UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

UNIT-3 (CRYPTOGRAPHIC HASH FUNCTION)

LECTURE NO: -1
SIMPLE HASH FUNCTION

Hash functions in cryptography are extremely valuable and are found in practically every
information security application. A hash function transforms one numerical input value into
another compressed numerical value. It is also a process that turns plaintext data of any size
into a unique ciphertext of a predetermined length.

What is Cryptography Hash Function?

A cryptographic hash function (CHF) is an equation that is widely used to verify the validity
of data. It has many applications, particularly in information security (e.g. user
authentication). A CHF translates data of various lengths of the message into a fixed-size
numerical string the hash. A cryptographic hash function is a single-directional work, making
it extremely difficult to reverse to recreate the information used to make it.

How Does a Cryptography Hash Function Work?

 The hash function accepts data of a fixed length. The data block size varies between
algorithms.

 If the blocks are too small, padding may be used to fill the space. However,
regardless of the kind of hashing used, the output, or hash value, always has the
same set length.

 The hash function is then applied as many times as the number of data blocks.

What Does a Cryptography Hash Function Do?

A hash function in cryptography takes a plaintext input and produces a hashed value output
of a particular size that cannot be reversed. However, from a high-level viewpoint, they do
more.

 Secure against unauthorized alterations: It assists you in even minor changes to a

message that will result in the generation of a whole new hash value.

 Protect passwords and operate at various speeds: Many websites allow you to save
your passwords so that you don't have to remember them each time you log in.
However, keeping plaintext passwords on a public-facing server is risky since it

1
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

exposes the information to thieves. Websites commonly use hash passwords to

create hash values, which they then store.

Applications of Cryptographic Hash Functions

Below are some applications of cryptography hash functions

Message Authentication

 Message authentication is a system or service that verifies the integrity of a

communication.

 It ensures data is received precisely as transmitted, with no modifications,

insertions, or deletions, a hash function is used for message authentication, and the
value is sometimes referred to as a message digest.

 Message authentication often involves employing a message authentication code

(MAC).

 MACs are widely used between two parties that share a secret key for
authentication purposes. A MAC function uses a secret key and data block to
generate a hash value, that identifies the protected communication.

Data Integrity Check

 Hash functions are most commonly used to create checksums for data files.

 This program offers the user with assurance that the data is correct.

 The integrity check allows the user to detect any modifications to the original file.

 It does not assure uniqueness. Instead of altering file data, the attacker can update
the entire file, compute a new hash, and deliver it to the recipient.

Digital Signatures

 The digital signature application is comparable to message authentication.

 Digital signatures operate similarly to MACs.

 Digital signatures encrypt message hash values using a user's private key.

 The digital signature may be verified by anybody who knows the user's public key.

2
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

3
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Hash functions based on Cipher Block Chaining

LECTURE NO.-2

A hash function is a mathematical function that takes an input string of any length and
converts it to a fixed-length output string. The fixed-length output is known as the hash value.
To be cryptographically secure and useful, a hash function should have the following
properties:

 Collision resistant: Give two messages m1 and m2, it is difficult to find a hash value
such that hash(k, m1) = hash(k, m2) where k is the key value.
 Preimage resistance: Given a hash value h, it is difficult to find a message m such that
h = hash(k, m).
 Second preimage resistance: Given a message m1, it is difficult to find another
message m2 such that hash(k, m1) = hash(k, m2).
 Large output space: The only way to find a hash collision is via a brute force search,
which requires checking as many inputs as the hash function has possible outputs.
 Deterministic: A hash function must be deterministic, which means that for any given
input a hash function must always give the same result.
 Avalanche Effect: This means for a small change in the input, the output will change
significantly.
 Puzzle Friendliness: This means even if one gets to know the first 200 bytes, one
cannot guess or determine the next 56 bytes.
 Fixed-length Mapping: For any input of fixed length, the hash function will always
generate the output of the same length.

How do Hash Functions work?

The hash function takes the input of variable lengths and returns outputs of fixed lengths. In
cryptographic hash functions, the transactions are taken as inputs and the hash algorithm
gives an output of a fixed size.

The below diagram shows how hashes work.

4
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

5
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Secure Hash Algorithm (SHA)

LECTURE NO.-3

What is a Secure Hash Algorithm?

A Secure Hash Algorithm (SHA) is a cryptography technique and are developed by National
Security Agency(NSA) and at a later stage, the National Institute of Standards and Technology
standardized the SHA technique and ready for various purposes(authentication, message
integrity checks, digital signatures, and key derivation)

Processing of SHA

1. Input

Input is the original message and need to be hashed before sending to the recipient.

For example, let's take "Hello, World!"

2. Preprocessing

Next, We need to perform preprocessing (removal of unnecessary characters or punctuation

wherever applicable) and then input message to a binary format conversion.

3. Hashing

Next, We will be applying the SHA hash function by using the mathematical operations on
the processessed input message to a fixed size output or hash value.

4. Output

Hash value can act as a tool for authenticating the originality of the input message by making
sure to verify any unauthorised and modifications made due to the data tampering and
henceforth discarding the message. If the recipient gets different hash value upon using the
same hashing algorithm and hash function on the input then the message are tempered and
modified and henceforth need to be discarded.

We may be get the hash or fixed size output as follows,

e3b0c4429cfbbc8c830a8f102620e8a020869d64f84e98fc48d7b8b67f677f8b9d64f84e98fc4
8d7b8b67f677f8b9d

6
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Properties of Secure Hash Functions

Collision Attacks

A collision attack are the technique used by an attacker and generally for any two different
inputs the attackers try to find the same hash value and uses it for carrying out crimes and
related activities. SHA function can handle , manage and are resistant to collision attacks
which are often used by attackers to compromise the security and henceforth resulting in
loss of data and sensitive information and sometimes financial and related losses also.

Attacker and cyber criminals can break the security and may modify the electronic document
and files leading to loss of authenticity and identity but doesn't allow to notice the same by
showing the same hash as similar to the original and hence can prove the file’s genuineness
and integrity. But in reality the attacker has changed and switched out the orginal file and
tricked the recipient to download a different file without getting aware and unknowingly
falling pray to cyber attacks.

Avalanche Effect

Secure Hash functions support avalanche effect and are used to determine the underlying
modification and tempering of the data even if any negligible and small changes are made to
the inputs as it would result into a significant and large change in the hash and henceforth
are easily detected and identified.

Applications of Secure Hash Algorithms in Cryptography

1. Message Authentication Codes (MACs)

Message Authentication Codes or MACs is one of the most popular applications of SHA and
are used to ensure message integrity. SHA hash is attached with the input message and then
send to the recipient.

Recipient can verify the integrity by recomputing the hash value and check with the attached
and can ensure and authenticate whether the message has been changed or not.

2. Digital Signatures

SHA are also used with cryptography technique such as digital signatures to ensure and verify
the authenticity and identity of electronic documents( e- mail, confidential reports, project
data).

7
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

3. Password Hashing

Password Hashing is one of the most effective and important features and uses hashing to
manage and store password in online websites and applications.

However, Passwords are generally hashed using SHA and are stored in the database and
relevant record systems as to make it difficult to recognise and identify the original password
and henceforth reduces the possibility of cyber attack and security issues leading to a
database leak.

8
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Message Authentication Codes(MACs)

LECTURE NO.-4

How message authentication code works?

Apart from intruders, the transfer of message between two people also faces other
external problems like noise, which may alter the original message constructed by the
sender. To ensure that the message is not altered there’s this cool method MAC.

MAC stands for Message Authentication Code. Here in MAC, sender and receiver share
same key where sender generates a fixed size output called Cryptographic checksum or
Message Authentication code and appends it to the original message. On receiver’s side,
receiver also generates the code and compares it with what he/she received thus ensuring
the originality of the message. These are components:

 Message
 Key
 MAC algorithm
 MAC value

How Does A Message Authentication Code Work?

The first step in the MAC process is the establishment of a secure channel between the
receiver and the sender. To encrypt a message, the MAC system uses an algorithm, which
uses a symmetric key and the plain text message being sent. The MAC algorithm then
generates authentication tags of a fixed length by processing the message. The resulting
computation is the message's MAC.

This MAC is then appended to the message and transmitted to the receiver. The receiver
computes the MAC using the same algorithm. If the resulting MAC the receiver arrives at

9
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

equals the one sent by the sender, the message is verified as authentic, legitimate, and not
tampered with.

In effect, MAC uses a secure key only known to the sender and the recipient. Without this
information, the recipient will not be able to open, use, read, or even receive the data
being sent. If the data is to be altered between the time the sender initiates the transfer
and when the recipient receives it, the MAC information will also be affected.

Therefore, when the recipient attempts to verify the authenticity of the data, the key will
not work, and the end result will not match that of the sender. When this kind of
discrepancy is detected, the data packet can be discarded, protecting the recipient’s
system.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

10
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Digital Signatures
LECTURE NO.-5

Digital Signature

A digital signature is a mathematical technique used to validate the authenticity and integrity
of a message, software, or digital document. These are some of the key features of it.

1. Key Generation Algorithms: Digital signatures are electronic signatures, which

assure that the message was sent by a particular sender. While performing digital
transactions authenticity and integrity should be assured, otherwise, the data can be
altered or someone can also act as if he were the sender and expect a reply.

2. Signing Algorithms: To create a digital signature, signing algorithms like email

programs create a one-way hash of the electronic data which is to be signed. The
signing algorithm then encrypts the hash value using the private key (signature key).
This encrypted hash along with other information like the hashing algorithm is the
digital signature. This digital signature is appended with the data and sent to the
verifier. The reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a much shorter
fixed-length value. This saves time as now instead of signing a long message a
shorter hash value has to be signed and hashing is much faster than signing.

3. Signature Verification Algorithms: The Verifier receives a Digital Signature along

with the data. It then uses a Verification algorithm to process the digital signature
and the public key (verification key) and generates some value. It also applies the
same hash function on the received data and generates a hash value. If they both
are equal, then the digital signature is valid else it is invalid.

The steps followed in creating a digital signature are:

1. Message digest is computed by applying the hash function on the message and then
message digest is encrypted using the private key of the sender to form the digital
signature. (digital signature = encryption (private key of sender, message digest) and
message digest = message digest algorithm (message)).

2. A digital signature is then transmitted with the message. (message + digital signature
is transmitted)

11
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

3. The receiver decrypts the digital signature using the public key of the sender. (This
assures authenticity, as only the sender has his private key so only the sender can
encrypt using his private key which can thus be decrypted by the sender’s public
key).

4. The receiver now has the message digest.

5. The receiver can compute the message digest from the message (actual message is
sent with the digital signature).

6. The message digest computed by receiver and the message digest (got by decryption
on digital signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from hash
value of the message is very difficult.

Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This makes
them ideal for any legal document that requires a signature authenticated by one or
more parties and guarantees that the record has not been altered.

12
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

 Sales contracts: Digital signing of contracts and sales contracts authenticates the
identity of the seller and the buyer, and both parties can be sure that the signatures
are legally binding and that the terms of the agreement have not been changed.

 Financial Documents: Finance departments digitally sign invoices so customers can

trust that the payment request is from the right seller, not from a attacker trying to
trick the buyer into sending payments to a fraudulent account.

 Health Data: In the healthcare industry, privacy is paramount for both patient
records and research data. Digital signatures ensure that this confidential
information was not modified when it was transmitted between the consenting
parties.

Drawbacks of Digital Signature

 Dependency on technology: Because digital signatures rely on technology, they are

susceptible to crimes, including hacking. As a result, businesses that use digital
signatures must make sure their systems are safe and have the most recent security
patches and upgrades installed.

 Complexity: Setting up and using digital signatures can be challenging, especially for
those who are unfamiliar with the technology. This may result in blunders and errors
that reduce the system’s efficacy. The process of issuing digital signatures to senior
citizens can occasionally be challenging.

 Limited acceptance: Digital signatures take time to replace manual ones since
technology is not widely available in India, a developing nation.

 References
1.Cryptography and Network Security - Principles and Practice: William Stallings,
Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

13
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Dos attacks ,buffer flow

LECTURE No.-6

What is a denial-of-service attack?

A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims to
render a computer or other device unavailable to its intended users by interrupting the
device's normal functioning. DoS attacks typically function by overwhelming or flooding a
targeted machine with requests until normal traffic is unable to be processed, resulting in
denial-of-service to addition users. A DoS attack is characterized by using a single computer
to launch the attack.

A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many
distributed sources, such as a botnet DDoS attack.

How does a DoS attack work?

The primary focus of a DoS attack is to oversaturate the capacity of a targeted machine,
resulting in denial-of-service to additional requests. The multiple attack vectors of DoS
attacks can be grouped by their similarities.

DoS attacks typically fall in 2 categories:

Buffer overflow attacks

An attack type in which a memory buffer overflow can cause a machine to consume all
available hard disk space, memory, or CPU time. This form of exploit often results in
sluggish behavior, system crashes, or other deleterious server behaviors, resulting in denial-
of-service.

Flood attacks

By saturating a targeted server with an overwhelming amount of packets, a malicious actor

is able to oversaturate server capacity, resulting in denial-of-service. In order for most DoS
flood attacks to be successful, the malicious actor must have more available bandwidth
than the target.

What Is Buffer Overflow?

Buffer overflow is a software coding error or vulnerability that can be exploited by hackers
to gain unauthorized access to corporate systems. It is one of the best-known software

14
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

security vulnerabilities yet remains fairly common. This is partly because buffer overflows
can occur in various ways and the techniques used to prevent them are often error-prone.

The software error focuses on buffers, which are sequential sections of computing memory
that hold data temporarily as it is transferred between locations. Also known as a buffer
overrun, buffer overflow occurs when the amount of data in the buffer exceeds its storage
capacity. That extra data overflows into adjacent memory locations and corrupts or
overwrites the data in those locations.

What Is A Buffer Overflow Attack?

A buffer overflow attack takes place when an attacker manipulates the coding error to
carry out malicious actions and compromise the affected system. The attacker alters the
application’s execution path and overwrites elements of its memory, which amends the
program’s execution path to damage existing files or expose data.

A buffer overflow attack typically involves violating programming languages and

overwriting the bounds of the buffers they exist on. Most buffer overflows are caused by
the combination of manipulating memory and mistaken assumptions around the
composition or size of data.

A buffer overflow vulnerability will typically occur when code:

1. Is reliant on external data to control its behavior

2. Is dependent on data properties that are enforced beyond its immediate scope
3. Is so complex that programmers are not able to predict its behavior accurately

Buffer overflow exploits

The buffer overflow exploit techniques a hacker uses depends on the architecture and
operating system being used by their target. However, the extra data they issue to a
program will likely contain malicious code that enables the attacker to trigger additional
actions and send new instructions to the application.

For example, introducing additional code into a program could send it new instructions that
give the attacker access to the organization’s IT systems. In the event that an attacker
knows a program’s memory layout, they may be able to intentionally input data that
cannot be stored by the buffer. This will enable them to overwrite memory locations that
store executable code and replace it with malicious code that allows them to take control
of the program.

15
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Attackers use a buffer overflow to corrupt a web application’s execution stack, execute
arbitrary code, and take over a machine. Flaws in buffer overflows can exist in both
application servers and web servers, especially web applications that use libraries like
graphics libraries. Buffer overflows can also exist in custom web application codes. This is
more likely because they are given less scrutiny by security teams but are less likely to be
discovered by hackers and more difficult to exploit.

Types Of Buffer Overflow Attacks

There are several types of buffer overflow attacks that attackers use to exploit
organizations’ systems. The most common are:

1. Stack-based buffer overflows: This is the most common form of buffer overflow
attack. The stack-based approach occurs when an attacker sends data containing
malicious code to an application, which stores the data in a stack buffer. This
overwrites the data on the stack, including its return pointer, which hands control of
transfers to the attacker.
2. Heap-based buffer overflows: A heap-based attack is more difficult to carry out
than the stack-based approach. It involves the attack flooding a program’s memory
space beyond the memory it uses for current runtime operations.
3. Format string attack: A format string exploit takes place when an application
processes input data as a command or does not validate input data effectively. This
enables the attacker to execute code, read data in the stack, or cause segmentation
faults in the application. This could trigger new actions that threaten the security
and stability of the system.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

16
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Spoofing and Sniffing attacks

LECTURE NO.-7

Sniffing is the process in which all the data packets passing in the network are monitored.
Sniffers are usually used by network administrators to monitor and troubleshoot the
network traffic. Whereas attackers use Sniffers to monitor and capture data packets to
steal sensitive information containing password and user accounts. Sniffers can be
hardware or software installed on the system.

Spoofing is the process in which an intruder introduces fake traffic and pretends to be
someone else (legal source or the legitimate entity). Spoofing is done by sending packets
with incorrect source address over the network. The best way to deal and tackle with
spoofing is to use a digital signature.

Spoofing is a completely new beast created by merging age-old deception strategies with modern
technology. Spoofing is a sort of fraud in which someone or something forges the sender’s identity
and poses as a reputable source, business, colleague, or other trusted contact in order to obtain
personal information, acquire money, spread malware, or steal data.

Types of Spoofing:

 IP Spoofing
 ARP Spoofing
 Email Spoofing
 Website Spoofing Attack
 DNS Spoofing

IP Spoofing:

IP is a network protocol that allows you to send and receive messages over the internet. The
sender’s IP address is included in the message header of every email message sent (source
address). By altering the source address, hackers and scammers alter the header details to
hide their original identity. The emails then look to have come from a reliable source. IP
spoofing can be divided into two categories.

 Man in the Middle Attacks: Communication between the original sender of the
message and the intended recipient is intercepted, as the term implies. The message’s
content is then changed without the knowledge of either party. The attacker inserts
his own message into the packet.
 Denial of Service (DoS) Attacks: In this technique, the sender and recipient’s message
packets are intercepted, and the source address is spoofed. The connection has been

17
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

seized. The recipient is thus flooded with packets in excess of their bandwidth or
resources. This overloads the victim’s system, effectively shutting it down.

Drawback:

In a Man-in-the-middle attack, even the receiver doesn’t know where the connection got
originated. This is completely a blind attack. To successfully carry out his attack, he will
require a great deal of experience and understanding of what to expect from the target’s
responses.

Preventive measures:

Disabling source-routed packets and all external incoming packets with the same source
address as a local host are two of the most frequent strategies to avoid this type of attack.

ARP Spoofing:

ARP spoofing is a hacking method that causes network traffic to be redirected to a hacker.
Sniffing out LAN addresses on both wired and wireless LAN networks is known as spoofing.
The idea behind this sort of spoofing is to transmit false ARP communications to Ethernet
LANs, which can cause traffic to be modified or blocked entirely.

The basic work of ARP is to match the IP address to the MAC address. Attackers will transmit
spoofed messages across the local network. Here the response will map the user’s MAC
address with his IP address. Thus attacker will gain all information from the victim machine.

Preventive measures:

To avoid ARP poisoning, you can employ a variety of ways, each with its own set of benefits
and drawbacks. Static ARP entries, encryption, VPNs, and packet sniffing are just a few
examples.

 Static ARP entries: It entails creating an ARP entry in each computer for each machine
on the network. Because the machines can ignore ARP replies, mapping them with
sets of static IP and MAC addresses helps to prevent spoofing attempts. Regrettably,
this approach can only defend you from some of the most basic attacks.
 Encryption: Protocols like HTTPS and SSH can also help to reduce the probability of
an ARP poisoning attempt succeeding. When traffic is encrypted, the attacker must
go through the extra effort of convincing the target’s browser to accept an invalid
certificate. Any data sent outside of these standards, however, will remain vulnerable.
 VPN: Individuals may find a VPN to be reasonable protection, but they are rarely
suitable for larger enterprises. A VPN will encrypt all data that flows between the

18
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

client and the exit server if it is only one person making a potentially unsafe
connection, such as accessing public wifi at an airport. Since an attacker will only be
able to see the ciphertext, this helps to keep them safe.
 Packet filters: Each packet delivered across a network is inspected by these filters.
They can detect and prevent malicious transmissions as well as those with suspected
IP addresses.

For more detail regarding MITM attacks using ARP spoofing please refer to the MITM (Man
in The Middle) Attack using ARP Poisoning.

Email Spoofing:

The most common type of identity theft on the Internet is email spoofing. Phishers, send
emails to many addresses and pose as representatives of banks, companies, and law
enforcement agencies by using official logos and headers. Links to dangerous or otherwise
fraudulent websites, as well as attachments loaded with malicious software, are included in
the emails they send.

Attackers may also utilize social engineering techniques to persuade the target to voluntarily
reveal information. Fake banking or digital wallet websites are frequently created and linked
to in emails. When an unknowing victim clicks on that link, they are brought to a false site
where they must log in with their information, which is then forwarded to the fake user
behind the fake email.

Manual Detection Method:

 Even though the display name appears to be real, if it does not match the “From”
address, it is an indication of email spoofing.
 Mail is most likely fake if the “Reply-to” address does not match the original sender’s
address or domain.
 Unexpected messages (such as a request for sensitive information or an unwanted
attachment) should be opened with caution or reported immediately to your IT
department, even if the email appears to come from a trustworthy source.

Preventive measures:

Implement additional checks like Sender Policy Framework, DomainKeys Identified Mail,
Domain-based Message Authentication Reporting & Conformance, and
Secure/Multipurpose Internet Mail Extensions.

19
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

Website Spoofing Attack:

Attackers employ website/URL spoofing, also known as cybersquatting, to steal credentials

and other information from unwary end-users by creating a website that seems almost
identical to the actual trustworthy site. This is frequently done with sites that receive a lot of
traffic online. The cloning of Facebook is a good example.

DNS Spoofing:

Each machine has a unique IP address. This address is not the same as the usual “www”
internet address that you use to access websites. When you type a web address into your
browser and press enter, the Domain Name System (DNS) immediately locates and sends
you to the IP address that matches the domain name you provided. Hackers have discovered
a technique to infiltrate this system and redirect your traffic to harmful sites. This is known
as DNS Spoofing.

Preventive measures:

 DNSSEC or Domain Name System Security Extension Protocol is the most widely used
DNS Spoofing prevention solution since it secures the DNS by adding layers of
authentication and verification. However, it takes time to verify that the DNS records
are not forged, this slows down the DNS response.
 Make use of SSL/TLS encryption to minimize or mitigate the risk of a website being
hacked via DNS spoofing. This allows a user to determine whether the server is real
and belongs to the website’s original owner.
 Only trust URLs that begin with “HTTPS,” which signifies that a website is legitimate.
Consider the risk of a DNS Spoofing Attack if the indicator of “HTTPS” looks to be in
flux.
 The security strategy or proactive approach to preventing a DNS attack is active
monitoring. It’s important to keep an eye on DNS data and be proactive about noticing
unusual patterns of behavior, such as the appearance of a new external host that
could be an attacker.

Wireshark is an open-source packet analyzer that enables real-time data inspection. It

enables network sniffing, which analyzes traffic for device communication insights. The
ethical and legal implications of network sniffing are discussed, emphasizing responsible
usage. Spoofing, a manipulation of network data, can compromise network security
through techniques like ARP, DNS, and IP spoofing.

20
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-3 CRYPTOGRAPHIC HASH FUNCTION BTECH-6 SEM

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

21
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)