CCS354

NETWORK SECURITY
LABORATORY
(Lab Manual)
R-2021
V Semester
Department of Computer Science and
Engineering
 Index

s.no Date List of experiments Pgno marks sign

 Ex No 1 Implement symmetric key algorithms

Aim:
To Implement symmetric key algorithms using python.
Algorithm:
1. Create an instance of the AES Example class.
2. Set the original Val string that you want to encrypt.
3. Call the encrypt method with the original value.
4. Call the decrypt method with the encrypted value.
5. Print the original value, encrypted value, and decrypted value to the
console.

Program:
pip install PyCryptodome
Now, let's create a simple script that demonstrates symmetric key
encryption and decryption using AES:
from Crypto. Cipher import AES
from Crypto. Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad
def generate_key():
return get_random_bytes(16) # 16 bytes for AES-128, you can
use 24 or 32 for AES-192 or AES-256
def encrypt(message, key):
cipher = AES.new(key, AES.MODE_CBC)
ciphertext = cipher.encrypt(pad(message.encode('utf-8'),
AES.block_size))
return cipher.iv + ciphertext
def decrypt(ciphertext, key):
 iv = ciphertext[:AES.block_size]
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted_message =
unpad(cipher.decrypt(ciphertext[AES.block_size:]),
AES.block_size)
return decrypted_message.decode('utf-8')
# Example usage:
key = generate_key()
message_to_encrypt = "Hello, symmetric key encryption!"
# Encryption
encrypted_message = encrypt(message_to_encrypt, key)
print("Encrypted:", encrypted_message)
# Decryption
decrypted_message = decrypt(encrypted_message, key)
print("Decrypted:", decrypted_message)

OUTPUT
Original value: AES Encryption
Encrypted value: V5E9I52IxhMaW4+hJhl56g
Decrypted value: AES Encryption

Result:
Thus to implement symmetric key algorithms using python is
written and implemented.
Ex no 2: Implement asymmetric key algorithms and
key exchange algorithms

Aim:
To Implement asymmetric key algorithms and key exchange
algorithms using python.
Algorithm:
1. Choose two prime numbers p and q.
2. Calculate n = p * q, which is part of the public key.
3. Choose a public exponent e such that it is coprime with (p-1) * (q-1)
(denoted as phi).
4. Find a private exponent d such that (d * e) % phi = 1. n and e form the
public key, while n and d form the private key.
5. Choose a message msg to be encrypted.
6. Encrypt the message using the public exponent e and modulus n.
7. Decrypt the ciphertext c using the private exponent d and modulus n.
8. Print the original message, encrypted data, and the decrypted original
message.
9. Function to calculate the greatest common divisor (GCD) of two numbers
Program:
Asymmetric key algorithm:
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
# Generate key pair
key_pair = RSA.generate(2048)
# Get public and private keys
public_key = key_pair.publickey()
private_key = key_pair.export_key()
# Example encryption and decryption
message_to_encrypt = "Hello, asymmetric encryption!"
cipher = PKCS1_OAEP.new(public_key)
ciphertext = cipher.encrypt(message_to_encrypt.encode('utf-8'))
decipher = PKCS1_OAEP.new(key_pair)
decrypted_message = decipher.decrypt(ciphertext)
print("Encrypted:", ciphertext)
print("Decrypted:", decrypted_message.decode('utf-8'))

Output:
Message data = 12.000000
Encrypted data = 3.000000
Original Message Sent = 12.000000

Key exchange algorithm:

from Crypto.PublicKey import DSA
from Crypto.Protocol.KDF import scrypt
from Crypto.Cipher import AES
alice_key = DSA.generate(2048)
alice_public_key = alice_key.publickey()
# Bob's side
bob_key = DSA.generate(2048)
bob_public_key = bob_key.publickey()

# Key exchange
alice_shared_key = alice_key.keygen(bob_public_key.y)
bob_shared_key = bob_key.keygen(alice_public_key.y)
# Derive a symmetric key from the shared key
symmetric_key = scrypt(str(alice_shared_key), str(bob_shared_key),
32, N=2**14, r=8, p=1)
# Eg encryption and decryption using the derived symmetric key
message_to_encrypt = "Hello, key exchange!"
cipher = AES.new(symmetric_key, AES.MODE_EAX)
ciphertext, tag =
cipher.encrypt_and_digest(message_to_encrypt.encode('utf-8'))
print("Encrypted:", ciphertext)
print("Tag:", tag)
decipher = AES.new(symmetric_key, AES.MODE_EAX,
nonce=cipher.nonce)
decrypted_message = decipher.decrypt_and_verify(ciphertext, tag)
print("Decrypted:", decrypted_message.decode('utf-8'))

Output:
The value of P : 23
The value of G : 9
The private key a for Alice : 4
The private key b for Bob : 3
Secret key for the Alice is : 9
Secret Key for the Bob is : 9

Result:
Thus to implement asymmetric key algorithms and key
exchange algorithm using python is written and implemented.
 Ex no:3 Implement digital signature schemes

Aim:
To Implement digital signature schemes using python.
Algorithm:
1. Declare the class and required variables.
2. Create the object for the class in the main program.
3. Access the member functions using the objects.
4. Implement the SIGNATURE SCHEME - Digital Signature Standard.
5. It uses a hash function.
6. The hash code is provided as input to a signature function along with a
random number K generated for the particular signature.
7. The signature function also depends on the sender s private key.
8. The signature consists of two components.
9. The hash code of the incoming message is generated.
10.The hash code and signature are given as input to a verification function

Program:
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
# Generate key pair
key_pair = RSA.generate(2048)
private_key = key_pair.export_key()
public_key = key_pair.publickey()
# Example data to be signed
data_to_sign = "This is the data to be signed."
# Sign the data
hash_object = SHA256.new(data_to_sign.encode('utf-8'))
signature = pkcs1_15.new(key_pair).sign(hash_object)
print("Data:", data_to_sign)
print("Signature:", signature)
# Verify the signature
verification_hash_object = SHA256.new(data_to_sign.encode('utf-8'))
try:
pkcs1_15.new(public_key).verify(verification_hash_object,
signature)
print("Signature is valid.")
except (ValueError, TypeError):
print("Signature is invalid.")

Output:
C:\Security Lab New\programs>javac dsaAlg.java
C:\Security Lab New\programs>java dsaAlg
public key components are:

p is: 10601 q

is: 53 g is:

6089 secret

information

are:

x(private) is:6

k (secret) is: 3
y (public) is:

1356 h

(rndhash) is:

12619

Result:
Thus to implement digital signature schemes using python is
written and executed.
Ex no:4 Installation of Wire shark, tcpdump and observe
data transferred in client-server communication using
UDP/TCP and identify the UDP/TCP datagram.

Aim:
To Install Wire shark, tcpdump and observe data transferred in client-
server communication using UDP/TCP and identify the UDP/TCP
datagram.
Procedure:
To observe data transferred in client-server communication using
UDP/TCP and identify the UDP/TCP datagram, you can follow these
steps:

Step1: install tcpdump and wireshark

For windows
Download from its official website:
https://www.wireshark.org/download.html

Step2: capture network traffic

1. Open Wireshark.
2. Start capturing on the network interface you are interested in
(e.g., Ethernet, Wi-Fi).
3. Reproduce the client-server communication that involves
UDP/TCP.
4. Stop the capture in Wireshark.
Step3: Analyse captured traffic

1. In Wireshark, you will see a list of captured packets.

2. Use display filters to narrow down the results. For example, to
filter TCP traffic, use tcp in the filter bar. Similarly, use udp for
UDP traffic.
3. Examine the packets to identify UDP or TCP datagrams. You can
inspect the details of each packet to see source and destination
addresses, ports, and the payload.

Result:
Thus Wire shark, tcpdump is installed and data transferred
in client-server communication using UDP/TCP is observed and
identified.
Ex no:5 Check message integrity and confidentiality
using SSL
Aim:
To Check message integrity and confidentiality using SSL.

SERVER ALGORITHM :

1. Set the path to the server's keystore and trust store files.
2. Create an SSL server socket using the default SSL server socket factory.
3. Wait for a client connection by accepting incoming connections on the SSL
server socket.
4. Once a client connects, create an SSL socket for communication.
5. Set up input and output streams for reading from and writing to the SSL
socket. 6. Read the incoming message from the client.
7. Process the received message (perform any necessary operations).
8. Prepare a response message.
9. Write the response message to the output stream to send it back to the client.
10. Close the input/output streams and the SSL socket.
11. Close the SSL server socket.

CLIENT ALGORITHM :

1. Set the path to the client's keystore and truststore files.

2. Create an SSL socket factory using the default SSL socket factory.
3. Create an SSL socket and connect to the server.
4. Set up input and output streams for reading from and writing to the SSL
socket.
5. Prepare a message to send to the server.
6. Write the message to the output stream to end it to the server.
7. Read the response message from the server.
8. Process the received response (perform any necessary operations).
9. Close the input/output streams and the SSL socket.
Program:

Server:
import socket
import ssl
# Create a socket
server_socket=socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
server_socket.bind(('localhost', 12345))
server_socket.listen(1)
# Accept a connection and wrap it with TLS
print("Waiting for a connection...")
client_socket, addr = server_socket.accept()
ssl_socket = ssl.wrap_socket(client_socket, keyfile="server-key.pem",
certfile="server-cert.pem", server_side=True,
cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLS)
# Receive and print the data
data = ssl_socket.recv(1024).decode('utf-8')
print("Received:", data)
# Clean up
ssl_socket.close()
server_socket.close()

Client:
import socket
import ssl
# Create a socket
client_socket = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
# Wrap the socket with TLS
ssl_socket = ssl.wrap_socket(client_socket, keyfile="client-key.pem",
certfile="client-cert.pem", cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLS)
# Connect to the server
ssl_socket.connect(('localhost', 12345))
# Send a message
message = "Hello, secure world!"
ssl_socket.send(message.encode('utf-8'))
# Clean up
ssl_socket.close()

Server Output:
Server waiting for client connection.
Client connected.
Received from client: Hello from the client!
Sent to client: Processed: Hello from the client!

Client Output:
Connected to server.
Sending message to server: Hello from the client!
Received response from server: Processed: Hello from the client!
Result:
Thus to Check message integrity and confidentiality
using SSL.
Ex No:6 EXPERIMENT EAVESDROPPING, DICTIONARY
ATTACKS, MITM ATTACKS

AIM :
To study on Eavesdropping, Dictionary attacks and MITM attacks.

EAVESDROPPING :

Definition:
An Eavesdropping attack occurs when a hacker intercepts, deletes, or modifies
data that is transmitted between two devices. Eavesdropping, also known as
sniffing or snooping, relies on unsecured network communications to access data
in transit between devices. The data is transmitted across an open network, which
gives an attacker the opportunity to exploit a vulnerability and intercept it via
various methods. Eavesdropping attacks can often be difficult to spot.

Attacks :
Eavesdropping attacks are a big threat to the integrity and confidentiality of the
data. It allows an attacker to gather sensitive information, such as login
credentials, financial data, or personal conversations, without the victim’s
knowledge. Furthermore, attackers can use the extracted information for various
malicious purposes, such as identity theft, extortion, or espionage

Prevention Techniques :
We can use several techniques to prevent eavesdropping attacks. Some popular
techniques include encryption, virtual private networks, secure communication
protocols, firewalls, and network segmentation. Encrypting communication
makes it difficult for attackers to intercept and read messages. In order to
encrypt communication, we can use different types of encryption algorithms,
such as symmetric key algorithms and public key algorithms. Advanced
Encryption Standard (AES) is an example of a symmetric key algorithm.
Additionally, Rivest–Shamir–Adleman (RSA) is a widely used public key
algorithm.

Virtual private networks (VPNs) create a secure, encrypted connection between

a device and a remote server. They can help to prevent eavesdropping attacks by
encrypting communication and making it difficult for attackers to intercept.

DICTIONARY ATTACKS :

Definition:
A dictionary attack is a method of breaking into a password-protected computer,
network or other IT resource by systematically entering every word in a
dictionary as a password. A dictionary attack can also be used in an attempt to
find the key necessary to decrypt an encrypted message or document Dictionary
attacks work because many computer users and businesses insist on using
ordinary words as passwords. These attacks are usually unsuccessful against
systems using multiple-word passwords and are also often unsuccessful against
passwords made up of uppercase and lowercase letters and numbers in random
combinations.

How do dictionary attacks work?

A dictionary attack uses a preselected library of words and phrases to guess
possible passwords. It operates under the assumption that users tend to pull from
a basic list of passwords, such as "password," "123abc" and "123456."

These lists include predictable patterns that can vary by region. For example,
hackers looking to launch a dictionary attack on a New York-based group of
targets might look to test phrases like "knicksfan2020" or "newyorkknicks1234."
Attackers incorporate words related to sports teams, monuments, cities,
addresses and other regionally specific items when building their attack library
dictionaries.

How effective is a dictionary attack?

How successful a dictionary attack is depending on how strong the passwords
are for the individuals a hacker is targeting. Because weak passwords are still
common, attackers continue to have success with these attacks. Individual users,
however, aren't the only ones who are subject to weak password security.
Take steps to prevent a dictionary attack
Dictionary hacking is a very common type of cybercrime that hackers use to gain
access to an individual’s personal accounts, including bank accounts, social
media profiles, and emails. With this access, hackers can perpetrate all sorts of
actions, from financial fraud and malicious social media posts to further
cybercrimes like phishing. However, dictionary attack prevention can be as
simple as implementing certain safeguards to minimize the risk of falling victim
to these attacks. Using smart password management habits, employing different
types of authentications, and using readily available password managers, for
example, can all help keep passwords and accounts secure.

MITM ATTACKS :

What is a Man-in-the-Middle (MITM) Attack?

Man-in-the-middle attacks (MITM) are a common type of cybersecurity attack
that allows attackers to eavesdrop on the communication between two targets.
The attack takes place in between two legitimately communicating hosts,
allowing the attacker to “listen” to a conversation they should normally not be
able to listen to, hence the name “man-in-the-middle. Types of Man-in-the-
Middle Attacks

Rogue Access Point

Devices equipped with wireless cards will often try to auto-connect to the access point that is emitting
the strongest signal. Attackers can set up their own wireless access point and trick nearby devices to
join its domain.

ARP Spoofing
ARP is the Address Resolution Protocol. It is used to resolve IP addresses to physical MAC (media
access control) addresses in a local area network. When a host needs to talk to a host with a given IP
address, it references the ARP cache to resolve the IP address to a MAC address.

Man-in-the-Middle Attack Techniques

Sniffing

Attackers use packet capture tools to inspect packets at a low level. Using specific wireless devices that
are allowed to be put into monitoring or promiscuous mode can allow an attacker to see packets that
are not intended for it to see, such as packets addressed to other hosts

Packet Injection
An attacker can also leverage their device’s monitoring mode to inject malicious packets into data
communication streams. The packets can blend in with valid data communication streams, appearing
to be part of the communication, but malicious in nature. Packet injection usually
involves first sniffing to determine how and when to craft and send packets

How to Detect a Man-in-the-Middle Attack

Detecting a Man-in-the-middle attack can be difficult without taking the proper
steps. If you aren't actively searching to determine if your communications
have been intercepted, a Man-in-the-middle attack can potentially go unnoticed
until it's too late. Checking for proper page authentication and implementing
some sort of tamper detection are typically the key methods to detect a possible
attack, but these procedures might require extra forensic analysis after-the-fact.

Attack Prevention
Strong WEP/WAP Encryption on Access Points.
Strong Router Login Credentials.
Virtual Private Network.
Force HTTPS.
Public Key Pair Based Authentication.

RESULT :
Thus the Eavesdropping, dictionary attacks and MITM attacks are
observed.
 Ex No:7 EXPERIMENT WITH SNIFF TRAFFIC USING ARP
POISONING
AIM :
To study on sniff traffic using ARP poisoning.

Sniffing Attack:
Sniffing Attack in context of network security, corresponds to theft or
interception of data by capturing the network traffic using a packet sniffer (an
application aimed at capturing network packets). When data is transmitted across
networks, if the data packets are not encrypted, the data within the network
packet can be read using a sniffer. Using a sniffer application, an attacker can
analyse the network and gain information to eventually cause the network to
crash or to become corrupted, or read the communications happening across the
network.
Sniffing attacks can be compared to tapping of phone wires and get to know about
the conversation, and for this reason, it is also referred as wiretapping applied to
computer networks. Using sniffing tools, attackers can sniff sensitive information
from a network, including email (SMTP, POP, IMAP), web (HTTP), FTP (Telnet
authentication, FTP Passwords, SMB, NFS) and many more types of network
traffic. The packet sniffer usually sniffs the network data without making any
modifications in the network's packets. Packet sniffers can just watch, display,
and log the traffic, and this information can be accessed by the attacker
What is ARP Poisoning?
ARP Poisoning consists of abusing the weaknesses in ARP to corrupt the
MAC-to-IP mappings of other devices on the network. Security was not a
paramount concern when ARP was introduced in 1982, so the designers of the
protocol never included authentication mechanisms to validate ARP messages.
Any device on the network can answer an ARP request, whether the original
message was intended for it or not. For example, if Computer A “asks” for the
MAC address of Computer B, an attacker at Computer C can respond and
Computer A would accept this response as authentic. This oversight has made a
variety of attacks possible. By leveraging easily available tools, a threat actor
can “poison” the ARP cache of other hosts on a local network, filling the ARP
cache with inaccurate entries.

Sniff traffic using ARP poisoning:

Sniffing traffic using ARP poisoning is a type of cyberattack those abuses
weaknesses in the Address Resolution Protocol (ARP) to intercept, modify, or
block network traffic between two devices. ARP is a protocol that maps an IP
address to a MAC address within a local network. However, ARP lacks
authentication mechanisms, and this is what the attack exploits. The attacker
sends fake ARP responses to a specific host on the network, thus linking the
attacker’s MAC address to the IP address of another host, such as the network’s
gateway. As a result, the target host sends all its network traffic to the attacker
instead of the intended host
To perform this attack, the attacker needs to have access to the same network as
the target devices, and use a tool that can send out forged ARP responses, such
as Arp spoof or Driftnet. The attacker configures the tool with their MAC
address and the IP addresses of the two devices they want to intercept traffic
between. The forged responses tell both devices that the correct
MAC address for each of them is the attacker’s MAC address. As a result, both
devices start sending all their network traffic to the attacker’s machine, thinking
it’s the other device they want to communicate with.
The attacker can then do various things with the incorrectly directed traffic. If
the attacker chooses to inspect the traffic, they can steal sensitive information,
such as passwords, account details, or credit card numbers. If they decide to
modify the traffic, they can inject malicious scripts, such as malware,
ransomware, or phishing links. Finally, if they choose to block the traffic, they
can perform a Denial of Service (DoS) attack, where they completely stop the
communication between the two devices.
ARP poisoning is a serious threat to network security, as it can compromise the
confidentiality, integrity, and availability of network data. To prevent ARP
poisoning attacks, some possible countermeasures are:
Using network monitoring tools, such as Wireshark or Nmap, to detect any
anomalies or suspicious activities on the network, such as duplicate MAC
addresses, ARP requests, or ARP responses.

RESULT :

Thus, the sniff traffic using ARP poisoning observed.

Ex no: 8 DEMONSTRATE INTRUSION DETECTION SYSTEM
USING ANY TOOL

AIM:
To demonstrate intrusion detection system using any tool.

ALGORITHM :
1. Start

2. Initialize Network Traffic and Intrusion Pattern

3. Compile Regular Expression

4. Match Pattern in Network Traffic.

5. Print a message indicating the intrusion detection: "Intrusion detected: ".

6. Print a message indicating no intrusion: "No intrusion detected.".

7. Stop

PROGRAM :
import java.util.regex.*;

public class SimpleIDS {

public static void

main(String[] args) {

String networkTraffic = "Some network traffic with a suspicious pattern";

String intrusionPattern = "suspicious pattern";

Pattern pattern =

Pattern.compile(intrusionPattern);

Matcher matcher =
pattern.matcher(networkTraffic); if

(matcher.find()) {

System.out.println("Intrusion detected: " + intrusionPattern);

} else {

System.out.println("No intrusion detected.");

OUTPUT :
Intrusion detected: suspicious pattern
RESULT :
Program to demonstrate intrusion detection system was successfully
executed.

Ex No:9 EXPLORE NETWORK MONITORING TOOL

AIM :
To explore network monitoring tool.
ALGORITHM :
1. Start

2. Get Network Devices

3. Select a Network Interface

4. Open the Selected Interface

5. Start Packet Capture

6. Stop

PROGRAM :
import jpcap.*; import jpcap.packet.*; public

class NetworkMonitor { public static void

main(String[] args) throws Exception {

NetworkInterface[] devices =

JpcapCaptor.getDeviceList(); if (devices.length

== 0) {

System.out.println("No network interface found. Make sure you have the

required permissions."); return; } int selectedDeviceIndex = 0

NetworkInterface selectedDevice = devices[selectedDeviceIndex];

JpcapCaptor captor = JpcapCaptor.openDevice(selectedDevice,

2000, true, 20); System.out.println("Monitoring " +

selectedDevice.name + "..."); while (true) {

Packet packet =

captor.getPacket(); if

(packet != null) {

System.out.println(packet);
}
}
}
}

OUTPUT :
Ethernet packet (source MAC: 00:11:22:33:44:55, destination MAC:
AA:BB:CC:DD:EE:FF)
IPv4 packet (source IP: 192.168.1.2, destination IP: 8.8.8.8, protocol: TCP)
TCP packet (source port: 12345, destination port: 80, flags: SYN)
Payload data: Hello, this is a sample packet!

RESULT :
Program for network monitoring tool are explored successfully
 Ex No:10 STUDY TO CONFIGURE FIREWALL VPN
AIM :
To study configure firewall VPN.

Create and Configure the Network

Initialize the network:

1. Open the Object Palette dialog box by clicking. Make sure that the
internet toolbox item is selected from the pull-down menu on the object
palette.
2. Add the following objects from the palette to the project workspace
(see the following figure for placement): Application Config, Profile
Config, an ip32_cloud, one ppp_ server, three ethernet4_slip8_gtwy
routers, and two pppwkstn hosts.
3.Rename the objects you added and connect them using PPP_DS1
links, as shown.

The Firewall Scenario

In the network we just created, the Sales Person profile allows both sales sites to
access applications such as database access, email, and Web browsing from the
server (check the Profile Configuration of the Profiles node). Assume that we
need to protect the database in the server from external access including the
salespeople. One way to do that is to replace
Router C with a firewall as follows:
1. Select Duplicate Scenario from the Scenarios menu and name it Firewall.
Click OK.

2. In the new scenario, right-click on Router C · Edit Attributes.

3. Assign ethernet2_slip8_firewall to the model attribute.

4. Expand the hierarchy of the Proxy Server Information attribute · Expand

the row 1, which is for the database application hierarchy · Assign No to the
Proxy Server Deployed attribute as shown. Click OK, and Save your
project

The Firewall VPN Scenario

In the Firewall scenario, we protected the databases in the server from “any”
external access using a firewall router. Assume that we want to allow the people
in the Sales A site to have access to the databases in the server. Because the
firewall filters all database-related traffic regard less of the source of the traffic,
we need to consider the VPN solution. A virtual tunnel can be used by Sales A to
send database requests to the server. The firewall will not filter the traffic created
by Sales A because the IP packets in the tunnel will be encapsulated inside an IP
datagram.

1. While you are in the Firewall scenario, select Duplicate Scenario from the
Scenarios menu and give it the name Firewall_VPN · Click OK. 2. Remove
the link between Router C and the Server.
3. Open the Object Palette dialog box by clicking . Make sure that the internet
toolbox is selected from the pull-down menu on the object palette.
a. Add to the project workspace one ethernet4_slip8_gtwy and one IP
VPN Config (see the following figure for placement).
b. From the Object palette, use two PPP_DS1 links to connect the new
router to the Router C (the firewall) and to the Server, as shown in the
following figure. c. Close the Object Palette dialog box.
4. Rename the IP VPN Config object to VPN.
Rename the new router to Router D as shown in the following fig

RESULT :
Thus, the configure to firewall VPN observed.