To understand how encryption protects data confidentiality using the AES-256 encryption algorithm.

1. Open Terminal (Linux/macOS) or Git Bash (Windows).

   • If using Windows, ensure OpenSSL is installed. If not, install OpenSSL via Git Bash (sudo apt install openssl for Linux).

2. Create a plain text file containing a secret message.

   echo "This is a secret message" > message.txt

   • Verify the file contents using:

     cat message.txt

3. Encrypt the message using AES-256 encryption.

   openssl enc -aes-256-cbc -salt -in message.txt -out encrypted.txt -k mypassword

   • -aes-256-cbc: Specifies the encryption algorithm (AES-256 in CBC mode).
   • -salt: Adds a random salt to enhance security.
   • -in message.txt: Specifies the input file.
   • -out encrypted.txt: Specifies the output file.
   • -k mypassword: Sets the encryption key (replace with a strong password).

4. Verify that the encrypted file is unreadable.

   cat encrypted.txt

   • You should see unreadable characters, confirming encryption.

5. Decrypt the message.

   openssl enc -aes-256-cbc -d -in encrypted.txt -out decrypted.txt -k mypassword

   • -d: Stands for decryption mode.

6. View the decrypted message.

   cat decrypted.txt

   • The output should match the original message.

7. Discussion Questions:

   • What happens if you try to decrypt using a wrong password?
   • How does encryption provide confidentiality?

To demonstrate how hashing ensures data integrity using SHA-256.

1. Create a file with important data.

   echo "Important data" > data.txt

2. Generate an SHA-256 hash of the file.

   sha256sum data.txt

   • Output: A unique hash value for the file.

3. Modify the file (simulate an unauthorized change).

   echo "New information added" >> data.txt

4. Generate a new hash after modification.

   sha256sum data.txt

   • The new hash will be different from the original.

5. Discussion Questions:

   • Why did the hash change?
   • How does hashing help detect unauthorized modifications?

To demonstrate authentication by verifying usernames and passwords using a Python script.

1. Open a text editor (VS Code, Notepad++, or terminal-based editor like nano).

   nano authentication.py

2. Write the following Python authentication script.

   users = {"admin": "password123", "user1": "securepass"}
   
   username = input("Enter username: ")
   password = input("Enter password: ")
   
   if username in users and users[username] == password:
       print("Access Granted")
   else:
       print("Access Denied")

3. Save the file and exit.

   • In nano, press CTRL + X, then Y, then Enter.

4. Run the script.

   python3 authentication.py

5. Test different login attempts.

   • Enter correct credentials (admin / password123).
   • Enter incorrect credentials.

6. Discussion Questions:

   • What happens when the username or password is incorrect?
   • How can we improve this authentication system?

1. How do these security mechanisms protect data and users?
2. Where are these techniques used in real-world applications?
3. What are the weaknesses of basic encryption, hashing, and authentication?

💡 Prerequisites:

• Install OpenSSL for Windows: Download OpenSSL
• Use Command Prompt (CMD) or PowerShell
• Install Python (for Task 3) if not installed: Download Python

• Press Win + R, type cmd, and press Enter
• OR press Win + X, select PowerShell

cd C:\Users\YourUsername\Documents

💡 This step ensures that files are stored in an easily accessible location.

echo This is a secret message > message.txt

• To verify, type:

  type message.txt
  

openssl enc -aes-256-cbc -salt -in message.txt -out encrypted.txt -k mypassword

📌 Explanation:

• -aes-256-cbc: Uses AES-256 encryption
• -salt: Adds randomness for extra security
• -in message.txt: Input file
• -out encrypted.txt: Output encrypted file
• -k mypassword: Encryption key (change the password)

type encrypted.txt

💡 You should see random unreadable characters.

openssl enc -aes-256-cbc -d -in encrypted.txt -out decrypted.txt -k mypassword

📌 Explanation:

• -d flag means decrypt

type decrypted.txt

💡 The output should match the original text.

• What happens if you try decrypting with the wrong password?
• How does encryption ensure confidentiality?

echo Important data > data.txt

certutil -hashfile data.txt SHA256

📌 This will output a unique hash value for the file.

echo New information added >> data.txt

certutil -hashfile data.txt SHA256

💡 The hash will change, indicating the file has been altered.

• Why did the hash change?
• How does hashing provide integrity?

1. Open Notepad or VS Code
2. Copy and paste the following Python code:

# Simple Authentication System
users = {"admin": "password123", "user1": "securepass"}
Get user input
username = input("Enter username: ")
password = input("Enter password: ")
Check authentication
if username in users and users[username] == password:
print("Access Granted")
else:
print("Access Denied")

3. Save the file as authentication.py in C:\Users\YourUsername\Documents.

python C:\Users\YourUsername\Documents\authentication.py

💡 Test different login attempts:

• Correct login: Enter admin and password123.
• Wrong login: Enter incorrect credentials.

• What happens when the username or password is incorrect?
• How can authentication be improved? (E.g., hashing passwords)

1. Encryption (Confidentiality) – How does AES-256 encryption protect messages?
2. Hashing (Integrity) – Why does a modified file have a different hash?
3. Authentication – How does user authentication prevent unauthorized access?

✅ This activity ensures students gain hands-on experience with real security services and mechanisms in a Windows environment. 🚀 Let me know if you need modifications!