Cryptography And Network Security LAB(RIT-751)

CRYPTOGRAPHY & NETWORK SECURITY LAB

B.Tech., Semester -VII
Subject Code: RIT-751

Session: 2020-21, Odd Semester

Name: Kush Verma

Roll. No.: 1709113049

Group/Branch: IT 1(A2)

JSS MAHAVIDYAPEETHA
DEPARTMENT OF INFORMATION TECHNOLOGY
JSSACADEMY OF TECHNICAL EDUCATION
C-20/1, SECTOR-62, NOIDA

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

List of Experiments mapped

Sl List of Experiments DATE REMARK
No.
1 Implement the encryption and decryption of 8-bit data
using ‘Simplified DES Algorithm’
2 Implement ‘Linear Congruential Algorithm’ to
generate 5 pseudo-random numbers in ‘C’
3 Implement Rabin-Miller Primality Testing Algorithm
in ‘C’.

4 Implement the Euclid Algorithm to generate the GCD

of an array of 10 integers in ‘C’.

5 Implement RSA algorithm for encryption and

decryption in ‘C’

6 Configure a mail agent to support Digital Certificates,

send a mail and verify the correctness of this system
using the configured parameters.

7 Configure SSH (Secure Shell) and send/receive a file

on this connection to verify the correctness of this
system using the configured parameters.

8 Configure a firewall to block the following for 5

minutes and verify the correctness of this system
using the configured parameters:
(a) Two neighborhood IP addresses on your LAN
(b) All ICMP requests

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

EXPERIMENT 1
OBJECTIVE:
Implement the encryption and decryption of 8-bit data using ‘Simplified DES Algorithm’

BRIEFDESCRIPTION:
DES means Data Encryption Standard. DES is one of the top cryptographic software security algorithm
used for providing security in many information systems. This c programming tutorial will help you to
generate secure password (encryption key).

ALGORITHM/FLOWCHART:

Input: Enter Plain text

1. Fraction the text into 64-bit (8 octet) blocks;

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

2. Initial permutation of block

3. Break the blocks into two parts: left and right, named L and R;
4. Repeat steps 2 and 3 sixteen times (called rounds);
5. Re-join the left and right parts then inverse initial permutation.

Source code:
#include<stdio.h>
int main()
{
int i, cnt=0, p8[8]={6,7,8,9,1,2,3,4};
int p10[10]={6,7,8,9,10,1,2,3,4,5};
char input[11], k1[10], k2[10], temp[11];
char LS1[5], LS2[5];
//k1, k2 are for storing interim keys
//p8 and p10 are for storing permutation key

//Read 10 bits from user...

printf("Enter 10 bits input:");
scanf("%s",input);
input[10]='\0';

//Applying p10...
for(i=0; i<10; i++)
{
cnt = p10[i];
temp[i] = input[cnt-1];
}
temp[i]='\0';
printf("\nYour p10 key is :");
for(i=0; i<10; i++)
{ printf("%d,",p10[i]); }

printf("\nBits after p10 :");

puts(temp);
//Performing LS-1 on first half of temp

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

for(i=0; i<5; i++)

{
if(i==4)
temp[i]=temp[0];
else
temp[i]=temp[i+1];
}
//Performing LS-1 on second half of temp
for(i=5; i<10; i++)
{
if(i==9)
temp[i]=temp[5];
else
temp[i]=temp[i+1];
}
printf("Output after LS-1 :");
puts(temp);

printf("\nYour p8 key is :");

for(i=0; i<8; i++)
{ printf("%d,",p8[i]); }

//Applying p8...
for(i=0; i<8; i++)
{
cnt = p8[i];
k1[i] = temp[cnt-1];
}
printf("\nYour key k1 is :");
puts(k1);
//This program can be extended to generate k2 as per DES algorithm.
}

Output of program

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

Enter 10 bits input:1100011100

Your p10 key is :6,7,8,9,10,1,2,3,4,5,

Bits after p10 :1110011000
Output after LS-1 :1100110001

Your p8 key is :6,7,8,9,1,2,3,4,

Your key k1 is :10001100

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

LAB EXPERIMENT 2
OBJECTIVE:
Implement ‘Linear Congruential Algorithm’ to generate 5 pseudo-random numbers in ‘C’.
BRIEF DESCRIPTION:

A linear congruential generator (LCG) is an algorithm that yields a sequence of pseudo-randomized

numbers calculated with a discontinuous piecewise linear equation.It allows us to make use of pseudo-
random numbers. These are sequences of numbers that possess the correct statistical properties to
"emulate" random numbers in order to improve the convergence rates of Monte Carlo simulations. The
interface for random numbers and pseudo-random numbers is identical and we can hide away the details in
the specific classes. The linear congruential generator is a very simple example of a random number
generator. All linear congruential generators use this formula.

ALGORITHM:

Input: Enter values

Source code:
1. #include <stdio.h>
2.
3. /* always assuming int is at least 32 bits */
4. int rand();
5. int rseed = 0;
6.
7. inline void srand(int x) {
8. rseed = x;
9. }

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)
10.
11. #ifndef MS_RAND
12. #define RAND_MAX ((1U << 31) - 1)
13.
14. inline int rand() {
15. return rseed = (rseed * 1103515245 + 12345) & RAND_MAX;
16. }
17.
18. #else /* MS rand */
19.
20. #define RAND_MAX_32 ((1U << 31) - 1)
21. #define RAND_MAX ((1U << 15) - 1)
22.
23. inline int rand()
24. {
25. return (rseed = (rseed * 214013 + 2531011) & RAND_MAX_32) >> 16;
26. }
27.
28. #endif/* MS_RAND */
29.
30. int main() {
31. int i;
32. printf("rand max is %d\n", RAND_MAX);
33.
34. for (i = 0; i < 10; i++)
35. printf("%d\n", rand());
36.
37. return 0;
38. }

Output:

$ gcc LCG.c
$ ./a.out

rand max is 2147483647

12345
1406932606
654583775
1449466924
229283573
1109335178
1051550459
1293799192
794471793
551188310

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

LAB EXPERIMENT 3
OBJECTIVE:
Implement Rabin-Miller Primality Testing Algorithm in ‘C’.

BRIEF DESCRIPTION:

The Miller–Rabin primality test or Rabin–Miller primality test is a primality test: an algorithm which
determines whether a given number is prime. Miller's version of the test is deterministic, but the
correctness relies on the unproven extended Riemann hypothesis. Michael O. Rabin modified it to obtain
an unconditional probabilistic algorithm.

Source code:
1. #include <stdio.h>
2. #include <string.h>
3. #include <stdlib.h>
4. * calculates (a * b) % c taking into account that a * b might overflow*/
5. long long mulmod(long long a, long long b, long long mod)
6. {
7. long long x = 0,y = a % mod;
8. while (b > 0)
9. {
10. if (b % 2 == 1)
11. {
12. x = (x + y) % mod;
13. }
14. y = (y * 2) % mod;
15. b /= 2;
16. }
17. return x % mod;
18. }
19. /*
20. * modular exponentiation
21. */
22. long long modulo(long long base, long long exponent, long long mod)
23. {
24. long long x = 1;
25. long long y = base;
26. while (exponent > 0)
27. {
28. if (exponent % 2 == 1)
29. x = (x * y) % mod;
30. y = (y * y) % mod;
31. exponent = exponent / 2;
32. }
33. return x % mod;
34. }
35.
36. /*
37. * Miller-Rabin Primality test, iteration signifies the accuracy
38. */

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)
39. int Miller(long long p,int iteration)
40. {
41.
42. int i;
43. long long s;
44. if (p < 2)
45. {
46. return 0;
47. }
48. if (p != 2 && p % 2==0)
49. {
50. return 0;
51. }
52. s = p - 1;
53. while (s % 2 == 0)
54. {
55. s /= 2;
56. }
57. for (i = 0; i < iteration; i++)
58. {
59. long long a = rand() % (p - 1) + 1, temp = s;
60. long long mod = modulo(a, temp, p);
61. while (temp != p - 1 && mod != 1 && mod != p - 1)
62. {
63. mod = mulmod(mod, mod, p);
64. temp *= 2;
65. }
66. if (mod != p - 1 && temp % 2 == 0)
67. {
68. return 0;
69. }
70. }
71. return 1;
72. }
73. //Main
74. int main()
75. {
76. int iteration = 5;
77. long long num;
78. printf("Enter integer to test primality: ");
79. scanf("%lld", &num);
80. if ( Miller( num, iteration))
81. printf("\n%lld is prime\n", num);
82. else
83. printf("\n%lld is not prime\n", num);
84. return 0;
85. }
Output:

$ gcc bubblesort.c -o bubblesort

$ ./bubblesort

Enter integer to test Primality: 89

89 is prime

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

LAB EXPERIMENT 4
OBJECTIVE:
Implement the Euclid Algorithm to generate the GCD of an array of 10 integers in ‘C’.

BRIEF DESCRIPTION:

The Euclidean ALGORITHM, or Euclid's ALGORITHM, is an efficient method for computing the greatest
common divisor (GCD) of two numbers, the largest number that divides both of them without leaving a
remainder. It is named after the ancient Greek mathematician Euclid, who first described it in Euclid's
Elements (c. 300 BC). It is an example of an algorithm, a step-by-step procedure for performing a
calculation according to well-defined rules and is one of the oldest algorithms in common use. It can be
used to reduce fractions to their simplest form, and is a part of many other number-theoretic and
cryptographic calculations.

Source code:
#include <bits/stdc++.h>
using namespace std;
// Function to return gcd of a and b
int gcd(int a, int b)
{
if (a == 0)
return b;
return gcd(b % a, a);
}
// Function to find gcd of array of
// numbers
int findGCD(int arr[], int n)
{
int result = arr[0];
for (int i = 1; i < n; i++)
{
result = gcd(arr[i], result);
if(result == 1)
{
return 1;
}
}
return result;

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

}
// Driver code
int main()
{
int arr[] = { 2, 4, 6, 8, 16 };
int n = sizeof(arr) / sizeof(arr[0]);
cout << findGCD(arr, n) << endl;
return 0;
}

Output:

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

LAB EXPERIMENT 5
OBJECTIVE
Implement RSA algorithm for encryption and decryption in ‘C’.

BRIEF DESCRIPTION:
The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world. It can be
used to encrypt a message without the need to exchange a secret key separately. The RSA
algorithm can be used for both public key encryption and digital signatures. Its security is based on the
difficulty of factoring large integers. Party A can send an encrypted message to party B without any prior
exchange of secret keys. A just uses B's public key to encrypt the message and B decrypts it using the
private key, which only he knows. RSA can also be used to sign a message, so A can sign a message using
their private key and B can verify it using A's public key.

ALGORITHM:

The RSA algorithm involves four steps: key generation, key distribution, encryption and decryption.

Key generation

This is the original algorithm.

1. Generate two large random primes, p and q, of approximately equal size such that their product n =
pq is of the required bit length, e.g. 1024 bits.
2. Compute n = pq and (phi) φ = (p-1)(q-1).
3. Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1.
4. Compute the secret exponent d, 1 < d < phi, such that ed ≡ 1 (mod phi).
5. The public key is (n, e) and the private key (d, p, q). Keep all the values d, p, q and phi secret. [It is
preferred sometimes to write the private key as (n, d) because there is a need of the value n when
using d. Otherwise write the key pair as ((N, e), d).]

• n is known as the modulus.

• e is known as the public exponent or encryption exponent or just the exponent.
• d is known as the secret exponent or decryption exponent.

ALGORITHM: Generate an RSA key pair.

INPUT: Required modulus bit length, k. Select a value of e from {3, 5, 17, 257, 65537}

1. repeat
2. p ← genprime(k/2)
3. until (p mod e) ≠ 1
4. repeat
5. q ← genprime(k - k/2)
6. until (q mod e) ≠ 1

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

7. N ← pq
8. L ← (p-1)(q-1)
9. d ← modinv(e, L)
10. return(N, e, d)

Encryption

Sender A does the following:-

1. Obtains the recipient B's public key (n, e).

2. Represents the plaintext message as a positive integer m, 1 < m <n .
3. Computes the ciphertext c = me mod n.
4. Sends the ciphertext c to B.

Decryption

Recipient B does the following:-

1. Uses his private key (n, d) to compute m = cd mod n.

2. Extracts the plaintext from the message representative m.

Source code:
#include<stdio.h>

#include<math.h>

//to find gcd

int gcd(int a, int h)

int temp;

while(1)

temp = a%h;

if(temp==0)

return h;

a = h;

h = temp;

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

int main()

//2 random prime numbers

double p = 3;

double q = 7;

double n=p*q;

double count;

double totient = (p-1)*(q-1);

//public key

//e stands for encrypt

double e=2;

//for checking co-prime which satisfies e>1

while(e<totient){

count = gcd(e,totient);

if(count==1)

break;

else

e++;

//private key

//d stands for decrypt

double d;

//k can be any arbitrary value

double k = 2;

//choosing d such that it satisfies d*e = 1 + k * totient

d = (1 + (k*totient))/e;

double msg = 12;

double c = pow(msg,e);

double m = pow(c,d);

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

c=fmod(c,n);

m=fmod(m,n);

printf("Message data = %lf",msg);

printf("\np = %lf",p);

printf("\nq = %lf",q);

printf("\nn = pq = %lf",n);

printf("\ntotient = %lf",totient);

printf("\ne = %lf",e);

printf("\nd = %lf",d);

printf("\nEncrypted data = %lf",c);

printf("\nOriginal Message Sent = %lf",m);

return 0;

OUTPUT:

Message data = 12.000000

p = 3.000000

q = 7.000000

n = pq = 21.000000

totient = 12.000000

e = 5.000000

d = 5.000000

Encrypted data = 3.000000

Original Message Sent = 12.000000

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

LAB EXPERIMENT 6
OBJECTIVE:
Configure a mail agent to support Digital Certificates, send a mail and verify the correctness of this system
using the configured parameters.
BRIEF DESCRIPTION:
A digital certificate is a digital form of identification, like a passport. A digital certificate provides
information about the identity of an entity. A digital certificate is issued by a Certification Authority (CA).
Examples of trusted CA across the world are Verisign, Entrust, etc.
.
In Understanding Digital Signatures article, it was assumed that the receiver knows the Public Key of the
sender. In fact, the issue of distributing Public Key is massive, because the Public Key should be
distributed in a scalable way as well as be trusted as the true Public Key of the sender. These problems are
solved when a user obtains another user's Public Key from the digital certificate.

ALGORITHM:

The Process of Obtaining a Digital Certificate

1. Generate Key-pair: User-A generates a Public and Private key-pair or is assigned a key-pair by some
authority in their organization.
2. Request CA Certificate: User-A first requests the certificate of the CA Server.
3. CA Certificate Issued: The CA responds with its Certificate. This includes its Public Key and its
Digital Signature signed using its Private Key.
4. Gather Information: User-A gathers all information required by the CA Server to obtain its
certificate. This information could include User-A email address, fingerprints, etc. that the CA needs to
be certain that User-A claims to be who she is.
5. Send Certificate Request: User-A sends a certificate request to the CA consisting of her Public Key
and additional information. The certificate request is signed by CA's Public Key.
6. CA verifies User-A: The CA gets the certificate request, verifies User-A's identity and generates a
certificate for User-A, binding her identity and her Public Key. The signature of CA verifies the
authenticity of the Certificate.
7. CA issues the Certificate: The CA issues the certificate to User-A.

Assigning Certificate to email account:

• Open Outlook
• Select Tools from menu
• Select Options from drop down menu
• In dialog box that appears select Security tab
• Enter a name for the security setting into the Security Settings Name box
• Ensure S/MIME is selected on the Secure Message Format box
• Check the Default Security Setting for this Secure Message Format

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

• In Certificates and ALGORITHMs section click the Choose button in the Signing
Certificate section
• Select the Secure Email Certificate from the Select Certificate dialog box
• Outlook should automatically choose the same Secure Email Certificate as your Signing
• Certificate for the Encryption Certificate. If not, click the Choose button in the Encryption
• Certificate and select Secure Email Certificate from the Select Certificate dialog box
• Ensure Send These Certificates with Signed Messages is selected
• Click OK to return to Options dialog box
• Click OK to return to Outlook.
• Setting up buttons for easy signing / encryption abilities from a New Message toolbar:
• Following these steps will display digital sign and encrypt buttons on the New Message toolbar:
• Click New Message button
• Select Tools from menu
• Select Customize from drop down menu
• Select the Commands tab
• Select the Standard from the Categories listings
• Scroll down the Commands list on the right to locate Encrypt Message Contents and
Attachments. Click on the entry.
• Using the mouse, drag the highlighted Encrypt Message Contents and Attachments listing
onto your Toolbar. It is recommended to place it next to the Send button.
• Repeat the steps 6 & 7 to also add the Digitally Sign Message listing.

Click Close to return to composing your message

Signing an Email:
Signing an email ensures the recipient knows the email has come from recipient and informs him
/ her if it has been tampered with since being signed.
Compose recipient email and attach files as usual

Click Sign button

Click Send button

The incoming email to the recipient must have a copy of recipient Certificate in order to verify recipient
signed email is legitimate. Ensure email receiver to assign the recipient certificate to incoming mail
account.

Encrypting an Email:Encrypting an email ensures that only the recipient may view the email content
and any attachments.

Ensure the recipient has a Digital Certificate and recipient have assigned the Certificate to their entry in
recipient Outlook contacts area

Click Encrypt button and Click Send button.

LAB EXPERIMENT 7

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

OBJECTIVE:
Configure SSH (Secure Shell) and send/receive a file on this connection to verify the correctness of
this system using the configured parameters.

BRIEF DESCRIPTION:
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over
an unsecured network. The best-known example application is for remote login to computer systems by
users.SSH provides a secure channel over an unsecured network in a client-server architecture,
connecting an SSH client application with an SSH server. Common applications include remote
command-line login and remote command execution, but any network service can be secured with
SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and
SSH-2.

SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the
Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in
plaintext, rendering them susceptible to interception and disclosure using packet analysis.The
encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured
network, such as the Internet, although files leaked by Edward Snowden indicate that the National
Security Agency can sometimes decrypt SSH, allowing them to read the contents of SSH sessions.

FLOWCHART

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

LAB EXPERIMENT 8
OBJECTIVE:
Configure a firewall to block the following for 5 minutes and verify the correctness of this system using the
configured parameters:
(a) Two neighborhood IP addresses on your LAN
(b) All ICMP requests
BRIEF DESCRIPTION:
Setting up a firewall for the infrastructure is a great way to provide some basic security for the services.
Once it has been developed, the next step is to test the firewall rules. It is important to get a good idea of
whether firewall rules are doing.
To monitor the number of existing ad-hoc clients on a wireless LAN, to identify devices that have set their
own fixed addresses in the DHCP range or to take inventory of the devices currently connected to your
network, you can ping each IP address in the subnet. The list of devices that respond to the ping is a good
starting place for accomplishing any of these tasks.
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It
is used by network devices, including routers, to send error messages and operational information
indicating, for example, that a requested service is not available or that a host or router could not be
reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to
exchange data between systems, nor is it regularly employed by end-user network applications
ALGORITHM:

(a) Two neighborhood IP addresses on your LAN

Step 1: DNS Block

The first step is to block the resolution of DNS records on the teamviewer.com domain, if they are running
on the host DNS server (such as an Active Directory server).

1. Open the DNS Management Console

2. Create a top-level record for ‘teamviewer.com’.
3. By pointing this record, it will stop the connections to this domain and all of it’s sub
domains

Step 2: Check Clients Can’t Connect to External DNS Servers

Ensure the only DNS connections allowed on the network are to connect to internal DNS servers (which
contain this dummy-record). This removes the possibility of the TeamViewer client checking DNS records
against their own servers.

1. Log into your Firewall or Router

2. Add a new outgoing firewall rule to disallow TCP & UDP port 53 from all source IP addresses,
EXCEPT the addresses of all DNS servers.

Department of Information Technology 1709113049 Kush Verma

 Cryptography And Network Security LAB(RIT-751)

This means clients will now only be able to resolve the DNS records, and is allowed it through host DNS
server (these servers can forward requests on to external servers).

Step 3: Block Access to TeamViewer IP Address Range

The Team Viewer client will sometimes be able to connect to known IP Addresses, despite the DNS
Record being blocked. To overcome this, you need to block access to their IP Address range.

1. Log into host Firewall or Router

2. Add a new outgoing firewall rule to disallow connections.

Step 4: Block Team Viewer Port

This step probably isn’t necessary but can be good as an extra layer of protection. TeamViewer connects on
port 5938, but also tunnels via ports 80 (HTTP) & 443 (SSL). Here’s how to block that port:

1. Log into host Firewall or Router

2. Add a new outgoing firewall rule to disallow TCP & UDP port 5938 from all source IP Addresses

Step 5: Group Policy Restrictions

If there is an Active Directory Network, consider adding Software Restrictions to Group Policy. The steps
are-

1. Download the TeamViewer EXE file from their website.

2. Open Group Policy Management Console, and create a new GPO.
3. In GPO go to Software Restriction Polices found under User Configuration > Windows Settings >
Security Settings > Software Restriction Policies.
4. Right click and choose “New Software Restriction Policies”.
5. Select “Browse” in the New Hash Rule popup window. Find the TeamViewer setup EXE and open
it.
6. Close those windows and link new GPO to the domain and make it apply to everyone.

Step 6: Deep Packet Inspection

If all of these steps fail, it needs to implement a firewall which performs Deep Packet Inspection and
Unified Threat Management. These devices are specifically trained to look for common remote access tools
and block them. They also cost a lot of money.

(b) All ICMP requests-

All ICMP requests create a host-based firewall rule for blocking ICMP traffic.

Department of Information Technology 1709113049 Kush Verma