PILLAIS INSTITUTE OF INFORMATION

TECHNOLOGY, NEWPANVEL

LAB MANUAL
SYSTEM SECURITY

DEPARTMENT OF COMPUTER ENGINEERING

LIST OF EXPERIMENTS
Name of Faculty: Deepa Krishnan

Term: July 2012-November 2012

Subject: System Security

Lab Session: 6 hrs/week

Year & Semester : B.E. Sem VII

Branch: I.T.

No. of Lectures per week: 4

No of Weeks: 12

Sr No.

Title

1.

To study various cryptography techniques.

2.

To implement Additive cipher

3.

To implement double transposition cipher

4.

To implement RSA algorithm to achieve confidentiality

5.

To implement RSA algorithm to create Digital Signatures

6.

To implement Diffie Hellman Key Exchange.

7.

To implement buffer over flow vulnerability

8.

To implement DES Algorithm

9.

Study and Implementation of Wireshark tool to capture

packets
Study and Implementation of NMap (Port Scanner)

10.
11.

To study Intrusion Detection System( Snort IDS)

EXPERIMENT NO 1
Aim: To study various cryptography techniques.
Theory:
Study of Cryptography: Cryptography is the art and science of converting the message
into an unreadable form. An original message is called plain text while the
unreadable message is called the cipher text. The process of converting from the
plain text to cipher text is called encryption; restoring the plain text from cipher text
is called decryption. The main schemes used for encryption constitute
cryptography. The main schemes used for encryption constitute cryptography.
Types of cryptography:
Cryptographic schemes are classified along three independent dimensions.
1. The type of operations used for transforming plain text to cipher text.
Based on this there are two ciphers: Substitution cipher and transposition
cipher. Example of a substitution cipher student need to get familiarize is
Caesar cipher and example of transposition cipher is Rail fence cipher.
2. The number of keys used: Based on the number of keys cryptographic
systems are classified into Symmetric key cryptography and Asymmetric
key cryptography. Example of Symmetric key cryptography is DES and
example of asymmetric key cryptography is RSA.
3. The way in which plain text is processed: Based on this the ciphers are
divided into two types: Stream cipher and Block cipher. Examples of
stream cipher are RC4 and A5/1.Examples of Block cipher is DES.
Conclusion:
Thus the basic cryptographic classification and its differences with examples are studied.

EXPERIMENT NO 2

Aim: To implement an Additive cipher. Students are required to implement the logic of
Additive cipher with any key value in the range (1-25).
Theory:
A substitution cipher is a method of encryption by which units of plaintext are
replaced with cipher text according to a regular system; the "units" may be single letters
(the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth.
The receiver deciphers the text by performing an inverse substitution. If the cipher
operates on single letters, it is termed a simple substitution cipher; a cipher that operates
on larger groups of letters is termed polygraphic. A monoalphabetic cipher uses fixed
substitution over the entire message, whereas a polyalphabetic cipher uses a number of
substitutions at different times in the message, where a unit from the plaintext is mapped
to one of several possibilities in the cipher text and vice-versa. In cryptography, a Caesar
cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is
one of the simplest and most widely known encryption techniques. It is a type
of substitution cipher in which each letter in the plaintext is replaced by a letter some
fixed number of positions down the alphabet. For example, with a shift of 3, A would be
replaced by D, B would become E, and so on. The encryption step performed by a Caesar
cipher is often incorporated as part of more complex schemes, such as theVigenre
cipher.
If P is the plain text character, K the key value and C the cipher text character then the
encryption is represented as C= (P+K) mod 26.Decryption is represented as
P= (C-K) mod26.

Students are required to implement the logic in TurboC++ or Java.

Conclusion:
The basic features of Additive cipher are studied through this experiment.

EXPERIMENT NO 3
Aim: To implement a double transposition cipher.
Theory:
In cryptography, a transposition cipher is a method of encryption by which the
positions held by units of plaintext (which are commonly characters or groups of
characters) are shifted according to a regular system, so that the cipher text constitutes
a permutation of the plaintext. That is, the order of the units is changed. Mathematically
a bijective function is used on the characters' positions to encrypt and an inverse
function to decrypt.
Students are required to implement a double transposition cipher. A single columnar
transposition could be attacked by guessing possible column lengths, writing the message
out in its columns (but in the wrong order, as the key is not yet known), and then looking
for possible anagrams. Thus to make it stronger, a double transposition was often used.
This is simply a columnar transposition applied twice.

The logic for double transposition cipher is to be implemented using Turbo++ or Java.
Conclusion:
The features of double transposition cipher and its basic differences from substitution
cipher are studied.

EXPERIMENT NO 4
Aim: To implement RSA algorithm to achieve confidentiality
Theory:
Public-key cryptography refers to a cryptographic system requiring two separate keys,
one to lock or encrypt the plaintext, and one to unlock or decrypt the cypher text. Neither
key will do both functions. One of these keys is published or public and the other is kept
private. If the lock/encryption key is the one published then the system enables private
communication from the public to the unlocking key's owner. If the unlock/decryption
key is the one published then the system serves as a signature verifier of documents
locked by the owner of the private key. This cryptographic approach uses asymmetric
key algorithms such as RSA, hence the more general name of "asymmetric key
cryptography". Some of these algorithms have the public key/private key property; that
is, neither key is derivable from knowledge of the other; not all asymmetric key
algorithms do. Those with this property are particularly useful and have been widely
deployed,
and
are
the
source
of
the
commonly
used
name.
Although unrelated, the key pair are mathematically linked. The public key is used to
transform a message into an unreadable form, decryptable only by using the (different but
matching) private key. By publishing the public key, the key producer empowers anyone
who gets a copy of the public key to produce messages only s/he can readbecause only
the key producer has a copy of the private key (required for decryption). When someone
wants to send a secure message to the creator of those keys, the sender encrypts it (i.e.,
transforms it into an unreadable form) using the intended recipient's public key; to
decrypt the message, the recipient uses the private key. No one else, including the sender,
can do so.
RSA

RSA involves a public key and a private key. The public key can be known to everyone
and is used for encrypting messages. Messages encrypted with the public key can only be
decrypted using the private key. The keys for the RSA algorithm are generated the
following way:
1. Choose two distinct prime numbers p and q.
2. For security purposes, the integers p and q should be chosen at random, and
should be of similar bit-length.
3. Compute n = pq.
n is used as the modulus for both the public and private keys
4. Compute (n) = (p-1)(q-1), where is Euler's totient function.
5. Choose an integer e such that 1 < e < (n) and greatest common divisor of (e,
(n)) = 1; i.e., e and (n) are co prime.
e is released as the public key exponent.
6. Determine d as:

i.e., d is the multiplicative inverse of e mod (n).

The public key consists of the modulus n and the public (or encryption) exponent e.
The private key consists of the modulus n and the private (or decryption)
exponent d which must be kept secret.
Encryption
Alice transmits her public key
to Bob and keeps the private key secret. Bob
then wishes to send message M to Alice.
He first turns M into an integer m, such that
by using an agreed-upon
reversible protocol known as a padding scheme. He then computes the ciphertext
corresponding to
.
This can be done quickly using the method of exponentiation by squaring. Bob
then transmits to Alice.
Note that at least nine values of m will yield a cipher text c equal to m but this is
very unlikely to occur in practice.
Decryption
Alice can recover

from

by using her private key exponent

via computing

.
Students are required to implement the logic in Turbo C++ or JAVA.
Conclusion:
The features of public key cryptography and RSA logic are studied..

EXPERIMENT NO 5
Aim: To implement public key cryptography RSA to create digital signatures
Theory:
Public-key cryptography refers to a cryptographic system requiring two
separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt
the cyphertext. Neither key will do both functions. One of these keys is published or
public and the other is kept private. If the lock/encryption key is the one published then
the system enables private communication from the public to the unlocking key's owner.
If the unlock/decryption key is the one published then the system serves as a signature
verifier of documents locked by the owner of the private key. This cryptographic
approach uses asymmetric key algorithms such as RSA, hence the more general name of
"asymmetric key cryptography". Some of these algorithms have the public key/private
key property; that is, neither key is derivable from knowledge of the other; not all
asymmetric key algorithms do. Those with this property are particularly useful and have
been widely deployed, and are the source of the commonly used name.
Although unrelated, the key pair are mathematically linked. The public key is used to
transform a message into an unreadable form, decryptable only by using the (different but
matching) private key. By publishing the public key, the key producer empowers anyone
who gets a copy of the public key to produce messages only s/he can readbecause only
the key producer has a copy of the private key (required for decryption). When someone
wants to send a secure message to the creator of those keys, the sender encrypts it (i.e.,
transforms it into an unreadable form) using the intended recipient's public key; to
decrypt the message, the recipient uses the private key. No one else, including the sender,
can do so.
RSA

RSA involves a public key and a private key. The public key can be known to everyone
and is used for encrypting messages. Messages encrypted with the public key can only be
decrypted using the private key. The keys for the RSA algorithm are generated the
following way:
7. Choose two distinct prime numbers p and q.
8. For security purposes, the integers p and q should be chosen at random, and
should be of similar bit-length.
9. Compute n = pq.
n is used as the modulus for both the public and private keys
10.Compute (n) = (p-1)(q-1), where is Euler's totient function.
11.Choose an integer e such that 1 < e < (n) and greatest common divisor of (e,
(n)) = 1; i.e., e and (n) are coprime.

e is released as the public key exponent.

12.Determine d as:

i.e., d is the multiplicative inverse of e mod (n).

The public key consists of the modulus n and the public (or encryption) exponent e.
The private key consists of the modulus n and the private (or decryption)
exponent d which must be kept secret.
Encryption (Creating Digital Signature)
To create a digital signature Alice has to encrypt the message using her private key.If
the private key of Alice is d then, Md mod N gives the cipher text which is the digital
signature of Alice.
Decryption (Verifying Signature)
Bob can verify signature of Alice by decrypting the signed message using Alices public
key.
Ce mod N
Students are required to implement the logic in Turbo C++ or JAVA.
Conclusion:
The features of public key cryptography to create digital signature is done.

EXPERIMENT NO 6
Aim: To implement Diffie Hellman Secret Key Exchange Algorithm.
Theory:
Diffie Hellman key exchange algorithm uses asymmetric key principles for the
distribution of symmetric keys to both parties in a communication network. Key
distribution is an important aspect of conventional algorithm and the entire safety is
dependent on the distribution of key using secured channel. Diffie Hellman utilizes the
public& private key of asymmetric key cryptography to exchange the secret key.
Before going in depth of Diffie Hellman Algorithm,we define primitive root of a prime
number 'p' as one whose powers generate all the integers from 1 to p-1, i.e. if 'a' is the
primitive root of a prime no 'p', then,
a mod p , a2 mod p , a 3 mod p, .............. ap-1 mod p generate all distinct integers from 1 to
(p-1) in some permutation.
The steps for Diffie Hellman key exchange algorithm are:
Step 1 : GLOBAL PUBLIC ELEMENTS
Select any prime no : 'q'
Calculate the primitive root of q : 'a' such that a<q
Step 2 : ASYMMETRIC KEY GENERATION BY USER 'A'
Select a random number as the private key XA where XA < q
Calculate the public key YA where YA = aXA mod q
Step 3 : KEY GENERATION BY USER 'B'
Select a random number as the private key XB where XB < q
Calculate the public key YB where YB = aXB mod q
Step 4 : Exchange the values of public key between A & B
Step 5 : SYMMETRIC KEY (K) GENERATION BY USER 'A'
K= YB XA mod q
Step 6 : SYMMETRIC KEY (K) GENERATION BY USER 'B'
K= YA XB mod q
It can be easily be proved that the key K generated by this algorithm by both parties are
the same.
Students are required to implement the logic in Turbo C++ or Java.
Conclusion:
The Diffie Hellman Secret Key Exchange algorithm is studied.

EXPERIMENT NO 7
Aim: To implement Buffer over flow vulnerability
Theory: In computer security and programming, a buffer overflow, or buffer overrun,
is an anomaly where a program, while writing data to a buffer, overruns the buffer's
boundary and overwrites adjacent memory. This is a special case of violation of memory
safety.
Buffer overflows can be triggered by inputs that are designed to execute code, or alter the
way the program operates. This may result in erratic program behavior, including
memory access errors, incorrect results, a crash, or a breach of system security. Thus,
they are the basis of many software vulnerabilities and can be maliciously exploited.
Programming languages commonly associated with buffer overflows include C and C++,
which provide no built-in protection against accessing or overwriting data in any part of
memory and do not automatically check that data written to an array (the built-in buffer
type) is within the boundaries of that array. Bounds checking can prevent buffer
overflows.
Students are required to implement the buffer over flow vulnerability either stack based
or heap based.
(Mechanism to prevent buffer over flow and a recent attack also need to be included in
lab journal.)

Conclusion: Thus the buffer over vulnerability is studied

EXPERIMENT NO 9
AIM: To implement DES Block cipher
THEORY: DES (Data Encryption Standard) put forward by NIST .This is based on
Feistel cipher (Product cipher).DES uses 64 bit plaintext and 56 bit key(48 bit sub key).
DES is the archetypal block cipher an algorithm that takes a fixed-length string of
plaintext bits and transforms it through a series of complicated operations into another
ciphertext bitstring of the same length. In the case of DES, the block size is 64 bits. DES
also uses a key to customize the transformation, so that decryption can supposedly only
be performed by those who know the particular key used to encrypt. The key ostensibly
consists of 64 bits; however, only 56 of these are actually used by the algorithm. Eight
bits are used solely for checking parity, and are thereafter discarded. Hence the effective
key length is 56 bits, and it is always quoted as such. Every 8th bit of the selected key is
discarded, that is, positions 8, 16, 24, 32, 40, 48, 56, 64 are removed from the 64 bit key
leaving behind only the 56 bit key.

Conclusion: DES algorithm is studied and implemented.

EXPERIMENT NO 10
Aim: To study the Sniffing tool: Wireshark.
Theory:
Wireshark is a free and open-source packet analyzer. It is used
for network troubleshooting,
analysis,
software
and
communications
protocol development, and education. Wireshark is very similar to tcpdump, but has
a graphical front-end, plus some integrated sorting and filtering options.
Wireshark allows the user to put the network interfaces that support promiscuous
mode into that mode, in order to see all traffic visible on that interface, not just traffic
addressed to one of the interface's configured addresses and broadcast/multicast traffic.
However, when capturing with a packet analyzer in promiscuous mode on a port on
a network switch, not all of the traffic traveling through the switch will necessarily be
sent to the port on which the capture is being done, so capturing in promiscuous mode
will not necessarily be sufficient to see all traffic on the network. Port mirroring or
various network taps extend capture to any point on net; simple passive taps are
extremely resistant to malware tampering.
Students are required to capture packets using Wireshark and packets are analysed.

Conclusion:
Wire shark tool as a packet analyser is studied.

EXPERIMENT NO 10
Aim: To study the NMap tool and familiarse with various options
Theory:
Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also
known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on
a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap
sends specially crafted packets to the target host and then analyzes the responses. Unlike
many simple port scanners that just send packets at some predefined constant rate, Nmap
accounts for the network conditions (latency fluctuations, network congestion, the target
interference with the scan) during the run. Also, owing to the large and active
user community providing feedback and contributing to its features, Nmap has been able
to extend its discovery capabilities beyond simply figuring out whether a host is up or
down and which ports are open and closed; it can determine the operating system of the
target, names and versions of the listening services, estimated uptime, type of device, and
presence of a firewall.
Nmap features include:

Host Discovery Identifying hosts on a network. For example, listing the hosts
which respond to pings or have a particular port open.
Port Scanning Enumerating the open ports on one or more target hosts.
Version Detection Interrogating listening network services listening on remote
devices to determine the application name and version number.
OS Detection Remotely determining the operating system and some hardware
characteristics of network devices.

Basic commands working in Nmap

For target specifications: nmap <targets URL or IP with spaces between them>
For OS detection: nmap -O <target-host's URL or IP>
For version detection: nmap -sV <target-host's URL or IP>

Conclusion:
NMap Port scanner is studied with its various commands.

EXPEIMENT NO: 11
Aim: To study Intrusion Detection System: Snort
Theory:
An intrusion detection system (IDS) is a device or software application that monitors
network and/or system activities for malicious activities or policy violations and produces
reports to a Management Station. Some systems may attempt to stop an intrusion attempt
but this is neither required nor expected of a monitoring system. Intrusion detection and
prevention systems (IDPS) are primarily focused on identifying possible incidents,
logging information about them, and reporting attempts. In addition, organizations use
IDPSes for other purposes, such as identifying problems with security policies,
documenting existing threats, and deterring individuals from violating security
policies.IDPSes have become a necessary addition to the security infrastructure of nearly
every organization.
Snort:
Snort is a lightweight network intrusion detection system, capable of performing realtime traffic analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks and probes,
such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more.
Conclusion: Various types of Intrusion detection systems are studied and as case study
snort features are studied.