CS6740 Spring 2016 Network Security Class Codes

This is implementation of my codes for CS6740 Network security

• Created self-signed RSA public/private keypair and used them to perform authenticated key agreement using Diffie-Hellman.

• Computed keys for HMAC (with SHA1 hash) and a shared secret key and IV for AES 256 bit CBC encryption using the exchanged secret.

• Performed file transfer over TCP sockets by Encrypt and MAC (SSH), Encrypt then MAC (IPSec) and MAC then Encrypt (TLS).

• Implemented Cross Site Request Forgery (CSRF) attack by using GET and POST requests with Html and Javascript.

• Executed Reflected Cross-site Scripting (XSS) attacks in Javascript to steal cookies using C programming and hijack session using a Java program. Created a script in AJAX for a self-propagating worm to implement stored XSS attack.

• Implemented exploits to attack various TCP/IP stack protocols under Ubuntu using Netwox (with C) and scapy (with python).

• The list of attacks includes ARP cache poisoning (MITM, DOS), ICMP Redirect Attack(MITM), SYN Flooding Attack(DOS), TCP RST Attacks on telnet and SSH Connections(DOS), TCP RST Attacks on Video Streaming Applications(DOS), ICMP Blind Connection-Reset, and Source-Quench Attacks(DOS), and TCP Session Hijacking (MITM, DOS).

• Scripted exploits in Python to do attacks on DNS such as Host file compromise, DNS ID poisoning and DNS cache poisoning.