice is
The Cleaner, $30 commercial software with a 30 day free trial. To use it effectively when
you are done, make sure you’ve updated Windows with all security patches, then change
all your passwords because they may have been seen by every “hacker” in the world.
Experiment No. 6
Aim: Study of Anti-Intrusion Technique – Honey pot.

Anti-Intrusion Technique: The basic underlying principles of intrusion control and distill the universe
of anti-intrusion techniques into six high-level, mutually supportive approaches. System and network
intrusions may be prevented, preempted, deflected, deterred, detected, and/or autonomously
countered. This Anti-Intrusion Taxonomy (AINT) of anti-intrusion techniques considers less explored
approaches on the periphery of "intrusion detection" which are independent of the availability of a rich
audit trail, as well as better known intrusion detection techniques. Much like the Open Systems
Reference Model supports understanding of communications protocols by identifying their layer and
purpose, the authors believe this anti- intrusion taxonomy and associated methods and techniques help
clarify the relationship between anti-intrusion techniques described in the literature and those
implemented by commercially available products. The taxonomy may be used to assess computing
environments which perhaps already support Intrusion Detection System (IDS) implementations to help
identify useful complementary intrusion defense approaches.

Honey pot: In computer terminology, a honey pot is a trap set to detect, deflect, or, in some manner,
counteract attempts at unauthorized use of information systems. Generally, a honey pot consists of a
computer, data, or a network site that appears to be part of a network, but is actually isolated and
monitored, and which seems to contain information or a resource of value to attackers. This is similar to
the police baiting a criminal and then conducting undercover surveillance.

Honeypots can be classified based on their deployment and based on their level of involvement. Based on
deployment, honeypots may be classified as:

1. production honeypots
2. research honeypots
Production honeypots are easy to use, capture only limited information, and are used primarily by
companies or corporations; Production honeypots are placed inside the production network with other
production servers by an organization to improve their overall state of security.
Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give
less information about the attacks or attackers than research honeypots do.

Research honeypots are run to gather information about the motives and tactics of the Blackhat
community targeting different networks. These honeypots do not add direct value to a specific
organization; instead, they are used to research the threats organizations face and to learn how to better
protect against those threats.Research honeypots are complex to deploy and maintain, capture extensive
information, and are used primarily by research, military, or government organizations.
Experiment No. 7
Aim: Study of Symmetric Encryption Scheme – RC4.
RC4 Algorithm: RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variable
keysize stream cipher with byte-oriented operations. The algorithm is based on the use of a random
permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than
10100 [ROBS95]. Eight to sixteen machine operations are required per output byte, and the cipher can
be expected to run very quickly in software. RC4 was kept as a trade secret by RSA Security. In
September 1994, the RC4 algorithm was anonymously posted on the Internet on the Cypherpunks
anonymous remailers list.
The RC4 algorithm is remarkably simply and quite easy to explain. A variable-length key of
from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S, with
elements S[0], S[1], …, S[255]. At all times, S contains a permutation of all 8-bit numbers from 0
through 255. For encryption and decryption, a byte k (see Figure 1) is generated from S by selecting
one of the 255 entries in a systematic fashion. As each value of k is generated, the entries in S are
once again permuted.
Initialization of S
-5-
To begin, the entries of S are set equal to the values from 0 through 255 in ascending order; that is;
S[0] = 0, S[1] = 1, …, S[255] = 255. A temporary vector, T, is also created. If the length of the key K
is 256 bytes, then K is transferred to T. Otherwise, for a key of length keylen bytes, the first keylen
elements of T are copied from K and then K is repeated as many times as necessary to fill out T. These
preliminary operations can be summarized as follows:
/* Initialization */
for i = 0 to 255 do
S[i] = i;

T[i] = K[i mod keylen];

Next we use T to produce the initial permutation of S. This involves starting with S[0] and going
through to S[255], and, for each S[i], swapping S[i] with another byte in S according to a scheme
dictated by T[i]:
/* Initial Permutation of S */ j =
0;

for i = 0 to 255 do

j = (j + S[i] + T[i]) mod 256;

Swap (S[i], S[j]);
Because the only operation on S is a swap, the only effect is a permutation. S still contains all
the numbers from 0 through 255.
Stream Generation
Once the S vector is initialized, the input key is no longer used. Stream generation involves starting
with S[0] and going through to S[255], and, for each S[i], swapping S[i] with another byte in S
according to a scheme dictated by the current configuration of S. After S[255] is reached, the
process continues, starting over again at S[0]:
/* Stream Generation */ i,
j = 0;

-6-
while (true)

i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);

t = (S[i] + S[j]) mod

256; k = S[t];
To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the value k
with the next byte of ciphertext.
Experiment No. 8

Aim: Implementation of S-DES algorithm for data

encryption Procedure:
S-DES algorithm uses bit wise operation on message letters to encrypt the data so it is more
power full against the cryptanalysis attack. In this algorithm we will take 8-bits of the message at
a time and operate on it using the 10-bit key and two rounds of iteration as explain below
Algorithm to generate key
As there are two rounds we have to generate two keys from the given 10-bit key 1:
Apply permutation function P10 to 10 bit key
2: divide the result into two part each containing 5-bit L0 and L1 3:
apply Circular Left Shift to both L0 and L1
4: combine both L0 and L1 which will form out 10-bit number
5: apply permutation function P8 on result to select 8 out of 10 bits for key K1 (for the first
round)
6: again apply second Circular Left Shift to L0 and L1
7: combine the result, which will form out 10-bit number
8: apply permutation function P8 on result to select 8 out of 10 bits for key K2 (for the second
round)
Algorithm for Encryption
1: get 8 bit message text (M) applied it to Initial permutation function (IP) 2:
divide IP(M) into nibbles M0 and M1
3: apply function Fk on M0
4: XOR the result with M1 (M1 (+) Fk(M0))
5: Swap the result with M1 (i.e. make M1 as lower nibble (M0) and result as higher
nibble (M1))
6: repeat the step 1 to 4 (go for the next round)
7: apply (IP-1) on the result to get the encrypted data
Algorithm for function Fk
1: give the 4-bit input to EP (Expansion function) the result will be a 8-bit expanded data 2:
XOR the 8-bit expanded data with 8-bit key (K1 for the first round and K2 for the second
round)
2: divide result into upper (P1) and lower (P2) nibble
3: apply compression function S0 to P0 and S1 to P1, which will compress the 4-bit input to 2-
bit output
4: combine 2-bit output from S0 and S1 to form a 4-bit digit
5: apply permutation function P4 to 4-bit result
Functions
P10 = 3 5 2 7 4 10 1 9 8 6
P8 = 6 3 7 4 8 5 10 9
P4 = 2 4 3 1
IP = 2 6 3 1 4 8 5 7

IP-1 = 4 1 3 5 7 2 8 6
Experiment No. 9

Aim: Implementation of Asymmetric Encryption Scheme – RSA.

The RSA algorithm was invented by Ronald L. Rivest, Adi Shamir, and Leonard Adleman in 1977 and
released into the public domain on September 6, 2000.
Public-key systems–or asymmetric cryptography–use two different keys with a mathematical
relationship to each other. Their protection relies on the premise that knowing one key will not help you
figure out the other. The RSA algorithm uses the fact that it’s easy to multiply two large prime numbers
together and get a product. But you can’t take that product and reasonably guess the two original
numbers, or guess one of the original primes if only the other is known. The public key and private keys
are carefully generated using the RSA algorithm; they can be used to encrypt information or sign it.

Key generation
1) Pick two large prime numbers p and q, p != q;
2) Calculate n = p × q;
3) Calculate ø (n) = (p − 1)(q − 1);
4) Pick e, so that gcd(e, ø (n)) = 1, 1 < e < ø (n);
5) Calculate d, so that d · e mod ø (n) = 1, i.e., d is the multiplicative inverse of e in mod ø (n);
6) Get public key as KU = {e, n};
7) Get private key as KR = {d, n}.

Encryption
For plaintext block P < n, its ciphertext C = P^e (mod n).
Decryption
For ciphertext block C, its plaintext is P = C^d (mod n).

/* C program for the Implementation Of RSA Algorithm Encrypt the text

data and Decrypt the same */

#include<stdio.h>
#include<conio.h>
int phi,M,n,e,d,C,FLAG;

int check()
{
int i;
for(i=3;e%i==0 && phi%i==0;i+2)
{
FLAG = 1;
return;
}
FLAG = 0;
}

void encrypt()
{
int
i;
C
=
1;
for(i=0;i< e;i++) C=C*M
%n;
C = C%n;
printf(“\n\tEncrypted keyword : %d”,C);
}

void decrypt()
{
int
i;
M
=
1;
for(i=0;i<
d;i++)
M=M*C%n;
M = M%n;
printf(“\n\tDecrypted keyword : %d”,M);
}

void main()
{
int p,q,s;
clrscr();
printf(“Enter Two Relatively Prime Numbers\t: “);
scanf(“%d%d”,&p,&q);
n = p*q;
phi=(p-1)*(q-1);
printf(“\n\tF(n) phi value\t=
%d”,phi); do
{
printf(“\n\nEnter e which is prime number and less than phi \t: “,n);
scanf(“%d”,&e);
check();
}
while(FLAG==1);
d = 1;
do
{
s = (d*e)
%phi; d++;
}while(s!
=1); d = d-
1;
printf(“\n\tPublic Key\t: {%d,%d}”,e,n);
printf(“\n\tPrivate Key\t: {%d,%d}”,d,n);
printf(“\n\nEnter The Plain Text\t: “);
scanf(“%d”,&M);
Information Security (IT-801) Jan-Jun 2021

encrypt();
printf(“\n\nEnter the Cipher text\t: “);
scanf(“%d”,&C);
decrypt();
getch();
}

Laboratory File
Department of Information Technology
Oriental Institute of Science & Technology, Bhopal
Information Security (IT-801) Jan-Jun 2021

Experiment
No. 10
Aim: Study of IP based Authentication.

IP security refers to security mechanisms implemented at the IP (Internet Protocol) Layer to ensure
integrity, authentication and confidentiality of data during transmission in the open Internet
environment. The primary objective of recent work in this area, mainly by members in the IETF IP
Security (IPsec) working group is to improve the robustness of the cryptographic key-based security
mechanisms at IP layer for users who request security.

How can IP Security be achieved?

Currently, there are two specific headers that can be attached to IP packet to achieve security. They
are the IP Authentication Header (AH) and the IP Encapsulating Security Payload (ESP) header.

If confidentiality is not required, the Authentication Header (AH) alone can provide security (in this case,
connectionless data integrity and data origin authentication) to IP datagram. The implementation can be
host-host, host-gateway or gateway-gateway. But only host-host implementation is encouraged. The
reason is that, in the case that security gateway provides security service for the trusted hosts behind
the gateway, The security attack can still arise when the trusted hosts become untrusted. In other words
the security can be violated for two communicating end user if the security (without confidentiality) does
not cover completely the communicating path, but instead stop at the gateway, even though SA is
established. Certainly in any kind of implementation, the untrusted systems (i.e., the systems that don't
have the SA established) can't have the ability to attack data authentication (always referring to both
data integrity and data origin authentication).

The IP Encapsulating Security Payload (ESP) header provides integrity, authentication, and
confidentiality to IP datagram. It can provide a mix of optional security. ESP header can be applied
alone, in combination with the IP Authentication Header (AH), or in a nested way, e. g. by using Tunnel-
mode. The ESP header implementation can be host-host, host-gateway, or gateway-gateway. The ESP
header is inserted after the IP header and before a higher-level protocol header (Transport-mode) or the
encapsulated IP header (Tunnel-mode). Gateway-to- gateway ESP implementation, using
encryption/decryption , is critical for building Private Virtual Networks (PVN) across an untrusted
backbone in an open environment such as the Internet.

Laboratory File
Department of Information Technology
Oriental Institute of Science & Technology, Bhopal