Vishwaniketans Institute of Entrepreneurship Management and

Engineering Technology
Kumbhivali, Tal- Khalapur, Maharashtra 410202

DEPARTMENT OF COMPUTER ENGINEERING

Year: 2016-17
Class B.E. (Computer)
Sem. VII

LAB MANUAL
Subject : Cryptography & System Security (CSS)

Prepared By

Approved by

( Ms. C. M. Pandit)
Asst. Professor

HOD

Date: 19/05/2016

Date:

Docu ment No CE/SOOAD

Version No 1.0
1

INDEX
SR. NO.

EXPERIMENT NAME

1.

Write program to encrypt and decrypt using product cipher.

2.

Write a program to implement RC4 algorithm

3.

Write a program to implement Blowfish/DES algorithm.

4.

Write a program to demonstrate strength of RSA

5.

Write program to demonstrate integrity management by

implementing message digest using MD5/SHA

6.

Write a program for Digital signature

7.
8.

Write a program to implement Kerberos 4 for trust

establishment.
Write a program to implement multilevel database security for
any real time system

9.

Write a program to crack the password

10.

Write a program to demonstrate working of virus also write an

antivirus for it.

11.

Write a program to implement DoS attack

EXPERIMENT NO. 1
PRODUCT CIPHER
AIM: Write program to encrypt and decrypt using product cipher.
OBJECTIVE: Able to implement product Cipher and study basic cryptography.
OUTCOMES: Implemented combination of ciphers.
THEORY:
Cryptography is art of achieving security by encoding message to make it non readable.
There are two types of cryptographic algorithms: Substitution and Transposition. Product cipher
is combination of both these types to achieve better effect of security.
Substitution Cipher: Additive or Shift or Caesar Cipher algorithm is cryptographic algorithm
invented by Caesar. It is substitution based algorithm.
When plaintext message is codified using any suitable key, the resulting text is called as
cipher text. It does encryption at sender side and decryption at receiver side. Cipher text =
Plaintext + n i.e. n is added to each character of plaintext to get corresponding cipher text where
n=3 for Caesar Cipher. This n is any constant agreed by sender and receiver.
Transposition Cipher: All the techniques examined so far involve the substitution of a cipher
text symbol for a plaintext symbol. A very different kind of mapping is achieved by performing
some sort of permutation on the plaintext letters. This technique is referred to as a transposition
cipher.
Rail fence is simplest of such cipher, in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of rows.
Row Transposition Ciphers-A more complex scheme is to write the message in a
rectangle, row by row, and read the message off, column by column, but permute the order of the
columns. The order of columns then becomes the key of the algorithm.
EXAMPLE:
1. Plaintext: CryPto(Senders input)
Key: 5(agreement key, here input)
Cipher text: (C+5)(r+5)(y+5)(P+5)(t+5)(o+5)
3

: HwdUyt(output)
2. Cipher Text: XdkcZm(Receivers Input)
Key: 5(agreement key, here input)
Plaintext: CiphEr (output)
ALGORITHM:
1. Display menu of operation e for encryption and d for decryption.
2. Accept choice from user
3. If choice is encryptiona. Accept plaintext from user
b. Accept key from user.
c. Take k = 0.
d. Extract kth character from string.
e. Add key to it and get new value.
f. If new value > 26
New value = New value % 26.
g. Add as kth character of ciphertext.
h. Increment k.
i. If(k < length(plaintext)) goto step d.
j. Display plaintext and ciphertext(output).
4. If choice is decryptionk. Accept cipher text from user
l. Accept key from user.
m. Take k = 0.
n. Extract kthcharacter from string.
o. Subtract key from it and get new value.
p. If new value > 26
New value = New value % 26.
q. Add as kthcharacter of plaintext.
r. Increment k.
s. If(k < length(ciphertext)) goto step d.
4

t. Display ciphertext and plaintext(output).

5. Ask user want to continue or not
6. If yes , go to step 2;else stop.
CONCLUSION:

EXPERIMENT NO. 2
5

RC4
AIM: Write a program to implement RC4 algorithm.
OBJECTIVE: Able to implement RC4 and understand symmetric key cryptography.
OUTCOMES: Implemented RC4.
THEORY:
RC4 is a binary additive stream cipher, is an encryption algorithm used to perform
secured transmission of data.
RC4 generates a pseudorandom stream of bits (a key-stream). As with any stream cipher,
these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or;
decryption is performed the same way (since exclusive-or is a symmetric operation). To generate
the key-stream, the cipher makes use of a secret internal state which consists of two parts:
1. A permutation of all 256 possible bytes (denoted "S" below).
2. Two 8-bit index-pointers (denoted "i" and "j").
The permutation is initialized with a variable length key, typically between 40 and 256 bits,
using the key-scheduling algorithm (KSA). Once this has been completed, the stream of bits is
generated using the pseudo-random generation algorithm (PRGA).
The key-scheduling algorithm (KSA)
The key-scheduling algorithm is used to initialize the permutation in the array "S". "keylength" is
defined as the number of bytes in the key and can be in the range 1 keylength 256, typically
between 5 and 16, corresponding to a key length of 40 128 bits. First, the array "S" is
initialized to the identity permutation. S is then processed for 256 iterations in a similar way to
the main PRGA, but also mixes in bytes of the key at the same time.
The pseudo-random generation algorithm (PRGA)
The output byte is selected by looking up the values of S(i) and S(j), adding them together
modulo 256, and then looking up the sum in S; S(S(i) + S(j)) is used as a byte of the key stream,
K.
For as many iterations as are needed, the PRGA modifies the state and outputs a byte of the
keystream. In each iteration, the PRGA increments i, adds the value of S pointed to by i to j,
exchanges the values of S[i] and S[j], and then outputs the element of S at the location S[i] + S[j]
(modulo 256). Each element of S is swapped with another element at least once every 256
iterations.
6

EXAMPLE:
Key
Key
Wiki

Keystream
eb9f7781b734ca72a719...
6044db6d41b7...

Plaintext
Plaintext
pedia

Ciphertext
BBF316E8D940AF0AD3
1021BF0420

ALGORITHM:
1. Take input for key (K[]) and the plaintext P[]
( The key-scheduling algorithm (KSA))
2.
3.
4.
5.
6.
7.

Initialization:
For i = 0 to 2n 1 repeat step 4
S[i] = i
Scrambling:
j=0
For i = 0 to 2n 1 repeat steps 7 and 8
j = j + S[i] + K[i mod l]
Swap(S[i]; S[j])
The pseudo-random generation algorithm (PRGA)

8. i = 0
9. j = 0
Generation Loop:
10. for k= 0 to length of plaintext
11. i = i + 1
12. j = j + S[i]
13. Swap(S[i]; S[j])
14. Z[k] = S[S[i] + S[j]]
15. C[k]=Z[k] XOR P[k]

CONCLUSION:

EXPERIMENT NO. 3
Feistel Cipher
7

AIM: Write a program to implement Blowfish/DES algorithm.

OBJECTIVE: Able to implement product Cipher and study basic cryptography.
OUTCOMES: Implemented Blowfish/DES.
THEORY:
THE BLOWFISH ALGORITHM
Blowfish has 16 rounds. Each round consists of a key dependent permutation, and a key- and
data-dependent substitution. All operations are XORs and additions on 32-bit words. The only
additional operations are four indexed array data lookups per round.
1. Sub keys: Blowfish uses a large number of subkeys. These keys must be precomputed before
any data encryption or decryption. The P-array consists of 18 32-bit subkeys: P1, P2,..., P18.
There are also four 32-bit S-boxes with 256 entries each: S1,0, S1,1,..., S1,255; S2,0, S2,1,..,,
S2,255; S3,0, S3,1,...,S3,255; S4,0, S4,1,..,, S4,255.
2. Encryption and Decryption: Blowfish has 16 rounds. The input is a 64-bit data element, x.
Divide x into two 32-bit halves: xL, xR. Then, for i = 1 to 16:
Xl = xL XOR Pi
xR = F(xL) XOR xR
And Swap xL and xR
After the sixteenth round, swap xL and xR again to undo the last swap. Then, xR = xR XOR P17
and xL = xL XOR P18. Finally, recombine xL and xR to get the cipher text. Function F looks
like this: Divide xL into four eight-bit quarters: a, b, c, and d. Then, F(xL) = ((S1,a + S2,b mod
232) XOR S3,c) + S4,d mod 232. Decryption is exactly the same as encryption, except that P1,
P2,..., P18 are used in the reverse order.

THE DES ALGORITHM

A Feistel network is a general method of transforming any function (usually
called an F function) into a permutation. It was invented by Horst Feistel and has been
used in many block cipher designs . A large proportion of block ciphers use the scheme,
including the Data Encryption Standard (DES). The Feistel structure has the advantage
that encryption and decryption operations are very similar, even identical in some cases,
requiring only a reversal of the key schedule. Feistel networks and similar constructions
are product ciphers, and so combine multiple rounds of repeated operations, such as:
1. Bit-shuffling (often called permutation boxes or P-boxes
2. Simple non-linear functions (often called substitution boxes or S-boxes)
3. Linear mixing (in the sense of modular algebra) using XOR

Fig.1 Feistel Cipher Algorithm

ALGORITHM:
1. THE BLOWFISH ALGORITHM
The sub-keys are calculated using the Blowfish algorithm:
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This
string consists of the hexadecimal digits of pi (less the initial 3).
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and
so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits
until the entire P-array has been XOR-ed with key bits.
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in
steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.
2. THE DES ALGORITHM
1. Split each block into halves
2. Right half becomes new left half
3. New right half is the final result when the left half is XORd with the result of applying f to
the right half and the key.
9

4. Note that previous rounds can be derived even if the function f is not invertible
The basic operation is as follows: Split the plaintext block into two equal pieces, (L0, R0) For
each round, i=1,2,n. compute
Li = Ri 1
Where f is the round function and Ki is the sub-key. Then the cipher text is (Ln, Rn).Decryption
is accomplished via
Ri 1 = Li

CONCLUSION:

10

EXPERIMENT NO. 4
RSA
AIM: Write a program to demonstrate strength of RSA
OBJECTIVE: Able to implement RSA and study public key cryptography.
OUTCOMES: Implemented RSA
THEORY:
RSA is Rivest-Shamir-Adelman encryption algorithm. It is public key system. RSA has
been subject of extensive cryptanalysis and no serious flaws of it yet been found. This algorithm
was introduced in 1978. The two keys used in RSA are e and d used for encryption and
decryption respectively. They are interchangeable. Either can be chosen as public key but having
chosen one, you must keep other one private. The basic formula is
P = E (D (P)) = D (E (P))
EXAMPLE:

Choose p = 3 and q = 11
Compute n = p * q = 3 * 11 = 33
Compute (n) = (p - 1) * (q - 1) = 2 * 10 = 20
Choose e such that 1 < e < (n) and e and n are co-prime. Let e = 7
Compute a value for d such that (d * e) % (n) = 1. One solution is d = 3 [(3 * 7) % 20 =
1]
Public key is (e, n) => (7, 33)
Private key is (d, n) => (3, 33)
The encryption of m = 2 is c = 27 % 33 = 29
The decryption of c = 29 is m = 293 % 33 = 2

ALGORITHM:
1. Accept two prime numbers from user (say p and q).
2. Calculate n = p * q.
3. Calculate (n) as
(n) = (p - 1) * (q 1).
4. Considering e * d = (n) + 1, determine e and d where e and d are prime numbers.
5. So display information at sender as (e, n) and information at receiver as (d , n).
6. Check whether user is sender or receiver.
7. If user is sender
a. Get message M from user.
b. C = Me mod n.
11

c. Send cipher text C to receiver.

d. Go to stop.
8. If user is receiver
a. Get cipher text C from user.
b. M = Cd mod n.
c. Display plain text M to receiver.
d. Go to stop.
9. Ask whether user wants to continue (yes or no?)
If yes, go to step 7.
Else go to stop.
CONCLUSION

EXPERIMENT NO. 5
MESSAGE DIGEST ALGORITHM
AIM: Write program to demonstrate integrity management by implementing message digest
using MD5/SHA
OBJECTIVE: Able to implement MD5/SHA for creation of message digest and use it for
integrity and authentication.
OUTCOMES: Implemented MD5/SHA
12

THEORY:

MD5 :

Hashing is the topic of cryptography .The cryptography is a way of securing message and
data over the internet. Data is present on the world wide web double day by day to secure these
type of data .we are provide a fingerprint for its authenticity. Message Digest is one way where a
master fingerprint has been generated for the purpose of providing a message authentication code
(hash code).
The Data integrity is measured by MD5 by the help of 128 bit message, that message is
given by user to create a fingerprint message is of variable length, the main thing is that it is
irreversible. MD5 is the extension of MD4 algorithm which is quite faster because of its three
rounds and MD5 contains four rounds which makes its slower. Its a one way hash function that
deals with security features. As a wide use of internet day by day it is needed that a proper file
has been download from peer to peer (P2P) servers/network. Due to present of same name file it
is quite difficult to find the original so message digest plays an important role in such type of
downloads. These type of file may be bound with message authentication code which proves that
the source is verified otherwise it shows the warning that verified source not found or vice versa.
SHA:
The SHA Algorithm is a cryptography hash function and used in digital certificate as well as in
data integrity. SHA is a fingerprint that specifics the data and was developed by N.I.S.T. as a
U.S. Federal Information Processing Standard (FIPS), is intended for use with digital signature
applications. The message which is less than 264 bits in length Secure Hash Algorithm works
with that type of messages. Message digest is the output of SHA and length of these type of
messages is 160 bits (32 bits extra than MD5).
ALGORITHM:
MD5 Algorithm:
This algorithm is based on message length. It requires 8 bit of message length and too fast but
also take long message.

Padding bits and Append Length

This step is to elongate the initial message and make its length be congruent to 448 mod 512.
First, a single bit 1 is appended to the message. Then, a series of 0 bits are appended so
that
Length(the padded message) 448 mod 512

Divide the input into 512-bit blocks

A 64-bit representation of the length of the message is appended to the result of step1. If the
length of the message is greater than 2^64, only the low-order 64 bits will be used. The
13

resulting message (after padding with bits and with b) has a length that is an exact multiple of
512 bits. The input message will have a length that is an exact multiple of 16 (32-bit) words.

Initialize Channing variables

A four-word buffer (A, B, C, D) is used to compute the message digest. Each of A, B, C, D
is a 32-bit register. These registers are initialized to the following values in hexadecimal,
low-order bytes first):
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10

Process blocks
Four functions will be defined such that each function takes an input of three 32-bit words.
F (X, Y, Z) = XY or not (X) Z
G (X, Y, Z) = XZ or Y not (Z)
H (X, Y, Z) = X xor Y xor Z
I (X, Y, Z) = Y xor (X or not (Z))
Hashed Output
Above functions produces a 32-bit word output.

SHA Algorithm:
1. Appending Padding Bits. The original message is "padded" (extended) so that its length (in
bits) is congruent to 448, modulo 512. The padding rules are:

The original message is always padded with one bit "1" first.

Then zero or more bits "0" are padded to bring the length of the message up to 64 bits
fewer than a multiple of 512.

2. Appending Length. 64 bits are appended to the end of the padded message to indicate the
length of the original message in bytes. The rules of appending length are:

The length of the original message in bytes is converted to its binary format of 64 bits. If
overflow happens, only the low-order 64 bits are used.

Break the 64-bit length into 2 words (32 bits each).

The low-order word is appended first and followed by the high-order word.

3. Preparing Processing Functions. SHA1 requires 80 processing functions defined as:

14

f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0 <= t <= 19)

f(t;B,C,D) = B XOR C XOR D(20 <= t <= 39)
f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40 <= t <= 59)
f(t;B,C,D) = B XOR C XOR D (60 <= t <= 79)
4. Preparing Processing Constants. SHA1 requires 80 processing constant words defined as:
K(t) = 0x5A827999
K(t) = 0x6ED9EBA1
K(t) = 0x8F1BBCDC
K(t) = 0xCA62C1D6

( 0 <= t <= 19)

(20 <= t <= 39)
(40 <= t <= 59)
(60 <= t <= 79)

5. Initializing Buffers. SHA1 algorithm requires 5 word buffers with the following initial values:
H0 = 0x67452301
H1 = 0xEFCDAB89
H2 = 0x98BADCFE
H3 = 0x10325476
H4 = 0xC3D2E1F0
6. Processing Message in 512-bit Blocks. This is the main task of SHA1 algorithm, which loops
through the padded and appended message in blocks of 512 bits each. For each input block, a
number of operations are performed.
7. Output. The contents in H0, H1, H2, H3, H4, H5 are returned in sequence the message digest.
CONCLUSION:

EXPERIMENT NO. 6
Digital Signature
AIM: Write a program for Digital signature
15

OBJECTIVE: Able to implement Digital signature used for authentication.

OUTCOMES: Implemented Digital signature
THEORY:
Digital signatures are essential in todays modern world to verify the sender of a
documents identity. A digital signature is represented in a computer as a string of binary digits.
The signature is computer using a set of rules and parameters (algorithm) such that the identity of
the person signing the document as well as the originality of the data can be verified. The
signature is generated by the use of a private key. A private key is known only to the user. The
signature is verified makes use of a public key which corresponds to (but not the same, i.e.
mathematically infeasible to deduct private key from public) the private key. With every user
having a public/private key pair, this is an example of public-key cryptography. Public keys,
which are known by everyone, can be used to verify the signature of a user. The private key,
which is never shared, is used in signature generation, which can only be done by the user.
Digital signatures are used to detect unauthorized modifications to data. Also, the
recipient of a digitally signed document in proving to a third party that the document was indeed
signed by the person who it is claimed to be signed by. This is known as non-repudiation,
because the person who signed the document cannot repudiate the signature at a later time.
Digital signature algorithms can be used in e-mails, electronic funds transfer, electronic data
interchange, software distribution, data storage, and just about any application that would need to
assure the integrity and originality of data.
EXAMPLE:
Example1:
Compute r=(gk mod p) mod q
Compute s=(k-1 * (x * r + i)) mod q
Verifying a signature; again i is the input, and (r,s) is the signature.
u1 = (s-1 * i) mod q
u2 = (s-1 * r) mod q
v = ((gu1 * yu2) mod p) mod q
If v equals r, the signature is valid.
Example2:

First key gen: p7,q13,npq=91,e5,d29

public key is (e,n) and your private key is d.

To sign the message m=35, we compute s = m d mod n which is s423529 mod n.

The message and signature get sent to the other party (m,s)=(35,42). Who takes the
signature and raises it to the e modulo n, or 42535modn. Then makes sure that this value
is equal to the message that was received, which it is, so the message is valid.

16

ALGORITHM:
Digital Signature Algorithm:
DSA Parameters:

p = a prime modulus, where 2L-1 < p < 2L for 512 L 1024 and L is a multiple of 64. So
L will be one member of the set {512, 576, 640, 704, 768, 832, 896, 960, 1024}
q = a prime divisor of p-1, where 2159 < q < 2160

Generation of Prime p and q

The prime generation scheme starts by using the SHA and user supplied SEED to construct a
prime, q, in the range 2159 < q < 2160. Once this is accomplished, the same SEED value is used to
construct an X in the range 2L-1 < X < 2L. The prime, p, is then formed by rounding X to a
number congruent to 1 mod 2q as described below. An integer x in the range 0 x < 2 g may be
converted to a g-long sequence of bits by using its binary expansion as shown below:
x = x1* 2g-1 + x2* 2g-2 + ... + xg-1* 2 + xg -> { x1,..., xg }.
Conversely, a g-long sequence of bits { x1,..., xg } is converted to an integer by the rule
{ x1,..., xg } -> x1* 2g-1 + x2* 2g-2 + ... + xg-1* 2 + xg.
The first bit of a sequence corresponds to the most significant bit of the corresponding integer
and the last bit to the least significant bit.
Let L -1 = n* 160 + b, where both b and n are integers and 0 b < 160.
1. Choose an arbitrary sequence of at least 160 bits and call it SEED. Let g be the length of
SEED in bits.
2. Compute U = SHA-1[ SEED] XOR SHA-1[( SEED+ 1) mod 2 g ].
3. Form q from U by setting the most significant bit (the 2159 bit) and the least significant bit to
1. In terms of Boolean operations, q = U OR 2159 OR 1. 2159 < q < 2160 .
4. Use a robust primality testing algorithm to test whether q is prime 1 .
5.If q is not prime, go to step 1.
6. Let counter = 0 and offset = 2.
7. For k = 0,..., n let Vk = SHA-1[( SEED + offset + k) mod 2g ]. A robust primality test is one
where the probability of a non-prime number passing the test is at most 2-80
8. Let W be the integer W = V0 + V1* 2160 + ... + Vn-1* 2(n-1)* 160 + (Vn mod 2b ) * 2n* 160 and let X =
W + 2L-1 . Note that 0 W < 2L-1 and hence 2L-1 X < 2L .
9. Let c = X mod 2q and set p = X -(c -1). Note that p is congruent to 1 mod 2q.
10.If p < 2L-1 , then go to step 13.
11. Perform a robust primality test on p.
12. If p passes the test performed in step 11, go to step 15.
13. Let counter = counter + 1 and offset = offset + n + 1.
17

14. If counter 212 = 4096 go to step 1, otherwise (i. e. if counter < 4096) go to step 7.
15. Save the value of SEED and the value of counter for use in certifying the proper generation
of p and q.
g = h(p-1)/ q mod p, where h is any integer with 1 < h < p -1 such that h (p-1)/ q mod p>1.
(g has order q mod p)
x = a randomly or pseudorandomly generated integer with 0 < x < q
y = gx mod p
k = a randomly or pseudorandomly generated integer with 0 < k < q
The parameters p, q, and g are made public. The users will have the private key, x, and the
public key y. The parameters x and k are used for signature generation and must be kept private
and k will be randomly or pseudorandomly generated for each signature. This part seems to be
straightforward so far.
The signature of the message M will be a pair of the numbers r and s which will be computed
from the following equations.
r = (gk mod p) mod q
s = (k-1(SHA(M) + xr)) mod q
k-1 is the multiplicative inverse of k (mod q). The value of SHA(M) is a 160-bit string which is
converted into an integer according to the SHS standard. Then the signature is sent to the
verifier.
Verification:
Before getting the digitally signed message the receiver must know the parameters p, q, g, and
the senders public key y.
We will let M, r, s be the received versions of M, r, and s. To verify the signature the verifying
program must check to see that 0 < r < q and 0 < s < q and if either fails the signature should be
rejected. If both of the conditions are satisfied then we will compute
1.
2.
3.
4.

w = (s)-1 mod q
u1 = ((SHA(M))w) mod q
u2 = ((r)w) mod q
v = (((g)u1 (y)u2) mod p) mod q

Then if v = r then the signature is valid and if not then it can be assumed that the data may have
been changed or the message was sent by an impostor.

CONCLUSION:

18

EXPERIMENT NO. 7
Kerberos 4
19

AIM: Write a program to implement Kerberos 4 for trust establishment.

OBJECTIVE: Able to study and implement authentication application.
OUTCOMES: Studied and implemented authentication application
THEORY:
Kerberos is a network authentication protocol. It is designed to provide strong authentication
for client/server applications by using secret-key cryptography. It has the following
characteristics:

It is secure: it never sends a password unless it is encrypted.

Only a single login is required per session. Credentials defined at login are then passed
between resources without the need for additional logins.

The concept depends on a trusted third party a Key Distribution Center (KDC). The
KDC is aware of all systems in the network and is trusted by all of them.

It performs mutual authentication, where a client proves its identity to a server and a
server proves its identity to the client.

Kerberos introduces the concept of a Ticket-Granting Server (TGS). A client that wishes to
use a service has to receive a ticket a time-limited cryptographic message giving it access
to the server. Kerberos also requires an Authentication Server (AS) to verify clients. The two
servers combined make up a KDC. Active Directory performs the functions of the KDC. The
following figure shows the sequence of events required for a client to gain access to a service
using Kerberos authentication. Each step is shown with the Kerberos message associated with
it, as defined in RFC 4120 The Kerberos Network Authorization Service (V4).

20

Fig.: Working of KERBEROS

The Kerberos server knows "secrets" (encrypted passwords) for all clients and servers
under its control, or it is in contact with other secure servers that have this information.
These "secrets" are used to encrypt all of the messages shown in the figure above.
To prevent "replay attacks," Kerberos uses timestamps as part of its protocol definition.
For timestamps to work properly, the clocks of the client and the server need to be in
synch as much as possible. In other words, both computers need to be set to the same
time and date. Since the clocks of two computers are often out of synch, administrators
can establish a policy to establish the maximum acceptable difference to Kerberos
between a client's clock and server's clock. If the difference between a client's clock and
the server's clock is less than the maximum time difference specified in this policy, any
timestamp used in a session between the two computers will be considered authentic. The
maximum difference is usually set to five minutes.
ALGORITHM:
1: The user logs on to the workstation and requests service on the host. The workstation
sends a message to the Authorization Server requesting a ticket granting ticket (TGT).

21

2: The Authorization Server verifies the users access rights in the user database and creates a
TGT and session key. The Authorization Sever encrypts the results using a key derived
from the users password and sends a message back to the user workstation.The
workstation prompts the user for a password and uses the password to decrypt the
incoming message. When decryption succeeds, the user will be able to use the TGT to
request a service ticket.
3: When the user wants access to a service, the workstation client application sends a request
to the Ticket Granting Service containing the client name, realm name and a timestamp.
The user proves his identity by sending an authenticator encrypted with the session key
received in Step 2.
4: The TGS decrypts the ticket and authenticator, verifies the request, and creates a ticket for
the requested server. The ticket contains the client name and optionally the client IP
address. It also contains the realm name and ticket lifespan. The TGS returns the ticket to
the user workstation. The returned message contains two copies of a server session key
one encrypted with the client password, and one encrypted by the service password.
5: The client application now sends a service request to the server containing the ticket
received in Step 4 and an authenticator. The service authenticates the request by decrypting
the session key. The server verifies that the ticket and authenticator match, and then grants
access to the service.
6: If mutual authentication is required, then the server will reply with a server authentication
message.

CONCLUSION:

22

EXPERIMENT NO. 8
Multilevel database security
AIM: Write a program to implement multilevel database security for any real time system.
OBJECTIVE: Able to understand database security.
OUTCOMES: Implemented database security
THEORY:
Multilevel Security (MLS) is the application of a computer system to process
information with different sensitivities (i.e. classified information at different security levels),
permit simultaneous access by users with different security clearance and needs-to-know, and
prevent users from obtaining access to information for which they lack authorization. MLS
allows both easy access to less-sensitive information by higher-cleared individuals and highercleared individuals to easily share sanitized documents with less-cleared individuals.
A multilevel security (MLS) system has two primary goals: first, it is intended to prevent
unauthorized personnel from accessing information at higher classification than their
authorization. Second, it is intended to prevent personnel from declassifying information.
Multilevel security (MLS) was developed by the US military in the 1970s to allow users to share
some information with certain classes of user while preventing the flow of sensitive information
to other classes of user . MLS is also used in other domains like trusted operating systems, and
in grid applications, where administrative users can set multilevel policies on their applications.
ALGORITHM:
step1: Initilization of data
Let L be a set of sublevels such tat L={l0l1,....,lm}
Let U be a set of users such that U={u1,u2,....un}
Let AUTH be a set of authentication methods such that
AUTH ={auth1,auth2, ......authk}
Let P be a set of privileges P={p1,p2,....pl}
Let T be a set of data types T={D,C,B,A}
Let IM be a set of Identity Managers for sublevels such
that IM={IM0{l0},,IM0{l0},IM1{l1}IM1{l1},......IMn{ln}}
Let Wi be the weight of each authentication method in AUTH as defined in table 2
Let Trail [Ui] be an array for calculating trial numbers of each user.
Let Per be the period assign to each users by each IM
Let R be a set of Ranks assigned to each users trial such
23

that R={Rl01(n) Rl02 (n),,,,,,,,,,,, Rlkm (n)} , where n= number of each users trial .
Step2: Testing New User with auth1=Password
2.1:Set Traial[Uinew]=0
2.2: Test ( Uinew) with password
If Test matches the correct password then
{
n=1
IM01 Decides to enter sublevel l01 Per (Uinew)=X units of time
Set R01 (n) to Uinew
}
Else
{
Uinew is rejected
Trial[Uinew]= Trial[Uinew]+1// Up to 3 trials
n=n+1
Go to step2
}
Endif
Print IM01 //
This report contains users name, period, trial numbers, Rank .
Step 3: Testing users to transit to any other sublevels
Select the number of authentication methods n by the IMilevel0i
n=1
For i=1 to n
{
Test (Uil0) with authi (see step2 )
If w(Authi) <50 then
{
IM01 decides to remain Uil0 in its level 0i
Trail [Uil0] = Trail [Uil0] +1
}
n=n+1
Else If w(Authi+1) >50 then
{
IM01 decides to transit uil0 to level0i+1 with partial privileges
at percent y (y=the wight of Authi+1) of the total privileges of
level0i+1
Trail [Uil0] = Trail [Uil0] +1
}
Else If (w(Authi) and w(authi+1))=100 then
{
IM01decides to transit uil0 to level0i+1 with full Privileges
}
24

Endif
}
end for
Print IM 02 // this report contains users name, period, trial numbers, and Rank .
Step4: Final level (level2) (Full Access)
Test (ui02) with 3 authentication methods (auth1, auth2, and auth3)
If (w (auth1) and w (auth2) and w (auth3)) =100 then
IM2decides to transit ui from level02 to level2 with full access
Else
{
ui is rejected
Trial [ui ]= Trial[ui]+1 up to 2 times only .
}
Endif
Print IM2 // this report contains users name, period, trial numbers ....< P(Ln) then the
i=n
average probability is(P(Li))/n which is less than P(X).
i=1
CONCLUSION:

EXPERIMENT NO. 9
25

Crack the password

AIM: Write a program to crack the password.
OBJECTIVE: Able to understand the passwords and attacks on them.
OUTCOMES: Implemented attack on password
THEORY:
Password cracking is a general term describing a group of techniques that are used to
obtain the password to a data system. Password cracking specifically refers to processes by
which one obtains a password from existing data; simply tricking an individual into giving up a
password, as through phishing, is not considered to be password cracking. Guessing a password
based on pre-existing knowledge of the computer system's owner, however, is considered
cracking, as the password is not known in advance. Most methods of obtaining passwords,
however, involve repeated guessing or exploiting security weaknesses in the computer system.
There are several different methods of guessing an individual's password. One can, for
example, use knowledge of the person whose system he is attempting to crack to predict possible
passwords. The names of loved ones or pets, significant dates, phone numbers, significant places,
and common usernames are all notorious, easily guessable passwords.
Another method of guess-based password cracking is known as a dictionary attack. Many
people use passwords that can be found in a dictionary or words followed by a single number.
Many cracking programs categorically attempt to enter dictionary words and number
combinations in order to crack a password. Dictionary attacks are generally useless against
complex passwords, but they tend to be highly effective against any single-word password.
A brute-force attack is another method of password cracking that is significantly more
powerful than a dictionary attack. A brute-force attack program will try every possible character
combination until it sets upon the proper password. This is highly time consuming as there are
countless possible letter, number, and symbol combinations than an individual could use for a
password. As computer processors become more and more powerful, though, it is an increasingly
plausible method of password cracking.
Other methods of password cracking involve cracking the computer system's
cryptographic hash function. A cryptographic hash function is a procedure that converts a
password to a uniformly sized bit string. If the hash can be cracked, it may be possible to
reverse-engineer the password. Most hash functions, however, are highly complex and cannot be
cracked without significant time and effort.
While a skilled computer security expert can crack many varieties of passwords, there are
steps that one can take to avoid password cracking attempts. Complex passwords are always
better than simple ones. Passwords that use uppercase and lowercase letters, numbers, and
symbols are much harder to crack than passwords using only one or two of those options. A brute

26

force attack would need to work through many more possibilities before it could come upon the
correct password.
ALGORITHM:
1. Start (or restart) your computer. You can do this by clicking the reset button in the
Windows 7 Login Prompt or pressing the On/Off button on your computer.
2. Make Windows 7 have a hard shutdown. Complete this step by pressing the On/Off
button on your computer while the "Starting Windows" screen is active.
3. Start your computer again. Same, complete this task by pressing the On/Off button on
your computer.
4. Select the "Launch Start up Repair" option. If you completed steps 1, 2 and 3
correctly, you will be given to options on how to start your computer: normally or using
the Start up Repair. You should select the Start up Repair option.
5. Cancel the "Do you want to use System Restore?" prompt. After you've launched Start
up Repair, a prompt will pop up on your screen. You will want to select "Cancel".
6. Wait until Windows has finished repairing your computer. After completing Step 5,
you will have to wait. The repairing process will not harm any of your personal files.
7. Click the arrow in the bottom-left corner of the window. After waiting, a window
saying "Start up Repair could not repair your computer." You will see an arrow pointing
downwards in the bottom left corner (Problem Details).
8. Scroll down and click the last link. After Step 7, a window will pop up displaying the
Problem Details. Scroll down until you see links. Ignore the first one, click the second
one.
9. File > Open > Computer > Local Disk > Windows > System32. After completing Step
8, Notepad will open up. You will want to follow the route displayed in bold.
10. Switch from Text Documents (*.txt) to All Files. You can do this by simply clicking the
drop-down menu, displayed as Text Documents (*.txt) and select All Files.
11. Find the application named sethc and rename it to sethc-bak. Sethc is the application
for the Sticky Keys program. You have to rename it to sethc-bak as a backup file. This
won't do any harm to your computer or personal files.
12. Find the application named cmd and copy & paste it into the folder System32 (the
one you're in right now). Cmd is the application known as Command Prompt. After this,
you will have a file named cmd - Copy in the System32 folder.
13. Rename cmd - Copy to sethc. To be able to access cmd without permission from
Windows, you will need to trick Windows thinking it is Sticky Keys.
14. Close all opened windows and select "Finish". You're done! Now you just need to
close out of all the opened windows and restart your computer.
15. Hit Shift 5 times. After successfully restarting your computer, hit Shift on your keyboard
5 times. Command Prompt with administrator privileges opens up!
16. net user [username] *. Enter this code into the command prompt to change the
[username]'s password. You will not be able to see the new entered password, so enter it
wisely.
17. Close Command Prompt. After you've successfully changed the user's password, you
can now close cmd.
18. Enter the password you've just set for the user. After you've entered the password you're in! This is all you need to do!
27

CONCLUSION:

EXPERIMENT NO. 10

28

Virus and Anti- virus

AIM: Write a program to demonstrate working of virus also write an antivirus for it.
OBJECTIVE: Able to understand and implement software attacks and security.
OUTCOMES: Implemented virus and antivirus
THEORY:
A computer virus is a malware program that, when executed, replicates by inserting
copies of itself (possibly modified) into other computer programs, data files, or the boot sector of
the hard drive; when this replication succeeds, the affected areas are then said to be "infected".
Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk
space or CPU time, accessing private information, corrupting data, displaying political or
humorous messages on the user's screen, spamming their contacts, logging their keystrokes, or
even rendering the computer useless. However, not all viruses carry a destructive payload or
attempt to hide themselvesthe defining characteristic of viruses is that they are self-replicating
computer programs which install themselves without user consent.
Anti-virus is a security program you install on your computer or mobile device to protect
it from getting infected by malware. The term malware is a catch-all phrase for any type of
malicious software, such as viruses, worms, Trojans and spyware. In fact, the term malware
comes from combining the words malicious and software. If your computer has become infected
by malware, a cyber attacker can capture all of your keystrokes, steal your documents or use
your computer to attack others. Contrary to what some people believe, any operating system,
including Mac OS X and Linux, can be infected.
ALGORITHM:
The algorithm for creation of virus program is as follows:
Step-1: Search for files in the current directory. If one or more file is present, load the first file
(target file).
Step-2: Load the copy of the virus itself onto the memory.
Step-3: Open the target file. Copy the virus code from the memory and place it in the target file.
Close the target file when the copying process is completed.
Step-4: Load the next file to infect and move to the step-3. If all the files are infected, close all
the open files, unload them from the memory and exit.
How to Test the Virus After the Compilation:
29

Create a new empty folder.

Put some executable files (or any other files) in the folder.
Run the PC_Virus.exe file. Within a few seconds all the other files in the folder gets infected.
Now every infected file is a new virus which is ready to re-infect. You can copy any of the
infected .exe file to another empty folder and repeat the same procedure to see if the infected file
is capable of re-infecting. Delete the folder and all the infected files after the testing process is
done.
Steps to create your own antivirus

Open your Notepad and paste this given code

@echooff
titleAntivirus
echoAntivirus
echocreatedbyyourname
:start
ifexistvirus.batgotoinfected
ifnotexistvirus.batgotoclean
cd C:\Windows\system32
:infected
echowarningvirusdetected
delvirus.bat
pause
gotostart
:clean
echoSystemsecure!
pause
exit
You can change the Your name to your desired name. warning virus detected can be change
to show a different alert message which will be displayed if any virus is detected in your
computer.

now save your file with technoup2date.bat and select All files

now run your saved files automatically scan starts.

CONCLUSION:

30

EXPERIMENT NO. 11
DoS attack
AIM: Write a program to implement DoS attack.
OBJECTIVE: Able to understand and implement network attack.
OUTCOMES: Implemented DoS attack
THEORY:
Denial of service (DoS) attacks have become a major threat to current computer networks. Early
DoS attacks were technical games played among underground attackers. As early as November
3, 1988, Robert Morris Jr. released a worm which later penetrated hundreds of computers across
United States of America, paralyzing systems in research institutions from performing the
normal operations. On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer
Buy.com Inc (BUYX) was hit the next day, hours after going public. By that evening, eBay
(EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning,
the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their
sites virtually choked off. The first detection of DoS attack in 1988 was instrumental to the
formation of CERTCC in Carnegie Mellon US. More than a decade later, a more alarming attack
occurred identified to be due to Denial of Service Attack. For e-commerce sites, such
interruptions of service meant great financial loss.The hosting service provider and Internet
Service Providers (ISP) were challenged for security beef-up.
Connection oriented attacks
This attack completes a three-way handshake in which it establishes connection with the
requesting host. In this event, often the source is a legitimate IP. By spawning multiple
established sessions to the same host, the CPU utilization rate will increase and may cause the
host to fail to serve to new requests. Often, this happens when the host does not have a limit and
capability to drop the overwhelming request. Fortunately, for such attack, it is often possible to
identify the source IP and apply filtering to prevent the IP from further connecting to the host.
However, unfortunately, filtering can only be done when the attack is already in progress. It
cannot be prevented with pre-set safeguard measure.
Connection-less attacks
The connectionless TCP attack do not complete the three-way handshake initiated by the
originator. Thus, often the packet is crafted with non-existent (spoofed)source IP. For a
connectionless TCP attack, it is more difficult to filter since the source address is not necessarily
the original source IP of the packet.When the host fail to find the source IP, it will wait until it
times out. The most effective way of stopping such attacks is by applying rate limit. Rate limitis
a method of setting threshold toan acceptable number of packets to be processed by the computer
31

ALGORITHM:

IDM

Start
Event_type (login, logout)
If
(event_Request = login)
then
int_mac_a = get_Mac_Address()
If
(int_mac_a is in T2)
then
/*Check Intruders
List*/
(Ignore the request)
else
if
( int_mac_a is in T3)
then
/*Check
Authenticated Clients List*/
(Ignore login req
uest)
and
(store int_mac_a in T2)
else
if
( int_mac_a is in T5)
then
/*Check Current
Clients List*/
(Ignore the request)
else
(Accept the login request)
and
(Start communication)
end if
end if
end if
end if
Stop

CONCLUSION:

32