KALINDI COLLEGE

UNIVERSITY OF DELHI

PRACTICAL FILE- DATA PRIVACY (DSE)

SUBMITTED BY- SHIVANGI GUPTA

COURSE- B.SC. (H) COMPUTER SCIENCE
COLLEGE ROLL NO.- 22570005
UNIVERSITY ROLL NO.- 22033570012
SEMESTER- V
SUBMITTED TO- ANSHULA MA’AM
 INDEX
S.No Practical

1 Write a program to perform encryption and decryption using

Caesar cipher (substitutional cipher).

2 Write a program to perform encryption and decryption using

Rail Fence Cipher (transpositional cipher)

3 Write a Python program that defines a function and takes a

password string as input and returns its SHA-256 hashed
representation as a hexadecimal string.

4 Write a Python program that reads a file containing a list of

usernames and passwords, one pair per line (separated by a
comma). It checks each password to see if it has been leaked in
a data breach. You can use the "Have I Been Pwned" API
(https://haveibeenpwned.com/API/v3) to check if a password
has been leaked.

5 Write a Python program that generates a password using a

random combination of words from a dictionary file.

6 Write a Python program that simulates a brute-force attack on a

password by trying out all possible character combinations.

7 Demonstrate the usage/sending of a digitally signed document.

8 Students needs to conduct a data privacy audit of an

organization to identify potential vulnerabilities and risks in
their data privacy practices.

9 Students needs to explore the requirements of the Data

Protection Regulations and develop a plan for ensuring
compliance with the regulation.

10 Students needs to explore ethical considerations in data privacy,

such as the balance between privacy and security, the impact of
data collection and analysis on marginalized communities, and
the role of data ethics in technology development.

1
 Practical 1
Write a program to perform encryption and decryption using Caesar
cipher (substitutional cipher).

def encrypt(text, shift):

result = ""

# Loop through each character in the text

for char in text:
# Encrypt uppercase characters
if char.isupper():
result += chr((ord(char) + shift - 65) % 26 + 65)
# Encrypt lowercase characters
elif char.islower():
result += chr((ord(char) + shift - 97) % 26 + 97)
else:
# If it's not an alphabetic character, leave it as it is
result += char

return result

def decrypt(text, shift):

result = ""

# Loop through each character in the text

for char in text:
# Decrypt uppercase characters
if char.isupper():
result += chr((ord(char) - shift - 65) % 26 + 65)

2
 # Decrypt lowercase characters
elif char.islower():
result += chr((ord(char) - shift - 97) % 26 + 97)
else:
# If it's not an alphabetic character, leave it as it is
result += char

return result

# Example usage
text = "Hello, World!"
shift = 3

encrypted_text = encrypt(text, shift)

print("Encrypted:", encrypted_text)

decrypted_text = decrypt(encrypted_text, shift)

print("Decrypted:", decrypted_text)

Output:

3
 Practical 2

Write a program to perform encryption and decryption using Rail Fence

Cipher (transpositional cipher).

#Rial fence cipher

def encrypt_rail_fence(text, key):
# Create a 2D list (rail matrix) to arrange the characters
rail = [['\n' for i in range(len(text))] for j in range(key)]

# Flag to determine direction

direction_down = False
row, col = 0, 0

for char in text:

# Change direction when reaching the top or bottom rail
if row == 0 or row == key - 1:
direction_down = not direction_down

# Place the character in the rail

rail[row][col] = char
col += 1

# Move down if direction_down is True, otherwise move up

if direction_down:
row += 1
else:
row -= 1

# Read the characters in a row-wise manner to get the encrypted message

4
 encrypted_text = []
for i in range(key):
for j in range(len(text)):
if rail[i][j] != '\n':
encrypted_text.append(rail[i][j])

return "".join(encrypted_text)

def decrypt_rail_fence(cipher_text, key):

# Create a 2D list (rail matrix) to mark the positions
rail = [['\n' for i in range(len(cipher_text))] for j in range(key)]

# Flag to determine direction

direction_down = None
row, col = 0, 0

# Mark the positions where characters will be placed

for i in range(len(cipher_text)):
if row == 0:
direction_down = True
if row == key - 1:
direction_down = False

# Mark the position

rail[row][col] = '*'
col += 1

# Move down if direction_down is True, otherwise move up

if direction_down:
row += 1

5
 else:
row -= 1

# Now, fill the positions with the cipher text

index = 0
for i in range(key):
for j in range(len(cipher_text)):
if rail[i][j] == '*' and index < len(cipher_text):
rail[i][j] = cipher_text[index]
index += 1

# Now read the characters in a zigzag manner to decrypt the text

decrypted_text = []
row, col = 0, 0
for i in range(len(cipher_text)):
if row == 0:
direction_down = True
if row == key - 1:
direction_down = False

# Collect the character from the rail

if rail[row][col] != '\n':
decrypted_text.append(rail[row][col])
col += 1

# Move down or up
if direction_down:
row += 1
else:
row -= 1

6
 return "".join(decrypted_text)

# Example usage
if __name__ == "__main__":
text = input("Enter the text: ")
key = int(input("Enter the key (number of rails): "))

encrypted_text = encrypt_rail_fence(text, key)

print(f"Encrypted Text: {encrypted_text}")

decrypted_text = decrypt_rail_fence(encrypted_text, key)

print(f"Decrypted Text: {decrypted_text}")

Output:

7
 Practical 3

Write a Python program that defines a function and takes a password

string as input and returns its SHA-256 hashed representation as a
hexadecimal string.

import hashlib
def hash_password(password):
#Encode the password as bytes
password_bytes = password.encode('utf-8')

#use SHA-256 hash function to create a hash function

hash_object = hashlib.sha256(password_bytes)

#get the hexadecimal representation of the hash

password_hash = hash_object.hexdigest()

return password_hash

password = input("Enter the password: ")

hashed_password = hash_password(password)
print(f"Hashed password is: {hashed_password}")

Output:

8
 Practical 4

Write a Python program that reads a file containing a list of usernames and
passwords, one pair per line (separated by a comma). It checks each
password to see if it has been leaked in a data breach. You can use the
"Have I Been Pwned" API (https://haveibeenpwned.com/API/v3) to check
if a password has been leaked.
import requests
import hashlib

# Read the file containing usernames and passwords

with open('passwords.txt', 'r') as f:
for line in f:
# Split the line into username and password
username, password = line.strip().split(',')

# Hash the password using SHA-1 algorithm

password_hash = hashlib.sha1(password.encode('utf-8')).hexdigest().upper()

# Make a request to "Have I Been Pwned" API to check if the password has been leaked
response = requests.get(f"https://api.pwnedpasswords.com/range/{password_hash[:5]}")

# If the response status code is 200, it means the password has been leaked
if response.status_code == 200:
# Get the list of hashes of leaked passwords that start with the same 5 characters as
the input password
hashes = [line.split(':') for line in response.text.splitlines()]

# Check if the hash of the input password matches any of the leaked password hashes
for h, count in hashes:
if password_hash[5:] == h:

9
 print(f"Password for user {username} has been leaked {count} times.")
break
else:
print(f"Could not check password for user {username}.")

Output:

10
 Practical 5

Write a Python program that generates a password using a random

combination of words from a dictionary file
import random
def load_words(file_path):
"""
Load words from a dictionary file into a list.
:param file_path: Path to the dictionary file.
:return: List of words.
"""
try:
with open(file_path, 'r') as file:
words = [line.strip() for line in file if line.strip()]
return words
except FileNotFoundError:
print(f"Error: The file '{file_path}' was not found.")
return []

def generate_password(word_list, num_words=4):

"""
Generate a password by selecting random words from the dictionary.
:param word_list: List of words to choose from.
:param num_words: Number of words to include in the password.
:return: Generated password.
"""
if not word_list:
print("Word list is empty. Cannot generate password.")
return ""

11
 selected_words = random.sample(word_list, num_words)
password = ''.join(selected_words).capitalize()
return password

# Load words from dictionary file

file_path = 'dictionary.txt'
words = load_words(file_path)

# Generate a password
password = generate_password(words, num_words=4)
if password:
print(f"Generated password: {password}")

Output:

12
 Practical 6
Write a Python program that simulates a brute-force attack on a password
by trying out all possible character combinations.
import itertools
import string
import time

def brute_force_password(target_password, max_length=4):

characters = string.ascii_letters + string.digits + string.punctuation # Character set
attempts = 0

# Start time
start_time = time.time()

# Iterate through increasing lengths of password guesses

for length in range(1, max_length + 1):
# Generate all possible combinations of characters for the current length
for guess in itertools.product(characters, repeat=length):
# Join the tuple into a string
guess_password = ''.join(guess)
attempts += 1
if guess_password == target_password:
end_time = time.time()
print(f"Password found: {guess_password}")
print(f"Attempts: {attempts}")
print(f"Time taken: {end_time - start_time:.2f} seconds")
return guess_password

print("Password not found within max length constraints.")

return None

13
# Example usage
target_password = "p@ss"
brute_force_password(target_password, max_length=4)

Output:

14
 Practical 7
Demonstrate the usage/sending of a digitally signed document.
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric.utils import Prehashed

# Step 1: Generate RSA keys

private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048
)

public_key = private_key.public_key()

# Step 2: Sign the document

def sign_document(document, private_key):
document_bytes = document.encode() # Convert document to bytes
signature = private_key.sign(
document_bytes,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return signature

# Step 3: Verify the document signature

def verify_signature(document, signature, public_key):

15
 document_bytes = document.encode() # Convert document to bytes
try:
public_key.verify(
signature,
document_bytes,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
print("Signature is valid. Document is authentic.")
except Exception as e:
print("Signature is invalid. Document may have been tampered with.")

# Example usage
document = "This is a confidential document."
signature = sign_document(document, private_key)
print("Document signed successfully.")

# Sending the document and signature to the recipient

# Assume the recipient receives the document and signature and verifies them
verify_signature(document, signature, public_key)

Output:

16
 Practical 8
Students needs to conduct a data privacy audit of an organization to identify potential
vulnerabilities and risks in their data privacy practices.
import pandas as pd

def load_data(filename):
"""Load data from CSV file."""
try:
return pd.read_csv(filename)
except FileNotFoundError:
print(f"File '{filename}' not found.")
return None

def analyze_privacy_risks(data):
"""Analyze and flag privacy risks based on common privacy standards."""
risk_flags = []

for _, row in data.iterrows():

risks = []

# Check if data is encrypted

if row['Encryption'] == 'No':
risks.append("Data not encrypted")

# Check access control level

if row['Access_Control'] not in ['Restricted', 'Limited']:
risks.append("Weak access control")

17
 # Check retention period: flag if retention is 'Indefinite' or exceeds recommended
limits
if row['Retention_Period'] == 'Indefinite' or
int(row['Retention_Period'].split()[0]) > 3:
risks.append("Long retention period")

# Check if data is shared with third parties

if row['Shared_With_Third_Parties'] == 'Yes':
risks.append("Data shared with third parties")

# Compile all identified risks for the data type

if risks:
risk_flags.append({"Data_Type": row['Data_Type'], "Risks": ", ".join(risks)})

return risk_flags

def report_risks(risk_flags):
"""Print out a summary report of identified risks."""
if not risk_flags:
print("No significant privacy risks found.")
return

print("Privacy Risk Audit Report")

print("=========================")
for risk in risk_flags:
print(f"Data Type: {risk['Data_Type']}")
print(f"Risks: {risk['Risks']}")
print("-------------------------")

18
# Main program
filename = 'data_policies.csv'
data = load_data(filename)

if data is not None:

risk_flags = analyze_privacy_risks(data)
report_risks(risk_flags)

19
 Practical 9
Students needs to explore the requirements of the Data Protection
Regulations and develop a plan for ensuring compliance with the
regulation.
import datetime
import json

# Mock database for storing user data, consents, and audit logs
database = {
"users": [],
"consents": [],
"audit_logs": []
}

# 1. Data Collection Audit - Track PII data stored in the system

def data_collection_audit(data):
pii_fields = ["name", "email", "phone", "address", "ssn"]
pii_data = {k: v for k, v in data.items() if k in pii_fields}
database["users"].append(pii_data)
log_audit("Data Collection", f"Collected PII data: {pii_data}")
return pii_data

# 2. Consent Management - Track and manage user consents

def add_user_consent(user_id, consent_type):
consent_record = {
"user_id": user_id,
"consent_type": consent_type,
"timestamp": datetime.datetime.now().isoformat()
}
database["consents"].append(consent_record)

20
 log_audit("Consent Management", f"User {user_id} provided consent for
{consent_type}")

# 3. Access Control - Check user permissions for accessing PII data

def check_access(user_role, data_type):
allowed_roles = {"admin": ["all"], "user": ["self"], "guest": []}
access_allowed = data_type in allowed_roles.get(user_role, [])
log_audit("Access Control", f"{user_role} access to {data_type}: {'Allowed' if
access_allowed else 'Denied'}")
return access_allowed

# 4. Data Minimization - Ensure only necessary data is collected

def data_minimization_check(data):
required_fields = ["name", "email"] # Example of necessary fields
unnecessary_data = {k: v for k, v in data.items() if k not in required_fields}
if unnecessary_data:
log_audit("Data Minimization", f"Unnecessary data collected: {unnecessary_data}")
else:
log_audit("Data Minimization", "Only necessary data collected.")
return unnecessary_data

# 5. Logging & Record-Keeping - Maintain audit log of data access and processing activities
def log_audit(action, message):
audit_entry = {
"timestamp": datetime.datetime.now().isoformat(),
"action": action,
"message": message
}
database["audit_logs"].append(audit_entry)

# Example Usage

21
# Collect data for a new user
user_data = {
"user_id": 1,
"name": "John Doe",
"email": "[email protected]",
"phone": "123-456-7890",
"ssn": "987-65-4321"
}

# Run data collection audit

collected_data = data_collection_audit(user_data)

# Add consent for data usage

add_user_consent(user_id=1, consent_type="email_marketing")

# Check access control for a guest user trying to access PII

check_access(user_role="guest", data_type="all")

# Check if any unnecessary data is collected

unnecessary_data = data_minimization_check(user_data)

# Print audit logs as a JSON record for review

print("Audit Logs:", json.dumps(database["audit_logs"], indent=2))

22
Output:

23
 Practical 10
Students needs to explore ethical considerations in data privacy, such as
the balance between privacy and security, the impact of data collection and
analysis on marginalized communities, and the role of data ethics in
technology development.

import datetime

# Ethical assessment logs

ethics_report = []

# 1. Privacy vs. Security Trade-off Assessment

def assess_privacy_vs_security(data_type, security_level, justification):
# Evaluate the necessity of security measures against privacy intrusion
if security_level > 3 and justification:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Privacy vs Security",
"data_type": data_type,
"security_level": security_level,
"justification": justification,
"outcome": "Security justification adequate"
})
return "Security measures justified by context."
else:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Privacy vs Security",
"data_type": data_type,
"security_level": security_level,
"justification": justification,

24
 "outcome": "Security justification lacking"
})
return "Security measures may be excessive for this data type."

# 2. Impact Assessment on Marginalized Communities

def assess_impact_on_marginalized_communities(data_collection_purpose, affected_groups,
risk_level):
# Check if data collection may negatively affect certain groups
if "marginalized" in affected_groups and risk_level >= 3:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Impact on Marginalized Groups",
"purpose": data_collection_purpose,
"affected_groups": affected_groups,
"risk_level": risk_level,
"outcome": "Potential negative impact detected"
})
return "High risk of negative impact on marginalized communities."
else:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Impact on Marginalized Groups",
"purpose": data_collection_purpose,
"affected_groups": affected_groups,
"risk_level": risk_level,
"outcome": "Impact appears minimal"
})
return "Minimal impact on marginalized communities."

# 3. Data Ethics Checklist - Ensure compliance with ethical practices

def data_ethics_checklist(data_type, purpose, consent_obtained, bias_evaluation):

25
if not consent_obtained:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Ethics Checklist",
"data_type": data_type,
"purpose": purpose,
"consent_obtained": consent_obtained,
"bias_evaluation": bias_evaluation,
"outcome": "Consent missing"
})
return "Consent is required for ethical data collection."
elif bias_evaluation:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Ethics Checklist",
"data_type": data_type,
"purpose": purpose,
"consent_obtained": consent_obtained,
"bias_evaluation": bias_evaluation,
"outcome": "Potential bias detected"
})
return "Bias detected; review necessary to avoid discrimination."
else:
ethics_report.append({
"timestamp": datetime.datetime.now().isoformat(),
"assessment": "Ethics Checklist",
"data_type": data_type,
"purpose": purpose,
"consent_obtained": consent_obtained,
"bias_evaluation": bias_evaluation,

26
 "outcome": "Compliant with ethical practices"
})
return "Data collection aligns with ethical practices."

# Generate ethics report for audit and transparency

def generate_ethics_report(report_path="ethics_report.txt"):
with open(report_path, "w") as report_file:
report_file.write("Ethical Data Privacy Assessment Report\n")
report_file.write("=" * 50 + "\n")
for entry in ethics_report:
report_file.write(f"Timestamp: {entry['timestamp']}\n")
report_file.write(f"Assessment: {entry['assessment']}\n")
for key, value in entry.items():
if key not in ["timestamp", "assessment"]:
report_file.write(f"{key.capitalize()}: {value}\n")
report_file.write("-" * 50 + "\n")
print(f"Ethics report generated: {report_path}")

# Example Usage
# Privacy vs. Security Assessment
print(assess_privacy_vs_security(data_type="location", security_level=4,
justification="Location data needed for fraud detection"))

# Impact Assessment on Marginalized Communities

print(assess_impact_on_marginalized_communities(data_collection_purpose="ad targeting",
affected_groups=["marginalized"], risk_level=4))
# Data Ethics Checklist
print(data_ethics_checklist(data_type="purchase history", purpose="recommendations",
consent_obtained=True, bias_evaluation=True))
# Generate the ethics report
generate_ethics_report()

27
Output:

28