Home  [Bill's Home]

This page contains a number of security examples. All these examples are shown with ASP.NET (apart from the one on RSA, which does not run on many Web provider platforms), which is the Web platform of the future! Presentations on encryption/authentication, and so on, are available at:

Introduction to Security [Link][PDF][Test][Deep Zoom][Browse][Download standalone version].
Principles of IDS
[Link][PDF][Test][Deep Zoom][Browse][Download standalone version].
Principles of Encryption
[Link][PDF][Test][Deep Zoom][Browse][Download standalone version].
Principles of Authentication [Link][PDF][Test][Download standalone version].
Principles of Network Security [Link][Standalone Download].
Principles of Software Security [Link][Standalone Download].
Principles of Software Security Part 2 [Link].
Principles of Software Security Part 3 [Link]: ASP.NET, Web.config, Role-based security.
Principles of Wireless Security [Link].
Principles of Digital Forensics [Link Pt1][Link Pt2 - Network Forensics][Standalone Download].
Demo of CardSpace [Link].
CardSpace implementation [Link].
Tutorial [Link].

.NET 3.0 WPF [Full lecture 1][Full lecture 2].
.NET 3.0 WFC [Zoom][Tutorial].
.NET 3.0 WWF [Zoom].

and for PIX/ASA:

Introduction to PIX/ASA [Link] - with CLI.
Introduction to PIX/ASA [Link] - with CLI and ASDM - Part 1.
Context-based ACLs [Link].
VPN [Link].
Starting with ASA [Link].
New ASDM simulator [Demo][Sample].

Stand-alone version of the lectures [Here].

Private-key encryption

The following are the tips related to private-key encryption:

3DES [Link]. The DES encryption algorithm uses a 64-bit block and a 64-bit encryption key (of which only 56 bits are actively used in the encryption process). Unfortunately DES has been around for a long time, and the 56-bit version is now easily crackable (in less than a day, on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (2x54 bits - with a combination of the three keys - of which two of the keys are typically the same). The algorithm is EncryptK3( DecryptK2( EncryptK1(message), where K1 and K3 are typically the same (to keep compatibility). [My Toolkit]

RC2 [Link]. RC2 ("Rivest Cipher") is seen as a replacement for DES. It was created by Ron Rivest in 1987, and is a 64-bit block code and can have a key size from 40 bits to 128-bits (in increments of 8 bits). The 40-bit key version is seen as weak, as the encryption key is so small, but is favoured by governments for export purposes, as it can be easily cracked. In this case the key is created from a Key and an IV (Initialisation Vector). The key has 12 characters (96 bits), and the IV has 8 characters (64 bits), which go to make the overall key. [My Toolkit]

AES/Rijndael [Link]. AES (or Rijndael) is the new replacement for DES, and uses 128-bit blocks with 128, 192 and 256 bit encryption keys. It was selected by NIST in 2001 (after a five year standardisation process). The name Rijndael comes from its Belgium creators: Joan Daemen and Vincent Rijmen. [My Toolkit]

Skipjack. To be completed.

Key interchange

The following relates to key interchange:

Diffie-Hellman [Link]. Diffie-Hellman is a standard method of Alice and Bob being able to communicate, and end up with the same secret encryption key. It is used in many applications.

Public-key encryption

The following relates to public key encryption:

Simple RSA key generation [Link] for ASP.NET. This is a simple tutorial for RSA key generation.

RSA [Link] for ASP.NET. RSA is an asymmetric encyption algorithm, which uses two keys, one to encrypt and the other to decrypt. It was created1977 by Ron Rivest, Adi Shamir, and Leonard Adleman, and is still one of the most widely used encryption methods. A typical application is in authenticating a sender, where the senders private key is used to encrypt a message, and then is decrypted by the receiver with the senders public key (which is known to anyone who wants it). It is also typically used for encrypting disks/files, such as for EFS.

RSA [Link] for Windows. There is a security risk to run the RSA method on IIS servers, and many Web hosting companies block the generation of RSA keys. Thus this version uses a Windows based system to illustrate public key.

Hash methods

The following are the tips related to hashing:

MD5 and SHA-1 [Link]. MD5 and SHA-1 methods produces a hash signature, and are the two of the most widely used methods. The MD5 algorithm has been show to have weaknesses, and a collision of message hashes has been shown to occur in less than one day. An MD5 signature has 128 bits, an SHA-1 signature has 160 bits, and an SHA-256 signature has 256 bits. [My Toolkit]

MD5 and SHA-1 (to Base-64) [Link]. MD5 and SHA-1 produces a hash signature, and the output is typically show in a hex format or a Base-64. In this example the output is converted into a Base-64 format. [My Toolkit]

MD5 and SHA-1 (to Base-64) with salt [Link]. It is possible to add salt to the MD5 algorithm, to mix it up a little. [My Toolkit]

HMAC [Link]. HMAC is a message authentication code (MAC) and can be used to verify the integrity and authentication of a message. It involves hashing a message with a secret key. As with any MAC, it can be used with standard hash function, such as MD5 or SHA-1, which results in methods such as HMAC-MD5 or HMAC-SHA-1. As with any hashing function, the strength depends on the quality of the hashing function, and the resulting number of code bits. Along with this the number of bits in the secret key is a factor.

LM Hash [Link]. This is an LM Hash Calculator. LM Hash is used in many version of Windows to store user passwords that are fewer than 15 characters long.

Digital Certificates

The following relates to digital certificates:

Digital Certificates [Link]. Digital certificate are used to carry the public/private key (which is kept secret). They are typically used to store the key pair, or, once the private key is stripped-off, they are used to authenticate an entity (by gaining access to the public key). The typical formats are IKE; - PKCS #; - PKCS #10; and X.509v3 certificates.

Related - Expired Certificate [Zoom]
Related - Exporting Certificate [Zoom]
Related - Browser and certicates [Zoom]

ASP.NET Security

The following relates to ASP.NET security:

Web.config [Link]. The following is a demonstration of the Web.config file in ASP.NET. Alt Demo: [Link]

Role-based security [Link]. The Microsoft .NET environment now offers an excellent alternative to Java in producing portable and secure code. It uses a role-based approach for user authentication, with the WindowsIndentity class, where the GetCurrent() method can be used to get the current user. The WindowsPrincipal class can then be used to apply the role.

Secure Function Evaluation (SFE)

The following relates to an SFE:

SFE [Link]. SFE can be used to verify a value, without releasing the original data. For example if we have a voting competion with Bob, Alice and Carol. Bob, Alice and Carol vote, and they want to keep their votes secret, but they need to calculate the overall total. Typically an independent person would tally up the votes, but what if they do not trust anyone. This is where SFE comes in, where they can calculate the total with knowing the votes from the others.

WinPCap

The following relate to capturing and processing data packets:

Capture from an interface [Link]. The Winpcap library is an excellent method of reading and writing data packet, but it is not so easy to interface to from .NET. Thus this design tip uses a code wrapper from the Code Project.

Data packet capture [Link]. The Winpcap library is an excellent method of reading and writing data packet, but it is not so easy to interface to from .NET. Thus this design tip uses a code wrapper from the Code Project

Data packet filters [Link]. The WinPcap library can be used to read the source and destination IP addresses and TCP ports. For this the TCPPacket class is used.

DEMO:Running WinPCap to show interfaces [Link] [Tut 1.8.1][Src code]
DEMO:Running WinPCap to show packet capture [Link] [Tut 2.9.1][Src code]
DEMO:Running WinPCap to show packet details [Link] [Tut 3.13.1][Src code]

Calling and controlling Snort

The following relate to controlling Snort:

Calling Snort [Link]. The key foundation of most types of data packet detection is the usage of the WinPcap libraries (which have been used in the software tutorials in previous design tips). Many tools build on this including Snort [1], tcptrace ( to identity TCP sessions), tcpflow (to reconstruct TCP sessions) and Ether eal (to capture network traffic). Snort is one of the most widely-used IDS's, and can detect both signature and anomaly detection. In order not to burden the main processes on a machine, Snort runs as a background process and initially reads-in a set of rules ( filename .rules) and monitors the network traffic to produce event data and a log.

Using Snort to detect attacks [Link]. This examples shows how to use Snort to detect attacks.

A lecture on IDS is at: [Link], and some associated demos are:

DEMO:Running Snort from the command line [Link]

Codes

Challenge [Link]. See if you can score more than 30 ... enter your name, and take the challenge.

Caesar code challenge [Link]. A simple coding method is to simply move the alphabet by a number of places back or forward, such as to move it forward by three places.

Caesar Code Calculator [Link]. This page gives a basic calculator for a shifted alphabet code.

Vigenère challenge [Link]. An improved code was developed by Vigenère, where a different row is used for each character encryption, and is polyalphabetic cipher as it uses a number of cipher alphabets.   Then the way that the user moves between the rows must be agreed before encryption. This can be achieved with a code word, which defines the sequence of the rows.

Vigenère Calculator [Link]. This page gives a basic calculator for Vigenère.

Scrambled alphabet challenge [Link]. An improvement to the Ceaser code is to scramble up the mapping, such as in a code mapping. In this case a random mapping is used to deter the conversion. As there are more mappings, it improves the security of the code (as there can be 4.03x10^26 mappings), but it is still seen as being insecure as the probability of the letter in the mapped code is typically a pointer to the mapping. A formal analysis of the probabilities is given in the table below, where the letter ‘e’ is the most probable, followed by ‘t’, and then ‘o’, and so on. It is also possible to look at two-letter occurrences (digrams), or at three-letter occurrences. The key to cracking this code is to determine the probabilities of the letters in the code, and match them up with the expected probabilities.

Subnetting

These are a few IP related challenges:

Hex, binary and decimal [Link]. Converter.

Hex, binary and decimal [Link]. Converter.

IP Class [Link]. Converter.

IP Network [Link]. Converter.

IP Network Subnets [Link]. Converter.

IP Network Subnets [Link]. Random subnets.

IP Network Subnets [Link]. Max subnets.

IP Network Subnets [Link]. IP Class/Max subnet.

IP Network Subnets [Link]. IP Class/No hosts hosts per subnet.

Wireless conversion [Link]. mW to dBm.

CACL Analyser [Link]. ACL analyser.

Route Summ [Link]. Calculator.

Route Summ [Link]. Gen.

IP route table [Link]. Gen.

Find an IP address on the map [Link].

Others

The following relates a few other tips:

SSH in .NET [Link]. The following uses an SSH component to create an SSH session.

Encryption tutorial [Link].

Base-64 encoding [Link]. Many Internet protocols were not designed to transport binary information, thus there often needs to be a transform between binary data streams into a text format. One of the most common is Base64 which takes the bit stream, and converts each 6-bit binary value into a text value.

Obfuscation in GIF files [Link]. Hiding information has existed for many decades in many different forms. In fact stenanography, which is the science of hiding information within content, has been arrange for thousands of years, and includes using invisible inks and to hide information.

Obfuscation of .NET Part 1 [Link]. .NET and Java programs can be easily reverse engineered, as they use intemediate code. The following shows a demo, where the folllowing happens:

1. The file example.cs is built to produce example.exe.
2. The program is executed.
3. Exemplar (a reserve engineering program for .NET) is used to convert the EXE back to C# code.
4. Dotfuscator is then used to obfuscate the EXE.
5. Exemplar crashes when it now tries to reverse engineer the code -- thus the EXE is now safer from reverse engineers.

Obfuscation of .NET Part 2 [Link]. .NET and Java programs can be easily reverse engineered, as they use intemediate code. The following shows a demo, where the folllowing happens:

1. The file example.cs is built to produce example.exe.
2. ILDASM is used to view the manifest.
3. Exemplar (a reserve engineering program for .NET) is used to convert the EXE back to C# code.
4. Dotfuscator is then used to obfuscate the EXE.
5. ILDASM is used to view the manifest, and shows that the methods have been changed.

Watermarking [Link]. There are literately an endless number of ways that stenography can be used. One example, is to add information into files which can not actually used, such as in images files. The figure below shows an example where a GIF file contains a colour table, of which, typically, not all the colours are used in any image. Thus text can be added to the file, which will never actually be seen.

Covert channels [Link]. There are many methods of hidding messages within normal looking text.

Morse code and ADFGVX cipher [Link]. One method of coding is to use Morse code which encodes alphabetic and numeric characters with a sequence of dots (".") and dashes ("-").

Demo of CardSpace [Link]. This is a simple demo of Cardspace in a virtual environment.

CardSpace implementation [Link]. This shows the coding of Cardspace in ASP.NET.