Lab Manual Css

Mahatma Education Societys
Pillai HOC Missions College of Engineering

and Technology
Department of Computer Engineering
Cryptography and System

Security (CSS)
-:Lab Manual:-
Prepared by
Ms. Srijita Bhattacharjee
Prof. Rohini Bhosale

HOD
(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)
( Subject In-Charge)
Computer Engg.
Mahatma Education Societys

Pillai HOC College of Engineering and Technology,Rasayani
Department of Computer Engineering
Subject : Cryptography & System Security (CSS)
Class/Sem: BE/VII
LIST OF EXPERIMENTS
Experiment
No.
1.
2.
3.
4.
5.
6.
7.
8.
Name of the Experiment

Implementation of Substitution Cipher Algorithm
Implementation of Transposition Cipher Algorithm
Implementation of RSA Algorithm
Implementation of Diffie-Hellman Algorithm
Implementation of DES Algorithm
Implementation/Configuration of Firewall
Implementation of Buffer Overflow
Study of Intrusion Detection System
Subject-In charge
Ms. Srijita Bhattacharjee
DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani
H.O.D.
Prof. Rohini Bhosale
EXPERIMENT NO. 1
SUBSTITUTION CIPHER
Aim:
To study Substitution cipher algorithm.
Theory:
Substitution over a single letter simple substitution can be demonstrated by writing out the
alphabet in some order to represent the substitution. This is termed a substitution
alphabet. The cipher alphabet may be shifted or reversed (creating the Caesar and Atbash
ciphers, respectively) or scrambled in a more complex fashion, in which case it is called a
mixed alphabet or deranged alphabet. Traditionally, mixed alphabets are created by first
writing out a keyword, removing repeated letters in it, and then writing all the remaining
letters in the alphabet.
Examples:
Using this system, the keyword "zebras" gives us the following alphabets:
Plaintext alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext alphabet: ZEBRASCDFGHIJKLMNOPQTUVWXY
Algorithm:
1. Start
2. Use the correspondence A <--> 0, B <--> 1, C <--> 2 ...Z <--> 25.
3. Associate each key K with an alphabetic string of length m, i.e. keyword.
4. This cipher encrypt m alphabetic characters at a time, each plaintext element is
equivalent to m alphabetic characters.
5. Assume m = 6 and the keyword is Your Name
e.g. CIPHER
6. Find Numerical equivalent K = (2, 8, 15, 7, 4, 17)
7. plaintext = thiscryptosystemisnotsecure
8. Convert the plaintext elements to residues modulo 26.
9. Write them in groups of 6.
10. Then add the keyword modulo 26.
11. Result will be ciphertext.
12. End.
Conclusion:
Thus, we have studied and implemented Substitution cipher algorithm.
EXPERIMENT NO. 2
TRANSPOSITION CIPHER
Aim:
To study Transposition cipher algorithm.
Theory:
A transposition cipher is methods of encryption by which the positions held by units of
plaintext (which are commonly characters or groups of characters) are shifted according to
a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is,
the order of the units is changed.
Algorithm:
1. Start
2. Suppose the key is following permutation
=
1 2 3 4 5 6
3 5 1 6 4 2
3. Then inverse permutation ^-1

1 2 3 4 5 6
3 6 1 5 2 4
^-1 =
4. Take plaintext as input
plaintext = shesellsseashellsbytheseashore
5. Group above plaintext into 5 groups of 6 letters each

i.e. shesel | lsseas | hellsb | ythese | ashore
6. Now each group of 6 letters is rearranged according to the permutation , which gives,
EESLSH | SALSES | LSHBLE | HSYEET | HRAEOS
7. CIPHERTEXT = EESLSHSALSESLSHBLEHSYEETHRAEOS
8. End.
Conclusion:
Thus, we have studied and implemented Transposition cipher algorithm.
EXPERIMENT NO. 3
PUBLIC KEY CRYPTOGRAPHY ALGORITHM RSA

Aim:
To study Public Key Cryptography.
Theory:
Public-key cryptography is a cryptographic approach which involves the use of
asymmetric key algorithms instead of or in addition to symmetric key algorithms. Unlike
symmetric key algorithms, it does not require a secure initial exchange of one or more
secret keys to both sender and receiver. The asymmetric key algorithms are used to create a
mathematically related key pair: a secret private key and a published public key. Use of
these keys allows protection of the authenticity of a message by creating a digital signature
of a message using the private key, which can be verified using the public key. It also
allows protection of the confidentiality and integrity of a message, by public key
encryption, encrypting the message using the public key, which can only be decrypted
using the private key.
It is the approach which is employed by many cryptographic algorithms and cryptosystems.
It underpins such Internet standards as Transport Layer Security (TLS), PGP, and GPG.
The two main branches of public key cryptography are:
Public key encryption: a message encrypted with a recipient's public key cannot be
decrypted by anyone except a possessor of the matching private keypresumably, this
will be the owner of that key and the person associated with the public key used. This is
used for confidentiality.
Digital signatures: a message signed with a sender's private key can be verified by
anyone who has access to the sender's public key, thereby proving that the sender had
access to the private key (and therefore is likely to be the person associated with the
public key used), and the part of the message that has not been tampered with. On the
question of authenticity, see also message digest.
An analogy to public-key encryption is that of a locked mailbox with a mail slot. The mail
slot is exposed and accessible to the public; its location (the street address) is in essence the
public key. Anyone knowing the street address can go to the door and drop a written
message through the slot; however, only the person who possesses the key can open the
mailbox and read the message.
An analogy for digital signatures is the sealing of an envelope with a personal wax seal.
The message can be opened by anyone, but the presence of the seal authenticates the
sender.
A central problem for use of public-key cryptography is confidence (ideally proof) that a
public key is correct, belongs to the person or entity claimed (i.e., is 'authentic'), and has
not been tampered with or replaced by a malicious third party. The usual approach to this
problem is to use a public-key infrastructure (PKI), in which one or more third parties,
known as certificate authorities, certify ownership of key pairs. Another approach, used by
PGP, is the "web of trust" method to ensure authenticity of key pairs.
Algorithm:
1. Start
2. Given a plaintext x, a bitstring x0 is constructed by permuting the bits of x according to
a (fixed) initial permutation IP
3. 16 iterations of a certain function are then computed. Compute LiRi, 1 <= I <= 16,
According to the following rule:
Li = Ri 1
Ri = Li 1 + f (Ri 1, Ki) where + denotes exclusive or of two bit strings.
4. Function f takes as input a 1st argument A, which is a bitstring of length 32, and a 2nd
argument I that is a bitstring of length 48, and produces as output a bitstring of length
32.
5. Apply the inverse permutation IP^-1 to the bitstring R16L16, obtaining the cipertext y.
i.e. y = IP^-1 (R16L16)
6. End.
Conclusion:
Thus, we have studied and implemented Public Key Cryptography.
EXPERIMENT NO. 4
DIFFIE HELLMAN KEY EXCHANGE
Aim:
To implement Diffie Hellman Key Exchange Algorithm.
Theory:
DiffieHellman key exchange (DH) is a specific method of exchanging keys. It is one of
the earliest practical examples of Key exchange implemented within the field of
cryptography. The DiffieHellman key exchange method allows two parties that have no
prior knowledge of each other to jointly establish a shared secret key over an insecure
communications channel. This key can then be used to encrypt subsequent communications
using a symmetric key cipher. It is a type of key exchange.
DiffieHellman establishes a shared secret that can be used for secret communications by
exchanging data over a public network. Here is an explanation which includes the
encryption's mathematics:
Figure 1: DiffieHellman key exchange
The simplest, and original, implementation of the protocol uses the multiplicative group of
integers modulo p, where p is prime and g is primitive root mod p. Here's a more general
description of the protocol:
1. Alice and Bob agree on a finite cyclic group G and a generating element g in G.
(This is usually done long before the rest of the protocol; g is assumed to be known
by all attackers.) We will write the group G multiplicatively.
2. Alice picks a random natural number a and sends ga to Bob.
3. Bob picks a random natural number b and sends gb to Alice.

4. Alice computes (gb)a.
5. Bob computes (ga)b.
Both Alice and Bob are now in possession of the group element gab, which can serve as the
shared secret key. The values of (gb)a and (ga)b are the same because groups are power
associative.
Algorithm:
1. Start
2. Alice and Bob are two members wants to communicate and agree on a large prime n &
g. such that, g is primitive mod n.
3. Protocol goes as follows
4. Alice chooses a random large integer x and sends Bob X where, X = g^x mod n
5. Bob chooses a random large integer y and sends Alice Y where, Y = g^y mod n
6. Alice computes K = Y^x mod n
7. Bob computes K = X^y mod n
Both k & k are equal to g^(xy) mod n
8. End.
Conclusion:
Thus, we have studied and implemented Diffie Hellman Key Exchange algorithm.
EXPERIMENT NO. 5
DATA ENCRYPTION STANDARD

Aim:
To study data encryption standard (DES) algorithm.
Theory:
The Data Encryption Standard (DES) is a block cipher that uses shared secret
encryption. It was selected by the National Bureau of Standards as an official Federal
Information Processing Standard (FIPS) for the United States in 1976 and which has
subsequently enjoyed widespread use internationally. It is based on a symmetric-key
algorithm that uses a 56-bit key. The algorithm was initially controversial with classified
design elements, a relatively short key length, and suspicions about a National Security
Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which
motivated the modern understanding of block ciphers and their cryptanalysis.
DES is the archetypal block cipher an algorithm that takes a fixed-length string of
plaintext bits and transforms it through a series of complicated operations into another
ciphertext bitstring of the same length. In the case of DES, the block size is 64 bits. DES
also uses a key to customize the transformation, so that decryption can supposedly only be
performed by those who know the particular key used to encrypt. The key ostensibly
consists of 64 bits; however, only 56 of these are actually used by the algorithm. Eight bits
are used solely for checking parity, and are thereafter discarded. Hence the effective key
length is 56 bits, and it is usually quoted as such. Every 8th bit of the selected key is
discarded, i.e. positions 8, 16, 24, 32, 40, 48, 56, 64 are removed from the 64 bit key
leaving behind only the 56 bit key.
Like other block ciphers, DES by itself is not a secure means of encryption but must
instead be used in a mode of operation. FIPS-81 specifies several modes for use with DES.
[19]
Further comments on the usage of DES are contained in FIPS-74.
10
Figure 1: DES Structure
The algorithm's overall structure is shown in Figure 1: there are 16 identical stages of
processing, termed rounds. There is also an initial and final permutation, termed IP and FP,
which are inverses (IP "undoes" the action of FP, and vice versa). IP and FP have almost no
cryptographic significance, but were apparently included in order to facilitate loading
blocks in and out of mid-1970s hardware.
Before the main rounds, the block is divided into two 32-bit halves and processed
alternately; this criss-crossing is known as the Feistel scheme. The Feistel structure ensures
that decryption and encryption are very similar processes the only difference is that the
subkeys are applied in the reverse order when decrypting. The rest of the algorithm is
identical. This greatly simplifies implementation, particularly in hardware, as there is no
need for separate encryption and decryption algorithms.
The symbol denotes the exclusive-OR (XOR) operation. The F-function scrambles half a
block together with some of the key. The output from the F-function is then combined with
the other half of the block, and the halves are swapped before the next round. After the
final round, the halves are not swapped; this is a feature of the Feistel structure which
makes encryption and decryption similar processes.
11
The Feistel (F) function
Figure 2 F-function
The F-function, depicted in Figure 2, operates on half a block (32 bits) at a time and
consists of four stages:
1. Expansion the 32-bit half-block is expanded to 48 bits using the expansion
permutation, denoted E in the diagram, by duplicating half of the bits. The output
consists of eight 6-bit(8*6=48bits) pieces, each containing a copy of 4 corresponding
input bits, plus a copy of the immediately adjacent bit from each of the input pieces to
either side.
2. Key mixing the result is combined with a subkey using an XOR operation. Sixteen
48-bit subkeys one for each round are derived from the main key using the key
schedule (described below).
3. Substitution after mixing in the subkey, the block is divided into eight 6-bit pieces
before processing by the S-boxes, or substitution boxes. Each of the eight S-boxes
replaces its six input bits with four output bits according to a non-linear transformation,
provided in the form of a lookup table. The S-boxes provide the core of the security of
DES without them, the cipher would be linear, and trivially breakable.
4. Permutation finally, the 32 outputs from the S-boxes is rearranged according to a
fixed permutation, the P-box. This is designed so that, after expansion, each S-box's
output bits are spread across 6 different S boxes in the next round.
12
The alternation of substitution from the S-boxes, and permutation of bits from the P-box
and E-expansion provides so-called "confusion and diffusion" respectively, a concept
identified by Claude Shannon in the 1940s as a necessary condition for a secure yet
practical cipher.
Key Schedule
Figure 3: Key Schedule
Figure 3 illustrates the key schedule for encryption the algorithm which generates the
subkeys. Initially, 56 bits of the key are selected from the initial 64 by Permuted Choice 1
(PC-1) the remaining eight bits are either discarded or used as parity check bits. The 56
bits are then divided into two 28-bit halves; each half is thereafter treated separately. In
successive rounds, both halves are rotated left by one and two bits (specified for each
round), and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) 24 bits from
the left half, and 24 from the right. The rotations (denoted by "<<<" in the diagram) mean
that a different set of bits is used in each subkey; each bit is used in approximately 14 out
of the 16 subkeys.
13
The key schedule for decryption is similar the subkeys are in reverse order compared to
encryption. Apart from that change, the process is the same as for encryption. The same 28
bits are passed to all rotation boxes.
14
Algorithm:
1. Start
2. Given a plaintext x, a bitstring x0 is constructed by permuting the bits of x according to
a (fixed) initial permutation IP.
3. 16 iterations of a certain function are then computed. Compute LiRi, 1 <= I <= 16,
According to the following rule:
Li = Ri 1
Ri = Li 1 + f (Ri 1, Ki)
where + denotes exclusive or of two bit strings.
4. Function f takes as input a 1st argument A, which is a bit string of length 32, and a 2nd
argument I that is a bit string of length 48, and produces as output a bit string of length
32.
5. Apply the inverse permutation IP^-1 to the bit string R16L16, obtaining the cipertext y.
i.e. y = IP^-1 (R16L16)
6. End
Conclusion:
Thus, we have studied and implemented data encryption standard (DES) algorithm.
15
16
EXPERIMENT NO.6
CONFIGURING FIREWALL
Aim:
To implement/configure firewall.
Theory:
What is a firewall?
A firewall helps keep your computer more secure. A firewall restricts information that
comes to your computer from other computers and gives you more control over the data on
your computer. Additionally, a firewall provides a line of defense against people or
programs, including viruses and worms that try to connect to your computer without
invitation. Think of a firewall as a barrier that checks information, also known as traffic
that comes from the Internet or from a network. The firewall either turns traffic away or
lets traffic pass through to your computer, depending on your firewall settings.
Firewall Configuration
Red Hat Enterprise Linux ES offers firewall protection for enhanced system security. A
firewall exists between your computer and the network, and determines which resources on
your computer remote users on the network can access. A properly configured firewall can
greatly increase the security of your system.
Figure 1: Firewall Configuration
Choose the appropriate security level for your system.
17
High
If you choose High, your system will not accept connections (other than the default
settings) that are not explicitly defined by you. By default, only the following connections
are allowed:
DNS replies
DHCP so any network interfaces that use DHCP can be properly configured
If you choose High, your firewall will not allow the following:
Active mode FTP (passive mode FTP, used by default in most clients, should still work)
IRC DCC file transfers
RealAudio
Remote X Window System clients
If you are connecting your system to the Internet, but do not plan to run a server, this is the
safest choice. If additional services are needed, you can choose Customize to allow
specific services through the firewall.
Medium
If you choose Medium, your firewall will not allow remote machines to have access to
certain resources on your system. By default, accesses to the following resources are not
allowed:
Ports lower than 1023 the standard reserved ports, used by most system services,
such as FTP, SSH, telnet, and HTTP
The NFS server port (2049)
The local X Window System display for remote X clients
The X Font server port (by default, xfs does not listen on the network; it is disabled in
the font server)
If you want to allow resources such as RealAudio while still blocking access to normal
system services, choose Medium. Select Customize to allow specific services through the
firewall.
No firewall
18
No firewall provides complete access to your system and does no security checking.
Security checking is the disabling of access to certain services. This should only be selected
if you are running on a trusted network (not the Internet) or plan to do more firewall
configuration later.
Choose Customize to add trusted devices or to allow additional incoming services.
Trusted Devices
Selecting any of the Trusted Devices allows access to your system for all traffic from that
device; it is excluded from the firewall rules. For example, if you are running a local
network, but are connected to the Internet via a PPP dialup, you can check eth0 and any
traffic coming from your local network will be allowed. Selecting eth0 as trusted means all
traffic over the Ethernet is allowed, put the ppp0 interface is still firewalled. If you want to
restrict traffic on an interface, leave it unchecked.
It is not recommended that you make any device that is connected to public networks, such
as the Internet, a Trusted Device.
Allow Incoming
Enabling these options allow the specified services to pass through the firewall. Note,
during a workstation installation, the majority of these services are not installed on the
system.
DHCP
If you allow incoming DHCP queries and replies, you allow any network interface that uses
DHCP to determine its IP address. DHCP is normally enabled. If DHCP is not enabled,
your computer can no longer get an IP address.
SSH
Secure SHell (SSH) is a suite of tools for logging into and executing commands on a
remote machine. If you plan to use SSH tools to access your machine through a firewall,
enable this option. You need to have the openssh-server package installed in order to access
your machine remotely, using SSH tools.
Telnet
Telnet is a protocol for logging into remote machines. Telnet communications are
unencrypted and provide no security from network snooping. Allowing incoming Telnet
19
access is not recommended. If you do want to allow inbound Telnet access, you will need
to install the telnet-server package.
WWW (HTTP)
The HTTP protocol is used by Apache (and by other Web servers) to serve webpages. If
you plan on making your Web server publicly available, enable this option. This option is
not required for viewing pages locally or for developing webpages. You will need to install
the apache package if you want to serve webpages.
Mail (SMTP)
If you want to allow incoming mail delivery through your firewall, so that remote hosts can
connect directly to your machine to deliver mail, enable this option. You do not need to
enable this if you collect your mail from your ISP's server using POP3 or IMAP, or if you
use a tool such as fetchmail. Note that an improperly configured SMTP server can allow
remote machines to use your server to send spam.
FTP
The FTP protocol is used to transfer files between machines on a network. If you plan on
making your FTP server publicly available, enable this option. You need to install the
wuftpd (and possibly the anonftp) package for this option to be useful.
Other ports
You can allow access to ports which are not listed here, by listing them in the other ports
field. Use the following format: port: protocol. For example, if you want to allow IMAP
access through your firewall, you can specify imap:tcp. You can also explicitly specify
numeric ports; to allow UDP packets on port 1234 through the firewall, enter 1234: udp.
To specify multiple ports, separate them with commas.
SECURITY LEVEL CONFIGURATION TOOL
During the Firewall Configuration screen of the Red Hat Enterprise Linux installation,
you were given the option to enable a basic firewall as well as allow specific devices,
incoming services, and ports.
After installation, you can change this preference by using the Security Level
Configuration Tool.
20
To start the application, select Main Menu Button (on the Panel) => System Settings =>
Security Level or type the command redhat-config-securitylevel from a shell prompt (for
example, in an XTerm or a GNOME terminal).
Figure 2: Security Level Configuration Tool
Select one of the following options:
Disable firewall disabling the firewall provides complete access to your system and
does no security checking. Security checking is the disabling of access to certain
services. This should only be selected if you are running on a trusted network (not the
Internet) or plan to do more firewall configuration later.
Warning
If you have a firewall configured or any customized firewall rules in the
/etc/sysconfig/iptables file, the file will be deleted if you select Disable firewall and
click OK to save the changes.
Enable firewall this option configures the system to reject incoming connections
that are not in response to outbound requests, such as DNS replies or DHCP requests. If
access to services running on this machine is needed, you can choose to allow specific
services through the firewall.
If you are connecting your system to the Internet, but do not plan to run a server, this is
the safest choice.
21
Selecting any of the Trusted devices allows access to your system for all traffic from
that device; it is excluded from the firewall rules. For example, if you are running a
local network, but are connected to the Internet via a PPP dialup, you can check eth0
and any traffic coming from your local network will be allowed. Selecting eth0 as
trusted means all traffic over the Ethernet is allowed, but the ppp0 interface is still
firewalled. To restrict traffic on an interface, leave it unchecked.
It is not recommended that you make any device that is connected to public networks,
such as the Internet, a trusted device.
Enabling options in the trusted services list allows the specified service to pass
through the firewall.
WWW (HTTP)
The HTTP protocol is used by Apache (and by other Web servers) to serve webpages. If
you plan on making your Web server publicly available, enable this option. This option is
not required for viewing pages locally or for developing webpages. You must have the
httpd package installed to serve webpages.
Enabling WWW (HTTP) will not open a port for HTTPS, the SSL version of HTTP.
FTP
The FTP protocol is used to transfer files between machines on a network. If you plan on
making your FTP server publicly available, enable this option. The vsftpd package must be
installed for this option to be useful.
SSH
Secure Shell (SSH) is a suite of tools for logging into and executing commands on a remote
machine. To allow remote access to the machine via ssh, enable this option. The opensshserver package must be installed to access your machine remotely using SSH tools.
Telnet
Telnet is a protocol for logging into remote machines. Telnet communications are
unencrypted and provide no security from network snooping. Allowing incoming Telnet
access is not recommended. To allow inbound Telnet access, you must have the telnetserver package installed.
Mail (SMTP)
22
To allow incoming mail delivery through your firewall so that remote hosts can connect
directly to your machine to deliver mail, enable this option. You do not need to enable this
if you collect your mail from your ISP's server using POP3 or IMAP, or if you use a tool
such as fetchmail. Note that an improperly configured SMTP server can allow remote
machines to use your server to send spam.
Click OK to save the changed and enable or disable the firewall. If Enable firewall was
selected, the options selected are translated to iptables commands and written to the
/etc/sysconfig/iptables file. The iptables service is also started so that the firewall is
activated immediately after saving the selected options. If Disable firewall was selected,
the /etc/sysconfig/iptables file is removed, and the iptables service is stop immediately.
The options selected are also written to the /etc/sysconfig/redhat-config-securitylevel file
so that the setting can be restored the next time the application is started. Do not edit this
file by hand.
Even though the firewall is activated immediately, the iptables service is not configured to
start automatically at boot time.
ACTIVATING THE IPTABLES SERVICE
The firewall rules are only active if the iptables service is running. To manually start the
service, use the command: /sbin/service iptables restart
To ensure that it is started when the system is booted, issue the command:
/sbin/chkconfig --level 345 iptables on
The ipchains service is not included in Red Hat Enterprise Linux. However, if ipchains is
installed (for example, an upgrade was performed, and the system had ipchains previously
installed), the ipchains service should not be activated along with the iptables service. To
make sure the ipchains service is disabled and configured not to start at boot time, execute
the following two commands:
/sbin/service ipchains stop
/sbin/chkconfig --level 345 ipchains off
The Services Configuration Tool can be used to enable or disable the iptables and
ipchains services.
23
Conclusion: Thus, we have studied and configured firewall.
EXPERIMENT NO. 7
BUFFER OVERFLOW
Aim: Simulation of buffer overflow.
Theory:
Buffer overflow occurs when data is input or written beyond the allocated bounds of an
object, causing a program crash or creating a vulnerability that attackers might exploit.
Description:
A buffer overflow occurs when data is written beyond the boundaries of a fixed length
buffer overwriting adjacent memory locations which may include other buffers, variables
and program flow data. Considered the nuclear bomb of the software industry, the buffer
overflow is one of the most persistent security vulnerabilities and frequently used attacks.
Risk: How Can it Happen?
Writing outside the bounds of a block of allocated memory can corrupt data, crash the
program, or cause the execution of malicious code. C++ is particularly vulnerable to buffer
overflow. However, Java is designed to avoid the buffer overflow by checking the bounds
of a buffer (like an array) and preventing any access beyond those bounds. Even though
Java may prevent a buffer overflow from becoming a security issue, it is essential for all
programmers to understand the concepts described below.
Example of Occurrence:
Buffer overflow vulnerabilities were exploited by the the first major attack on the Internet.
Known as the Morris worm, this attack infected more than 60,000 machines and shut down
much of the Internet for several days in 1988.
24
Program for Simulation of Buffer Overflow

import java.util.Scanner;
public class Overflow
{
public static void main(String[] args)
{
int importantData =1;
int[] buffer = new int[10];
for (int i =0; i < 15; i++)
buffer[i] = 7;
System.out.println("after buffer overflow ");
System.out.println("Important data = "+importantData);
}
}
Conclusion: Thus we have implemented buffer overflow,successfully.
25
EXPERIMENT NO. 8
INTRUSION DETECTION SYSTEM
Aim: To install wireless Intrusion Detection System and detect attacks on Wireless network
Theory:
1. WLAN Security Vulnerabilities :
Having introduced some of the wireless technologies I will now have a closer look at some
of the particular security threats to them. Reconnaissance, theft of identity and denial of
service (DoS) are not new security threats in themselves, but the confidentiality, integrity
and availability in a WLAN does present IT Security teams with new mitigation
challenges. This holds true for all IT Security teams, as wireless network access to their
network could be installed without
their knowledge.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4
By definition, wireless frequencies are designed to be heard by anyone with a wireless
receiver anyone can tune into a wireless network in the same way that they can tune into a
radio station. Its this simplicity which makes wireless networks such a potential threat.
Lets start with the basic component in a wireless network the access point (AP) and
some of the potential threats to it.The signal range of an authorised AP. Consequently, an
APs placement and signal strength have to be calibrated or blocked to make sure the
transmitting coverage is just enough to cover the correct area.
The RSSI (Received Signal Strength Indicator) on a Laptop wireless card is a good way of
measuring wireless coverage inside and outside of a WLAN perimeter. The signal strength
needed to make a connection is much higher than that needed to just listen into the network
traffic. So by its nature its a lot easier to just listen than it is to make a legitimate
connection.
The physical security of an authorized AP. Most APs are mounted on walls or ceilings in
clear view, so again, their placement is critical to avoid accidental damage, theft, vandalism
or direct access to the physical network cable.
The rogue, or unauthorized, AP by placing an unauthorized access point on the network
and configuring it to look legitimate, hackers can gain access to wireless users data. User
devices simply connect to the strongest available AP signal and once the association has
been made
with the rogue AP, the hacker can monitor and manipulate all data that goes through the AP.
This is known as man-in-the-middle attack. In built up areas where many WLANS exist,
accidental rogue AP association can also cause problems.5
The easy installation and the advantages of having an AP. It is tempting for employees to
introduce an unauthorized wireless network onto an internal network to utilise these
advantages. This threat also applies to companies who dont even officially use wireless
networks.
26
The AP configuration. A poorly configured or unauthorized (rogue) AP can provide an

open door to the WLAN and can allow a hacker easy entry. By default some APs can have
security controls and encryption switched off.
Protocol weakness and capacity limits on authorized APs. These can be subject to denial
of service attacks from hackers using rogue APs when they are flooded with spurious
traffic forcing them to reboot or deny legitimate access.
Other security vulnerabilities away from the access point also exist and user indifference to
these vulnerabilities, through a false sense of security that distributed wireless connectivity
breeds, is one of the other major challenges IT
Security faces.
2. Wireless Intrusion Detection:
It is clear, from the summary of security issues highlighted above, that in order to protect
our network we need to ensure that we know:
where all access points reside on our network
what actions to take to close down any unauthorized access points that do not conform to
the company security standards
what wireless users are connected to our network
what unencrypted data is being accessed and exchanged by those users
To do this we must monitor our air space using a Wireless Intrusion Detection System.
2.1 What is Intrusion Detection?
Lets firstly start with the principle and to do this I found the following quote from Ant
Allen, research director at Gartner.
For an enterprise to protect itself from abuse of its information, it must monitor the events
occurring in its computer system or network and analyze them for signs of intrusion. To do
this, the enterprise must install an Intrusion Detection
System (IDS).
First thing to clarify here is that an IDS is not a firewall! Firewalls are designed to be
outward looking and to limit access between networks in order to prevent an intrusion
happening. IDS watch the wired and wireless network from the inside and report or alarm
depending on how they evaluate the network traffic they see.
They continually monitor for access points to the network and are able, in some cases, to
do comparisons of the security controls defined on the access point with pre-defined
company security standards and either reset or closedown any non conforming APs they
find. The distinction between placing IDS sensors on both wired and wireless networks is
an important one as large corporate networks can be worldwide.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169
4E46
IDS systems can also identify and alert to the presence of unauthorized MAC addresses on
the networks. This can be an invaluable aid in tracking down hackers.
In their simplest form, Intrusion detection systems are designed and built to monitor and
report on network activities, or packets, between communicating devices. There are a
number of tools available which can be used to monitor, capture and decode wireless
network traffic. Some are commercial products and some are open source products
available on the internet. Some can only capture and store the WLAN traffic, while some
can analyze that traffic and create reports with lists of APs and network devices. Finally,
some are advanced enough to
27
analyze signal strength and transmission speed which can be useful in tracking and closing
down rogue APs. In all cases IDS is a vital component in auditing a network installation.
I will look at some IDS products, in more detail, in section 4.
The different types of IDS can be described in the following terms though some products
will utilize more than one type: misuse IDS or anomaly IDS: misuse detection or
signature based detection as it is sometimes known, looks for network attack sequences or
events that match a predefined pattern (or signature). This method is only as good as the
signatures provided to it, however, and relies on regular signature updates to keep abreast
of known attacks. The advantage of this method is that there are few false alarms, or false
positives, when attacks are detected. Anomaly detection on the other hand, relies on the
administrator to define normal traffic behavior on the network things like typical packet
size for example. The sensors then monitor the network for deviations to this normal
behavior and alert when anomalies are discovered. This method can produce a number of
false alarms and the systems rely heavily on being trained in what is normal network
traffic and what is not.
network-based or host-based systems: in a network-based IDS, or
NIDS, the traffic flowing through a network is analyzed. NIDS is able to detect malicious
packets that are designed to be overlooked by a firewalls filtering rules. In a host-based
system, or HIDS, the IDS examine the activity on each individual computer. This is done
by installing a software client on the host which, again, will detect known attack patterns
but only against the host that the client is installed on.
passive IDS or reactive IDS: the passive IDS detect suspicious network traffic, logs the
information and signals an alert. A reactive IDS responds to the suspicious traffic by
logging off a user or closing down an AP.
When we compare conventional, or wired IDS, with wireless IDS, the only difference is
network topology and the requirement to scan air rather than wire all the other elements
remain the same.
2.2 Limitations of Intrusion Detection Systems
To be effective, IDS must be run online, in real time. Offline, or after-the-eventIDS, is useful for audit trail but will not prevent an attack from taking place. Real time IDS
needs to be able to stream data across a network from sensors to a central point where it
can be stored and analyzed, sometimes known as a correlation server. This additional
network traffic running concurrently can significantly impact network performance so
sufficient bandwidth is a prerequisite, though certain tools such as AirDefense Guard allow
you to set rate throttles on each sensor to bring transfer rates to the server as low as 9.6
Kbps.7
Todays wireless intrusion detection systems such as AirDefense Guard or AirMagnet
Distributed, utilise a misuse, signature, based IDS which has the drawback of only being as
good as the signature files and known attack pattern recognition files given to them. This is
their basic flaw you only have protection against what are known to be attacks. The new
attack will be the one that gets you, which underlines the need to have an efficient
mechanism for keeping all network security components with rule or signature based tables
up to date.
All real time IDS system can suffer from issuing false alarms, especially those that use the
anomaly based approach. This leads to complacency amongst those members of staff
employed to react to or monitor those alarms. The monitoring of IDS alerts is also a 24 x 7
activity and relies on human intervention as very few hackers work office hours! This is
28
where the big technology players have the advantage over the smaller start-ups they have
the economies of scale which allow them to provide the specialist resources.
2.3 How to Implement Wireless Intrusion Detection Systems
Wireless intrusion detection systems will monitor a WLAN using a mixture of hardware
and software called intrusion detection sensors. The sensor will sit on the 802.11 network
and will examine all network traffic. The first challenge to be faced when installing IDS is
to decide on the best place to locate the sensors. To help make this decision, some detailed
analysis must first be carried out on the site of the WLAN:
What kind of a building or location is it? Steel framed or wooden? (A steel framed
building will limit the wireless transmitters range)
Are there areas of the site that have to be kept segregated? (In a built up area there will be
mixed businesses, or it may be that a payroll department may want to be segregated in a
large company for example.)
What MAC addresses are in use? (This list can be used as a baseline for
comparison)
What authorized Access Points already exist? (Again, this list can be
used as a baseline for future comparisons)
Based on this information and from information gathered from sniffing
the
wireless network - using open source software such as Kismet we can easily build up a
picture of what our WLAN looks like where our APs are located who uses them, from
where and how strong the radio signals are and how strong the radio signals need to be.
We are now in a position to determine where our IDS sensors need to be and to determine
how many we need. A warwalk can then be carried out to verify and test the
implementation.
Once we have our sensors on the network, the APs signal strength can be calibrated or
blocked to ensure appropriate coverage (see figure1), the network traffic can be analysed
and, if we have decided on a misuse type of IDS, can be compared to a signature file for
comparison for attack patterns and known vulnerabilities. If an attack pattern is detected
the sensor can send off an alert to either a central console, a member of staff or a managed
security service provider for appropriate response and action.
In both anomaly and signature based IDS, the systems have to be configured in such a way
so as to recognize what is a legitimate network device; say for example a hacker with a
rogue laptop enters company premises, and what is not.
In my experience four sensors and one correlation server (the central repository designed to
receive the IDS network information) are considered to be a minimum deployment for a
small to medium WLAN and this requires the following technical expertise to support it:
IDS Security analysts who can interpret the alerts and make sense of the output
IDS Software Programmers to program the correlation tools
IDS Database Administrators
The simplest way to setup a wireless IDS is to use the same open source scanning tools the
hackers do. These scanning tools can be divided into active and passive scanning tools
where the latter is also known as a sniffer. WLAN scanning software such as Kismet and
Netstumbler are freely available on the internet and with a laptop fitted with a Wireless
NIC, you have the easiest way of sniffing out all APs on a network to provide a basic IDS.
Analysing and triggering an alarm is done by the IDS software the action taken
29
in response to the software alert and the architecture and the surrounding processes provide
the overall solution and it is here that the bigger technology players (the integrators )have a
commercial advantage over the smaller start-ups (the technology innovators).
2.4 Open Source Scanning Software
Open source tools for wireless intrusion detection have become accepted because they are
vendor independent.
Gartner, a leading research and advisory firm, reports that companies will get
the most efficient WLAN intrusion detection protection from a vendor independent
dedicated sensor investment. The overwhelming advantage of this method is that all
WLAN traffic can be detected regardless of the equipment and vendors involved.9
In this section I will introduce the two most common open source wireless scanners.
2.4.1 Kismet:
Downloadable from http://www.kismetwireless.net, Kismet is an 802.11a/b/g network
sniffer. It is able to monitor networks using almost any card supported in LINUX and Mac
OSX operating systems. It works by passively collecting network traffic (listening, not
probing) and detecting the standard named networks. Over time, it can also detect hidden
networks by analyzing data traffic and building up
a picture of data movement.
Kismet can be used for carrying out site surveys, for detecting wireless networks, access
points and signal strength.
Figure 1: Kismet Screenshot showing detected networks

2.4.2 NetStumbler:
Downloadable from http://www.stumbler.net, Netstumbler is the easiest to setup and most
popular scanner used on Microsoft Windows. NetStumbler works by sending 802.11 probes
that actively scan by sending out requests every second and reporting on the responses.
APs by default, respond to these probes, but can be configured not to and to stay silent.
30
Figure 2: NetStumbler Screen provided by Marius Milner
Conclusion: Thus we have studied installation of wireless Intrusion Detection System

(WIDS) and detection of attacks on Wireless network 802.11
31

Lab Manual Css

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab Manual Css

Uploaded by

Copyright:

Available Formats

Mahatma Education Societys

Pillai HOC Missions College of Engineering

Cryptography and System

Prof. Rohini Bhosale

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

Mahatma Education Societys

Name of the Experiment

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

To study Substitution cipher algorithm.

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

To study Transposition cipher algorithm.

3. Then inverse permutation ^-1

5. Group above plaintext into 5 groups of 6 letters each

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

PUBLIC KEY CRYPTOGRAPHY ALGORITHM RSA

To study Public Key Cryptography.

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

To implement Diffie Hellman Key Exchange Algorithm.

Figure 1: DiffieHellman key exchange

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

3. Bob picks a random natural number b and sends gb to Alice.

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

DATA ENCRYPTION STANDARD

To study data encryption standard (DES) algorithm.

Further comments on the usage of DES are contained in FIPS-74.

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

Figure 1: DES Structure

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

The Feistel (F) function

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

Figure 3: Key Schedule

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

where + denotes exclusive or of two bit strings.

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

Figure 1: Firewall Configuration

Choose the appropriate security level for your system.

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

IRC DCC file transfers

Remote X Window System clients

The NFS server port (2049)

The local X Window System display for remote X clients

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

DEPARTMENT OF COMPUTER ENGINEERING, PHCET, Rasayani

(CSS) CRYPTOGRAPHY AND SYSTEM SECURITY LAB MANUAL VII (CBGS)

Figure 2: Security Level Configuration Tool

Select one of the following options: