JOMO KENYATTA UNIVERSITY OF AGRICULTURE AND

TECHNOLOGY

DEPARTMENT OF ELECTRICAL AND ELECTRONIC

ENGINEERING

BSc. ELECTRONIC AND COMPUTER ENGINEERING

EEC 2505: Cryptography and Network Security

ASSIGNMENT 1
NAME: SIMIYU PIUS REMMY
REG.NO: EN272-1939/2012

LECTURER: MR PETER KARANJA

Question one
Solution
a)
'(n) = 100 × 112, so want d = 7467−1 (mod 11200), the decryption exponent.
Run the extended Euclidean algorithm: 11200 = 1×7467+3733, then 7467 = 2×3733+1,
and stop, gcd=1. Now work backwards, 1 = 7467 − 2 × 3733 = 7467 − 2(11200 − 7467) =
3 × 7467 − 2 × 11200. Therefore, the inverse of 7467 is d = 3.
Now 58593 ≡ 1415 (mod 11413), which translates to the plaintext no.

b)

//C program for RSA asymetric cryptographic

//algorithim for demonstration values are relatively small compared to practical
//application

#include <stdio.h>
#include <stdlib.h>
#include<math.h>

//returns gcd for a and b

int gcd(int a, int h)

{
int temp;
while(1)
{
temp = a%h;
if(temp==0)
 a=h;
h= temp;
}
}

//code to demostrate RSA algorithm

int main()
{
//two random prime numbers
double p = 3;
double q = 7;

//First part of public key:

double n = p*q;
// Finding other part of public key.
//e stands for encrypt

double e = 2;
double phi = (p-1)*(q-1);
while(e<phi)
{
//e must be co-prime to phi and
//smaller than phi.
if(gcd(e,phi)==1)

break;
 else

e++;
}

//private key(d stands for decrypt)

//choosing d such that it satisfies
//d*e = 1+k*totient
int k = 2; // a constant value
double d = (1 + (k*phi))/e;

//message to be encrypted
double msg = 20;

printf("message data = %lf",msg);

//encryption c = (msg^e)%n
double c = pow(msg,e);
c = fmod(c,n);
printf("\nEncrypted data = %lf", c);// Decryption m = (c ^ d) % n
double m = pow(c, d);m = fmod(m, n);
printf("\nOriginal Message Sent = %lf", m);
return 0;}
Question 2
YA=515 mod 157=79

B)YB=527 mod 157=65

C)YK=6515 mod 157=78

c)

a) YB = gn mod 23
5^n mod 23 = 10 ;
YB = 3
b) K = YAXB mod 23
=83 mod 23 = 6
c)Evaluating for
5n mod 23 for n<22
51 mod 23 =5
52 mod 23 = 2
53mod 23=10
54mod 23=4
55mod 23=20
56mod 23=8
521mod 23=14
All the values is between 1 to 23 , therefore, the5 is a primitive root of 23

Question 3

a) Wireless Sensor Networks: Security Issues, Challenges and Solutions

Wireless sensor networks are a new type of networked systems, characterized by severely
constrained computational and energy resources, and an ad hoc operational environment.
Wireless sensor networks require the need for effective security mechanisms. Because sensor
networks may interact with sensitive data and/or operate in hostile unattended environments, it is
imperative that these security concerns be addressed from the beginning of the system design.
However, due to inherent resource and computing constraints, security in sensor networks poses
different challenges than traditional network/ computer security. There is currently enormous
research potential in the field of wireless sensor network security. Thus, familiarity with the
current research in this field will benefit researchers greatly. This paper is an attempt to present a
survey on the major topics in wireless sensor network security, and also present the obstacles and
the requirements in the sensor security, classify many of the current attacks, and finally list their
corresponding defensive measures.

OBSTACLE TO SENSOR SECURITY

A wireless sensor network is a special network which has many constraints compared to a
traditional computer network. Because sensor networks pose unique challenges, traditional
security techniques used in traditional networks cannot be applied directly. First, to make sensor
networks economically viable, sensor devices are limited in their energy, computation, and
communication capabilities. Second, unlike traditional networks, sensor nodes are often
deployed in accessible areas, presenting the added risk of physical attack. And third, sensor
networks interact closely with their physical environments and with people, posing new security
problems. Due to these constraints it is difficult to directly employ the existing security
approaches to the area of wireless sensor networks. Therefore, to develop useful security
mechanisms while borrowing the ideas from the current security techniques, it is necessary to
know and understand these constraints first

1. Very Limited Resources

All security approaches require a certain amount of resources for the implementation, including
data memory, code space, and energy to power the sensor. However, currently these resources
are very limited in a tiny wireless sensor. The major parameters are:

Limited Memory and Storage Space:

A sensor is a tiny device with only a small amount of memory and storage
space for the code. In order to build an effective security mechanism, it is necessary to
limit the code size of the security algorithm. For example, one common sensor type
(TelosB) has an 16-bit, 8 MHz RISC CPU with only 10K RAM, 48K program memory,
and 1024K flash storage. With such a limitation, the software built for the sensor must
also be quite small.

Power Limitation:

Energy is the biggest constraint to wireless sensor capabilities. We assume that once sensor
nodes are deployed in a sensor network, they cannot be easily replaced (high operating cost) or
recharged (high cost of sensors). Therefore, the battery charge taken with them to the field must
be conserved to extend the life of the individual sensor node and the entire sensor network.

2. Unreliable Communication

Certainly, unreliable communication is another threat to sensor security. The security of the
network relies heavily on a defined protocol, which in turn depends on communication. The
major parameters are:
Unreliable Transfer:

Normally the packet-based routing of the sensor network is connectionless and thus inherently
unreliable. Packets may get damaged due to channel errors or dropped at highly congested nodes.
The result is lost or missing packets. Furthermore, the unreliable wireless communication
channel also results in damaged packets.
Conflicts:

Even if the channel is reliable, the communication may still be unreliable. This is due to the
broadcast nature of the wireless sensor network. If packets meet in the middle of transfer,
conflicts will occur and the transfer itself will fail. In a crowded (high density) sensor network,
this can be a major problem. More details about the effect of wireless communication can be
found at

Latency:

The multi-hop routing, network congestion, and node processing can lead to greater latency in
the network, thus making it difficult to achieve synchronization among sensor nodes. The
synchronization issues can be critical to sensor security where the security mechanism relies on
critical event reports and cryptographic key distribution.

3. Unattended Operations
Depending on the function of the particular sensor network, the sensor nodes may be left
unattended for long periods of time. There are three main caveats to unattended sensor nodes:

Exposure to Physical Attacks:

The sensor may be deployed in an environment open to adversaries, bad weather, and so on. The
likelihood that a sensor suffers a physical attack in such an environment is therefore much higher
than the typical PCs, which is located in a secure place and mainly faces attacks from a network

Managed Remotely:

Remote management of a sensor network makes it virtually impossible to detect physical

tampering (i.e., through tamperproof seals) and physical maintenance issues (e.g., battery
replacement). Perhaps the most extreme example of this is a sensor node used for remote
reconnaissance missions behind enemy lines. In such a case, the node may not have any physical
contact with friendly forces once deployed

No Central Management Point:

A sensor network should be a distributed network without a central management point. This will
increase the vitality of the sensor network. However, if designed incorrectly, it will make the
network organization difficult, inefficient, and fragile.
 4. SECURITY REQUIREMENTS
A sensor network is a special type of network. It shares some commonalities with a typical
computer network, but also poses unique requirements of its own. Therefore, we can think of the
requirements of a wireless sensor network as encompassing both the typical network
requirements and the unique requirements suited solely to wireless sensor networks.

Data Confedentiality

Data confidentiality is the most important issue in network security. Every network with any
security focus will typically address this problem first. In sensor networks, the confidentiality
relates to the following
 A sensor network should not leak sensor readings to its neighbors. Especially in a
military application, the data stored in the sensor node may be highly sensitive.

 In many applications nodes communicate highly sensitive data, e.g., key distribution;
therefore it is extremely important to build a secure channel in a wireless sensor network.

 Public sensor information, such as sensor identities and public keys, should also be
encrypted to some extent to protect against traffic analysis attacks.

Data Integrity

With the implementation of confidentiality, an adversary may be unable to steal information.

However, this doesn’t mean the data is safe. The adversary can change the data, so as to send the
sensor network into disarray. For example, a malicious node may add some fragments or
manipulate the data within a packet. This new packet can then be sent to the original receiver.
Data loss or damage can even occur without the presence of a malicious node due to the harsh
communication environment. Thus, data integrity ensures that any received data has not been
altered in transit.
Data Freshness

Even if confidentiality and data integrity are assured, we also need to ensure the freshness of
each message. Informally, data freshness suggests that the data is recent, and it ensures that no
old messages have been replayed. This requirement is especially important when there are
shared-key strategies employed in the design. Typically shared keys need to be changed over
time. However, it takes time for new shared keys to be propagated to the entire network. In this
case, it is easy for the adversary to use a replay attack. Also, it is easy to disrupt the normal work
of the sensor, if the sensor is unaware of the new key change time. To solve this problem a
nonce, or another time-related counter, can be added into the packet to ensure data freshness.

Availability

Adjusting the traditional encryption algorithms to fit within the wireless sensor network is not
free, and will introduce some extra costs. Some approaches choose to modify the code to reuse as
much code as possible. Some approaches try to make use of additional communication to
achieve the same goal. What’s more, some approaches force strict limitations on the data access,
or propose an unsuitable scheme (such as a central point scheme) in order to simplify the
algorithm. But all these approaches weaken the availability of a sensor and sensor network for
the following reasons:

 Additional computation consumes additional energy. If no more energy exists, the data
will no longer be available.
 Additional communication also consumes more energy. What’s more, as communication
increases so too does the chance of incurring a communication conflict.
 A single point failure will be introduced if using the central point scheme. This greatly
threatens the

5. ATTACKS

Sensor networks are particularly vulnerable to several key types of attacks. Attacks can be
performed in a variety of ways, most notably as denial of service attacks, but alsothrough traffic
analysis, privacy violation, physical attacks, and so on. Denial of service attacks on wireless
sensor networks can range from simply jamming the sensor’s communicationchannel to more
sophisticated attacks designed to violate the 802.11 MAC protocol or any other layer of the
wireless sensor network. Due to the potential asymmetry in power and computational constraints,
guarding against a well orchestrated denial of service attack on a wireless sensor network can be
nearly impossible. A more powerful node can easily jam a sensor node and effectively prevent
the sensor network from performing its intended duty. We note that attacks on wireless sensor
networks are not limited to simply denial of service attacks, but rather encompass a variety of
techniques including node takeovers, attacks on the routing protocols, and attacks on a node’s
physical security. In this section, we first address some common denial of service attacks and
then describe additional attacking, including those on the routing protocols as well as an identity
based attack known as the Sybil attack.
Denial of Service Attacks
 the Sybil Attack
 Traffic Analysis Attack
 Node Replication Attack
 Attacks against Privacy
 Physical Attacks

6. DEFENCE MEASURES

Now we are in a position to describe the measures for satisfying security requirements, and
protecting the sensor network from attacks. We start with key establishment in wireless sensor
networks, which lays the foundation for the security in a wireless sensor network, followed by
defending against DoS attacks and secure broadcasting and multicasting
Key Estabilishment

One security aspect that receives a great deal of attention in wireless sensor networks is the area
of key management. Wireless sensor networks are unique (among other embedded wireless
networks) in this aspect due to their size, mobility and computational/power constraints. Indeed,
researchers envision wireless sensor networks to be orders of magnitude larger than their
traditional embedded counterparts. This, coupled with the operational constraints described
previously, makes secure key management an absolute necessity in most wireless sensor network
designs. Because encryption and key management/establishment are so crucial to the defense of
a wireless sensor network, with nearly all aspects of wireless sensor network defenses relying on
solid encryption, we first begin with an overview of the unique key and encryption issues
surrounding wireless sensor networks before discussing more specific sensor network

Defending against DoS Attacks

Since denial of service attacks is so common, effective defenses must be available to combat
them. One strategy in defending against the classic jamming attack is to identify
the jammed part of the sensor network and effectively route around the unavailable portion.
Wood and Stankovic describe a two phase approach where the nodes along the perimeter of the
jammed region report their status to their neighbors who then collaboratively define the jammed
region and simply route around it. To handle jamming at the MAC layer, nodes might utilize a
MAC admission control that is rate limiting. This would allow the network to ignore those
requests designed to exhaust the power reserves of a node. This, however, is not fool-proof as the
network must be able to handle any legitimately large traffic volumes. Overcoming rogue
sensors that intentionally misroute messages can be done at the cost of redundancy. In this case,
a sending node can send the message along multiple paths in an effort to increase the likelihood
that the message will ultimately arrive at its destination. This has the advantage of effectively
dealing with nodes that may not be malicious, but rather may have simply failed as it does not
rely on a single node to route its messages. To overcome the transport layer flooding denial of
service attack Aura, Nikander and Leiwo suggest using the client puzzles posed by Juels and
Brainard in an effort to discern a node’s commitment to making the connection by utilizing some
of their own resources. Aura et al. advocate that a server should force a client to commit its own
resources first. Further, they suggest that a server should always force a client to commit more
resources up front than the server. This strategy would likely be effective as long as the client has
computational resources comparable to those

Bots & Botnets

Internet bots, also known as web robots are software applications that perform repetitive tasks
automatically or on a schedule over the internet, tasks that would be too mundane or time-
consuming for an actual person. Also bot can be described as a computer that has been
compromised through a malware infection and can be controlled remotely by a cybercriminal.
The cybercriminal can then use the bot (also known as a zombie computer) to launch more
attacks, or to bring it into a collection of controlled computers, known as a botnet.

Botnets have been one of the most common methods of malware deployment for the past decade,
infecting hundreds of millions of computers. As botnets infect new technologies, such as Internet
of Things (IoT) devices in homes, public spaces, and secure areas, compromised systems can put
even more unsuspecting users at risk.

They perform large operations while remaining small, most people would be shocked to learn
that the spam they're receiving is coming from thousands or even millions of computers just like
their own. The real owners of those computers can still use them, and are probably totally
unaware that anything is wrong, except perhaps that their computer sometimes seems slow. They
also compromise open-source and unsecured devices

Why do Cybercriminals use Botnet Attacks?

 To steal financial and personal information

 To attack legitimate web services

 To extort money from victims

 To make money from zombie and botnet systems

Tips to Prevent a Botnet Attack

If you have not installed security software and ensured that it is turned on and kept up-to-date
your machine is likely infected with all kinds of malicious software. Here are a few steps you
should take to protect your systems from botnet infiltration:

 Set your antivirus and antispyware programs to update automatically.

 Routinely check for browser and operating system updates and patches.

 Only click internet links or open emails if you trust the source.

Salted Password Hashing

Password hashing is defined as putting a password through a hashing algorithm (bcrypt, SHA,
etc) to turn plaintext into an unintelligible series of numbers and letters. This is important for
basic security hygiene because, in the event of a security breach, any compromised passwords
are unintelligible to the bad actor. As a result, the theft of this information is considerably more
difficult. Below is an example of a few words going through the hashing process.

Password hashing is a key step to protecting your users on the backend, but it’s not infallible
because it hashes in a consistent way. This means it is predictable and can be beaten by
dictionary attacks or rainbow table attacks. “Hello”, for example, will always equal to the same
combination of letters and numbers, and therefore can be guessed through brute force. One way
of protecting against this is by adding a salt or using salted passwords.

Password Salting is the act of adding a series of random characters to a password before going
through the hashing function.

As you can see in the image above, a series of random numbers and letters was added to the
original “password” to result in a different hash function each time. This way, we protect against
the flaw of the hash function by having a different hashed password each time.
Where should salted passwords be stored?
In terms of how this works in the IT infrastructure, salts have to be stored in a database along
with the user password, as illustrated below. Salts are recommended to be random and unique
per login to mitigate attacks using rainbow tables of pre-computed hashes. While an attacker
could still re-compute hashes of common password lists using a given salt for a password, a way
to provide additional defense in depth is to encrypt password storage at rest, preferably backed
by a HSM or cloud key management service like AWS KMS.

The “Big Brother is listening and watching problem”

The government surveillance spying on people using any devices that you may have. The
government has the ability to eavesdrop on your communications—landlines, cell phones, e-
mails, BlackBerry messages, Internet searches, and more—with ease. Ones actions are being
monitored by the government as a means of controlling and suppressing the will of the
populance.

Snowden also claimed the NSA could spy on individuals even if phones are turned off, by
remotely accessing and powering up the devices.

Robert Graham, chief executive of cybersecurity company Errata Security, told CNBC that the
NSA can turn on your phone, but only if it’s able to physically touch the phone to install
hardware or software.

In America too, Audio surveillance were set on mass transit systems but according to officials it
is all about passenger safety, But civil liberties advocates call it a ‘gross violation of privacy.’
And they recently won the debate in New Jersey, where the program on some light-rail lines was
shut down

These are all examples of the “Big Brother is listening and watching problem” in action. Almost
all countries’ security agencies perform this and I believe even in the Kenya it is done although
not at the same level with the USA’s NSA