JawaharlalNehruEngineeringCollege

LaboratoryManual

NETWORKSECURITY

For

Final Year Students

SUBJECTINDEX

Title

1.Dos and Donts in Laboratory

2 .Instruction for Laboratory Teachers:

Page no.

04

04

3. Lab Exercises
1. To study RSA algorithm
2. To study MD-5 algorithm
3.
4.
5.
6.
7.
8.
9.
10.

To study block cipher principles.

To study web security.
To study email security
To study e com security
To study WAP security.
Study of DES
Assignment No.1
Assignment No.2

4. Quiz for the subject

5. Conduction of viva voce examination

6. Evaluation and marking scheme

05
08

1. DOs and DONTs in Laboratory:

1.
2.
3.
4.

Do not handle computer for security without reading the instructions/Instruction manuals.
Refer Help for security options.
Go through Internet options whenever necessary.
Strictly observe the instructions given by the teacher/Lab Instructor.

2 Instruction for Laboratory Teachers::

1. Lab work completed during prior session ,should be corrected during the next lab session.

2. Students should be guided and helped whenever they face difficulties.

3. The promptness of submission should be encouraged by way of marking and evaluation patterns
that will benefit the sincere students.

Experiment No. 1
Aim: To study RSA algorithm.
Theory: In cryptography, RSA is an algorithm for public-key cryptography. It is the first
algorithm known to be suitable for signing as well as encryption, and one of the first great
advances in public key cryptography. RSA is widely used in electronic commerce protocols, and
is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman
at MIT; the letters RSA are the initials of their surnames, listed in the same order as on the
paper.[
The RSA algorithm involves three steps: key generation, encryption and decryption.

RSA in a nutshell:
_

Key generation:
_

Select random prime numbers p and q, and check that p != q

_

Compute modulus n = pq
_

Compute phi, = (p - 1)(q - 1)

_

Select public exponent e, 1 < e <

_

such that gcd(e, ) = 1

_

Compute private exponent d =e-1 mod

_
_

Public key is {n, e}, private key is d

_

Encryption: c = memod n,
decryption: m = cdmod n

Example of RSA with small numbers:

_

p = 47, q = 71, compute n = pq = 3337

_

Compute phi = 46 * 70 = 3220

_

Let e be 79, compute d = 79 mod 3220 = 1019

-1

Public key is n and e, private key d, discard p and q.

Encrypt message m = 688, 688 mod 3337 = 1570 = c.

79

Decrypt message c = 1570, 1570 mod 3337 = 688 = m.

1019

Experiment No. 2
Aim: To study MD-5 algorithm.
Theory: In cryptography, MD5 (Message-Digest algorithm 5) is a widely used
cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC
1321), MD5 has been employed in a wide variety of security applications, and is also
commonly used to check the integrity of files. However, it has been shown that MD5 is
not collision resistant[1] hence MD5 is not suitable for applications that rely on this
property. An MD5 hash is typically expressed as a 32 digit hexadecimal number.
MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In
1996, a flaw was found with the design of MD5.
MD5 processes a variable-length message into a fixed-length output of 128 bits. The
input message is broken up into chunks of 512-bit blocks (sixteen 32-bit little endian
integers); the message is padded so that its length is divisible by 512. The padding
works as follows: first a single bit, 1, is appended to the end of the message. This is
followed by as many zeros as are required to bring the length of the message up to 64
bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit integer
representing the length of the original message, in bits.
The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words,
denoted A, B, C and D. These are initialized to certain fixed constants. The main
algorithm then operates on each 512-bit message block in turn, each block modifying
the state. The processing of a message block consists of four similar stages, termed

rounds; each round is composed of 16 similar operations based on a non-linear function

F, modular addition, and left rotation. Figure 1 illustrates one operation within a round.

There are four possible functions F; a different one is used in each round:

Experiment No. 3
Aim: To study Block cipher algorithm.
Theory: In cryptography, a block cipher operates on blocks of fixed length, often 64 or
128 bits. Because messages may be of any length, and because encrypting the same
plaintext under the same key always produces the same output (as described in the
ECB section below), several modes of operation have been invented which allow block
ciphers to provide confidentiality for messages of arbitrary length.
Modes: ECB, CBC, OFB and CFB.
Initialization vector (IV)
All these modes (except ECB) require an initialization vector, or IV -- a sort of 'dummy
block' to kick off the process for the first real block, and also to provide some
randomization for the process. There is no need for the IV to be secret, in most cases,
but it is important that it is never reused with the same key. For CBC and CFB, reusing
an IV leaks some information about the first block of plaintext, and about any common
prefix shared by the two messages. For OFB and CTR, reusing an IV completely
destroys security. In CBC mode, the IV must, in addition, be randomly generated at
encryption time.

Electronic codebook (ECB)

The simplest of the encryption modes is the electronic codebook (ECB) mode. The
message is divided into blocks and each block is encrypted separately. The
disadvantage of this method is that identical plaintext blocks are encrypted into identical
ciphertext blocks; thus, it does not hide data patterns well. In some senses, it doesn't
provide serious message confidentiality, and it is not recommended for use in
cryptographic protocols at all.

Here's a striking example of the degree to which ECB can leave plaintext data patterns
in the ciphertext. A pixel-map version of the image on the left was encrypted with ECB
mode to create the center image:

Cipher-block chaining (CBC)

CBC mode of operation was invented by IBM in 1976. [1] In the cipher-block chaining
(CBC) mode, each block of plaintext is XORed with the previous ciphertext block before
being encrypted. This way, each ciphertext block is dependent on all plaintext blocks
processed up to that point. Also, to make each message unique, an initialization vector
must be used in the first block.

Propagating cipher-block chaining (PCBC)

The propagating cipher-block chaining or plaintext cipher-block chaining[2] mode was
designed to cause small changes in the ciphertext to propagate indefinitely when
decrypting, as well as when encrypting.

Cipher feedback (CFB)

The cipher feedback (CFB) mode, a close relative of CBC, makes a block cipher into a
self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption
is almost identical to CBC encryption performed in reverse:

Output feedback (OFB)

The output feedback (OFB) mode makes a block cipher into a synchronous stream
cipher: it generates keystream blocks, which are then XORed with the plaintext blocks
to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext
produces a flipped bit in the plaintext at the same location. This property allows many
error correcting codes to function normally even when applied before encryption.

Experiment No. 4
Aim: To study of Web Security.
WhatareWebServices?

Webservicesareapplicationcomponents
Webservicescommunicateusingopenprotocols
Webservicesareselfcontainedandselfdescribing
WebservicescanbediscoveredusingUDDI
Webservicescanbeusedbyotherapplications
XMListhebasisforWebservices

HowDoesitWork?
ThebasicWebservicesplatformisXML+HTTP.
XMLprovidesalanguagewhichcanbeusedbetweendifferentplatformsandprogramming
languagesandstillexpresscomplexmessagesandfunctions.
TheHTTPprotocolisthemostusedInternetprotocol.
Webservicesplatform elements:

SOAP(SimpleObjectAccessProtocol)
UDDI(UniversalDescription,DiscoveryandIntegration)
WSDL(WebServicesDescriptionLanguage)

InteroperabilityhasHighestPriority
WhenallmajorplatformscouldaccesstheWebusingWebbrowsers,differentplatformscould
interact.Fortheseplatformstoworktogether,Webapplicationsweredeveloped.
Webapplicationsaresimpleapplicationsthatrunontheweb.ThesearebuiltaroundtheWeb
browserstandardsandcanbeusedbyanybrowseronanyplatform.
WebServicestakeWebapplicationstotheNextLevel
ByusingWebservices,yourapplicationcanpublishitsfunctionormessagetotherestofthe
world.
WebservicesuseXMLtocodeandtodecodedata,andSOAPtotransportit(usingopen
protocols).

WithWebservices,youraccountingdepartment'sWin2kserver'sbillingsystemcanconnect
withyourITsupplier'sUNIXserver.
WebServiceshaveTwoTypesofUses
Reusableapplicationcomponents.
Therearethingsapplicationsneedveryoften.Sowhymaketheseoverandoveragain?
Webservicescanofferapplicationcomponentslike:currencyconversion,weatherreports,or
evenlanguagetranslationasservices.
Connectexistingsoftware.
Webservicescanhelptosolvetheinteroperabilityproblembygivingdifferentapplicationsa
waytolinktheirdata.
WithWebservicesyoucanexchangedatabetweendifferentapplicationsanddifferent
platforms.
WebServices PlatformElements
WebServiceshavethreebasicplatformelements:SOAP,WSDLandUDDI.
WhatisSOAP?
SOAPisanXMLbasedprotocoltoletapplicationsexchangeinformationoverHTTP.
Ormoresimple:SOAPisaprotocolforaccessingaWebService.

SOAPstandsforSimpleObjectAccessProtocol
SOAPisacommunicationprotocol
SOAPisaformatforsendingmessages
SOAPisdesignedtocommunicateviaInternet
SOAPisplatformindependent
SOAPislanguageindependent
SOAPisbasedonXML
SOAPissimpleandextensible
SOAPallowsyoutogetaroundfirewalls
SOAPisaW3Cstandard

WebServices Example
AnyapplicationcanhaveaWebServicecomponent.
WebServicescanbecreatedregardlessofprogramminglanguage.
AWebServiceExample
InthefollowingexamplewewilluseASP.NETtocreateasimpleWebServicethatconvertsthe
temperaturefromFahrenheittoCelsius,andviceversa:
<%@WebServiceLanguage="VBScript"Class="TempConvert"%>
ImportsSystem
ImportsSystem.Web.Services
PublicClassTempConvert:InheritsWebService
<WebMethod()>PublicFunctionFahrenheitToCelsius
(ByValFahrenheitAsString)AsString
dimfahr
fahr=trim(replace(Fahrenheit,",","."))
iffahr=""orIsNumeric(fahr)=falsethenreturn"Error"
return((((fahr)32)/9)*5)
endfunction
<WebMethod()>PublicFunctionCelsiusToFahrenheit
(ByValCelsiusAsString)AsString
dimcel
cel=trim(replace(Celsius,",","."))
ifcel=""orIsNumeric(cel)=falsethenreturn"Error"
return((((cel)*9)/5)+32)
endfunction
endclass

Thisdocumentissavedasan.asmxfile.ThisistheASP.NETfileextensionforXMLWeb
Services.
ExampleExplained
Note:Torunthisexample,youwillneeda.NETserver.
ThefirstlineintheexamplestatesthatthisisaWebService,writtenin VBScript,andhasthe
classname"TempConvert":
<%@WebServiceLanguage="VBScript"Class="TempConvert"%>

Thenextlinesimportthenamespace"System.Web.Services"fromthe.NETframework:
ImportsSystem
ImportsSystem.Web.Services

Thenextlinedefinesthatthe"TempConvert"classisaWebServiceclasstype:
PublicClassTempConvert:InheritsWebService

ThenextstepsarebasicVBprogramming.Thisapplicationhastwofunctions.Onetoconvert
fromFahrenheittoCelsius,andonetoconvertfromCelsiustoFahrenheit.
Theonlydifferencefromanormalapplicationisthatthisfunctionisdefinedasa
"WebMethod()".
Use"WebMethod()"toconvertthefunctionsinyourapplicationintowebservices:
<WebMethod()>PublicFunctionFahrenheitToCelsius
(ByValFahrenheitAsString)AsString
dimfahr
fahr=trim(replace(Fahrenheit,",","."))
iffahr=""orIsNumeric(fahr)=falsethenreturn"Error"
return((((fahr)32)/9)*5)
endfunction
<WebMethod()>PublicFunctionCelsiusToFahrenheit
(ByValCelsiusAsString)AsString
dimcel
cel=trim(replace(Celsius,",","."))
ifcel=""orIsNumeric(cel)=falsethenreturn"Error"
return((((cel)*9)/5)+32)

endfunction

Then,endtheclass:
endclass

Publishthe.asmxfileonaserverwith.NETsupport,andyouwillhaveyourfirstworkingWeb
Service.
ASP.NETAutomatestheProcess
WithASP.NET,youdonothavetowriteyourownWSDLandSOAPdocuments.
IfyoulookcloseratourexampleWebService,youwillseethatASP.NEThasautomatically
createda WSDL andSOAPrequest.
WebServices HowtoUse
UsingtheWeb ServiceExample
InthepreviouspagewecreatedaWebservice.
TheFahrenheitToCelsius()functioncanbetestedhere:FahrenheitToCelsius
TheCelsiusToFahrenheit()functioncanbetestedhere:CelsiusToFahrenheit
ThesefunctionswillsendanXMLresponselikethis:
<?xmlversion="1.0"encoding="utf8"?>
<stringxmlns="http://tempuri.org/">38</string>

PuttheWebServiceonYourWebSite
UsingaformandtheHTTPPOSTmethod,youcanputthewebserviceonyoursite,likethis:
FahrenheittoCelsius:
Submit

CelsiustoFahrenheit:
Submit

HowToDoIt
HereisthecodetoaddtheWebServicetoawebpage:
<form
action='http://www.example.com/webservices/tempconvert.asmx/Fahr
enheitToCelsius'
method="post"target="_blank">
<table>
<tr>
<td>FahrenheittoCelsius:</td>
<td><inputclass="frmInput"type="text"size="30"
name="Fahrenheit"></td>
</tr>
<tr>
<td></td>
<tdalign="right"><inputtype="submit"value="Submit"
class="button"></td>
</tr>
</table>
</form>
<form
action='http://www.example.com/webservices/tempconvert.asmx/Cels
iusToFahrenheit'
method="post"target="_blank">
<table>
<tr>
<td>CelsiustoFahrenheit:</td>
<td><inputclass="frmInput"type="text"size="30"
name="Celsius"></td>
</tr>
<tr>
<td></td>
<tdalign="right"><inputtype="submit"value="Submit"
class="button"></td>
</tr>
</table>
</form>

Experiment No. 5
Aim: To study E mail security.
Theory:
Q.1 What is Email?What are its basic phases.
Q.2. Which are three security protocols.
Q.3.Explain PEM,PGP, S/MIME in detail with one example.

Experiment No. 6
Aim: To study E commerce security.
Theory:
Q.1 What is E -commercel?
Q.2. Explain some examples of E-commerce in detail?
Q.3.Explain some uses of E-commerce.
Q.4. Explain advantages of E-commerce.

Experiment No. 7
Aim: To study WAP security.
Theory:
Q.1 What is WAP security.Explain WAP with WAP protocol stack.
Q.2. Explain advantages of WAP security.
Q.3.Explain WAP stack architecture.
Q.4. Explain WTLS security.

Experiment No. 8
Aim: To study Data Encryption standard algorithm.
Theory:
Q.1 What Data Encryption standard
Q.2. Explain Data Encryption standard algorithm.
Q.3.Explain S-DES key generation & encryption giving one example.

4.Quizonthesubject:
Multiple choice questions based on syllabus.

5.ConductionofVivaVoceExaminations:
1. Define Network Security.
2. State the advantages of Network SEcurity.
3. What do you mean by encryption.What is algorithm.
4. Define RSA,DES,Bolck cipher algorithms
5. What is the MD5. How it works.
6. State the advantages & disadvantages of Digital Signature,Digital Certificate.
7. Compare Digital Signature,Digital Certificate
8.What is computer virus,firewall &intrusion.
9. List different applications of NS.

10.Explain current technology in Network Security.

Questions to be prepared for viva voce examinations

6.Evaluationandmarkingsystem:

As per JNEC format/University marking scheme.