In [1]:
!pip install cryptography
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes
from cryptography.fernet import Fernet
import time

# Generate RSA Keys 
def generate_key_pair():
    private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
    public_key = private_key.public_key()
    return private_key, public_key

A_private, A_public = generate_key_pair()
B_private, B_public = generate_key_pair()

# ACL Roles 
ACL = {
    "admin": ["read", "write", "delete"],
    "analyst": ["read", "write"],
    "guest": ["read"]
}

# Authentication Function 
def authenticate(signer_private, verifier_public, message):
    signature = signer_private.sign(
        message,
        padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
        hashes.SHA256()
    )
    try:
        verifier_public.verify(
            signature,
            message,
            padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
            hashes.SHA256()
        )
        return True, signature
    except Exception:
        return False, None

# Authorization Function 
def authorize(role, action):
    allowed_actions = ACL.get(role.lower(), [])
    return action in allowed_actions

# AES Encryption After Auth 
def aes_communication(shared_key, message):
    cipher = Fernet(shared_key)
    encrypted = cipher.encrypt(message)
    decrypted = cipher.decrypt(encrypted)
    return encrypted, decrypted

# Simulate Replay Attack Detection
def verify_timestamped_message(message_with_time, window=30):
    try:
        msg_parts = message_with_time.split(b'||')
        msg = msg_parts[0]
        timestamp = float(msg_parts[1].decode())
        current_time = time.time()
        if abs(current_time - timestamp) > window:
            return False, "Replay attack detected!"
        return True, msg.decode()
    except:
        return False, "Invalid message format!"

# Simulate Full Flow
originalMessage = b"Prove your identity"
timestampedMessage = originalMessage + b'||' + str(time.time()).encode()

# Authentication
auth_A_to_B, signature_A = authenticate(A_private, A_public, timestampedMessage)
auth_B_to_A, signature_B = authenticate(B_private, B_public, timestampedMessage)

# Authorization
A_role = "analyst"
requested_action = "delete"
authorization_result = authorize(A_role, requested_action)

# AES Secure Communication
aes_key = Fernet.generate_key()
encrypted_message, decrypted_message = aes_communication(aes_key, b"Hello World ")

# Replay Attack Check (simulate 5 seconds delay)
valid_replay_check, replay_result = verify_timestamped_message(timestampedMessage)
def print_scenario(title, results):
    print(f"{title}:")
    [print(f"{key}: {value}\n") for key, value in results.items()]





In [2]:
# Scenario 1
message1 = b"Hello "
timestamped1 = message1 + b'||' + str(time.time()).encode()

auth1_A_to_B, _ = authenticate(A_private, A_public, timestamped1)
auth1_B_to_A, _ = authenticate(B_private, B_public, timestamped1)

role1 = "analyst"
action1 = "write"
authz1 = authorize(role1, action1) if auth1_A_to_B and auth1_B_to_A else "Skipped (authentication failed)"

aes_key1 = Fernet.generate_key()
encrypted1, decrypted1 = aes_communication(aes_key1, message1)

replay_check1, replay_result1 = verify_timestamped_message(timestamped1)

scenario1_output = {
    "Authentication A -> B": auth1_A_to_B,
    "Authentication B -> A": auth1_B_to_A,
    "Role": role1,
    "Requested Action": action1,
    "Authorization Result": authz1,
    "Encrypted AES Message": encrypted1.decode(),
    "Decrypted AES Message": decrypted1.decode(),
    "Replay Check Valid": replay_check1,
    "Replay Check Result": replay_result1
}



In [3]:
# Scenario 2
message2 = b"Hello 2"
timestamped2 = message2 + b'||' + str(time.time()).encode()

auth2_A_to_B, _ = authenticate(A_private, A_public, timestamped2)
auth2_B_to_A, _ = authenticate(B_private, B_public, timestamped2)

role2 = "analyst"
action2 = "delete"
authz2 = authorize(role2, action2) if auth2_A_to_B and auth2_B_to_A else "Skipped (authentication failed)"

aes_key2 = Fernet.generate_key()
encrypted2, decrypted2 = aes_communication(aes_key2, message2)

replay_check2, replay_result2 = verify_timestamped_message(timestamped2)


scenario2_output = {
    "Authentication A -> B": auth2_A_to_B,
    "Authentication B -> A": auth2_B_to_A,
    "Role": role2,
    "Requested Action": action2,
    "Authorization Result": authz2,
    "Encrypted AES Message": encrypted2.decode(),
    "Decrypted AES Message": decrypted2.decode(),
    "Replay Check Valid": replay_check2,
    "Replay Check Result": replay_result2
}

In [4]:
# Scenario 3
message3 = b"Hello 3 "
timestamped3 = message3 + b'||' + str(time.time()).encode()

# Intentional mismatch in keys to fail authentication
auth3_A_to_B, _ = authenticate(B_private, A_public, timestamped3)  
auth3_B_to_A, _ = authenticate(A_private, B_public, timestamped3)  

role3 = "guest"
action3 = "read"
authz3 = authorize(role3, action3) if auth3_A_to_B and auth3_B_to_A else "Skipped (authentication failed)"

aes_key3 = Fernet.generate_key()
encrypted3, decrypted3 = aes_communication(aes_key3, message3)

replay_check3, replay_result3 = verify_timestamped_message(timestamped3)

scenario3_output = {
    "Authentication A -> B": auth3_A_to_B,
    "Authentication B -> A": auth3_B_to_A,
    "Role": role3,
    "Requested Action": action3,
    "Authorization Result": authz3,
    "Encrypted AES Message": encrypted3.decode(),
    "Decrypted AES Message": decrypted3.decode(),
    "Replay Check Valid": replay_check3,
    "Replay Check Result": replay_result3
}



In [5]:
print_scenario("Scenario 1", scenario1_output)
print_scenario("Scenario 2", scenario2_output)
print_scenario("Scenario 3", scenario3_output)

Scenario 1:
Authentication A -> B: True

Authentication B -> A: True

Role: analyst

Requested Action: write

Authorization Result: True

Encrypted AES Message: gAAAAABoEzmQUI8wPjTkV2AACpbUbkvWqPvs6QgoZGm5iFWNFM9p2sJhsvg005Uk_0gD-eN8svDxGm2KZb-cFFrsJC9T9-0qMw==

Decrypted AES Message: Hello 

Replay Check Valid: True

Replay Check Result: Hello 

Scenario 2:
Authentication A -> B: True

Authentication B -> A: True

Role: analyst

Requested Action: delete

Authorization Result: False

Encrypted AES Message: gAAAAABoEzmQb9X2h3aCoOpbMRL12ZvmzvFGpjJLvvQglv2ftwqP-4Q2-qXOV0rDPfh_qiTIqbbzGBzk_L5Ab8Wh341kVdPUHQ==

Decrypted AES Message: Hello 2

Replay Check Valid: True

Replay Check Result: Hello 2

Scenario 3:
Authentication A -> B: False

Authentication B -> A: False

Role: guest

Requested Action: read

Authorization Result: Skipped (authentication failed)

Encrypted AES Message: gAAAAABoEzmQiZRKi9cSMIl8BPoXw2WOC6JQPjR6Gqvvc9IVCycffBIee84mt9gdJQSCgnWNrO0KgQxdL20CE1p7knW7KgtB4Q==

Decrypted