Experiment 1

Aim: Perform Encryption, decryption using following techniques:

I. Ceaser cipher
II. Playfair cipher
III. Hill cipher
IV. Vignere cipher

I. Caesar Cipher:
Encryption:
1. Choose a shift value, for example, 3.
2. Shift each letter in the plaintext by the chosen value.
3. Wrap around the alphabet if necessary (e.g., shifting 'z' by 3 becomes 'c').

Example:

Plain text: HELLO

Shift: 3
Encrypted text: KHOOR

Decryption:
1. Shift each letter in the encrypted text back by the same value.

II. Playfair Cipher:

Encryption:
1. Create a 5x5 matrix key table using a keyword (ignoring duplicate letters).

2. Divide the plaintext into pairs of letters.

3. Apply the Playfair rules to each pair of letters to generate the ciphertext.

Example:
Key: KEYWORD
Plain text: HELLO
Encrypted text: RIJVS
Decryption:

1. Apply the reverse Playfair rules to each pair of letters in the ciphertext to get the original
plaintext.

III. Hill Cipher:

Encryption:
1. Choose a matrix key (for example, a 2x2 or 3x3 matrix).
2. Convert the plaintext letters to numbers (A=0, B=1, ..., Z=25).
3. Multiply the matrix key with the vector of plaintext numbers.
4. Take the modulo 26 of each element in the result.

5. Convert the numbers back to letters.

Example (2x2 matrix):

Key: [[6, 24], [13, 16]]
Plain text: HELLO
Encrypted text: KQXMO

Decryption:
1. Calculate the modular inverse of the key matrix.

2. Multiply the inverse matrix with the vector of ciphertext numbers.

3. Take the modulo 26 of each element in the result.
4. Convert the numbers back to letters.

IV. Vigenère Cipher:

Encryption:
1. Choose a keyword, for example, "KEY".
2. Repeat the keyword to match the length of the plaintext.

3. Add the corresponding letters of the keyword and plaintext, modulo 26.
Example:

Keyword: KEYKEY
Plain text: HELLO
Encrypted text: RIJVS

Decryption:
1. Subtract the corresponding letters of the repeated keyword from the ciphertext, modulo
26.

Please note that these are simplified explanations. In real-world scenarios, additional steps
might be necessary for security purposes, such as handling spaces, special characters, or
implementing padding.
Experiment 2
AIM - Perform Encryption, decryption using transposition techniques.

Transposition techniques involve rearranging the characters of a plaintext message to create

the ciphertext. There are various methods to perform transposition encryption and
decryption. I'll demonstrate two common techniques: Rail Fence Cipher and Columnar
Transposition Cipher.

I. Rail Fence Cipher:

Encryption:
1. Write the plaintext diagonally on successive "rails" of an imaginary fence.
2. Read off the ciphertext from the rows.

Example:
Plain text: "HELLO WORLD"
Number of Rails: 3
Arranging on Rails:

Encrypted text: "HODERLELWLO"

Decryption:
1. Write the ciphertext diagonally on the same number of rails.
2. Read off the plaintext from the rows.

II. Columnar Transposition Cipher:

Encryption:
1. Write the plaintext in rows of a fixed length.
2. Rearrange the columns based on a keyword or another predetermined method.
3. Read off the ciphertext from the columns.
Example:
Plain text: "HELLO WORLD"

Keyword: "KEY"
Arranging in Columns:

Encrypted text: "KHLRO ELWDYO"

Decryption:
1. Arrange the columns based on the keyword.
2. Read off the plaintext from the rows.

Please note that in real-world applications, additional steps might be needed for security
purposes, such as handling spaces, special characters, or padding. The choice of the number
of rails or the keyword for columnar transposition significantly affects the resulting
ciphertext.
Experiment 3
Apply- DES algorithm for practical application.

Implementing the Data Encryption Standard (DES) algorithm from scratch requires a deep
understanding of cryptography and programming. DES involves a series of complex steps,
including permutation, substitution, and bitwise operations. Here, I'll outline the general
steps involved in DES encryption and decryption for a practical application. Keep in mind that
DES is no longer considered secure for most applications due to its short key length (56 bits).

DES Algorithm Steps:

Key Generation:

1. Key Permutation: The 64-bit key is permuted to generate 56-bit keys.

2. Key Splitting: The 56-bit key is split into two 28-bit halves.
3. Round Key Generation: 16 subkeys are generated by rotating and permuting the halves.

Encryption:
1. Initial Permutation (IP): The 64-bit plaintext is permuted.
2. Rounds (16 Rounds): The data undergoes a series of substitutions, permutations, and XOR
operations using the subkeys generated in the key generation step.

3. Final Permutation (FP): After the rounds, the 64-bit data is permuted again.

Decryption:
1. Initial Permutation (IP): Same as in encryption, the ciphertext undergoes an initial
permutation.
2. Rounds (16 Rounds, but in reverse order): The subkeys are used in reverse order in
decryption.

3. Final Permutation (FP): Same as in encryption, the result is permuted to get the
original plaintext.

Practical Implementation:
Implementing DES from scratch requires programming skills and a good understanding of
bitwise operations. You can use programming languages like Python, Java, or C++ for this
task. For Python, you might use bit manipulation and permutation techniques to perform the
necessary operations.

Here's a high-level Python example (using libraries like `bitarray` or `bitstring`) to

demonstrate DES encryption and decryption:

In this example, the `Crypto.Cipher` library provides an easy way to use DES encryption and
decryption. Note that using libraries is advisable for production applications, as they are
optimized and secure. This example uses Electronic CodeBook (ECB) mode, but for secure
applications, you should consider using other modes like Cipher Block Chaining (CBC) along
with proper initialization vectors. Always handle keys and sensitive data securely.
Experiment 4
AIM - Apply AES algorithm for practical application.

Implementing the Advanced Encryption Standard (AES) algorithm for practical applications
involves using established libraries and frameworks due to the complexity of the algorithm.
Here's how you can use the PyCryptodome library in Python, which provides a simple and
secure way to implement AES encryption and decryption.

First, you need to install the PyCryptodome library if you haven't already. You can install it
using pip:

AES Encryption and Decryption using PyCryptodome:

1. Key Generation: A random 256-bit key is generated using `get_random_bytes(32)`.

2. Encryption: The data is encrypted using AES in CBC (Cipher Block Chaining) mode. The
`pad()` function is used to ensure that the data length is a multiple of the block size. The
ciphertext is printed in hexadecimal format.

3. Decryption: The ciphertext is decrypted using the same key and initialization vector (iv)
used in encryption. The `unpad()` function is used to remove the padding, and the
decrypted plaintext is printed.
Experiment 5

AIM - 5 Implement RSA algorithm using html and java Script

RSA algorithm - RSA ALGORITHM is an asymmetric cryptography

algorithm. Asymmetric actually means that it works on two different keys
i.e. Public Key and Private Key. As the name describes that the Public Key is
given to everyone and the Private key is kept private.

An example of asymmetric cryptography:

1. A client (for example browser) sends its public key to the server
and requests some data.
2. The server encrypts the data using the client’s public key and sends
the encrypted data.
3. The client receives this data and decrypts it.

Here is the code in Java Script for RSA ALGORITM

//
//Javascript code for this approach

function gcd(a, h) {
/*
* This function returns the gcd or greatest common
* divisor
*/

let temp;
while (true) {
temp = a % h;
if (temp == 0) return h;
a = h;
h = temp;
}
}

let p = 3;
let q = 7;

// Stores the first part of public key:

let n = p * q;

// Finding the other part of public key.

// e stands for encrypt
let e = 2;
let phi = (p - 1) * (q - 1);
while (e < phi) {
/*
* e must be co-prime to phi and
* smaller than phi.
*/
if (gcd(e, phi) == 1) break;
else e++;
}
let k = 2; // A constant value
let d = (1 + (k * phi)) / e;

// Message to be encrypted
let msg = 12;

console.log("Message data = " + msg);

// Encryption c = (msg ^ e) % n
let c = Math.pow(msg, e);
c = c % n;
console.log("Encrypted data = " + c);

// Decryption m = (c ^ d) % n
let m = Math.pow(c, d);
m = m % n;
console.log("Original Message Sent = " + m);
Here is the code of RSA In HTML -

<html>
<head>
<title>RSA Encryption</title>
<meta name="viewport" content="width=device-width, initialscale=1.0">
</head>
<body>
<h1 style="text-align: center;">RSA Algorithm</h1>
<h2 style="text-align: center;">Implemented Using HTML & Javascript</h2>
<hr>
<table class="center">
<tr>
<td>Enter P:</td>
<td><input type="number" value="53" id="p"></td>
</tr>
<tr>
<td>Enter Q :</td>
<td><input type="number" value="59" id="q"></p>
</td>
</tr>
<tr>
<td>Enter the Message:<br>[A=1, B=2,...]</td>
<td><input type="number" value="89" id="msg"></p>
</td>
</tr>
<tr>
<td>Public Key(N):</td>
<td>
<p id="publickey(N)"></p>
</td>
</tr>
<tr>
<td>Exponent(e):</td>
<td>
<p id="exponent(e)"></p>
</td>
</tr>
<tr>
<td>Private Key(d):</td>
<td>
<p id="privatekey(d)"></p>
</td>
</tr>
<tr>
<td>Cipher Text(c):</td>
<td>
<p id="ciphertext(ct)"></p>
</td>
</tr>
<tr>
<td><button onclick="RSA();">Apply RSA</button></td>
</tr>
</table>

</body>
<style>
.center {
margin-left: auto;
margin-right: auto;
}
</style>
<script type="text/javascript">
function RSA() {
var gcd, p, q, no, n, t, e, i, x;
gcd = function (a, b) { return (!b) ? a : gcd(b, a % b); };
p = document.getElementById('p').value;
q = document.getElementById('q').value;
no = document.getElementById('msg').value;
n = p * q;
t = (p - 1) * (q - 1);
for (e = 2; e < t; e++) {
if (gcd(e, t) == 1) {
break;
}
}
for (i = 0; i < 10; i++) {
x = 1 + i * t
if (x % e == 0) {
d = x / e;
break;
}
}
ctt = Math.pow(no, e).toFixed(0);
ct = ctt % n;
dtt = Math.pow(ct, d).toFixed(0);
dt = dtt % n;
document.getElementById('publickey(N)').innerHTML = n;
document.getElementById('exponent(e)').innerHTML = e;
document.getElementById('privatekey(d)').innerHTML = d;
document.getElementById('ciphertext(ct)').innerHTML = ct;
}
</script>
</html>
Experiment 6
AIM - Implement the diffie-hellman key Exchange algorithm for
given problem.

What is Diffie Hellman key exchange ……?

Diffie–Hellman key exchange[nb 1] is a mathematical method of securely

exchanging cryptographic keys over a public channel and was one of the
first public-key protocols as conceived by Ralph Merkle and named
after Whitfield Diffie and Martin Hellman.[1][2] DH is one of the earliest
practical examples of public key exchange implemented within the field of
cryptography. Published in 1976 by Diffie and Hellman, this is the earliest
publicly known work that proposed the idea of a private key and a
corresponding public key.

Implementation -:
1. We will take four variables, i.e., P (prime), G (the primitive root of P), and a
and b (private values).
2. The variables P and G both are publicly available. The sender selects a private
value, either a or b, for generating a key to exchange publicly. The receiver
receives the key, and that generates a secret key, after which the sender and
receiver both have the same secret key to encrypt.

Let's understand the process step by step for user1 (sender) and user2 (receiver):
Now, let's implement the Java code for the Diffie-Hellman algorithm:

DiffieHellmanAlgorithmExample.java

1. import java.util.*;
2. // create class DiffieHellmanAlgorithmExample to calculate the key for two per
sons
3. class DiffieHellmanAlgorithmExample {
4. // main() method start
5. public static void main(String[] args)
6. {
7. long P, G, x, a, y, b, ka, kb;
8. // create Scanner class object to take input from user
9. Scanner sc = new Scanner(System.in);
10. System.out.println("Both the users should be agreed upon the public keys
G and P");
11. // take inputs for public keys from the user
12. System.out.println("Enter value for public key G:");
13. G = sc.nextLong();
14. System.out.println("Enter value for public key P:");
15. P = sc.nextLong();
16. // get input from user for private keys a and b selected by User1 and User
2
17. System.out.println("Enter value for private key a selected by user1:");
18. a = sc.nextLong();
19. System.out.println("Enter value for private key b selected by user2:");
20. b = sc.nextLong();
21.
22. // call calculatePower() method to generate x and y keys
23. x = calculatePower(G, a, P);
24. y = calculatePower(G, b, P);
25. // call calculatePower() method to generate ka and kb secret keys after th
e exchange of x and y keys
26. // calculate secret key for User1
27. ka = calculatePower(y, a, P);
28. // calculate secret key for User2
29. kb = calculatePower(x, b, P);
30. // print secret keys of user1 and user2
31. System.out.println("Secret key for User1 is:" + ka);
32. System.out.println("Secret key for User2 is:" + kb);
33. }
34. // create calculatePower() method to find the value of x ^ y mod P
35. private static long calculatePower(long x, long y, long P)
36. {
37. long result = 0;
38. if (y == 1){
39. return x;
40. }
41. else{
42. result = ((long)Math.pow(x, y)) % P;
43. return result;
44. }
45. }
46. }
47.
Experiment 7

AIM - calculate the message digest of a text using the SHA-1 Algorithm.

SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm which

takes an input and produces a 160-bit (20-byte) hash value. This hash
value is known as a message digest. This message digest is usually
then rendered as a hexadecimal number which is 40 digits long. It is a
U.S. Federal Information Processing Standard and was designed by the
United States.

Here is the example with HTML-

<!DOCTYPE html>

<html>

<head>

<title>sha1 Hash function</title>

<script src=

"https://cdnjs.cloudflare.com/ajax/libs/js-
sha1/0.6.0/sha1.min.js">

</script>

</head>

<body>

<h1>GeeksforGeeks</h1>

<h2>JavaScript sha1 Hash function</h2>

<p id="pId"></p>
<p id="pId2"></p>

<!-- Script to return math property values -->

<script>

var myString = "hello world";

var text = sha1(myString);

document.getElementById("pId").innerHTML = myString + " : " +

text;

var myString2 = "GeeksForGeeks";

var text2 = sha1(myString2);

document.getElementById("pId2").innerHTML = myString2 + " : " +

text2;

</script>

</body>

</html>

Output -
GeeksforGeeks
JavaScript sha1 Hash function
hello world : 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
GeeksForGeeks : addf120b430021c36c232c99ef8d926aea2acd6b
Experiment 8
AIM - Implement the SIGNATURE schme- digital signature standard.

As we have studied, signature is a way of authenticating the data

coming from a trusted individual. Similarly, digital signature is a way of
authenticating a digital data coming from a trusted source. Digital
Signature Standard (DSS) is a Federal Information Processing
Standard(FIPS) which defines algorithms that are used to generate
digital signatures with the help of Secure Hash Algorithm(SHA) for the
authentication of electronic documents. DSS only provides us with the
digital signature function and not with any encryption or key exchanging
strategies.

Sender Side : In DSS Approach, a hash code is generated out of the

message and following inputs are given to the signature function –
1. The hash code.
2. The random number ‘k’ generated for that particular signature.
3. The private key of the sender i.e., PR(a).
4. A global public key(which is a set of parameters for the
communicating principles) i.e., PU(g).
Experiment 9
AIM - Demonstrate intrusion detection System (ids) using Any tool eg.
Snort or any other s/w

snort is one of the best known and widely used network intrusion
detection systems (NIDS). It has been called one of the most important
open-source projects of all time. Originally developed by Sourcefire, it has
been maintained by Cisco's Talos Security Intelligence and Research
Group since Cisco acquired Sourcefire in 2013.

• Community Rules: These are freely available rule sets, created by the Snort
user community.
• Registered Rules: These rule sets are provided by Talos. They are freely
available also, but you must register to obtain them. Registration is free and
only takes a moment. You'll receive a personal oinkcode that you need to
include in the download request.
• Subscription Rules: These are the same rules as the registered rules.
However, subscribers receive the rules about a month before they're released
as free rule sets for registered users. At the time of writing, 12-month
subscriptions start at USD $29 for personal use and USD $399 for business
use.

Use this command for installing snot in pc

Then for ip
Press "Tab" to highlight the "OK" button, and press "Enter."
Experiment 10
AIM - Automated Attack and penetration tool Exploring N-stalker,a
vulnerability Assessment tool

Here is our list of the best penetration testing tools:

1. Intruder (FREE TRIAL) A cloud-based automated scanner that

can be set to run continuously or launched on demand for
penetration testing investigations. Start a 30-day free trial.
2. Metasploit An open-source penetration testing framework
available in free and paid versions and offers a range of attack
strategies. Available for Windows, Windows Server, macOS,
RHEL, and Ubuntu.
3. Wireshark A highly respected packet sniffer that can capture
track on LANs and wireless networks. Available for Windows,
Linux, Unix, and macOS.
4. Burp Suite A system tests Web applications by capturing and
injecting packets between a browser and a Web server.
Available for Windows, macOS, and Linux.
5. Aircrack-ng A competent packet sniffer for wireless networks
that includes some password cracking support. It runs on Linux.
6. Autopsy and The Sleuth Kit, Sleuth Kit, is a forensic
investigation utility that explores hard disks and can recover
deleted content. Autopsy is a GUI front end for the tool. Available
for Windows, macOS, and Linux.
7. Sqlmap A command-line system can perform a range of attacks
on database-supported applications, such as Web pages, and
includes password cracking features. Available for Windows,
macOS, and Linux.
8. Zenmap A GUI version of the widely used Nmap, which is also
called Network Mapper. This is a free utility that is available for
Windows, Linux, BSD Unix, and macOS.
9. Ettercap A traffic capture tool that implements a range of man-
in-the-middle attacks. Available for Linux, Unix, Mac OS X, and
Windows 7 and 8.
Fully automated testing

When looking for automated penetration testing tools, you wouldn’t

be in the market for a fully automatic system tester – that’s
a vulnerability scanner. The difference between a vulnerability
scanner and penetration testing is that a vulnerability will work through
a list of known system weaknesses and check on the status of each.
Still, a penetration tester is a human, performing a series of probes
manually. Eventually, the hacker will work through all of the exact
system searches that the vulnerability manager uses.

Automated penetration testing tools don’t automate the entire test

plan. Instead, they just provide fast programmatic services that save a
great deal of time in each research exercise.

The best Automated Penetration Testing tools

In the search for automated penetration testing tools, you need to

focus on the types of tools that cut out many repetitive tasks. There
are many valuable services available and, as has already been
explained, many of them are free. However, hackers are not too fussy
about user-friendly interfaces, so the most frequently-used hacker
tools tend to be command-line utilities