System Security Manual
-
Upload
abhishek-kulkarni -
Category
Documents
-
view
5 -
download
0
description
Transcript of System Security Manual
SIES GRADUATE SCHOOL OF TECHNOLOGY
Nerul, Navi Mumbai-400706
Department Of Computer Engineering
LAB MANUAL
Sem: VII Branch: CE
SYSTEM SECURITY
LIST OF EXPERIMENTS
1. Write a program to implement Extended Euclidian Algorithm.
2. Write a program to implement Caesar Cipher algorithm.
3. Write a program to implement Vigenère Cipher algorithm.
4. Write a program to implement RSA algorithm.
5. Write a program to implement knapsack cryptoanalysis.
6. Write a program to implement Diffie Hellman key exchange algorithm.
7. Write a program to generate digital signature using RSA.
8. Write a program to implement Buffer Overflow Attack.
9. To study Stegnography by storing a secret key in a JPEG image.
Department of Computer Engineering, SIES GST Page 1
EXPERIMENT NO. 1
EXTENDED EUCLIDIAN ALGORITHM
AIM : - Write a program to implement Extended Euclidian Algorithm.
THEORY:-
The extended Euclidean algorithm is an extension to the Euclidean algorithm. Besides finding
the greatest common divisor of integers a and b, as the Euclidean algorithm does, it also finds
integers x and y (one of which is typically negative) that satisfy Bézout's identity
Extended Euclidian algorithm is used for:
Solving ax mod n = 1
Solving ax mod n = b
Given positive integers a and b, find their greatest common divisor
Steps: - If x is the greatest common divisor of a and b, then x divides r = a – b
Reduces problem to finding largest x that divides r and b
Iterate
CONCLUSION:-
The extended Euclidean algorithm is particularly useful when a and b are coprime, since x is the
multiplicative inverse of a modulo b, and y is the multiplicative inverse of b modulo a.
Department of Computer Engineering, SIES GST Page 2
EXPERIMENT NO. 2
CAESAR CIPHER ALGORITHM
AIM : - Write a program to implement Caesar Cipher algorithm.
THEORY:-
In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code
or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type
of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed
number of positions down the alphabet. For example, with a shift of 3, A would be replaced by
D, B would become E, and so on. The method is named after Julius Caesar, who used it in his
private correspondence.
The encryption step performed by a Caesar cipher is often incorporated as part of more complex
schemes.
The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain
alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher
using a left rotation of three places (the shift parameter, here 3, is used as the key):
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
When encrypting, a person looks up each letter of the message in the "plain" line and writes
down the corresponding letter in the "cipher" line. Deciphering is done in reverse.
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
Plaintext: the quick brown fox jumps over the lazy dog
The encryption can also be represented using modular arithmetic by first transforming the letters
into numbers, according to the scheme, A = 0, B = 1,..., Z = 25.Encryption of a letter by a shift
n can be described mathematically as,
Decryption is performed similarly,
Department of Computer Engineering, SIES GST Page 3
CONCLUSION:-
Caesar Cipher is easy to use but it has simple structure and it is easy to break encrypted message.
Department of Computer Engineering, SIES GST Page 4
EXPERIMENT NO. 3
VIGENÈRE CIPHER ALGORITHM
AIM : - Write a program to implement Vigenère Cipher algorithm.
THEORY:-
The Vigenère cipher is a method of encrypting alphabetic text by using a series of different
Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic
substitution.
Algorithm
1. use Vigenère Tableau(26*26 matrix)
2. low: letter
3. column: key(suppose key length is 6, i.e. key = (k1, … k6))
Encryption
• cj = (pj, ki) where j *i mod 6
Decryption
• pj =x s.t. cj = (x, ki) where j*i mod 6
Table :-
Department of Computer Engineering, SIES GST Page 5
• Example
Key julie tjuli etjul ...
Plaintext BUTSO FTWHA TLIGH ...
Ciphertext koeas ycqsi ...
k = (B, j), o = (U, u), e = (T, l), …
• Long keywords can be used, but a keyword of length three usually suffices s to smooth out the
distribution.
CONCLUSION:-
Vigenère cipher is periodic because plain text characters are enciphered one –by-one and
adjacent characters are enciphered with a different part of the key.
Department of Computer Engineering, SIES GST Page 6
EXPERIMENT NO. 4
RSA ALGORITHM
AIM : - Write a program to implement RSA algorithm.
THEORY:-
RSA is an algorithm for public-key cryptography that is based on the presumed difficulty
of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and
Leonard Adleman, who first publicly described it in 1977.
A user of RSA creates and then publishes the product of two large prime numbers, along with an
auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the
public key to encrypt a message, but with currently published methods, if the public key is large
enough, only someone with knowledge of the prime factors can feasibly decode the message.
The RSA algorithm involves three steps: key generation, encryption and decryption.
Key generation
RSA involves a public key and a private key. The public key can be known to everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted
using the private key. The keys for the RSA algorithm are generated the following way:
Choose two distinct prime numbers p and q. - For security purposes, the integers p and q should
be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found
using a primality test.
Compute n = pq. - n is used as the modulus for both the public and private keys
Compute φ(n) = (p–1)(q–1), where φ is Euler's totient function.
Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1; i.e., e
and φ(n) are coprime.
e is released as the public key exponent.
Department of Computer Engineering, SIES GST Page 7
e having a short bit-length and small Hamming weight results in more efficient encryption - most
commonly 0x10001 = 65,537. However, small values of e (such as 3) have been shown to be less
secure in some settings.
Determine d as:
i.e., d is the multiplicative inverse of e mod φ(n). - This is more clearly stated as solve for d
given (de) mod φ(n) = 1. This is often computed using the extended Euclidean algorithm. d is
kept as the private key exponent.
so, d*e= 1 mod φ(n) The public key consists of the modulus n and the public (or encryption)
exponent e. The private key consists of the modulus n and the private (or decryption) exponent
d which must be kept secret. (p, q, and φ(n) must also be kept secret because they can be used to
calculate d.)
Encryption
Alice transmits her public key to Bob and keeps the private key secret. Bob then wishes to
send message M to Alice.
He first turns M into an integer m, such that by using an agreed-upon reversible
protocol known as a padding scheme. He then computes the ciphertext corresponding to
.
This can be done quickly using the method of exponentiation by squaring. Bob then transmits
to Alice. Note that at least nine values of m could yield a ciphertext c equal to m,but this is very
unlikely to occur in practice.
Decryption
Alice can recover from by using her private key exponent via computing
.
Given , she can recover the original message M by reversing the padding scheme.
CONCLUSION :-
Department of Computer Engineering, SIES GST Page 8
RSA's biggest advantage is that it uses Public Key encryption. This means that text will be
encrypted with someone's Public Key (which everyone knows about). However, only the person
it is intended for can read it, by using their private key (which only they know about).
Attempting to use the Public Key to decrypt the message would not work. RSA can also be used
to "sign" a message, meaning that the recipient can verify that it was sent by the authenticated
user.
Department of Computer Engineering, SIES GST Page 9
EXPERIMENT NO. 5
KNAPSACK CRYPTOANALYSIS
AIM : - Write a program to implement knapsack cryptoanalysis.
THEORY:-
The Merkle-Hellman system is based on the subset sum problem (a special case of the knapsack
problem). The problem is as follows: given a set of numbers A and a number b, find a subset of
A, which sums to b. In general, this problem is known to be NP-complete. However, if the set of
numbers (called the knapsack) is super increasing the problem is 'easy' and solvable in
polynomial time with a simple greedy algorithm.
Key generation
To encrypt n-bit messages, choose a super increasing sequence
w = (w1, w2, ..., wn)
of n nonzero natural numbers. Pick a random integer q, such that
,
and a random integer, r, such that gcd(r,q) = 1 (i.e. r and q are coprime).
q is chosen this way to ensure the uniqueness of the ciphertext. If it is any smaller, more than one
plaintext may encrypt to the same ciphertext. r must be coprime to q or else it will not have an
inverse mod q. The existence of the inverse of r is necessary so that decryption is possible.
Now calculate the sequence
β = (β1, β2, ..., βn)
Department of Computer Engineering, SIES GST Page 10
where
βi = rwi mod q.
The public key is β, while the private key is (w, q, r).
Encryption
To encrypt an n-bit message
α = (α1, α2, ..., αn),
where is the i-th bit of the message and {0, 1}, calculate
The cryptogram then is c.
Decryption
In order to decrypt a ciphertext c a receiver has to find the message bits αi such that they satisfy
This would be a hard problem if the βi were random values because the receiver would have to
solve an instance of the subset sum problem, which is known to be NP-hard. However, the
values βi were chosen such that decryption is easy if the private key (w, q, r) is known.
The key to decryption is to find an integer s that is the modular inverse of r modulo q. That
means s satisfies the equation s r mod q = 1 or equivalently there exist an integer k such that sr =
kq + 1. Since r was chosen such that gcd(r,q)=1 it is possible to find s and k by using the
Extended Euclidean algorithm. Next the receiver of the ciphertext c computes
Department of Computer Engineering, SIES GST Page 11
Hence
Because of rs mod q = 1 and βi = rwi mod q follows
Hence
The sum of all values wi is smaller than q and hence is also in the interval [0,q-1]. Thus
the receiver has to solve the subset sum problem
This problem is easy because w is a superincreasing sequence. Take the largest element in w, say
wk. If wk > c' , then αk = 0, if wk≤c' , then αk = 1. Then, subtract wk×αk from c' , and repeat these
steps until you have figured out α.
CONCLUSION:-
Knapsack algorithm is the secured way of implementing encryption.
Department of Computer Engineering, SIES GST Page 12
EXPERIMENT NO. 6
DIFFIE HELLMAN KEY EXCHANGE
AIM : - Write a program to implement Diffie Hellman key exchange algorithm.
THEORY:-
Diffie Hellman key exchange algorithm uses asymmetric key principles for the distribution of
symmetric keys to both parties in a communication network. Key distribution is an important
aspect of conventional algorithm and the entire safety is dependent on the distribution of key
using secured channel. Diffie Hellman utilizes the public& private key of asymmetric key
cryptography to exchange the secret key. Define primitive root of a prime number 'p' as one
whose powers generate all the integers from 1 to p-1, i.e. if 'a' is the primitive root of a prime no
'p', then, a mod p , a2 mod p , a 3 mod p, ...ap-1 mod p generate all distinct integers from 1 to (p-1)
in some permutation.
The steps for Diffie Hellman key exchange algorithm are:
Step 1 : GLOBAL PUBLIC ELEMENTS
Select any prime no : 'q'
Calculate the primitive root of q : 'a' such that a<q
Step 2 : ASYMMETRIC KEY GENERATION BY USER 'A'
Select a random number as the private key XA where XA < q
Calculate the public key YA where YA = aXA mod q
Step 3 : KEY GENERATION BY USER 'B'
Select a random number as the private key XB where XB < q
Calculate the public key YB where YB = aXB mod q
Step 4 : Exchange the values of public key between A & B
Step 5 : SYMMETRIC KEY (K) GENERATION BY USER 'A'
K= YB XA mod q
Step 6 : SYMMETRIC KEY (K) GENERATION BY USER 'B'
Department of Computer Engineering, SIES GST Page 13
K= YA XB mod q
CONCLUSION:-
It can be easily be proved that the key K generated by this algorithm by both parties are the
same.
Department of Computer Engineering, SIES GST Page 14
EXPERIMENT NO. 7
DIGITAL SIGNATURE
AIM : - Write a program to generate digital signature using RSA.
THEORY:-
A Digital Signature is a construct which helps achieve non-repudiation of Origin (ie. Origin
Integrity) of data. By digitally signing the document, the person who signs it assures that he is
the author of the document or the message that was signed.
Two main Security considerations should be taken into account when implementing Digital
Signatures.
1. Sign the message and then encrypt the signed message
2. Sign the Hash of the message instead of the entire message
Algorithm
With the above considerations, the algorithm below can be used for implementing public key
cryptography in Java.
1. Encrypt the message using a symmetric key.
2. Concatenate the symmetric key + Hash of symmetric key + Hash of message.
3. Encrypt the concatenated string using the receiver’s public key.
4. Sign the data to be transmitted (Encrypted symmetric key + Hash of the key + Hash of
message).
5. Validate the Signature.
6. Decrypt the message using Receiver private key to get the symmetric key.
7. Validate the integrity of the key using the Hash of the key.
Department of Computer Engineering, SIES GST Page 15
8. Decrypt the actual message using the symmetric key which has been decrypted and
parsed and checked for integrity.
9. Compute Message Digest of data.
10. Validate if the Message Digest of the decrypted text matches the Message Digest of the
Original Message.
CONCLUSION:-
There is a need for authenticating critical transactions especially in the financial World. If Alice
has agreed to transfer $x to Bob, then there had to be a way for Bob to be sure that:
1. It was Alice who performed the transaction and not someone else impersonating Alice
(Authentication)
2. The amount agreed by Alice is $x (Integrity)
3. Alice could not dispute her statement of transacting $x to Bob (Non-Repudiation of
Origin)
Above mentioned can be achieved with Digital Signatures.
Department of Computer Engineering, SIES GST Page 16
EXPERIMENT NO. 8
BUFFER OVERFLOW ATTACK
AIM : - Write a program to implement Buffer Overflow Attack.
THEORY:-
More data is put into a holding area than it can handle (Lack of bound checking).
A technically inclined user may exploit stack-based buffer overflows to manipulate the program
to their advantage in one of several ways:
By overwriting a local variable that is near the buffer in memory on the stack to change
the behaviour of the program which may benefit the attacker.
By overwriting the return address in a stack frame. Once the function returns, execution
will resume at the return address as specified by the attacker, usually a user input filled
buffer.
By overwriting a function pointer,or exception handler, which is subsequently executed.
With a method called "trampolining", if the address of the user-supplied data is unknown, but the
location is stored in a register, then the return address can be overwritten with the address of an
opcode which will cause execution to jump to the user supplied data. If the location is stored in a
register R, then a jump to the location containing the opcode for a jump R, call R or similar
instruction, will cause execution of user supplied data. The locations of suitable opcodes, or
bytes in memory, can be found in DLLs or the executable itself. However the address of the
opcode typically cannot contain any null characters and the locations of these opcodes can vary
between applications and versions of the operating system.
CONCLUSION:-
Department of Computer Engineering, SIES GST Page 17
C and C++ provide no built-in protection against accessing or overwriting data in any part of
memory; more specifically, they do not check that data written to a buffer is within the
boundaries of that buffer.
EXPERIMENT NO. 9
STEGNOGRAPHY
AIM : - To study Stegnography by storing a secret key in a JPEG image.
THEORY:-
Digital stegnography concerns privacy of information under surveillance. Steganalysis is the art
of detecting any hidden message on the communication channel. If the existence of the hidden
message is revealed, the goal of steganography is defeated.
For all of the stegnographic systems, the most important and fundamental requirement is
undetect ability. The hidden message should not be detected by any other people. In addition, the
media with hidden message, called the stegomedia, are indistinguishable from their original
ones, called the cover-media.
For JPEG images, Jsteg (method to implement stegnogaphy) embeds the hidden message by
modulating the rounding choices either up or down in the quantized DCT conceits. The ability of
embedding messages in the JPEG format is an advantage of this tool, since most images are
stored in JPEG format and transferred in the Internet. Note that the downgrade image-delity
caused by the embedding process depends not only on the amount of embedding messages but
also on the quality factor setting in JPEG compression. If the quality factor is low, the
embedding capacity should be limited in order to satisfy the imperceptible requirement.
CONCLUSION:-
Department of Computer Engineering, SIES GST Page 18
The main advantage of this technique is that it is robust to image modification. However, the
shared information before communication is dependent on the length of the secret message, i.e.,
the payload of the system is limited.
Department of Computer Engineering, SIES GST Page 19