lOMoARcPSD|18931420

Network Security & Cryptography - Lesson Notes & Key

Concepts
M.Sc Computer Science (Bharathiar University)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by K0102 Benitta Ananthi ([email protected])
 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

NETWORK SECURITY & CRYPTOGRAPHY

UNIT I
Introduction to Cryptography – Security Attacks – Security Services –Security Algorithm - Stream cipher and
Block cipher - Symmetric and Asymmetric-key Cryptosystem Symmetric Key Algorithms: Introduction – DES
– Triple DES – AES – IDEA – Blowfish – RC5.

UNIT II
Public-key Cryptosystem: Introduction to Number Theory - RSA Algorithm – Key Management - Diffie-Hell
man Key exchange – Elliptic Curve Cryptography Message Authentication and Hash functions – Hash and
Mac Algorithm – Digital Signatures and Authentication Protocol.

UNIT III
Network Security Practice: Authentication Applications – Kerberos – X.509 Authentication services and
Encryption Techniques. E-mail Security – PGP – S / MIME – IP Security.

UNIT IV
Web Security - Secure Socket Layer – Secure Electronic Transaction. System Security - Intruders and Viruses
– Firewalls– Password Security

UNIT V
Case Study: Implementation of Cryptographic Algorithms – RSA – DSA – ECC (C / JAVA Programming).
Network Forensic – Security Audit - Other Security Mechanism: Introduction to: Stenography – Quantum
Cryptography – Water Marking - DNA Cryptography.

REFERENCE BOOKS
1. William Stallings, “Cryptography and Network Security”, PHI/Pearson Education.
2. Bruce Schneir, “Applied Cryptography”, CRC Press.
3. A.Menezes, P Van Oorschot and S.Vanstone, “Hand Book of Applied Cryptography”, CRC Press, 1997
[Free Downloadable].
4. Ankit Fadia,”Network Security”, MacMillan.

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

UNIT I
Introduction to Cryptography – Security Attacks – Security Services –Security Algorithm - Stream
cipher and Block cipher - Symmetric and Asymmetric-key Cryptosystem Symmetric Key Algorithms:
Introduction – DES – Triple DES – AES – IDEA – Blowfish – RC5.

SECUTIRY ATTACKS

A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive
attacks and active attacks. A passive attack attempts to learn or make use of information from the system but
does not affect system resources. An active attack attempts to alter system resources or affect their operation.

Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted.

Two types of passive attacks are the release of message contents and traffic analysis.

The release of message contents is easily understood. A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information. We would like to prevent an
opponent from learning the contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the
contents of messages or other information traffic so that opponents, even if they captured the message, could
not extract the information from the message. The common technique for masking contents is encryption. If we
had encryption protection in place, an opponent might still be able to observe the pattern of these messages.
The opponent could determine the location and identity of communicating hosts and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the nature of
the communication that was taking place.

Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
Typically, the message traffic is not sent and received in an apparently normal fashion and the sender nor
receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible
to pre-vent the success of these attacks, usually by means of encryption. Thus, the emphasis in dealing with
passive attacks is on prevention rather than detection.

Active Attacks

Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages, and denial of service.

A masquerade takes place when one entity pretends to be a different entity (Figure 1.a). A masquerade
attack usually includes one of the other forms of active attack. For example, authentication sequences can be
captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity
with few privileges to obtain extra privileges by impersonating an entity that has those privileges.

Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
2

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
unauthorized effect (Figure 1.b).

Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect (Figure 1.c). For example, a message
meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to
read confidential file accounts.”

The denial of service prevents or inhibits the normal use or management of communications facilities
(Figure 1.d). This attack may have a specific target; for example, an entity may suppress all messages directed
to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of
an entire network, either by disabling the network or by overloading it with messages so as to degrade
performance.

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are
difficult to detect, measures are available to prevent their success.

Figure 1. a & b

On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of
3

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to
recover from any disruption or delays caused by them. If the detection has a deterrent effect, it may also
contribute to prevention.

Figure 1.c & d

SECURITY SERVICES:

X.800 defines a security service as a service that is provided by a protocol layer of communicating
open systems and that ensures adequate security of the systems or of data transfers. Perhaps a clearer definition
is found in RFC 2828, which provides the following definition: a processing or communication service that is
provided by a system to give a specific kind of protection to system resources; security services implement
security policies and are implemented by security mechanisms. X.800 divides these services into five
categories and fourteen specific services (Table 1). We look at each category in turn.

Authentication

The authentication service is concerned with assuring that a communication is authentic. In the case of
a single message, such as a warning or alarm signal, the function of the authentication service is to assure the
recipient that the message is from the source that it claims to be from. In the case of an ongoing interaction,
such as the connection of a terminal to a host, two aspects are involved. First, at the time of connection
initiation, the service assures that the two entities are authentic, that is, that each is the entity that it claims to
be. Second, the service must assure that the connection is not interfered with in such a way that a third party

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
can masquerade as one of the two legitimate parties for the purposes of unauthorized transmission or reception.
Two specific authentication services are defined in X.800:

Table 1: Security Services (X.800)

•Peer entity authentication: Provides for the corroboration of the identity of a peer entity in an association.
Two entities are considered peers if they implement to same protocol in different systems; e.g., two TCP
modules in two communicating systems. Peer entity authentication is provided for use at the establishment of,
or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not
performing either a masquerade or an unauthorized replay of a previous connection.

•Data origin authentication: Provides for the corroboration of the source of a data unit. It does not provide
protection against the duplication or modification of data units. This type of service supports applications like
electronic mail, where there are no prior interactions between the communicating entities.

Access Control

In the context of network security, access control is the ability to limit and control the access to host
systems and applications via communications links. To achieve this, each entity trying to gain access must first
be identified, or authenticated, so that access rights can be tailored to the individual.

Data Confidentiality

Confidentiality is the protection of transmitted data from passive attacks. With respect to the content of
a data transmission, several levels of protection can be identified. The broadest service protects all user data
5

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
transmitted between two users over a period of time. For example, when a TCP connection is set up between
two systems, this broad protection prevents the release of any user data transmitted over the TCP connection.
Narrower forms of this service can also be defined, including the protection of a single message or even
specific fields within a message. These refinements are less useful than the broad approach and may even be
more complex and expensive to implement. The other aspect of confidentiality is the protection of traffic flow
from analysis. This requires that an attacker not be able to observe the source and destination, frequency,
length, or other characteristics of the traffic on a communications facility.

Data Integrity

As with confidentiality, integrity can apply to a stream of messages, a single message, or selected fields
within a message. Again, the most useful and straightforward approach is total stream protection.

A connection-oriented integrity service, one that deals with a stream of messages, assures that messages
are received as sent with no duplication, insertion, modification, reordering, or replays. The destruction of data
is also covered under this service. Thus, the connection-oriented integrity service addresses both message
stream modification and denial of service. On the other hand, a connectionless integrity service, one that deals
with individual messages without regard to any larger context, generally provides protection against message
modification only.

We can make a distinction between service with and without recovery. Because the integrity service
relates to active attacks, we are concerned with detection rather than prevention. If a violation of integrity is
detected, then the service may simply report this violation, and some other portion of software or human
intervention is required to recover from the violation. Alternatively, there are mechanisms available to recover
from the loss of integrity of data, as we will review subsequently. The incorporation of automated recovery
mechanisms is, in general, the more attractive alternative.

Nonrepudiation

Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus, when a
message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a
message is received, the sender can prove that the alleged receiver in fact received the message.

Availability Service

Both X.800 and RFC 2828 define availability to be the property of a system or a system resource being
accessible and usable upon demand by an authorized system entity, according to performance specifications for
the system (i.e., a system is available if it provides services according to the system design whenever users
request them). A variety of attacks can result in the loss of or reduction in availability. Some of these attacks
are amenable to automated countermeasures, such as authentication and encryption, whereas others require
some sort of physical action to prevent or recover from loss of availability of elements of a distributed system.

X.800 treats availability as a property to be associated with various security services. However, it
makes sense to call out specifically an availability service. An availability service is one that protects a system
to ensure its availability. This service addresses the security concerns raised by denial-of-service attacks. It
depends on proper management and control of system resources and thus depends on access control service
and other security services.

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
SECURITY MECHNISMS:

Table 1.1 lists the security mechanisms defined in X.800. The mechanisms are divided into those that
are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those that are
not specific to any particular protocol layer or security service. These mechanisms will be covered in the
appropriate places in the book. So we do not elaborate now, except to comment on the definition of
encipherment. X.800 distinguishes between reversible encipherment mechanisms and irreversible
encipherment mechanisms. A reversible encipherment mechanism is simply an encryption algorithm that
allows data to be encrypted and subsequently decrypted. Irreversible encipherment mechanisms include hash
algorithms and message authentication codes, which are used in digital signature and message authentication
applications.

Table 1.1: Security Mechanisms (X.800)

Security aspects come into play when it is necessary or desirable to protect the information transmission from
an opponent who may present a threat to confidentiality, authenticity, and so on.

BLOCK & STREAM CIPHER:

What is a block cipher?

A block cipher is an encryption algorithm that encrypts a fixed size of n-bits of data - known as a block -
at one time. The usual sizes of each block are 64 bits, 128 bits, and 256 bits. So for example, a 64-bit block
cipher will take in 64 bits of plaintext and encrypt it into 64 bits of cipher text. In cases where bits of plaintext
are shorter than the block size, padding schemes are called into play. Majority of the symmetric ciphers used

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
today are actually block ciphers. DES, Triple DES, AES, IDEA, and Blowfish are some of the commonly used
encryption algorithms that fall under this group.

The key Block Cipher property:

Most of the symmetric block cipher algorithms are designed based on the Fiestel Cipher in structure. A
64 bit block entry will need a table of 264 entries. The block cipher looks more like very large substitution
algorithm using the idea of a product cipher.

Popular block ciphers

DES - DES, which stands for Data Encryption Standard, used to be the most popular block cipher in
the world and was used in several industries. It's still popular today, but only because it's usually included in
historical discussions of encryption algorithms. The DES algorithm became a standard in the US in 1977.
However, it's already been proven to be vulnerable to brute force attacks and other cryptanalytic methods. DES
is a 64-bit cipher that works with a 64-bit key. Actually, 8 of the 64 bits in the key are parity bits, so the key
size is technically 56 bits long.

3DES - As its name implies, 3DES is a cipher based on DES. It's practically DES that's run three times.
Each DES operation can use a different key, with each key being 56 bits long. Like DES, 3DES has a block
size of 64 bits. Although 3DES is many times stronger than DES, it is also much slower (about 3x slower).
Because many organizations found 3DES to be too slow for many applications, it never became the ultimate
successor of DES. That distinction is reserved for the next cipher in our list - AES.

AES - A US Federal Government standard since 2002, AES or Advanced Encryption Standard is
arguably the most widely used block cipher in the world. It has a block size of 128 bits and supports three
possible key sizes - 128, 192, and 256 bits. The longer the key size, the stronger the encryption. However,
longer keys also result in longer processes of encryption.

Blowfish - This is another popular block cipher (although not as widely used as AES). It has a block
size of 64 bits and supports a variable-length key that can range from 32 to 448 bits. One thing that makes
blowfish so appealing is that Blowfish is unpatented and royalty-free.

Twofish - Yes, this cipher is related to Blowfish but it's not as popular (yet). It's a 128-bit block cipher
that supports key sizes up to 256 bits long.

What is a Stream cipher?

A stream cipher is an encryption algorithm that encrypts 1 bit or byte of plaintext at a time. It uses an
infinite stream of pseudorandom bits as the key. For a stream cipher implementation to remain secure, its
pseudorandom generator should be unpredictable and the key should never be reused. Stream ciphers are
designed to approximate an idealized cipher, known as the One-Time Pad.

The One-Time Pad, which is supposed to employ a purely random key, can potentially achieve "perfect
secrecy". That is, it's supposed to be fully immune to brute force attacks. The problem with the one-time pad is
that, in order to create such a cipher, its key should be as long or even longer than the plaintext. In other words,
if you have 500 Megabyte video file that you would like to encrypt, you would need a key that's at least 4
Gigabits long.

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Clearly, while Top Secret information or matters of national security may warrant the use of a one-time
pad, such a cipher would just be too impractical for day-to-day public use. The key of a stream cipher is no
longer as long as the original message. Hence, it can no longer guarantee "perfect secrecy". However, it can
still achieve a strong level of security.

The key Stream Cipher property:

Most important design considerations in the case of a stream cipher are that there should be long
periods with no repetition. The result is statistically random enough with larger linear complexity being
directly dependent on a large key. The stream cipher is usually considered to be much simpler and faster when
compared to the block cipher.

Popular stream ciphers:

RC4 - RC4, which stands for Rivest Cipher 4, is the most widely used of all stream ciphers,
particularly in software. It's also known as ARCFOUR or ARC4. RC4 has been used in various protocols like
WEP and WPA (both security protocols for wireless networks) as well as in TLS. Unfortunately, recent studies
have revealed vulnerabilities in RC4, prompting Mozilla and Microsoft to recommend that it be disabled where
possible.

These recent findings will surely allow other stream ciphers (e.g. SALSA, SOSEMANUK, PANAMA,
and many others, which already exist but never gained the same popularity as RC4) to emerge and possibly
take its place.

Differences between Block Cipher and Stream Cipher encoding in Tabular Form

Below are the key comparison and differences between Block Cipher and Stream Cipher in a tabular
form that makes it easier to remember, compare and understand. Do feel free to add your comment in case you

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
want to remind me something that I might have missed out in the comparison table (Table 1.2).

Table 1.2: Block Cipher & Stream Cipher

SYMETRIC & ASSYMETRIC KEY ENCRYPTION

Symmetric-Key Cryptography: Symmetric-key cryptography uses a single key for both encryption and
decryption. Encryption and decryption algorithm are inverse of each other.

Example: To create the cipher text from the plaintext John uses an encryption algorithm and a key. To create
the plaintext from cipher text, Bob uses the decryption algorithm and the same key.

Types of symmetric encryption algorithms:

For most people, encryption means taking plaintext and converting it to cipher text using the same key,
or secret, to encrypt and decrypt the text. This is symmetric encryption and it is comparatively fast compared to
other types of encryption such as asymmetric encryption. The most widely-used algorithm used in symmetric
key cryptography is AES (Advanced Encryption Standard). It comprises three block ciphers, AES-128, AES-
192 and AES-256, each of which is deemed sufficient to protect government classified information up to the
SECRET level with TOP SECRET information requiring either 192 or 256 key lengths.

10

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Other common symmetric encryption algorithms include Blowfish, Two fish, Data Encryption
Standard (DES), 3DES and RC4, although recent attacks have revealed weaknesses in the RC4 algorithm.
While come symmetric encryption algorithms like AES use block ciphers, others such as RC4 use stream
ciphers. Symmetric encryption types like 3DES and AES are often leveraged by VPN products.

The main disadvantage of symmetric key cryptography is that all parties involved have to exchange the
key used to encrypt the data before they can decrypt it. This requirement to securely distribute and manage
large numbers of keys means most cryptographic services also make use of other types of encryption
algorithms. Secure MIME for example uses an asymmetric algorithm -- public/private key algorithm -- for
nonrepudiation and a symmetric algorithm for efficient privacy and data protection.

Asymmetric-Key cryptography: It is also called public key cryptography. In public key cryptography two
keys: a private key and a public key is used. Encryption is done through the public key and decryption through
private key. Receiver creates both the keys and is responsible for distributing its public key to the
communication community.

Example: The sender (say John) uses the public key to encrypt the plaintext into cipher text and the receiver
(say Bob) uses his private key to decrypt the cipher text.

Types of asymmetric encryption algorithms:

Asymmetric algorithms use two interdependent keys, one to encrypt the data, and the other to decrypt
it. This interdependency provides a number of different features, the most important probably being digital
signatures which are used amongst other things to guarantee that a message was created by a particular entity
or authenticate remote systems or users. One of the most common asymmetric encryption algorithms is the
Diffie-Hellman key exchange, which allows two parties to exchange cryptographic keys in a secure manner
regardless of whether the communication channel is public or private. The RSA (Rivest, Shamir and Adleman)
asymmetric algorithm is another widely used asymmetric encryption example; it is often used in electronic
commerce protocols such as SSL, and is believed to be secure given sufficiently long keys and the use of up-
to-date implementations. As RSA is much slower than symmetric encryption, what typically happens is that
data is encrypted with a symmetric algorithm and then the comparatively short symmetric key is encrypted
using RSA. This allows the key necessary to decrypt the data to be securely sent to other parties along with the
symmetrically-encrypted data.

DATA ENCRYPTION STANDARD (DES):

It was adopted in 1977 by the National Bureau of Standards (NBS), now National Institute of Standards
and Technology (NIST), as Federal Information Processing Standard 46 (FIPS PUB 46). In 1971, IBM’s team
under Horst Feistel leadership developed algorithm LUCIFER, operating on 64-bit blocks with 128-bit key.
Further, IBM’s team led by Walter Tuchman and Carl Meyer revised LUCIFER to make it more resistant to
cryptanalysis, but they reduced key size to 56 bits. In 1973, NBS issued a request for proposals for a national
cipher standard. IBM submitted results of its Tuchman-Meyer project. This was by far the best algorithm
proposed and was adopted in 1977 as Data Encryption Standard. In 1994, NIST reaffirmed DES for federal use
for another 5 years. In 1999, NIST issued a new version of its standard (FIPS PUB 46-3) that indicated that
DES should only be used for legacy systems and that triple DES be used.

32-bit swap swaps left and 32-bit halves obtained after Round 16, we get preoutput. Finally, preoutput
passes through a permutation IP-1, that is inverse to initial permutation IP, to produce the 64-bit cipher text. The

11

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
right-hand portion of Fig. 1.1 shows the way in which 56-bit is used. For each of 16 rounds a sub key Ki is
produced by the combination of a left circular shift and a permutation. The permutation function is the same
for each round.

DES ENCRYPTION

Figure 1.1. General description of DES Algorithm

DETAILS OF SINGLE ROUND

12

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 1.2. Single Round of DES Algorithm

The left and right halves of each 64-bit intermediate value are treated as separate 32-bit quantities,
labeled L and R. As in the classic Feistel cipher, the overall process at each round is summarized as follows:

The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by
Expansion/Permutation (E table):

DETAILS OF SINGLE ROUND (CONT 1)

The resulting 48 bits are XORed with Ki. This 48 bit result passes through a substitution function that
produces 32-bit output, which is permuted by Permutation function (P). The role of S-boxes is illustrated in
Fig. 1.3.

Permutation function( P )
16 7 20 21 29 12 28 17

1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9

19 13 30 6 22 11 4 25

Figure 1.3

The substitution consists of a set of 8 S-boxes, each of which produces 4 bits as output.

13

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 1.4. Calculation of F(R,K)

Each row of an S-box defines a general reversible substitution: middle 4 bits of each group of 6-bit
input are substituted by S-box output, 1st and last 6th bits define what particular substitution out of to use.

DES DECRYPTION: As with any Feistel cipher, decryption uses the same algorithm as encryption, except
that the application of subkeys is reversed.

THE AVALANCE EFFECT IN DES: 1 bit change in the plaintext leads to 34 bit difference in the cipher
text. 1 bit change in the key leads to 35 bit difference in the cipher text.

THE STRENGTH OF DES: DES proved insecure in July 1998, when the Electronic Frontier Foundation
(EFF) announced that it had broken a DES encryption using a special-purpose “DES cracker” machine that
was built for less than $250 000. The attack took less than 3 days.

Design criteria for S-boxes were not made public, so there was a concern that cryptanalysis is possible
for an opponent who knows the weaknesses in S-boxes. Up to now, there are no published results about such
weaknesses in S-boxes.

DES also appears to be resistant to timing attack but suggest some avenues to explore. Timing attack
tries to understand essence of algorithm by analysis of time of its work on different inputs. One of such
approaches yields a Hamming weight (number of bits equal to 1) of the secret key.

ADVANCED ENCRYPTION STANDARD (AES):

The Origins of AES: The principal drawback of 3DES (which was recommended in 1999, Federal
Information Processing Standard FIPS PUB 46-3 as new standard with 168-bit key) is that the algorithm is
relatively sluggish in software. A secondary drawback is the use of 64-bit block size. For reasons of both
efficiency and security, a larger block size is desirable.

14

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
In 1997, National Institute of Standards and Technology NIST issued a call for proposals for a new
Advanced Encryption Standard (AES), which should have security strength equal to or better than 3DES, and
significantly improved efficiency. In addition, NIST also specified that AES must be a symmetric block cipher
with a block length of 128 bits and support for key lengths of 128, 192, and 256 bits.

In a first round of evaluation, 15 proposed algorithms were accepted. A 2nd round narrowed to 5
algorithms. NIST completed its evaluation process and published a final standard (FIPS PUB 197) in
November, 2001. NIST selected Rijndael as the proposed AES algorithm. The 2 researches of AES are Dr.
Joan Daemon and Dr. Vincent Rijmen from Belgium.

AES Evaluation: Security – 128 minimal key size provides enough security

Cost – AES should have high computational efficiency

THE AES CIPHER:

Table 1.3 AES Parameters

A number of AES parameters depend on the key length (Table 1.3). In the description of this section,
we assume the key length of 128 bits.

Figure 1.5 shows the overall structure of AES.

The input to the encryption and decryption algorithm is a single 128-bit block, this block, in FIPS PUB
197, is depicted as a square matrix of bytes. This block is copied into the State array, which is modified at each
stage of encryption or decryption. After the final stage, State is copied to an output matrix. These operations
are depicted in Figure 1.5(a).

15

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Figure 1.5 AES Data Structures

16

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

OVERALL STRUCTURE OF AES

Figure 1.5 AES Encryption & Decryption

Similarly, the 128-bit is depicted as a square matrix of bytes. This key is expanded into an array of key
schedule words; each word is 4 bytes and the total key schedule is 44 words for the 128-bit key (Figure 1.5(b)).
Ordering of bytes within a matrix is by column. Before delving into details, we can make several comments
about overall AES structure:

1. This cipher is not a Feistel structure.

17

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
2. The key that is provided as input is expanded into an array of 44 words (32-bits each), w[i]. 4 distinct
words (128 bits) serve as a round key for each round; these are indicated in Fig. 1.5
3. 4 different stages are used, 1 permutation and 3 of substitution:
- Substitute bytes – Uses an S-box to perform a byte-to-byte substitution of the block
- Shift rows – A simple permutation
- Mix columns – A substitution that makes use of arithmetic over GF(28).
- Add round key – A simple bitwise XOR of the current block with the portion of the expanded key
4. The structure is quite simple.

INTERNATIONAL DATA ENCRYPTION ALGORITHM:

Introduction: The Data Encryption Standard (DES) algorithm has been a popular secret key encryption
algorithm and is used in many commercial and financial applications. Although introduced in 1976, it has
proved resistant to all forms of cryptanalysis. However, its key size is too small by current standards and its
entire 56 bit key space can be searched in approximately 22 hours.

International Data Encryption Algorithm (IDEA) is a block cipher designed by Xuejia Lai and James L.
Massey of ETH-Zürich and was first described in 1991. It is a minor revision of an earlier cipher, PES
(Proposed Encryption Standard); IDEA was originally called IPES (Improved PES). IDEA was used as the
symmetric cipher in early versions of the Pretty Good Privacy cryptosystem.

IDEA was to develop a strong encryption algorithm, which would replace the DES procedure developed in
the U.S.A. in the seventies. It is also interesting in that it entirely avoids the use of any lookup tables or S-
boxes. When the famous PGP email and file encryption product was designed by Phil Zimmermann, the
developers were looking for maximum security. IDEA was their first choice for data encryption based on its
proven design and its great reputation.

The IDEA encryption algorithm:

 provides high level security not based on keeping the algorithm a secret, but rather upon ignorance of
the secret key
 is fully specified and easily understood
 is available to everybody
 is suitable for use in a wide range of applications
 can be economically implemented in electronic components (VLSI Chip)
 can be used efficiently
 may be exported world wide
 is patent protected to prevent fraud and piracy

Description of IDEA:

The block cipher IDEA operates with 64-bit plaintext and cipher text blocks and is controlled by a 128-bit
key. The fundamental innovation in the design of this algorithm is the use of operations from three different
algebraic groups. The substitution boxes and the associated table lookups used in the block ciphers available
to-date have been completely avoided. The algorithm structure has been chosen such that, with the exception
that different key sub-blocks are used, the encryption process is identical to the decryption process.

Key Generation:
18

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
The 64-bit plaintext block is partitioned into four 16-bit sub-blocks, since all the algebraic operations used
in the encryption process operate on 16-bit numbers. Another process produces for each of the encryption
rounds, six 16-bit key sub-blocks from the 128-bit key. Since a further four 16-bit key-sub-blocks are required
for the subsequent output transformation, a total of 52 (= 8 x 6 + 4) different 16-bit sub-blocks have to be
generated from the 128-bit key.

The 52 16-bit key sub-blocks which are generated from the 128-bit key are produced as follows:

 First, the 128-bit key is partitioned into eight 16-bit sub-blocks which are then directly used as the first
eight key sub-blocks.
 The 128-bit key is then cyclically shifted to the left by 25 positions, after which the resulting 128-bit
block is again partitioned into eight 16-bit sub-blocks to be directly used as the next eight key sub-
blocks.
 The cyclic shift procedure described above is repeated until all of the required 52 16-bit key sub-blocks
have been generated.

Encryption: The functional representation of the encryption process is shown in Figure 1.6. The process
consists of eight identical encryption steps (known as encryption rounds) followed by an output
transformation. The structure of the first round is shown in detail.

Figure 1.6. IDEA Structure

19

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
In the first encryption round, the first four 16-bit key sub-blocks are combined with two of the 16-bit
plaintext blocks using addition modulo 216, and with the other two plaintext blocks using multiplication
modulo 216 + 1. The results are then processed further as shown in Figure 1.6, whereby two more 16-bit key
sub-blocks enter the calculation and the third algebraic group operator, the bit-by-bit exclusive OR, is used. At
the end of the first encryption round four 16-bit values are produced which are used as input to the second
encryption round in a partially changed order. The process described above for round one is repeated in each of
the subsequent 7 encryption rounds using different 16-bit key sub-blocks for each combination. During the
subsequent output transformation, the four 16-bit values produced at the end of the 8 th encryption round are
combined with the last four of the 52 key sub-blocks using addition modulo 216 and multiplication modulo 216
+ 1 to form the resulting four 16-bit cipher text blocks.

Decryption:

The computational process used for decryption of the cipher text is essentially the same as that used for
encryption of the plaintext. The only difference compared with encryption is that during decryption, different
16-bit key sub-blocks are generated.

More precisely, each of the 52 16-bit key sub-blocks used for decryption is the inverse of the key sub-block
used during encryption in respect of the applied algebraic group operation. Additionally, the key sub-blocks
must be used in the reverse order during decryption in order to reverse the encryption process as shown in
Table 2.

Modes of operation:

IDEA supports all modes of operation as described by NIST in its publication FIPS 81. A block cipher
encrypts and decrypts plaintext in fixed-size-bit blocks (mostly 64 and 128 bit). For plaintext exceeding this
fixed size, the simplest approach is to partition the plaintext into blocks of equal length and encrypt each
separately. This method is named Electronic Code Book (ECB) mode. However, Electronic Code Book is not a
good system to use with small block sizes (for example, smaller than 40 bits) and identical encryption modes.
As ECB has disadvantages in most applications, other methods named modes have been created. They are
Cipher Block Chaining (CBC), Cipher Feedback (CFB) and Output Feedback (OFB) modes.

Applications:

Today, there are hundreds of IDEA-based security solutions available in many market areas, ranging from
Financial Services, and Broadcasting to Government. IDEA is the name of a proven, secure, and universally
applicable block encryption algorithm, which permits effective protection of transmitted and stored data
against unauthorized access by third parties. The fundamental criteria for the development of IDEA were
highest security requirements along with easy hardware and software implementation for fast execution.

The IDEA algorithm can easily be embedded in any encryption software. Data encryption can be used to
protect data transmission and storage. Typical fields are:
– Audio and video data for cable TV, pay TV, video conferencing, distance learning, business TV, VoIP
– Sensitive financial and commercial data
– Email via public networks
– Transmission links via modem, router or ATM link, GSM technology
– Smart cards

20

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
RC5:
RC5 is a fast symmetric block cipher suitable for hardware or software implementations. A novel feature of
RC5 is the heavy use of data-dependent rotations. RC5 has a variable-length secret key, providing flexibility in
its security level. RC5 is a parameterized algorithm, and a particular RC5 algorithm is designated as
RC5-w/r/b. We summarize these parameters below:

w - The word size, in bits. The standard value is 32 bits; allowable values are 16, 32, and 64.
RC5 encrypts two-word blocks: plaintext and cipher text blocks are each 2w bits long.
r - The number of rounds. Allowable values are 0, 1, ..., 255.
b - The number of bytes in the secret key K. Allowable values of b are 0, 1, ..., 255.

RC5 uses an "expanded key table" S, derived from the user's supplied secret key K. The size t of table
S depends on the number r of rounds: S has t = 2(r+1) words.

It is not intended that RC5 be secure for all possible parameter values. On the other hand, choosing
the maximum parameter values would be overkill for most applications. We provide a variety of parameter
settings so that users may select an encryption algorithm whose security and speed are optimized for their
application, while providing an evolutionary path for adjusting their parameters as necessary in the future. As
an example, RC5-32/16/7 is an RC5 algorithm with the number of rounds and the length of key equivalent to
DES. As technology improves, and as the true strength of RC5 algorithms becomes better understood through
analysis, the most appropriate parameters can be chosen. We propose RC5-32/12/16 as providing a "nominal"
choice of parameters. Further analysis is needed to analyze the security of this choice.

Overview of the Algorithm:

RC5 consists of three components: a key expansion algorithm, an encryption algorithm, and a
decryption algorithm. These algorithms use the following three primitive operations (and their inverses).
1. Two's complement addition of words, denoted by "+". This is modulo- [Image] addition.
2. Bit-wise exclusive-OR of words, denoted by [Image].
3. A left-rotation (or "left-spin") of words: the rotation of word x left by y bits is denoted x <<< y. Only the
lg(w) low-order bits of y are used to determine the rotation amount, so that y is interpreted modulo w.

Encryption and Decryption:

We assume that the input block is given in two w-bit registers A and B. We also assume that key-
expansion has already been performed, so that the array S[0...t-1] has been computed. Below is the encryption
algorithm in pseudo-code. The output is also placed in registers A and B.
A = A + S[0];
B = B + S[1];
FOR i = 1 TO r DO
A = ((A [Image] B) <<< B) + S[2*i];
B = ((B [Image] A) <<< A) + S[2*i+1];

We note the exceptional simplicity of this five-line algorithm. We also note that each RC5 round
updates both registers A and B, whereas a "round" in DES updates only half of its registers. An RC5 "half-
round" (one of the assignment statements updating A or B in the body of the loop above) is thus perhaps more
analogous to a DES round. The decryption algorithm can be easily derived from the encryption algorithm.

Key Expansion:

21

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
The key-expansion routine expands the user's secret key K to fill the expanded key array S, so that S
resembles an array of t = 2(r+1) random binary words determined by K. The key expansion algorithm uses two
"magic constants" and consists of three simple algorithmic parts. The key-expansion algorithm uses two word-
size binary constants [Image] and [Image]. They are defined for arbitrary w as follows:
[Image] = Odd((e-2)[Image])
[Image] = Odd(([Image]-1)[Image]) where e = 2.718281828459... (Base of natural logarithms)
[Image] = 1.618033988749... (Golden ratio), and where Odd(x) is the odd integer nearest to x (rounded up
if x is an even integer, although this won't happen here).

The first algorithmic step of key expansion is to copy the secret key K[0...b-1] into an array L[0...c-1]
of c = [Image] words, where u=w/8 is the number of bytes/word. This operation is done in a natural manner,
using u consecutive key bytes of K to fill up each successive word in L, low-order byte to high-order byte. Any
unfilled byte positions of L are zeroed.
The second algorithmic step of key expansion is to initialize array S to a particular fixed (key-
independent) pseudo-random bit pattern, using an arithmetic progression modulo [Image] determined by the
"magic constants" [Image] and [Image]. Since [Image] is odd, the arithmetic progression has period [Image].
S[0] = [Image];
FOR i = 1 TO t-1 DO
S[i] = S[i-1] + [Image];
The third algorithmic step of key expansion is to mix in the user's secret key in three passes over the
arrays S and L. More precisely, due to the potentially different sizes of S and L, the larger array will be
processed three times, and the other may be handled more times.

BLOWFISH:

Introduction: An encryption algorithm plays an important role in securing the data in storing or transferring
it. The encryption algorithms are categorized into Symmetric (secret) and Asymmetric (public) keys
encryption.

In Symmetric key encryption or secret key encryption, only one key is used for both encryption and
decryption of data. Eg: Data encryption standard (DES), Triple DES, Advanced Encryption Standard(AES) &
Blowfish Encryption Algorithm. In asymmetric key encryption or public key encryption uses two keys, one for
encryption and other for decryption. Eg: RSA.

Blowfish Encryption Algorithm:

Blowfish was designed in 1993 by Bruce Scheier as a fast, alternative to existing encryption algorithms
such AES, DES and 3 DES etc. Blowfish is a symmetric block encryption algorithm designed in consideration
with,

 Fast: It encrypts data on large 32-bit microprocessors at a rate of 26 clock cycles per byte.
 Compact: It can run in less than 5K of memory.

 Simple: It uses addition, XOR, lookup table with 32-bit operands.

 Secure: The key length is variable, it can be in the range of 32~448 bits: default 128 bits key length.

22

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Description of Algorithm:

Blowfish symmetric block cipher algorithm encrypts block data of 64-bits at a time. It will follow the
feistel network and this algorithm is divided into two parts.

 Key-expansion
 Data Encryption

Key-expansion: It will convert a key of at most 448 bits into several sub key arrays totaling 4168
bytes. Blowfish uses large number of sub keys. These keys are generating earlier to any data encryption or
decryption. The p-array consists of 18, 32-bit sub keys:

P1,P2,………….,P18
Four 32-bit S-Boxes consist of 256 entries each:
S1,0, S1,1,………. S1,255
S2,0, S2,1,……….. S2,255
S3,0, S3,1,……….. S3,255
S4,0, S4,1,..............S4,255
Generating the Sub keys: The sub keys are calculated using the Blowfish algorithm:

1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This string consists of
the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88, P2 = 0x85a308d3, P3 = 0x13198a2e,
P4 = 0x03707344, etc.
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and so on for all
bits of the key (possibly up to P14). Repeatedly cycle through the key bits until the entire P-array has
been XORed with key bits. (For every short key, there is at least one equivalent longer key; for
example, if A is a 64-bit key, then AA, AAA, etc., are equivalent keys.)

3. Encrypt the all-zero string with the Blowfish algorithm, using the sub keys described in steps (1) and
(2).

4. Replace P1 and P2 with the output of step (3).

5. Encrypt the output of step (3) using the Blowfish algorithm with the modified sub keys.

6. Replace P3 and P4 with the output of step (5).

7. Continue the process, replacing all entries of the P array, and then all four S-boxes in order, with the
output of the continuously changing Blowfish algorithm.

In total, 521 iterations are required to generate all required sub keys.

Data Encryption: It is having a function to iterate 16 times of network. Each round consists of key-
dependent permutation and a key and data-dependent substitution. All operations are XORs and additions on
32-bit words. The only additional operations are four indexed array data lookup tables for each round.

23

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 1.7 Blowfish Encryption

QUESTIONS

UNIT-I

SECTION – A

1. What is Active attack?

2. What is Passive attack?
3. What are the two types of attacks in network?
4. Define Masquerade.
5. Define replay.
6. What is Blowfish?
7. Define Authentication.
8. Define Confidentiality.
9. Define Integrity.
10. Expand IDEA.

SECTION –B

1. Explain the following attacks with suitable examples. i)Masquarade ii)Denail of Service
2. Explain the following attacks with suitable examples. i)Replay attacks ii) Traffic Analysis
3. What is Network attack? Explain its types of attacks.
4. Write a short notes on Active attack.
5. Write a short notes on Passive attack.
6. Discuss about Block Cipher & Stream Cipher.
7. Differentiate between Block Cipher & Stream Cipher.
24

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
8. Explain the concept of Security Service.
9. Write a short notes on Blowfish algorithm.
10. Give a short account of Security Mechanisms.

SECTION –C

1. Discuss in detail about the various attacks performed in network.

2. Give a detail account of Active & Passive attacks.
3. Write about the RC5 algorithm in detail.
4. Explain in detail about DES Algorithm.
5. Write in detail about the IDEA Algorithm with an example.
6. Give a detail account of Triple DES algorithm with example.
7. Discuss in detail about AES algorithm.
8. Write about the Symmetric & Asymmetric Key with an example.
9. Give a detail study of Network Cryptography.
10. Discuss in detail about the Block Cipher & Stream Cipher.

UNIT II
Public-key Cryptosystem: Introduction to Number Theory - RSA Algorithm – Key Management -
Diffie-Hell man Key exchange – Elliptic Curve Cryptography Message Authentication and Hash functions –
Hash and Mac Algorithm – Digital Signatures and Authentication Protocol.

RSA ALGORITHM:
The pioneering paper by Diffie and Hellman introduced a new approach to cryptography and, in effect,
challenged cryptologists to come up with a cryptographic algorithm that met the requirements for public-key
systems. A number of algorithms have been proposed for public-key cryptography. Some of these, though
initially promising, turned out to be breakable.One of the first successful responses to the challenge was develo
ped in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT and first published in 1978. The Rivest-
Shamir-Adleman (RSA) schemehas since that time reigned supreme as the most widely accepted and
implemented general-purpose approach to public-key encryption.
The RSA scheme is a block cipher in which the plaintext and cipher text are
integers between 0 and n - 1 forsome n. A typical size for n is 1024 bits, or 309 dec- imal digits. That
is, n is less than 21024. We examine RSA in this section in some detail, beginning with an explanation of the
algorithm. Then we examine some of the computational and crypt analytical implications of RSA.
RSA makes use ofan expression withexponentials. Plaintext is encrypted in blocks, with each blockhav
ing a binary value less than some number n. That is, the block size must be less than or equal to log2(n)+ 1; in
practice, the block size is i bits, where 2i 6 n £ 2i+1. Encryption and decryption are of the following form, for
some plaintext block M and cipher text block C.
C = Me mod n

M = Cd mod n = 1Me d mod n = Med mod n

25

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Both sender and receiver must know the value of n. The sender knows the value of e, and only the
receiver knows the value of d. Thus, this is a public
key encryption algorithm with a public key of PU ={e, n} and a private key of PR = {d, n}. For this algorithm
to be satisfactory for public-key encryption, the following requirements must be met.
1. It is possible to find values of e, d, n such that Med mod n = M for all M < n.
2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n.
3. It is infeasible to determine d given e and n.
For now, we focus on the first requirement and consider the other questions later. We need to find a
relationship of the form Med mod n = M
The preceding relationship holds if e and d are multiplicative inverses modulo ϕ(n), where ϕ(n) is
the Euler totient function. p, q prime, ϕ (pq) = (p - 1)(q - 1). The relationship between e and d can be expressed
as ed mod ϕ(n) = 1. This is equivalent to saying

That is, e and d are multiplicative inverses mod ϕ(n). Note that, according to the rules of modular
arithmetic, this is true only if d (and therefore e) is relatively prime to ϕ(n). Equivalently, gcd(ϕ(n), d) = 1.
We are now ready to state the RSA scheme. The ingredients are the following:
p, q, two prime numbers (private, chosen)
n = pq (public, calculated)
e, with gcd(ϕ(n), e) = 1; 1 < e < ϕ(n) (public, chosen)
d K e-1 (mod ϕ(n)) (private, calculated)
The private key consists of {d, n} and the public key consists of {e, n}. Suppose that user A has
published its public key and that user B wishes to send the message M to A. Then B
calculates C = Me mod n and transmits C. On receipt of this cipher- text, user A decrypts by
calculating M = Cd mod n.
For this example, the keys were generated as follows.
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 ´ 11 = 187.
3. Calculate ϕ(n) = (p - 1)(q - 1) = 16 ´ 10 = 160.
4. Select e such that e is relatively prime to ϕ(n) = 160 and less than f(n); we choose e = 7
5. Determine d such that de K 1 (mod 160) and d < 160. The correct value is d = 23,
because 23 ´ 7 = 161 =(1 ´ 160) + 1; d can be calculated using the extended
Euclid’s algorithm (Chapter 4).
The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}. The example shows the
use ofthese keys for a plaintext input of M = 88. For encryption, we need to calculate C = 887 mod 187.
Exploiting the properties of modular arithmetic, we can do this as follows.
887 mod 187 = [(884 mod 187) ´ (882 mod 187) ´ (881 mod 187)] mod 187
881 mod 187 = 88
882 mod 187 = 7744 mod 187 = 77
884 mod 187 = 59,969,536 mod 187 = 132
887 mod 187 = (88 ´ 77 ´ 132) mod 187 = 894,432 mod 187 = 11

26

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 1.3 RSA Algorithm

For decryption, we calculate M = 1123 mod 187:

1123 mod 187 = [(111 mod 187) ´ (112 mod 187) ´ (114 mod 187)
´ (118 mod 187) ´ (118 mod 187)] mod 187
111 mod 187 = 11
112 mod 187 = 121
114 mod 187 = 14,641 mod 187 = 55
118 mod 187 = 214,358,881 mod 187 = 33
1123 mod 187 = (11 ´ 121 ´ 55 ´ 33 ´ 33) mod 187 = 79,720,245 mod 187 = 88
We now look at an example from, which shows the use of RSA to process multiple blocks of
data. In this simple example, the plaintext is an alphanumeric string. Each plaintext symbol is assigned
a unique code of two decimal digits (e.g., a = 00, A = 26).6 A plaintext block consists of four decimal
27

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
digits, or two alphanumeric characters. Figure 1.3 illustrates the sequence of events for the
encryption of multiple blocks, and Figure 1.3 gives a specific example. The circled numbers indicate
the order in which operations are performed.

KEY MANAGEMENT:
Distribution of Public Keys:
Several techniques have been proposed for the distribution of public keys. Virtually all of these
proposals can be grouped into the following general schemes:
A) Public announcement
B) Publicly available directory
C) Public-key authority
D) Public-key certificates Cryptography and Network Security

Thus, if there is some broadly accepted public-key algorithm, such as RSA, any articipant can send his
or her public key to any other participant or broadcast the key to the community at large. Although this
approach is convenient, it has a major weakness. Anyone can forge such a public announcement.

Such a scheme would include the following elements:

Public-Key Authority:
Stronger security for public-key distribution can be achieved by providing tighter control over the
distribution of public keys from the directory. As before, the scenario assumes that a central authority
maintains a dynamic directory of public keys of all participants. In addition, each participant reliably knows a
public key for the authority, with only the authority knowing the corresponding private key. However this isn’t
perfect as the public-key authority could be somewhat of a bottleneck in the system. The reason for this is that
a user must appeal to the authority for a public key for every other user that it wishes to contact. Also the
directory of names and public keys maintained by the authority is vulnerable to tampering Public-Key
Certificates. An alternative approach to the above is the use of certificates that can be used by participants to
exchange keys without contacting a public-key authority. Each certificate, containing a public key and other
information, is created by a certificate authority and is given to the participant with the matching private key. A
participant conveys its key information to another by transmitting its certificate.

DIFFIE- HELLMAN KEY EXCHANGE:

The fastest encryption schemes are symmetric encryption schemes. In order to use these, the two
communicators (Alice & Bob) would have to meet in a secure location. BUT, this sort of defeats the purpose,
because their whole goal is to communicate when securely when they aren't in the same place. A modern day
example of why it would be useful to exchange a key without meeting deals with an online purchase. You are
making the purchase online so that you DON'T have to go to the store to meet with the vendor. So, you don't
really want to go to the store to just exchange a secret key either. You want to be able to do that from the
comfort of your own home.

The first solution to this problem was the Diffie-Hellman Key Exchange. What's interesting about this
algorithm is that neither user actually gets to choose the key. But, at the end of the algorithm, both users have
calculated the same key, which is not easy for an eavesdropper to calculate.

In order to understand why the Diffie-Hellman Key Exchange is difficult, it is important to understand
the Discrete Log Problem.

28

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Discrete Log Problem

The (discrete) exponentiation problem is as follows: Given a base a, an exponent b and a modulus p,
calculate c such that ab ≡ c (mod p) and 0 ≤ c < p.

It turns out that this problem is fairly easy and can be calculated "quickly" using fast-exponentiation.

The discrete log problem is the inverse problem:

Given a base a, a result c (0 ≤ c < p) and a modulus p, calculate the exponent b such that

ab ≡ c (mod p).

It turns out that no one has found a quick way to solve this problem. To get an intuition as to why this is
the case, try picking different values of a and p, and listing out each successive power of a mod p. What you
will find is that there is no discernable pattern for the list of numbers created. Thus, given a number on the list,
it's very difficult to predict where it appears on the list.

Here's a concrete example:

Given a = 2, b = 7 and p = 37, calculate c: 27 = 128, and 128 ≡ 17 (mod 37)

Given a = 2, c = 17, and p = 37, calculate b: Try each value of b until you find one that works! (For
large prime numbers, this is too slow.)

Alice and Bob agree on two values: a large prime number p, and a generator g, 1 < g < p. (It's better if g
is an actual generator, meaning that when you raise it to the 1st, 2nd, 3rd, …, p-1 powers, you get all different
answers.)

These values are known to everyone.

In secret, Alice picks a value a, with 1 < a < p.

In secret, Bob picks a value b, with 1 < b < p.

Alice calculates ga (mod p), call this f(a) and sends it to Bob.

Bob calculates gb (mod p), call this f(b) and sends it to Alice.

Note that f(a) and f(b) are also known by everyone.

In secret, Alice computes f(b)a (mod p) – this is the exchanged key.

In secret, Bob computes f(a)b (mod p) – this is again, the exchanged key.

Why does this work?

f(b)a ≡ (gb)a ≡ gab (mod p). Similarly,

29

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
f(a)b ≡ (ga)b ≡ gab (mod p).

Here's a concrete example:

Let p = 37 and g = 13.

Let Alice pick a = 10. Alice calculates 1310 (mod 37) which is 4 and sends that to Bob.

Let Bob pick b = 7. Bob calculates 137 (mod 27) which is 32 and sends that to Alice.

(Note: 6 and 7 are secret to Alice and Bob, respectively, but both 4 and 32 are known by all.)

Alice receives 32 and calculates 3210 (mod 37) which is 30, the secret key.

Bob receives 4 and calculates 47 (mod 37) which is 30, the same secret key.
Note that neither Alice nor Bob chose 30, but that they ended up with that secret key anyway. Furthermore,
note that even with knowing p = 37, g = 13, f(a) = 4 and f(b) = 32, it is difficult to ascertain the secret key, 30
without doing a brute force check.

In particular, if the discrete log problem were easy, this scheme could be broken. Consider the
following: If an adversary saw that f(a) = 4, p = 37 and g = 13 and could solve the discrete log problem, then
they could calculate that 1310 ≡ 4 (mod 37). Once they had this value, 10, then they could take f(b) = 32 and
then calculate 3210 (mod 37) to arrive at 30.

Thus, the Diffie-Hellman Key Exchange is only as secure as the Discrete Log problem.

ELLIPTIC CURVE CRYPTOGRAPHY:

The addition operation in ECC is the counterpart of modular multiplication in RSA, and
multiple addition is the counterpart of modular exponentiation. To form a cryptographic system
using elliptic curves, we need to find a “hard problem” corre- sponding to factoring the product of
two primes or taking the discrete logarithm. Consider the equation Q = kP where Q, P Î EP(a, b) and
k < p. It is relatively easy to calculate Q given k and P, but it is relatively hard to determine k given
Q and P. This is called the discrete logarithm problem for elliptic curves.
Consider the group E23(9,17). This is the group defined by the equation y2 mod 23 = (x3 +
9x + 17) mod 23. What is the discrete logarithm k of Q = (4, 5) to the base P = (16, 5)? The brute-
force method is to compute multiples of P until Q is found. Thus,
P = (16, 5); 2P = (20, 20); 3P = (14, 14); 4P = (19, 20); 5P = (13, 10);
6P = 17, 32; 7P = 18, 72; 8P = (12, 17); 9P = (4, 5)
Because 9P = (4, 5) = Q, the discrete logarithm Q = (4, 5) to the base P = (16, 5) is k = 9.
In a real application, k would be so large as to make the brute- force approach infeasible.
In the remainder of this section, we show two approaches to ECC that give the flavor of this
technique.
Key exchange using elliptic curves can be done in the following manner. First pick a large
integer q, which is either a prime number p or an integer of the form 2m, and elliptic curve
parameters a and b for Equation (10.5) or Equation (10.7). This defines the elliptic group of points
Eq(a, b). Next, pick a base point G = (x1, y1) in Ep(a, b) whose order is a very large value n. The
30

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
order n of a point G on an elliptic curve is the smallest positive integer n such that nG = 0 and G are
parameters of the cryptosystem known to all participants.
A key exchange between users A and B can be accomplished as follows
1.A selects an integer nA less than n. This is A’s private key. A then generates a public key PA = nA
* G; the public key is a point in Eq(a, b).
2.B similarly selects a private key nB and computes a public key PB.
3.A generates the secret key k = nA * PB. B generates the secret key k = nB * PA.
The two calculations in step 3 produce the same result because
nA * PB = nA * (nB * G) = nB * (nA * G) = nB * PA
To break this scheme, an attacker would need to be able to compute k given G and kG, which
is assumed to be hard. As an example,6 take p = 211; Ep(0, - 4), which is equivalent to the curve
y2 = x3 - 4; and G = (2, 2). One can calculate that 240G = O. A’s private key is nA = 121, so
A’s public key is PA = 121(2, 2) = (115, 48). B’s private key is nB = 203, so B’s public key is
203(2, 3) = (130, 203). The shared secret key is 121(130, 203) = 203(115, 48) = (161, 69).
Note that the secret key is a pair of numbers. If this key is to be used as a session key for
conventional encryption, then a single number must be generated. We could simply use the x
coordinates or some simple function of the x coordinate.
Several approaches to encryption/decryption using elliptic curves have been analyzed in the
literature. In this subsection, we look at perhaps the simplest. The first task in this system is to
encode the plaintext message m to be sent as an x–y point Pm. It is the point Pm that will be
encrypted as a cipher text and subsequently decrypted. Note that we cannot simply encode the
message as the x or y coordinate of a point, because not all such coordinates are in Eq(a, b).
Again, there are several approaches to this encoding, which we will not address here, but
suffice it to say that there are relatively straightforward techniques that can be used.
As with the key exchange system, an encryption/decryption system requires a point G and an
elliptic group Eq(a, b) as parameters. Each user A selects a private key nA and generates a public
key PA = nA * G.
To encrypt and send a message Pm to B, A chooses a random positive integer k
and produces the cipher text Cm consisting of the pair of points:
Cm = {kG, Pm + kPB}
Note that A has used B’s public key PB. To decrypt the cipher text, B multiplies the first point in the
pair by B’s secret key and subtracts the result from the second point:
Pm + kPB - nB(kG) = Pm + k(nBG) - nB(kG) = Pm

31

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 2.1 ECC Diffie-Hellman Key Exchange

A has masked the message Pm by adding kPB to it. Nobody but A knows the value of k, so
even though Pb is a public key, nobody can remove the mask kPB. However, A also includes a
“clue,” which is enough to remove the mask if one knows the private key nB. For an attacker to
recover the message, the attacker would have to compute k given G and kG, which is assumed to be
hard.
As an example of the encryption process (taken from [KOBL94]), take p = 751; Ep(-1,
188) , which is equivalent to the curve y2 = x3 - x + 188; and G = (0, 376). Suppose that A wishes
to send a message to B that is encoded in the elliptic point Pm = (562, 201) and that A selects the
random number k = 386. B’s public key is PB = (201, 5). We have 386(0, 376) = (676, 558), and
(562, 201) + 386(201, 5) = (385, 328). Thus, A sends the cipher text {(676, 558), (385, 328)}.

The security of ECC depends on how difficult it is to determine k given kP and P. This is
referred to as the elliptic curve logarithm problem. The fastest known technique for taking the elliptic
curve logarithm is known as the Pollard rho method. Table 10.3 compares various algorithms by
32

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
showing comparable key sizes in terms of computational effort for cryptanalysis. As can be seen, a
considerably smaller key size can be used for ECC compared to RSA. Furthermore, for equal key
lengths, the computational effort required for ECC and RSA is comparable [JURI97]. Thus, there is a
computational advantage to using ECC with a shorter key length than a comparably secure RSA.

Data Integrity and Message Authentication

It was mentioned earlier in this chapter that integrity and protection security services are needed to
protect against active attacks, such as falsification of data and transaction. Protection against such attacks is
known as message authentication.

Def. Message Authentication – A message, file, document, or other collection of data is said to be
authentic when it is genuine and came from its alleged source. Message authentication is a procedure that
allows communicating parties to verify that received messages are authentic.

The two important aspects are to verify that the contents of the message have not been altered and that the
source is authentic sometimes, we need to verify a message’s timelines (i.e., it has not been purposely delayed
and replayed) and sequence relative to other messages following between two parties. There are two
approaches to message authentication:

A. Authentication with Conventional Encryption – If we assume that only the sender and receiver share a
key, then only the genuine sender would be able to encrypt a message. Furthermore, if the message
includes an error-detection code and a sequence number, the receiver is assumed that no alterations
have been made and that sequencing is proper. If the message also includes a timestamp, the receiver
is assumed that the message has not been delayed beyond that normally expected for network transit.
B. Message Authentication without Encryption – There are a number of application in which the same
message is broadcast to a number of destinations. It is much cheaper and faster to broadcast in
plaintext with an associated authentication tag. Another example would be on-line download of a
computer program in plaintext, but in a way that assumes its authentication. In this case, if a message
authentication tag were attached to the program, it could be checked whenever assurance is required of
the integrity of the program. In all of these cases, an authentication tag is generated and appended to
each message for transmission. The message itself is not encrypted and can be need at the destination
independent of the authentication function.

Message Authentication Code (MAC)

One technique involves the use of a recent key to generate a small block of data, known as a message
authentication code (MAC), that is appended to the message. In this technique, the two communicating parties,
Alice and Bob, share a common recent key KAB. Alice calculates the MAC as a function of the message and the
key:
MACM=f(KAB,M)
The message plus this MAC code are transmitted to the intended recipient. The recipient performs the same
calculation on the received message, using the same recent key, to generate a new MAC code. The received
MAC code is compared to the calculated code. If they match, then
a) The receiver is assured that the message has not been altered.
b) The receiver is assured that the message is from the alleged sender.
c) if the message includes a sequence number, then the receiver can be assured of the proper sequence.
33

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
M
essage
K

MA
C
Tr
ansmit
algo
rithm

K C
ompare

MA M
C AC

algo
K
rithm Fig 2.3 Message Authentication Using a Message Authentication Code(MAC)

Note 1 – A number of algorithms could be used to generate the MAC code. The NIST, in its publication
entitled DES Modes of Operation, recommends the use of Data Encryption Algorithms (DEA). This algorithm
is used to generate an encrypted version of the message, and only the last numbers of lists of cipher text are
used as the MAC code. A 16-bit or 32-bit code is typical.
Note 2 – The process just described is similar to encryption. One difference is that the authentication
algorithms need not be reversible, as it must for decryption.
Note 3 – The message authentication code is also known as data authentication code (DAC).
One-Way Hash Function: A variation on the MAC code is the one-way hash function. A one-way hash
function has many names: compression function, contraction function, message digest, fingerprint,
cryptographic checksum, message integrity check (MIC), and modification detection code (MDC). It is central
to modern cryptography.
As with the message authentication code, a hash function accepts a variable -size message M as input
and produces a fixed-size message digest H(M) as output. Unlike the MAC, a hash function does not need a
secret key as input. In other words, the one-way hash function is a non-key message digest. To authenticate the
message, the message digest is sent with the message in such a way that the message digest is authentic.

Note 4 – A simple hash function would be a function that takes the input message and returns some bytes
consisting of the XOR of all the input bytes.
essage

ssage

ssage

H
Me

Me

Co
34 mpare
H K K

E
Downloaded by K0102 Benitta Ananthi ([email protected]) D
 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

(a) Using conventional encryption

sage

sage

sage
H
Mes

Mes

Mes
Co
mpare
H Kpri Kp
vate ublic

E D

(b) Using conventional encryption

essage

essage

essage

H
M

Co
H mpare

(c) Using secret value

Figure 2.4 Message Authentications Using a One-Way Function

(a) A message digest can be encrypted using conventional encryption.

(b) The message also can be encrypted using public-key. This has two advantages:
(1) it provides a digital signature
(2) it does not require the distribution of keys to communicating parties.
(c) We can use a hash function but no encryption for message authentication, as shown in
Fig.2.4(c). this technique assumes that two communicating parties, Alice and Bob, share a common
secret value SAB When Alice has a message to send to Bob, she calculates the hash function over the
concatenation of the secret value and the message as:
MDM=H(SAB||M)
Where || denotes concatenation. Alice then sends [M||MD M] to Bob. Because Bob possesses S AB, he can
recomputed H(SAB||M) and verify MDM . Because the secret value itself is not sent, it is not possible for

35

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
an opponent, Oscar, to modify an intercepted message. As long as the secret value S AB remains secret, it
is not possible for an opponent to generate a false message.
Note 5 – A variation of the above technique called HMAC, is adopted for IP security protocol.
This is a strong collision resistance property.

Def. – Hash Function – A hash family is a four-tuple (X, Y, K, H), where the following conditions are
satisfied:
1) X is a set of possible messages.
2) Y is a finite set of possible message digests or authentication tags.
3) K, the key space, is a finite set of possible keys.
4) For each kK, there exists a hash function hk H, such that for each hk: X→Y.
Note 6 – The hash function takes a variable-length input string, called a pre-image, and produces a fixed-length
(generally smaller) output string, called a hash value.
Note 7 – To be useful for message authentication, a hash function H must have the following properties:
1) H can be applied to any size of data.
2) H must produce a fixed-length output.
3) H(x) should be relatively easy to compute for any given x, making both hardware and software
implementation practical.
4) For any given code h, it should be computationally infeasible to find x such that H(x)=h. this is the
“one-way” property.
5) For any given block x, it should be computationally infeasible to find xy with H(y)=H(x). This
property is called a weak collision resistance.
6) It should be computationally infeasible to find any pair (x,y) such that H(x)=H(y).
Note 8 – The fourth property listed above is the “one-way” property. That is , it should be virtually impossible
to generate a message given a hash value code.
Note 9 – A hash function that satisfies the first five properties in the preceding list is referred to as a weak hash
function. If the sixth property is also satisfied, then it is referred to as a strong hash function. The sixth
property protects against a sophisticated class of attack known as the birthday attach.
Note 10 – in addition to providing authentication, a message digest also provides data integrity. If performs the
same function as a frame check sequence.

Message Authentication Code (MAC)

MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For
establishing MAC process, the sender and receiver share a symmetric key K. Essentially, a MAC is an
encrypted checksum generated on the underlying message that is sent along with a message to ensure message
authentication.

The process of using MAC for authentication is depicted in the following illustration −

36

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 2.4

Let us now try to understand the entire process in detail −

 The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and
produces a MAC value.
 Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The
major difference between hash and MAC is that MAC uses secret key during the compression.

 The sender forwards the message along with the MAC. Here, we assume that the message is sent in the
clear, as we are concerned of providing message origin authentication, not confidentiality. If
confidentiality is required then the message needs encryption.

 On receipt of the message and the MAC, the receiver feeds the received message and the shared secret
key K into the MAC algorithm and re-computes the MAC value.

 The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If
they match, then the receiver accepts the message and assures himself that the message has been sent
by the intended sender.

 If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine
whether it is the message that has been altered or it is the origin that has been falsified. As a bottom-
line, a receiver safely assumes that the message is not the genuine.

Limitations of MAC

There are two major limitations of MAC, both due to its symmetric nature of operation −

 Establishment of Shared Secret.

o It can provide message authentication among pre-decided legitimate users who have shared key.

o This requires establishment of shared secret prior to use of MAC.

37

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
 Inability to Provide Non-Repudiation

o Non-repudiation is the assurance that a message originator cannot deny any previously sent
messages and commitments or actions.

o MAC technique does not provide a non-repudiation service. If the sender and receiver get
involved in a dispute over message origination, MACs cannot provide a proof that a message
was indeed sent by the sender.

o Though no third party can compute the MAC, still sender could deny having sent the message
and claim that the receiver forged it, as it is impossible to determine which of the two parties
computed the MAC.

Both these limitations can be overcome by using the public key based digital signatures discussed in
following section.

DIGITAL SIGNATURES

Digital signatures allow us to verify the author, date and time of signatures, authenticate the message
contents. It also includes authentication function for additional capabilities.

Figure 2.5

A digital signature should not only be tied to the signing user, but also to the message.

38

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Applications:

1. Authentication: Digital signatures help to authenticate the sources of messages. For example, if a
bank’s branch office sends a message to central office, requesting for change in balance of an account.
If the central office could not authenticate that message is sent from an authorized source, acting of
such request could be a grave mistake.

2. Integrity: Once the message is signed, any change in the message would invalidate the signature.

3. Non-repudiation: By this property, any entity that has signed some information cannot at a later time
deny having signed it.

QUESTIONS

UNIT-II

SECTION – A

1. What is a Public Key?

2. What is a Private Key?
3. Define Encryption.
4. Define Decryption.
5. What is Cipher Text?
6. What is Plain Text?
7. Expand MAC.
8. Expand ECC.
9. Expand RSA.
10. Who developed RSA Algorithm.

SECTION –B

1. Explain about Hash Functions.

2. Explain the concept of MAC.
3. What is RSA algorithm? How will you implement it in the network?
4. Write short notes on Elliptic Curve Cryptography.
5. Describe about the Diffie hellman key exchange.
6. State and explain the message authentication function.
7. Explain about the prime number concept.
8. Write short notes on key management.
9. State the Euler's theorem.
10. Write and explain about the digital signature algorithm.

SECTION –C

1. Give an overview of number theory in detail.

2. Describe the important aspects related to key management in public key cryptosystem.
3. Define Hash function and write about replacement for a hash in detail.
39

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
4. Discuss about the elliptic curve cryptography method in detail with an example.
5. Discuss about MAC & Hash function.
6. How will you implement the Mac algorithm to secure your message? Explain it.
7. Explain about Prime numbers in detail.
8. Give a brief notes on discrete logarithms with a neat example.
9. Write in detail about the function properties a digital signature.
10. What are the authentication protocols used for protection purpose? Explain it.

UNIT III
Network Security Practice: Authentication Applications – Kerberos – X.509 Authentication services and
Encryption Techniques. E-mail Security – PGP – S / MIME – IP Security.

AUTHENTICATION APPLICATIONS:

KERBEROS:

Kerberos provides a centralized authentication server whose function is to authenticate users to servers
and servers to users. Kerberos relies exclusively on conventional encryption, making no use of public-key
encryption. The following are the requirements for Kerberos:

Secure: A network eavesdropper should not be able to obtain the necessary information to impersonate a user.
More generally, Kerberos should be strong enough that a potential opponent does not find it to be the weak
link.

Reliable: For all services that rely on Kerberos for access control, lack of availability of the Kerberos service
means lack of availability of the supported services. Hence, Kerberos should be highly reliable and should
employ distributed server architecture, with one system able to back up another.

Transparent: Ideally, the user should not be aware that authentication is taking place, beyond the requirement
to enter a password.

Scalable: The system should be capable of supporting large numbers of clients and servers. This suggests a
modular, distributed architecture.

To support these requirements, the overall scheme of Kerberos is that of a trusted third-party
authentication service that uses a protocol based on that proposed by Needham and Schroeder. It is trusted in
the sense that clients and servers trust Kerberos to mediate their mutual authentication. Assuming the Kerberos
protocol is well designed, and then the authentication service is secure if the Kerberos server itself is secure.

A Simple Authentication Dialogue

40

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
In an unprotected network environment, any client can apply to any server for service. The obvious
security risk is that of impersonation. To counter this threat, servers must be able to confirm the identities of
clients who request service. But in an open environment, this places a substantial burden on each server. An
alternative is to use an authentication server (AS) that knows the passwords of all users and stores these in a
centralized database. In addition, the AS shares a unique secret key with each server. The simple authentication
dialogue is as follows:

A More Secure Authentication Dialogue

There are two major problems associated with the previous approach:

1. Plaintext transmission of the password.

2. Each time a user has to enter the password.

To solve these problems, we introduce a scheme for avoiding plaintext passwords, and anew server, known as
ticket granting server (TGS). The hypothetical scenario is as follows:

1. Once per user logon session

2. Once per type of service

X.509 AUTHENTICATION SERVICE:

ITU-T (International Telecommunication Union – Telecommunication Standardization Sector)

recommendation X.509 is a part of the X.500 series of recommendations that define a directory service. The
directory is a server or distributed set of servers that maintains a database of information about users. The
information includes a mapping from user name to network address, as well as other attributes and information
about the users.

X.509 defines a framework for the provision of authentication services by the X.500 directory to its
users. The directory may serve as a repository of public-key certificates. Each certificate contains the public
key of a user and is signed with the private key of a trusted certification authority. X.509 defines alternative
authentication protocols based on the use of public-key certificates.

X.509 is an important standard because the certificate structure and authentication protocols defined in
X.509 are used in variety of contexts (SSL, SET, etc.).

Certificates

The heart of X.509 scheme is the public-key certificate associated with each user. These user
certificates are assumed to be created by some trusted certificate authority (CA) and placed in the directory by
the CA or by the user. The directory itself is not responsible for the creation of public keys or for the
certification function; it merely provides an easily accessible location for users to obtain certificates.

 Version: Differentiates among successive versions of the certificate format: the default version is 1. If the
Issuer Unique Identifier or Subject Unique Identifier are present, the value must be version 2. If one or
more extensions are present, the version must be version 3.
 Serial number: An integer value, unique within the issuing CA, that is unambiguously associated with this
certificate
41

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
 Signature algorithm identifier: The algorithm used to sign the certificate, together with any associated
parameters. Because this information is repeated in the Signature field at the end of the certificate, this field
has little, if any, utility
 Issuer name: X.500 name of the CA that created and signed this certificate (about X.500 names see,
 Period of validity: Consists of two dates: the first and the last on which certificate is valid
 Subject name: The name of the user to whom this certificate refers. That is, this certificate certifies the
public key of the subject who holds the corresponding private key
 Subject’s public key information: The public key of the subject, plus an identifier of the algorithm for
which this key is to be used, together with any associated parameters
 Issuer unique identifier: An optional bit string field used to identify uniquely the issuing CA in the event
the X.500 name has been reused for different entities
 Subject unique identifier: An optional bit string used to identify uniquely the subject in the event the
X.500 name has been reused for different entities
 Extensions: A set of one or more extension fields. Extensions were added in version 3 and are discussed
later
 Signature: Covers all of the other fields of the certificate; it contains the hash code of the other fields,
encrypted with the CA’s private key. This field includes the signature algorithm identifier

Figure 3.1 X.509 Formats

Obtaining a User’s Certificate

User certificates generated by a CA have the following characteristics:

42

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
1 Any user with access to the public of the CA can verify the user public key that was encrypted
2 No party other than the CA can modify the certificate without this being detected

Because certificates are unforgeable, they can be placed in a directory without the need for the directory
to make special efforts to protect them.

If all users subscribe to the same CA, then there is a common trust of that CA. All user certificates can
be placed in the directory for access by all users. In addition, a user can transmit his certificate directly to other
users. In either case, once B is in possession of A’s certificate, B has confidence that message it encrypts with
A’s public key will be secure from eavesdropping and that messages signed with A’s private key are
unforgeable.

If there is a large community of users, it may not be practical for all users to subscribe to the same CA.
Because it is the CA that signs certificates, each participating user must have a copy of the CA’s own public
key to verify signatures. This public key must be provided to each user in an absolutely secure (with respect to
integrity and authenticity) way so that the user has confidence in the associated certificates. Thus, with many
users, it may be more practical for there to be a number of CAs, each of which securely provides its public key
to some fraction of the users.

Now suppose that A has obtained a certificate from certification authority X1 and B has obtained a
certificate from CA X2. If A does not securely know the public key of X2, then B’s certificate, issued by X2, is
useless to A. A can read B’s certificate, but A cannot verify the signature. However, if the two CAs have
securely exchanged their own public keys, the following procedure will enable A to obtain B’s public key:

1. A obtains from directory, the certificate of X2 signed by X1. Because A securely knows X1’s public
key, A can obtain X2’s public key from its certificate and verify it by means of X1’s signature on the
certificate
2. A then goes back to the directory and obtains the certificate of B signed by X2. Because A now has a
trusted copy of X2’s public key, A can verify the signature and securely obtain B’s public key

A has used a chain of certificates to obtain B’s public key. In the notation of X.509, this chain is
expressed as

X1<<X2>>X2<<B>>

In the same fashion, B can obtain A’s public key with the chain:

X2<<X1>>X1<<A>>

This scheme need not be limited to a chain of two certificates. An arbitrarily long path of CAs can be
followed to produce a chain. A chain with N elements would be expressed as

X1<<X2>>X2<<X3>>…XN<<B>>

In this case, each pair of CAs in the chain (Xi, Xi+1) must have created certificates for each other.

All these certificates of CAs by CAs need to appear in the directory, and the user needs to know how
they are linked to follow a path to another user’s public-key certificate. X.509 suggests that CAs is arranged in
43

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
a hierarchy so that navigation is straightforward.

Figure 3.1, taken from X.509, is an example of such a hierarchy. The connected circles indicate the
hierarchical relationship among the CAs; the associated boxes indicate certificates maintained in the directory
for each CA entry. The directory entry for each CA includes two types of certificates:

 Forward certificates: Certificates of X generated by other CAs

 Reverse certificates: Certificates generated by X that are the certificates of other CAs

In this example, user A can acquire the following certificates from the directory to establish a
certification path to B:

X<<W>> W<<V>> V<<Y>> Y<<Z>> Z<<B>>

When A has obtained these certificates, it can unwrap the certification path in sequence to recover a
trusted copy of B’s public key. Using this public key, A can send encrypted messages to B. If A wishes
to receive encrypted messages from B, or to sign messages sent to B, then B will require A’s public
key, which can be obtained from the following certification path:

Z<<Y>> Y<<V>> V<<W>> W<<X>> X<<A>>

B can obtain this set of certificates from the directory, or A can provide them as part of its initial
message to B.

44

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Obtaining a User’s Certificate (Cont 1)

Figure 3.2 X.509 CA Hierarchy: a Hypothetical Example

E-MAIL SECURITY:

Using e-mail across the Internet or other untrusted network imposes security risks on your system, even
though the system is under the protection of a firewall. E-mail is like other forms of communication. It is
important to use discretion before sending any confidential information through e-mail. Because your e-mail
travels through many systems before you receive it, it is possible for someone to intercept and read your e-
mail. Consequently, you might want to use security measures to protect the confidentiality of your e-mail.

Common e-mail security risks

These are some risks associated with using e-mail:

 Flooding (a type of denial of service attack) occurs when a system becomes overloaded with multiple e-
mail messages. It is relatively easy for an attacker to create a simple program that sends millions of e-mail
messages (including empty messages) to a single e-mail server to attempt to flood the server. Without the
correct security, the target server can experience a denial of service because the server's storage disk fills

45

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
with useless messages. The system can also stop responding because all system resources become involved
in processing the mail from the attack.
 Spamming (junk e-mail) is another type of attack common to e-mail. With increasing numbers of
businesses providing e-commerce over the Internet, there has been an explosion of unwanted or
unrequested for business related e-mail. This is the junk mail that is being sent to a wide distribution list of
e-mail users, filling the e-mail box of each user.

 Confidentiality is a risk associated with sending e-mail to another person through the Internet. This e-mail
passes through many systems before it reaches your intended recipient. If you have not encrypted your
message, a hacker can intercept and read your e-mail at any point along the delivery route.

E-mail security options

To guard against flooding and spamming risks, you must configure your e-mail server appropriately.
Most server applications provide methods for dealing with these types of attacks. Also, you can work with
your Internet Service Provider (ISP) to ensure that the ISP provides some additional protection from these
attacks.

What additional security measures you need depend on the level of confidentiality that you need, as
well as what security features your e-mail applications provide. For example, is keeping the contents of the e-
mail message confidential sufficient? Or do you want to keep all information associated with the e-mail, such
as the originating and target IP addresses, confidential?

Some applications have integrated security features that might provide the protection you need. Lotus
Notes® Domino®, for instance, provides several integrated security features including encryption capability for
an entire document or for individual fields in a document.

In order to encrypt mail, Lotus Notes Domino creates a unique public and private key for each user.
You use your private key to encrypt the message so that the message is readable to only those users that have
your public key. You must send your public key to the intended receivers of your note so that they can use it to
decipher your encrypted note. If someone sends you encrypted mail, Lotus Notes Domino uses the public key
of the sender to decipher the note for you.

KERBEROS:
Kerberos is an authentication protocol and a software suite implementing this protocol. Kerberos uses
symmetric cryptography to authenticate clients to services and vice versa. For example, Windows servers use
Kerberos as the primary authentication mechanism, working in conjunction with Active Directory to maintain
centralized user information. Other possible uses of Kerberos include allowing users to log into other machines
in a local-area network, authentication for web services, authenticating email client and servers, and
Authenticating the use of devices such as printers. Kerberos is a protocol for authenticating service requests
between trusted hosts across an untrusted network.

When using authentication based on cryptography, an attacker listening to the network gains no
information that would enable it to falsely claim another's identity. Kerberos is the most commonly used
example of this type of authentication technology.

Modern computer systems provide service to multiple users and require the ability to accurately
identify the user making a request. In traditional systems, the user's identity is verified by checking a password
46

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
typed during login; the system records the identity and uses it to determine what operations may be performed.
The process of verifying the user's identity is called authentication. Password based authentication is not
suitable for use on computer networks. Passwords sent across the network can be intercepted and subsequently
used by eavesdroppers to impersonate the user. While this vulnerability has been long known, it was recently
demonstrated on a major scale with the discovery of planted password collecting programs at critical points on
the Internet.

Authentication, Integrity, Confidentiality, and Authorization

Authentication is the verification of the identity of a party who generated some data, and of the
integrity of the data. A principal is the party whose identity is verified. The verifier is the party who demands
assurance of the principal's identity. Data integrity is the assurance that the data received is the same as
generated. Authentication mechanisms differ in the assurances they provide: some indicate that data was
generated by the principal at some point in the past, a few indicate that the principal was present when the data
was sent, and others indicate that the data received was freshly generated by the principal. Mechanisms also
differ in the number of verifiers: some support a single verifier per message, while others support multiple
verifiers. A third difference is whether the mechanism supports non-repudiation, the ability of the verifier to
prove to a third party that the message originated with the principal.

Because these differences affect performance, it is important to understand the requirements of an

application when choosing a method. For example, authentication for electronic mail may require support for
multiple recipients and non-repudiation, but can tolerate greater latency. In contrast, poor performance would
cause problems for authentication to a server responding to frequent queries.

Why Kerberos

The introduction discussed the problems associated with password based authentication and, in
particular, how passwords can be collected by eavesdropping. In addition to the security concern, password
based authentication is inconvenient; users do not want to enter a password each time they access a network
service. This has led to the use of even weaker authentication on computer networks: authentication by
assertion.

While more convenient for the user, authentication by assertion hardly qualifies as authentication at all.
Examples include the Berkeley R-command suite and the IDENT protocol. With authentication by assertion,
applications assert the identity of the user and the server believes it. Such authentication is easily thwarted by
modifying the application. This may require privileged access to the system, which is easily obtained on PCs
and personal workstations. While most uses of authentication by assertion require that a connection originate
from a ``trusted'' network address, on many networks, addresses are themselves simply assertions.

Stronger authentication methods base on cryptography are required. When using authentication based
on cryptography, an attacker listening to the network gains no information that would enable it to falsely claim
another's identity. Kerberos is the most commonly used example of this type of authentication technology.
Unfortunately, strong authentication technologies are not used as often as they should be, although the situation
is gradually improving.

47

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
The Kerberos Authentication Service

Kerberos is a distributed authentication service that allows a process (a client) running on behalf of a
principal (a user) to prove its identity to a verifier (an application server, or just server) without sending data
across the network that might allow an attacker or the verifier to subsequently impersonate the principal.
Kerberos optionally provides integrity and confidentiality for data sent between the client and server. As use of
Kerberos spread to other environments, changes were needed to support new policies and patterns of use. To
address these needs, design of Version 5 of Kerberos (V5) began in 1989 . Though V4 still runs at many sites,
V5 is considered to be standard Kerberos.

Limitations of Kerberos

Limitations of Kerberos have been described in the literature. Though most are a matter of preference
or apply to V4 and early drafts of V5, a few are fundamental and are discussed here. In particular, Kerberos is
not effective against password guessing attacks; if a user chooses a poor password, then an attacker guessing
that password can impersonate the user. Similarly, Kerberos requires a trusted path through which passwords
are entered. If the user enters a password to a program that has already been modified by an attacker (a Trojan
horse), or if the path between the user and the initial authentication program can be monitored, then an attacker
may obtain sufficient information to impersonate the user. Kerberos can be combined with other techniques, as
described later, to address these limitations.

To be useful, Kerberos must be integrated with other parts of the system. It does not protect all
messages sent between two computers; it only protects the messages from software that has been written or
modified to use it. While it may be used to exchange encryption keys when establishing link encryption and
network level security services, this would require changes to the network software of the hosts involved.

How Kerberos works

The Kerberos Authentication System uses a series of encrypted messages to prove to a verifier that a
client is running on behalf of a particular user. The Kerberos protocol is based in part on the Needham and
Schroeder authentication protocol, but with changes to support the needs of the environment for which it was
developed. Among these changes are the use of timestamps to reduce the number of messages needed for basic
authentication , the addition of a ``ticket-granting'' service to support subsequent authentication without re-
entry of a principal's password, and different approach to cross-realm authentication (authentication of a
principal registered with a different authentication server than the verifier).

Kerberos Encryption

Though conceptually, Kerberos authentication proves that a client is running on behalf of a particular
user, a more precise statement is that the client has knowledge of an encryption key that is known by only the
user and the authentication server. In Kerberos, the user's encryption key is derived from and should be thought
of as a password; we will refer to it as such in this article. Similarly, each application server shares an
encryption key with the authentication server; we will call this key the server key.

Encryption in the present implementation of Kerberos uses the data encryption standard (DES). It is a
property of DES that if cipher text (encrypted data) is decrypted with the same key used to encrypt it, the
plaintext (original data) appears. If different encryption keys are used for encryption and decryption, or if the
cipher text is modified, the result will be unintelligible, and the checksum in the Kerberos message will not
48

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
match the data. This combination of encryption and the checksum provides integrity and confidentiality for
encrypted Kerberos messages.

PRETTY GOOD PRIVACY (PGP)

PGP is a remarkable phenomenon. Largely the effort of a single person, Phil Zimmer- mann, PGP
provides a confidentiality and authentication service that can be used for electronic mail and file storage
applications. In essence what Zimmermann has done is the following:
1. Selected the best cryptographic mechanisms (algorithms) as building blocks.
2. Integrated these algorithms into a general purpose application that is independent of operating system and
processor and that is based on a small set of easy to use commands.
3. Made the package and its source code freely available via the Internet, bulletin boards, and commercial
networks such as America On Line (AOL).
4. Entered into an agreement with a company (Viacrypt, now Network Associates) to provide a fully
compatible low cost commercial version of PGP.
PGP consists of the following five services:
1. Authentication
2. Confidentiality
3. Compression
4. E-mail compatibility
5. Segmentation
It is preferable to sign an uncompressed message so it is free of the need for a compression algorithm for
later verification. Different version of PGP produces different compressed forms. Applying the hash function
and signature after compression would constrain all PGP implementation to the same version of the
compression algorithm. Message encryption is applied after compression to strengthen cryptographic security.
Because the compressed message has less redundancy than the original plaintext, cryptanalysis is more
difficult. The compression algorithm used is called ZIP which is described in the recommended text.
E-mail compatibility
Many electronic mail systems only permit the use of blocks consisting of ASCII text. When PGP is
used, at least part of the block to be transmitted is encrypted. This basically produces a sequence of arbitrary
binary words which some mail systems won’t accept. To accommodate this restriction PGP uses and algorithm
known as radix64 which maps 6 bits of a binary data into and 8 bit ASCII character.

S/MIME:

In terms of general functionality, S/MIME is very similar to PGP. Both offer the ability to sign and/or
encrypt messages. In this subsection, we briefly summarize S/MIME capability. We then look in more detail at
this capability by examining message formats and message preparation. S/MIME provides the following
functions:

Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for
one or more recipients.

Signed data: A digital signature is formed by taking the message digest of the content to be signed and then
encrypting that with the private key of the signer. The content plus signature are then encoded using base64
encoding. A signed data message can only be viewed by a recipient with S/MIME capability.

49

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Clear-signed data: As with signed data, a digital signature of the content is formed. However, in this case,
only the digital signature is encoded using base64. As a result, recipients without S/MIME capability can view
the message content, although they cannot verify the signature.

Signed and enveloped data: Signed-only and encrypted-only entities may be nested, so that encrypted data
may be signed and signed data or clear-signed data may be encrypted.

Cryptographic Algorithms:
1. Hash functions: SHA-1 & MD5

2. Digital signatures: DSS & RSA

3. Session key encryption: ElGamal & RSA

4. Message encryption: Triple-DES, RC2/40 and others

S/MIME Messages

S/MIME makes use of a number of new MIME content types. All of the new application types use the
designation PKCS. This refers to a set of public-key cryptography specifications issued by RSA Laboratories
and made available for the S/MIME effort.

IP- Security:

IP security refers to security mechanisms implemented at the IP (Internet Protocol) Layer to ensure
integrity, authentication and confidentiality of data during transmission in the open Internet environment.. The
primary objective of recent work in this area, mainly by members in the IETF IP Security (IPsec) working
group is to improve the robustness of the cryptographic key-based security mechanisms at IP layer for users
who request security. Basic Concepts:

Authentication: With certain security mechanism, two communicating parties know that the data at destination
is the same as when it's initially sent (data integrity) and that the sender is not impersonated by third party.(data
origin authentication).

Integrity: Considered to be data integrity part of authentication (see above definition). Data is not allowed to
be unmatched at source and at destination for two parties with certain security mechanism between them
established.

Confidentiality: With certain security mechanism (so-called encryption/decryption), data is protected during
transmission from third party 's knowing the content.

Security Association (SA): An agreement between two communication parties on knowing and using certain
combination of security mechanisms for data transmission between them. It's based on destination address and
a certain index, called Security Parameters Index (SPI).

How can IP Security be achieved?

Currently, There are two specific headers that can be attached to IP packet to achieve security. They are
the IP Authentication Header (AH) and the IP Encapsulating Security Payload (ESP) header.
50

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
If confidentiality is not required, the Authentication Header (AH) alone can provide security (in this
case, connectionless data integrity and data origin authentication) to IP datagram. The implementation can be
host-host, host-gateway or gateway-gateway. But only host-host implementation is encouraged. The reason is
that, in the case that security gateway provides security service for the trusted hosts behind the gateway, the
security attack can still arise when the trusted hosts become untrusted. In other words the security can be
violated for two communicating end user if the security (without confidentiality) does not cover completely the
communicating path, but instead stop at the gateway, even though SA is established. Certainly in any kind of
implementation, the untrusted systems (i.e., the systems that don't have the SA established) can't have the
ability to attack data authentication (always referring to both data integrity and data origin authentication).

The IP Encapsulating Security Payload (ESP) header provides integrity, authentication, and
confidentiality to IP datagram’s. It can provide a mix of optional security. ESP header can be applied alone, in
combination with the IP Authentication Header (AH), or in a nested way, e. g. by using Tunnel-mode. The
ESP header implementation can be host-host, host-gateway, or gateway-gateway. The ESP header is inserted
after the IP header and before a higher-level protocol header (Transport-mode) or the encapsulated IP header
(Tunnel-mode). Gateway-to-gateway ESP implementation, using encryption/decryption , is critical for building
Private Virtual Networks (PVN) across an untrusted backbone in an open environment such as the Internet.

IP Security Mechanisms

In this section we discuss the format of two IP layer security mechanisms, AH Header and ESP Header
and their implementation and usage.

Authentication Header (AH)

The IP AH header holds authentication information for its IP datagram. It achieves this by computing a
cryptographic authentication function over the IP datagram and using a secret authentication key in the
computation. The sender computes the authentication data, i.e., the Integrity Check Value, before it sends the
authenticated IP packet. Fragmentation occurs after the appending of AH Header to out coming packets and
before the stripping of AH Header for incoming packets. The receiver rematches the authentication data upon
reception. Certain fields which change along the path, such as the "TTL"(time to live) (IPv4: version 4) field or
"Hop Limit" (Ipv6: version 6) field, both decrementing on each hop, are omitted from the authentication
calculation.

The AH Header Format:

 Next Header. An 8-bit field that identifies the type of the payload after the AH header, with value
chosen from standard IP Protocol Numbers.

 Payload Length. An 8-bit field that specifies the length of AH header.

 Reserved. A 16-bit field reserved for future use. Now it's set to zero.

 Security Parameters Index (SPI). A 32-bit value field that identifies the Security Association (SA) for
this datagram, relative to the Destination IP Address contained in the IP header.

51

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
 Sequence Number. A32-bit field that contains a counter value (sequence number). Before cycle occurs,
the sender and receiver have to reset the sequence number. The receiver ignores this field if anti-replay
service is not requested.

 Authentication Data. An unfixed-length field that contains the Integrity Check Value (ICV) for this
packet. It may include padding as certain algorithms require the AH header size to be a multiple of a
block size. The ICV ignores those IP fields having a value unpredictable at reception. The ICV
computation is based on authentication algorithm specified by the SA.

QUESTIONS

UNIT-III SECTION – A

1. Define Authentication header.

2. Define Kerberos.
3. Define Network security.
4. Define Email security.
5. Expand ESP.
6. Expand MIME
7. Expand PGP.
8. Define Permutation.
9. Define Peer entity authentication.
10. Define Data origin authentication.

SECTION –B

1. Write short notes on network security.

2. Explain authentication application.
3. Write notes in Kerberos.
4. Explain the function area of IP security.
5. Discuss about S/MIME.
6. Explain overview of Kerberos.
7. Write the X.509 authentication service certificates.
8. What four requirements were defined for Kerberos?
9. Discuss about S/MIME functionality.
10. Discuss about S/MIME message.

SECTION –C

1. Describe the description of the various fields in X.509 digital certificate version 3.
2. Describe the description of the various fields in X.509 digital certificate version 1.
3. Describe the description of the various fields in X.509 digital certificate version 1 and version 2.
52

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
4. Discuss the benefits of IPSec.
5. Explain how the algorithm is supported by PGP.
6. Write about security protocols.
7. Write about the advantages and disadvantages of PGP.
8. Explain the application of IPSec.
9. Discuss about X.509 authentication procedure.
10. Explain S/MIME-secure multipurpose internet mail extension.

UNIT IV
Web Security - Secure Socket Layer – Secure Electronic Transaction. System Security - Intruders and Viruses
– Firewalls– Password Security.

WEB SECURITY:
The World Wide Web is fundamentally a client/server application running over the Internet
and TCP/IP intranets. As such, the security tools and approaches discussed so far in this book are
relevant to the issue of Web security. The Internet is two-way. Unlike traditional publishing environments
—even electronic publishing systems involving text, voice response, or fax-back— the Web is vulnerable to
attacks on the Web servers over the Internet.
The Web is increasingly serving as a highly visible outlet for corporate and product
information and as the platform for business transactions. Reputations can be damaged and money
can be lost if the Web servers are subverted. Although Web browsers are very easy to use, Web
servers are relatively easy to configure and manage, and Web content is increasingly easy to develop,
the underlying software is extraordinarily complex. This complex software may hide many potential
security flaws. The short history of the Web is filled with examples of new and upgraded systems,
properly installed, that are vulnerable to a variety of security attacks.
A Web server can be exploited as a launching pad into the corporation’s or agency’s entire
computer complex. Once the Web server is subverted, an attacker may be able to gain access to
data and systems not part of the Web itself but connected to the server at the local site. Casual and
untrained (in security matters) users are common clients for Web-based services. Such users are
not necessarily aware of the security risks that exist and do not have the tools or knowledge to take
effective counter measures.
Web Security Threats:
Table 16.1 provides a summary of the types of security threats faced when using the Web.
One way to group these threats is in terms of passive and active attacks. Passive attacks include
eavesdropping on network traffic between browser and server and gaining access to information on
a Web site that is supposed to be restricted. Active attacks include impersonating another user,
altering messages in transit between client and server, and altering information on a Web site.
Another way to classify Web security threats is in terms of the location of the threat: Web
server, Web browser, and network traffic between browser and server. Issues of server and browser
security fall into the category of computer system security; Part Four of this book addresses the issue
53

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
of system security in general but is also applicable to Web system security. Issues of traffic security
fall into the category of network security and are addressed in this chapter.
Web Traffic Security Approaches:
A number of approaches to providing Web security are possible. The various approaches
that have been considered are similar in the services they provide and, to some extent, in the
mechanisms that they use, but they differ with respect to their scope of applicability and their
relative location within the TCP/IP protocol stack. Figure 4.1 illustrates this difference. One way to
provide Web security is to use IP security (IPsec) (Figure 4.1a). The advantage of using IPsec is that
it is trans- parent to end users and applications and provides a general-purpose solution.
Furthermore, IPsec includes a filtering capability so that only selected traffic need incur the overhead
of IPsec processing.
Another relatively general-purpose solution is to implement security just above TCP (Figure 4.1b).

Table 4.1- A Comparison Threats on the Web

At this level, there are two implementation choices. For full generality, SSL (or TLS) could be
provided as part of the underlying protocol suite and therefore be transparent to applications.
Alternatively, SSL can be embedded in specific packages. For example, Netscape and Microsoft
Explorer browsers come equipped with SSL, and most Web servers have implemented the protocol.

54

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 4.1- Relative Location of Security Facilities in the TCP/IP Protocol Stack

SECURE SOCKET LAYER:

SSL stands for Secure Socket Layer. SSL was designed to permit web browsers and web servers to
exchange sensitive information and prevent programs that could view the network traffic from reading the
sensitive data.

The SSL protocol was developed by Netscape Communications in the 1990s. The company wanted to
encrypt data in transit between its flagship Netscape Navigator browser and Web servers on the Internet to
ensure that sensitive data, such as credit card numbers, were protected

The SSL goals are:

1. Confidentiality. The communication should be safe from eavesdropping.

2. Authentication of the Server. The client should be certain about the identity of the server.

3. Ubiquity, ease of use.

How SSL Works?

SSL uses a combination of public-key and symmetric-key encryption to secure a connection between
two machines, typically a Web or mail server and a client machine, communicating over the Internet or an
internal network. Using the OSI reference model as context, SSL runs above the TCP/IP protocol, which is
responsible for the transport and routing of data over a network, and below higher-level protocols such
as HTTP and IMAP, encrypting the data of network connections in the application layer of the Internet
Protocol suite. The “sockets” part of the term refers to the sockets method of passing data back and forth
between a client and a server program in a network, or between program layers in the same computer.

The four protocol layers of the SSL protocol (Record Layer, ChangeCipherSpec Protocol, Alert
Protocol, and Handshake Protocol) encapsulate all communication between the client machine and the server.

Record Layer

This protocol provides two services for SSL connections:

1. Confidentiality – using conventional encryption.

2. Message Integrity – using a Message Authentication Code (MAC).
55

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
In order to operate on data the protocol performs the following actions:

1. It takes an application message to be transmitted and fragments it into manageable blocks. These
blocks are 2 14 = 16, 384 bytes or less.

2. These blocks are then optionally compressed which must be lossless and may not increase the
content length by more than 1024 bytes.

3. A message authentication code is then computed over the compressed data using a shared secret key.
This is then appended to the compressed (or plaintext) block.

4. The compressed message plus MAC are then encrypted using symmetric encryption. Encryption may
not increase the content length by more than 1024 bytes, so that the total length may not exceed 2 14 + 2048. A
number of different encryption algorithms are permitted.

5. The final step is to prepend a header, consisting of the following fields:

 Content type (8 bits) – The higher layer protocol used to process the enclosed fragment.
 Major Version (8 bits) – Indicates major version of SSL in use. For SSLv3, the value is 3.

 Minor Version (8 bits) – Indicates minor version in use. For SSLv3, the value is 0.

 Compressed Length (16 bits) – The length in bytes of the compressed (or plaintext) fragment.

ChangeCipherSpec Layer

The ChangeCipherSpec layer is composed of one message that signals the beginning of secure
communications between the client and server. Though the ChangeCipherSpec Protocol uses the Record Layer
format, the actual ChangeCipherSpec message is only one byte long, and signals the change in
communications protocol by having a value of ‘1’.

Alert Protocol

This protocol sends errors, problems or warnings about the connection between the two parties. This
layer is formed with two fields: the Severity Level and Alert Description.

Severity Level

The Severity Level sends messages with a ‘1’ or ‘2’ value, depending on the level of concern. A
message with a value of ‘1’ is a cautionary or warning message, suggesting that the parties discontinue their
session and reconnect using a new handshake. A message with a value of ‘2’ is a fatal alert message, and
requires that the parties discontinue their session.

Alert Description

The Alert Description field indicates the specific error that caused the Alert Message to be sent from a
party. This field is one byte, mapped to one of twelve specific numbers, and can take on one of the following
meanings. Those descriptions that always follow a “fatal” alert message are underlined.
56

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Handshake Protocol

It messages passed back and forth between the users’s browser (client) and web application (server)
establish a handshake that begins a secure connection. This is the most complex part of SSL and allows the
server and client to authenticate each other and to negotiate an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent in an SSL record. This protocol is used before any
application data is sent. It consists of a series of messages exchanged by the client and server. Each message
has three fields:

i. Type (1 byte): Indicates one of 10 messages such as “hello request”.

ii. Length (3 bytes): The length of the message in bytes.

iii. Content (≥ 0 byte): The parameters associated with this message such version of SSL being used.

SECURE ELECTRONIC TRANSACTION:

Electronic commerce, as exemplified by the popularity of the Internet, is going to have an enormous
impact on the financial services industry. No financial institution will be left unaffected by the explosion of
electronic commerce. Even though SSL is extremely effective and widely accepted as the online payment
Standard, it requires the customer and merchant to trust each other: an undesirable requirement even in face-to-
face transactions, and across the Internet it admits unacceptable risks.
Overview of SET Protocol:
Secure payment systems are critical to the success of E-commerce. There are four essential security
requirements for safe electronic payments (Authentication, Encryption, Integrity and Non-repudiation).
Encryption is the key security schemes adopted for electronic payment systems, which is used in protocols like
SSL and SET.
Problem with SSL:
The SSL protocol, widely deployed today on the Internet, has helped create a basic level of security
sufficient for some hearty souls to begin conducting business over the Web. SSL is implemented in most major
Web browsers used by consumers, as well as in merchant server software, which supports the seller's virtual
storefront in cyberspace. Hundreds of millions of dollars are already changing hands when cybershoppers enter
their credit card numbers on Web pages secured with SSL technology. In this sense, SSL provides a secure
channel to between the consumer and the merchant for exchanging payment information. This means any data
sent through this channel is encrypted, so that no one other than these two parties will be able to read it. In
other words, SSL can give us confidential communications, it also introduces huge risks:

INTRUDERS:

One of the two most publicized threats to security is the intruder (the other is viruses), generally
referred to as a hacker or cracker. In an important early study of intrusion, Anderson [ANDE80] identified
three classes of intruders:

57

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
 Masquerader: An individual who is not authorized to use the computer and who penetrates a system's
access controls to exploit a legitimate user's account
 Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not
authorized, or who is authorized for such access but misuses his or her privileges

 Clandestine user: An individual who seizes supervisory control of the system and uses this control to
evade auditing and access controls or to suppress audit collection

The masquerader is likely to be an outsider; the misfeasor generally is an insider; and the clandestine
user can be either an outsider or an insider. Intruder attacks range from the benign to the serious. At the benign
end of the scale, there are many people who simply wish to explore internets and see what is out there. At the
serious end are individuals who are attempting to read privileged data, perform unauthorized modifications to
data, or disrupt the system.

In fact, the problem has not been brought under control. To cite one example, a group at Bell Labs
[BELL92, BELL93] has reported persistent and frequent attacks on its computer complex via the Internet over
an extended period and from a variety of sources. At the time of these reports, the Bell group was experiencing
the following:

 Attempts to copy the password file (discussed later) at a rate exceeding once every other day
 Suspicious remote procedure call (RPC) requests at a rate exceeding once per week

 Attempts to connect to nonexistent "bait" machines at least every two weeks

Benign intruders might be tolerable, although they do consume resources and may slow performance
for legitimate users. However, there is no way in advance to know whether an intruder will be benign or
malign. Consequently, even for systems with no particularly sensitive resources, there is a motivation to
control this problem.

An example that dramatically illustrates the threat occurred at Texas A&M University [SAFF93]. In
August 1992, the computer center there was notified that one of its machines was being used to attack
computers at another location via the Internet. By monitoring activity, the computer center personnel learned
that there were several outside intruders involved, who were running password-cracking routines on various
computers (the site consists of a total of 12,000 interconnected machines). The center disconnected affected
machines, plugged known security holes, and resumed normal operation. A few days later, one of the local
system managers detected that the intruder attack had resumed. It turned out that the attack was far more
sophisticated than had been originally believed. Files were found containing hundreds of captured passwords,
including some on major and supposedly secure servers. In addition, one local machine had been set up as a
hacker bulletin board, which the hackers used to contact each other and to discuss techniques and progress.

An analysis of this attack revealed that there were actually two levels of hackers. The high levels were
sophisticated users with a thorough knowledge of the technology; the low levels were the "foot soldiers" who
merely used the supplied cracking programs with little understanding of how they worked. This teamwork
combined the two most serious weapons in the intruder armory: sophisticated knowledge of how to intrude and
a willingness to spend countless hours "turning doorknobs" to probe for weaknesses.

58

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Intrusion Techniques

The objective of the intruder is to gain access to a system or to increase the range of privileges
accessible on a system. Generally, this requires the intruder to acquire information that should have been
protected. In some cases, this information is in the form of a user password. With knowledge of some other
user's password, an intruder can log in to a system and exercise all the privileges accorded to the legitimate
user.

Typically, a system must maintain a file that associates a password with each authorized user. If such a
file is stored with no protection, then it is an easy matter to gain access to it and learn passwords. The password
file can be protected in one of two ways:

 One-way function: The system stores only the value of a function based on the user's password. When
the user presents a password, the system transforms that password and compares it with the stored
value. In practice, the system usually performs a one-way transformation (not reversible) in which the
password is used to generate a key for the one-way function and in which a fixed-length output is
produced.

 Access control: Access to the password file is limited to one or a very few accounts.

If one or both of these countermeasures are in place, some effort is needed for a potential intruder to
learn passwords. On the basis of a survey of the literature and interviews with a number of password crackers,
[ALVA90] reports the following techniques for learning passwords:

1. Try default passwords used with standard accounts that are shipped with the system. Many
administrators do not bother to change these defaults.
2. Exhaustively try all short passwords (those of one to three characters).

3. Try words in the system's online dictionary or a list of likely passwords. Examples of the latter are
readily available on hacker bulletin boards.

4. Collect information about users, such as their full names, the names of their spouse and children,
pictures in their office, and books in their office that are related to hobbies.

5. Try users' phone numbers, Social Security numbers, and room numbers.

6. Try all legitimate license plate numbers for this state.

7. Use a Trojan horse (described in Section 18.2) to bypass restrictions on access.

8. Tap the line between a remote user and the host system.

The first six methods are various ways of guessing a password. If an intruder has to verify the guess by
attempting to log in, it is a tedious and easily countered means of attack. For example, a system can simply
reject any login after three password attempts, thus requiring the intruder to reconnect to the host to try again.
Under these circumstances, it is not practical to try more than a handful of passwords. However, the intruder is
unlikely to try such crude methods. For example, if an intruder can gain access with a low level of privileges to
an encrypted password file, then the strategy would be to capture that file and then use the encryption
59

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
mechanism of that particular system at leisure until a valid password that provided greater privileges was
discovered.

VIRUSES:

Definitions:

1. A set of computer instructions

2. Deliberately created

3. That propagates

4. And does unwanted things.

Characteristics of Computer Viruses:

1. Cannot exist in a viable form, apart from another (usually legitimate) program.
2. Propagates when the host program is executed.

3. Has an incubation period, during which no damage is done.

4. After incubation period, begins to manifest its behavior.

A Few Manifestations of Computer Viruses:

1. Sudden or periodic slowing of programs.

2. Unexplained change in the size of any program.

o Files with extension .EXE.

o Files with extension .COM.

o Files with extension .BAT.

o Files with extension .SYS.

o Files with extension .OVL.

3. Unusual behavior of the computer, especially during a program which you have been running regularly
with no problems.

4. Failure of any program (such as a word processor) to install correctly from its distribution (original)
disks. (Many programs check their own size after installation.)

Programs which are NOT viruses:

1. Trojan horse: a standalone program which does its damage immediately, while you are running it for
another purpose (usually a game!).
60

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
2. Bomb: a standalone program (like a Trojan horse) whose only effect is to destroy some part of your
system (programs, data) but does not pretend to be another program while it runs.

3. Bug: a legitimate program with some logic error which causes accidental damage to your system even
though everything was done according to the manual.

4. User error: a human error (which the human may deny!) which causes loss of data or programs, or
damage to hardware, due to accident or entry of incorrect commands.

A few kinds of virus-caused behavior:

1. Formats hard drive, destroying all data ("Dark Avenger").

2. Causes random change in typed characters ("Teatime" virus).

3. Presents a political or (false) advertising message every few times ("Stoned" virus: Legalize
Marijuana).

4. Causes computer to act as though a monitor or disk drive is going bad ("Jerusalem-B" virus).

Where viruses can hide:

1. In the "boot" sector of any floppy disk. This is a small program which runs whenever the computer is
"booted" from the diskette, whether or not the diskette is "bootable." (This is the tiny program which
puts the message "Non-system disk or disk error" on the screen if the disk is not bootable!)
2. Attached to any program: shareware, commercial or public domain.

3. Embedded in the hidden system files IO.SYS and MSDOS.SYS on the boot disk or drive.

4. Same as #2, but pay SPECIAL ATTENTION to the file COMMAND.COM on the boot disk or drive.

5. The "partition table" on a hard drive. (This DOES contain executable information, since it is attached to
the "Master Boot Record" which is consulted at boot-up to determine whether to boot DOS, OS/2,
UNIX, etc.)

How viruses are spread:

1. Trading, copying or pirating software on diskettes without knowing the source.

2. Software salesmen giving demos on your computer from their diskettes.

3. Computer repair personnel using diagnostic disks.

4. Computer user groups and bulletin boards (BBS's). NOTE: #2 & #3 account for over 80% of all
infections at business sites! #1 accounts for nearly all others, #4 LESS THAN 5%.

When viruses activate:

1. Every few times the computer is booted up ("Stoned" virus, every 8th boot).
2. On a certain day of the year (March 6, "Michaelangelo" virus, destructive mutant of "Stoned").
61

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
3. On a certain day of the week ("Sunday" virus).

4. On a certain day of the month ("Friday the 13th", "Saturday the 14th" viruses).

5. Every day EXCEPT one ("Israeli" or "Suriv03" virus, every day except Friday the 13th.)

6. On a certain date only. (Jan. 1, 2000 "Century" will activate, write zeroes to all connected disks,
effectively destroying all data and programs, destroying all directories, file allocation tables, boot
records and partition tables, possibly causing the disk to have to be returned to the dealer for repair.
Finally, a message is presented to the user, "Welcome to the 21st Century.")

7. A certain period after infection ("Plastique" virus, one week).

8. After infecting a certain number of files ("MIX/1" virus, six files).

9. After a certain number of keystrokes ("Devil's Dance" virus, 2000 keystrokes; after 5000 destroys hard
disk data and prints characteristic "Devil's Dance" message).

10. At a particular time of day ("Teatime" virus, between 3:10 and 3:13 PM, trashes every 11th keystroke.)

11. Any combination of the above, plus anything you can probably think of!

Types of viruses, classified by how they spread ("vectors"):

1. Boot-sector viruses. Can NOT be transmitted from BBS's at all. Transmitted by floppy or tape cartridge
(rare). Boot- up must be attempted from infected disk. Remains memory- resident during warm boot,
infects boot sector of all other disks in system including hard and floppy disks.
2. Program viruses. May be transmitted by distribution of infected programs via floppy, BBS or network.
Some infect ONLY COMMAND.COM; others avoid infecting COMMAND.COM, to avoid detection.

Types of viruses, classified by operating system:

1. DOS. Greatest variety of viruses due to widespread use.

2. Amiga-DOS. Restricted to Commodore Amiga.

3. Macintosh. Restricted to Macintosh computers. NOTE: Amiga(TM) and Macintosh(TM) computers

often have a DOS emulation mode. In this mode, some (but not all) DOS viruses can damage them as
well.

4. OS/2. Relatively immune to viruses so far, due to rarity of systems. Most DOS viruses are rendered
harmless by OS/2, although some may still survive since OS/2 can also run DOS programs.

5. UNIX. These viruses are relatively rare, but some have the potential of migrating to PC's running
UNIX clones such as XENIX. Similar remarks apply to Amigas and Macintoshes running A/UX or
other UNIX clones.

6. VMS, MVS, etc. (Minicomputers & mainframes). A few viruses spread over networks. More
commonly affected by worms (RTM Internet worm, e.g.), logic bombs via e-mail, etc.
62

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
FIREWALL:

A firewall is a device installed between the internet network of an organization and the rest of
Internet. When a computer is connected to Internet, it can create many problems for corporate companies. Most
companies put a large amount of confidential information online. Such information should not be disclosed to
the unauthorized persons. Second problem is that the virus, worms and other digital pests can breach the
security and can destroy the valuable data.

The main purpose of a firewall is to separate a secure area from a less secure area and to control
communications between the two. Firewall also controlling inbound and outbound communications on
anything from a single machine to an entire network. On the Other Hand Software firewalls, also sometimes
called personal firewalls, are designed to run on a single computer. A software firewall prevents unwanted
access to the computer over a network connection by identifying and preventing communication over risky
ports. Computers communicate over many different recognized ports, and the firewall will tend to permit these
without prompting or alerting the user.

A firewall can serve the following functions:

1. Limit Internet access to e-mail only, so that no other types of information can pass between the intranet
and the Internet
2. Control who can telnet into your intranet (a method of logging in remotely).
3. Limit what other kinds of traffic can pass between your intranet and the Internet.

A firewall can be simple or complex, depending on how specifically you want to control your Internet
traffic. A simple firewall might require only that you configure the software in the router that connects your
intranet to your ISP. A more complex firewall might be a computer running UNIX and specialized software.
Firewall systems fall into two categories

1. Network-level
2. Application-level.

Network-Level Firewalls

It can be used as packet filter. These firewalls examine only the headers of each packet of information
passing to or from the Internet. The firewall accepts or rejects packets based on the packet’s sender, receiver,
and port. For example, the firewall might allow e-mail and Web packets to and from any computer on the
intranet, but allow telnet (remote login) packets to and from only selected computers.

Packet filter firewall maintains a filtering table that decides which packets are to be forwarded or discarded. A
packet filter firewall filters at the network or transport layer.

Application-Level Firewalls

These firewalls handle packets for each Internet service separately, usually by running a program called
a proxy server, which accepts e-mail, Web, chat, newsgroup, and other packets from computers on the intranet,
strips off the information that identifies the source of the packet, and passes it along to the Internet.
63

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
When the replies return, the proxy server passes the replies back to the computer that sent the original message.
A proxy server can also log all the packets that pass by, so that you have a record of who has access to your
intranet from the Internet, and vice versa.

PASSWORD SECURITY:

There are a few ways your account passwords can be compromised.

1. Someone's out to get you. There are many people who might want to take a peek into your personal life. If
these people know you well, they might be able to guess your e-mail password and use password recovery
options to access your other accounts.
2. You become the victim of a brute-force attack. Whether a hacker attempts to access a group of user
accounts or just yours, brute-force attacks are the go-to strategy for cracking passwords. These attacks
work by systematically checking all possible passphrases until the correct one is found. If the hacker
already has an idea of the guidelines used to create the password, this process becomes easier to execute.

3. There's a data breach. Every few months it seems another huge company reports a hacking resulting in
millions of people's account information being compromised. And with the recent Heart bleed bug, many
popular websites were affected directly.

What makes a good password?

Although data breaches are out of your control, it's still imperative to create passwords that can
withstand brute-force attacks. Avoiding both types of attacks is dependent on the complexity of your password.
Ideally, each of your passwords would be at least 16 characters, and contain a combination of numbers,
symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary
words, usernames, pronouns, IDs, and any other predefined number or letter sequences.

64

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Creating secure passwords

Enable two-step-verification

Any time a service like Face book or Gmail offers "two-step verification," use it. When enabled,
signing in will require you to also enter in a code that's sent as a text message to your phone. Meaning, a
hacker who isn't in possession of your phone won't be able to sign in, even if they know your password.

Keeping track of secure passwords

If you follow one of the most important commandments of passwords, you know that you absolutely
must have a unique password for every service you use. The logic is simple: if you recycle the same password
(or a variation of it), and a hacker cracks one account, he or she will be able to access the rest of your accounts.

Using a password manager

Password managers store all of your passwords for you and fill out your log-in forms so that you don't
have to do any memorizing. If you want super secure passwords for your online accounts (which is
recommended), but you don't want to memorize them all (also recommended), this is the way to go.

There are many options available, but a few crowd favorites are Last Pass, Dashlane and 1Password.
All three password managers essentially work the same way. There is a desktop program (or mobile app),
which you'll use to manage your passwords. Then, there's a browser extension that automatically logs you into
accounts as you browse the Web.

QUESTIONS

UNIT-IV SECTION – A

1. What is Firewall?
2. Distinguish between Stream and Block cipher?
3. What is TLS?
4. Define the one way property to be possessed by hash function.
5. Protection of data during transmission is _______________.
6. Expand OSI?
7. What is security of DES?
8. Define Virus.
9. Define Intruders.
10. Expand SET.

SECTION –B

1. Discuss about intrusion technique.

2. What are the four basic technique uses in password management?

65

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
3. Discuss about password selection strategies.
4. Write about password management.
5. What are the types of viruses?
6. Discuss about e-mail viruses.
7. List the design goals of firewalls.
8. Explain Secure Electronic transaction with neat diagram.
9. Explain the format of the X.509 certificate.
10. Define intrusion detection and the different types of detection mechanisms in detail.

SECTION –C

1. Discuss in detail about the web security.

2. Give a detail account of SSL architecture.
3. Write about the SSL implementation in detail.
4. Explain about the SET operations.
5. Write in detail about the hand shake protocol with an example.
6. Give a detail account of intruders with example.
7. What is the difference between an SSL connection and SSL session?
8. Write about the System Security in network.
9. Give a detail study of Firewall.
10. Discuss in detail about the Password Security.

UNIT V
Case Study: Implementation of Cryptographic Algorithms – RSA – DSA – ECC (C / JAVA Programming).
Network Forensic – Security Audit - Other Security Mechanism: Introduction to: Stenography – Quantum
Cryptography – Water Marking - DNA Cryptography.

NETWORK FORENSICS:

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of
computer network traffic for the purposes of information gathering, legal evidence, or detection. Unlike other
areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is
transmitted and then lost, so network forensics is often a pro-active investigation.

Network forensics generally has two uses. The first, relating to security, involves monitoring a network
for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a
compromised host; network-based evidence might therefore be the only evidence available for forensic
analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can
include tasks such as reassembling transferred files, searching for keywords and parsing human
communication such as emails or chat sessions.

66

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
Overview

Network forensics is a comparatively new field of forensic science. The growing popularity of the
Internet in homes means that computing has become network-centric and data is now available outside of disk-
based digital evidence. Network forensics can be performed as a standalone investigation or alongside a
computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a
crime was committed).

Marcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of
network events in order to discover the source of security attacks or other problem incidents".

Compared to computer forensics, where evidence is usually preserved on disk, network data is more
volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and
intrusion detection systems were set up to anticipate breaches of security.

Systems used to collect network data for forensics use usually come in two forms:

 "Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured
and written to storage with analysis being done subsequently in batch mode. This approach requires
large amounts of storage.
 "Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and
only certain information saved for future analysis. This approach requires a faster processor to keep up
with incoming traffic.

Types of Network Forensic are

Ethernet

Applying forensic methods on the Ethernet layer is done by eavesdropping bit streams with tools called
monitoring tools or sniffers. The most common tool on this layer is Wireshark (formerly known as Ethereal)
and tcpdump where tcpdump works mostly on unix-like operating systems. These tools collect all data on this
layer and allows the user to filter for different events. With these tools, website pages, email attachments, and
other network traffic can be reconstructed only if they are transmitted or received unencrypted. An advantage
of collecting this data is that it is directly connected to a host. If, for example the IP address or the MAC
address of a host at a certain time is known, all data sent to or from this IP or MAC address can be filtered.

TCP/IP

On the network layer the Internet Protocol (IP) is responsible for directing the packets generated by
TCP through the network (e.g., the Internet) by adding source and destination information which can be
interpreted by routers all over the network. Cellular digital packet networks, like GPRS, use similar protocols
like IP, so the methods described for IP work with them as well.

For the correct routing, every intermediate router must have a routing table to know where to send the
packet next. These routing tables are one of the best sources of information if investigating a digital crime and
trying to track down an attacker. To do this, it is necessary to follow the packets of the attacker, reverse the
sending route and find the computer the packet came from (i.e., the attacker).

67

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
The Internet

The internet can be a rich source of digital evidence including web browsing, email, newsgroup,
synchronous chat and peer-to-peer traffic. For example, web server logs can be used to show when (or if) a
suspect accessed information related to criminal activity. Email accounts can often contain useful evidence; but
email headers are easily faked and, so, network forensics may be used to prove the exact origin of
incriminating material. Network forensics can also be used in order to find out who is using a particular
computer by extracting user account information from the network traffic.

Wireless forensics

Wireless forensics is a sub-discipline of network forensics. The main goal of wireless forensics is to
provide the methodology and tools required to collect and analyze (wireless) network traffic that can be
presented as valid digital evidence in a court of law. The evidence collected can correspond to plain data or,
with the broad usage of Voice-over-IP (VoIP) technologies, especially over wireless, can include voice
conversations. Analysis of wireless network traffic is similar to that on wired networks, however there may be
the added consideration of wireless security measures.

WATER MARKING:

Watermarking, a pattern of bits inserted into a digital image, audio or video file that identifies the file's
copyright information (author, rights, etc.). The name comes from the faintly visible watermarks imprinted on
stationery that identify the manufacturer of the stationery. The purpose of digital watermarks is to provide
copyright protection for intellectual property that's in digital format.

Unlike printed watermarks, which are intended to be somewhat visible, digital watermarks are designed
to be completely invisible, or in the case of audio clips, inaudible. Moreover, the actual bits representing the
watermark must be scattered throughout the file in such a way that they cannot be identified and manipulated.
And finally, the digital watermark must be robust enough so that it can withstand normal changes to the file,
such as reductions from lossy compression algorithms.

Satisfying all these requirements is no easy feat, but there are a number of companies offering
competing technologies. All of them work by making the watermark appear as noise - that is, random data that
exists in most digital files anyway. To view a watermark, you need a special program that knows how to
extract the watermark data.

Watermarking is also called data embedding and information hiding.

Motivation:

In the past:

Conventionally, in analog world, a painting is signed by the artist to attest the copyright, an identity
card is stamped by the steel seal to avoid forgery, and the paper money are identified by the embossed portrait.
Such kind of hand-written signatures, seals and watermarks have been used from ancient times as a way to
identify the source, creator of a document or a picture. For example, a priceless painting of the 11th century in
National Palace Museum named "Travelers on a Mountain Path" had not been identified as the genuine work
of Fan Kuan until Fan's signature is found between the woods behind a group of travelers of the painting.
68

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Travelers on a Mountain Figure 5.1 Fan’s signature

In digital World:

However, in the digital world, digital technology for manipulating images has make it difficult to
distinguish the visual truth. Besides, the characteristics of digitization bring significant hangs in copyright
issues, which create an urgent need to intellectual property protection on the digitally recorded information.

Digital watermarking has been proposed as a way to claim the ownership of the source and owner.
Unlike encryption, watermarking does not restrict access to the data. Once the encrypted data is decrypted, the
intellectual property rights are no longer protected.

Over the past few years, the technology of the digital watermarking has gained prominence and
emerged as a leading candidate that could solve the fundamental problems of legal ownership and content
authentications for digital multimedia data. A great deal of research efforts has been focused on digital image
watermarking in recent years. The techniques proposed so far can be divided into two groups according to the
embedding domain.

Approaches of watermarking:

1. One group is spatial domain approach.

2. The other group is frequency domain approach.

Spatial Domain Approach

The earliest watermarking techniques are mainly this kind and the simplest example is to embed the
watermark into least significant bits (LSBs) of the image pixels. However, this technique has relatively low
information hiding capacity and can be easily erased by lossy image compression.

Frequency Domain Approach

Another way to produce high quality watermarked image is by first transforming the original image
into the frequency domain by the use of Fourier, Discrete Cosine or Wavelet transforms for example. And it
can embed more information bits and is relatively robust to attack. With this technique, the marks are not
69

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
added to the intensities of the image but to the values of its transform coefficients. Then inverse-transforming
the marked coefficient forms the watermarked image. The use of frequency based transforms allows the direct
understanding of the content of the image; therefore, characteristics of the human visual system (HVS) can be
taken into account more easily when it is time to decide the intensity and position of the watermarks to be
applied to a given image.

Examples of Implementation

1. Cox et al. used the spread spectrum communication for digital multimedia watermark.
2. Hsu and Wu embedded an image watermark into selectively modified middle frequency of discrete cosine
transform (DCT) coefficients of container image.

3. Several other methods used discrete wavelet transform to hide the data to the frequency domain.

Multi-resolution Watermarking

The modus operandi is pretty simple since it consists of adding weighted pseudo-random codes to the
large coefficients at the high and medium frequency bands of the discrete wavelet transform of an image. Even
if it might first appear theoretically straightforward the actual implementation is a little more complicated than
it seems and great effort will be made here to clarify it. First of all, one must know why the wavelets approach
is used here. The characteristics of this transform domain are well suited for masking consideration since it is
well localized both in time and frequency. Besides wavelet transforms match the multi channel model of the
HVS so one can actually set a numerical limit to the wavelets coefficients alteration in order to stay under the
HVS just noticeable difference 3 (JND), for which our eyes start to become aware of the modifications in the
image . Besides, wavelet transforms is a part of upcoming compression standards (such as JPEG-2000) so
wavelet-based techniques would allow a much easier and optimized way to include a copyright protection
device in the compression code itself.

Steps of Implementation

Encoder

The first part of the watermarking process is, of course, the encoder. The first step is to decompose the
image into ten frequency bands using three resolutions of Haar wavelets.

70

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY

Figure 5.2- Three levels Haar decomposition

Figure 5.2’s bank of filters represents well the idea of the octave-band structure of Haar wavelets,
which gives pyramid structure frequency localization as shown in Figure 5.3.

Figure 5.3- Resulting decomposed image

Here, I must point out that an under sampling operation is done after every filtering. It must be
understood that the choice of the Haar wavelet in our system was one made for simplicity. However, we had in
mind to investigate the influence of the choice of the wavelet function in our results but, in order to test the
robustness truthfully, we had to give up the idea in favor of the addition of extra robustness testing procedures.
The next operation is to add a pseudo random sequence N , in fact a Gaussian distribution of mean zero and
variance one, to the coefficients of the medium and high frequency bands (i.e. all the bands except the lowest
one which is represented by the top left corner in Figure 5.3. The normal distribution is used because it has
been proven to be quite robust to collusive attacks. In order to weight the watermark according to the
magnitude of the wavelet coefficients, we used one of the two following relations between the original
coefficients y and ÿ , the ones containing the watermark:

ÿ[m,n] = y[m,n] + alpha (y[m,n])2 N[m,n] ( 1 )

&
ÿ[m,n] = y[m,n] + alpha . abs(y[m,n]) N[m,n] ( 2 )

It must be pointed out that the relations (1) and (2), even though they are mathematically different, have
71

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
the exact same goal which is to put more weight to the watermark added to high value wavelet coefficients.
The parameter alpha is to control the level of the watermark; it is in fact a good way to choose between good
transparency or good robustness or a tradeoff between the two. Finally, the two-dimension inverse wavelet
transform of is computed to form ÿ the watermarked image.

Figure 5.4- Implemented Watermarking Scheme

Figure 5.4 gives a good idea of the main components of the encoder

Decoder

At the other end of the communication channel, a decoder is used to extract the watermarked
information from the received image. Upon reception of the supposedly watermarked image, the algorithm first
isolates the signature included in this image by comparing the DWT coefficients of the image with those of the
original (non-watermarked) one. The following operation consists of taking the identified key to put in contrast
with the found signature by computing the cross-correlation at the first resolution level (i.e. highest frequency
coefficients). The watermark is called detected if there is a peak in the cross-correlation corresponding to a
positive identification. If there is no central peak, the decoder adds the second resolution level (i.e. the bottom
left square in the pyramid structure of Figure 5.3) to the computation aiming at finding for a peak. Once again,
if there is a peak, the watermark is called detected and if not, we go to the third resolution… and so on until we
reach the ninth resolution limit.

Advantage of this technique

The main advantage of this technique is that while allowing good detection, even in the presence of
corruption, it keeps the level of false positive detection to a minimum since the found signature has to go
72

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
through detection step of positive identification to be called detected. The detector step aims at ensuring the
maximum exactitude in the detection of the owner identification key and, as said previously, minimizing the
number of false positive detection. The results presented later on should convince the reader of the
performance of our decoder.

Applications of Watermarking

1. Fingerprinting: In order to trace the source of illegal copies the owner can embed different watermarking
keys in the copies that are supplied to different customer. For the owner, embedding a unique serial number-
like watermark is a good way to detect customers who break their license agreement by copying the protected
data and supplying it to a third party.

2. Indexing: Watermarking offers a wide range of new capabilities to multimedia applications. It allows the
indexing of video mail by permitting the insertion of comments in video content as well as the indexing of
movies or news items by making available the utilization of markers that can be exploited in search engines.
As the number of images and video contents online increases a lot faster than the capabilities of today’s search
engine, it is important to plan ahead for new ways to allow quick access to multimedia data and watermarking
is certainly a promising way to do so.

3. Copyright Protection & Owner identification: To protect its intellectual property, the data owner can
embed a watermark representing copyright information of his data. This application can be a really helpful tool
in settling copyright disputes in court. It is probably the most widely spread use of digital images watermarking
and it is also the application we have worked on in the present project.

4. Broadcast monitoring: In order to help the automated identification of broadcasted programs, original
watermarks can be inserted in any type of data to be widely broadcasted on a network. It could assure that
advertisers received the airtime they have paid for or make certain that musicians’ property is not rebroadcast
by pirate stations (or at least, if so, that it can be detected).

5. Copy protection: The watermarked information can directly control digital recording device. The
embedded key can represent a copy-permission bit stream that is detected by the recording device which then
decide if the copying procedure should go on (allowed) or not (prohibited).

6. Data Authentication: Fragile watermarks are used to detect any corruption of an image or any other type of
data. If the watermark is detected, the data is genuine, if not, the data has been corrupted and cannot be
considered.

7. Data Hiding (Covert Communications): The transmission of private data is probably one of the earliest
applications of watermarking. As one would probably have already understood, it consists of implanting a
strategic message into an innocuous one in a way that would prevent any unauthorized person to detect it.

8. Medical Safety: Embedding the date and patient’s name in medical images could increase the
confidentiality of medical information as well as the security.

Requirements of Watermarking:

73

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
To achieve maximum protection of intellectual property with watermarked media, several requirements
must be satisfied:

Imperceptible: The watermark should be imperceptible so as not to affect the viewing experience of the
image or the quality of the audio signal.

Undeletable: The watermark must be difficult or even impossible to remove by a hacker, at least without
obviously degrading the host signal.

Statistically Undetectable: A pirate should not be able to detect the watermark by comparing several
watermarked signals belonging to the same author.

Robustness: The watermark should be survive the lossy compression techniques like JPEG, which is
commonly used for transmission and storage.

Unambiguous: Retrieval of the watermark should be unambiguously identify the owner, and the accuracy of
identification should degrade gracefully in the face of attacks

STEGANOGRAPHY:

Steganography is the study of embedding and hiding messages in a medium called a covertext.
Steganography is related to cryptography and is just about as old. It was used by the Ancient Greeks to hide
information about troop movements by tattooing the information on someone's head and then letting the person
grow out their hair. Simply put, steganography is as old as dirt. The basic idea behind cryptography is that you
can keep a message a secret by encoding it so that no one can read it. If a good cryptographic cipher is used, it
is likely that no one, not even a government entity, will be able to read it.

The simple fact is that an encrypted message does not resemble anything else but an encrypted
message. Once a third party determines that you are communicating in secret, they may feel compelled to force
you or the person you are communicating with to tell them what you are hiding. The above diagram depicts
how a steganographic algorithm works during the embedding process. First the data that is being passed from
one person to another is encrypted (not always, but this is highly suggested). Then the information is
embedded into a covertext. This is done according to the embedding algorithm and a secret key that modulates
the actions of the embedding process (the key is also not necessary, but highly suggested). This process outputs
a steganogram that has the information hidden inside.

The problem ultimately reduces to whether or not Oscar can tell the difference between a normal
message and an embedded message reliably. This is important to consider as Oscar does not have an infinite
amount of manpower needed to interrogate everyone and widespread destruction of data in transit would grind
information transfer to a halt.

Types of Steganography:

The most commonly discussed steganography is embedded images. This is also the form that has the
most research investigating it. While there are many types of algorithms, the three most common are LSB,
DCT, and Append types. LSB stands for Least Significant Bit. It embeds data in the photo by replacing the
least significant bit in a BMP type picture. You can think of the least significant bit as the ones place. Because
it has the smallest effect on the amount of a color, replacing this bit with a bit from the hidden data will have
74

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
the smallest effect on the picture possible. The more bits replaced, the more bit "depth" available, and the
larger the image, the more data that can be stored in the photo.

However, the more bits that are replaced, the more obvious the alterations will appear to both a
statistical inspection and a visual inspection. DCT stands for Discrete Cosine Transform. This works on many
types of photo types. It works by calculating the "frequencies" of the image and then replacing some of them.
DCT algorithms are more subtle in the way they manipulate photos and so are harder to detect. Note that larger
transformations (due to more embedded data) will make the manipulations more obvious.

Just about the worst of these algorithms is the class of Append algorithms. Rather than hide the data in
the photo by manipulating the picture, it instead appends the data to the end of the file as padding. In this
manner, the data is hidden and never read by any photo displaying program. The good things about these
algorithms are the simplicity of programming the algorithm and the fact that they are immune to visual
inspection of the picture (the photos are identical so far as the photo is displayed).

However, these algorithms will change the size of the file. If the hidden data is large enough, the file
size itself can be a dead giveaway. Further, the additional data appended to the end of the photo can be a dead
giveaway to steganalysts looking for steganograms. If an Append algorithm must be used, definitely encrypt
the data beforehand. If it is not encrypted first, a simple program that looks for text strings would be sufficient
to find the files containing this data.

Uses of Steganography:

The uses of steganography are as varied as the uses of communication itself. Obviously you can use it
to send secret messages to a friend, colleague, or co-conspirator. You can use it to transport sensitive data from
point A to point B such that the transfer of the data is unknown.This is particularly useful for covert
communication of botnets and other systems under a hackers control. It could also be used to further obfuscate
the origination and endpoint of data because some procedural packets are simply very common, and frequently
ignored. It can take a well trained malware analyst hours to weeks to find when and how a system was
compromised from a packet dump. A well designed network steganographic program may be able to withstand
greater tests of time.

DNA CRYPTOGRAPHY:

It can be defined as a technique of hiding data in terms of DNA sequence. In the cryptographic
technique, each letter of the alphabet is converted into a different combination of the four bases which make up
the human deoxyribonucleic acid (DNA).

DNA cryptography is a rapid emerging technology which works on concepts of DNA computing. DNA
stores a massive amount of information inside the tiny nuclei of living cells. It encodes all the instructions
needed to make every living creature on earth. The main advantages of DNA computation are miniaturization
and parallelism of conventional silicon-based machines. For example, a square centimeter of silicon can
currently support around a million transistors, whereas current manipulation techniques can handle to the order
of 1020 strands of DNA. DNA, with its unique data structure and ability to perform many parallel operations,
allows one to look at a computational problem from a different point of view.

A simple mechanism of transmitting two related messages by hiding the message is not enough to
prevent an attacker from breaking the code. DNA Cryptography can have special advantage for secure data

75

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
storage, authentication, digital signatures, steganography, and so on. DNA can also be used for producing
identification cards and tickets. “Trying to build security that will last 20 to 30 years for a defense program is
very, very challenging,” says Benjamin Jun, vice president and chief technology officer at Cryptography
Research. Multiple studies have been carried out on a variety of biomolecular methods for encrypting and
decrypting data that is stored as a DNA. With the right kind of setup, it has the potential to solve huge
mathematical problems. It’s hardly surprising then, that DNA computing represents a serious threat to various
powerful encryption schemes.

Various groups have suggested using the sequence of nucleotides in DNA (A for 00, C for 01, G for 10, T
for 11) for just this purpose. One idea is to not even bother encrypting the information but simply burying it in
the DNA so it is well hidden, a technique called DNA steganography. DNA Storage of Data has a wide range
of capacity:

 Medium of Ultra-compact Information storage: Very large amounts of data that can be stored in
compact volume
 A gram of DNA contains 1021 DNA bases = 108 Terabytes of data.

 A few grams of DNA may hold all data stored in the world.

DNA cryptography is in its infancy. Only in the last few years has work in DNA computing seen real
progress. DNA cryptography is even less well studied, but ramped up work in cryptography over the past
several years has laid good groundwork for applying DNA methodologies to cryptography and steganography.
Researches and studies are being carried out to identify a better and unbreakable cryptographic standard. A
number of schemes have been proposed that offer some level of DNA cryptography, and are being explored.
At present, work in DNA cryptography is centered on using DNA sequences to encode binary data in some
form or another. Though the field is extremely complex and current work is still in the developmental stages,
there is a lot of hope that DNA computing will act as a good technique for Information Security.
QUANTUM CRYPTOGRAPHY:

Quantum cryptography is the science of exploiting quantum mechanical properties to perform

cryptographic tasks. The best known example of quantum cryptography is quantum key distribution which
offers an information-theoretically secure solution to the key exchange problem. Currently used popular
public-key encryption and signature schemes (e.g., RSA and ElGamal) can be broken by quantum adversaries.
The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic
tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication
(see below for examples). For example, it is impossible to copy data encoded in a quantum state and the very
act of reading data encoded in a quantum state changes the state. This is used to detect eavesdropping in
quantum key distribution.

Quantum key distribution

The most well known and developed application of quantum cryptography is quantum key distribution,
which is the process of using quantum communication to establish a shared key between two parties (Alice and
Bob, for example) without a third party (Eve) learning anything about that key, even if Eve can eavesdrop on
all communication between Alice and Bob. If Eve tries to learn information about the key being established,
key establishment will fail causing Alice and Bob to notice. Once the key is established, it is then typically
used for encrypted communication using classical techniques. For instance, the exchanged key could be used
as for symmetric cryptography.
76

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
The security of quantum key distribution can be proven mathematically without imposing any
restrictions on the abilities of an eavesdropper, something not possible with classical key distribution. This is
usually described as "unconditional security", although there are some minimal assumptions required,
including that the laws of quantum mechanics apply and that Alice and Bob are able to authenticate each other,
i.e. Eve should not be able to impersonate Alice or Bob as otherwise a man-in-the-middle attack would be
possible.

Quantum Coin Flipping

Unlike quantum key distribution, quantum coin flipping is a protocol that is used between two
participants who do not trust each other. The participants communicate via a quantum channel and exchange
information through the transmission of qubits. Alice will determine a random basis and sequence of qubits
and then transmit them to Bob. Bob then detects and records the qubits. Once Bob has recorded the qubits sent
by Alice, he makes a guess to Alice on what basis she chose. Alice reports whether he won or lost to Bob and
then sends Bob her entire original qubit sequence. Since the two parties do not trust each other, cheating is
likely to occur at any step in the process.

Quantum coin flipping is theoretically a secure means of communicating through two distrustful
parties, but it is difficult to physically accomplish.

Quantum commitment

Following the discovery of quantum key distribution and its unconditional security, researchers tried to
achieve other cryptographic tasks with unconditional security. One such task was commitment. A commitment
scheme allows a party Alice to fix a certain value (to "commit") in such a way that Alice cannot change that
value while at the same time ensuring that the recipient Bob cannot learn anything about that value until Alice
reveals it. Such commitment schemes are commonly used in cryptographic protocols. In the quantum setting,
they would be particularly useful: Crépeau and Kilian showed that from a commitment and a quantum channel,
one can construct an unconditionally secure protocol for performing so-called oblivious transfer. Oblivious
transfer, on the other hand, had been shown by Kilian to allow implementation of almost any distributed
computation in a secure way (so-called secure multi-party computation). (Notice that here we are a bit
imprecise: The results by Crépeau and Kilian together do not directly imply that given a commitment and a
quantum channel one can perform secure multi-party computation. This is because the results do not guarantee
"composability", that is, when plugging them together, one might lose security. Later works showed, however,
how composability can be ensured in this setting.

Bounded- and noisy-quantum-storage model

One possibility to construct unconditionally secure quantum commitment and quantum oblivious
transfer (OT) protocols is to use the bounded quantum storage model (BQSM). In this model, we assume that
the amount of quantum data that an adversary can store is limited by some known constant Q. We do not,
however, impose any limit on the amount of classical (i.e., non-quantum) data the adversary may store.

In the BQSM, one can construct commitment and oblivious transfer protocols. The underlying idea is
the following: The protocol parties exchange more than Q quantum bits (qubits). Since even a dishonest party
cannot store all that information (the quantum memory of the adversary is limited to Q qubits), a large part of
the data will have to be either measured or discarded. Forcing dishonest parties to measure a large part of the

77

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
data allows to circumvent the impossibility result by Mayers; commitment and oblivious transfer protocols can
now be implemented.

The protocols in the BQSM presented by Damgård, Fehr, Salvail, and Schaffner do not assume that
honest protocol participants store any quantum information; the technical requirements are similar to those in
QKD protocols. These protocols can thus, at least in principle, be realized with today's technology. The
communication complexity is only a constant factor larger than the bound Q on the adversary's quantum
memory. The advantage of the BQSM is that the assumption that the adversary's quantum memory is limited is
quite realistic. With today's technology, storing even a single qubit reliably over a sufficiently long time is
difficult. (What "sufficiently long" means depends on the protocol details. By introducing an artificial pause in
the protocol, the amount of time over which the adversary needs to store quantum data can be made arbitrarily
large.)

Position-based quantum cryptography

The goal of position-based quantum cryptography is to use the geographical location of a player as its
(only) credential. For example, one wants to send a message to a player at a specified position with the
guarantee that it can only be read if the receiving party is located at that particular position. In the basic task of
position-verification, a player, Alice, wants to convince the (honest) verifiers that she is located at a particular
point. It has been shown by Chandran et al. that position-verification using classical protocols is impossible
against colluding adversaries (who control all positions except the prover's claimed position). Under various
restrictions on the adversaries, schemes are possible.

Device-independent quantum cryptography

A quantum cryptographic protocol is device-independent if its security does not rely on trusting that
the quantum devices used are truthful. Thus the security analysis of such a protocol needs to consider scenarios
of imperfect or even malicious devices. Mayers and Yao proposed the idea of designing quantum protocols
using "self-testing" quantum apparatus, the internal operations of which can be uniquely determined by their
input-output statistics. Subsequently, Roger Colbeck in his Thesis proposed the use of Bell tests for checking
the honesty of the devices. Since then, several problems have been shown to admit unconditional secure and
device-independent protocols, even when the actual devices performing the Bell test are substantially "noisy,"
i.e., far from being ideal. These problems include quantum key distribution, randomness expansion, and
randomness amplification.

Post-quantum cryptography

Quantum computers may become a technological reality; it is therefore important to study

cryptographic schemes used against adversaries with access to a quantum computer. The study of such
schemes is often referred to as post-quantum cryptography. The need for post-quantum cryptography arises
from the fact that many popular encryption and signature schemes (such as RSA and its variants, and schemes
based on elliptic curves) can be broken using Shor's algorithm for factoring and computing discrete logarithms
on a quantum computer. Examples for schemes that are, as of today's knowledge, secure against quantum
adversaries are McEliece and lattice-based schemes. Surveys of post-quantum cryptography are available.

There is also research into how existing cryptographic techniques have to be modified to be able to
cope with quantum adversaries. For example, when trying to develop zero-knowledge proof systems that are
secure against quantum adversaries, new techniques need to be used: In a classical setting, the analysis of a
78

Downloaded by K0102 Benitta Ananthi ([email protected])

 lOMoARcPSD|18931420

NETWORK SECURITY &

CRYPTOGRAPHY
zero-knowledge proof system usually involves "rewinding", a technique that makes it necessary to copy the
internal state of the adversary. In a quantum setting, copying a state is not always possible (no-cloning
theorem); a variant of the rewinding technique has to be used.

QUESTIONS

UNIT-V SECTION – A

1.
What is a Worm? How it works?
2. Define backdoor trapping.
3. What are the two types of attacks in network?
4. What is a Trojan horse?
5. Give some types of viruses that are available in a network.
6. What is Virus?
7. Expand DSA.
8. Expand DSS.
9. Define Integrity.
10. Expand ECC.

SECTION –B

1. What is RSA? Explain the concept for implementing them with network.
2. Write the main difference between RSA and DSA.
3. Write about Water marking.
4. Write about Quantum cryptography.
5. Explain about Cryptography.
6. Discuss about Security audit.
7. Write the implementation of RSA & explain it.
8. Write the implementation of DSA & explain it.
9. Write the implementation of ECC & explain it.
10. Discuss Public key management & explain it.

SECTION –C

1. Explain about Network forensic in detail.

2. Explain about Stenography in detail.
3. Write about Water marking in detail.
4. Explain ECC algorithm in detail.
5. Explain about cryptography in detail.
6. Discuss about security mechanism in detail.
7. Explain in detail of RSA algorithm with an example.
8. Write the implementation of DSA in detail.
9. How will you implement ECC method in cryptography?
10. Explain the about IP services in detail.

79

Downloaded by K0102 Benitta Ananthi ([email protected])