PROGRAM:

importjava.util.Scanner;
publicclassceasercipher
{
publicstaticfinalStringALPHABET="abcdefghijklmnopqrstuvwxyz";
public static String encrypt(String plainText,int shiftKey)
{
plainText=plainText.toLowerCase();
StringcipherText="";
for(inti=0;i<plainText.length();i++)
{
int charPosition=ALPHABET.indexOf(plainText.charAt(i));
int keyVal=(shiftKey+charPosition)%26;
char replaceVal=ALPHABET.charAt(keyVal);
cipherText+=replaceVal;
}
returncipherText;
}
publicstaticStringdecrypt(StringcipherText,intshiftKey)
{
cipherText = cipherText.toLowerCase();
String plainText = "";
for(inti=0;i<cipherText.length();i++)
{
intcharPosition=ALPHABET.indexOf(cipherText.charAt(i));
int keyVal=(charPosition-shiftKey)%26;
if(keyVal<0)
{
keyVal=ALPHABET.length()+keyVal;
}
char replaceVal=ALPHABET.charAt(keyVal);
plainText+=replaceVal;
 }

returnplainText;
}

publicstaticvoidmain(String[]args)
{
Scanner sc=new Scanner(System.in);
System.out.println("EnterthePlaintextforEncryption:");
String message=new String();
message=sc.next();
System.out.println("Encrypted message:
Cipher Text="+encrypt(message,3));
System.out.println("Decrypted message:Plain Text="+decrypt
(encrypt(message,3),3));
sc.close();
}

OUTPUT:
F:\bin>javacceasercipher.java F:\
bin>java ceasercipher
EnterthePlaintextforEncryption:
covid
Encrypted
message:CipherText=frylg
Decrypted
message:PlainText=covid
PROGRAM:
<html>
<head>
<title>RSAEncryption</title>
<metaname="viewport"content="width=device-width,initial-scale=1.0">
</head>
<body>
<center>
<h1>RSAAlgorithm</h1>
<h2>ImplementedUsingHTML&Javascript</h2>
<hr>
<table>
<tr>
<td>EnterFirstPrimeNumber:</td>
<td><inputtype="number"value="53"id="p"></td>
</tr>
<tr>
<td>EnterSecondPrimeNumber:</td>
<td><inputtype="number"value="59"id="q"></p></td>
</tr>
<tr>
<td>EntertheMessage(ciphertext):<br>[A=1,B=2,...]</td>
<td><inputtype="number"value="89"id="msg"></p></td>
</tr>
<tr>
<td>PublicKey:</td>
<td><pid="publickey"></p></td>
</tr>
<tr>
<td>Exponent:</td>
<td><pid="exponent"></p></td>
</tr>
<tr>
<td>PrivateKey:</td>
<td><pid="privatekey"></p></td>
</tr>
<tr>
<td>CipherText:</td>
<td><pid="ciphertext"></p></td>
</tr>
<tr>
<td><buttononclick="RSA();">ApplyRSA</button></td>
</tr>
 </table></center>
</body>
<scripttype="text/javascript">

functionRSA()
{

vargcd,p,q,no,n,t,e,i,x;
gcd=function(a,b){return(!b)?a:gcd(b,a%b);};
p=document.getElementById('p').value;
q=document.getElementById('q').value;
no=document.getElementById('msg').value;
n = p * q;
t=(p-1)*(q-1);
for(e=2;e<t;e++)
{
if(gcd(e,t)==1)
{
break;
}
}
for(i=0;i<10;i++)
{
x=1 +i*t
if(x%e==0)
{
d=x/e;
break:
}
}

ctt=Math.pow(no,e).toFixed(0);
ct = ctt % n;
dtt=Math.pow(ct,d).toFixed(0);
dt = dtt % n;
document.getElementById('publickey').inne
rHTML = n;
document.getElementById('exponent').inner
HTML = e;
document.getElementById('privatekey').inne
rHTML=d;
 document.getElementById('ciphertext').inne
rHTML=ct;
}
</script>

</html>

OUTPUT:
PROGRAM: (Diffie Hellman Key Exchange)

#include<stdio.h>

#include<conio.h>

long long int power(int a, int b, int mod)

long long int t;

if(b==1)

return a;

t=power(a,b/2,mod);

if(b%2==0)

return (t*t)%mod;

else

return (((t*t)%mod)*a)%mod;

long int calculateKey(int a, int x, int n)

return power(a,x,n);

void main()

int n,g,x,a,y,b;

clrscr();

printf("Enter the value of n and g : ");

scanf("%d%d",&n,&g);

printf("Enter the value of x for the first person : ");

scanf("%d",&x);

a=power(g,x,n);

printf("Enter the value of y for the second person : ");

scanf("%d",&y);

b=power(g,y,n);

printf("key for the first person is :

%lld\n",power(b,x,n));

printf("key for the second person is :

%lld\n",power(a,y,n));

getch();

OUTPUT:
PROGRAM:
importjava.util.*;
importjava.math.BigInteger;
class dsaAlg {
finalstatic BigInteger one = new BigInteger("1");
finalstaticBigIntegerzero= newBigInteger("0");
public static BigInteger getNextPrime(String ans)
{
BigIntegertest=newBigInteger(ans);
while (!test.isProbablePrime(99))
{
test=test.add(one);
}
returntest;
}
publicstatic BigIntegerfindQ(BigIntegern)
{
BigIntegerstart=newBigIneger("2");
while (!n.isProbablePrime(99))
{
while(!((n.mod(start)).equals(zero)))
{
start =start.add(one);
}
n=n.divide(start);
}
return n;
}
PublicstaticBigIntegergetGen(BigIntegerp,BigIntegerq, Randomr)
{
BigIntegerh=newBigInteger(p.bitLength(),r);
h = h.mod(p);
returnh.modPow((p.subtract(one)).divide(q),p);
}
publicstaticvoidmain(String[]args)throws java.lang.Exception
{

RandomrandObj=newRandom();

BigIntegerp=getNextPrime("10600");/*approximate prime */

BigIntegerq=findQ(p.subtract(one));

BigIntegerg = getGen(p,q,randObj);

System.out.println(" \nsimulationofDigitalSignatureAlgorithm\n");

System.out.println(" \n global public key components are:\n");

System.out.println("\np is: " + p);

System.out.println("\nqis:"+q);

System.out.println("\ngis:"+g);

BigIntegerx=newBigInteger(q.bitLength(),randObj);

x = x.mod(q);

BigIntegery=g.modPow(x,p);

BigIntegerk=newBigInteger(q.bitLength(),randObj);

k = k.mod(q);

BigIntegerr=(g.modPow(k,p)).mod(q);

BigIntegerhashVal=newBigInteger(p.bitLength(), randObj);

BigIntegerkInv= k.modInverse(q);

BigIntegers=kInv.multiply(hashVal.add(x.multiply(r)));

s = s.mod(q);

System.out.println("\nsecret information are:\n");

System.out.println("x (private) is:" + x);

System.out.println("k (secret) is: "+ k);

System.out.println("y (public) is: " + y);

System.out.println("h (rndhash) is: "+ hashVal);

System.out.println("\n generatingdigitalsignature:\n");

System.out.println("ris : " + r);

System.out.println("s is : "+ s);

BigIntegerw=s.modInverse(q);

BigIntegeru1=(hashVal.multiply(w)).mod(q);

BigIntegeru2 = (r.multiply(w)).mod(q);

BigIntegerv=(g.modPow(u1,p)).multiply(y.modPow(u2,p));

v = (v.mod(p)).mod(q);

System.out.println("\nverifyingdigitalsignature(checkpoints)\n:");

System.out.println("wis : " + w);

System.out.println("u1is:"+u1);

System.out.println("u2is:"+u2);

System.out.println("v is : " + v);

if(v.equals(r))

System.out.println("\nsuccess:digitalsignatureisverified!\n"+r);
}
else
{
System.out.println("\nerror:incorrectdigitalsignature\n");
}
}
}
Output:
 Ex:No: 4 Installation of Wireshark, tcpdump and observe data
transferred in client-server communication using
UDP/TCP and identify the UDP/TCP datagram

Objective:

The objective of this experiment is to learn how to install and use Wireshark and tcpdump to
capture and analyze network traffic. The experiment will also teach participants how to identify
UDP and TCP datagrams.

Materials:

 Two computers (one client and one server)

 Wireshark installed on both computers
 tcpdump installed on both computers

Procedure:

1. Install Wireshark and tcpdump on both computers.

2. Connect the two computers to a network.
3. Start Wireshark on both computers.
4. On the client computer, open a command prompt and type the following command:
pingserver_ip_address
5. Replace server_ip_address with the IP address of the server computer.

6. Observe the network traffic in Wireshark on both computers.

7. Identify the UDP and TCP datagrams.

Analysis:

 What are the differences between UDP and TCP datagrams?

 What kind of information is contained in a UDP datagram?
 What kind of information is contained in a TCP datagram?
  What are the different fields in a UDP datagram?
 What are the different fields in a TCP datagram?

Additional Notes:

 You can also use Wireshark and tcpdump to capture and analyze network traffic between two
devices on the same network, such as a computer and a smartphone.
 You can use Wireshark and tcpdump to capture and analyze network traffic from a variety of
protocols, such as HTTP, FTP, and SSH.
 You can use Wireshark and tcpdump to troubleshoot network problems.

Example:

1. To observe data transferred in client-server communication using UDP, you can use the
following steps:

2. Start a UDP server on the server computer.

3. Start a UDP client on the client computer and send a message to the UDP server.
4. Capture the network traffic in Wireshark on both computers.
5. Observe the UDP datagrams in Wireshark.

To observe data transferred in client-server communication using TCP, you can use the
following steps:

1. Start a TCP server on the server computer.

2. Start a TCP client on the client computer and connect to the TCP server.
3. Send and receive data between the TCP client and server.
4. Capture the network traffic in Wireshark on both computers.
5. Observe the TCP datagrams in Wireshark.

You can use the filters in Wireshark to identify UDP and TCP datagrams. To filter for UDP
datagrams, use the following filter:

To filter for TCP datagrams, use the following filter:

Once you have captured the network traffic, you can use the Wireshark display options to view
the UDP and TCP datagrams in detail. For example, you can view the following information for
each datagram:

 The source and destination IP addresses

 The source and destination port numbers
 The UDP or TCP header
 The UDP or TCP payload

You can also use Wireshark to follow the TCP handshake between the TCP client and server.
The TCP handshake is a process that establishes a connection between the two devices. To
follow the TCP handshake, select the TCP datagrams in Wireshark and click on the "Follow TCP
Stream" button.

Wireshark and tcpdump are powerful tools that can be used to capture and analyze network
traffic. By learning how to use these tools, you can troubleshoot network problems and gain a
better understanding of how networks work.
 Ex:No: 5 Check Message Integrity And

Confidentiality Using SSL

Establishing a Secure Connection Using SSL

Secure Socket Layer (SSL) technology is security that is implemented at the transport layer
(see Transport-Layer Security, for more information about transport layer security). SSL allows
web browsers and web servers to communicate over a secure connection. In this secure
connection, the data that is being sent is encrypted before being sent and then is decrypted upon
receipt and before processing. Both the browser and the server encrypt all traffic before sending
any data. SSL addresses the following important security considerations.

 Authentication: During your initial attempt to communicate with a web server over a secure
connection, that server will present your web browser with a set of credentials in the form of
a server certificate. The purpose of the certificate is to verify that the site is who and what it
claims to be. In some cases, the server may request a certificate that the client is who and
what it claims to be (which is known as client authentication).
 Confidentiality: When data is being passed between the client and the server on a network,
third parties can view and intercept this data. SSL responses are encrypted so that the data
cannot be deciphered by the third party and the data remains confidential.
 Integrity: When data is being passed between the client and the server on a network, third
parties can view and intercept this data. SSL helps guarantee that the data will not be
modified in transit by that third party.

Installing and Configuring SSL Support

An SSL HTTPS connector is already enabled in the Application Server.

If you are using a different application server or web server, an SSL HTTPS connector might or
might not be enabled. If you are using a server that needs its SSL connector to be configured,
consult the documentation for that server.

As a general rule, to enable SSL for a server, you must address the following issues:

 There must be a Connector element for an SSL connector in the server deployment
descriptor.
 There must be valid keystore and certificate files.
 The location of the keystore file and its password must be specified in the server deployment
descriptor.
You can verify whether or not SSL is enabled by following the steps in Verifying SSL Support.

Specifying a Secure Connection in Your Application Deployment Descriptor

To specify a requirement that protected resources be received over a protected transport layer
connection (SSL), specify a user data constraint in the application deployment descriptor. The
following is an example of a web.xml application deployment descriptor that specifies that SSL
be used:

<security -constraint>
<web- resource-collection>
<web-resource-name>view dept data</web-resource-name>
<url-pattern>/hr/employee/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth- constraint>
<role-name>DEPT_ADMIN</role-name>
</auth-constraint>
<user- data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

A user data constraint (<user-data-constraint> in the deployment descriptor) requires that all
constrained URL patterns and HTTP methods specified in the security constraint are received
over a protected transport layer connection such as HTTPS (HTTP over SSL). A user data
constraint specifies a transport guarantee (<transport-guarantee> in the deployment
descriptor). The choices for transport guarantee include CONFIDENTIAL, INTEGRAL, or NONE. If
you specify CONFIDENTIAL or INTEGRAL as a security constraint, that type of security constraint
applies to all requests that match the URL patterns in the web resource collection and not just to
the login dialog box.

The strength of the required protection is defined by the value of the transport guarantee.

 Specify CONFIDENTIAL when the application requires that data be transmitted so as to prevent
other entities from observing the contents of the transmission.
 Specify INTEGRAL when the application requires that the data be sent between client and
server in such a way that it cannot be changed in transit.
 Specify NONE to indicate that the container must accept the constrained requests on any
connection, including an unprotected one.

The user data constraint is handy to use with basic and form-based user authentication. When the
login authentication method is set to BASIC or FORM, passwords are not protected, meaning that
passwords sent between a client and a server on an unprotected session can be viewed and
intercepted by third parties. Using a user data constraint with the user authentication mechanism
can alleviate this concern. Configuring a user authentication mechanism is described
in Specifying an Authentication Mechanism.

Verifying SSL Support

For testing purposes, and to verify that SSL support has been correctly installed, load the default
introduction page with a URL that connects to the port defined in the server deployment
descriptor:

https://localhost:8181/

The https in this URL indicates that the browser should be using the SSL protocol.
The localhost in this example assumes that you are running the example on your local machine
as part of the development process. The 8181 in this example is the secure port that was specified
where the SSL connector was created. If you are using a different server or port, modify this
value accordingly.

The first time that you load this application, the New Site Certificate or Security Alert dialog box
displays. Select Next to move through the series of dialog boxes, and select Finish when you
reach the last dialog box. The certificates will display only the first time. When you accept the
certificates, subsequent hits to this site assume that you still trust the content.
 Ex:No: 8 Demonstrate Intrusion Detection System (IDS) using
Snort software tool.

STEPS ON CONFIGURING AND INTRUSION DETECTION:

1. Download Snort from the Snort.org website. (http://www.snort.org/snort-downloads)
2. Download Rules(https://www.snort.org/snort-rules). You must register to get the rules.
(You should download these often)
3. Double click on the .exe to install snort. This will install snort in the “C:\Snort” folder.
It is important to have WinPcap (https://www.winpcap.org/install/) installed
4. Extract the Rules file. You will need WinRAR for the .gz file.
5. Copy all files from the “rules” folder of the extracted folder. Now paste the rules into
“C:\Snort\rules” folder.
6.Copy “snort.conf” file from the “etc” folder of the extracted folder. You must paste it into “C:\
Snort\etc” folder. Overwrite any existing file. Remember if you modify your snort.conf file and
download a new file, you must modify it for Snort to work.
7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder.
( at the Prompt, type cd\snort\bin)
8. To start (execute) snort in sniffer mode use following command: snort -dev -i 3

-i indicates the interface number. You must pick the correct interface number. In my case, it is 3.
-dev is used to run snort to capture packets on your network.
To check the interface list, use following command: snort –W
Finding an interface
You can tell which interface to use by looking at the Index number and finding Microsoft.
As you can see in the above example, the other interfaces are for VMWare. My interface is 3.
9. To run snort in IDS mode, you will need to configure the file “snort.conf” according to your
network environment.
10. To specify the network address that you want to protect in snort.conf file, look for the
following
line.
var HOME_NET 192.168.1.0/24 (You will normally see any here)
11. You may also want to set the addresses of DNS_SERVERS, if you have some on your
network.
Example:
example snort
12. Change the RULE_PATH variable to the path of rules folder. var RULE_PATH c:\snort\
rules
path to rules
13. Change the path of all library files with the name and path on your system. and you must
change
the path of snort_dynamicpreprocessorvariable. C:\Snort\lib\snort_dynamiccpreprocessor
You need to do this to all library files in the “C:\Snort\lib” folder. The old path might be:
“/usr/local/lib/…”.you will need to replace that path with your system path. Using C:\Snort\lib
14. Change the path of the “dynamicengine” variable value in the “snort.conf” file..
Example:
dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
15 Add the paths for “include classification.config” and “include reference.config” files.
Includec:\snort\etc\classification.config
include c:\snort\etc\reference.config
16. Remove the comment (#) on the line to allow ICMP rules, if it is commented with a #.
include
$RULE_PATH/icmp.rules
17. You can also remove the comment of ICMP-info rules comment, if it is commented. Include
 $RULE_PATH/icmp-info.rules
18. To add log files to store alerts generated by snort, search for the “output log” test in
snort.conf
and add the following line:
outputalert_fast: snort-alerts.ids
19. Comment (add a #) the whitelist $WHITE_LIST_PATH/white_list.rules and the blacklist
Change the nested_ipinner , \ to nested_ip inner #, \
20. Comment out (#) following lines:
#preprocessor normalize_ip4
#preprocessor normalize_tcp: ipsecn stream #preprocessor normalize_icmp4 #preprocessor
normalize_ip6
#preprocessor normalize_icmp6
21. Save the “snort.conf” file.
22. To start snort in IDS mode, run the following command:
snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 3 (Note: 3 is used for my interface card)
If a log is created, select the appropriate program to open it. You can use WordPardor
NotePad++ to read the file.
To generate Log files in ASCII mode, you can use following command while running snort in
IDS
mode:
snort -A console -i3 -c c:\Snort\etc\snort.conf -l c:\Snort\log -K ascii
23. Scan the computer that is running snort from another computer by using PING or NMap
(ZenMap).
After scanning or during the scan you can check the snort-alerts.ids file in the log folder to insure
it is logging properly. You will see IP address folders appear.
Snort monitoring traffic –
 Ex:No: 10 Study to configure Firewall, VPN.

Objectives:

 Learn the basics of firewall and VPN configuration

 Gain hands-on experience with configuring a firewall and VPN on a real-world system

Materials:

 Two computers with operating systems that support firewall and VPN configuration
(e.g., Windows, macOS, Linux)
 An internet connection

Procedure:

1. Configure a firewall on both computers.

o On Windows, open the Control Panel and go to System and Security > Windows Defender
Firewall > Advanced settings.
o On macOS, open System Preferences and go to Security & Privacy > Firewall.
o On Linux, the specific steps to configure a firewall will vary depending on the
distribution. However, most distributions provide a graphical firewall configuration tool.
2. Configure a VPN connection between the two computers.

o On Windows, open the Control Panel and go to Network and Internet > Network
Connections. Right-click on the adapter that you want to use for the VPN connection and
select Properties. Click on the Security tab and select Virtual Private Network (VPN). Click on
the Settings button and follow the instructions to create a new VPN connection.
o On macOS, open System Preferences and go to Network. Click on the + button and
select VPN from the list of connection types. Select the type of VPN connection that you want to
create and follow the instructions to create the connection.
o On Linux, the specific steps to configure a VPN connection will vary depending on the
distribution and the type of VPN connection that you want to create. However, most distributions
provide a graphical VPN configuration tool.
3. Test the VPN connection.

Once you have configured the VPN connection on both computers, try connecting to the VPN
from one computer to the other. If the connection is successful, you should be able to access the
resources on the other computer as if you were connected to the same local network.

Additional Activities:

 Once you have configured a firewall and VPN on your computers, you can try to perform the
following activities:

o Configure the firewall to allow or block specific traffic.

o Configure the VPN connection to use a different encryption algorithm or authentication method.
o Try to connect to the VPN from a remote location.
o Try to troubleshoot any problems that you encounter with the firewall or VPN configuration.