System Security Manual

SIES GRADUATE SCHOOL OF TECHNOLOGY

Nerul, Navi Mumbai-400706

Department Of Computer Engineering

LAB MANUAL

Sem: VII Branch: CE

SYSTEM SECURITY

LIST OF EXPERIMENTS

1. Write a program to implement Extended Euclidian Algorithm.

2. Write a program to implement Caesar Cipher algorithm.

3. Write a program to implement Vigenère Cipher algorithm.

4. Write a program to implement RSA algorithm.

5. Write a program to implement knapsack cryptoanalysis.

6. Write a program to implement Diffie Hellman key exchange algorithm.

7. Write a program to generate digital signature using RSA.

8. Write a program to implement Buffer Overflow Attack.

9. To study Stegnography by storing a secret key in a JPEG image.

Department of Computer Engineering, SIES GST

EXPERIMENT NO. 1

EXTENDED EUCLIDIAN ALGORITHM

AIM : - Write a program to implement Extended Euclidian Algorithm.

THEORY:-

The extended Euclidean algorithm is an extension to the Euclidean algorithm. Besides finding

the greatest common divisor of integers a and b, as the Euclidean algorithm does, it also finds

integers x and y (one of which is typically negative) that satisfy Bézout's identity

Extended Euclidian algorithm is used for:

Solving ax mod n = 1

Solving ax mod n = b

Given positive integers a and b, find their greatest common divisor

Steps: - If x is the greatest common divisor of a and b, then x divides r = a – b

Reduces problem to finding largest x that divides r and b

Iterate

CONCLUSION:-

The extended Euclidean algorithm is particularly useful when a and b are coprime, since x is the

multiplicative inverse of a modulo b, and y is the multiplicative inverse of b modulo a.


EXPERIMENT NO. 2

CAESAR CIPHER ALGORITHM

AIM : - Write a program to implement Caesar Cipher algorithm.

THEORY:-

In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code

or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type

of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed

number of positions down the alphabet. For example, with a shift of 3, A would be replaced by

D, B would become E, and so on. The method is named after Julius Caesar, who used it in his

private correspondence.

The encryption step performed by a Caesar cipher is often incorporated as part of more complex

schemes.

The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain

alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher

using a left rotation of three places (the shift parameter, here 3, is used as the key):

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ

Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC

When encrypting, a person looks up each letter of the message in the "plain" line and writes

down the corresponding letter in the "cipher" line. Deciphering is done in reverse.

Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ

Plaintext: the quick brown fox jumps over the lazy dog

The encryption can also be represented using modular arithmetic by first transforming the letters

into numbers, according to the scheme, A = 0, B = 1,..., Z = 25.Encryption of a letter by a shift

n can be described mathematically as,

Decryption is performed similarly,


CONCLUSION:-

Caesar Cipher is easy to use but it has simple structure and it is easy to break encrypted message.


EXPERIMENT NO. 3

VIGENÈRE CIPHER ALGORITHM

AIM : - Write a program to implement Vigenère Cipher algorithm.

THEORY:-

The Vigenère cipher is a method of encrypting alphabetic text by using a series of different

Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic

substitution.

Algorithm

1. use Vigenère Tableau(26*26 matrix)

2. low: letter

3. column: key(suppose key length is 6, i.e. key = (k1, … k6))

Encryption

• cj = (pj, ki) where j *i mod 6

Decryption

• pj =x s.t. cj = (x, ki) where j*i mod 6

Table :-


• Example

Key julie tjuli etjul ...

Plaintext BUTSO FTWHA TLIGH ...

Ciphertext koeas ycqsi ...

k = (B, j), o = (U, u), e = (T, l), …

• Long keywords can be used, but a keyword of length three usually suffices s to smooth out the

distribution.

CONCLUSION:-

Vigenère cipher is periodic because plain text characters are enciphered one –by-one and

adjacent characters are enciphered with a different part of the key.


EXPERIMENT NO. 4

RSA ALGORITHM

AIM : - Write a program to implement RSA algorithm.

THEORY:-

RSA is an algorithm for public-key cryptography that is based on the presumed difficulty

of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and

Leonard Adleman, who first publicly described it in 1977.

A user of RSA creates and then publishes the product of two large prime numbers, along with an

auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the

public key to encrypt a message, but with currently published methods, if the public key is large

enough, only someone with knowledge of the prime factors can feasibly decode the message.

The RSA algorithm involves three steps: key generation, encryption and decryption.

Key generation

RSA involves a public key and a private key. The public key can be known to everyone and is

used for encrypting messages. Messages encrypted with the public key can only be decrypted

using the private key. The keys for the RSA algorithm are generated the following way:

Choose two distinct prime numbers p and q. - For security purposes, the integers p and q should

be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found

using a primality test.

Compute n = pq. - n is used as the modulus for both the public and private keys

Compute φ(n) = (p–1)(q–1), where φ is Euler's totient function.

Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1; i.e., e

and φ(n) are coprime.

e is released as the public key exponent.


e having a short bit-length and small Hamming weight results in more efficient encryption - most

commonly 0x10001 = 65,537. However, small values of e (such as 3) have been shown to be less

secure in some settings.

Determine d as:

i.e., d is the multiplicative inverse of e mod φ(n). - This is more clearly stated as solve for d

given (de) mod φ(n) = 1. This is often computed using the extended Euclidean algorithm. d is

kept as the private key exponent.

so, d*e= 1 mod φ(n) The public key consists of the modulus n and the public (or encryption)

exponent e. The private key consists of the modulus n and the private (or decryption) exponent

d which must be kept secret. (p, q, and φ(n) must also be kept secret because they can be used to

calculate d.)

Encryption

Alice transmits her public key to Bob and keeps the private key secret. Bob then wishes to

send message M to Alice.

He first turns M into an integer m, such that by using an agreed-upon reversible

protocol known as a padding scheme. He then computes the ciphertext corresponding to

.

This can be done quickly using the method of exponentiation by squaring. Bob then transmits

to Alice. Note that at least nine values of m could yield a ciphertext c equal to m,but this is very

unlikely to occur in practice.

Decryption

Alice can recover from by using her private key exponent via computing

.

Given , she can recover the original message M by reversing the padding scheme.

CONCLUSION :-


RSA's biggest advantage is that it uses Public Key encryption. This means that text will be

encrypted with someone's Public Key (which everyone knows about). However, only the person

it is intended for can read it, by using their private key (which only they know about).

Attempting to use the Public Key to decrypt the message would not work. RSA can also be used

to "sign" a message, meaning that the recipient can verify that it was sent by the authenticated

user.


EXPERIMENT NO. 5

KNAPSACK CRYPTOANALYSIS

AIM : - Write a program to implement knapsack cryptoanalysis.

THEORY:-

The Merkle-Hellman system is based on the subset sum problem (a special case of the knapsack

problem). The problem is as follows: given a set of numbers A and a number b, find a subset of

A, which sums to b. In general, this problem is known to be NP-complete. However, if the set of

numbers (called the knapsack) is super increasing the problem is 'easy' and solvable in

polynomial time with a simple greedy algorithm.

Key generation

To encrypt n-bit messages, choose a super increasing sequence

w = (w1, w2, ..., wn)

of n nonzero natural numbers. Pick a random integer q, such that

,

and a random integer, r, such that gcd(r,q) = 1 (i.e. r and q are coprime).

q is chosen this way to ensure the uniqueness of the ciphertext. If it is any smaller, more than one

plaintext may encrypt to the same ciphertext. r must be coprime to q or else it will not have an

inverse mod q. The existence of the inverse of r is necessary so that decryption is possible.

Now calculate the sequence

β = (β1, β2, ..., βn)


where

βi = rwi mod q.

The public key is β, while the private key is (w, q, r).

Encryption

To encrypt an n-bit message

α = (α1, α2, ..., αn),

where is the i-th bit of the message and {0, 1}, calculate

The cryptogram then is c.

Decryption

In order to decrypt a ciphertext c a receiver has to find the message bits αi such that they satisfy

This would be a hard problem if the βi were random values because the receiver would have to

solve an instance of the subset sum problem, which is known to be NP-hard. However, the

values βi were chosen such that decryption is easy if the private key (w, q, r) is known.

The key to decryption is to find an integer s that is the modular inverse of r modulo q. That

means s satisfies the equation s r mod q = 1 or equivalently there exist an integer k such that sr =

kq + 1. Since r was chosen such that gcd(r,q)=1 it is possible to find s and k by using the

Extended Euclidean algorithm. Next the receiver of the ciphertext c computes


Hence

Because of rs mod q = 1 and βi = rwi mod q follows

Hence

The sum of all values wi is smaller than q and hence is also in the interval [0,q-1]. Thus

the receiver has to solve the subset sum problem

This problem is easy because w is a superincreasing sequence. Take the largest element in w, say

wk. If wk > c' , then αk = 0, if wk≤c' , then αk = 1. Then, subtract wk×αk from c' , and repeat these

steps until you have figured out α.

CONCLUSION:-

Knapsack algorithm is the secured way of implementing encryption.


EXPERIMENT NO. 6

DIFFIE HELLMAN KEY EXCHANGE

AIM : - Write a program to implement Diffie Hellman key exchange algorithm.

THEORY:-

Diffie Hellman key exchange algorithm uses asymmetric key principles for the distribution of

symmetric keys to both parties in a communication network. Key distribution is an important

aspect of conventional algorithm and the entire safety is dependent on the distribution of key

using secured channel. Diffie Hellman utilizes the public& private key of asymmetric key

cryptography to exchange the secret key. Define primitive root of a prime number 'p' as one

whose powers generate all the integers from 1 to p-1, i.e. if 'a' is the primitive root of a prime no

'p', then, a mod p , a2 mod p , a 3 mod p, ...ap-1 mod p generate all distinct integers from 1 to (p-1)

in some permutation.

The steps for Diffie Hellman key exchange algorithm are:

Step 1 : GLOBAL PUBLIC ELEMENTS

Select any prime no : 'q'

Calculate the primitive root of q : 'a' such that a<q

Step 2 : ASYMMETRIC KEY GENERATION BY USER 'A'

Select a random number as the private key XA where XA < q

Calculate the public key YA where YA = aXA mod q

Step 3 : KEY GENERATION BY USER 'B'

Select a random number as the private key XB where XB < q

Calculate the public key YB where YB = aXB mod q

Step 4 : Exchange the values of public key between A & B

Step 5 : SYMMETRIC KEY (K) GENERATION BY USER 'A'

K= YB XA mod q

Step 6 : SYMMETRIC KEY (K) GENERATION BY USER 'B'


K= YA XB mod q

CONCLUSION:-

It can be easily be proved that the key K generated by this algorithm by both parties are the

same.


EXPERIMENT NO. 7

DIGITAL SIGNATURE

AIM : - Write a program to generate digital signature using RSA.

THEORY:-

A Digital Signature is a construct which helps achieve non-repudiation of Origin (ie. Origin

Integrity) of data. By digitally signing the document, the person who signs it assures that he is

the author of the document or the message that was signed.

Two main Security considerations should be taken into account when implementing Digital

Signatures.

1. Sign the message and then encrypt the signed message

2. Sign the Hash of the message instead of the entire message

Algorithm

With the above considerations, the algorithm below can be used for implementing public key

cryptography in Java.

1. Encrypt the message using a symmetric key.

2. Concatenate the symmetric key + Hash of symmetric key + Hash of message.

3. Encrypt the concatenated string using the receiver’s public key.

4. Sign the data to be transmitted (Encrypted symmetric key + Hash of the key + Hash of

message).

5. Validate the Signature.

6. Decrypt the message using Receiver private key to get the symmetric key.

7. Validate the integrity of the key using the Hash of the key.


8. Decrypt the actual message using the symmetric key which has been decrypted and

parsed and checked for integrity.

9. Compute Message Digest of data.

10. Validate if the Message Digest of the decrypted text matches the Message Digest of the

Original Message.

CONCLUSION:-

There is a need for authenticating critical transactions especially in the financial World. If Alice

has agreed to transfer $x to Bob, then there had to be a way for Bob to be sure that:

1. It was Alice who performed the transaction and not someone else impersonating Alice

(Authentication)

2. The amount agreed by Alice is $x (Integrity)

3. Alice could not dispute her statement of transacting $x to Bob (Non-Repudiation of

Origin)

Above mentioned can be achieved with Digital Signatures.


EXPERIMENT NO. 8

BUFFER OVERFLOW ATTACK

AIM : - Write a program to implement Buffer Overflow Attack.

THEORY:-

More data is put into a holding area than it can handle (Lack of bound checking).

A technically inclined user may exploit stack-based buffer overflows to manipulate the program

to their advantage in one of several ways:

By overwriting a local variable that is near the buffer in memory on the stack to change

the behaviour of the program which may benefit the attacker.

By overwriting the return address in a stack frame. Once the function returns, execution

will resume at the return address as specified by the attacker, usually a user input filled

buffer.

By overwriting a function pointer,or exception handler, which is subsequently executed.

With a method called "trampolining", if the address of the user-supplied data is unknown, but the

location is stored in a register, then the return address can be overwritten with the address of an

opcode which will cause execution to jump to the user supplied data. If the location is stored in a

register R, then a jump to the location containing the opcode for a jump R, call R or similar

instruction, will cause execution of user supplied data. The locations of suitable opcodes, or

bytes in memory, can be found in DLLs or the executable itself. However the address of the

opcode typically cannot contain any null characters and the locations of these opcodes can vary

between applications and versions of the operating system.

CONCLUSION:-


C and C++ provide no built-in protection against accessing or overwriting data in any part of

memory; more specifically, they do not check that data written to a buffer is within the

boundaries of that buffer.

EXPERIMENT NO. 9

STEGNOGRAPHY

AIM : - To study Stegnography by storing a secret key in a JPEG image.

THEORY:-

Digital stegnography concerns privacy of information under surveillance. Steganalysis is the art

of detecting any hidden message on the communication channel. If the existence of the hidden

message is revealed, the goal of steganography is defeated.

For all of the stegnographic systems, the most important and fundamental requirement is

undetect ability. The hidden message should not be detected by any other people. In addition, the

media with hidden message, called the stegomedia, are indistinguishable from their original

ones, called the cover-media.

For JPEG images, Jsteg (method to implement stegnogaphy) embeds the hidden message by

modulating the rounding choices either up or down in the quantized DCT conceits. The ability of

embedding messages in the JPEG format is an advantage of this tool, since most images are

stored in JPEG format and transferred in the Internet. Note that the downgrade image-delity

caused by the embedding process depends not only on the amount of embedding messages but

also on the quality factor setting in JPEG compression. If the quality factor is low, the

embedding capacity should be limited in order to satisfy the imperceptible requirement.

CONCLUSION:-


The main advantage of this technique is that it is robust to image modification. However, the

shared information before communication is dependent on the length of the secret message, i.e.,

the payload of the system is limited.


System Security Manual

Documents

Transcript of System Security Manual