CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 1
Object : Study of Networking security fundamentals, Ethical hacking, Social engineering pracies? Ethical hacking
Ethical hacking is where a person hacks to find weaknesses in a system and then usually patches them. For example, a bank may pay a hacker to hack their systems to see if it is hackable. If he gets in, then they know there is potential for other people to hack in, and usually they will work with this ethical hacker to patch these holes. If he doesn't get in, then they pray that nobody is better at hacking than him. Let me add this. Hacking is simply exploring a computer's designed features, and learning how to exploit or take advantage of those features. As an example. a computer is designed to load instructions into memory using clearly defined rules, outlined in an RFC that spells out how to load something into memory. A hacker (white, grey, or black) looks at it this way. The RFC says to load an instruction into memory, use 8 bits of data, and two bits of instruction, then 8 more bits of data, and two more bits of instruction. A hacker looks at this and wonders, what if I pass 9 bits of data, what if I pass ten bits. etc. Sooner or later the computer will not be able to deal with the amount of data being passed in a manner it understands. Maybe it can accept 9 bits, 10 bits, and just ignore the discrepencies from

the RFC, but sooner or later, the computer will not know how to interpret the instructions. When a computer does not know what to do next, it gives up and passes control to the SYSTEM, which is all powerful. This is a very basic description of a bufffer overflow. The hacker wants to force the computer to give up, and pass control to the SYSTEM. Once this happens, the hacker has administrative control and can now start passing commands to the computer that it will follow without question. There are three levels of hackers. White Hats spend all their time trying to break the system, to prove it can ge broke, so they can get the manufacurer to address the problem and fix it. Grey hats do the same thing, but perhaps will try to gain from their new way of breaking the system. They may expect payment for finding a way to break the system, and they may even try to get financial gain from their knowledge or silence. Black hats want to take the knowledge of how to break a system and use it for financial gain. They may use it to hack systems or write code that allows others to hack systems, and sell that code. All three are doing the same thing, trying to break the systems. The difference is what they intend to DO with the information once they discover it. Script Kiddies take the information that hackers discover, and try to use it for their own gain. They discover nothing, they just use what others have discovered, and try to copy it for their own gain.

Social Engineering practices

Social engineering is an art of manipulating people to get vital information from them.This information can be used to build an attack against the respective person. Any one can social engineer, even a kid. There are various methods to perform social engineering. Your options are endless, so make use of it and exploit the most powerful OS (the Human OS). Let me give a true example of social engineering. One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm's entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees' names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them. The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO's voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system. In this case, the strangers were network consultants performing a security audit for the CFO without any other employees' knowledge. They were never given any privileged information from the CFO but were able to obtain all the access they wanted through social engineering. Here are some methods of social engineering:

* Phishing - is a technique often used to obtain private information. Typically, the user sends an e-mail that appears to come from a legitimate business requesting "verification" of information and warning of some consequence if it is not provided. The e-mail usually contains a link to a web page that seems legitimate and has a form requesting everything from home address to an ATM card's PIN. * IVR or phone phishing - also known as "vishing"; this technique uses an Interactive Voice Response (IVR) system to recreate a legitimate sounding copy of a bank or other institution's IVR system. The victim is prompted to call in to the "bank" via a phone number provided in order to "verify" information. * Baiting - Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, the attacker leaves a malware infected floppy disc, CD ROM, or USB flash drive in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device. * Quid pro quo - An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware. Courtesy: Advantage of Social Engineering So to soak up what you've learned so far, which was, an introduction to social engineering and some examples on the very subject itself (SE). On to the very question that people want to hear and know. What can I GAIN from using social engineering? Anything! Like I said before, and not afraid to hesitate to say again, your options are endless when using social engineering! It all depends on your goal and how you approach it, is the defining factor of your outcome. Now with that said, don't go off thinking that you can take over the World in a matter of a few days, not going to happen. But what you can do is practice using social engineering, little by little, step by step; learn how to build your ground and the environment around it. So yes, think outside the box and learn to open new doors! Keep in mind that connections and relationships is everything in being a social engineer, without it, what can you build from nothing? Nothing! That's when social engineering comes in place, learn to make new friends, take the time to ask questions, and most importantly, learn your target! Like one once said, "My greatest enemy is also my best friend." You can achieve anything with the right mindset! Believe it or not, more than 50% of people living on this Earth subconsciously don't know what they're capable of! That's a scary thought, that's a lot of potential lost! So, what ya thinkin, U a social engineer? Ofcourse you are even without knowing it.

CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 2
Object : System threat attacks-Denial of services?
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.Perpetrators of DoS attacks typically target sites or services hosted on high-profile web serverssuch as banks, credit card payment gateways, and even root nameservers. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.Denial-of-service attacks are considered violations of the IAB's Internet

proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations. When the DoS Attacker sends many packets of information and requests to a single network adapter, each computer in the network would experience effects from the DoS attack. Methods of attack A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:[ 1. Consumption of computational resources, such as bandwidth, disk space, or processor time. 2. Disruption of configuration information, such as routing information. 3. Disruption of state information, such as unsolicited resetting of TCP sessions. 4. Disruption of physical network components. 5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. A DoS attack may include execution of malware intended to:[Max out the processor's usage, preventing any work from occurring.

Trigger errors in the microcode of the machine. Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up. Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished. Crash the operating system itself.

CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 3
Object : Sniffing and Spoofing?
sniffing is a technique used in websites and web applications in order to determine the web browser a visitor is using, and to serve browser-appropriate content to the visitor. This practice is sometimes utilized to circumvent incompatibilities between browsers in areas such as the interpretation of HTML, Cascading Style Sheets (CSS) and the Document Object Model (DOM). While the World Wide Web Consortium maintains up-to-date central versions of some of the most important Web standards in the form of recommendations, in practice no software developer has designed a browser which adheres exactly to these standards; implementation of other standards and protocols, such as SVG and XMLHttpRequest, varies as well. As a result, different browsers will display the same page differently, and so methods have been developed to detect what web browser a user is working with so as to help ensure consistent display of content.

Sniffer Methods
Client-side sniffing Web pages can use programming languages such as JavaScript which are interpreted by the user agent, with results sent to the web server. For example:

<script type="text/javascript"> var isIE = window.ActiveXObject ? true : false; </script>

This code is run by the client computer, and the results are used by other code to make necessary adjustments on client-side. In this example, the client computer is asked to determine whether the browser can use a feature called ActiveX. Since this feature is proprietary toMicrosoft, Inc., a positive result will indicate that the client is likely running Microsoft's Internet Explorer. Server-side sniffing Client-side sniffing makes use of features on the client computer. These features must be available and active in order for the process to work. However, since the web server has no control over whether the client actually has the features available, client-side sniffing is unreliable. It is possible, however, to determine many features of the browser without depending on the client configuration. The web server communicates with the client using a communication protocol known as HTTP, or Hypertext Transfer Protocol. Information communicated between client and server usually includes information about the browser being used to view the web site. See user agent for more details on this. spoofing In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Spoofing and TCP/IP Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host.IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message. Caller ID spoofing Main article: Caller ID spoofing In public telephone networks, it has for a long while been possible to find out who is calling you by looking at the Caller ID information that is transmitted with the call. There are technologies that transmit this information on landlines, on cellphones and also with VoIP. Unfortunately, there are now technologies (especially associated with VoIP) that allow callers to lie about their identity, and present false names and numbers, which could of course be used as a tool to defraud or harass. Because there are services and gateways that interconnect VoIP with other public phone networks, these false Caller IDs can be transmitted to any phone on the planet, which makes the whole Caller ID information now next to useless. Due to the distributed geographic nature of the Internet, VoIP calls can be generated in a different country to the

receiver, which means that it is very difficult to have a legal framework to control those who would use fake Caller IDs as part of a scam.[1 Voice Mail Spoofing and How to Protect Yourself From Unauthorized Access Main article: Voice Mail spoofing Spoofing technology enables someone to make it seem as though they are calling from your telephone when they are not. The use of this technology for deceptive purposes is illegal. In order to prevent unauthorized voicemail access from fraudulent activity such as caller ID spoofing, you should continue to use the voicemail passcode established when you set up your account. If you decide to skip using the voicemail passcode established when you set up your account, your voice mail messages can be vulnerable to unauthorized access with spoofing. In most cases, you can change a voicemail passcode or adjust settings to re-enable the use of a passcode for retrieving messages, just access your voicemail and follow the prompts. This information was found within the self-service feature of Sprint Zone in user's cell phone when selecting the option, Device Tips and Tricks, then, Voice Mail & Device Security. E-mail address spoofing Main article: E-mail spoofing The sender information shown in e-mails (the "From" field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails and leads to problems such as misdirected bounces (i.e. e-mail spam backscatter). E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will send the message. It can be done using a mail server with telnet. GPS Spoofing A GPS spoofing attack attempts to deceive a GPS receiver by broadcasting a slightly more powerful signal than that received from the GPS satellites, structured to resemble a set of normal GPS signals. These spoofed signals, however, are modified in such a way as to cause the receiver to determine its position to be somewhere other than where it actually is, specifically somewhere determined by the attacker. Because GPS systems work by measuring the time it takes for a signal to travel from the satellite to the receiver, a successful spoofing requires that the attacker know precisely where the target is so that the spoofed signal can be structured with the proper signal delays. A GPS spoofing attack begins by broadcasting a slightly more powerful signal that produces the correct position, and then slowly deviates away towards the position desired by the spoofer, because moving too quickly will cause the receiver to lose signal lock altogether, at which point the spoofer works only as a jammer.

CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 4
Object :Web based password computing? Web based password computing:

1. Pearl Crescent Page Saver: This is a firefox addon which makes your job of capturing a web page easy. You will get options to save the entire web page or only visible portion of the page. You will also get option to save either an entire frame on a page in which case you can choose which frame to be saved. You can save the page in either jpeg or png format. Though you can save image on your local hard disk, in a pro version, you can even upload it to an ftp server. User will have an additional feature to set up a keyboard shortcut to capture and also the file name is user customizable.

2. Fireshot: This is a extension for firefox/internet explorer with much advanced features compared with Pearl Crescent Page Saver. This can save the screenshot into png, jper, gif or bmp formats. You can even copy the saved image to the clipboard which is not a feature of Peral Crescent. And the most attractve part is that you can also upload your captured image into their server so that you can use it whenever you need. If you register for an account in their server, you will get much more options with that. 3. Screengrab:

This is a simple firefox addon to save entire webpage/ visible portion into an image file. File formats supported are jpeg and png.In this, you can copy entire page/frame into clipboard also for editing. 4. CaptureSaver: This is a quite bulky software when compared for our application compared with all others listed here. This 4MB software is used for many other purposes of saving webpages, images, text and organising them and reusing.This adds into the context menu of internet explorer and which makes the screenshot capturing a simple and easy job. 5. Superscreenshot: It is a web based screenshot service which provide you with multiple options in sizes and also to choose if you need full page or top screen. One more feature in this is that it caches the previous captured image so that you can get that screenshot even if the site is down, but you get a previous captured one and not the recent. You are provided with a refresh button to refresh the cached image. 6. Browsershots: This site is intended for the purpose of testing the website design in different browsers. You can select different browsers you would like your site to appear. Few of such images will be full screen captures of your page, which you can download. 7. Thumbalizr: This web screenshot service generates png images of your site in different sizes. The site has a very cool interface and is much quicker than the above said web based image capturing services.

CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 5
Object :Virus and Trojans? Virus
A virus is a small infectious agent that can replicate only inside the living cells of organisms. Viruses infect all types of organisms, from animals and plants to bacteria and archaea. Since Dmitri Ivanovsky's 1892 article describing a non-bacterial pathogen infecting tobacco plants, and the discovery of the tobacco mosaic virus by Martinus Beijerinck in 1898, about 5,000 viruses have been described in detail,[3] although there are millions of different types.[4] Viruses are found in almost every ecosystem on Earth and are the most abundant type of biologicalentity.The study of viruses is known as virology, a sub-speciality of microbiology.Virus particles (known as virions) consist of two or three parts: the genetic material made from either DNA or RNA, long molecules that carry genetic information; a protein coat that protects these genes; and in some cases an envelope of lipids that surrounds the protein coat when they are outside a cell. The shapes of viruses range from simple helical and icosahedral forms to more complex structures. The average virus is about one one-hundredth the size of the average bacterium. Most viruses are too small to be seen directly with a light microscope.

The origins of viruses in the evolutionary history of life are unclear: some may have evolved fromplasmids pieces of DNA that can move between cells while others may have evolved from bacteria. In evolution, viruses are an important means of horizontal gene transfer, which increasesgenetic diversity.Viruses spread in many ways; viruses in plants are often transmitted from plant to plant by insectsthat feed on the sap of plants, such as aphids; viruses in animals can be carried by blood-suckinginsects. These disease-bearing organisms are known as vectors. Influenza viruses are spread by coughing and sneezing. Norovirus and rotavirus, common causes of viral gastroenteritis, are transmitted by the faecal-oral route and are passed from person to person by contact, entering the body in food or water. HIV is one of several viruses transmitted through sexual contact and by exposure to infected blood. The range of host cells that a virus can infect is called its "host range". This can be narrow or, as when a virus is capable of infecting many species, broad.Viral infections in animals provoke an immune response that usually eliminates the infecting virus. Immune responses can also be produced by vaccines, which confer an artificially acquired immunity to the specific viral infection. However, some viruses including those that causeAIDS and viral hepatitis evade these immune responses and result in chronic infections. Antibiotics have no effect on viruses, but severalantiviral drugs have been developed.

Trojan horse
A Trojan horse, or Trojan, is a standalone malicious program which may give full control of infected PC to another PC. It may also perform typical computer virus activities[2]. Trojan horses may make copies of themselves, steal information, or harm their host computer systems. The term is derived from the Trojan Horse story in Greek mythology because Trojan horses employ a form of social engineering, presenting themselves as harmless, useful gifts, in order to persuade victims to install them on their computers (just as the Trojans were tricked into taking the Trojan Horse inside their gates) Purpose and uses A Trojan may give a hacker remote access to a targeted computer system. Once a Trojan has been installed on a targeted computer system, hackers may be given remote access to the computer allowing them to perform all kinds of operations. Operations that could be performed by a hacker on a targeted computer system may include but are not limited to:

Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks) electronic money theft[9] Data theft (e.g. retrieving passwords or credit card information) Installation of software, including third-party malware Downloading or uploading of files on the user's computer Modification or deletion of files Keystroke logging Watching the user's screen Crashing the computer Anonymizing internet viewing

Trojan horses in this way may require interaction with a hacker to fulfill their purpose, though the hacker does not have to be the individual responsible for distributing the Trojan horse. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, which the hacker can then use to control the target computer. A recent innovation in Trojan horse code takes advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide internet usage. A hacker is able to view internet sites while the tracking cookies, internet history, and any IP logging are maintained on the host computer. The host's computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Newer generations of the Trojan horse tend to "cover" their tracks more efficiently. Several versions of Slavebot have been widely circulated in the US and Europe and are the most widely distributed examples of this type of Trojan horse. Current use Due to the popularity of botnets among hackers and the availability of advertising services that permit authors to violate their users' privacy, Trojan horses are becoming more common. According to a survey conducted by BitDefender from January to June 2009, "Trojan-type malware is on the rise, accounting for 83-percent of the global malware detected in the world." This virus has a relationship with worms as it spreads with the help given by worms and travel across the internet with them. Their main purpose is to make its host system open to access through the internet. BitDefender also states that approximately 15% of computers are members of a botnet - usually an effect of a Trojan infection. Popular Trojan Horses

Netbus (by Carl-Fredrik Neikter) Subseven (by Mobman) Y3K Remote Administration Tool (by Konstantinos & Evangelos Tselentis) Back Orifice (Sir Dystic) Beast Zeus The Blackhole Exploit Kit Flashback Trojan (Trojan.BackDoor.Flashback)

CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 6
Object :Anti-Intrusion techniques-Honey pot ?
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use ofinformation systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. Types Honeypots can be classified based on their deployment and based on their level of involvement. Based on deployment, honeypots may be classified as 1. production honeypots 2. research honeypots Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots do. The purpose of a

production honeypot is to help mitigate risk in an organization. The honeypot adds value to the security measures of an organization. Research honeypots are run by a volunteer, non-profit research organization or an educational institution to gather information about the motives and tactics of the Blackhat community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations. Based on design criteria, honeypots can be classified as 1. pure honeypots 2. high-interaction honeypots 3. low-interaction honeypots Pure honeypots are full-fledged production systems. The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the defense mechanisms can be ensured by a more controlled mechanism. High-interaction honeypots imitate the activities of the real systems that host a variety of services and, therefore, an attacker may be allowed a lot of services to waste his time. According to recent researches in high interaction honeypot technology, by employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. In general, high interaction honeypots provide more security by being difficult to detect, but they are highly expensive to maintain. If virtual machines are not available, one honeypot must be maintained for each physical computer, which can be exorbitantly expensive. Example: Honeynet. Low-interaction honeypots simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems. Example: Honeyd.

CLASS WORK SESSIONAL WORK

ASSIGNMENT No EXPERIMENT

SUBMITTED ON MARKS OR GRADE OBTAINED .. NAME ROLL NO. ....... CLASS ... DEPARTMENT ...... SUBJECT .. CODE NO. . Signature of Student Signature of Professor

EXPERIMENT NO. 7
Object :Symmetric Encryption Sheme-RC4?
In cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems.[2] It is especially vulnerable when the beginning of the output keystream is not discarded, or nonrandom or related keys are used; some ways of using RC4 can lead to very insecure cryptosystems such as WEP. History RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code"[3] (see also RC2, RC5 and RC6).RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list.[4] It was soon posted on the sci.crypt newsgroup, and from there to many sites on the Internet. The leaked code was confirmed to be genuine as its output was found to match that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade secret. The

name RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4 (meaning alleged RC4) to avoid trademark problems. RSA Security has never officially released the algorithm; Rivest has, however, linked to the English Wikipedia article on RC4 in his own course notes.[5] RC4 has become part of some commonly used encryption protocols and standards, including WEP and WPA for wireless cards andTLS. The main factors in RC4's success over such a wide range of applications are its speed and simplicity: efficient implementations in both software and hardware are very easy to develop. Description RC4 generates a pseudorandom stream of bits (a keystream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or; decryption is performed the same way (since exclusive-or is a symmetric operation). (This is similar to the Vernam cipher except that generated pseudorandom bits, rather than a prepared stream, are used.) To generate the keystream, the cipher makes use of a secret internal state which consists of two parts: 1. A permutation of all 256 possible bytes (denoted "S" below). 2. Two 8-bit index-pointers (denoted "i" and "j"). The permutation is initialized with a variable length key, typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Once this has been completed, the stream of bits is generated using the pseudo-random generation algorithm (PRGA).