SC Lab Manual-1
SC Lab Manual-1
SECURED COMPUTING
Lab Record (212CSE3305)
Register Number:……………………………………………………...
Section :………………………………………………………
1
BONAFIDECERTIFICATE
StaffIn-charge
REGISTERNUMBER
1
TABLE OF CONTENTS
S.NO DATE TITLE OF THE Aim & Program Output Total SIGN
PROGRAM Algorithm (20 & Viva (50
(10 Marks) (20 Marks)
Marks) marks)
1 Implementation of Caesar Cipher
10 Intrusion Detection/Prevention
System with Snort
11 Defeating Malware - Building
Trojans
12 Defeating Malware - Rootkit Hunter
2
EX.NO:1
Implementation of Caesar Cipher
Aim:
To implements a Caesar cipher, a type of substitution cipher, which replaces each letter in
a message with another letter based on a fixed shift value.
Algorithm:
1) Define Function:
3
Program:
4
Output:
Result:
5
EX.NO:2
Basic Monoalphabetic Cipher
Aim:
To implements a basic monoalphabetic cipher, a type of substitution cipher, which
replaces each letter in a message with another letter based on a fixed shift value.
Algorithm:
1) Define generate_cipher_key Function:
Input: shift (integer)
Initialize alphabet as a string containing 'abcdefghijklmnopqrstuvwxyz'.
Create shifted_alphabet by shifting alphabet by shift positions.
Create a dictionary key by mapping each character in alphabet to the
corresponding character in shifted_alphabet.
Return key.
2) Define encrypt Function:
Input: message (string), key (dictionary)
Initialize an empty string encrypted_message.
Loop through each character char in message:
If char is alphabetic:
If char is lowercase, append key[char] to encrypted_message.
If char is uppercase, append key[char.lower()].upper() to
encrypted_message.
Else, append char to encrypted_message.
Return encrypted_message.
3) Define decrypt Function:
Input: ciphertext (string), key (dictionary)
Create reverse_key by reversing the key dictionary.
Initialize an empty string decrypted_message.
Loop through each character char in ciphertext:
If char is alphabetic:
If char is lowercase, append reverse_key[char] to decrypted_message.
If char is uppercase, append reverse_key[char.lower()].upper() to
decrypted_message.
Else, append char to decrypted_message.
Return decrypted_message.
4) Define main Function:
Prompt user to input shift value.
Generate key using generate_cipher_key(shift).
Prompt user to choose between encryption and decryption (e or d).
6
If the user chooses 'e':
Prompt for the plaintext message.
Encrypt the plaintext using encrypt(plaintext, key).
Print the encrypted message.
If the user chooses 'd':
Prompt for the ciphertext message.
Decrypt the ciphertext using decrypt(ciphertext, key).
Print the decrypted message.
If the user inputs an invalid choice, print an error message.
If this script is run as the main module, call the main function.
Program:
7
Output:
Result:
8
EX.NO:3
Message Authentication Code
Aim:
To calculate the messages digest of a text using the SHA-1 algorithm and thereby
verifying data integrity
Algorithm:
1) Import Hashlib Module:
9
Print the hexadecimal equivalent.
Program:
10
Output:
Result:
11
EX.NO:4
Data Encryption Standard
Aim:
To implement a symmetric-key block cipher algorithm known as Data Encryption
Standard (DES).
Algorithm:
Initialize a dictionary that maps each hexadecimal digit to its 4-bit binary equivalent.
Initialize an empty string for the binary result.
For each character in the input hexadecimal string:
o Append the corresponding binary string from the dictionary to the result.
Return the binary result.
Initialize a dictionary that maps each 4-bit binary string to its hexadecimal
equivalent.
Initialize an empty string for the hexadecimal result.
For each group of 4 bits in the input binary string:
o Append the corresponding hexadecimal character from the dictionary to
the result.
Return the hexadecimal result.
Convert the decimal number to its binary representation using Python's bin
function and remove the "0b" prefix.
If the length of the binary result is not a multiple of 4, pad with leading zeros to
make it a multiple of 4.
12
5) Permute Function (permute):
9) Key Generation:
13
o Append the round key in both binary and hexadecimal form to the round key lists.
Program:
14
15
16
Output:
17
Result:
18
EX.NO:5
Advanced Encryption Standard
Aim:
To understand the need of highly secured symmetric encryption algorithm known as
Advanced Encryption Standard (AES)
Algorithm:
1. Import Libraries:
o AES for AES encryption/decryption.
o get_random_bytes to generate a random key.
o pad and unpad to ensure data is of a valid block size.
2. Encrypt Function:
o Creates a new AES cipher object in CBC mode.
o Pads the data to be a multiple of the block size.
o Encrypts the padded data.
o Returns the initialization vector (IV) and the ciphertext.
3. Decrypt Function:
o Creates a new AES cipher object with the same IV.
o Decrypts the ciphertext.
o Unpads and decodes the decrypted data.
4. Example Usage:
o Generates a random 16-byte key.
o Encrypts a sample message.
o Prints the ciphertext in hexadecimal format.
o Decrypts the ciphertext.
o Prints the decrypted message.
Input
The input for the code consists of the plaintext message that you want to encrypt. In the example
provided, the input message is hardcoded as "This is a secret message."
Output
The output of the code will consist of the ciphertext (in hexadecimal format) and the decrypted
message.
Example
Let's break down the expected output when running the code:
19
1. Encrypted Ciphertext: The encrypted version of the plaintext message, displayed in
hexadecimal format.
2. Decrypted Data: The original message after decrypting the ciphertext
Program:
20
21
Output:
Result:
22
EX.NO:6
Asymmetric Key Encryption
Aim:
To implement the popular asymmetric key algorithm Rivest,Shamir ,Adleman (RSA)
Algorithm:
1) Input:
Two prime numbers p and q.
A plaintext message .
Calculate n:
n=p*q
For p=53 and q=59, n = 53 * 59 = 3127
23
Print the decrypted message mes
mes = (ct ** d) % n
For ct=1394, mes = (1394 ** 2011) % 3127 = 89
Program:
24
Result:
25
EX.NO:7
Secure Key exchange
Aim:
To securely exchange the crypto graphic keys over Internet to implement Diffie- Hellman
key exchange mechanism
Algorithm:
1. Input:
p: A prime number.
g: A primitive root of p.
The user is prompted to enter a prime number p and a number g (which is
a primitive root of p).
2. Initialize Classes:
o Class A: Represents Alice and Bob.
init : Generate a random private number n for Alice/Bob.
publish: Calculate and return the public value g^n % p.
compute_secret: Compute the shared secret (gb^n) % p using
another party's public value gb.
Represents Alice and Bob.
Generates a random private number n.
Computes and returns the public value using publish.
Computes the shared secret using compute_secret.
3. Create Instances:
Create an instance of A for Alice.
Create an instance of A for Bob.
Create an instance of B for Eve.
Instances of A are created for Alice and Bob.
26
An instance of B is created for Eve.
Private numbers selected by Alice, Bob, and Eve are printed.
Public values are generated and printed.
Shared secrets are computed and printed.
Program:
27
28
Output:
Result:
29
EX.NO:8
Digital Signature Generation
Aim:
To authenticate a message sent over the Internet using digital signature mechanism
Algorithm:
1) Generate RSA Keys:
The RSA key pair (private and public keys) is generated with a
keysize of 2048 bits.
The keys are saved to files private.pem and public.pem.
30
Example Usage:
The message "This is a secret message." is signed with the private key.
The signature is printed in hexadecimal format.
The signature is verified with the public key, and the result is printed.
Program:
31
32
Output:
Result:
33
EX.NO:9
Implementation of Mobile Security
Aim:
To implements basic mobile security functionalities such as scanning for known
malicious apps, encrypting and decrypting sensitive data, monitoring network traffic, and
authenticating users.
Algorithm:
1) Import Required Libraries
Import hashlib, os, socket, ssl, base64, and Fernet from cryptography.fernet.
Import getpass for password input.
2) Define Known Malicious App Hashes
34
Input: host (hostname or IP address), port (port number)
Create a default SSL context with ssl.create_default_context().
Create a TCP connection to host and port using socket.create_connection().
Wrap the socket with SSL/TLS using context.wrap_socket() and
server_hostname=host.
Print the negotiated SSL/TLS version (ssock.version()).
9) authenticate_user(username, password, stored_hash)
35
36
Output :
Result:
37
EX.NO:10
Intrusion Detection/Prevention System with Snort
Aim:
To Configure Snort to monitor network traffic, detect intrusion attempts, log them, and
report when an intrusion attempt is detected.
Algorithm /Program:
1. Install Snort
Update your system:
bash
sudo apt-get update
Install necessary dependencies:
bash
sudo apt-get install -y build-essential libpcap-dev libpcre3-dev
libdumbnet-dev bison flex
Download and install Snort:
bash
wget https://www.snort.org/downloads/snort/snort-2.9.17.tar.gz
tar -xzvf snort-2.9.17.tar.gz
cd snort-2.9.17
./configure
make
sudo make install
Verify Snort installation:
bash
snort -V
2. Configure Snort
Create necessary directories:
bash
sudo mkdir /etc/snort
sudo mkdir /etc/snort/rules
sudo mkdir /etc/snort/preproc_rules
sudo mkdir /var/log/snort
sudo mkdir /usr/local/lib/snort_dynamicrules
3. Copy configuration files:
bash
sudo cp etc/* /etc/snort
sudo cp src/dynamic-preprocessors/build/usr/local/
lib/snort_dynamicpreprocessor/*
/usr/local/lib/snort_dynamicpreprocessor/
4.Download and update the rule set:
bash
wget https://www.snort.org/rules/snortrules-
snapshot-29170.tar.gz -O /tmp/snortrules-
38
snapshot.tar.gz
tar -xzvf /tmp/snortrules-snapshot.tar.gz -C
/etc/snort/rules
5.Edit the Snort configuration file:
Open /etc/snort/snort.conf in a text editor:
bash
sudo nano /etc/snort/snort.conf
1. Set the following variables:
plaintext
ipvar HOME_NET any
ipvar EXTERNAL_NET any
var RULE_PATH /etc/snort/rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
output unified2: filename snort.u2, limit 128
2.Include rules:
plaintext
include $RULE_PATH/local.rules
3. Create a Local Rule File
Create local.rules file:
bash
sudo nano /etc/snort/rules/local.rules
4.Add a sample rule:
plaintext
alert icmp any any -> $HOME_NET any (msg:"ICMP Packet Detected";
sid:1000001; rev:001;)
5. Run Snort
Test Snort configuration:
bash
sudo snort -T -c /etc/snort/snort.conf
6. Run Snort in intrusion detection mode:
bash
sudo snort -A console -q -c /etc/snort/snort.conf -i eth0
Replace eth0 with the appropriate network interface.
7. Generate and Test Intrusion Detection
Generate network traffic:
Use ping or other network utilities to generate traffic.
For example:
bash
ping -c 4 8.8.8.8
Check Snort alerts:
Snort should display alerts on the console for detected ICMP packets as specified in local.rules.
8. Log and Report Intrusion Attempts
Configure logging in snort.conf:
39
Ensure the following line is present for unified2 logging:
plaintext
Copy code
output unified2: filename snort.u2, limit 128
Analyze logs:
Install Barnyard2 to process Snort logs:
bash
sudo apt-get install -y barnyard2
Configure Barnyard2 to read Snort's unified2 logs and output to a database or other formats.
Start Barnyard2:
bash
sudo barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo
9. Automate Snort and Barnyard2 Startup
Create a systemd service for Snort:
bash
sudo nano /etc/systemd/system/snort.service
Add the following content:
plaintext
[Unit]
Description=Snort NIDS Daemon
After=network.target
[Service]
ExecStart=/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
Enable and start the service:
bash
sudo systemctl enable snort
sudo systemctl start snort
Create a systemd service for Barnyard2:
bash
sudo nano /etc/systemd/system/barnyard2.service
Add the following content:
plaintext
[Unit]
Description=Barnyard2 Daemon
After=network.target
[Service]
ExecStart=/usr/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -w
/var/log/snort/barnyard2.waldo
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
40
Restart=on-failure
[Install]
WantedBy=multi-user.target
Enable and start the service:
bash
sudo systemctl enable barnyard2
sudo systemctl start barnyard2
Result:
41
EX.NO:11
DEFEATING MALWARE - BUILDING TROJANS
Aim:
To build a Trojan and know the harmness of the Trojan malwares in a computer
system.
Algorithm:
TROJAN:
In computing, a Trojan horse,or Trojan, is any malware which
misleads users of itstrue intent.
Trojans are generally spread by some form of social engineering, for
example where a user is duped into executing an email attachment
disguised to appear not suspicious, (e.g., a routine form to be filled in),
or by clicking on some fake advertisement on social media or anywhere
else.
Although their payload can be anything, many modern forms act
as a backdoor, contacting a controller which can then have
unauthorized access to the affected computer.
Trojans may allow an attacker to access users' personal information
such as bankinginformation, passwords, or personal identity.
Example: Ransomware attacks are often carried out using a trojan.
42
Setting Up a Safe Environment
1. Isolate the VM: Ensure the VM network settings are set to "Host-only" or disconnected
to prevent any potential spread.
2. Take a Snapshot: Before starting, take a snapshot of your VM. This allows you to revert
to a clean state if needed.
batch
@echo off
:x
start mspaint
start notepad
start cmd
start explorer
start control
start calc
goto x
43
Stopping the Script
Program:
44
Output:
Result:
45
EX.NO:12
DEFEATING MALWARE - ROOTKIT HUNTER
Aim:
To install a rootkit hunter and find the malwares in a computer.
Algorithm:
ROOTKIT HUNTER:
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits,
backdoors andpossible local exploits.
It does this by comparing SHA-1 hashes of important files with known
good ones in online databases, searching for default directories (of
rootkits), wrong permissions, hidden files, suspicious strings in kernel
modules, and special tests for Linux and FreeBSD.
rkhunter is notable due to its inclusion in popular operating systems
(Fedora, Debian,etc.)
The tool has been written in Bourne shell, to allow for portability. It can
run on almostall UNIX-derived systems.
Step 1
Visit GMER's website (see Resources) and download the GMER executable.
46
Click the "Download EXE" button to download the program with a random file
name, assome rootkits will close “gmer.exe” before you can open it.
Step 2
47
Step 3
When the program completes its scan, select any program or file listed in red.
Right-click it and select "Delete."
If the red item is a service, it may be protected. Right-click the service and
select "Disable." Reboot your computer and run the scan again, this time
selecting "Delete" when that serviceis detected.
When your computer is free of Rootkits, close the program and restart your PC.
RESULT:
48
EX.NO:13
Implement Database Security
Aim:
Algorithm / Program:
1. Install Microsoft SQL Server: Ensure that Microsoft SQL Server is installed on your
Windows machine. You can download it from the Microsoft SQL Server website.
2. Install SQL Server Management Studio (SSMS): This is a graphical tool for managing
SQL Server instances. You can download it from the SSMS download page.
Step-by-Step Guide :
This environment involves several steps. Here, we'll use Microsoft SQL Server as an example
database management system to demonstrate how to set up and secure a database on Windows.
Unauthorized access
SQL injection attacks
Privilege escalation
Data breaches due to weak authentication
Insider threats
Access control involves defining who can access the database and what actions they can
perform. This is typically done using roles and permissions.
sql
49
2. Create Users and Roles:
o Create a user with administrative privileges:
sql
USE SecureDB;
CREATE LOGIN admin_user WITH PASSWORD = 'StrongPassword';
CREATE USER admin_user FOR LOGIN admin_user;
EXEC sp_addrolemember 'db_owner', 'admin_user';
GO
sql
USE SecureDB;
CREATE LOGIN read_only_user WITH PASSWORD = 'ReadOnlyPassword';
CREATE USER read_only_user FOR LOGIN read_only_user;
EXEC sp_addrolemember 'db_datareader', 'read_only_user';
GO
3. Implementing Authentication
Authentication ensures that only authorized users can access the database.
sql
Copy code
ALTER LOGIN admin_user WITH CHECK_POLICY = ON,
CHECK_EXPIRATION = ON;
ALTER LOGIN read_only_user WITH CHECK_POLICY = ON,
CHECK_EXPIRATION = ON;
50
3. Configure SQL Server for Mixed Mode Authentication (if needed):
o Open SQL Server Configuration Manager.
o Navigate to SQL Server Services.
o Right-click on the SQL Server instance and select Properties.
o In the Security tab, choose SQL Server and Windows Authentication mode.
o Restart the SQL Server service for the changes to take effect.
sql
CREATE SERVER AUDIT AuditTest
TO FILE (FILEPATH = 'C:\Audit\');
ALTER SERVER AUDIT AuditTest WITH (STATE = ON);
GO
CREATE DATABASE AUDIT SPECIFICATION AuditSpec
FOR SERVER AUDIT AuditTest
ADD (SELECT ON DATABASE::SecureDB BY read_only_user),
ADD (SELECT, INSERT, UPDATE, DELETE ON DATABASE::SecureDB BY
admin_user);
ALTER DATABASE AUDIT SPECIFICATION AuditSpec WITH (STATE =
ON);
GO
51
Output :
52
Result:
53
EX.NO:14
Implement Encryption and Integrity Control-Database Security
Aim:
Algorithm /Program:
1. Microsoft SQL Server: Ensure that SQL Server is installed on your Windows system.
2. SQL Server Management Studio (SSMS): Ensure SSMS is installed for managing the
SQL Server instance.
Transparent Data Encryption (TDE) helps protect data at rest by encrypting the database files.
This ensures that the database files are not readable if accessed directly from the disk.
sql
USE master;
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD =
'StrongPasswordForMasterKey';
GO
2. Create a Certificate
sql
USE master;
GO
CREATE CERTIFICATE TDE_Cert WITH SUBJECT = 'TDE Certificate';
GO
54
The database encryption key is used to encrypt the database.
sql
USE SecureDB;
GO
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER CERTIFICATE TDE_Cert;
GO
sql
ALTER DATABASE SecureDB
SET ENCRYPTION ON;
GO
5. Verify Encryption
sql
USE SecureDB;
GO
SELECT name, is_encrypted
FROM sys.databases
WHERE name = 'SecureDB';
GO
Expected Output:
2. Column-Level Encryption
Column-level encryption provides fine-grained control over the encryption of specific data
within a table.
sql
USE SecureDB;
GO
CREATE SYMMETRIC KEY SymmetricKey
WITH ALGORITHM = AES_256
ENCRYPTION BY CERTIFICATE TDE_Cert;
GO
55
2. Encrypt Data in a Table
o Create a table and insert some data:
sql
CREATE TABLE SensitiveData (
ID INT PRIMARY KEY,
SensitiveInfo VARBINARY(MAX)
);
GO
sql
OPEN SYMMETRIC KEY SymmetricKey
DECRYPTION BY CERTIFICATE TDE_Cert;
Expected Output:
Implementing data integrity controls ensures that the data is not tampered with and maintains its
accuracy and consistency.
sql
CREATE TABLE DataIntegrity (
56
ID INT PRIMARY KEY,
OriginalData NVARCHAR(255),
DataHash VARBINARY(64)
);
GO
sql
INSERT INTO DataIntegrity (ID, OriginalData, DataHash)
VALUES (1, 'Important Data', HASHBYTES('SHA2_256', 'Important Data'));
GO
sql
DECLARE @OriginalData NVARCHAR(255);
DECLARE @Hash VARBINARY(64);
2. Expected Output:
o Data integrity verified. Should be printed if the data has not been altered.
57
Output:
Result:
58