In [None]:
# Install the required library
!pip install cryptography

# Copy the code from the artifact
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature
import time

class CryptoDemo:
    def __init__(self):
        # Generate RSA keys for digital signatures
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()

        # Generate a secret key for MAC
        self.mac_key = b'secret_key_12345'

    # Rest of the code...

def demonstrate_replay_attack():
    demo = CryptoDemo()
    # Rest of the demonstration code...

demonstrate_replay_attack()




In [None]:
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature
import time

class CryptoDemo:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()

        self.mac_key = b'secret_key_12345'

    def create_digital_signature(self, message):
        signature = self.private_key.sign(
            message.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return signature

    def verify_digital_signature(self, message, signature):
        try:
            self.public_key.verify(
                signature,
                message.encode(),
                padding.PSS(
                    mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH
                ),
                hashes.SHA256()
            )
            return True
        except InvalidSignature:
            return False

    def create_mac(self, message):
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message.encode())
        return h.finalize()

    def verify_mac(self, message, mac):
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message.encode())
        try:
            h.verify(mac)
            return True
        except InvalidSignature:
            return False

    def demonstrate_replay_attack(self):
        message = "Transfer $1000 to Oscar"

        signature = self.create_digital_signature(message)
        mac = self.create_mac(message)

        print("Original Message Verification:")
        print("DS Verification:", self.verify_digital_signature(message, signature))
        print("MAC Verification:", self.verify_mac(message, mac))

        print("\nReplay Attack Simulation:")
        for i in range(3):
            print(f"\nReplay {i+1}:")
            print("DS Verification:", self.verify_digital_signature(message, signature))
            print("MAC Verification:", self.verify_mac(message, mac))

crypto_demo = CryptoDemo()
crypto_demo.demonstrate_replay_attack()


Original Message Verification:
DS Verification: True
MAC Verification: True

Replay Attack Simulation:

Replay 1:
DS Verification: True
MAC Verification: True

Replay 2:
DS Verification: True
MAC Verification: True

Replay 3:
DS Verification: True
MAC Verification: True


In [None]:
from google.colab import drive
drive.mount('/content/drive')

In [None]:
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature
import time

class CryptoDemo:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()

        self.mac_key = b'secret_key_12345'

    # Digital Signature Methods
    def create_digital_signature(self, message):
        signature = self.private_key.sign(
            message.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return signature

    def verify_digital_signature(self, message, signature):
        try:
            self.public_key.verify(
                signature,
                message.encode(),
                padding.PSS(
                    mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH
                ),
                hashes.SHA256()
            )
            return True
        except InvalidSignature:
            return False

    def demonstrate_digital_signature_replay_attack(self):
        message = "Transfer $1000 to Oscar"
        signature = self.create_digital_signature(message)

        print("Original Digital Signature Verification:")
        print("DS Verification:", self.verify_digital_signature(message, signature))

        print("\nDigital Signature Replay Attack Simulation:")
        for i in range(3):
            print(f"Replay {i+1}: DS Verification:", self.verify_digital_signature(message, signature))

    # Message Authentication Code (MAC) Methods
    def create_mac(self, message):
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message.encode())
        return h.finalize()

    def verify_mac(self, message, mac):
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message.encode())
        try:
            h.verify(mac)
            return True
        except InvalidSignature:
            return False

    def demonstrate_mac_replay_attack(self):
        message = "Transfer $1000 to Oscar"
        mac = self.create_mac(message)

        print("Original MAC Verification:")
        print("MAC Verification:", self.verify_mac(message, mac))

        print("\nMAC Replay Attack Simulation:")
        for i in range(3):
            print(f"Replay {i+1}: MAC Verification:", self.verify_mac(message, mac))

# Create instance of CryptoDemo
crypto_demo = CryptoDemo()

# Run Digital Signature demonstration
print("=== Digital Signature Demonstration ===")
crypto_demo.demonstrate_digital_signature_replay_attack()

print("\n=== Message Authentication Code (MAC) Demonstration ===")
# Run MAC demonstration
crypto_demo.demonstrate_mac_replay_attack()


=== Digital Signature Demonstration ===
Original Digital Signature Verification:
DS Verification: True

Digital Signature Replay Attack Simulation:
Replay 1: DS Verification: True
Replay 2: DS Verification: True
Replay 3: DS Verification: True

=== Message Authentication Code (MAC) Demonstration ===
Original MAC Verification:
MAC Verification: True

MAC Replay Attack Simulation:
Replay 1: MAC Verification: True
Replay 2: MAC Verification: True
Replay 3: MAC Verification: True


# New Section

In [None]:
# Import necessary libraries
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
from cryptography.hazmat.primitives import hmac
import os

# Generate RSA keys for Digital Signature
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key = private_key.public_key()

# Define a message
message = b"Transfer $1000 to Oscar"

# Digital Signature Creation
signature = private_key.sign(
    message,
    padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
    hashes.SHA256()
)

# Digital Signature Verification
try:
    public_key.verify(
        signature,
        message,
        padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
        hashes.SHA256()
    )
    print("Digital Signature verified.")
except Exception as e:
    print("Verification failed:", e)

# Generate a MAC key
mac_key = os.urandom(32)

# Create MAC for the message
h = hmac.HMAC(mac_key, hashes.SHA256())
h.update(message)
mac = h.finalize()

# Verify MAC
try:
    h = hmac.HMAC(mac_key, hashes.SHA256())
    h.update(message)
    h.verify(mac)
    print("MAC verified.")
except Exception as e:
    print("MAC verification failed:", e)

# Replay Prevention Solution: Add a Nonce
nonce = os.urandom(16)  # Unique nonce for each message
message_with_nonce = nonce + message

# Sign message with nonce
signature_with_nonce = private_key.sign(
    message_with_nonce,
    padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
    hashes.SHA256()
)

# Verify the nonce signature
try:
    public_key.verify(
        signature_with_nonce,
        message_with_nonce,
        padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
        hashes.SHA256()
    )
    print("Digital Signature with nonce verified.")
except Exception as e:
    print("Verification with nonce failed:", e)


Digital Signature verified.
MAC verified.
Digital Signature with nonce verified.


In [None]:
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature

class ReplayAttackDemo:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()
        self.mac_key = b'secret_key_12345'

    def send_message_without_protection(self, message):
        print(f"Original message sent: '{message}'")

    def replay_attack_without_protection(self, message):
        print(f"Replay attack without protection: '{message}'")
        print("Replay attack detected: No (Bob cannot detect replays without DS/MAC)\n")

    def create_digital_signature(self, message):
        return self.private_key.sign(
            message.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )

    def verify_digital_signature(self, message, signature):
        try:
            self.public_key.verify(
                signature,
                message.encode(),
                padding.PSS(
                    mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH
                ),
                hashes.SHA256()
            )
            return True
        except InvalidSignature:
            return False

    def demonstrate_digital_signature_replay_attack(self, message):
        signature = self.create_digital_signature(message)
        print("=== Digital Signature Replay Attack Demonstration ===")
        print("Original message sent with DS.")
        print("DS Verification (Original):", self.verify_digital_signature(message, signature))

        print("\nSimulating Replay Attack with Digital Signature:")
        for i in range(3):
            print(f"Replay {i+1}: ", end="")
            if self.verify_digital_signature(message, signature):
                print("Replay Successful (DS Verification Passed)")
            else:
                print("Replay Detected (DS Verification Failed)")

        print("\nOverall Result: The Digital Signature mechanism cannot inherently detect replays without additional safeguards.\n")

    def create_mac(self, message):
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message.encode())
        return h.finalize()

    def verify_mac(self, message, mac):
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message.encode())
        try:
            h.verify(mac)
            return True
        except InvalidSignature:
            return False

    def demonstrate_mac_replay_attack(self, message):
        mac = self.create_mac(message)
        print("=== MAC Replay Attack Demonstration ===")
        print("Original message sent with MAC.")
        print("MAC Verification (Original):", self.verify_mac(message, mac))

        print("\nSimulating Replay Attack with MAC:")
        for i in range(3):
            print(f"Replay {i+1}: ", end="")
            if self.verify_mac(message, mac):
                print("Replay Successful (MAC Verification Passed)")
            else:
                print("Replay Detected (MAC Verification Failed)")

        print("\nOverall Result: The MAC mechanism cannot inherently detect replays without additional safeguards.\n")

        signature_with_nonce = private_key.sign(
    message_with_nonce,
    padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
    hashes.SHA256()
)

demo = ReplayAttackDemo()
message = "Transfer $1000 to Oscar"
print("=== Replay Attack Without Protection ===")
demo.send_message_without_protection(message)
demo.replay_attack_without_protection(message)
demo.demonstrate_digital_signature_replay_attack(message)
demo.demonstrate_mac_replay_attack(message)


=== Replay Attack Without Protection ===
Original message sent: 'Transfer $1000 to Oscar'
Replay attack without protection: 'Transfer $1000 to Oscar'
Replay attack detected: No (Bob cannot detect replays without DS/MAC)

=== Digital Signature Replay Attack Demonstration ===
Original message sent with DS.
DS Verification (Original): True

Simulating Replay Attack with Digital Signature:
Replay 1: Replay Successful (DS Verification Passed)
Replay 2: Replay Successful (DS Verification Passed)
Replay 3: Replay Successful (DS Verification Passed)

Overall Result: The Digital Signature mechanism cannot inherently detect replays without additional safeguards.

=== MAC Replay Attack Demonstration ===
Original message sent with MAC.
MAC Verification (Original): True

Simulating Replay Attack with MAC:
Replay 1: Replay Successful (MAC Verification Passed)
Replay 2: Replay Successful (MAC Verification Passed)
Replay 3: Replay Successful (MAC Verification Passed)

Overall Result: The MAC mechanism

NameError: name 'private_key' is not defined

In [None]:
!pip install cryptography
from cryptography.hazmat.primitives import hashes, hmac, serialization
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature
import os

class ReplayAttackDemo:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()
        self.mac_key = b'secret_key_12345'

    def create_digital_signature(self, message, nonce=None):
        data_to_sign = message.encode()
        if nonce:
            data_to_sign = nonce + data_to_sign
        return self.private_key.sign(
            data_to_sign,


SyntaxError: incomplete input (<ipython-input-4-9c7d9278fef5>, line 22)

In [None]:
import os
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature

class ReplayAttackWithNonce:
    def __init__(self):
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()
        self.mac_key = b'secret_key_12345'
        self.seen_nonces = set()  # Store previously seen nonces to detect replays

    def generate_nonce(self):
        return os.urandom(16)  # Generate a random 16-byte nonce

    def create_digital_signature_with_nonce(self, message, nonce):
        message_with_nonce = message + "|" + nonce.hex()
        signature = self.private_key.sign(
            message_with_nonce.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return message_with_nonce, signature

    def verify_digital_signature_with_nonce(self, message_with_nonce, signature):
        nonce = message_with_nonce.split("|")[-1]
        if nonce in self.seen_nonces:
            print("Replay detected (DS Verification Failed): Nonce already used.")
            return False
        self.seen_nonces.add(nonce)
        try:
            self.public_key.verify(
                signature,
                message_with_nonce.encode(),
                padding.PSS(
                    mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH
                ),
                hashes.SHA256()
            )
            print("DS Verification Successful (New Nonce)")
            return True
        except InvalidSignature:
            print("DS Verification Failed (Invalid Signature)")
            return False

    def demonstrate_digital_signature_replay_attack_with_nonce(self):
        message = "Transfer $1000 to Oscar"
        nonce = self.generate_nonce()
        message_with_nonce, signature = self.create_digital_signature_with_nonce(message, nonce)

        print("=== Digital Signature Replay Attack Prevention with Nonce ===")
        print("Original message sent with DS and nonce.")
        self.verify_digital_signature_with_nonce(message_with_nonce, signature)

        # Replay attack simulation with the same nonce
        print("\nSimulating Replay Attack with the same nonce:")
        for i in range(3):
            print(f"Replay {i+1}: ", end="")
            self.verify_digital_signature_with_nonce(message_with_nonce, signature)

demo = ReplayAttackWithNonce()
demo.demonstrate_digital_signature_replay_attack_with_nonce()


=== Digital Signature Replay Attack Prevention with Nonce ===
Original message sent with DS and nonce.
DS Verification Successful (New Nonce)

Simulating Replay Attack with the same nonce:
Replay 1: Replay detected (DS Verification Failed): Nonce already used.
Replay 2: Replay detected (DS Verification Failed): Nonce already used.
Replay 3: Replay detected (DS Verification Failed): Nonce already used.


In [None]:
import os
import time
from datetime import datetime, timedelta
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature

class ReplayAttackWithTimestampProtection:
    def __init__(self):
        # Initialize RSA keys for DS
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()

        # Secret key for MAC
        self.mac_key = b'secret_key_12345'
        # Define an acceptable time window (e.g., 5 seconds)
        self.acceptable_window = timedelta(seconds=5)
        # Track the most recent timestamp processed by Bob
        self.last_processed_timestamp = None

    def get_timestamp(self):
        return datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    # Digital Signature (DS) with Timestamp
    def create_digital_signature_with_timestamp(self, message, timestamp):
        message_with_timestamp = f"{message} | Timestamp: {timestamp}"
        signature = self.private_key.sign(
            message_with_timestamp.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return message_with_timestamp, signature

    def verify_digital_signature_with_timestamp(self, message_with_timestamp, signature):
        # Extract timestamp from the message
        timestamp_str = message_with_timestamp.split("Timestamp: ")[-1]
        timestamp = datetime.strptime(timestamp_str, '%Y-%m-%d %H:%M:%S')

        # Check if the timestamp is within the acceptable time window
        if self.last_processed_timestamp and timestamp <= self.last_processed_timestamp:
            print("Replay detected (DS Verification Failed): Timestamp is too old or duplicated.")
            return False

        # Update last processed timestamp
        if datetime.utcnow() - timestamp <= self.acceptable_window:
            self.last_processed_timestamp = timestamp
            try:
                self.public_key.verify(
                    signature,
                    message_with_timestamp.encode(),
                    padding.PSS(
                        mgf=padding.MGF1(hashes.SHA256()),
                        salt_length=padding.PSS.MAX_LENGTH
                    ),
                    hashes.SHA256()
                )
                print("DS Verification Successful (Valid Timestamp)")
                return True
            except InvalidSignature:
                print("DS Verification Failed (Invalid Signature)")
                return False
        else:
            print("Replay detected (DS Verification Failed): Timestamp is outside acceptable window.")
            return False

    def demonstrate_digital_signature_replay_attack_with_timestamp(self):
        message = "Transfer $1000 to Oscar"
        timestamp = self.get_timestamp()
        message_with_timestamp, signature = self.create_digital_signature_with_timestamp(message, timestamp)

        print("=== Digital Signature Replay Attack Prevention with Timestamp ===")
        print("Original message sent with DS and timestamp:", message_with_timestamp)
        self.verify_digital_signature_with_timestamp(message_with_timestamp, signature)

        # Replay attack simulation after a delay
        print("\nSimulating Replay Attack with the same timestamp:")
        time.sleep(2)  # Delay to simulate replay
        for i in range(3):
            print(f"Replay {i+1}: ", end="")
            self.verify_digital_signature_with_timestamp(message_with_timestamp, signature)

    # Message Authentication Code (MAC) with Timestamp
    def create_mac_with_timestamp(self, message, timestamp):
        message_with_timestamp = f"{message} | Timestamp: {timestamp}"
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message_with_timestamp.encode())
        mac = h.finalize()
        return message_with_timestamp, mac

    def verify_mac_with_timestamp(self, message_with_timestamp, mac):
        # Extract timestamp from the message
        timestamp_str = message_with_timestamp.split("Timestamp: ")[-1]
        timestamp = datetime.strptime(timestamp_str, '%Y-%m-%d %H:%M:%S')

        # Check if the timestamp is within the acceptable time window
        if self.last_processed_timestamp and timestamp <= self.last_processed_timestamp:
            print("Replay detected (MAC Verification Failed): Timestamp is too old or duplicated.")
            return False

        # Update last processed timestamp
        if datetime.utcnow() - timestamp <= self.acceptable_window:
            self.last_processed_timestamp = timestamp
            h = hmac.HMAC(self.mac_key, hashes.SHA256())
            h.update(message_with_timestamp.encode())
            try:
                h.verify(mac)
                print("MAC Verification Successful (Valid Timestamp)")
                return True
            except InvalidSignature:
                print("MAC Verification Failed (Invalid MAC)")
                return False
        else:
            print("Replay detected (MAC Verification Failed): Timestamp is outside acceptable window.")
            return False

    def demonstrate_mac_replay_attack_with_timestamp(self):
        message = "Transfer $1000 to Oscar"
        timestamp = self.get_timestamp()
        message_with_timestamp, mac = self.create_mac_with_timestamp(message, timestamp)

        print("=== MAC Replay Attack Prevention with Timestamp ===")
        print("Original message sent with MAC and timestamp:", message_with_timestamp)
        self.verify_mac_with_timestamp(message_with_timestamp, mac)

        # Replay attack simulation after a delay
        print("\nSimulating Replay Attack with the same timestamp:")
        time.sleep(2)  # Delay to simulate replay
        for i in range(3):
            print(f"Replay {i+1}: ", end="")
            self.verify_mac_with_timestamp(message_with_timestamp, mac)

# Create instance of the class
demo = ReplayAttackWithTimestampProtection()

# Demonstrate Digital Signature with Timestamp
demo.demonstrate_digital_signature_replay_attack_with_timestamp()

print("\n" + "="*50 + "\n")

# Demonstrate MAC with Timestamp
demo.demonstrate_mac_replay_attack_with_timestamp()


=== Digital Signature Replay Attack Prevention with Timestamp ===
Original message sent with DS and timestamp: Transfer $1000 to Oscar | Timestamp: 2024-11-12 00:43:22
DS Verification Successful (Valid Timestamp)

Simulating Replay Attack with the same timestamp:
Replay 1: Replay detected (DS Verification Failed): Timestamp is too old or duplicated.
Replay 2: Replay detected (DS Verification Failed): Timestamp is too old or duplicated.
Replay 3: Replay detected (DS Verification Failed): Timestamp is too old or duplicated.


=== MAC Replay Attack Prevention with Timestamp ===
Original message sent with MAC and timestamp: Transfer $1000 to Oscar | Timestamp: 2024-11-12 00:43:24
MAC Verification Successful (Valid Timestamp)

Simulating Replay Attack with the same timestamp:
Replay 1: Replay detected (MAC Verification Failed): Timestamp is too old or duplicated.
Replay 2: Replay detected (MAC Verification Failed): Timestamp is too old or duplicated.
Replay 3: Replay detected (MAC Verificat

In [None]:
import os
from cryptography.hazmat.primitives import hashes, hmac
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature

class ReplayAttackWithNonceProtection:
    def __init__(self):
        # Initialize RSA keys for DS
        self.private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        self.public_key = self.private_key.public_key()

        # Secret key for MAC
        self.mac_key = b'secret_key_12345'
        # Set to store used nonces to detect replays
        self.seen_nonces = set()

    def generate_nonce(self):
        return os.urandom(16)  # Generate a random 16-byte nonce

    def create_signature_and_mac_with_nonce(self, message):
        # Generate a unique nonce
        nonce = self.generate_nonce()

        # Append nonce to the message
        message_with_nonce = f"{message} | Nonce: {nonce.hex()}"

        # Create Digital Signature (DS) with nonce
        signature = self.private_key.sign(
            message_with_nonce.encode(),
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )

        # Create Message Authentication Code (MAC) with nonce
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message_with_nonce.encode())
        mac = h.finalize()

        return message_with_nonce, signature, mac

    def verify_signature_and_mac_with_nonce(self, message_with_nonce, signature, mac):
        # Extract nonce from the message
        nonce_str = message_with_nonce.split("Nonce: ")[-1]

        # Check if the nonce has already been used
        if nonce_str in self.seen_nonces:
            print("Replay detected: Nonce already used.")
            return False

        # Add the nonce to seen nonces to prevent future replays
        self.seen_nonces.add(nonce_str)

        # Verify Digital Signature (DS)
        try:
            self.public_key.verify(
                signature,
                message_with_nonce.encode(),
                padding.PSS(
                    mgf=padding.MGF1(hashes.SHA256()),
                    salt_length=padding.PSS.MAX_LENGTH
                ),
                hashes.SHA256()
            )
            print("DS Verification Successful (Valid Nonce)")
        except InvalidSignature:
            print("DS Verification Failed (Invalid Signature)")
            return False

        # Verify Message Authentication Code (MAC)
        try:
            h = hmac.HMAC(self.mac_key, hashes.SHA256())
            h.update(message_with_nonce.encode())
            h.verify(mac)
            print("MAC Verification Successful (Valid Nonce)")
            return True
        except InvalidSignature:
            print("MAC Verification Failed (Invalid MAC)")
            return False

    def demonstrate_replay_attack_with_nonce(self):
        # Original message
        message = "Transfer $1000 to Oscar"

        # Create DS and MAC with a nonce
        message_with_nonce, signature, mac = self.create_signature_and_mac_with_nonce(message)

        print("=== Replay Attack Prevention with Nonce ===")
        print("Original message sent with DS and MAC including nonce:", message_with_nonce)

        # Verify the original message
        self.verify_signature_and_mac_with_nonce(message_with_nonce, signature, mac)

        # Simulate replay attack by attempting to verify the same message again
        print("\nSimulating Replay Attack with the same nonce:")
        for i in range(3):
            print(f"Replay {i+1}: ", end="")
            self.verify_signature_and_mac_with_nonce(message_with_nonce, signature, mac)

# Create instance of the class
demo = ReplayAttackWithNonceProtection()

# Demonstrate nonce application for both DS and MAC
demo.demonstrate_replay_attack_with_nonce()


=== Replay Attack Prevention with Nonce ===
Original message sent with DS and MAC including nonce: Transfer $1000 to Oscar | Nonce: c3b18224a342c326891c0aa328793b68
DS Verification Successful (Valid Nonce)
MAC Verification Successful (Valid Nonce)

Simulating Replay Attack with the same nonce:
Replay 1: Replay detected: Nonce already used.
Replay 2: Replay detected: Nonce already used.
Replay 3: Replay detected: Nonce already used.


In [None]:
from datetime import datetime, timedelta
import hmac
import hashlib
import time
from typing import Dict, Optional

class TimestampReplayProtection:
    def __init__(self, shared_secret: str, time_window_seconds: int = 5):
        """
        Initialize the timestamp replay protection system.

        Args:
            shared_secret: Secret key shared between Alice and Bob
            time_window_seconds: Maximum allowed age of messages (default 5 seconds)
        """
        self.shared_secret = shared_secret.encode('utf-8')
        self.time_window = timedelta(seconds=time_window_seconds)
        self.processed_messages: Dict[str, datetime] = {}

    def create_message(self, message: str) -> tuple[str, str, str]:
        """
        Create a timestamped and MAC-protected message (Alice's side).

        Args:
            message: The original message to be sent

        Returns:
            Tuple of (message, timestamp, MAC)
        """
        # Generate current timestamp
        timestamp = datetime.utcnow().isoformat()

        # Combine message and timestamp
        message_with_timestamp = f"{message}|{timestamp}"

        # Generate MAC
        mac = hmac.new(
            self.shared_secret,
            message_with_timestamp.encode('utf-8'),
            hashlib.sha256
        ).hexdigest()

        return message, timestamp, mac

    def verify_message(self, message: str, timestamp: str, mac: str) -> bool:
        """
        Verify a received message (Bob's side).

        Args:
            message: The received message
            timestamp: The timestamp attached to the message
            mac: The MAC value to verify

        Returns:
            bool: True if message is valid, False if it's a replay or invalid
        """
        try:
            # Verify MAC first
            message_with_timestamp = f"{message}|{timestamp}"
            expected_mac = hmac.new(
                self.shared_secret,
                message_with_timestamp.encode('utf-8'),
                hashlib.sha256
            ).hexdigest()

            if not hmac.compare_digest(mac, expected_mac):
                print("MAC verification failed")
                return False

            # Parse and verify timestamp
            msg_time = datetime.fromisoformat(timestamp)
            current_time = datetime.utcnow()

            # Check if message is too old
            if current_time - msg_time > self.time_window:
                print("Message too old")
                return False

            # Check if message is from the future (clock skew or manipulation)
            if msg_time > current_time:
                print("Message timestamp is in the future")
                return False

            # Check for replay
            message_id = f"{message}|{timestamp}"
            if message_id in self.processed_messages:
                print("Replay detected")
                return False

            # Store message ID to prevent future replays
            self.processed_messages[message_id] = msg_time

            # Clean up old entries
            self._cleanup_old_messages()

            return True

        except (ValueError, TypeError):
            print("Invalid timestamp format")
            return False

    def _cleanup_old_messages(self):
        """Remove message records older than the time window to prevent memory growth."""
        current_time = datetime.utcnow()
        self.processed_messages = {
            msg_id: timestamp
            for msg_id, timestamp in self.processed_messages.items()
            if current_time - timestamp <= self.time_window
        }

# Example usage and testing
def demonstrate_replay_protection():
    # Initialize with a shared secret
    protector = TimestampReplayProtection(shared_secret="MySecretKey123", time_window_seconds=5)

    # Alice creates a message
    original_message = "Transfer $1000 to Oscar"
    message, timestamp, mac = protector.create_message(original_message)

    print("\n=== Original Message ===")
    print(f"Message: {message}")
    print(f"Timestamp: {timestamp}")
    print(f"MAC: {mac}")

    # Bob verifies the original message
    print("\n=== First Verification (should succeed) ===")
    is_valid = protector.verify_message(message, timestamp, mac)
    print(f"Message verified: {is_valid}")

    # Oscar attempts to replay the exact same message
    print("\n=== Replay Attempt (should fail) ===")
    is_valid = protector.verify_message(message, timestamp, mac)
    print(f"Replay verified: {is_valid}")

    # Demonstrate timeout
    print("\n=== Delayed Message (should fail) ===")
    time.sleep(6)  # Wait longer than the time window
    is_valid = protector.verify_message(message, timestamp, mac)
    print(f"Delayed message verified: {is_valid}")

if __name__ == "__main__":
    demonstrate_replay_protection()



=== Original Message ===
Message: Transfer $1000 to Oscar
Timestamp: 2024-11-12T09:27:02.117147
MAC: a6d77e804e2371fede07afe5adad1ec8f02eb782b9bf6beebc6f59353348ed8d

=== First Verification (should succeed) ===
Message verified: True

=== Replay Attempt (should fail) ===
Replay detected
Replay verified: False

=== Delayed Message (should fail) ===
Message too old
Delayed message verified: False


In [None]:
import os
from cryptography.hazmat.primitives import hmac, hashes

class MACWithNonce:
    def __init__(self):
        self.mac_key = b'secret_key_12345'
        self.seen_nonces = set()  # Track used nonces to detect replays

    def generate_nonce(self):
        return os.urandom(16)  # Generate a random 16-byte nonce

    def create_mac_with_nonce(self, message):
        # Alice's role: generate nonce, append to message, create MAC
        nonce = self.generate_nonce().hex()
        message_with_nonce = f"{message} | Nonce: {nonce}"
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message_with_nonce.encode())
        mac = h.finalize()
        return message_with_nonce, mac

    def verify_mac_with_nonce(self, message_with_nonce, mac):
        # Extract nonce from message
        nonce = message_with_nonce.split("Nonce: ")[-1]

        # Bob's role: Check if nonce is unique
        if nonce in self.seen_nonces:
            print("Replay detected: Nonce has already been used.")
            return False
        else:
            self.seen_nonces.add(nonce)  # Store nonce

        # Verify MAC
        h = hmac.HMAC(self.mac_key, hashes.SHA256())
        h.update(message_with_nonce.encode())
        try:
            h.verify(mac)
            print("MAC Verification Successful: Message is authentic and nonce is valid.")
            return True
        except InvalidSignature:
            print("MAC Verification Failed: Invalid MAC.")
            return False

# Testing the MAC with Nonce Solution
mac_with_nonce = MACWithNonce()

# Alice sends the message
message = "Transfer $1000 to Oscar"
message_with_nonce, mac = mac_with_nonce.create_mac_with_nonce(message)
print("Original message with nonce:", message_with_nonce)

# Bob receives and verifies the message
mac_with_nonce.verify_mac_with_nonce(message_with_nonce, mac)

# Oscar replays the same message with the same nonce
print("\nReplay attempt by Oscar:")
mac_with_nonce.verify_mac_with_nonce(message_with_nonce, mac)


Original message with nonce: Transfer $1000 to Oscar | Nonce: 55554ec9027effd89948f34b981cf78f
MAC Verification Successful: Message is authentic and nonce is valid.

Replay attempt by Oscar:
Replay detected: Nonce has already been used.


False

In [None]:
from datetime import datetime, timedelta
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes
from cryptography.exceptions import InvalidSignature

class DSWithTimestampProtection:
    def __init__(self):
        # Generate RSA keys for Digital Signature
        self.private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
        self.public_key = self.private_key.public_key()
        # Define acceptable time window for message validity (e.g., 5 seconds)
        self.acceptable_window = timedelta(seconds=5)
        # Track last processed timestamp to detect replay
        self.last_processed_timestamp = None

    def get_timestamp(self):
        # Alice generates a UTC timestamp for each message
        return datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    def sign_message_with_timestamp(self, message):
        # Alice attaches a timestamp and signs the message
        timestamp = self.get_timestamp()
        message_with_timestamp = f"{message} | Timestamp: {timestamp}"
        signature = self.private_key.sign(
            message_with_timestamp.encode(),
            padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
            hashes.SHA256()
        )
        return message_with_timestamp, signature

    def verify_message_with_timestamp(self, message_with_timestamp, signature):
        # Bob extracts and verifies the timestamp
        timestamp_str = message_with_timestamp.split("Timestamp: ")[-1]
        timestamp = datetime.strptime(timestamp_str, '%Y-%m-%d %H:%M:%S')

        # Check if the timestamp falls within the acceptable time window
        if self.last_processed_timestamp and timestamp <= self.last_processed_timestamp:
            print("Replay detected: Timestamp is too old or duplicated.")
            return False

        # Verify if the timestamp is within the current acceptable window
        if datetime.utcnow() - timestamp <= self.acceptable_window:
            self.last_processed_timestamp = timestamp  # Update last processed timestamp
            try:
                # Verify the digital signature
                self.public_key.verify(
                    signature,
                    message_with_timestamp.encode(),
                    padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
                    hashes.SHA256()
                )
                print("DS Verification Successful: Message is authentic and timestamp is valid.")
                return True
            except InvalidSignature:
                print("DS Verification Failed: Invalid Signature.")
                return False
        else:
            print("Replay detected: Timestamp is outside acceptable window.")
            return False

# Testing the DS with Timestamp Solution
ds_with_timestamp = DSWithTimestampProtection()

# Step 1: Alice sends the original message
message = "Transfer $1000 to Oscar"
message_with_timestamp, signature = ds_with_timestamp.sign_message_with_timestamp(message)
print("Original message:", message_with_timestamp)

# Step 2: Bob receives


Original message: Transfer $1000 to Oscar | Timestamp: 2024-11-12 13:18:58
