
# Lab 5 : Cryptography

**FSCT 8540 : Network Security**

**Author:** Maryam R. Aliabadi

**Date:** Nov 12th, 2025

## Lab Overview
This lab provides hands-on practice with fundamental cryptography concepts, focusing on encryption, decryption, message authentication codes (MACs), and integrity/authentication mechanisms. Students will actively encrypt and decrypt messages, generate MACs, and verify data integrity to understand how cryptography secures network communications.

## Learning Objectives
By the end of this lab, students will be able to:
1. Encrypt and decrypt messages using symmetric encryption (AES).
2. Encrypt and decrypt messages using asymmetric encryption (RSA).
3. Generate and verify Message Authentication Codes (MACs).
4. Detect tampering and analyze its effect on decryption and MAC verification.
5. Apply authenticated encryption to ensure confidentiality, integrity, and authenticity.


In [1]:
!pip install pycryptodome

Collecting pycryptodome
  Downloading pycryptodome-3.23.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (3.4 kB)
Downloading pycryptodome-3.23.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.3 MB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.3/2.3 MB[0m [31m21.6 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodome
Successfully installed pycryptodome-3.23.0


In [2]:
# Import required libraries
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import os
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import hmac, hashlib


# Task 1: Symmetric Encryption

In [24]:
# Generate a key and encrypt your the following secret message
key = os.urandom(32)  # 256-bit key
iv = os.urandom(16)   # Initialization vector

plaintext = b"My secret network message"
print("Plaintext:", plaintext)

# Encrypt using AES CBC mode
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
encryptor = cipher.encryptor()
padded_plaintext = plaintext + b' ' * (16 - len(plaintext) % 16)  # padding
ciphertext = encryptor.update(padded_plaintext) + encryptor.finalize()
print("Ciphertext:", ciphertext)

# Decrypt
# Challenge: Modify the ciphertext slightly and try to decrypt. Observe what happens.
decryptor = cipher.decryptor()
decrypted = decryptor.update(ciphertext) + decryptor.finalize()
print("Decrypted:", decrypted.strip())


## Challenge 1:
- Try encrypting your own three secret messages with the same key AES algorythm and decrypt them.
- Print the plain messages and their cipher texts.
- Can you find any pattern/similarity among three cipher texts?

In [None]:
key = os.urandom(32)  # 256-bit key
iv = os.urandom(16)   # Initialization vector

plaintext_1 = b"I am a BCIT student"
plaintext_2 = b"I am in the Forensics"
plaintext_3 = b"I love cryptography"
print("Plaintext 1": plaintext_1) 

# Encrypt using AES CBC mode
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
encryptor = cipher.encryptor()
padded_plaintext = plaintext + b' ' * (16 - len(plaintext) % 16)  # padding
ciphertext = encryptor.update(padded_plaintext) + encryptor.finalize()
print("Ciphertext:", ciphertext)

# Decrypt
# Challenge: Modify the ciphertext slightly and try to decrypt. Observe what happens.
decryptor = cipher.decryptor()
decrypted = decryptor.update(ciphertext) + decryptor.finalize()
print("Decrypted:", decrypted.strip())


# Task 2: Asymmetric Encryption

In [18]:
# Create an RSA key pair and encrypt your own message

In [25]:
rsa_key = RSA.generate(2048)
public_key = rsa_key.publickey()

message = b"My secret RSA message"
cipher_rsa = PKCS1_OAEP.new(public_key)
ciphertext_rsa = cipher_rsa.encrypt(message)
print("Ciphertext RSA:", ciphertext_rsa)


## Challenge 2:
- Rerun the above code and encrypt your own three secret messages using RAS algorithm and decrypt them.
- Print the plain messages and their cipher texts.
- Can you find any pattern/similarity among three cipher texts?

In [26]:
# Decrypt the cipher message
decipher_rsa = PKCS1_OAEP.new(rsa_key)
plaintext_rsa = decipher_rsa.decrypt(ciphertext_rsa)
print("Decrypted RSA:", plaintext_rsa)

## Challenge 3: 
- Exchange your three ciphertexts (encrypted using RSA in previous step) with a partner and decrypt them using your own keys.
- What is the result?
- What security principles is verfied in this challenge?

# Task 3: Message Authentication Code (MAC)


In [None]:
# Generate a MAC for your message and verify it
mac_key = b'secret_mac_key'
msg = b'Important network data'
mac = hmac.new(mac_key, msg, hashlib.sha256).hexdigest()
print("MAC:", mac)

# Verify MAC
verify_mac = hmac.new(mac_key, msg, hashlib.sha256).hexdigest()
print("MAC Verification:", mac == verify_mac)

# Modify the message and observe the MAC verification failure
tampered_msg = b'Important network datA'
verify_tampered = hmac.new(mac_key, tampered_msg, hashlib.sha256).hexdigest()
print("Tampered Verification (should be False):", mac == verify_tampered)

## Challenge 4: 
- Create three messages.
- For each messages, generate a MAC and verify it. 
- For each message, print the result.
- Modify each message and observe the MAC verification failure.
- Print the result for each message 

# Task 4: Combined Symmetric Encryption + MAC


In [None]:
# Encrypt a message and generate a MAC for it
auth_message = b'Authenticated network message'
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
encryptor = cipher.encryptor()
padded_auth_message = auth_message + b' ' * (16 - len(auth_message) % 16)
ciphertext_auth = encryptor.update(padded_auth_message) + encryptor.finalize()

# Generate MAC for ciphertext
cipher_mac = hmac.new(mac_key, ciphertext_auth, hashlib.sha256).hexdigest()
print("Ciphertext:", ciphertext_auth)
print("MAC for ciphertext:", cipher_mac)

# Tamper with ciphertext and attempt verification
verify_cipher_mac = hmac.new(mac_key, ciphertext_auth, hashlib.sha256).hexdigest()
if cipher_mac == verify_cipher_mac:
    decryptor = cipher.decryptor()
    decrypted_auth = decryptor.update(ciphertext_auth) + decryptor.finalize()
    print("Decrypted Authenticated Message:", decrypted_auth.strip())
else:
    print("MAC verification failed! Possible tampering detected.")


## Challenge 5: 
- Encrypt your own message and generate a MAC for it.
- Then tamper with ciphertext and attempt verification.
- Which security property is violated in this challenge?


# Task 5: Verifying Core Security Principles 

## Challenge 6: The Grand Finale
In this final challenge, you’ll combine everything you’ve learned!

- Create a custom message: “My name is $<your name>$ and I am a future network security superhero!”
- Implement RSA signing and verification using private/public keys.
- Encrypt the message (AES or RSA ?).
- Generate a MAC for the ciphertext.
- Verify all three core security principles:
  -  Confidentiality → via encryption/decryption
  -  Integrity → via MAC verification
  -  Authenticity → via digital signature validation


## Submission Instructions:
- Create a Jupyter Notebook containing the task execution result.
- Include a short report within the notebook answering challenge questions for each task.
- Convert your Jupyter Notebook to PDF.
- Use the following filename format: Lab5-FirstName-LastName-StdNo.PDF.
- Upload your PDF to the Learning Hub before the deadline: Nov 19th at 11:59 PM.

# Good Luck!