Professional Documents
Culture Documents
Unit 3
Unit 3
Practical :- 1
AIM :- Write Ceaser Cipher algorithm & Solve various examples based
on Encryption and Decryption.
How to Encrypt:
1. Convert the letter into the number that matches its order in the alphabet starting from 0,
and call this number X.
( A=0, B=1, C=2, ...,Y=24, Z=25)
2. Calculate: Y = (X + K) mod 26
3. Convert the number Y into a letter that matches its order in the alphabet starting from 0.
For Example: We agree with our friend to use the Shift Cipher with key K=19for our
message.
We encrypt the message "KHAN", as follows:
So, after applying the Shift Cipher with key K=19 our message text "KHAN" gave
us cipher text "DATG".
How to decrypt:
1. Convert the letter into the number that matches its order in the alphabet starting from 0,
and call this number Y.
(A=0, B=1, C=2, ..., Y=24, Z=25)
2. Calculate: X= (Y - K) mod 26
3. Convert the number X into a letter that matches its order in the alphabet starting from 0.
(A=0, B=1, C=2, ..., Y=24, Z=25)
Our friend now decodes the message using our agreed upon key K=19. As follows:
So, after decrypting the Shift Cipher with key K=19 our friend deciphers the cipher text
"DATG" into the message text "KHAN".
Practical :- 2
#include <stdio.h>
#include <ctype.h>
void encrypt(char*);
void decrypt(char*);
int menu();
int
main(void)
{
char c,
choice[2],
s[MAXSIZE];
while(1)
{
menu();
gets(choice);
if((choice[0]=='e')||(choice[0]=='E'))
{
puts("Input text to encrypt->");
gets(s);
encrypt(s);
}
else if((choice[0]=='d')||(choice[0]=='D'))
{
puts("Input text to decrypt->");
gets(s);
decrypt(s);
}
else
break;
}
return 0;
}
void encrypt(char*str)
{
int n=0;
char *p=str,
q[MAXSIZE];
while(*p)
{
if(islower(*p))
{
if((*p>='a')&&(*p<'x'))
q[n]=toupper(*p + (char)3);
else if(*p=='x')
q[n]='A';
else if(*p=='y')
q[n]='B';
else
q[n]='C';
}
else
{
q[n]=*p;
}
n++; p++;
}
q[n++]='\0';
puts(q);
}
void decrypt(char*str)
{
int n=0;
char *p=str,
q[MAXSIZE];
while(*p)
{
if(isupper(*p))
{
if((*p>='D')&&(*p<='Z'))
q[n]=tolower(*p - (char)3);
else if(*p=='A')
q[n]='x';
else if(*p=='B')
q[n]='y';
else
q[n]='z';
}
else
{
q[n]=*p;
}
n++; p++;
}
q[n++]='\0';
puts(q);
}
int menu()
{
puts("To encrypt, input e or E\n");
puts("To decrypt, input d or D\n");
puts("To exit, input any other letter\n");
puts("Your choice:->\n");
return 0;
}
Practical :- 3
AIM :- Write algorithm / steps for Hill Cipher and solve examples on it.
We now split the plaintext into digraphs, and write these as column
vectors. That is, in the first column vector we write the first plaintext
letter at the top, and the second letter at the bottom. Then we move to
the next column vector, where the third plaintext letter goes at the
top, and the fourth at the bottom. This continues for the whole
plaintext.
(The plaintext "short example" split into column vectors.)
Now we must convert the plaintext column vectors in the same way
that we converted the keyword into the key matrix. Each letter is
replaced by its appropriate number.
AIM :- Write algorithm / steps for Play fair Cipher and solve examples
on it.
The Playfair cipher encrypts pairs of letters (digraphs), instead of single letters
as is the case with simpler substitution ciphers such as the Caesar Cipher.
Frequency analysis is still possible on the Playfair cipher, however it would be
against 600 possible pairs of letters instead of 26 different possible letters. For
this reason the Playfair cipher is much more secure than older substitution
ciphers.
Encryption
In order to encrypt using the Playfair Cipher, we must first draw up a Polybius
Square (5x5 Matrics but without the need for the number headings). This is
usually done using a keyword, and either combining "i" and "j" or omitting
"q" from the square.
We must now split the plaintext up into digraphs (that is pairs of letters). On
each digraph we peform the following encryption steps:
1. If the digraph consists of the same letter twice (or there is only one letter
left by itself at the end of the plaintext) then insert the letter "X" between
the same letters (or at the end), and then continue with the rest of the steps.
2. If the two letters appear on the same row in the square, then replace each
letter by the letter immediately to the right of it in the square (cycling
round to the left hand side if necessary).
3. If the two letters appear in the same column in the square, then replace
each letter by the letter immediately below it in the square (cycling round
to the top of the square if necessary).
4. Otherwise, form the rectangle for which the two plaintext letters are two
opposite corners. Then replace each plaintext letter with the letter that
forms the other corner of the rectangle that lies on the same row as that
plaintext letter (being careful to maintain the order).
Example:
Plaintext: hide the gold in the tree stump
Key: playfair example
Encryption
Firstly we must generate the Polybius Square that we are going to use. We do
this by setting out a 5x5 grid, and filling it with the alphabet, starting with the
letters of the key, and ignoring any letters we already have in the square. We
are also going to combine "I" and "J" in the square.
(The Mixed Square created for the Playfair Cipher, using the key: playfair
example)
We must now split the plaintext into digraphs(Pairs). At this point it is a good
idea to apply Rule 1, and split up any double letter digraphs by inserting an
"x" between them.
The first image below shows the initial digraph split of the plaintext, and the
second image displays how we split up the "ee" into "ex" and "es". In this case,
when we insert this extra "x", we no longer need to have one at the end of the
plaintext.
( The digraph split once we apply Rule 1, and remove any digraphs made from
two of the same letter.)
We now take each digraph in turn and apply rule 2, 3 or 4 as necessary. Each
step is show below.
We can now take each of the ciphertext digraphs that we produced and put
them all together.
We can now write out the ciphertext as a long string
"BMODZBXDNABEKUDMUIXMMOUVIF" or split it into block of 5
"BMODZ BXDNA BEKUD MUIXM MOUVI F" or even give it the same
layout as the original "BMOD ZBX DNAB EK UDM UIXMM OUVIF"
Decryption:
Decryption is nearly identical to the encryption process, except for rules 2 and
3 we must take the letters to the left and above respectively.
Also, we remove any extra "X" in the decrypted text to reveal the final
plaintext.
So we get the message "we wilxl mexet at thex exit". When we remove the
unnecessary "x"s we get a final plaintext of "we will meet at the exit". Note
that we cannot just remove all the "x"s as one is part of the word "exit".
Practical :- 5
AIM :- Write algorithm / steps for Verman Cipher and solve examples
on it.
To decrypt the message, with the key, we follow the same method as Vigenere
cipher.but,the strength is shown when we try to break it.
We have numbers of Plaintext corresponding to different Keys but using
same Ciphertext .
The One-Time Pad is only perfectly secure providing certain criteria are met:
the keystream must be truly random; the keystream must never be reused; the
keystream must be at least as long as the plaintext; the keystream must be kept
secret. Unfortunately, some of these criteria cause logistal problems for the
use of the OTP.
The keystream must never be reused (hence the name one-time) is easy
enough in theory, but in practical terms, it means that each time you want to
send a message you need a new truly random keystream.
The keystream must be as long as the plaintext means that our key has to be
long. If we have a plaintext that is a page long, then we need a keystream of
random letters that is also a page long. This is near impossible to remember,
and so must be written down, which leads to our final problem.
Practical :- 6
AIM :- Write algorithm / steps for Vignere Cipher and solve examples
on it.
One of the main problems with simple substitution ciphers is that they are so
vulnerable to frequency analysis.
Given a sufficiently large ciphertext, it can easily be broken by mapping the
frequency of its letters to the know frequencies of, say, English text. Therefore,
to make ciphers more secure, cryptographers have long been interested in
developing enciphering techniques that are immune to frequency analysis.
One of the most common approaches is to suppress the normal frequency data
by using more than one alphabet to encrypt the message.
A polyalphabetic substitution cipher involves the use of two or more cipher
alphabets. Instead of there being a one-to-one relationship between each letter
and its substitute, there is a one-to-many relationship between each letter and
its substitutes.
For Vigenere Cipher, we use Tabula Recta in which each row of the table
corresponds to a Caesar Cipher. The first row is a shift of 0; the second is a
shift of 1; and the last is a shift of 25.
The Vigenere cipher uses this table together with a keyword to encipher a
message.
Encryption
To encrypt a message using the Vigenère Cipher you first need to choose a
keyword (or keyphrase). You then repeat this keyword over and over until it is
the same length as the plaintext. This is called the keystream.
Now for each plaintext letter, you find the letter down the left hand side of the
tabula recta. You also take the corresponding letter from the keystream, and
find this across the top of the tabula recta. Where these two lines cross in the
table is the ciphertext letter you use.
As an example, we shall encrypt the plaintext "a simple example" using the
keyword battista. First we must generate the keystream, by repeating the
letters of the keyword until it is the same length as the plaintext.
Now we must use the tabula recta and the information in the table above. The
keystream b means we choose the column with B at the top, and the plaintext
"a" means we choose the row with A at the left. We get the ciphertext "B".
====
For the second plaintext letter "s", we go down to S on the left, and use the keystream
a to go to A along the top. We get the ciphertext letter "S".
With the plaintext letter "i", we go down to I on the left, and the keystream
letter t means we go to T across the top. We get the ciphertext letter "B".
Continuing in this way we get the final ciphertext "BSBF XDXEYA FITW".
Decryption
To decrypt a ciphertext with the keyword, we first have to generate the
keystream by repeating the keyword until we have a keystream the same
length as the ciphertext. Then you find the column with the letter of the
keystream at the top, and go down this column until you find the ciphertext
letter. Now read across to the far left of the table to reveal the plaintext letter.
We look along the top row to find the letter from the keystream G. We look
down this column and find the ciphertext letter "Z". We then go along this
row to the left hand edge, and the letter here is the plaintext letter. In this
case it is "t".
In the same way as above, we find the keystream letter I, and find the ciphertext
letter "P" in this column. We then follow this row to find the plaintext letter "h".
In this article we will try to see what is Cross Site Scripting(XSS). We will try to see some
samples that are vulnerable to XSS and try to inject some scripts. We will then see how
we can prevent XSS attacks in an ASP.NET website.
Background
Cross Site scripting is one of the problem that has plagued a lot of websites. According to
WhiteHat Security Top Ten more than 50% of the websites are vulnerable to cross site
scripting. As a web developer, it is important to understand what is cross site scripting
and how can we safeguard our site from such attacks.
Cross site scripting is nothing but injection of client side scripts into a website. These
scripts can be HTML scripts or JavaScript scripts. Now the question would be how can a
person inject scripts on a running page. This can easily be done using all the various ways
a website is collecting inputs. Cross site scripting can be performed by passing scripts in
form of:
Now let us see some very rudimentary example of cross site scripting and then we will try
to see what ASP.NET provides to prevent cross site scripting. We will also look at the
best practices that needs to be followed in order to make our website safe from cross site
scripting attacks.
Now before writing applications that are vulnerable to cross site scripting we should
know that ASP.NET provides some security out of the box against such attacks i.e.
RequestValidations. This is a good thing for an ASP.NET developer. We will talk about it in
the later part of the article but for now lets us see how can we disable this
prevention mechanism.
The first thing that we need to do to disable the request validations is to set the
ValidateRequest property of the page directive to false. If we need to do this for the whole
website then we can do this from the web.config pages element.
<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="Default.aspx.cs" Inherits="_Default"
ValidateRequest="false" %>
Now in order for the above setting to work we also need to change the
requestValidationMode of the httpRuntime to 2.0. The request validation will only be turned off
when this mode is set to 2.0 otherwise it will not work.
<httpRuntime requestValidationMode="2.0"/>
Note: We are disabling the
request validation because we want to test the cross site scripting. without disabling it
wont be possible to see cross site scripting in action. It is not recommended to turn off
requestvalidation in production environment because this will open the website for cross site
scripting attacks.
Now let us create a simple web form that will simply accept a query string from the user
and display the query string values on page.
if (id == null)
{
Now under normal circumstances this will work just fine but if I try to pass some script in
the query string variable then we have a problem. Let me now pass the query string
parameter as:
And now we have a problem. The user can pass any HTML from the query string and that
HTML will be rendered on the page. This was a very basic example but imagine an
HTML with absolutely positioned tags and images could possibly wipe out the original
page and show something else entirely.
Same thing can happen with JavaScript too. I can inject any javascript into this page. Let
us try this:
Let us now create a simple textbox to accept the user name and then display the user's
name on the page with some welcome message.
So we saw how we can inject client side script easily in the pages using Cross site
scripting attacks. let us see what we need to do from an ASP.NET developer's
perspective(or as a web developer) to curb these attacks.