PRACTICAL: 7

7. Write a Program to implement Data Encryption Standard (DES) using C

Language.

DESCRIPTION:

DES is a symmetric encryption system that uses 64-bit blocks, 8 bits of which
are used for parity checks. The key therefore has a "useful" length of 56 bits, which
means that only 56 bits are actually used in the algorithm. The algorithm involves
carrying out combinations, substitutions and permutations between the text to be
encrypted and the key, while making sure the operations can be performed in both
directions. The key is ciphered on 64 bits and made of 16 blocks of 4 bits, generally
denoted k1 to k16. Given that "only" 56 bits are actually used for encrypting, there can
be 256 different keys.

The main parts of the algorithm are as follows:

➢ Fractioning of the text into 64-bit blocks

➢ Initial permutation of blocks
➢ Breakdown of the blocks into two parts: left and right, named L and R
➢ Permutation and substitution steps repeated 16 times
➢ Re-joining of the left and right parts then inverse initial permutation

EXAMPLE:
ALGORITHM:

STEP-1: Read the 64-bit plain text.

STEP-2: Split it into two 32-bit blocks and store it in two different arrays.
STEP-3: Perform XOR operation between these two arrays.
STEP-4: The output obtained is stored as the second 32-bit sequence and the
original second 32-bit sequence forms the first part.
STEP-5: Thus the encrypted 64-bit cipher text is obtained in this way. Repeat the
same process for the remaining plain text characters.

PROGRAM:

DES.java

import javax.swing.*;

import
java.security.SecureRandom;
import javax.crypto.Cipher;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Random ;
class DES {
byte[] skey = new
byte[1000]; String
skeyString;
static byte[] raw;
String inputMessage,encryptedData,decryptedMessage;
public DES()
{
try

generateSymmetricKey();
inputMessage=JOptionPane.showInputDialog(null,"Enter
message to encrypt");
 byte[] ibyte = inputMessage.getBytes();
byte[] ebyte=encrypt(raw, ibyte);

String encryptedData = new String(ebyte);

System.out.println("Encrypted message "+encryptedData);
JOptionPane.showMessageDialog(null,"Encrypted Data "+"\
n"+encryptedData);
byte[] dbyte= decrypt(raw,ebyte);

String decryptedMessage = new String(dbyte);

System.out.println("Decrypted message
"+decryptedMessage);
JOptionPane.showMessageDialog(null,"Decrypted
Data "+"\n"+decryptedMessage);
}
catch(Exception e)

System.out.println(e);

}
void generateSymmetricKey()
{ try {
Random r = new Random();
int num =
r.nextInt(10000);

String knum =
String.valueOf(num); byte[]
knumb = knum.getBytes();
skey=getRawKey(knumb);
skeyString = new String(skey);
System.out.println("DES Symmetric key = "+skeyString);

catch(Exception e)

System.out.println(e);

private static byte[] getRawKey(byte[] seed) throws

Exception

KeyGenerator kgen = KeyGenerator.getInstance("DES");

SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(seed);
kgen.init(56, sr);

SecretKey skey =
kgen.generateKey(); raw =
skey.getEncoded();

return raw;

private static byte[] encrypt(byte[] raw, byte[] clear)

throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw,
"DES");
Cipher cipher =
Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE,
 skeySpec); byte[] encrypted =
cipher.doFinal(clear); return encrypted;
}
private static byte[] decrypt(byte[] raw, byte[]
encrypted) throws Exception
{

SecretKeySpec skeySpec = new SecretKeySpec(raw,

"DES");
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted =
cipher.doFinal(encrypted); return decrypted;
}
public static void main(String args[])
{ DES des = new DES();
}
}
OUTPUT:
RESULT:

Thus the data encryption standard algorithm had been implemented successfully
using C language.
 PRACTICAL: 8
8. write a C program to implement the RSA encryption algorithm.

DESCRIPTION:

RSA is an algorithm used by modern computers to encrypt and decrypt

messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there
are two different keys. This is also called public key cryptography, because one of
them can be given to everyone. A basic principle behind RSA is the observation that it
is practical to find three very large positive integers e, d and n such that with
modular exponentiation for all integer m:

(me)d = m (mod n)

The public key is represented by the integers n and e; and, the private key, by
the integer d. m represents the message. RSA involves a public key and a private key.
The public key can be known by everyone and is used for encrypting messages. The
intention is that messages encrypted with the public key can only be decrypted in a
reasonable amount of time using the private key.

EXAMPLE:
ALGORITHM:

STEP-1: Select two co-prime numbers as p and q.

STEP-2: Compute n as the product of p and q.
STEP-3: Compute (p-1)*(q-1) and store it in z.
STEP-4: Select a random prime number e that is less than that of z.
STEP-5: Compute the private key, d as e * mod-1(z).
STEP-6: The cipher text is computed as messagee *
mod n. STEP-7: Decryption is done as cipherdmod n.

PROGRAM: (RSA)

#include<stdio.h>
#include<conio.h>
#include<stdlib.h
>
#include<math.h>
#include<string.h
>

long int
p,q,n,t,flag,e[100],d[100],temp[100],j,m[100],en[100]
,i; char msg[100];

int prime(long
int); void ce();

long int cd(long

int); void
encrypt();

void decrypt();
void main()
{

clrscr();
printf("\nENTER FIRST PRIME NUMBER\n");

scanf("%d",&p);
flag=prime(p);
if(flag==0)
{
printf("\nWRONG INPUT\
n"); getch();
}
printf("\nENTER ANOTHER PRIME NUMBER\n");

scanf("%d",&q);
flag=prime(q);
if(flag==0||p==q)
{
printf("\nWRONG INPUT\n");
getch();
}
printf("\nENTER MESSAGE\
n"); fflush(stdin);
scanf("%s",msg);
for(i=0;msg[i]!=NULL;i++)
m[i]=msg[i];
n=p*q;
 t=(p-1)*(q-1);

ce();

printf("\nPOSSIBLE VALUES OF e AND d ARE\

n"); for(i=0;i<j-1;i++) printf("\n%ld\t
%ld",e[i],d[i]);

encrypt()
;
decrypt()
;
getch();
}

int prime(long int pr)

int i;
j=sqrt(pr);
for(i=2;i<=j;i+
+)
{
if(pr%i==0)
return 0;

return 1;

void ce()

int k;
k=0;
for(i=2;i<t;i++)
{

if(t%i==0)
continue;
flag=prime(i);
if(flag==1&&i!=p&&i!=q)
{
e[k]=i;
flag=cd(e[k]);
if(flag>0)
{
d[k]=flag;
k++;
}

if(k==99)
break;
} } }

long int cd(long int x)

long int k=1;

while(1)
{

k=k+t; if(k
%x==0)
return(k/x)
;
} }
void encrypt() {

long int
pt,ct,key=e[0],k,len; i=0;
len=strlen(msg);
while(i!=len) {
pt=m[i];
pt=pt-96;
k=1;
for(j=0;j<key;j++)
{ k=k*pt;
k=k%n;
}

temp[i]=k;
ct=k+96;
en[i]=ct;
i++;
}

en[i]=-1;

printf("\nTHE ENCRYPTED MESSAGE IS\n");

for(i=0;en[i]!=-1;i++)

printf("%c",en[i]);

void decrypt()

long int
pt,ct,key=d[0],k; i=0;
while(en[i]!=-1)

ct=temp[i];
k=1;
for(j=0;j<key;j++)

k=k*ct; k=k
%n;
}

pt=k+96
;
m[i]=pt
; i++;
}
m[i]=-1;

printf("\nTHE DECRYPTED MESSAGE IS\n");

for(i=0;m[i]!=-1;i++)

printf("%c",m[i]);

}
 PROF.DEVANSHI DAVE

OUTPUT:

RESULT: Thus the C program to implement RSA encryption technique had been
implemented successfully
 PROF.DEVANSHI DAVE

PRACTICAL: 9

9. Simulate the working of Firewall using Cisco Packet Tracer.

A firewall is a hardware or software network security device that monitors all incoming and
outgoing traffic based on a defined set of security rules, it accepts, rejects, or drops that
specific traffic.
 Accept: Allow traffic.
 Reject: Block traffic but respond with “reachable error”.
 Drop: Block unanswered traffic firewall establishes a barrier between secure internal
networks and untrusted external networks, such as the Internet.

Steps to Configure and Verify Firewall in Cisco Packet Tracer:

Step 1: First, open the Cisco packet tracer desktop and select the devices given below:
S.N
O Device Model Name Quantity

1. PC PC 3

2. server PT-Server 1

3. switch PT-Switch 1

IP Addressing Table:

Pause

Unmute

×
 PROF.DEVANSHI DAVE

S.N
O Device IPv4 Address Subnet Mask

1. Server 1.0.0.1 255.0.0.0

2. PC0 1.0.0.2 255.0.0.0

3. PC1 1.0.0.3 255.0.0.0

4. PC2 1.0.0.4 255.0.0.0

 Then, create a network topology as shown below the image.

 Use an Automatic connecting cable to connect the devices with others.

Step 2: Configure the PCs (hosts) and server with IPv4 address and Subnet Mask
according to the IP addressing table given above.
 To assign an IP address in PC0, click on PC0.
 Then, go to desktop and then IP configuration and there you will IPv4
configuration.
 PROF.DEVANSHI DAVE

 Fill IPv4 address and subnet mask.

 PROF.DEVANSHI DAVE

 Repeat the same procedure with the server

 Assigning an IP address using the ipconfig command, or we can also assign an

IP address with the help of a command.
 Go to the command terminal of the PC.
 Then, type iPConfig <IPv4 address><subnet mask><default gateway>(if
needed)
Example: ipconfig 1.0.0.2 255.0.0.0
 PROF.DEVANSHI DAVE

 Repeat the same procedure with other PCs to configure them thoroughly.
Step 3: Configuring the firewall in a server and blocking packets and allowing web
browser.
 Click on server0 then go to the desktop.
 Then click on firewall IPv4.
 Turn on the services.
 First, Deny the ICMP protocol and set remote IP to 0.0.0.0 and Remote wildcard
mask to 255.255.255.255.
 Then, allow the IP protocol and set remote IP to 0.0.0.0 and Remote wildcard
mask to 255.255.255.255.
 And add them.
 PROF.DEVANSHI DAVE

Step 4: Verifying the network by pinging the IP address of any PC.

 We will use the ping command to do so.
 First, click on PC2 then Go to the command prompt.
 Then type ping <IP address of targeted node>.
 We will ping the IP address of the server0.
 As we can see in the below image we are getting no replies which means the
packets are blocked.
 PROF.DEVANSHI DAVE

Check the web browser by entering the IP address in the URL.

 Click on PC2 and go to desktop then web browser.
PROF.DEVANSHI DAVE
 PROF.DEVANSHI DAVE

PRACTICAL: 10

10. Study cyber security fundamentals, including common threats and

mitigation strategies.

Defining Cybersecurity

Cybersecurity protects computer systems, networks, and data from unauthorised access,
damage, or theft in the digital world. It involves measures and technologies designed to
safeguard information and prevent malicious activities.

Cybersecurity aims to ensure data and systems' confidentiality, integrity, and availability,
keeping them safe from unauthorised access, manipulation, or disruption. Techniques like
encryption, firewalls, antivirus software, and user authentication are used to establish
barriers and secure digital assets from potential risks.

By implementing effective cybersecurity measures, individuals and organisations can

minimise the chances of cyberattacks and protect sensitive information from falling into the
wrong hands.

Role of Cybersecurity in Today's Digital Age

In today's digital age, cybersecurity is crucial in keeping our digital lives safe and secure.
It's like having a virtual bodyguard that protects our computers, smartphones, and other
devices from bad guys who try to steal our information or cause harm.

Think about all the personal data we store on our devices - photos, emails, banking details,
and private conversations. Cybersecurity ensures this information remains private and
protected from unauthorised access. Companies store sensitive customer data, financial
records, and proprietary information. Without proper cybersecurity measures, hackers could
steal or tamper with this information.

Cybersecurity also helps in maintaining the smooth functioning of digital systems. Imagine
if a major website or online service gets hacked or disrupted. It could lead to chaos for
users. Cybersecurity helps prevent such disruptions and keep things running smoothly.
 PROF.DEVANSHI DAVE

Cybersecurity is like a shield that protects our digital lives from cybercriminals. It ensures
the safety of our personal information, helps businesses secure sensitive data, maintains the
smooth functioning of digital systems, and safeguards our privacy in our connected world.

Threats and Risks To Cybersecurity

In the ever-evolving world of cybersecurity, there are several threats and risks that we need
to be aware of. Let's dive into a few of them.

Malware Monsters

One of the biggest threats is malware, which includes viruses, worms, and ransomware.
These sneaky little monsters can infect your devices and wreak havoc by stealing your data,
encrypting your files, or even taking control of your device.

Phishing Pirates

Beware of phishing attacks! These are like deceptive messages from cyber pirates trying to
trick you into revealing sensitive information, such as passwords, credit card details, or
personal data. They often disguise themselves as trustworthy entities like banks or well-
known companies.

Weak Castle Walls

If your devices or networks have weak security settings or outdated software, you open the
castle gates for cyber intruders. They can exploit vulnerabilities in your systems and gain
unauthorised access to your sensitive data.

Internet of Things (IoT) Troubles

The IoT poses new risks with the increasing number of interconnected smart devices.
Insecure IoT devices can be gateways for cyber attackers to infiltrate your network, access
personal information, or even control connected devices like cameras or thermostats.

Insider Threats

Not all threats come from external sources. Insider threats involve individuals within an
organisation who misuse their access privileges or intentionally steal or leak sensitive data.
It could be a disgruntled employee or someone who has fallen victim to social engineering
tactics.
 PROF.DEVANSHI DAVE

These are just a few examples of the threats and risks that cybersecurity faces today. It's
important to stay vigilant, keep your devices and software up to date, use strong passwords,
be cautious with suspicious emails or messages, and educate yourself about best
cybersecurity practices to protect yourself digitally.

Mitigation Strategies

Companies adopt various mitigation strategies to prevent cyberattacks and protect their
sensitive data and systems. Some common strategies include:

Strong Perimeter Defense

Companies employ firewalls, intrusion detection systems (IDS), and intrusion prevention
systems (IPS) to monitor and control incoming and outgoing network traffic. These
defences are a barrier against unauthorised access, and help identify and block potential
threats.

Secure Network Architecture

Implementing secure network architectures, such as network segmentation and access

controls, helps limit the lateral movement of attackers within the network. This ensures that
the damage can be contained even if one part of the network is compromised.

Robust Authentication and Access Controls

Strong authentication mechanisms, like multi-factor authentication (MFA) and password

policies, are enforced to prevent unauthorised access to systems and sensitive data. Access
controls are implemented to ensure that employees only have access to the information
necessary for their roles.

Regular Patching and Updates

Companies maintain a proactive approach to patch management and software updates. They
ensure that all software, operating systems, and applications are regularly updated with the
latest security patches to address known vulnerabilities.

Data Encryption
 PROF.DEVANSHI DAVE

Companies employ encryption techniques to protect sensitive data at rest and in transit.
Encryption helps ensure that even if data is intercepted or stolen, it remains unreadable and
unusable without the decryption keys.
 PROF.DEVANSHI DAVE

Continuous Monitoring and Threat Intelligence

Companies employ security monitoring tools and techniques to detect and respond to
potential threats in real-time. They also leverage threat intelligence sources to stay
informed about the latest threats and vulnerabilities, allowing them to implement preventive
measures proactively.

Regular Security Assessments

Companies conduct periodic security assessments and penetration testing to identify

vulnerabilities and weaknesses in their systems. These assessments help uncover potential
entry points for attackers and provide insights for improving security measures.

By implementing a comprehensive approach that combines technical safeguards, employee

awareness, and proactive measures, companies can significantly reduce the risk of
cyberattacks and protect their valuable assets