CS6711 SECURITY LABORATORY

EX. NO: 1(A)

IMPLEMENTATION OF CAESAR CIPHER

AIM:

To implement the simple substitution technique named Caesar cipher using C language.

DESCRIPTION:

To encrypt a message with a Caesar cipher, each letter in the message is changed
using a simple rule: shift by three. Each letter is replaced by the letter three letters ahead in
the alphabet. A becomes D, B becomes E, and so on. For the last letters, we can think of the
alphabet as a circle and "wrap around". W becomes Z, X becomes A, Y becomes B, and Z
becomes C. To change a message back, each letter is replaced by the one three before it.

EXAMPLE:

ALGORITHM:

STEP-1: Read the plain text from the user.

STEP-2: Read the key value from the user.
STEP-3: If the key is positive then encrypt the text by adding the key with each
character in the plain text.
STEP-4: Else subtract the key from the plain text.
STEP-5: Display the cipher text obtained above.

PROGRAM: (Caesar Cipher)

ipher)

#include <stdio.h>
#include <string.h>
#include<conio.h>
#include <ctype.h>
void main()
CS6711 SECURITY LABORATORY

{
char plain[10], cipher[10];
int key,i,length;
int result;
clrscr();
printf("\n Enter the plain text:");
scanf("%s", plain);
printf("\n Enter the key value:");
scanf("%d", &key);
printf("\n \n \t PLAIN TEXt: %s",plain);
printf("\n \n \t ENCRYPTED TEXT: ");
for(i = 0, length = strlen(plain); i < length; i++)
{
cipher[i]=plain[i] + key;
if (isupper(plain[i]) && (cipher[i] > 'Z'))
cipher[i] = cipher[i] - 26;
if (islower(plain[i]) && (cipher[i] > 'z'))
cipher[i] = cipher[i] - 26;
printf("%c", cipher[i]);
}
printf("\n \n \t AFTER DECRYPTION : ");
for(i=0;i<length;i++)
{
plain[i]=cipher[i]-key;
if(isupper(cipher[i])&&(plain[i]<'A'))
plain[i]=plain[i]+26;
if(islower(cipher[i])&&(plain[i]<'a'))
plain[i]=plain[i]+26;
printf("%c",plain[i]);
}
getch();
}

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 6

CS6711 SECURITY LABORATORY

OUTPUT:

RESULT:

Thus the implementation of Caesar cipher had been executed successfully.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 7

CS6711 SECURITY LABORATORY

EX. NO: 2(C)

IMPLEMENTATION OF DIFFIE HELLMAN KEY EXCHANGE

ALGORITHM
AIM:

To implement the Diffie-Hellman Key Exchange algorithm using C language.

DESCRIPTION:

Diffie–Hellman Key Exchange establishes a shared secret between two parties that
can be used for secret communication for exchanging data over a public network. It is
primarily used as a method of exchanging cryptography keys for use in symmetric encryption
algorithms like AES. The algorithm in itself is very simple. The process begins by having the
two parties, Alice and Bob. Let's assume that Alice wants to establish a shared secret with
Bob.

EXAMPLE:

ALGORITHM:

STEP-1: Both Alice and Bob shares the same public keys g and p.
STEP-2: Alice selects a random public key a.
STEP-3: Alice computes his secret key A as ga mod p.
STEP-4: Then Alice sends A to Bob.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 32

CS6711 SECURITY LABORATORY

STEP-5: Similarly Bob also selects a public key b and computes his secret key as B
and sends the same back to Alice.
STEP-6: Now both of them compute their common secret key as the other one’s secret
key power of a mod p.

PROGRAM: (Diffie Hellman Key Exchange)

#include<stdio.h>
#include<conio.h>
long long int power(int a, int b, int mod)
{
long long int t;
if(b==1)
return a;
t=power(a,b/2,mod);
if(b%2==0)
return (t*t)%mod;
else
return (((t*t)%mod)*a)%mod;
}
long int calculateKey(int a, int x, int n)
{
return power(a,x,n);
}
void main()
{
int n,g,x,a,y,b;
clrscr();
printf("Enter the value of n and g : ");
scanf("%d%d",&n,&g);
printf("Enter the value of x for the first person : ");
scanf("%d",&x);
a=power(g,x,n);
printf("Enter the value of y for the second person : ");
scanf("%d",&y);
b=power(g,y,n);
printf("key for the first person is :
%lld\n",power(b,x,n));
printf("key for the second person is :
%lld\n",power(a,y,n));
getch();
}

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 33

CS6711 SECURITY LABORATORY

OUTPUT:

RESULT:
Thus the Diffie-Hellman key exchange algorithm had been successfully implemented
using C.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 34

CS6711 SECURITY LABORATORY

EX. NO: 1(E)

IMPLEMENTATION OF RAIL FENCE – ROW & COLUMN

TRANSFORMATION TECHNIQUE

AIM:

To write a C program to implement the rail fence transposition technique.

DESCRIPTION:

In the rail fence cipher, the plain text is written downwards and diagonally on
successive "rails" of an imaginary fence, then moving up when we reach the bottom rail.
When we reach the top rail, the message is written downwards again until the whole plaintext
is written out. The message is then read off in rows.

EXAMPLE:

ALGORITHM:

STEP-1: Read the Plain text.

STEP-2: Arrange the plain text in row columnar matrix format.
STEP-3: Now read the keyword depending on the number of columns of the plain text.
STEP-4: Arrange the characters of the keyword in sorted order and the corresponding
columns of the plain text.
STEP-5: Read the characters row wise or column wise in the former order to get the
cipher text.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 19

CS6711 SECURITY LABORATORY

PROGRAM: (Rail Fence)

#include<stdio.h>
#include<conio.h>
#include<string.h>
void main()
{
int i,j,k,l;
char a[20],c[20],d[20];
clrscr();
printf("\n\t\t RAIL FENCE TECHNIQUE");
printf("\n\nEnter the input string : ");
gets(a);
l=strlen(a);

/*Ciphering*/
for(i=0,j=0;i<l;i++)
{
if(i%2==0)
c[j++]=a[i];
}
for(i=0;i<l;i++)
{
if(i%2==1)
c[j++]=a[i];
}
c[j]='\0';
printf("\nCipher text after applying rail fence :");
printf("\n%s",c);

/*Deciphering*/
if(l%2==0)
k=l/2;
else
k=(l/2)+1;
for(i=0,j=0;i<k;i++)
{
d[j]=c[i];
j=j+2;
}
for(i=k,j=1;i<l;i++)
{
d[j]=c[i];
j=j+2;
}
d[l]='\0';
printf("\nText after decryption : ");
printf("%s",d);
getch();
}

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 20

CS6711 SECURITY LABORATORY

OUTPUT:

RESULT:

Thus the rail fence algorithm had been executed successfully.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 21

CS6711 SECURITY LABORATORY

EX. NO: 06

INSTALLATION OF ROOTKITS

AIM:

Rootkit is a stealth type of malicious software designed to hide the existence of

certain process from normal methods of detection and enables continued privileged access to
a computer.

INTRODUCTION:

Breaking the term rootkit into the two component words, root and kit, is a useful way
to define it. Root is a UNIX/Linux term that's the equivalent ofAdministrator in Windows.
The word kit denotes programs that allow someone to obtain root/admin-level access to the
computer by executing the programs in the kit — all of which is done without end-user
consent or knowledge.

A rootkit is a type of malicious software that is activated each time your system boots
up. Rootkits are difficult to detect because they are activated before your system's Operating
System has completely booted up. A rootkit often allows the installation of hidden files,
processes, hidden user accounts, and more in the systems OS. Rootkits are able to intercept
data from terminals,network connections, and the keyboard.

Rootkits have two primary functions: remote command/control (back door) and
software eavesdropping. Rootkits allow someone, legitimate or otherwise, to administratively
control a computer. This means executing files, accessing logs, monitoring user activity, and
even changing the computer's configuration. Therefore, in the strictest sense, even versions
of VNC are rootkits. This surprises most people, as they consider rootkits to be solely
malware, but in of themselves they aren't malicious at all.

The presence of a rootkit on a network was first documented in the early 1990s. At
that time, Sun and Linux operating systems were the primary targets for a hacker looking to
install a rootkit. Today, rootkits are available for a number of operating systems, including
Windows, and are increasingly difficult to detect on any network.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 70

CS6711 SECURITY LABORATORY

PROCEDURE:

STEP-1: Download Rootkit Tool from GMER website www.gmer.net.

STEP-2: This displays the Processes, Modules, Services, Files, Registry, RootKit /
Malwares, Autostart, CMD of local host.
STEP-3: Select Processes menu and kill any unwanted process if any.
STEP-4: Modules menu displays the various system files like .sys, .dll
STEP-5: Services menu displays the complete services running with Autostart, Enable,
Disable, System, Boot.
STEP-6: Files menu displays full files on Hard-Disk volumes.
STEP-7: Registry displays Hkey_Current_user and Hkey_Local_Machine.
STEP-8: Rootkits / Malwares scans the local drives selected.
STEP-9: Autostart displays the registry base Autostart applications.
STEP-10:CMD allows the user to interact with command line utilities or Registry

SCREENSHOTS:

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 71

CS6711 SECURITY LABORATORY

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 72

CS6711 SECURITY LABORATORY

RESULT:
Thus the study of installation of Rootkit software and its variety of options were
developed successfully.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 73

CS6711 SECURITY LABORATORY

EX. NO: 08

WORKING WITH SNORT TOOL TO DEMONSTRATE INTRUSION

DETECTION SYSTEM

AIM:

Snort is an open source network intrusion detection system (NIDS) and it is a packet
sniffer that monitors network traffic in real time.

INTRODUCTION:

INTRUSION DETECTION SYSTEM :

Intrusion detection is a set of techniques and methods that are used to detect
suspicious activity both at the network and host level. Intrusion detection systems fall into
two basic categories:
 Signature-based intrusion detection systems
 Anomaly detection systems.
Intruders have signatures, like computer viruses, that can be detected using software.
You try to find data packets that contain any known intrusion-related signatures or anomalies
related to Internet protocols. Based upon a set of signatures and rules, the detection system is
able to find and log suspicious activity and generate alerts.

Anomaly-based intrusion detection usually depends on packet anomalies present in

protocol header parts. In some cases these methods produce better results compared to
signature-based IDS. Usually an intrusion detection system captures data from the network
and applies its rules to that data or detects anomalies in it. Snort is primarily a rule-based
IDS, however input plug-ins are present to detect anomalies in protocol headers.

SNORT TOOL:

Snort is based on libpcap (for library packet capture), a tool that is widely used in
TCP/IPtraffic sniffers and analyzers. Through protocolanalysis and content searching and
matching, Snort detects attack methods, including denial of service, buffer overflow, CGI
attacks, stealthport scans, and SMB probes. When suspicious behavior is detected, Snort
sends a real-time alert to syslog, a separate 'alerts' file, or to apop-up window.

Snort is currently the most popular free network intrusion detection software. The
advantages of Snort are numerous. According to the snort web site, “It can perform protocol

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 78

CS6711 SECURITY LABORATORY

analysis, content searching/matching, and can be used to detect a variety of attacks and
probes, such as buffer overflow, stealth port scans, CGI attacks, SMB probes, OS
fingerprinting attempts, and much more” (Caswell).

One of the advantages of Snort is its ease of configuration. Rules are very flexible,
easily written, and easily inserted into the rule base. If a new exploit or attack is found a rule
for the attack can be added to the rule base in a matter of seconds. Another advantage of
snort is that it allows for raw packet data analysis.

SNORT can be configured to run in three modes:

1. Sniffer mode
2. Packet Logger mode
3. Network Intrusion Detection System mode
1. Sniffer mode
 Snort –v Print out the TCP/IP packets header on the screen
 Snort –vd show the TCP/IP ICMP header with application data in transmit
2. Packet Logger mode
 snort –dev –l c:\log [create this directory in the C drive] and snort will
automatically know to go into packet logger mode, it collects every packet it
sees and places it in log directory.
 snort –dev –l c:\log –h ipaddress/24:This rule tells snort that you want to
print out the data link and TCP/IP headers as well as application data into the
log directory. snort –l c:\log –b This is binary mode logs everything into a
single file.
3. Network Intrusion Detection System mode
 snort –d c:\log –h ipaddress/24 –c snort.conf This is a configuration file
applies rule to each packet to decide it an action based upon the rule type in
the file.
 Snort –d –h ipaddress/24 –l c:\log –c snort.conf This will cnfigure snort to
run in its most basic NIDS form, logging packets that trigger rules specifies in
the snort.conf.

PROCEDURE:

STEP-1: Sniffer mode snort –v  Print out the TCP/IP packets header on the screen.
STEP-2: Snort –vd  Show the TCP/IP ICMP header with application data in transit.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 79

CS6711 SECURITY LABORATORY

STEP-3: Packet Logger mode  snort –dev –l c:\log [create this directory in the C drive]
and snort will automatically know to go into packet logger mode, it collects every
packet it sees and places it in log directory.
STEP-4: snort –dev –l c:\log –h ipaddress/24  This rule tells snort that you want to print
out the data link and TCP/IP headers as well as application data into the log
directory.
STEP-5: snort –l c:\log –b  this binary mode logs everything into a single file.
STEP-6: Network Intrusion Detection System mode  snort –d c:\log –h ipaddress/24 –c
snort.conf  This is a configuration file that applies rule to each packet to decide
it an action based upon the rule type in the file.
STEP-7: snort –d –h ip address/24 –l c:\log –c snort.conf  This will configure snort to run
in its most basic NIDS form, logging packets that trigger rules specifies in the
snort.conf.
STEP-8: Download SNORT from snort.org. Install snort with or without database support.
STEP-9: Select all the components and Click Next. Install and Close.
STEP-10: Skip the WinPcap driver installation.
STEP-11: Add the path variable in windows environment variable by selecting new
classpath.
STEP-12: Create a path variable and point it at snort.exe variable name  path and variable
value  c:\snort\bin.
STEP-13: Click OK button and then close all dialog boxes. Open command prompt and type
the following commands:

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 80

CS6711 SECURITY LABORATORY

INSTALLATION PROCESS :

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 81

CS6711 SECURITY LABORATORY

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 82

CS6711 SECURITY LABORATORY

RESULT:
Thus the demonstration of the instruction detection using Snort tool was done
successfully.

VVIT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING 83