Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
LaboratoryManual
NETWORKSECURITY
For
SUBJECTINDEX
Title
Page no.
04
04
3. Lab Exercises
1. To study RSA algorithm
2. To study MD-5 algorithm
3.
4.
5.
6.
7.
8.
9.
10.
05
08
Do not handle computer for security without reading the instructions/Instruction manuals.
Refer Help for security options.
Go through Internet options whenever necessary.
Strictly observe the instructions given by the teacher/Lab Instructor.
1. Lab work completed during prior session ,should be corrected during the next lab session.
3. The promptness of submission should be encouraged by way of marking and evaluation patterns
that will benefit the sincere students.
Experiment No. 1
Aim: To study RSA algorithm.
Theory: In cryptography, RSA is an algorithm for public-key cryptography. It is the first
algorithm known to be suitable for signing as well as encryption, and one of the first great
advances in public key cryptography. RSA is widely used in electronic commerce protocols, and
is believed to be secure given sufficiently long keys and the use of up-to-date implementations.
The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman
at MIT; the letters RSA are the initials of their surnames, listed in the same order as on the
paper.[
The RSA algorithm involves three steps: key generation, encryption and decryption.
RSA in a nutshell:
_
Key generation:
_
Compute modulus n = pq
_
Encryption: c = memod n,
decryption: m = cdmod n
79
Experiment No. 2
Aim: To study MD-5 algorithm.
Theory: In cryptography, MD5 (Message-Digest algorithm 5) is a widely used
cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC
1321), MD5 has been employed in a wide variety of security applications, and is also
commonly used to check the integrity of files. However, it has been shown that MD5 is
not collision resistant[1] hence MD5 is not suitable for applications that rely on this
property. An MD5 hash is typically expressed as a 32 digit hexadecimal number.
MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In
1996, a flaw was found with the design of MD5.
MD5 processes a variable-length message into a fixed-length output of 128 bits. The
input message is broken up into chunks of 512-bit blocks (sixteen 32-bit little endian
integers); the message is padded so that its length is divisible by 512. The padding
works as follows: first a single bit, 1, is appended to the end of the message. This is
followed by as many zeros as are required to bring the length of the message up to 64
bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit integer
representing the length of the original message, in bits.
The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words,
denoted A, B, C and D. These are initialized to certain fixed constants. The main
algorithm then operates on each 512-bit message block in turn, each block modifying
the state. The processing of a message block consists of four similar stages, termed
There are four possible functions F; a different one is used in each round:
Experiment No. 3
Aim: To study Block cipher algorithm.
Theory: In cryptography, a block cipher operates on blocks of fixed length, often 64 or
128 bits. Because messages may be of any length, and because encrypting the same
plaintext under the same key always produces the same output (as described in the
ECB section below), several modes of operation have been invented which allow block
ciphers to provide confidentiality for messages of arbitrary length.
Modes: ECB, CBC, OFB and CFB.
Initialization vector (IV)
All these modes (except ECB) require an initialization vector, or IV -- a sort of 'dummy
block' to kick off the process for the first real block, and also to provide some
randomization for the process. There is no need for the IV to be secret, in most cases,
but it is important that it is never reused with the same key. For CBC and CFB, reusing
an IV leaks some information about the first block of plaintext, and about any common
prefix shared by the two messages. For OFB and CTR, reusing an IV completely
destroys security. In CBC mode, the IV must, in addition, be randomly generated at
encryption time.
Here's a striking example of the degree to which ECB can leave plaintext data patterns
in the ciphertext. A pixel-map version of the image on the left was encrypted with ECB
mode to create the center image:
Experiment No. 4
Aim: To study of Web Security.
WhatareWebServices?
Webservicesareapplicationcomponents
Webservicescommunicateusingopenprotocols
Webservicesareselfcontainedandselfdescribing
WebservicescanbediscoveredusingUDDI
Webservicescanbeusedbyotherapplications
XMListhebasisforWebservices
HowDoesitWork?
ThebasicWebservicesplatformisXML+HTTP.
XMLprovidesalanguagewhichcanbeusedbetweendifferentplatformsandprogramming
languagesandstillexpresscomplexmessagesandfunctions.
TheHTTPprotocolisthemostusedInternetprotocol.
Webservicesplatform elements:
SOAP(SimpleObjectAccessProtocol)
UDDI(UniversalDescription,DiscoveryandIntegration)
WSDL(WebServicesDescriptionLanguage)
InteroperabilityhasHighestPriority
WhenallmajorplatformscouldaccesstheWebusingWebbrowsers,differentplatformscould
interact.Fortheseplatformstoworktogether,Webapplicationsweredeveloped.
Webapplicationsaresimpleapplicationsthatrunontheweb.ThesearebuiltaroundtheWeb
browserstandardsandcanbeusedbyanybrowseronanyplatform.
WebServicestakeWebapplicationstotheNextLevel
ByusingWebservices,yourapplicationcanpublishitsfunctionormessagetotherestofthe
world.
WebservicesuseXMLtocodeandtodecodedata,andSOAPtotransportit(usingopen
protocols).
WithWebservices,youraccountingdepartment'sWin2kserver'sbillingsystemcanconnect
withyourITsupplier'sUNIXserver.
WebServiceshaveTwoTypesofUses
Reusableapplicationcomponents.
Therearethingsapplicationsneedveryoften.Sowhymaketheseoverandoveragain?
Webservicescanofferapplicationcomponentslike:currencyconversion,weatherreports,or
evenlanguagetranslationasservices.
Connectexistingsoftware.
Webservicescanhelptosolvetheinteroperabilityproblembygivingdifferentapplicationsa
waytolinktheirdata.
WithWebservicesyoucanexchangedatabetweendifferentapplicationsanddifferent
platforms.
WebServices PlatformElements
WebServiceshavethreebasicplatformelements:SOAP,WSDLandUDDI.
WhatisSOAP?
SOAPisanXMLbasedprotocoltoletapplicationsexchangeinformationoverHTTP.
Ormoresimple:SOAPisaprotocolforaccessingaWebService.
SOAPstandsforSimpleObjectAccessProtocol
SOAPisacommunicationprotocol
SOAPisaformatforsendingmessages
SOAPisdesignedtocommunicateviaInternet
SOAPisplatformindependent
SOAPislanguageindependent
SOAPisbasedonXML
SOAPissimpleandextensible
SOAPallowsyoutogetaroundfirewalls
SOAPisaW3Cstandard
WebServices Example
AnyapplicationcanhaveaWebServicecomponent.
WebServicescanbecreatedregardlessofprogramminglanguage.
AWebServiceExample
InthefollowingexamplewewilluseASP.NETtocreateasimpleWebServicethatconvertsthe
temperaturefromFahrenheittoCelsius,andviceversa:
<%@WebServiceLanguage="VBScript"Class="TempConvert"%>
ImportsSystem
ImportsSystem.Web.Services
PublicClassTempConvert:InheritsWebService
<WebMethod()>PublicFunctionFahrenheitToCelsius
(ByValFahrenheitAsString)AsString
dimfahr
fahr=trim(replace(Fahrenheit,",","."))
iffahr=""orIsNumeric(fahr)=falsethenreturn"Error"
return((((fahr)32)/9)*5)
endfunction
<WebMethod()>PublicFunctionCelsiusToFahrenheit
(ByValCelsiusAsString)AsString
dimcel
cel=trim(replace(Celsius,",","."))
ifcel=""orIsNumeric(cel)=falsethenreturn"Error"
return((((cel)*9)/5)+32)
endfunction
endclass
Thisdocumentissavedasan.asmxfile.ThisistheASP.NETfileextensionforXMLWeb
Services.
ExampleExplained
Note:Torunthisexample,youwillneeda.NETserver.
ThefirstlineintheexamplestatesthatthisisaWebService,writtenin VBScript,andhasthe
classname"TempConvert":
<%@WebServiceLanguage="VBScript"Class="TempConvert"%>
Thenextlinesimportthenamespace"System.Web.Services"fromthe.NETframework:
ImportsSystem
ImportsSystem.Web.Services
Thenextlinedefinesthatthe"TempConvert"classisaWebServiceclasstype:
PublicClassTempConvert:InheritsWebService
ThenextstepsarebasicVBprogramming.Thisapplicationhastwofunctions.Onetoconvert
fromFahrenheittoCelsius,andonetoconvertfromCelsiustoFahrenheit.
Theonlydifferencefromanormalapplicationisthatthisfunctionisdefinedasa
"WebMethod()".
Use"WebMethod()"toconvertthefunctionsinyourapplicationintowebservices:
<WebMethod()>PublicFunctionFahrenheitToCelsius
(ByValFahrenheitAsString)AsString
dimfahr
fahr=trim(replace(Fahrenheit,",","."))
iffahr=""orIsNumeric(fahr)=falsethenreturn"Error"
return((((fahr)32)/9)*5)
endfunction
<WebMethod()>PublicFunctionCelsiusToFahrenheit
(ByValCelsiusAsString)AsString
dimcel
cel=trim(replace(Celsius,",","."))
ifcel=""orIsNumeric(cel)=falsethenreturn"Error"
return((((cel)*9)/5)+32)
endfunction
Then,endtheclass:
endclass
Publishthe.asmxfileonaserverwith.NETsupport,andyouwillhaveyourfirstworkingWeb
Service.
ASP.NETAutomatestheProcess
WithASP.NET,youdonothavetowriteyourownWSDLandSOAPdocuments.
IfyoulookcloseratourexampleWebService,youwillseethatASP.NEThasautomatically
createda WSDL andSOAPrequest.
WebServices HowtoUse
UsingtheWeb ServiceExample
InthepreviouspagewecreatedaWebservice.
TheFahrenheitToCelsius()functioncanbetestedhere:FahrenheitToCelsius
TheCelsiusToFahrenheit()functioncanbetestedhere:CelsiusToFahrenheit
ThesefunctionswillsendanXMLresponselikethis:
<?xmlversion="1.0"encoding="utf8"?>
<stringxmlns="http://tempuri.org/">38</string>
PuttheWebServiceonYourWebSite
UsingaformandtheHTTPPOSTmethod,youcanputthewebserviceonyoursite,likethis:
FahrenheittoCelsius:
Submit
CelsiustoFahrenheit:
Submit
HowToDoIt
HereisthecodetoaddtheWebServicetoawebpage:
<form
action='http://www.example.com/webservices/tempconvert.asmx/Fahr
enheitToCelsius'
method="post"target="_blank">
<table>
<tr>
<td>FahrenheittoCelsius:</td>
<td><inputclass="frmInput"type="text"size="30"
name="Fahrenheit"></td>
</tr>
<tr>
<td></td>
<tdalign="right"><inputtype="submit"value="Submit"
class="button"></td>
</tr>
</table>
</form>
<form
action='http://www.example.com/webservices/tempconvert.asmx/Cels
iusToFahrenheit'
method="post"target="_blank">
<table>
<tr>
<td>CelsiustoFahrenheit:</td>
<td><inputclass="frmInput"type="text"size="30"
name="Celsius"></td>
</tr>
<tr>
<td></td>
<tdalign="right"><inputtype="submit"value="Submit"
class="button"></td>
</tr>
</table>
</form>
Experiment No. 5
Aim: To study E mail security.
Theory:
Q.1 What is Email?What are its basic phases.
Q.2. Which are three security protocols.
Q.3.Explain PEM,PGP, S/MIME in detail with one example.
Experiment No. 6
Aim: To study E commerce security.
Theory:
Q.1 What is E -commercel?
Q.2. Explain some examples of E-commerce in detail?
Q.3.Explain some uses of E-commerce.
Q.4. Explain advantages of E-commerce.
Experiment No. 7
Aim: To study WAP security.
Theory:
Q.1 What is WAP security.Explain WAP with WAP protocol stack.
Q.2. Explain advantages of WAP security.
Q.3.Explain WAP stack architecture.
Q.4. Explain WTLS security.
Experiment No. 8
Aim: To study Data Encryption standard algorithm.
Theory:
Q.1 What Data Encryption standard
Q.2. Explain Data Encryption standard algorithm.
Q.3.Explain S-DES key generation & encryption giving one example.
4.Quizonthesubject:
Multiple choice questions based on syllabus.
5.ConductionofVivaVoceExaminations:
1. Define Network Security.
2. State the advantages of Network SEcurity.
3. What do you mean by encryption.What is algorithm.
4. Define RSA,DES,Bolck cipher algorithms
5. What is the MD5. How it works.
6. State the advantages & disadvantages of Digital Signature,Digital Certificate.
7. Compare Digital Signature,Digital Certificate
8.What is computer virus,firewall &intrusion.
9. List different applications of NS.
6.Evaluationandmarkingsystem: