CSS Easy
CSS Easy
cryptc,graphY and Y
Ch8P!9' 1:1ntr0ductton
vn.1sun one example of each.
theS8 attackS and "+' -"
8
. 8
1
a. 1 What are passive attack& Categc>rlZ
from the system
. but does not modify or
. . . . . .
Ana. : to collect infonnallOD n 1s exa mp le of p~ s1ve
A passive attack makes attempt . or monitoring of infc,nnallo
es. Ea v~ tn g . that is being transmitted. The two types of
alter the system data or resourc
the inform,a.llOO
attacks. The goal of oppo~nt is to gain
passive attacks are:
I. Release of message contents
2. rraffic analyais
1. ReleaN of me su ge contents : tion
t pre ven t the opp one nt from lear ning sensitive and con fid ent ial infonna
We may wan to "ferrcd on
ns that take plac e thro ugh tele pbo oe calls or cmaiJ messages or fLles tran
through transmisaio d confidential email lO our friend.,
our aim is
te sim ple to und erst and . Wh en we sen
network .This is qui mail is accessed b)' u.ruwthori.zed use
rs then
pers on sho uld acc ess this ma il If this
that only intended c~ of
e are rele ase d aga inst som ewh ere else . Such type of attack i1; called rel
contents of messag are available to prevent uch type of atta
cks.
re are differen t sec urit y mc cba ni ms
message contents. The
of
trom Bob
1ess e COlllents
F1a- LI : leb1eot11-~ aa
Fo r ex• mp le: Telephonic convcnati00 . .
tion if we have between two people, .80 c
contents sensitive informa
of traD smi suonalready ~f er it We Would likelcctronic mail .and a fi lo ma Il
modification of these typ e
as shown m fig . l. l. ·• to prevent third person f:rO(
. ..
Catevonze tt\8se . . . .
Q. 2 .. Whal are actiV9 att acb ? -
. . attacka and explain -~ exa rrp e.o t each.
. - ..
--
. .
'
Scanned by CamScanner
czeeraphy and System Security (MU? 1-2
Alie.:
Active attacks involve modification of a data stream or creation of a false stream of messages.
Attacker aim in such type of attack is to corrupt or destroy the data as well as network itself.
Active attacks are divided into four categories:
1. Masque.rade 2. Replay attack
3. Modification of messages 4. Denial of savice
1. Masquerade :
A masquerade takes place when an attacker pretaxb to be an authentic user. It is generally done
to gain access to a system, or steal important data from system. It is generally dooe by stealing IQgin id
and password of authentic user to gain access to a se.cme networt.. Dore attacker gain access, they get
full access to the network for deletion or changing of data or network policies of organization as shown
in Fig. 1.2.
from0af1h
rs1o be
Alce
(MU)
Cryptography and System ecu
S rity
•Ac ~~ ~nt rol - - . .
Ana.: .
is an action,
A threat to a computing a control procedure, or
A vulnerability is a software,
system is a set of device,
hardware, procedural, or human t:echnique that removes or
. \\'.eakness that- may provide an circumstances that has
reduces vulnerability, threat
attacker the open door to enter a the potential to cause
is blocked by control of
computer or network and have loss or harm~
vulnerability.
unauthori7.Cd access to resources
within the environment or
controlA
2. Vulnerability is a weakness in A threat is any potential
a me ~s
the security system. danger to information or countermeasure ~s
·systems. to counter threats.
d be Safeguard implemented to
3. Paired with a credible attack, A threat agent coul
g the close vulnerabilities and
each of these vulnei:abilities can an intruder accessin
threats in order to
allow harm to confidentiality, network through a port mitigate
integrity, or availability. on the firewall, a process protect the confidentiality,
accessing data in a .way integrity and availability of
that _violates the security system.
· poli_cy.
.
_the.balance am~>ng different goals is needed
Q.5 What ·are the .system security goals ? Explain why
Dec. 201 3, Ma 2014
Ana.:
protect data · · · . .
· Information secµrity consists of methods used to of the . fi or _mformatmn bemg transmitted for
preserving the in¢grity, availability and confidentiality 1n ormation.
_
·
1. Confidentiality :
The two important concepts :
. .
Data confldcmtiallty : Assures that private or confidential mfotmation is not disclosed to
unauthoriz.ed individuals.
rma. ti• · ·:
Privacy : Assures tllat ~dividuals control info on related to the .
. · ·· · ~.
· 2. . .· Integrity :
.. . The two in:tJ>ortant concepts :
·. · · ·
'
'
g... ~ . · . · ·. ·
'
Scanned by CamScanner
cryptography and System Security (MU) 1-4
System integrity : Assures that the system performs its intended function properly and free from
· unauthorized manipulation.
3. · Avallablllty : .
Assures that system works correctly and service is
available to authorized users. These three concepts are termed
~ CIA triad .and embody fundamental security objectives for
data and information services.
Availability
Fig. 1.3 : CIA triad
·o.'a Explain in detail different security·mechanisms. Dec. 2012, Dec. 2014 , June 2015
•, Ana.:_ ,,
: lit' f: :r ~ II - ~. ll I II I i II II S
. -
Scanned by CamScanner
1-5
Accea control :
the resources.
Various mechanisms used to enforce access rights to
Data lDtepity :
Various mechanisms used to assure the integrity of the
data.
Trame paddfn1 :
traffic analysis attempt.
To inse rt bits into gaps in the data stream to frustrate
Routing control :
ng or can change the route if any attack is
To allow some selected routes in network for routi
dete cted in the network.
Notarizadoa :
s in data exchange.
To use JJ trusted third party to assure certain propertie
Pervulve Security Mechanl8ma
security service or protocol layer.
These mechanisms are not specific ~ any of the OSI
Trusted fundionalJty :
That which is pen:eivcd to be correct with respect
to some criteria. (EL : as establilbed by a
security policy) .
Security label :
rity attnl>ute of the resource.
_The marting bond to a resource that designates the secu
Event detection :
'Detection of security ~at ed events.
~ audit trail :
f! ,I :, 'J \ It I II I I t, II '.
-
Scanned by CamScanner
_· 1-6
_cryptography and System Security (MU)
Secur:l'Y recovery :
It deals with the recovery action and management functions for data that is l_ost or disrupted in
the network during communication.
□□□
I! ,I !, V :, II I II 1 I 1, It ~
. .. , ',
Scanned by CamScanner
.·crypk>graphY.anct System SecUrio/ (MU) -
2-1
An•.: · Yp oc ~"
ds K.PVIIT (hidden or secret) and
The. word cryptography comes from the G~k w;r ret writing of information / message and
(writing). Cryptography is the art as well as science o sec
makes them non-,readable. - ·
Ana. : Tbere are two types of cryptography i.e. symmetric key cryptography .& asymmetric key
cryptography as shown in Fig. 2.1.
Same key - - ~ - - - - - - - .
~il------+
,___...,. ~ !Yt.,~_
Plalntext MW"'"'""........ 1p e 8 . Original plaintext
Scanned by CamScanner
- 2-2
r.?'E'°ff'8P'7 and System secumr (MU)
l
'
.
Q. 3 ~ i n substitution cipher.
•fiN4dil .
Ana.: ii!!::
I
text is substituted or rep~aced
A substitution is· a technique in which each letter or bit of the plain .
.
I
Cae Nr Cipher
of substitution cipher.
· Julius Caesar introduced the easiest and the simplest use
/alphabet which is three place next
In Caesar cipher technique each.letter is replaced by the letter ',,;
i'°
to that lette r which is to be substituted. '!::
-•• f);' a b c d e f g h · i j k I . m n o p q r s t _u v w x y
1•.... z
'l
:~ ~:~.'!t~:,:JDE F G H I J K L M N O P Q R S T U V
W X Y Z A B C
is given below :
The co~ din g number equivalent to each alphabet
t u v w x y z
a b c d e· f g h i j k - I m • n o p q r s
0 1 2 3 4 5 6 1 8 9 10 t"l 12 13 14 15' 16 17 18
~9 20 21 22 23 24 25
.
essed as
Matlk,matically the Caesar cipher algorithm can be expr
C ·= . E(3,P) = (P+l)mod 26
P = D(3,C) =(C-3)mod 26
Where
C = Ciphertext/ or ·alphabet
p = Plaintext/ alphabet
B = Encryption
D = Deceyption
Mod 26 because in B~glish there .are total 26 alphabets . :
I! :i '., \J :, fl I II I I O II t,
• ... -•
Scanned by CamScanner
II I .
·: . ;~: ,,11 • 1:rti:1~; :_.. :
•·r
1
J. -Cr
Scanned by CamScanner
2-4
. .·· czgfography and System Security (MU)
as shown in Fig. 2.5.
(2) . .Read .plain text message of step 1 in order of row by row I
;:;...
For example : Plain~xt : be careful ~bile chatting.
e u I h l c a t n
row1 -+ e a
: .. /\ /\ /\ /\ /\w/\I/\e/\h/\
. t
/\I/\g
row 2-+ .b o · r · · f . I
rtext is
. Write plaintext obta i~ in row 1 and row 2. The resultant ciphe
.· •
. Cl~r text : eqeulhlcatnbcrflwiehtig.
so that attacker may. get clue to
· .This technique ·doesn't want any key. Rows are als~ fixed (2)
·break the ciphertext obtained using rail fence technique.
A more complex way to encrypt the message would be to
write it in a rectangle, row by row, and ti~:1t.~~)i:::!
..
order of the columns. The order of the
.. then read off the message column by column, but to decide the .
. col_umn wiU be the key of the algorithm. . ..
'·
For example : r.:;\~{il:,
-;:
Plalntext: The book is related to history.
. Key : 4351267 ,.
4 3 5 1 2 6 7
.h ·e b. 0 0 k
t
j s .r e l a t
e d t 0 h i s
:.t ·o · r y
. ·Cfpbertext: BEOYOLHHSDOTIETERTROAIKTS
rs In detail ..
· a.·5 · . What are the different types of ciphers? Describe block ciphe
,
• .Ana.:· . . c: ,
· (i) · ·· ciyptographic . algorithm is used for
·· transformation of plaintext into ciphertext
. (ii) · : The generation of plaintext into ciphertext in two ·
basic · ways · Stream dpb~r and Block cipher. ·
I Es}
is
This shown in Fig. 2.6 . .
. ,-
. ,,
.. : .
_.._. ___ • •
.-
•..' :
.
i '
.
' Fig. 2.6 : Types of Cipher I~,...,,1:
m
·:.. ··a1ockc1pher ·•
:;: (i) .. ·. A block cipher opeiates.onplai11text accepting
a block,ofbit :at a·time.:Generally.a block siu. of
.. . . . . .. .
-· 1·
•
. 64 or 128 bits ·is used. .. . . .. . . . .
i i\: -:·(~) •· ·.··: iii~ in stream cipher block cipher also uses the :con~ pt of key gen~iaUJr~Bfock ciph er~ used
will_l>e
: :_ i.· :
5
ii
se for . re · · · · · · ·.., · , ·. ·•· · ·
· · ·;':,: · > : · · · · · : is becau
~0
, .. , . _ -..
cgptographyand·Syatem Security (MU)
. aJ st regarding what 1s the original plmnte l he,1e
generated which .can give clue ~ cryptan y hall see later in this chapter. . .
chainin mode is used for block ciphers .as we s .
. _g . . ed 'th urrent block to av01d repeat in pa11 rn.1i.
As in chaining method, previous b!pck oux wi , ~ so generally used in compu
18 ler h~
(iii)
Block cipher is little time consunung thc n stream cip er
cryptographic algorithms.
0. 1
Q. I Glve·dlfference between confusion and diffusion.
Ana.:
WiVI n
Difference between Confusion and Diffusion ,11ett1<
Diffusion
Sr. No. Conftulon iph<
plaintext statisticN
the relationship Diffusion spreads the
I. Confusion obscures
through the ciphertcxt.
between the plaintext and ciphertext
A double transposition is the classic example
2. A one-time pad relies entirely on
confusion while a simple substitution of a diffusion-only cryptosystem.
cipher is another (weak) example of a
confusion-only ~yst em.
3. Confusion alone is, apparently, "enough", Diffusion alone is, perhaps. not enough, at
since the one-time pad is provably secure. least u ing relatively smaU blocks. A stream
cipher is simply a weaker version of a one-
time pad.
4. The codebook aspects of such systems Well-designed block ciphers spread
any
provide confusion analogous to though on local statistics throughout the block, thu1t
a much grander soalc a simple substitution. employing the principle of diffusion.
□□□
1: :1 -. V - -; o I 11 I I t1 11 -.
Scanned by CamScanner
~.fllh i:8"l d~Se curi tf MU},
~~f,_
a .
Q. 1 £1?'a"n Sl'fll <One oC block qJhefS Yittl example. Also explain structure of DES.
[)ES,
.
56- bi:I
key
---t ·
i
•
DES
56 - bit
key ---t DES
keyi
-
,.
• ' 64:..blt }
. 64-tn 64-bit
cipherte xt cipherta xt c1pttertext,l
_.\l dJi! ~ side, DES takes 64-bit ciphenext and creates 64-bit plaintext and
56-bit key.
SIQS ofDE S
~ ~ -of DES is ,-ery simple. Divide plaintext message into block of size 64-bits each,
1lmch · ~ .initial pmnutition. After initial permutation on 64-bit block, the block is divided
into two
bah-a of32-b .. ca&d .left plamte..u and right plaintext
with 16
1k left ~te._' tt and rigJit plaintext goes through 16 rounds of encryption pl;'OCCSS along
xt gets
- __,
difh~='" - ~"5 for ea:b rounds. 16 rounds of encryption process left plaintext and right plainte
- -m
final permutation
aulwiaed ™ final pemwr ation is performed on these combined blocks. The result of
PtGiCU ~ of cipbertext as shown in Fig 3.2.
. '. - . . . .
Scanned by CamScanner
Cryptography and System Securio/ (MU)
l
:I
64. • bit plainteXt .
K1
56- bit
key
'-e°1'
,...
··c
.
'
G) se.
E. i"
Q-'l:
K16 ·
Final permutation
64 - bit cipher1ext
48 57 59 64
1
2 3 7·
Plaintext block (64 bits)
• ...;..-21
· · . .. . This proce ss called jugglery of• •bit position of pi~'"te X1· b1,,ock WWY
i..:.-L • • · . .
:J lS applied to all OOp -
~
bl . I,., • . . nce. After lllltlal permuta.;on· the i:..1.-b·· · •
• .
. plamtext oc~ ma ·..seque -. ·. ui ·. v-t 11 P1amtext block get divide.cl mto.r
w0
· .: , _ · ·
-
~ I as · SUIU IIOII S
Scanned by CamScanner
.. .
. ~·,\'
~
l1npJc111c11wt1 ,,11 !Jr lw/J 11111Jt, (l,ll :il1i fi 1-; ,
The DES encryption technique ideally sui ted f~,r
lookups etc).
2. Dedicate.d hardware could run DES at 200 M bytc/n,
· 3. · · __ Tec.hniq.ue well suited for voice, video encry
ptiun .
lJly cq•wl Il l
there arc 2 poK11 ibJe key c:01r1bhwtl un/J wl1ich lti ,·uug
56
4. DES uses 56-b it keys so that . ""
7.2 x 10 keys required to break DES cipher.
16
_· Disadvantages in DES
. I. . ·Trying all possible combination of z5
possible key11 iHnot that much hard thel>C <lay,;,
6
Ans.: · '%:J;:7-;~:.~
only difference is that double DES use two keys ~~=~f~j
: ·-. . Double performs the same operation as DES t
Kl & Jci.: First it perform encryption on -pJaintext which is encrypted uHing Kl obtains first ciphertex
, t.
er key called K2 & converted into final ciphertex
.. again this ciphertext is encrypted ·by using anoth .
·•· Mathematically double_DES is represented as
Cp = EK2(E(Kl (Pt)))
. . Pt ⇒ EKl(Pt) ⇒ TEMP= EKl(Pt) ⇒ EK2(E(Kl (P))) ⇒
.I.
-Where . _· .- Pt · = ·. Plain text
. EKl(Pt) . = Encrypted plllintext with .Key Kl
ts
TEMP. = EKI(Pt) = Temporary Variable to store resul
u~i.ng K2·
EK2(E(Kl(P))) . = Encrypted Results of first st~p
Cp . = ·Final Ciphert~~~: : . . . · · .. .
~ed afte r
' : ;
. .. - Decryption 'or Dou ~le DES i~ reve~ se-o f ~ncryption.· Wh a~e r _t,he ciphertext obta
:' lt of_
d using K2 §z, obtain _the t}rst 9pherte~t. the resu
,.. : _. double -DES encryption process get decrypte plainte;d• ..· . . .
ypt~. u~ing Kl which yields·.the original
. . :<-:: -p~yiqus step (ciphertex
' ,,
' --
t) decr . . . .
. . . .
•..
:. : .:-'-O. 5 : - ·\rYrite' short note
. . .
on -: Mult.iple.
' •
DES or,
' ,. .
triple
.
.QES
:-· ,.
~.·. . . ,•
Scanned by CamScanner
3-4
Cryptography and System Security (MU) a
Ans.:
that ~pie D~ us~s
Triple DES performs the same operation as double DES only differen~e is
three keys Kl. K2 & K3 while encrypting plaintext. First it perform
encryption on pl:iintext which 1s
encryp ted using K.l obtains first ciphertext again this ciphertext
is encrypted _by usmg an~ther key
K3 & converted mto final
called K2 which obtains the second ciphertext which is again encrypted using
cipbeltcxt Cp.
Mathematically. Doub)~ DES is represented as,
Pt ⇒ EKl(Pt) ⇒ TEMP= EKl(Pt) ⇒ EK2(E(Kl(P))) ⇒EK3 (EK2(EK1(Pt)))
I
I
⇒ Cp = EKJ (EK2(EKl(Pt)))
Where Pt = Plaintext
Ii EKl(Pt) = Encrypted plaintext with Key Kl
j
';
!
TEMP = EKl(Pt) = Temporary Variable to store results
!
t :, S 'I - ~; 0 I II f I fl II S
Scanned by CamScanner
::Cryptography and System 5 ecurlty (MU)
z;
. , .. _ c4> (4> (4)_ (4> c4) c4> .
.' Round4 z1 z2 z3 z4
2s 26
. .'• ! ..
.. - (S) · (5) . (5) · (S) z(S) z(S)
..
,
Round 5 Z I Z 2 Z 3 Z4 5 6
. .-.
'.
Round 6 · · ·W
zl
~
z2
W W
z3 z4
Wt~
Zs 6
:
.. (7) (7) (7) (7) (7) (7)
. ,
Round 7 . z1 z2 z3 z4 Zs z6
., .. (8) (8) · (8) (8) (8) z'8)
•, Round 8 Zl z2 z3 z4 Zs 6
..
-. (9) (9) (9) Z(9)
Output Transfonn _z1 z2 z3 4
' .
, ..
·a. 7 · What are block cipher algorithmic modes ? Describe any two modes.
·. · Ans.!
The .block cipher is 'basic 'building block for providing data security. In blockcipher rather that
.encrypting one bit at a time, block of bits is encrypted at one go .
block
.· :· ··· .- ·_· The Federai Information .Pr~essing Standard (FIPS) .defines four modes_of operation for
s
cipher that mafbe used in a wide·yariety of applications ~ike symmetric key cryptographic algorithm
in
(DES,.AES etc).-The modes specify how data \Vill be encrypted and decrypted. The modes included
.this staQd.ard are :
.L · Electronic Codebook (ECB) mode .
2. · . Cipher BlockCh.ai~ing (CB9 mode
3'.. · _·._ Cipher Feedback (CF_B) mode and
4. - Output Feed~ack (OFB) mo.de
·5. Counter (CTR) Mode -..
· 1. · . · Electronl(? Co,debook (ECB) .Mode
into blocks of 64 bits
. . :. Jn Electronic Codebook (ECB) mode the given plaintext message is dividedproduce
.·eru;h an~ each 64~bits blocks get encrypted independently. The plaintext block s ciphertext of
:same size (64.;bhs each).- The given plaintext is encrypted using san:ie key .and transfers the encrypted
· data (ciphertext) to receiver. . · ·
produce
_ ... ·. . At-the receiver end each block i~ decrypted· independently using same key in order to
-' --• origin~ plain text message of _same size i ~:·~Joe~ _· of.64-bits each. The Electronic Codebo
ok (ECB)
tjt~ _en~ryption and:decryption process is show11 in Fig. 3.3 and Fig. 3.4~ _ . · • . ·. _ .
· Plaintext · Plalntext . · Plaintext · ·
· ... ·- block 1 -block 2 block N
1, . _ . ...•
/ . ~ey ·-
-""'T-'.......,
. ;. .
.. -.. ·-·
,,.
Scanned by CamScanner
C
5
Cryptography and System Security (MU)
the occurrence of more than one plainte.xt bloctana k in the
. . ker or cryp ly t.
mode ts th at for output wh'1c h give
. Jue to the attac I
The drawback of ECB s c
. •h bl k ·m the · f . h re the chances of repeatino0 the
mput generates the same ctp ertext ocusing ECB mode o operauon w e
Only small messages can be encrypted
same plaintext message are quite less. Ciph ertex t
Ciph ertex t
Ciphertext block N
block 1 block 2
Key
K K
C1 C2 CN
Ciphertext Ciphertext Ciphertext
block 1 block2 block N
. .
Fig. 3.5 : Cipher Block Chaining (CBC) mode encryption process
·
CBC mode is applicable whenever large amounts Of data need to be sent securely , provided that
all data is available in advance (e.g. email FTP ,
b
d using same key used during enc; ptio n' we etc.) . In CBC decryption, ciphertext block 1 get
decrypte process for all plaintext biocks.
_ , --- --
--:-/-1~-:-'i,~,e~.tf! 4~ &ii ;ri ,iin rrN iilr lift ,im ,t~ -II-
--- --- --- --- ~-- --= -== =~ ---
Scanned by CamScanner
h and S stem Securll (MU) - , . -
·1,.l
. ' !'lt1 1•tc 11I Y)ll11 .tiJ1, 1dlll' '1:!jll,11tll 1 11,1
Ira
withi1!itli 1li1: II ii...' I ., <H~ 111! •·it ll ,,. f IJf, '
1. ~ I hld1
ThcoUtput of thi sslcp lfllh rt XOR I I
k . d ··y I J ,,,1rl it c.i ,11 1111, I f1l, J +
Ill ' id•, 1, 1 I,, .lit ' ', .g lhl
rtcxt blo" l!-l c~r P, r' ,11 ,111Ii II
In next step• the ciphc
ll k 2·. Repe at the p 111c qs 11 r l ~
result s plwntext , uc .
n F,g. 3.6. •
s as show in
I . text block h I r;lt hc!t lc:Hd
pa.in Olp ~HI 1.J l, J•,I• N
Ctphertexl
block 1 bl k~
c,
K K
N-1
P1 P2
Plalntext Plalnt ext
block 1 block 2
6. · Swap xL and xR
7. · After the sixteenth round, swap xL and xR again to undo the last swap.
8, Then, .xR =xR XOR Pa17 and xL =xL XOR Pa18.
9. Finally, recombine xL and xR to get the ciphertext_.
each). The
The F function takes the 32-bit input and separates it . into 4 bytes (8-bits
S-boxes accept 8-bit input and produce 32-bit output.
t:~ -J?i~J
ftPtAi_NT~~ (;
~2 bits · 32 bits
13 More Iterations
. · ··.'
Scanned by CamScanner
--
· 3-9
". • r 1
--.. - -
8 -blts ...S ~-box.31;1--32___b_lts_ _....,
ADDITION operation
8 - bits :' ~:- bo>cJJ.1 -- -- -- -- -
.. · · · 32 - bits
·:'-G1i¥Ui1tid1iid
. .' . .\ '
..· ' . ,,
Scanned by CamScanner
3-10
:a
Cryptogr:@y and System -Security (MU)
Pa3 = Ox l 2298a2f
Pa4 = Ox02506355 . d JZ-bits of the key, and so on
.
. f th ke XOR Pa2 with the secon the key bits until. the entire
2. XOR Pal with the first 32 bits o e Y,4). Repeated1 y eye1e through
for aJI bits of the key (possibly up to Pal_
P-array has been XORed with key bits. "bed . te l
. . th bkeys descn m s ps
3. Encrypt the all-zero string with the Blowfish ~gonthm, usmg e su
and 2.
4. Replace Pal and Pa2 with the output" of step 3.
'thm w1"th the modified subkeys.
5. Encrypt the output of step 3 using the Blowfish algon
6. Replace Pa3 and Pa4 with the output of step 5.
. of the P- array, and th. en all four S-boxes in order, with
7. Continue the process, replacing all entries
the output. Total 521 iterations are required to generate all req~1red subkeys.
.:m, b
,
n step a row-wise pe
't ti
. .
rmutati·on step a column-wise m1xmg step, and the
' • I
~tepij Uke ~u sli u -~ . - ~ . - t i th last round in each case, all other rounds are ident1ca .
addltion of the r<'.> und key. Gxcep or e . . ShiftRows and
final Round doeiln't have (MixColumns) it includes only SubBytes,
AddRoundKey. .
ocess of transforming the cipher text back into the original plaint.ext using same encry
. dptton
• - · pr
The · . d f ocess the set of roun s are
key is called WI decryption process _of AES, durmg ecryp 10n pr
reverlJCd.
Plalntext(128-blt)
. Plalntext(128•blt)
,, .. key;
_.......-,.,.'.•.."'. round Final Round
Add round key: 1 Round , ·,, , ,.
Round key 7'-JrayS,ubeyJes · •
SubB~s .
rtnvshlftRO:~ i
ShlftRowe Repeat
Nr • 1
Bound
:Add Repeat
.. . . . -mun
. .
Nr -1
t lnvsubE¥,e~:
, : ·. . ..
, , Bound
i tnv'.ShiftRo~$ ·.
. SubBytes . , } Round key
. ShlftRows . · Final roun~
.Add round ke.y .
Round key ' '
0 1 2 3 4 5 6 7 8 9· a b C d e F
..
.,c
0-· '63 .. 7c 77 7b F2 6h 6f CS, 30 l 67 2b Fe 07 . Ab.- 76
.' ·t. ' ca _· 82 C9 711 Fa . 59 47 PO · Ad D4 A2 . Af 9c A4 72 co
' ... . . '
-fft.JIB!lilitdt,Niii
Scanned by CamScanner
.,
·1';
. Cryptography,and System cun
y
---
3- 12
p
--.,
0 1 2 3 4 5 6 7 8 9
AS BS
a b
Fl
C
71
d
D8
C
31 -
15
2 b7 Fd 93 26 36 3f 'F7 Cc 34
Eb 27 B2 75
-
7 12 80 E2
C7 23 C3 18 96· 5 9a
3 4
B3 · 29 E3 2f 84
AO S2 3b 06
4· 9 83 2c lb la 6c 5a
Be 39 4a 4c 58 Cf
_Ed 20 Fe Bl 5b 6a Cb
5 53 01 0 3c 9f A8
85 45 F9 2 7f 50
6 DO Bf Aa Fb· 43 4d 33
.,
B6 Da 21 10 Ff F3 02
,. ,
7 51 A3 40 Sf 92 9d 38 FS Be
'i 19 73
17 C4 A7 7e 3d . 64 5d
8 Cd 0c . 13 Ee 5f 97 44
Ee B8 14 Be Se Ob Db
9 60 81 4f De 22 2a 90 88 46
Sc C2 D3 Ac 62 91 95 E4 79
a BO 32 3a 0a 49 6 24
b - E7 cs 37 6d Sb 05 4e A9 6c 56 F4 Ea 65 7a Ac 8
C Ba 78 25 2e le A6 B4 C6 ES 0d 74 lf 4b · Bd 8b 8a
d 70 3e B5 66 48 3 F6 Oe 61 35 57 B9 86 Cl ld 9e
e El PS 98 11 69 09 Se 94 9b le 87 E9 Ce 55 28 Of
f ·sc Al 89 0d bf E6 42 68 41 99 ·2d Of BO 54 bb 16
Fig. 3.10 : S-Box Lookup table for SubBytes
I SubByte )
l
10 21 . CO 81 CA FD BA OC
05 07 01 25 68 CS 7C 3F
60 byte(128-blt)
State Array
blocks
27 12 19 21 CC C9 04 FD
15 27 30 35 59 CC 04 96
t lrnvSubByte~
Fig. 3.11 shows the state transfonnation using SubBytes techniques and if apply reverse called as
InvSubBytes transformation which will create original values. For every same two byte value the
resulting transformation is also same. It also shows that the lnvSubBytes transformation creates the
original one. Note that if the two bytes have the same values, their transformation is also the same. The
corresponding substitution step used during decrypti~n is called lnvSubBytes.
2. ShlftAows :
_ ·The output of the SubByte transformation is input to the ShiftRows transformation which
CQnsists of rotation of each byte of the state array in the order of a row of data matrix (rotation of row
by~ _positions are dooe in this step). Eacb _. byte of the first row remains unchanged. Each by~ of the
tM C3SV·SOIU(IOIIS
Scanned by CamScanner
3-13
. c,vptegraphy and System Securlo/ (MU)
a .
· rotate over one byte to the left position. Similarly the third .and fourth rows. ared also
.
second row as . f
rotatect"left by two and thre.e position .us shown in Fig. ~.12. The ~orrespondmg trans ormatton urmg
decryption process is called Inverso shift row transformatton (InvShtftRows).
1 1
ShlftRow I
I.
l
'cs
.,
30 FF 64
..
-09 ao Ff! 84 "
'(:/i!./!J
.... 11,,·.,1,-
t
.. F2 FE
12 15
80
7E E4,
25: FE 60 25 F2
7E E4 12 15 l :::i::J:;
'
T jy '-I
· rn.vShlftRQ. _.1
v
07 AA FE___84..
J it~
Fig. 3.12 : ShlftRows transformation
3. MlxColumns : ~&:!\
·1
Mix Columns performs operation on the state array obtained from ShiftRows column-by-column
and each column is multiplied with row of a fixed matrix. This step takes four bytes as an input and ,1:;,4:/
j.:'
produces outputs of four bytes (each input byte affects the output bytes). The four numbers of state V:~-:;:~.-:
arrays of first column are modulo multiplied in Rijandeal's Gallo~ Filed (GF) by a given matrix as :
•·r;~ft:.
1
shown in Fig. 3.13. In AES MixColumn step along with ShiftRows are primary source for providing ..
complete diffusion to the cipher produced. .
'
~o~::,t:,oiJ. ,<of
' ' ,,, t' ~
.of·
~. ,, . .
04 .EO' :88 t'€'
. .
1
.· .. .,,,.,
~ '
-h,~::
,t,,:,,
::?!~'
:W
~:OJ\, ·02,· .~3 _;;01; lh :~F. .B4 4-1 •27< ,;
.,... .. . ~ ' . .•.,t;
ot: .or cfa ;QS;:
W
¾· i • ,' . . . , ·s -.,.. • . ,,.
:~O
,.- ,, •
52.
..
1_t. ;•: ·,;S$.:
. ~<
io3::of ,of·;02-
!,··- :.,:·: --~:~. ,'-,:,,,);.>',., .,..
~so -:Ae .Ft :t:s:
1~. :·../ >';!'_;, .. ,.'. · , ;,._,
. From· Fig. 3.13 on the left hand side, the row of the leftmost matrix is multiply with column of
state array (~OR operations) which produces the new state. Perform the same operation on all columns
which provides diffusion (mixing data within columns). The 4 bytes of each column in the State are
treated as a 4~byte ·number and transfonned to another 4-byte number via finite field mathematics
(modulo multiplied in Rijndael's Galois Filed by a given matrix) as shown. MixColumns step is primary
source of diffusion in A.ES.
4. AddRoundKey :
· ·1o the AddRoundKey step, the Round key one generated usi~g .Rijndael's key schedule is
copibined with the new state obtained from MixColumns transformation state.
_· _ ·The round ·key is added by combining each byte of the state an-ay using -bitwise XOR
Qperations. The act1:)al 'encryption' is performed in .the AddRoundKey0 function, when each byte of
state an:ayis_XORed with the round key as shown iti•-Fig. 3.14. ·
Scanned by CamScanner
t
.i s;:.:e:.: .- w.:-.:-ei ..
- M 6~ _,. -~ii - -
AO ----
i_:_
..._. .
-
88 23
2A _;.._ ~~ - ·--
-04 so 28
-
,
48
06
, i--
FA
~
..
54
......:..-
-
A3
·-·
6C --
66 CB F8
-
. - -PB ..
2C ~9 76
81 19 D3 26
17 Bl 39 o,
E5 9A 7A 4C
Fl 314: AddRoundt(ey .
I• ' 1 . tt n ·af Su~~tft: ;. rf:Pr,; i .
· _ dt hit'le rounc1s ,,e " ,.. ·
·s of AddRoundKey i11 upplie or
The same proccs . d k y 9 more times. - -1 d !i.,,,_ .. , t · ·
. C .l mns step and XOR with Roun e
M,x J . . id htit il. f tmtl f(oHtJo (#'1''·' " ,-f~
ou all other rounas ure e
. Except for the last round in each case, hiftRows nnd Roundk.ey,
Mix.Columns step it includes only Sub~ytes, s. - - 'n deh1H steps of AB . A ~ (1( , ll ~ f.f~
Finally an output cipher text will obtain after perfortfiidiey utid lhvMl.Ktotu.uili~! "; ffttf'. ..J~-.ffl
rounds are applied (i.e.lnvShiftRows., InvSub~yte~, A:::~ryf)tiQf1 key cidled D&tfYP-1#,, prt~~ d
cipher text back in~ the original plamtext usmg t e s -
AES.
AES Decryption ,
· · d-v ( ) t'iJ'1!i tht Ai f~,1('11"~
Decryption occurs through the _function -AddR~un -Ae'j - , Y l " . IHVUK fi ulrt Ml trVtfi.tt
InvShiftRows (), InvSubBytes (), lnvMixColumns Oand A_ddRourrdKey O docsli: ~ .. atuJ ~p.t>
function, as it simply XORs the state with the subkey (XOR cncrypt.g whe-n 81'1' · (Jf.lt:e,
when applied again).
Scanned by CamScanner
1ft.
,•• ·,, •,
~ . ' :
to break DES cipher.
·s. Different versions of DES are double DES AES doesn't have any fu ure , -eIS •
and triple DES is added.
DES doesn't use Mix Column, Shift Rows AES uses Mix Column.. Shift Ro"'-s me
method during encryption and decryption during encryption and decryption precess
process .
7. DES, double DES and Triple DES (168-bit AES also are vulnerahl'\'! m h.r.u:e fufce
key) arc vulnerable to brute force attacks. attacks.
QQQ
.,
• ,·,'
. .. ..
. .. '. : ~. . .,.
.-
..... _ . . .
.-
• • I •
. ·~ ·.. \ ' ' .,
' :-
,:...
.'
... . '• .
·-,•
' . ... .. ' .
. t ·. . • .
. , · '·
-. •, ... . ', ·. ," ,1 . · -·. -,. • , -. . ' . ,'
: '
., < ~~ - -\. · ·..:..". '· :_\ >_.:--. .- ---. _; :~ ·/ ' . . ·, ... .
- .
' ' .
Scanned by CamScanner
!\•1J
a'. :e !ii _:hiJ!W
· Qyptograph}' and System S~corify
(MU) . _ · g· ]!i
I,
Cf)'ptogrophy ?
Q.1 · What is principle of pu~ic key . 2.
An s.: 3,'
as asynm1etdc koy ttlgol'ilh11111,
Public key algorithms also called (cj no_ key ror • enG f'/Pli o11 4.
· nn d decryp ti on 111v •'tcN11 _ _
Fig. 4.1
ret key.
It is easily configurable than sec
o~thm (Public key algorithm).
1-JMMII
O. 2 Write a detail note on : RSA alg
An s.: ir-
Len Ald em an hav e dev elo ped this algorithm (Rivest-Sham 6.
·.·.. Ron Rivest, Adi Shamir and algorithm . It is a ·block-cipher which conver
ts plain text
lic-~ey encryp tion 7.
.Aldeman) in 1978..It is a pub
vice versa at receiver side.
into cipher text at sender side and
flows :
· . Tf!e algorithm works as f<:>
where a~ b.
1. Select two prime numbers a and b
2. · Calculate n = a * b
- J) * (b- ))~ ·
, ·' ', · · 3. . · · Calc~ate ~(n) = (a
atively prime to ~(o ) i.e. gcd (e, $(n)) = I and I < e <$(n).
~
· 4: . . Select e such that, e is rel 1 .f
ed :mod. ~(n) = 1. ·
· ·... . 5. · . . Calcu iate of su£h that d = e- mod ~(n) or .
.
. .
e key = {d,n} .
· 6.. .· -~ bli c key= {e,n}, p~vat
.:" ,.•. .• · . ·. 7: , •- Find ou_t.ciphertext using the fomula, ..
, -- .C=fmodnwbere,P~nand
(: C
1:, ip~~itex~ P =t l;t ex ~ e = En cryJitioOlcePnd n = Bloc~ size.·
.· ·.. ., ) . . · · the · · .·
mo d Pl · ·· ·
8 ' P- , :,.. :.·n. . amtext P can be ob~n using
c1 given fonriula . . ·
. ·- · :·:~- '. ' ... 7: ' . ,
• ..
, .
', . , .
I· ', , · ,•· •
, . . · '.
'
·-' . :.:
. -.-~,·-,·. .
-:~~~;\ .
Scanned by CamScanner
4-2
c~roar¥hY and System Security (MU)
~ .
EumPle:
1. Select two prime numbers a= 13, b = 11.
2. n=a* b= 13 * 11 = 143.
3. q,(n) = (13 - 1) * (11 - 1) = 12 * 10 = 120.
4. Select e = 13, gcd (13, 120) = 1.
5. Finding d :
e*d mod ~(n) = 1
13 • d mod 120 = 1·
Do the following procedure till you are not getting a intege
r numbers
d = (cp(n) * i) + 1
e
(120 + 1) 121 .
d = =13= 9.30 (1.= 1) where, i•= 1 to 9
13
240+ 1 1
18.53 (i = 2)
d = 13 ·= ~ =
360+ 1 36 1
d - 13 = 13 = 27.76
(i = 3)
480+ 1 481
d = 13 =13 =37
Hen ced= 37
6. Hence public key= {13, 143} and Private key= {37, 143}
7. Enc~ tion :
Consider any integer.as a plaintext (P)
Such that P < n
Example: 13 ·: (13 < 143)
Now, C = P~modn
13
C = 13 mod 143
13
Here to find out 13 mod 143, use the following procedure ·
13mod 143 = lJ
ti mod 143 = 169 mod 143 = 26
4
··13
. ·. ·mod 143 =
8 2
13 mod -143 104 mod 143 = 91
8 4
:. C = . U13 mod 143) *(13 mod 143)*{13 .mod 143)) mod 143
. lit&11)¥iWtJll\ili1•iii .
Scanned by CamScanner
4-
a
Cryptography and System Security (MU)
= (91 * 104 •l3) mod 143
= 52
8. Decr yptio n :
P = ctm odn
37
= 52 mod 143
37
mod 143. As
Again use above mentioned proc ed~ to ftnd out 52
52 mod 143 = 52
2
52 - mod 143 = 130
52''mod 143 = (130)2 mod 143 =26
8
52 mod 143 = cu,l moo 143 =104
16
52 mod 143 = (104)2 mod 143 =91
5i32 mod 143 = (91>2 mod 143 = 130
Hence,
37
p = 52 mod 143
143
= ((5232 mod 143) * (52 mod 143) * (52 mod 143)) mod
4
Scanned by CamScanner
-------=-------__,;.___:_---------- .
..cryptography and System Security (MU, _ 3 %T!ifJP Jl.r? TT . WW M1iiZE
e == 7 is given,
Step 5 : Calculate d such that
· d = c- ' mod ❖ (n}
ed mod~ (n) = 1
7 * dmod 20 = 1
_};<\{-~-- $!£n}°1it+l • Wht'l'tl I • 0 IO tJ
;_·:..:- . .- .. :· ;, 't ' ...
~ ~llih#iiittli■iiiii
Scanned by CamScanner
4.5
a
I
d = t ntod cj, (n)
d n,od +(ft) = J
I 7 ._ J "'tld
:1 t
• (60"'1 +l / 17)
• 3.58 .
visible by 'e' . ·
d umgt be .:ompletely di into above_formula we got value of d
= 15
= After putting value of
.i
= (60*15 + 1/ 17) = 53
{-~:.-d-..·.-_ .~s~f
e., n J = { 17, 77}
~ 6 : Public key = {
3, 77J
Private key= {d, n} = (5
es sage for given plain text message M-= 2S.
text m
8h p 7 : Calculate cipher
25 (m denoted as p)
Plain text denoted as P·=
C = Pemodn
17
. = 25 mod 77
It can be rep.resented as
c · =9
of de cryption. Once sender sends 9 to the
at the time
ep 8 : N ow caJc uJate plain text P required text p. ·
St rece iver can calculate plain
receiver then
P = C'mod ·n
53
= 9 mod77
P = 25
elds original plain text message ..
.
.[ .... ;...... j
Decryption proc. . .
. . ·-, p . - 2·
-. ·,
es ,
s alw
.,
ays yi
· · ·
· · r• -~ :. .- ,-.. :. ~--~ · ·i
Scanned by CamScanner
1
t0lI~J::!J>\' , \ .·../ ... ...
:<•:. ' : :;~-i'.N,h~Md·Syst~m Seeurlty~MU)
_
.._ .
.' .
· · 1 ·:· · 111 1 ,-•1
.
""
·•·",'tJ.'•~~•'.
•, ' ·,; ' JJI\,-
symmetric or asymmetric key cryptography.
• •' I • I
...
n as Key exchange algorithm or key agreeipent
... - . . ., ,' ,-.· . ' . ~ .
' ·,:: '.: ·. :.' ? The nun~ 'llelima:n algorithm was widely' know
in 1976.Diffie Hellman algorithm is used
:_;;~~ orjthfu ~evelopM b1 Whitfield Diffee and Martin .Hellman er as well as receiver end so that there is
· ' . ' :,) d. ~r~t~ (symmetric) private ~ryptographic key at send
.. •.
s~e
.
:~on~ l6 ti'ansfephiskeyfromsendertoreceiver. . ·
used· only for key agreement ·not for encryption Of >
· ··. :: -.·. :: · Rei11ettiber.that Diffie Hellman algorithm is
to ~ommunicate with each other they first agree on .·
··. ,- · ~ deceyption rif-tnessage:: If s~nder and receiv~r want
later on they can use this key for encryptio~ or
, · the ~ ne key~generated .by,Diffie Hellman Algorithm
..:·· ~~pti~µ~ Let us start \Vith the algorithm:· -... . . . -
;;
)''.: ~ ~i~t.'OJfff~Melfman:Argorithm ='- ' .. '
ft)ttf
};~ ~;her ~.·.~d_c~cul~.Rs.~~h.that..
tit;r:[t;i: :e,: d:~~reg:i:~
. .·: ,: ..
·1 1f -::P.;
eshs ends this.:._R ," ,.~•
to sures...:,h.~:.,_~•• .;;":•:·_-.,: ~:,- ~=-.~-·,. ;•· . . : :· -· .· -· . , .·. ·.· ·. . . t ?!:;l
~f/ .·,:•.:·,;'·-:/:~:.·ltrun .
\ :• •,
·;·.·~-.>\ ~~-~-
·. ~_:_:.-.:·-.·~-· ·
-~:.·.:\:.,.>~ ~~.--'
.. ·
!· .-:f · \ ;
··· .__,... .,:·· :: .. : :..· :.:· ,_>·,:''. ~
~ :
·- _ ·
::_~.'.·:_._, ~.. .·_'.
1 ,:1
i;tl:('§~(i}:}~·':i ~~,P:C'\:\::,,(/ ', •.';:',_'. )': i·.,:·•·..••· .•. , . . ...
7 .,
· ..-·. . '· .~;..
the numbers to Ramesh. ··.··:•. ·.: :,: •·-;.:_. ·, '. ... :- ,,•"·, .·' ,,
'
_;_·S ~_sJ,end~ t
~~
~. ,>·,,/1-(:.:-·-:,,:: ~\> , ·.:·, ,',· :..:'., .' .
.J_
<., _.,-.
b;·usi~i·R~'-~s4:'Jtidd-
• ' -' .~ •
~.-::..
.__' ;,· \ , .: , 1
-"""' ~ •1,:• .,.., ,• 1 · "-J r•- ••" , ,,:"..· 1
·hls s~c'riti~;~
\
.. ,
' ,'• ~' • · ~ ' .
.:·f;
• "
~ 1' •• ' ' {•
:-,:N9'~v.Rafue~h'J~icrucalatin~
J • •-
/-'.\/ _-._,-:
"' . · -. :• •
'~,:·,. ,_
r' • ••
i'.:..'-i:J<F:~
,._-._ ,:·,;,>-?~,~":·/::',;·_..·>>: ~-:·-·:-·-:, ·!_>.:~<
\?::/i _\:/~'::'.\:>;: ·'..;.1 -:· •. \ _ '.-._. ,~'. ':
~ 1.~-~~~ula~ng his-secret key-SK by·q~mg ,_--.. > . , .:·...-,. ,
·
> _· ,: .-,
:. -.
·:-_ __--: ~;: ;·:::2 }:-.~: ·,. _-1 :,::,,:,•· .Y.;· ._
,:
; i: :·t·~<·\ ·i;;;,/~~
Scanned by CamScanner
4.7
C
.
h
an
d S stem securl
.
.
MU)
uresh can agree for
. ation called as key agreement
future cornmuntc -
C
1
If RK = SK then Ramesh and S
algorithm. . . . called symmetric key).
. R - S - K hence proved. (K u,
'
:,I
j .
We have K- K -
bcrs say p = 17 and q ~ ·
7
. For exampl~: .
t o large pnme num R h that
Ramesh and Suresh are agree 00 w . . _ 5 and calculate sue ·
l. dom number 5 1.e. a -
Ramesh selects another secret large ran
2. . • d 7.5 mod l 7 = 11
R = q mo p=
= (7 X 7 X 7 x7 X 7) mod 17 = 11
s =· qb mo~ p = ?3 mod 17 =- 3
_ = (7 x 7 x 7) mod 17 = 3
5. Suresh sends number S to Ramesh.
6. Ramesh now caJcuJates its secret key R" as follows :
5
. RK = Sa mod p = S mod 17
5
:. RK = 3 ,mod 17 = 5
= (3 X 3 X 3 X 3 X 3) mod 17 = 5.
. '' Suresb is calculating his secret key SK as follows :
7.
SK = Rb mod p = R3 mod 17 = 1 i3 mod 17 = 5
8. If RK = SK then Ramesh and Suresb can agree for future communication.
9. We know that if RK = SK =K =5. Hence proved.
Scanned by CamScanner
. . ·. , ; ·
,>. •.··. :o&e!o/ and 5ystem ·Security (MU) ·
:· :;'1'..-ie, .. ·. ·. .
As·mentionin (i) :
a= 2 and n = 11
Cuc ulate ¢(n) i.e.. « 11) = { 1 to 10 } =
10
1024 = 1 mod ll
S = 8
Buresh.now sending S to Ramesh .
· (iv) .No~,~e sh and .Suresh c~kulating their secr
et keys individually: .
. 1. . . R ~ calculates it's secret key RK as follows:
.[S = 8, p = 11, a= 9]
· ~ - = . s•moop
9
· ·:·\·· ,-
- 8 rnodl1=7
.. ' : .2 .. •·-~ h calculates it's secrete·key S~ as
follows:·: .
.. '
.· ·sx: ·.= Rbmodp ·
3 ' .
-• ... - 6 mod 11 = 7
• '·
' ., •
Hence;......:::....;;:;:.;;;..;;;;..;,;=;;;..;..~
'' . .·
Scanned by CamScanner
--- i,9
~ -~ ~: - - - , -/e Hat/n.,_., _ ,
,__ -entione-d.In Dif e 8-a _
f ,,
p· S'""ll'lo
- io:'i.1'.1
1
U . ·-, not•
tlo ,; s-' m and p
q -
sam _
-18 _ - "-.''la czetc
M t e,
·s,..,,
~ ) 1 /fY - ~D
' ·
r : r1'1"tlnQ • u ·p de_ n-o·
. ·
= '
fiffl ·
.
=•otv~'1Jno'Yr,o -u _ C/in..
2, eaci, "V8e ,•<,, o-•..
11od .. . - -, ·; ; ;,".\l/@ f h , a - : :
- -
, t -
"" • -..i~".,..1,,1. . ..... .. - - - -
f
g e w here P
= 13 , g (i)
b
-
,n--- l• • --. ha n
- -- -·_ > •. - " k y exc _
& ~ -- .
- -,, I'"• H1,1,./m8 and 1 n • 1 1 ,
(ii)
.. 'U ' - ~
UnIg
"' b
I a. ,nmum
/4- o
t .. ,
IO,,. llii
I n d nII
o dltond
.1 . t k e y ? f a n~a r.,,
o. r lAf<f hit,, common , . o , umber, ?
l t 9o
if he sees P, ~ (iii)
W r e t n l ru n
their ,.c e f, 0m pro
to- co
Case
(I) now/ e
_ d 9
r m g a in any k
anhalnl Il!IWIH»
(Il(Il)I) C W how?
1 ,"YN,ahow
1 'th
m,
-
H e ll m a n algon
le
An&: ccording to Diff d B as S u
~h
A s h a n
ame
e t u s sa y A as R
and g =
L 2 q,
Als o p = 1 3
d en o ting g as
e are
o u r e x ample w
Here in 13, n.
. · . p _=
l lm a n aJ11on11u
e
q = 2
.
usin 1 1 Diffie H , 2.
b = 11 by 1 3 and q ,
=6 a nd p = beca
o ted as, a J ri m e numoo,. t
t n u m ~ ,. d e n
t w o la r g e J
te R s uch tha Sure
Ser: te -0n uJ a
a n d S u r esb 118i'ee . a = 6 and calc
1. Ramesh n o th er secret
IJO
: 6 , p : 13]
/ei : ts a =2 , a
2. Ramesh se q ' l l lodp[q
R = 6 od 13
= 2m
2
R = 1
to Suresh te S such that
ds R Ja
3.
Ramesh
sen
"' I J and calcu
b
4. m Dll11]ber
e,•la rg e raiido
" ' 11 , p " ' 13]
th b
!et;ts ano ad p [q
"2,
sllresh se S " q m
1
lOd 13
== i1 ll·
S :: 7
C
S to Ra11}esh.
5. n
SlJtesh se .
ds .
key R as fc .i1 . ·
t
6. R
Jc uJa~ it's Becro I(
Oi OWs . R
w ca
lllnesb IJO 0d [,S p ,. 13] R
:: s4111
RI( 7, a:: 6,
P . "' f
. 6
d 13 E
::: 7 lllO
-
.
. .·,
== 12
.7. .. .,._ · · Ric ting hi
S11 .. alcula s as £011 OWs: .
- ~ , , is C s Becr et k e y
· IC
b d p (R - 12 ,p:: 13
]
- S ::: R llllO ll0d13 b : : 1 1
{ . I(
~~::~~~~- 1
- '
iffiiP•ifli~~ :: 121
--- - . -
· .
·- ·llltJiifi1
~
Scanned
:
· ··. by CamScanner
4-10
Think: what is happening ·7 Ramesh is thinking that value of hi~ secret key is and Suresh
~so !
thinking that value of his se.cret key is 3. But actual communication is mtercepted by mtrude
m. Dunng
real communication between Ramesh and Suresh inttuder m sending his own secret keys
to Ramesh and -
Suresb. H Ramesh sending his se.cret key RK = 1 to Suresh because of man-in-the-mid
dle attack.
Intruder m sending his secret key Ric= 3 to Suresh. In return Suresh is sending his secret
key SK= 3 to
Ramesh, intruder m sending his se.cret key SK = 1 to Ramesh.
Both Ramesh and Suresh not aware that communication intercepted by intruder m such
type of
· -
anaa is called as man-in-the-middle attack.
Q. 8 State and Prove Fennars theorem.
Ana.:
to
Fermat theorem plays an important role in pu~lic key cryptography. For this theorem
~ d o n e has to have_ ~owledge of Prime number, Co-prime number. prime factoriza
tion and
GCD Le. greatest common diVISOr that bas already been explained in this chapter.
Theorem:
For any prime number p , a is the integer which is not divisible by p the~
aP- 1 = l(mod p)
: ... (1)
A variant of this theorem is
Scanned by CamScanner
• 4 • • - ' • • • ~ , ,.
.
.,. ~
':. ·_.,.
'; ·_:;: .
4-12
-
cryptography and System Security (MU)
Hence proof above theorem.
Considering another form of theorem in Equation (2).
Let us have a = 3 and p = 5 then we have
5
aP = 3 : 243.
□□□
tit■ D1Mdiiiilliiii
Scanned by CamScanner
Chapter 5 : Cryp tographIc H
18 h functions
.
. sig
51'
(3:
AnL:
ary length and 128 - bit
It w_as dc~o ped by Ron Ri~ t This algo ri~ takes an input of arbitr
~ digest is produced. The mput m~sage 1s
p~uc ed in 512 - bit blocks. Fig. 5.1 shows
ins ~e procedure of MOS.
processmg of a message-to produce mes~ e digest Followmg steps expla
Messa ge
Padding bits 4
(1 to 512) (nmo ctel )
L• 512 bits= N•32 bits
j.- 512 bits+ 512 bits -.j ft- 512 bits ~ t-- 512 bits~
IV
' .. ~ ' .. -
.,_
128 bits
massag,
I.· · digest
Fig. 5.1 : Detail steps of Messag
' I
,~••'> ··
~~!;~r
A buffer is represented
A 128 - bit buffer is used to store the intermediate as well as final result
~i.::::
P = 67452301
j
Q = EFCDA1389
R =.98BADCFE
S = 10325476:
It used a little - endian ~ - Hence initial values (IV) are represented as,
P = 01 23 45 67 .
Q = 89AB CDE F
R = FED CBA 98
S = 76 54 32 10. ·
CVq
{4) Procea Message in 512-bit {16 word of 32 bit) blocks : Mq 128
It consists of four rounds of processing as
shown ~ Fig. 5.2. These four rounds have similar
strucmre but diffel" in primitive logical function
refen-ed as A, B. C, D.
Each round takes input 512-bit block,
processed it and produces 128 bit outpu t The output
of fourth round is added to the first round CVq to
32
produce CVq. 1 using addition modulo 2
. .
CVq+1
Scanned by CamScanner
1:1111 :; 11·;. •
'
:;a1
' 1
~~ .\
,: 1
',• . I
l
I C1Yptography and Sy1tem Seour1!Y (MU)
·1
i
(5) Output : digest is produced as a output.
After proce111ing all L 512•bit blocks, the 128 bit message
The entire MD5 process can be summari
·ud 88 follows :
CVO • IV [ M CVq ] J ] ])
CVq+l • Sum32(CVq, Rfd [ Mq,Rfc [ Mq,,RFb [ Mq, Rfa q,
MDSSum • CVL
Where,
IV• the initial value of the PQRS .buffer, mentioned in ste P 3
Mq • the qth 512-bft block of the message
CVq • the chaining variable processed with the q-th block of message
RF • the round function using primitive logical function a, b, c, d.
MDSSum • the final hash result or .message digest
Sum32 • addition modulo 232
Q. 3 Explaln cryptographic hash function criteria. Also explain SHA-1 and different steps of working
of SHA-1. Dec. 2012. r,.la 201.;
Ana.:
The SHA was developed by NIST in 1993. It is referred as Seeure Hash Algorithm- I. SHA - 1
takes an input message of a maximum length less than 264 bit$ and produced an output of 160 bit
message digest. The overall processing of SHA-1 is much similar to MD5. The processing is explained
as follows.
(1) Append padding bits:
Padding means addition of bits to the original message. To make length of original massage to a
value 64 bits less than multiple of 512. The message is padded to make the length of message
448 mod 512. The length of the padded message is 64 bits less ~ an integer multiple of 512. The
padding message consists of a single I-bit, followed by many Obits as required. The length of padding
1- bits is in between 1 to 512.
,j
(2) Append length :
A block of 64-bit is appended to a message. 64 bits of original message is appended to the result
of above step 1 (Original message+ Padding). It is appended such that least significant bytes to most
significant byte.
(3) Imdalbe MD5 Bulfer :
· A 160-bit buffer is 11sed to store the intermediate as well as final result The buffer is represented
as five 32•bit registe.rs as P,.Q, R, S; T, as. .
P = 67452301
Q = EFCDAB89
R = 98BADCFE
S = 10325476
;. T = C3D2ElFO .
:~
.,; · . t,.i@Jt,►ii@N■Ni■ID
Scanned by CamScanner
5-4
)
~r ap hy and System Security (MU
ian method. First four registers are same as MD5. These five registers P, Q, R, S,
Jt uses a big-end
Tare represent.ed as,
P = 67 45 23 01
Q= EF CD AB 89
R= 98 BA DC FE
S = 10 32 54 76
T= C3 D2 El FO
16 word) block:
(4) Process message In Sl~ blt s (32 bit rred as Fl. F2,
h as shown in Fig. 5.3. These rounds refe
It consists of four rounds of 20-step eac itive logical function. Each round take
s
ctur e. The se rou nds used diff erent prim
F3, F4 have similar stru output. The output off our th round is add
ed to the
ck proces sed it and pro duc ed 160 bit
input 512-bit blo
s an additive constant 1'i, where OS + S
79.
to produc e CV • Eac h rou nd also use
first round CVq q + 1
K1 = 5A 827999
~ = 6 ED9EBA1
Ka · = 8F1BBCDC
~ = CA62C1D6
. (5) Ou tpu t :
the
After processing all L 512 bit blocks, 32
J(j() bit message digest is pro
duced as output. The
forward ---_-._ . _1,K,W (0 ... 19] ·
SHA compre~ion function uses a feed
q input of r-- -wi: · . · 20 steps
operation where the chaining v~a ble CV
ained (last
the first round is add ed to the output obt P. a
step) after execution of 80 steps to
produce the next
. 5.3.
chaining variable CV q+l as shown in Fig
t , .... . .
. ·,-_ .
160
cvq+ 1
orithm ·
Fig. 5.3 : Four rounds of Secul'e Hash Alg
-
.. ~lliiiiUtl•tiiilltN
Scanned by CamScanner
~-('v,l
d . l 'th the first block in a chaining mode
• , ,tilt valUt m tM PQRST buffer, used to ea W1 .
. tht qt1' S1Mit block of the message ·
~- the ~ining variable processed with the q-th block of message
ft(:__ - ) • output of the first round consisting of 20 steps
___ l • outi,ut of the second round
BL __ ] • ooti,ut of the third round
-k (_ __ J• outi,ut o'f the fourth round
~,:.::;;;;~ - addition modulo 232
• the final hash :mutt or message digest
I
Bothve derived from MD4
SI-.. No.
1.
, . B0 th are QUl'te smu
,,
:>
. .-,--
· ·1 ar. They differ from each other
·._ s~:•··,·:_·- "I}> .:·<::·,.: -~. .
, .. ,
..
in design goals
. ...
,: ~~.
· •. .
-
,,
It u~ a 160-bit message digest. Hence It uses a 128 bit message digest. Hence it is
. :.·
.. .·· .
.,.. -.-•-
., .•.•~"i';-:; .
,
it is stronger against Brute -· force weaker than SHA-1 against Brute - .force
attacts than MD5. attacks.
' 2. SHA-1 is not vulnerable against MDS is vuinerable against cryptanalysis
' ayptamilysis.
' .
3. ! SHA-I is $lower than MD5. MD5 is faster than SHA-1.
4. h ~ big - endian method to represent It uses a little endian method to r e ~ t the
the message. message.
5. SHA. bas 20 rounds. MOS has 64 rounds.
.,
6. Bit rotation counts for SHA-1 are the In MOS each round has its own bit rotation
same for all rounds. counts.
Ana.:
· o.gital signatures are essential in today's modem world to verify the sender of document's and a
bis idmtity.. A digital signature is represented.in a computer as a string of binary digits and computer is
using a set of rules and regulations (algorithm) to identify.the person signing the document as well as the
ooginaJity of .the data. ~an be v~ed. A digi~ si~ature -is defined the -sign~ture ge-nerated
dectrooically from the digital computer to ensure the identity of the send~r and contents of the mes.uge
r- P.a~y-sOIUIIOJIS
Scanned by CamScanner
:'r--
r:
r; ·, .&vptogr$hY and Syatem Security (MU)
' s-a:
f.-: · .:not be mo_dified du~in~ transmission process.·;Digital signature _techniques achieve_the a~then~icity, _
i · •· te · ·ty and non-repudiation of the data over Internet.
_ _ _ . . . ___
.-m gn Concept of digital signature is that sender of me.ssage uses ·a signing key (Private Key) ~o s~g!1 a
_the message and send that mes.s~ge a~d its digital ~ignature to a receiver over ins~ure com1?~01cation _
·channel. The receiver uses a·venfication key (Public Key) of the sender only to ve?fy _the ongm of the
• message and make sure that it has not been tampered with while in t_ransit as shown m Fig. 5.4. _.
Hash value of a message when encrypted with the private key of a person is, his digital signature
00
that e~Document. Dighal signature is an example of asymmetric_key ·cryptography which uses three
differenralgorithms to complete the process. _
. 1. _ First.st~p i~ key ge~eration algorithm which generates private ·key and a corresponding public
key. .
2. Next step signing algorithm which selects sending .message and a private key generated i;11 _step 1,
to produce a signature. ' .., ' . ' ~ ' '
3. _ Third step is signature.verifying algorithm which -verifies the authenticity of sending message ·
.and public key,. ·
Sendet . Receiver
• .• ,
, .
. . .. . .
• • ; \ p •
.
. ./
Sender private ·
key (signing key) .
.
' ··.·
'J . Sender public
key (verification. key)
_. '. - -:· As· mention6d _above the signature is generated with the help of priyate key. - Toe - private -~ey,
which .is never shared, is ·used in signature generation, known.to sender only. Public _keys, whlch are
. known .by everyone, can be used to verify the signature of a sender. Every·sender and r~iver having a
private and public key pair1 the reason digital sig~atu·re called public-key'cryptography. • _- ' · _
.. . . '. .. , '
Scanned by CamScanner
5-8
,. . .~ y and srtem Security (MU)
;. ~ t mutual ~uthentication protocol was published in 1978 by Needham and Schroeder. This
s purposes that includes secret-key and public key generation and
· 1be ll'Sproposed for variou
approach was . .
.t. (iistrit,ution of those keys between sender and receiver.
N~a m and . Schroeder protocol uses a secret key known to the
sender and . als~ to _an
'
commurucatton with
authentication server. Sender and receiver share a secret key and use it for secure
authentication server.
Slept of Needham-SChroeder Secret-key Protocol :
ion with receiver
SteP 1 : . Sender A requests for a ~Ion key to authentication server for communicat
es A's secret
· Bas shown in Fig. S.S. The message sent by A to authentication server includ
is basically a
key Ka, A's network address Na, B;s network address Nb andanonce. A nonce
request sent
random number used to demonstrate the freshness of a request denoted by N. The
by A to authentication server which is in encrypted format E denoted by,
E (Ka, [Na, Nb, NJ) -
.
Step 2: Authentication server returns a messag e, containing a newly generated key Kab (used to
the response
encrypt communication between sender and receiver), nonce N (to match
same shared
received from authentication server with the request sent), ticket (contains the
key Kb and
secret key Kab, as well as the name of the ·sender A) encrypted with B's secret
that no
whole these message encrypted with senders private key or secret key Ka to ensure
be expressed
one else can read it. The message that authentication server sends back to A can
as:
E (Kah, N, {A, Kab} Kb, B1 Ka
ticket and sends the
Step3: After receiving replay from authentication ~rver, sender decrypt the ted fonnat
ticket {A, Kah} to the receiver B. A sends the ticket to B which is not in encryp
Kb . .
because it was previously encrypted by ~thentication server using B's secret key
(A, Kab) Kb .
compares sender identity.
Step4: B decryp.ts the ticket received from A using the secret key Kb and
B is again encrypting the ticket using shared secret key Kab and
generates nonce NI and
sends it back to receiver. This can be represented as
E(Nl) Kab
In this ~te,p :B got the seaion key (Kab) for communicating securely with A.
the senders
Step5: Sender is. deciypting the nonce NI; using the shared secret key Kah this proved
identity. The sender sends ~pon se N1+1 encrypted using the shared secret key
Kah.
·B(Nl +l) Kah.
other using session key
· Step 6 : Now sender A and receiver B can securely communicate with each
generated. ,. . .
not possible for single
- !he. main weakness of this p~~ l is that for larg~ networks it is
is practically not possible.
.autbentioatton server to generate and distribute number of session key ~hich
B is stolen, and the ticket
. · . Another weakness is that if session key between sendei: A·and receiver
to 1:t 1u·ecorded, attacker can:easily copy the contents of a sender A
by performing last 3 steps. .
.. :, . ~., .
I. ,l S I/ S 111111 I II II S .•·, .·.,·.
•' I
... :,,
.. '. .. j
Scanned by CamScanner
MU
"-----
2. Replay
Authentication server
er
5. Sender responds to receiv
□□□
:., ..
· ··.'.
•'· ' •
, ~- \i .. ·
-,.~ ....,· '-~ ··-·~.
~ ·• 7 ., , "';
·- . .
Scanned by CamScanner
-
c~toaraphY and system security (MU)
-
Explain the process of Digital Certificate generation and the process of evaluation of authenticity
of Digital certificate. DfMl•
Ana.:
Kert,eros is also called as authentication protocol. Like when to start in j ~ y we need a
confirm ticket then only we can do our journey safely. Kerberos uses the concept of the ticket as a token
to prove the identity of the user. Microsoft introduced Kerberos in Windows 2000 server. as .a. default
authentication protocol. Kerberos uses the concept of a ticket as a token that proves the 1dent1.ty of a
user. .
Tickets are digital documents that store session keys. Instead of password, tickets are issued
during login session and then can be used in any Kerberos services. For client authentication phase
requires two tickets :
".
Tic~et Granting Ticket (TGT), which act an identifier for user and session key. A service ticket
t.o authenticate user to gain access to user for particular service.
The same concept of ticket is used likewise we use railway tickets it has time duration, expiration
dates after that ticket become invalid. In Kerberos these ticket includes different contents like time
stamps to indicate an, start and expiration time, after time expiration the ticket become invalid. The
timestamp is the time set by Kerberos administrator depending upon how much time service is required
to the clienl
(f) Kerberoa Servers
To accomplish the task of secure authentication, Kerberos uses a trusted third party is called a
Key Distribution Center (KOC). The Key Distribution Center uses two techniques for authentication :
Authentication Server (AS); which performs user authentication.
Ticket- Granting Server (TGS), which permits/ grants tickets to users.
The role of an Authentication server is to store a database like ~ret key of the users and its
~ces. The secret k~y of a. ~ser is gen~rated using. on~-way hash of user provide pauword. The main
-aun of the Kerberos 1s provide centrabze authentication of entire network rather than storing the
sensitive ~onnatio n at each user machine, the sensitive information will be maintained at particular
secure location only. · ·
As sho~ in Pig. 6.1 first client and_authentication server authenticate themselves to ~b other.
Scanned by CamScanner
~(
~(MU) ~ ~
ene:r:e,anctse:" Authentication
server dee
ke)
foll
en•
co
fCj
all
gt
kc
C
s
s
I
Service
CJie~t and Ticket granting server authenticate themselves. Finally client and requested service
provider authenticate themselves to each other regarding which information/ service client wants.
(Ill) Authentication Details
During authentication phase user has to provide usemame and password on the client machine
which cryptographically bas)ie4 to create a secret key for the client After client verification done with
authentication server, AS will replies the following details to client as shown in Fig. 6.1. The client
Ticket Granting Sever (TGS) session key Kt, encrypted using clients secrets key .Kc (which now stored
in authentication server). · ,
The ticket _granting ticket (TOT) e~crypted using the secret key of the Ticket granting server. The .
ticket granting ticket includes the client ticket granting sever ·session key Kt and its validity period; 1'be ,
client · now decrypt · the Ticket Granting · Server · session key Kt . using his secret
key Kc..To req~t as service client sends foll~wing two m~age to ticket granting server (TGS). 'fbe
Ticket Granting Ticket and the name of the semce Sr that client wants to request. • ·
· Authentication token which includes. c~cnt ID and ~me stamp, encryp~ using client ticket
granting· server ~on· ~ey Kt Upon r:ecetvmg all the details from ~ent .Ticket Granting S~!!,
V ~ ti I II I I
tlJ t! ii :,, II II S
Scanned by CamScanner
~ and System Security (MU) 6-3
decrYPCS the Ticket Granting Ticket using Kt, thus retrieving the client Ticket granting server session
teY Kt and tbc validity of the ticket granting ticket If it is valid then Ticket granting Server sends
follow ing~ to the client
. New client server session key Ksc, encrypted using TGS session key Kt. Client to server ticket,
enayptcd using specific services key Ks, known to Ticket Granting Server only. (Client to server ticket
c:ontaim the client ID. network address, validity period and the client server session key Ksc). Upon
receiving all the details from Ticket Granting server-client decrypt the client server session key Ksc,.an~
authenticate him to service Sr by sending following messages. The client server ticket sent by the ticket
granting server in previous step. The client ID and the time stamp encrypted suing client server session
key Ksc.
1be service provider decrypts the client to server ticket using secret key Ks and obtains the client
SCl'Yel' se§ion key Ksc. With the help of client server session key Ksc, service provider
decrypt the
cliellt ID and time stamp information. To prove the final identity service providers i:.1crement the time
&1lmp by 1 and send it bact to the client The client decrypts and verifies this response using
client to
sena- session key Ksc. Once this verification get succeed, now client - server can start. · Kerberos
,,,•.,.
protocol was specially design to check the authentication of the client over insecure.network.
Q. I Does a public key Infrastructure use synvnetrlc or uymmebic encryption ? Explain your answer..
- . . ' . . .
Ana.:
Public Key Infrutruc ture (PKI) is cryptographic technique used to secure electronic information
with the help of certain techniques such as digital _certificates and digital signature and transmission of
this information securely over internet. PKI consists of certain security policies, software's,
and
eechniqum that are required for key generation, key management, secure storage of generated keys, and
di.mibution generated -keys. A public key infrastructure is created by combining a number of services
and llcdmologies. To complete this technology, there are various components of PIO arc required.
-Q. 3 Lisi the certifying authorities In ·1nc1a and worldwide. Allo list the steps to acquire the digital
certificate.
The certification authority (CA) is a ttusted unit that helps to issue certificates. A CA takes the
cer1ificaie request from owner, verifies the requested information according to the terms and conditions
of the CA.·and uses its private key to apply digital signature to the certificate. Responsibility of the CA
is ID identify the correct identity of the person who asks for a catificate to be issued, and make sure that
the infonnalioa contained within the certificate is legal and later digitally sign on certificate.
· 1be CA may generate a public key and a private key ·(a by pair) or the person applying for a
·certmoaJe may have to genenae their own by pair and send a signed request containing their public key ·
• to the CA for validation. After lbe· verification from CA it ·sends certificate for final verificati
on to
-~ authority (RA).
··G.4 &pla the proceaa of'l)lgltal Cerllble generation and the PfOC888 of evaluation of authenticity
Dec 201 J [kc 701 l
d Digllal ceftlflcate.
.Ania:
.·. .· .·. · Digital certificate is ~ electronic file that is usod to identify people and ,.ICS()Ul'CCS over ~
: •nsiean channel or .•. netwolt called Internet. Digital celtificate also. enable secure, ~nfidential
.·•~ ',_ ~ lJlldiA1AiffilN!iiW . - . ·- .
. . ..
: · . ' .
Scanned by CamScanner
C
_ . .- -- _ _ tiur ~xampfo when we traveJ to anothe •
1 u1Jn1 ern:rYP'·1on. r- 01 · 1 ·fi _ - t
conununicalion between sender and roce v:,li•h our Jderttit)' f11Jd gain enlf'Y· tg.ita certi 1eate provide
country, our passport provides a woy to C8 -
similar identification in tho electronic worl d, . _ etetiftcatet witb authorii.td digital signature.
'°
. The role of Certification Autbo~ity (CA) • ~ ~~ J• to validate the certificate owner's ~dentity
1 8
Much like the role of the pas1port office, the role of t _ unautbOfju<J user. Once a CA has signed a
0 7
and to sign'' tho certificate 10 that it c11nnot. ~ tampered
certificate, tho owricr can present thoir cettaficate to peep e,
web sites and network resources to prove
Public ktY of certldcate o~ncr : Cortlfioate owner'K pubHc key, which iH used to encrypt
confi denda.l
. inforn,aUon
. of the- corUhcatc owner.
Issuer unique ldentlfler :. lndent.ify the CA uniquely i.e. whether Hingle CA signed it or i11 any
CA usins same detnils.
owner unique klentlfter : lndontify the owner uniquely if two or more owner ha..-i used the same
namo over a time.
Extensions to certlflcate : This is an optional field which allows a CA to add additional private
infonnation to a certificate. These additional fields are called as extensions of version 2 or 3,
re,,;pectively. .
· . Certlftcatlon Authority (CA) Digital Signature : In creating the certificate, this information is .:,
digitally signed by the issuing CA. The CA's signature on the certificate is like a tamper-detection seal
on packaging any tampering with the contents is easily detected.
Q, 5 · Does a public key Infrastructure use symmetric or asymmetric encryption? Explain your answer.
I
Ana.:
Basically PKI is the combinations of all techniques, policies and methods of securely
implementing public key encryption.
I
Th~ name public key encryption indicates it is asymmetric key cryptography; hence PKI also
uses asymmetric key cryptography as a basis for encryption
·· · ·. Pretty ·Goo(l Privacy (POP) is a popular open-source freely a~ailable software pac~d
~hruq~~ used _to :encrypt and decrypt em_ail messages over the Inte~et. · POP is an e-niail securitY ·
. {ii t,1!;v-~u111 111111s
Scanned by CamScanner
. . . _ facto tanc\ d for e. lt\uil
)ll'<PtfUn wrlllen hy Phil Zimm rm1111~ In 1991, POP rro ram t,ecom · 8 d nr or intnJdffl, · ··
.11court1y uHOO It) ~tore the encryr>t d 111 .N No that It c1111 be non-~ adablc by olb . .• . . . iv« v ri.fy the
.· . 1TblN rro •r111n 11IHQ bo uNed to 8cnd 1111 encrypted di ltul l n4tu • l~t : n mi •slon. One() the
114>nd 1' ~ ldcintlly 1111d know thnt th . Ill . .II e WW not chan ed or modlfle(lwh\ • One . ; . . con~ nt
tllo i~ ~norypt d ll ln POP pro 11m only th · intend d r ciplcnt c n d rypt t . fil e<>tl\ . from valid
di . it11lly sln d by N mt r, th nd t u1mmt to th . r clplcnt th t m . · ·.~ l the rov . or tu
~endcu· rmd not' by rttu k r. Di ihtl i n1.rure function ulty of PO .n. t _ut · .•
oom~ fn_,,m Ute s-Jtd t ,u1d no, ftom un intrud r.
tlC
Scanned by CamScanner
-
7-f
cryptography and System Security (MU)
Q. 2
Ana.:
What Is buffer overflow In software security ?
Attacker can insert malicious data values / instruction codes into overfl
d as well.
checking is not performed by C compiler, pointer limits cannot be define
Example: int B[15]; '": :"~
d after that bound then the
Here the array bound is (0 to 14). i.e. B[OJ ...... B(14). If anything inserte ' !
<, •
Program Program
➔ r+ Inatruotiona
lnatru
.~,
.
ctiona
'
HEAP ~
HEAP
Oynamlo Memory Malloiou1 code!
-
' . Procedure Call Procedure Call
Frame Frame
~
·"
' Mer Buffe rov~ w
- :
"'
. Retum !ddreee
' - Modified Ptetum ·
Addr"81
' Q.3
Fig. 7.1 :Buffer overflow attack
Ana.:
. ·0ue tQ incomplete mediation serious security threats can be introduced
·exposed and can result in uncontrolled condition.
as sensitive data may get
II
(' a S V - ~ 11 I II I I II II S
Scanned by CamScanner
7-2
;z
.~
~
r :1md ..
ytltm ~rlW iMU)
- urcbMeltota1=935,
Enmpte:UR . . http://www,onHnestore.com/P , the request to the server. RL :
. st and resubmit u· . are very dangerous. Proper
U~-l' e~n tdit the toll\,1 '--o· ,. Such kJtid of vutnera~ J_lles not available to the
http·/ ·ww.oolmcst:ore. ornlpm-ohmsc/lutal.03 ' Such edjting penruss1ons shoU1d
ccare s.oould ~ lt\l-en to avoid suclt vulnerabilities.
Us;)f,
Q. 4 What are different types of mallcloua code ? Dec . 2013. f.la 2015
Ana.:
Malici~us software is so~ware where an attacker can get partial or full control of the program.
Thus attacker 1s free to do anything that he I she want to do. Fig. 7.2 shows different types of malic~
software's.
Types of mallclous software :
Trapdoors
Trojan Horses
Bacte11a
Logiobombe Worms
Viruaes
Fig.7.l : Different types of malidous ..__
&Ou.ware's
1: a s I/ • S fl I II I I II II S
Scanned by CamScanner
.,
czetograJlhy aod system Securl~ (MUL ••,
• ·.. Trojan horse : ·
'
"ff$f72SPZ J Zil!!S S r
. · · It is a computer.progmm. AlonR wlth Sl'l\\t, uscl\11 t3o<lc 01· f\111otlo11; 11omo hidcJon malicious code
. or function is there which may hnmp¢r l~ l'f{Wl\ll\lh.:O or s~~lll'lty 111~uhn11ls1t1s, Useful information can be
· . stolen by attackers,
· Bacterium:
. Bacterium is a spedn\ kind of vims. Vlnis ls getting uu11chod with different flies but bacterium
does not get attached to a specific tilo.
Logic bomb:
: . · . Logic bomb isSenerally u:-e-d in DOS (Dcnlnl of service) nttucks: When specified conditions are
met it activates malicious program logia. Tl mny ct11111ago system resources greatly.
Time bomb ·:
.This gets actl\1nted when spooificd time occurs.
Rabbit·:
·Uis a kind of virus / worms thnt rcplicntos Itself without nny limits. Th~ intension is to exhaust.
· resources. .
~pdoc,r/b ackdoor.
. ··· .,. ·· · An mtruder can enter into the systom by bypassing n.11 security services or mechanisms. Thus
·.i·. intruder knows the flaws or loophole.c; in the systorn nnd can get these loopholes to gain access to the
· computer. ·
Vll"Us:
:-,··:. · · · : It.is a self replicated, hidden computer program. Virus cannot run on its own rather it requires.
host program to run it and niako it nctivo. Malicious logic is written in the program which infects
another program. .i.e. it becomes tho pnrt of nnothor program, ·
. .·. .. ', ' . .·
-.Virus Countermeasures:
: . . :' (a) ·. Use commercial software from trustworthy sources.
•.. . .·- .. (b) · :OP.en only safe ·attachments .
. • ; (c) . .-I(~p ~overablc system.imago in snfe pince . .
·. >(cl) ... Use virus scanners often (daily). ·
.:/.: (e) .. ·::·Update .virus dctect9rs daily as Dntnbuses of .virus si~·~~tures change very often.
; (f) Test new spftware on isolated coniputcrs. . . .
.>· (g) ·.. :Backup e~ecutable system files. · ·
i· :.. ,· \Vo~: .:- ·•: ·· ·
·.Et4¥4•itlrn
.. . . .
' . '
'
$Llll . :
. ' .
Scanned by CamScanner
iJ,i,_ _ _ __
I' ,
,,
7-4
CIOUS code
• · ·
1. ,I ~ II !> il l
Scanned by CamScanner
:rt
. ·-::_.,.
. ~ .· ;,.
•'
·..·Mode:
e can oonupt the.fun,,,"'tiOMlity of ~-omplcte OS.
.•.~ :mode·wry
roo&kits ue wtalled like an OS henco.nl)'
hard to dotcct. It can be de.~ tcd after some c,~ t or crnsh.
• • ,
'·,·1toottib are
• • ' '\ • j • • • r •
amongst all. Makodc is crea ~ itk~dc a firwa re. At s~'tem stnnup this
.:\ ~\t:_..'. ···firmware's are dangerouissvery bard to remo,-c•
,· .'. ··:·.malw.are will be reinstalled. It
. · . / '. ~- . .
. '
· It is explained as follows :
X_scri~ a message to Y. which is intercepted by Attacker
:,
· 1. ..
account number'
•· .·:.f} ··•·.· X I want to depos.it money in your account: Ptcase send
0
(;} . ·.•
J_ . ~ --~.. .'
□□ a ·
.- ·. •.
System Security
Chapter 8 : operating
Hardware
Address
L im lt a tf o '
High
ea sv -s u1 11 11 n1 1s
Scanned by CamScanner
Address
Addr8SS
Umlt . ·um1t
Register
Register
·Addresses Memory
0
n
!
p
p +·1
n+1
t t .
Addressing
Addressing
Range
Range
l
.l
High High
' .. .
. ... 1 ' •. . . . . . ( •
. ' .
.·
·.. : . ';-' •
...
~· t • !. -. -.., . ~ ;-·,,:, .... ~. j ·, ,
.. ·. -.. ; . .
1 ·• '\ - -•• ,,
ln
OperaUng
.. .. system
Base
User
Program Sp11oe
Data base
Data bounds
User Program
and Data
Space
Program bounds
Scanned by CamScanner
-
8-4
c~to9raphY and System Security (MU)'
As shown·in above diagram a pair of base / bound registers can be used. One pair can be used to
re instroctions while other can be used to store data. Thus interface of different users programs can be
s:idcd to certain extent. Tagged Architecture is an alternative way to identify access rights. In this
:very machine memory word has one or-more extra bits. Privileged operating system instructions can
only set these bits. For every access these bits are tested. Fig. 8.5 shows targeted architecture.
lag Mqnory.Word
blJrv
...... r'
.•.:;. ..t
4091
~::;=r~~\V~:~ ~-
Architecture
3. · Segmentation:
.Flg.. 8.5 :Tagged
_ Program is divided into separa~ pieces called as segments. The~ pieces are having _relationship
with all code and data in the program. These pieces can have different access rights. Each segment has a ·
unique identity in the system.
<name, offset> pair is used to identify a code or data item within·a segment Name is_the segment
name and offset is the address within segment. Fig. 8.6 shows logical & physical representation of
segments.
I! ;i S V· S II I II I I 11 11 s
Scanned by CamScanner
8-5
14 er
cixptography and System Security (MU)
· Operatl~g
--
4.
System
C2
u~ rA ..
· Pro~ram Sp$(;$ · IT
Data base
users tr
Data bounds
.__ ____...,_ --- .. - i:>ataSpaoe
User A
Data Spaoe
Use r Pro gra m
and Data
. Space
. U~ rC. .·
Pro,gr.,-n -~~ -
1,/ ;~;·~,:~(-~\;;
-:~,
Program bounds
ation of segments
Fig. 8..6 :Logical and physical represent
es and
can be easily relocate d any whe re. The operating system stores segment nam
Segments m execution.
ress into ~gm ent add ress tabl e. These addresses are then translated for progra
their true add as shown in
ses can sha re a sam e.seg men t add ress table if ~hey belong to the same segment
Two pro ces
.
Fig. 8.7.
Segment translation table
d
8
f
Scanned by CamScanner
5
;;;;;
· . paging: pieces
which program is divided into equal sized
Pagingiis an· alternative to segmentation in _ _
_
; _:· · · citlled as page.s. tcm
ng system and addr~ss translation is same us that of segmentation. Operating _11ys
,. . •. · Addressi _ ·
· _
·t·. ·maintains the page translation table. s Page address
All pages are of sam e size henc e there is no fragmentation problem. Fig. 8.8 show
{} ·
· ( . , uanslation
Page translation table Memory
r... Address
Logical program page ~ddress
,1,..·.,,•. · 0
f~\ .. ~·~ ·
. .f '.'/ ,_:b_. . •. a
!·._.,. i?,.' ~-'. ~
:.~
b
)
0 locatlon
37.Page 4 '
d
e
Page 7
Page 1
g
Page 5
h
.',:tr:z:~·;f/:.
·~:~!
,.
l • - ,
. -'f. . .. ~ -
'ilfi· •. , ·'.:"' ..
;.;f~:>,- :·~•IIH1#ti1tt;o,■ iii -·.· •. ,·:,
. ' .; ,: .
Scanned by CamScanner
$Q'.pt(>gtaph¥ and $ystem
Security (MU)
Segment translatlon
table
8-7
:z.:;
-
Cr
MAIN
Page
Segment table
0 n g SE G_ A Pa ge 2
SUB
h.
DATA_SEG
word 20
Segment DATA·SEG
ion .
Fig. 8.9 : Paged segmentat
□□□
.- ..
.' , .
• ,• · :, r •
f.- .
.. ·-··. ·: : ·, -·
. .
~ ' .' .
Scanned by CamScanner
· i. ~ •
9-1
.I< .. · hy and system security (MU)
-
. Q.1 .
What are security requirements of database ?
An••:
user authentication : .
Only authenticated users should get permission to ~cess permitted data.
Avallabillty :
All the time the permitted data should be available to authorized users.
Access control :
Different users should have different accounts as well as different access rights 80. that their data
can be protected from each other.
Physical database Integrity :
In ·database systems the ·data is not affected or influenced by physical problems like power
failures. Database can ~ reconstructed after such failures.
Logical datab• Integrity :
The logical structure of the database is fixed. Values manipulation in any field of the database
should not affect other fields.
Element integrity :
Accuracy is important Data sh~uld be accurate by all means . .
Audltabillty :
For auditing purpose it is very important to keep track of all the users and their activities.
Ana.:
Different elements may have.different security. The security of some element may be different.
from the other,elements of the same row or column. Thus security is implemented for each individual ·
element. For implementing security two levels (i.e. sensitive and non sensitive . data) ·are not good
·enough. These levels must be increased as per the need of the application security .
I! aSV S n I II I I o II S
-
I ' '- - .. ' •
Scanned by CamScanner
9-2
ity (MU) a
Cryptography and System Secur
ll-La Padula model works?
Q. 4 What is Bell-La Padula ? How Be
Ana.: can see
and pennissio ns mu st be granted to individuals before they
Appropriate access rights can be seen by those who have penniss
ion to see it.
nfiden tial informatio n
classified information. Co ret inform ation. Da ta flow operates from lower levels to
or. Top Sec
They are not trusted to see Secretreverse as shown in Fig. 9.1.
higher levels. It will never be the
Read only
Read only
Fig. 9.1
□□□
Scanned by CamScanner
10-1
yand System Security (MU)
t.- c~ra ph
f Chapter 1o : IDS and Firewalls
-
a. 1 Define intruder.
Ant,:
An Intruder is a person who intercepts system availability, confid
entiality and data integrity·
er may damage that
InttUder's gains unauthoriud access to a system with criminal intensions. Intrud
system or disturbs data.·
Describe the different
Q, 2 What are the strengths and limitations of Intrusion Detection System ? Ma 2012. Ma 2013
types of 10S.
An•.:
es an essential issue
With the rapid expansion of Internet during recent years, security has becom
for computer networks and computer systems'.
The main aim of a security system is to protect the most valuable assets
(data/secret information)
e these organizations
of an organi:zations like banks, companies, universities and many others, becaus
keen for protecting the
have data or seci:et information in some form, and their security policies are
privacy, integrity, and availability of these valuable information or data.
As these organizations will have different security policies.and requir
ements depending on their.
task are security policies,
vision and missions. Many efforts have been carried out to accomplish this
ure different services in
firewalls, anti-virus software even Intrusion Detection Systems (IDSs) to config
operating systems and computer networks.
ng, ping of death,
· But still detecting different attacks (like denial service attacks, IP spoofi
m to solve in the field of
network scanning etc) against computer networks is becoming a crucial proble
in the field of computer
cryptography and network security. To overcome all above problems researcher
tion System (IDS) . Before
security came with existing but different solution called Intrusion Detec
What is intrusion detection
discussing on IDS let us understand some key points like what is intrusion?
and then what is intrusion detectjon system?
or performs an illegal
When an attacker or intruder attempts to break into an information system
g many request for
action such as denial of service attacks, scanning a networks, ping scan, sendin
is called as an intrusion.
connection setup using fake IP address, etc which is legally not allowed, that
, events and identifies
Intrusion detection is an important technology that monitors network traffic
rk access and malicious
network intrusions such as abnormal network behaviours, unauthorized netwo
attacks to computer systems.
disease and asking
The general ·example of intrusion detection is when we suffer from some
docto~ what happen to me. Doctor suggests for blood checking and sends
blood sample to laboratory for
e (number of platelets count, .
detection'. The blood report given by pathologies is just detection of diseas
doctor suggests medicine to ·
h~gl obin , etc.) then after checking .the entire· history of blood report ·
cure
. the-disease. ·
by the doctor after checking ..
_ '. b · . .Here blood report is intrusion detection· where as medicine given
.·. ·_.·.it~·lliS:#iiii•ll•■iii
report is called intrusion detection system. Finally how fast patient get
·
relief depends upon. the
·
Scanned by CamScanner
1
.J.
'!
'
I Cryptography and sy:tem Security (MU) I
dge, j oke apart et us move
towards technical definition of
10-2
i;
-
C
' I
Scanned by CamScanner
· ~Y and System Security (MU)
10-3 •
lj
I'{;
CrYPtop
- - · Network BehaviourAnalyse :These network behaviour analyre identify the treats that cre~te
'
J. unusual traffic overflow, DDOS(Distributed Denial of Service) attacks, maJwares , and pohcy '
( .
violations. fi,1
Bost Based :These IDS monitors the host ~d the event occurs within that host.
,,
a. 3
~-=
Explain Intrusion Detection Techniques.
The categorization of Detection ~thodologies are : Signat\lre Based, anomaly based, stateful
I
wi
,if/i1
1,,,.,.i
li!hJ:
protocol analys~s. Most of the IDPS uses these techniques to reduce or make network error free.
I
t l ~j
contain source address, destination address, protocol, port number etc. g;J
{a;:
.,~,,
If an attacker adds any malicious code into these. data packet he is generating attack pattern ·or· ff;i:
;r:,•;
signature. Signature based IDS create databases of such attack pattern for detecting the known or !~':·,
documented attacks. Single signature is used to detect one or more types of attacks which are present in :Jif:
different parts of a data packet Signature - based IDS used to monitored events occurred in the network
and match those events against a database of attack sign~ to detect intrusions. It also uses a rule_set
to identify intrusions by watching for patterns of events specific to known and d<:>eumented attacks.
For example, we may get signatures in the JP header, transport layer header (TCP or UDP
header) and application layer header or payload. Signature based intrusion detection system sometimes
also called misuse detection ~hnique s. It checks for the attack pattern with the existing stored database
pattern and if match is found then generates the alert. ·
Signarure based IDSs are unable to detect unknown and newly generated attacks because it
requires manual updating of each new type of attacks into to the existing database. The most well known .
example of signature - based IDS is SNORT IDS freely available for attack detection and study purpose.
. '
Scanned by CamScanner
10-4
rk secun·ty .
Q.6 List, explain and compare different kinds of firewalls used for netwo
Dec. 2013. Dec. 2014 . Ma 2015
Ana.:
Following are the types of Firewalls;
(i) Packet filtering gateways or screerun·g routers (ii) Stateful inspection firewalls
Application proxies · (iv) Guards . .
(iii)
(v) Personal firewalls
(I) .Packet FIitering Gateway :
. .. It is the mosf simple and easy to im I t filterin .
packets ~ource or destination address or b p ement firewall. Packetype likeg is done on the basis of
firewall is placed ,just behind the router th:!e on some protocol
zed eas _HlTP or HTrPs. If the
shown that how packet filtering gateway can bl traffic can be analy
network 2. Also the traffic using telnet protocol 18. ock traffic from networ 1ily. In the Fig. 10.1 it is
blocked. Packet filte k and · allow traffic from
the packet rather they just check IP add.re ss of the packets h . rs do not anal
as• own in Fig. 10 1 Y7-C the contents of
. . . The biggest disadvantage of the pack fi . . req. · .
policies. et ltenng gateway fS that It
. . lllres lot of detailing 10 set
_ _ : ~p ie: !(port 80 is blocked. H some
essenti'al]y need
• · .case
. w~. have
to provide all the details of those applicatiattons
ap?hc .
.use of port 80 then in this
_(.is - ons for Which po
tt801s11Ceded.
r.asv-su111111111s
Scanned by CamScanner
-
10-5
l
Remote
IIOOHI
,,~.
m Fl8ffl'1tf
Scanned by CamScanner
1
~
C I 01
'YP ography and System Security (MU)
(Ill) Guard : . ·1ar to proXY·firewall. Only difference
. is th
A guard is kind of complex .firewall. It works ~mu .1 bl knowledge: It can use knowled at
gll&M can decide what to do on behalf of the user by using avru. • e . · ge of pre
115t
outside users identity, can refer previous interactions, blocked·
• t etc.
school can set download limit f
Example: In order to increase the speed of.the intern• • or the
students. A student can download only 20mb data per day etc.
Q. 8
Ana.:
Explain design, configuration and limitations of firewall ? ..
1. Firewall with scrHnlng router :
Screening router
casv-s1111111u11s
Scanned by CamScanner
10- 7
·_$]~gmehX and System Security (MU) ·_
Router
-Flrewall with Proxy·and Screening
s.. wall, then it ensures _the correct address to
inst alle~ behind the pro xy fire
_ If screening router is ion. If any one fails LAN is not expose
d.
ble guard protect
pro~ tire,vrul. In other words it is a dou
J,
. \· ..
Proxy firewall
Screening router·
□□□
r·
':. · .
·. , •
Scanned by CamScanner
-
urity (MU)
. Cryptography and System sec
. 1 • IP se cu rit y
1
Chapter • of l
5.
..
layer.
IPSec offers security at network o
IETF. It is a collecbon of Profocontial
o.1 henticated and con fide
Engineering task force ates) aut
IPSec provides node to "Ode
Ana. : cre ec
IPSec is design.ed fiby thepacIntketernatet neIP(twolntrkernlevetel.PrIPS
o
. ols
tocol layer toc . h
also wh1c are Use(! f0r
pr
a
es securityeroralso er pro
which providnet
packet s for wo rk lay know~ as .des security to oth
communication in routing protoc ols; it prov1 Q
. . · transport layer. . . .- ...,
client-server commurucation m A
1P 'security Arohif(*.)~~~/;:'
I]
t1on Hea~r·<AH..f:
,Authe~ttoaPro (
· .·. · tocol
'f.Authentlaitlon Algorithms:
:(M05~SHA)
i ~ ~?l '~~:mke7inan~ ~
· Fig.11.1: IPSec architecture
ec ~ · A th ti
d (AH)
are bac kbo ne of IPS
' e u . en cation Re er
ols as the y a
IPSec defines two protocylo ad (F.SP ) pro tocol,
and Encapsulating Security Pa
1. Authendcadon Header (AH):
for processing in ..
It defines the AH packet format ~g and outgoing packets. AH helps
to
gri ty of the dat a/p ack ets ~o
ensures that authentication and inte 1s protected··
ad ng Sec urity Pa ylo ad (ES P):
2. Encapsul ~
which transmits .
It defines the ESP packet header, s in encrypted and unreadab
le fonnal-
iali ty, aut hen ticity aad . pac ~et
ESP helps to ensure that confident · ID !e~ ty of the data is Protected
.
cat ion algorflJu ns: . .
3. ·· Authenti
uri · · .· .
En cap sul atin g Sec
. use _of MD-5 and S ~ wit h
IP hea d ty Pa ylo a4 to achie.v. A. . ; . te..rin' . .
tion of data. Hash is attache d to the . · e Uthentication, 111 i,•··,
and protec . · .. · er as an integn .. ·
. ty.c~eclcsum.
.t'J,.
Scanned by CamScanner
10araphY and System Security (MU) 11-2
f:1' -
t
,. Encrypdon algorithms:
. Few standard encryption algori_thms are implemented in IPSec are DES, AES and CBC because
t•'
of Jarge key size to secure data.
t· 5. Jntemet security Domain of Interpretation (DOI):
f-
r
It contains the supporting database of all IP Security protocols, their parameters, all defined
algorithms, key size with lifetime and identity of all approved encryption and decryption algorithms.
I
,. Key management:
As defined earlier key management is used to generate and distribute the keys required for IPSec
protoe0ls.·
In Transport mode IPSec protects the data that is delivered from transport layer to network layer
or in other words, we can say that, transport mod~ protects the payload (a packet consist of controlled
I
information and user data) of network layer. It encapsulates the transport layer payload by adding IPSec
header and IP Sec trailer and sends this encapsulated packet to network layer. ·1
After that the IP headers of network layer is added to that encapsulated payload. IPSec transport '·
mode is responsible for complete delivery of packet (traffic) from one host to another host or from host
to gateways called as end-to-end communications.
·For example: Communications between client machine and a server machine, communications
between two routers and from router to gateway is also considered as end-to-end communication.
IPSec transport mode is responsible for secure communications between all these devices.
Application layer
Transport layer
Original.packet
IPsec .
layer
JP header IPSec _ _ Transport mode
header · Packet
: Network layer
..
Fig.11.2: Tninsport·mode ·
.--,, ..
Scanned by CamScanner
►
' .
<··
net'
. .· ~ ~ L
. ~.-
,.
~ ~ .
·,.
.
Server machine
~ • .•
..
. :-
·.-
"'
,
.. .·
Transport layer
Network-layer
IP header Payload(data)
. · Original packet
IPsec
layer
r.asv-so111111111s
Scanned by CamScanner
--------· -~- .
-
k· '.
h
;!
11 ·4
t-'
r'
r.
f;:l"°"''ftrr, and system Security (MU) .
Router/ Router/
Gateways Host/Server machine
CUent machine Gateways
IPSec tunnel
1.
(1)
Encryption of data and its authenticity is prime concern for secur
two features, IPSec provides two protocols at network layer :
Authentication Header
Authentication Header
2.
e communication, to avail this
(to identify source host), data integrity (if data get modi
fied while in transit) and non-repudiation but ~il
s the contents of a message) because \It!
doesn't provid.e data confidentiality (if attacker able to acces -,~f;
Authentication header does not encrypt the data/ IP packet.
~:
Scanned by CamScanner
~
SteP 1
StePJ
SteP;
SteP ·
SteP
SteP
authentication header.
Reserved (16 bits) : AH contains 16-bit field which is reserved for future use and always set
touro. .
Security Parameter Index (SPI) (32 bits): SPI is a 32-bit ~eld u~ in_~ombinati~n with~~
IP address destination IP ·address and AH security protocol to umquely identify a secunty association
(SA) for the traffic t~ which IP packet belongs, we will discuss SA in next bit. This field also defining
which different security algonthms and keys were used to calculate the message authentication code Ei
(MAC). w
Sequence number (32 bits) : It is also a 32 bit field. It prevents the retransmission of datagram d
which is also known as replay attack.
· Authentication data : This is variable length field whose length depends upon encryption .l
algorithm used. Authentication data field ·of AH protocol is the output of hashing algorithm or message
digest algorithm. AH protocol perfonns the integrity check value (ICY) on packet header or MAC is
computed over the complete IP packet including the outer IP header to ensure that the data has not been
· changed during ~missi on process. As mentioned earlier AH doesn't encrypt the data th reason it
doesn't provide confidentiality during transmission. e·
t~ ;1 S V - S II 111 I I II II S
Scanned by CamScanner
.,
The main functionality of ESP is to provide the confidentiality to IP packet by encrypting them.
Encryption algorithms (Triple DES, Blowfish, and IDEA etc.) used to combines the data in the packet
with a key and transform.it into an encrypted form. The encrypted packet now then trans~tted to the
destination, and decrypts it using the same algorithm.
The detail description of Encapsulating Security Payload (ESP) fields is given below :
. 1. ESP header : ·
It is also a 32 bit field. It prevents the retransmission of datagram which is also known as replay
attack as defined earlier. This field is . not encrypted but it's authenticated to perfonn anti-replay
checking before decryption.
· 2. Encrypted data :
This.is variable length filed contains transport layer segment or IP packet which is protected by
performing ESP encryption. · ·
- 3. F.SP trailer :
· ESP tr~er field con~ns padding (0-255 bytes), pad length 8-bits and next header 8 ·. bits.
4. Padding (0-255 bytes) :
· · · · ·Padding filed used to expand plain text message to required size or to ~go the encrypted data
_by adding.padding bits to the actual data which provides confidentiality to traffic tlO\y. . . · .·
.. s . ' .' .· . ' ·. ..
· ..Pad length .(8 bits) : _...
.: ' nus is ~<hltory fi~ld in ESP prot~ol whi~h u~d to indicate the number of pad (protection}
<-: bytes .adde<J into the packet.
- . . ' . .
· .
-. .
,· · . .
· . ...
.. :
Scanned by CamScanner
ritY (MU)
er
6.
raph and s stern secu
Next i,,ad•• (8
bits) .
. ad length use
•fi the type of enc rypted d ata in th
d to idenU ie 5
e \)
•11~
--
·t length as of p
The same b1
Outa field. data : e nds upon encryption
7. ESP authentication ld algorith
th fie wh ose len gth d pe f has hin g alg
Tltls is variable Ieng SP protOCol . h output o ori thm or mess tn u~
,s t e CV) on packet header or M . age o· 1
-l Authentication data field of ll tegritY AC , " cornpu«i'~,
~
check value (I I ensure data has
algorithm, which perfonns tn the out not been change(\ d"'~
er IP header o
'l the complete packet including ,,,
~
!tr:an:s:nu~·s~s~io:n~pr:oc~e:s~s-----;--::-
:_::::;;.;;;;~;i;:;ii-i;,~dilinitt;egQlritityyfcfo
onfident1ahty an ;r:;p;a;c;k;etl!p;
.a~y;lo;.a~d~?:----1~,
Q.4 H
ow does ESP heade.r guarantee c -~
Step 5:
Step 6:
Scanned by CamScanner
11-8
ra...hy and
System Security (MU)
.·o,voto9 ,.,._.
._y The main functionality of ESP is· to provide the confidentiality to IP ~acket by enc17pti
ng them.
ryption algorithms (Triple DES, Blowfish, and IDEA etc.) used to combmes the data m. the packet
to the
-~the key and transform it into an encrypted form. The encrypted packet now then transrrutted
8 ' . h al . h
Wl
destination, and decrypts 1t usmg t e same gont m.
The detail description of Encapsulating Security Payload (ESP) fields is given below:
I 1• ESP header:
It is also a 32 bit field. It prevents the retransmission of datagram which is also known as replay
attack as defined earlier.
I 2.
This field is not encrypted but it's authenticated to perform anti-replay checking before
decryption.
Encrypted data:
This is variable length filed contains transport layer segment or IP packet which is protected by
performing ESP encryption.
3. ESP trailer:
4.
ESP trailer field contains p!lrlding (0-255 bytes), pad length 8-bits and next header 8 - bits.
Padding (0-25S bytes):
Padding filed used to expand plain text message to required size or to align the encrypted data by
I
.,T!iff!f;:
~
adding padding bits to the actual data which provides confidentiality to traffic flow . .
S. Pad length (8 bits):
is
This mandatory field in ESP protocol which used to indicate the number of pad (protection)
·
~~,:,1~
·f::t!t=
bytes added into the packet. · ·
-· . t;iilliHAiiii•ii••iii
Scanned by CamScanner
--- --- ···-
of
z
the
.
C
Ans.:
layer is an
Secure Socket layer invented by Netscape communications in 1994. Secure Socket
browser an? ~e
internet protocol used for secureiy ·exchanging the information between client's web
confidentiah~y
web server. Secure socket layer ensure the authentication, data integrity and data
server. The mam
between web browser and web server i.e. it creates a secure tunnel between client and
role of SSL is to provide the security to web traffic -in all the way.
is shown in
The current version of SSL is 3.0. The_position of SSL in TCP/ IP protocol suite
is also called as
Fig. 11.9. SSL is works iri between application layer and transport layer the reason SSL
instead it will
Transport Layer Sec_urity (TLS). The data will not be passed directly to transport layer
the data received by
· passed to secure socket layer. Secure Socket · Layer will perfonn encryption to
Socket Layer
application layer and add its own encryption information header called SSH i.e. Secure
application layer.
Header. In the receiver's end SSL will remove the SSH header and then pass data to
Client machine Server machin e
(web browser) (web browser)
was
is
oco
resp
ls
desi
ons
(han
gne d
ible
to
enc
dshake, alert, HTI'P) also to provide basic
mak e u~ of
security services
TCP protocol to provide a reliable secure
kets. We ·wm · discuss how client machine
securely
,,1: ...
process- to-p roce ss· deli very of
~m mu nica te with the server maclune by
enti re mes sage /pac
using underlying network architecture.
SSL architecture / SSL lnte mal prot
ocol structure
t1 '
~i/!t:~
~~ff:
.~ff;[;
:~~ ptlon,:al~~ ;::
t,:~II J!
::: :.~
Support for
SSL session
-
oonnection
esta blish men t
'*t
SSL prot oco l
.. _·· :._._</;·:;/ >· layer
· Transport and
·tayer Internet
Working of SSL
tocol, Ale~ protocol- and Record protocol.
_ SSL has three sub protocols: H~ dsh ake pro
·
Handshake .Protocol
habit to say
nam e . sugges ts whe ? we mee t to our friend/colleagues, we have ·
. hi/he As the SSL · , · .
tile sha ke-h and s with e
; ach other ~fo re s~ g our actual communication.
hands~o and do gy but m tenns of cbent and server; . ·
· · - ·- . .
. _ake protocol uses somewhat same 1de.olo
l of ~SL called ha nd s~ pro tocol used for secure:communication betw~n . · ..- ··
ciie .t :The first sub -p~ toco
bled con nections: · - -. . · -- , - , -
.. _ n and the serv er_usm g an $SL ena
Scanned by CamScanner
..,,,,,.,. .
C
1
because server has different opt
in Fig. 11.11. (
handshake protocol are shown nection.
munication using SSL enabled con
I
; I
I •
Scanned by CamScanner
. ·--------- . .
c,yptogrsphy and System Security (MU)
Server: will be
ng both SSL number of client and server,
The SSL version number, the highest amo
~I
{i)
,~
ed by server.
supported by client and other will be support om
· random num ber that will be used for master secret generation, however this rand
(ii) A 32 byte
om number of client.
·number is totally independent from the rand .
3.
Server key exc han
c.ertificate to client
Certfflc ate req ues t
authentication is optional.
ge
:_
:
The
Thi s
serv
is
·
er
opti
can
ona l.
requ
It
est
is used .only if the server doe sn't send its dig ital
!he SSL ~ert. protocol fonnat is shown in Fig. 11.12. Alert protocol uses two bytes to generate
alert. Fust 1 byte indicates two values either 1 or 2. "l" value indicate warning and "2" value indicate a
fatal error (if fatal error tenninate the session/ connection).
Whereas second 1 byte indicates predefined error Level Alert
code either the server or client detects any error it sends an
alert ~ntaining . the error (error occurred during
handshaking, error occurred during data processing at
server or client side, certificate defeat$, etc.) ·
Table 11.1
.. - ,. ·, .. -- .•- . --
-~Code
' ·.
. Alert • ' .... . ·. . '
.J>esctt;~ ,:'. :z<;:'::-,-··- >,:,::. /\\: y: ;_;
0 close_notify .. No more message from sender .. . . , . , . ,. t
C
10 unexpected message An incorrect ·message received t,
i
30 deco~pression_failure Unable to decompress. . 1
40 ...
handshake failure.
Unable to finalize hand8hake by the sender..
42 bad certificate -
Received cl conupted certificate. ~
Applioatlon data
Data distribution
fragmentation
Data oompresslon
.,I
I
I Plalntext (compressed)
Data encryption
I
I.
I
I
Appending SSL MAC (0, 16,20 bytes)
record header (1-f) ;:;, :
H SSL record
Ffg.11.13: Record protocol
that client wants to send over server.
SSL record .protocol talces application data i.e. actual d:ata
should not exceed 16384 bytes this process is .
Divide this data into the different blocks for each length
compressed using lossless compression
called as data distribution or _data fragmentation. Data
techniques; compression size of data should not exceed 1
_024 bytes.
is computed over the data and MAC
After the data fragmentation and compression step the MAC
encapsuiated) to .fonn a new encrypted data /
is then appended to the compressed data (the data is now
gh data encryption process. As mentioned
payload. The compressed data and ¥AC again goes throu
aphic techniques like DES, triple DES, AES,
. earlier SSL record protocol uses ·symmetric key cryptogr
. and IDEA because these techniques specially designed
to operate-on block ciphers.
encrypted blocks obtained from encryption .
. . · Finally SSL record header is appended onto each
to which ~dentify nature of the .message whe ~r _.
. Proceas. -~S~ record head~r consi~t of 8-bit con~nt type
_message. Next field _is. Major Version whi<;h ·
any _appUcation data: or connection termination or any :error
~-. ....... ~- ·.. ·.· .
.· -t.hllJil#iiiitJl ■iiiii . .
...... , ·: ··
.
Scanned by CamScanner
11-15
C pt raph •
. . . f SSL is in use (e.g., J). Minor Version which is 8-bit field
°
is 8-bit field used to indicate latest version .
indicates the lowest version of SSL is in use (e.g., 0). which is 16-bit field i~dicates the length of the
Plaintext (compressed) / compressed length ted data to TCP and IP (Transport and
plaintext being compressed. Finall~ s~ds SSL lay::kenl(!e receiver end, the encrypted blocks are
Internet layer) for necessary transmission ov~r ~etw da . nfidentiality and data integrity' reassemble
decrypted and then checked for data authentication, .. ta co 1
these data into single unit, and delivered to the application-layer protoco .
(b)Integrity :
The handshake protocol defines a shared secret key that is used to assure the messag~ integrity·
Following are the operations perfonned in Record. protocol after connection is eSlabhshed and
authentication is done of both client and server.
1. Fragmentation :
The original message tliat is to be sent is broken into blocks .The size of each block is less than
or equal to 214 bytes.
2. Comprmion :
The fragmen~ed blocks are compressed which is optional. It should be noted that the compression
process must not result into loss of original data .
3. Addition of MAC :
. . . The Message authentication code (a short piece of iQformation used to authenticate a message for
mtegnty and assurance of message) for each block is to be calculated using shared secret key.
4. Encryption :
. The overall steps inclu~g message is encrypted using symmetric key but the enc tion should '
not mcrease the overall block size. · · · ryp
5. . Append header :
After all the above operations, header is added in the encrypted bl k hi h . •
fields : · oc w c contains following
a. 1
Ana.:
Solve TLS.
-•i ,. i
. · · · It is an extension of
the tran · rt l be
secure
socket r, . Th .
ayer. e main aim f TLS ·
·
. .. . spo . ayer ~een ~o web applications. Alm o is to pro\'·ide security and data at
. · TLS.
· . It e_nsures no eavesdroppmg and. tampenng
. of the mes
ost all web bfctwsers
. . and web servers sup.v,tt.r·· . ;·.·
tit · sage. . . . }. •.
-----· ;·•
Scanned by CamScanner
} ;.;:._ •. · ·:· · .. '.raphY at1d System Security (MU) 11-16
t;_ o~W _~ · . .
ll:··;. -..r. The T.LS protocol
consists of two main components :H~dshake protocol, to start session and
. -~ private key~and Record protocol. to transmit data securely usmg the shared keys.
Handshake protocol :In the Handshake protocol. both sending and receiving parties
i . :. wledge their protocol versions. agree on cryptographic and compression algorithms, optionally
~ · ::ticate·each othet through certificates, and use public-key encryption techniques to generate shared
private keys.
Following are the stepa :
SteP t: Clients sends message publicly to containing version of TLS,32-byte random number rA
consisti~g of a 4-byte timestamp and a 28-byte random number.
' . A Cipher Suite list in decreasing order of preference for each of the following algorithm
families: Public-Key Algorithm (PKA), encryption algorithm used in the Cipher Block
Chaining, and compression algorithm (COMPRESS).
Step 2: Server informs the client about the decided algorithms (after examining the Cipher Sui~ list
sent by the client) along with a 32~byte random number re constructed similarly as rA ..
Step 3 : : Client replies with a number called pre-master ·secret Spm using the public key algorithm PKA
with public keys retrieved from the server's certificate signed by a Certifying Authority (CA).
Step 4 : Both parties independently calculate the 48-byte long master secret, Sm, to further obtain the
keys to exchange data. The master secret is calculated using Pseudorandom Function
PRF:sm = PRF(Spm, ,,master secret". rAllr8 ) It is worth mentioning that in the previous version
of TLS the master secret was computed as follows, before MOS proven to be in~ure:
MD5(Spm11SHA-l(A11SpmllrAllte)) II MD5(Spm11SHA-l(BBIISpmllrAllre)) II MDS(Spm IISHA-
l(CCCIISpmllrAllre)) Where A. BB, arid CCCare strings added for padding.
Step 5: · At this stage, both parties know Sm, Spm, rA, and re. they independently compute the Key Block
(KB) thai contains all needed . private shared keys for this session: KB = P RF(Sm, "key
expansion", rAllr8 ) KB is then broken into six pieces and labeled as Kl, K2, ... , and K6,
before terminating the Handshake phase ·
.Record protocol:Now the client and the server are ready to communicate securely using the key
block as a set of security parameters obtained by the Handshake protocol. The Record protocol takes
data to be transmitted in one endpoint, fragments the data into manageable blocks, compresses the. data,
applies a MAC, encrypts by block cipher, and transmits the result. Received data is then decrypted,
verified, decompressed, reassembled, and then delivered to higher-level application on the other
endpoint. In short, Record protocol ensures that the connection is private via symmetric.encryption by
sessionunique keys and reliable via integrity check. Suppose the client wants to send data chunk, d. ·
The client:
1. Compresses the data using the agreed algorithm: d' = COMPRESS(d)
2. · Hashes the compressed data for data integrity using K2: d"= {d' , HMACia (d' ) }
3. Encrypts the d~ta along with its MAC using CijC mode block cipher BCA where the secret key
is Kr and the initialization vector is K3: d "'= BCAK 1(d", K 3) . · ·
4- Sends d''' over the public channel
And the server retrieves d from d '":
1. -Decrypts the data along with its MAC using ~-CAKl. . . -, .
· ._·. Verifies data integrity by computing_HMAC of data using K~ and cmnparing ·it.~ith.the HMAC .
2
_,~ · computed on the client side · · ·· . ·· · , ' '·
: . . lliii#iiitillliiiM _ 0e: .
Scanned by CamScanner
Cryptography and S)'!!tem Security (MU)
es retrieve d . to send data to the client while the last three pieces of
-- - C
II
3. Decompress to
.
The process is reversed when server wants
the key block is used instead.
-
o. 8 Explain Internet key exchange protocol.
· · k . . IPSec network. It allows for
10
Ans. : managmg ~ys •d rotocol based on three
Internet Key Exchange protocol is ·used for
and managing keys betw een IPSec ~rs . It; is_ a by~~ p anagement protocol.
automatic creation secunty association an ey m
protocols: Oakley, SKEME, and ISAKMP (Internet
ISAKMP!
rnet security asso ciation and key man agem ent protocol is a framewor~ that defines the
The inte hange of a
ats of payl oad, the mec hani cs_of imp lem entation of a key exchange protocol, and the exc
form
security association between the parties. and
implementing a key exchange ·protocol,
ISAKMP protocol deftnes the mechanics of l has to ·
betw een com mun icating parties i.e. which are the different features of IPSec protoco
agreement
ciation).
useetc. and all (simply its negotiation of security asso
18'\KMP pro vid es following fea tur es: . ing
ages the secure session between communicat
It is use4 to authenticate of remote entity. It man
ging required information about key
niques. Exchan
parties by applying different cryptographic tech security policies. The reasons ISAKMP
ove r all data transmis sion by app lying
sharing. Negotiation ies and authenticate them for secure key
com mun icati ng · chan nel betw een two part
establish secure . · .
e and negotiation on certain security term s and condition.
exchang
Oakley :
ex~ bang e pro t~l _that de~ es how to obtain authenticated Key for exchange of
It is a key h IP b·
een parties. Oak ley, within IKE , 1s used to determine AH and ESP key for
message betw rithm Oakl pro . eac · see, y
default its uses an authenticate d Diffie Hellman key exchange algo . · ey tocol defines the
· h · , protocols in which two · • mu .
mec arusm of key exchange orn.key agreement . · part ies st agree on key
generated before data tran smi ssio
sec . · .; ·
IKE uses different cryptographic techniques and lrn ~ unty pohcies for securely exchan
ging
between two entities . such as Diffie Hel
information
etc. · - · · an ey exchange, DES, MDS, SHA, RSA
algorithm
SKEME·:
. . .
It is ·another prot ocol for exchangi·ng authen. ti.cated ke be . .
• . &.
enti
• •
cati on
•
m key exchange protoco l. y tw~ n the parties. It uses public key
encryptio~ '!Or auth
·I
0. 9 . of IKE protoco.
Explain diffe. rent phases
. ' .
Ana.:
- IKE• has
two p· base • ns :
-.s of--operatio .
. .
1. :_Aggressive mode of exchange .. Used to n. . ..
Phase _ . .
. . . egotiate IKE SA -.
. ~base 2·:: Qwck m~ e of exchan e : Uses to neg
•,
. ;. . .. . _g otiate IPSec' .
. .. . SSA
t! a S V · S O 111 11 ll II S
Scanned by CamScanner ----- .
.... '. ,:f(>::·: :~'.i ·.. . . . .
'. ' e·hv·.,,·d sv:. tom s, curl
,: ·. . .:' \ .toQrt\... ... ... ~
C) e-:.. < - (MU).
. ' ty
· )k'. '.; ::1p11ai1t 1: Aggrea■lve mod8 ol exchange: Uses to negotiate IKE SA. · IKE phase 1 negotiation
··:l::.:' ·. -.' C ..·: ·· · ·· · · ·
.f , ~isb!.l~in<I RM~1.b~~ ~-
. .;.r :·;_i.~::~\i ~::.:;:,~:·}'. or ;·. ~-,,1·,..:~/)1:
7
.;_,:_
. ...? ►,'i, ::
. .
Fig.11.14
..
,.For Instance:
mon IKE
ri in Fig. 1·1.14 user A and user B want to talk IKE, They must agree on a com
As show onder (user B)
on suite; The initiator (user A) prop oses several protection suites and the resp
. · protecti to the priorities and the
suite. The selection is made according
, chooses .one of the offered protection which
resp ond er. In the Fig .11 .14, user A proposes three protection suites out of
configuration of the If they do not,
ection suit e. Bot h must agree on the same protection suite.
:user B ~hooses the seco nd prot
session may be terminated.
.no common policies may e~ist and the IKE
ge : Uses to negotiate IPSec's SA
· IKE Phase 2: Quick mode of exchan
IKE phase 2 negotiation
Scanned by CamScanner
C7Ptography and System Security (M
U)
11-19
- -
C
C
Q. 10 ~ n SET Protocol. . 'f l.
• & and se. cunty sp ec i ic~t•on
Ana.: n. It is an en cry pti on
onic Transactio T is no t
SET stands for Secure Electr cti on s ov er an ins ec ure ch annel such as Internet. SE
dit card transa of users,
protocol designed to protect cre ula tio ns de sig ne d to pro tect credit card pa rm en ts
rules & reg m 1~ 6 ~y VISA
payment system it is set of ern et in a sec ure way. SET was de ve lo ~ C
h as Int cl u~ s
employee over an open netw
ork suc
fer en t lea din g tec hn olo gy compames, . whic~ m t
ipation from dif After testing o f the SE T
m 1998 1t
and MasterCard, with partic a Sy ste ms an d Ve riS ign . it
C
Merchant
l
1
. Payment _
· gateway
Acquirer
'
~1~
~ . - ·
· card.ho.lder .·Called as buyer in the tr .
.
ansaction Who initiates the nsaction.
.
or ac u t IJ 1' rc ~t :A lso Called of seller tra .
800ds and serv· · ~ . .
.~ m ,
_ .ices Which lllaiht!l•- count with a bank
·. ~ an ac
· ~¥·iW!ldih liiiii -- ·
. : . -
Scanned by CamScanner
· -~tc)draphY and System securtty (MU) 11 •20
c;_ .
p.i kn
The acqulrer :Also own as bank or financial institution. The financial institution that
establisheS an account with a merchant and processes payment card authorizations and payments.
The lsAdng bank:Bank that maintains the account of the buyer and issues a credit card to the
f buyer and also sets limit on the amount of purchases.
eertfflcation Authority (CA): Certification Authority (CA) is a trusted unit that helps to issue
certificates. A CA takes the certificate request from ·owner, verifies the requested information according
to the terms and conditions of the CA, and uses its private key to ~pply digital signature to the
certificate.
Responsibility of the CA is to identify the correct identity of the person who asks for a certificate
to be issued, and make sure that the information contained within the certificate is legal and later
digitally sign on certificate.
'Ibis is an entity that is trusted to issue X509v3 public-key certificates for cardholders,
merchants, and payment gateways. .
Payment gateways: It is designated third party that processes merchant payment ~ssages. The
merchant exchanges Sec_ure Electronic Transaction messages with the payment gateway over the
Internet, while the payment gateway has some ~ t or network connection to the acquirer's fmancial
p~sing system.
Following are the steps of interactions used in SET protocol : .
1. The ~mer opens the account :Once the customer obtains a credit card account, such as
Master Card or Visa, from the bank which supports electronic payment and Secure Electronic
Transaction then customer may proceed for future communication over network.
2. The customer receives a certifkate :After suitable verification of identity, the customer
receives an X.509v3 digital certificate, which is sign~ by the bank which verifies the customers
RSA public key & its expiration date.
3. Merchants have their own certificates :A merchant have two public keys one for signing
message & another for key exchange The merchant also needs a copy of the payment gateway's
public-key certificate.
4. The customer places an order: Here customer first browsing through the merchant's Web site
to select items ~d determine the price. The customer now sends its list of items to be purchased
to the merchant. Upon . rece_iving ·list of. items from ~ustomer merchant returns an order from
containing the list of items, their price, a total price, and an order number to the customer.
s. The merchant is verifted :Along with order number, the merchant sends a copy of its certificate,
so that the customer can verify that he or she is dealing with a valid merchant store. ·
6. The order and payment ~ verifted :The customer sends both order and payment information to
the merchant, along with the customer's certificate (approved by CA). Customer also confirms
the purchase of the items in the order form. The payment_contains credit card details. The ·
payment information is encrypted in ·such a way that it cannot be read by the .merchant The
customer's certi{icate enables the merchant to verify the customer. ·· ,
·
. 7• . .'The merchant requests payment authorization :The merchant sends the. payment information .
to·the.payment gateway for authentication as well as to check whether customer's available credit
is~sufficient for this·purchase. ·
8. ·The me~cbant confirm tlie order :Upon receiving payment confmriation from customers credit, ·.
·.· the merchant sends confmnation of the order to the customer.
-.: ~lliiW,iiliiiilii~i
Scanned by CamScanner
11-21
)
stem Security (MU
Cryptography and Sy the m er ch an t pro,
i des fr.c
all ve rification
e. After
erch ant pr ovid es the goods o r servic
9. The m
e customer. teway. which hand
le s~
goods or service to th is sent to the pa ym en t ga
yment. This request
·I
10. er chan t requ es t pa
The m sing.
of the payment proces
,i
l
I, i
I
t•I :
I
I
i
..'· /
. ,I
' I!
I
.· /
f.
: .. .
,) .;:..
..... . . ..
,• •
Scanned by CamScanner
. . ·. ·¢ 17 and sr9tem Security (MU) 12-1
It .is an attempt to acquire p~sword credit essential financial data by sending fake email,
·aieslages, electronically. There are treated as spam mails. These mails ask for some confidential data
by
grabbing trust of the user. Phishing mail generally in form of trustworthy email. These are a usually
carried out by e-mail spoofing. It is an example of social engineering.
Type• of Phlshlng Attack
L Deceptive pblshln& :
Sending bulk of email messages, which make user to click any one of the bulk email such type of
attack called as deceptive phishing.
2. Malware based phishing :
Running malicious software on target's or users machine. There malware comes from the email
attachments.
3. Key loggers '811d screen loggers :
These malware track input from keyboard and send inf~rmation of target through target's
keyboard to hacker (attacker) via internet
~- Session hijacking :
User activities are monitored to get login into the user's system.
5. Web trojans:
They are a .kind of pop-ups, when logging into $0lile website. These pop ups usually asks for
user's credentials.
6. System reconfiguration attacks :
It is kind of pbishing attack where user's PC setting are modified or changed.
,. DNS based pbJshlng :
In this type of phishing the URL requested return to some bogus or fake site which is actually
sent by bacbr by changing the URL of the requested site of the user.
I. Centeat iDjecdon pblsblng ~
_It is aQ act of inserting some malicious content in ~ websites which can redirect to some other
•_'Website or may install malware.. . . . . . . _·. . . . .-- .
Scanned by CamScanner
Q.I ~tttewormQol~
t p·. ; . •• .
.a . ;
-
.C
z
'
4
(
l. (
P\9eotna : . ...... tr\ ~• d\l\)\lgh I.hr uirrct'. mail. Thill 18
~ •~~ ~nd
, .......
The first step is to ~'!de rl.iUl '""'\· "' .....
generally done using~ owling.
'
J. Setup : , !\il lh~y will Slllrt c-rcatlng and
~ phisber ' oof or
oomes to mow wbool to s.p: · Mt~k U& l\i ('U\, •
3. A~
,-..... •• . . , ., to be from " reputed 0- i·ganization.
The plusher starts. sending messages. em.ill. which ~~m. _
Collection : · d ··
. _n...,.._the :-~-tiul
, tho web~
that. vidimcmtas ID . , or emans or popup wm ows
Pbisbers "VLKI\,~ · lll.lU.llljjl! •
Ana. : Denial
• of semce. ~...,'buted denial of sen~ is
· and w•.u a type of attack that. .causes legitimate users
....,_,.__,, o r ~ become unavailable to the 1eg1t1mate users.
· or the..-.-..-
unable to use services
Q.4 What a,e the way in which on attack can motflt a DOS attack on the system ?
Scanned by CamScanner
. ~ and system ~"ty (MU)
II
Scanned by CamScanner
Security (MU)
Cryptography and Sys 4.
,~ 5.
~
6.
~~ 0
A
hand shake
Flg.J2. 1: 3 way
ruze packet to server . C
1. Clients sends syncbro . (SYN)
n in Fig. 12. I.
· s,
d clien I as show
2. . he
t nnect is establis V
YN - AC
. K
pa iednco
)cktoetclan
3. s resespndonsy
ntrs k (S
acck with
dsn-ba A CK
Slie
Cer. ve
eI
..
r
t
.. .. . . .
.. .. .. .. .. .. .. .. ..
full
Connection are aH
ction
?• Legitimate oonrie
is refused
handshake
Fig. 12. 2 : Chaotic
1. all With bad addres
s. ;,,
s llll!ilip le SY N J>ac te t. to
C lieat send , .
to in COtTect address
. 2. .
Y N : A C K J>acte t.
3• . Server Bead S . connection as shown
itional
ca.mot accept add
.
.
P-,g. 12.2. e IJ.8er is deuied . because server
Legitimat
--
.r .
Scanned by CamScanner
.$."
_-·_.,~y
. .
and System Security (MU)
-
,.
12 5
a. & What are the way in which on attack can mount a 000S attack
on the system ? ■ij§♦1ii•J
Ana.:
uter to attack on another
Distributed denial of service, it ls where an attacker uses your own comp
computer. It takes advantage of loopholes and security vulnerability to
· _·send vulnerability spam or send huge data to other computers. The system
victim computer are called as Zombie systems. Various tools to launc
flood, shaft etc.
take control on for computer to
s which are used for attacking
h O00S ~ttack are Trinoo, Tri~ I.
,,;
Ans.:
session- between two
In session hijacking, the hacker takes over the control over the TCP
e user and gain access to other
machines whereas in spoofing the attacker pretends to be the authenticat
machine.•
Steps in smion hijacking : ·
rk:
(i) Sniff the network, by placing itself between victim and target's.netwo
(ii) Monitor the packet ffow between two machines.
(iii) Predict the SYN sequence number.
·(iv) Kill the connection to the victim's machine.
(v) Take over the session.
(vi) Start injecting packets to ~e target server.
Type, of Session Hijacking
I. Active: In active attack ,attacker finds the active session-and takes over.
2. analyses the session.
: Pqsive : With passive attack, an attacker. hijacks a ~ession observes and
Scanned by CamScanner
j
\
~:=::c~=~tem=:,~secu:;:ri~!Y,l!(M~U~)-----------::::::• ,
12-6 r
IP Spoofing
Packet Sniffer (Man-in middle attack) . , .d,
y_rrr n user session by obtaining
session s I
2. Applkatlon level :It is about gaining contro l on n 1 u
thorized access.
after.gaining control it creates a new unau . .
·
Ex. :Sniffing
Brute Force attack
-Misdirect trust . . Ju emaut IP watcher etc.
Various tools of session hijacking are :Wueshark, gg '·
Session Hijacking : Detection
It can be detected in two ways:
t. Manual method :by usfog packet sniffing software.
2. Automatic method : Using IDS(lntrusion Detection system) an d IPS(Intrusion Prevention
System)
Session Hijacking : Prevention
It can be prevented if proper encryption is done, antivirus softw
are is used and proper secure . ,
connection is established.
I.
Q. a What Is mean by buffer overflow ?
Ana.:
It is also known as buffer overrun. It deviates from a standard,
where the process stores data in
buffer overruns the buffer's boundary and overwrites adjacent memo
ry locations. Buffer overflow can be
ttiggered by inputs that are design~ to execute code or· alter
check can prevent buffe~ overflow. the way the program operates. Bound
• .
The languages which are commonly associated with buffe
r overflow are : c and C++, as it
provides no built in protection ~ainst accessing or overwriting
data in any part of memory. Buffer
overflow occur when a process tries to store data in buffer then it was
intended to hold . .
~Q:--.,;--:---;Wha~:;-t::ar:e-;:ty:pe:s;-:o;f;:bu ff:; ;:er ;:o: v:er fl;.o
w=: -:?; ---- ---- :--- ---- ---- --
An,.:
1. Stack based buffer overflow : When program Write •
stack outside the intended data structure, then stacks m mem • , all
ory address, on pro _~ s cere
Buffer being overw ritten is allocated on the stack . ~verflow occurs. The cond
function). · · ition wh
· (i.e., 18 a local _variabl~ or a parameter to 8
2. NOP (No Operation) :It is an as~mbly Ian
..
. ; -. ,
nothing at all. NOP enables developer to forc eS:e ms~ ction
COllllllaild that effective~y do: i:
. .
t: as V - S fl I II l I ll II'., . · · -. mory alignment to act as a place bold er!:. .,
Scanned by CamScanner
,:,r:f!'X and sgtem Securify (MU)
-- ~ b) lM:tive instruction later on in
Ml NOP slide. which allows code t
:-1.o. , f ' l2.3 shows NOP
P
rogra
. opeo exe.c
t '
m
d
evelopment. NOP opcode can be used to form
.
ute when exact val ue of instruction nnin
r-•
ter it
12-7
fativeojump
Scanned by CamScanner
~~:•~;'! ., '
,'J
!
...'
,,,. ' '
'(
,a
12-.
curity ( MU)
. tography and System Se
Cryp tt.in8
or m > tag </ fo rm >have potential of go
insides <f
<form> tag ~verything
(3) . It checks tenn onse
vulnerabilities. and password. If rc-sp
: ; ts single quote under
the text which ac ce pt s us em am e
erable•
, J
II (4) Th e attac ke r pu
"= 'a ' (so m eth in g lik e) then website is vuln
is an em>r message such
as "a mmand to add
e data or INSERT co
•
I
SE LE CT to retriev
L command such as
(5) A tt ac ke r~ usestabSQ
:· I information to da as
e.
ing SQL Injection :
i.· f 8eneffta for attacker us nization.
:. I . at io n about website or orga FROM
(l ) Obtain ba sic in fo nn
e, pa ss w ord fro m SELECT command
'. I ning usemam
ay ga in ac cess to database by obtai
. ,l ·(2 ) M
command where comm
and.
and.
1
th e da tab as e by ex ec uting INSERT comm
Can add new data to
I (3)
Can modify da ta in th e da tab as e by UPDATE comman
d.
' (4)
SQL Injection : .
Prevention against or administration of
website.
po
I w eb site co di ng an d
happen because of poor
SQL injection attacks ck :
st ep s he lp to pr ev ent SQL Injection ~
Followfng .
es to two single quotes
(1) Replace all single quot icious.
ch ar ac te r an d strin g that should not be mal
any
(2) Check the user input of
also be checked.
(3) Numeric value should 'de
I im m ed iate ly bu t no t be displayeclto tsi rs.
'
(4)
If there is SQL error
it should be modified OU
' ul t server should never
be used.
I
(5) 00 w hi ch is a de fa
i SQL server 20 nt macbine
er be reside in differe
/'
·1 (6) se rv er an d we b se rv
;. Both da. tabase
i],
;
□□□
!
!.
I
.... .
Scanned by CamScanner
Cryptography and System Security
Statistical Analysis
~;1~1-t :~ s&,<r:: ·
tJi,, .,,, . . ,,,.,.::..,•~,,,,_,.-,'.
• .
-.-J••;.,-... ·.,.,,, '\,j~
~ .. _.,_ -. . ·
• .. ' . "f.•.: ':' ,-•':,t...,}~t.,,
-r",_.¥-~!.. n,-'' 1.·.-, ,.,·--
•·l,.- •.•
• : , ·:
·r, .•v- .2011
.
,,=• .,
' , .
1Dec. 201s 1
Chapter 1 : Introduction [Total Marks - 051
each goal. (5 Marks)
Q. 1(c) Define the goals of security and specify mechanisms to achieve
Ana.:
Chapter 2: Basics of Cryptography [Total Mar ka-1 1]
(3 Marks)
Q.1(a)(I) Define with examples: Substitution cipher.
Ana. : ~-- refer Q. 3 of Chapter 2.
(3 Marks)
Q.1(a)(II) Define with examples: Poly-alphabetic cipher.
Ana. : Polyalphabetlc cipher :
random letter from the
Monoalpbabetic cipher substitutes one letter of the alphabet with any
alphabet, but draw back in monoalphabe~c is that these are fairly
easy to break or this can make the
make it more harder to break the
cryptanalysis attacker straight forward to guess the pattern. So to
concept of polyalphabetic cipher arises it is a way to use more
than one alphabet and switchillg
between them systematically.
Procecl-.re of polyalphabetlc cipher :
1. Pick a keyword (for our example, the keyword will be "MEC").
2. Write your keyword across the top of the text you·want to encipli_er, repeating it as many times as
3· · : : ~ r , look at the letter Qf the keyword above it (if it was 'M', then you would go to the
·
row that starts with an 'M'), and find that row in the Vigenere table.
Scanned by CamScanner
C
D (15)•2
-
e
1
2
n p '· q ·r - u
V ,w ~ y -z
Scanned by CamScanner
1
· . ~ -•net System Secunty (MU)
D (15)-3
lh, ... " DJ· "'~ · . a..~
r , aJ 13.tr Ctpa ior (Use foll ,
u ~ USl.-e
dng steps to encrypt., give n word or message) we want to
~ dlt plai n text ntt. .~g c "The key is ~wd1
en und er the doo .
t...: •
. r usmg keyword domestic.
t TIie pu11ntcxt received is to be broken . pau of two letters, if duplicate letter put x
l 1b., ek, ey, is, hi, dx\ de, nu nd er th mcd
I ox, or
1 1 1
I
. Jf 1" - ~ 1~~ .....- -
~ sam e or only one I tt .
.! . ouu •
pai r alphabe t app ear . . e er is l~ft then put X with that alphabet. .
"- If both the l t . .
m same row replace
. ..
(\\fl Pl)l
tilt row).
ng arou nd to the left side of the ro ·r I . e ter with the mun
w a ctter ID the original pair was on the
I
ediate right alphabet
right side of
:- . ,.
''::.$°~7-
:,c,:.;..-:::
-=-
........,._
"--'-
:
6. If none of the condition explain.ed fabo ve mee t, then replace them with the letters on the same row E
~-·
respoctivcly but at the othe original pair.
~c. .- abo . . . r pau o comers of the rectangle defined by the
l'r
,,. ~q vc matrix for the same.
di -➔ Step 6 ➔ cf
ck ➔ StepS ➔ ar
ey ➔ StepS ➔ ae
is ➔ Stcp6➔ bo
hi ➔ Step6 ➔ gc
dx ➔ Step6 ➔ mv
de ➔ Stcp4 ➔ os
nu ➔ Step 4 ➔ pn
od ➔ Step 5 ➔ vt
er ➔ Step S ➔ ay
th ➔ Step 6 ➔ cf
ed. ➔ Step 4 ➔ so
ox ➔ Step6 ➔ mw
or ➔ Step 6 ➔ ep
1bc plain text message ''The key is hidd
en under the door'' encrypted as :
cf, ar, ae, bo, gc, mv, os, pn, vt, ay, cf, so,
mw, ep.
tal Marks - 15]
Chapter 3 : Secret Key Cryptography [To
tel structure. (10 Ma tb)
Q.4(a) Explain working of DES detailing the Fles
Ana.: PIN N refer Q. 1 of Chapter 3.
(5 Marb)
A.
Q. l(V) Write in brief about : Key generation in IDE
hm (IDEA) :
Ana. : International Data Encryption Algorit in
a block ciph er algorith m des igne d by Xue jia Lai and James L. Massey of ETH-Zurich
It is m. It operates on 64-bit plaintext and
1?9.1. It is a modified version of Data encryption S14Ddard algorith al 8
ks and key use d is of 128 bit It was used in Pr ett y~ Privacy POP v2. Tot
~ t bloc round
of rou nds are don e using 6 key s in eac h round. Like this 48 keys are there and in last
OUJ:nbcq rations performed
4=5 2) are used for both encryption and decryption. The ope
~ 4 key s (6* 8= 48 +
Ill this J>rOOess·are i)XOR ii) Additio
n iii) Multiplication
. '
. ' . ·.
Scanned by CamScanner
0(15)-4 ·
.. ---------.._
!!._)_ _ _ _ _ _ _. . : . .
~'Cryplog~~raphy~~and~~Sys~te~m!!S~ecu~rity~~(M!!'.U
rI
<9> (9) c9> (9> · (
Output Transform 2 2 2 3 2 4
1 2
t-
2. Encryption: i
s of eigh t iden tica l enc ryp tion step s (known as encryption r~:mnds) followed
The process consist
transfor mation . The stru cture of the firs t round is shown in Fig. 1-Q. 6(v).
by .an out put
h two of the 16-bit plaintext blocks usin
g ·
r 16- bit key sub -blo cks are com bin ed wit
The first fou + l. The
o 2
16
and with the oth er two plai ntex t blocks using multiplication modulo 2 16
addition modul ,
third
pro ces sed , whe re two mo re 16- bit key sub-blocks enter the calculation and the
results are then tion round
the bit- by- bit exc lusi ve OR , is used. At the end of the first encryp
alj jdn ic group ope rato r,
a partially
ed whi ch arc use d as inp ut to the second ellCryption ~u nd in
four 16-bit valu es arc pro duc
changed ordeL .
cribed abo ve for rou nd one is repeated in each of the subsequent 7 encryption
The proces s des
sub -blocks for each com bination. During the subsequent oulplll '
lllWlds using diflmnt 16-bit key
bit values pro duced at the end of the 8th encryption round are combined
tnmsfunnatioo, the four 16-
Irey sub-blocks using add itio n modulo 216 and multiplication modulo
widi tho last four of ~ S2 r 16-bit ciphertext blocks. ·
216 ·-f:' 1 to form the resulting fou
is
is
2
' -
First
round
7 additional rounds
Output
Z 1(9) transform
(9th round)
I (3) (3)
(3) - 1 (3) (3) (3) - I
1t --
Round 7
Round 8
z I
I
2
Z
3 4
Z 6
Z
z(2)- I z(2) z(2) z(2)- I z(2) z(2)
2 3 - 4 S 6
Zs Z
eia11a,,._.,,,,111,1
Scanned by CamScanner
-~ - --
!
Cryptography an
d Sy1tem Secur
ity (MU)
fo r decr
·
yption o
f the CJ 'phertex•
t is
d
es
e
sentia
c ry
•
:o
0 (1SlA ;I
~
. ,
lly the same as 1n ;
, :
~ . ~ach of the_s2 ,
--
c ry p
An1.:
select e & a.
y ualn g R SA al gorlthm : ven, m ea ns we d o n 't need to
B (7,119) is gi
Je~ s~ m e n t Public key (e,n) =lts n = 119 as shown below. Ar
. In the prob mg pnme numbers which resu
n. if we seJect foJJ
ow
rs are 7 and 17 a = =
7, b 17
Prim e nu m be
Step 1 :
b = 7 • 17 = 119. Q,
Step 2 : n = a • = (7 - I) • (17 -1 ) = 6 • 16
= 96
(a -1 ) • (b -1 ) (n)) = 1
Step 3 : ,P(n) = ely pr im e to ,t, (n) i.e. gcd(e, 4>
lativ
e such that it is re ent. A
St~p 4 : Select lem em stat p
e = 7 as per prob at
te d such th
Step 5 : Calcula 1
I
(n)
d = e- mod,t, ct
.: :
ed mod It, (n) =
1 b
7 •d m o d 9 (5 =
1 I p
m
Using RSA algorith
1
6•
i = 1 to 100 - (9 1 + 1')11 = 13.85
1)17 w he re
d _= ((f(n) *I)+sible b ' ' . - .
com pletely divi Y e .
be
d must
*2 ) + 1)11 = 21
)/ 7 -
.57 = ((96*3) + 1 - 48.28 ((96*4) + 1)11
= =55
= . ((96 -
d = 55
y = {e, n J : (7
, 119} .
Step 6 : :: b li c ke
te key = {d, n}
= {SS, 119}
• va .
text message m = .
Ste te cipher text m 10
p 7 • C alcu la r given plain '
r·
as P = lOessa de
g( e fo
Plain text denoted m noted as p)
C _ od 119= 1 ~-
o d n: 10 1 m VV UUU J1
¥)d 1J 9
·c - 73 p em
.
VV
: -
lculate pl am.
Step B: N . ow ca text p req •Jred at the time of dee .
nder sends 40 to rM
U se
te Plain text p. ~
ceiv er can IYP tion. Once
receiver then re aJ cu la
P = C" m od n = ?i 'c .-
mod 119
Now represent 40'' 19 wi]J
.
p ti o n = q mention above itaJ results P as I0. .
·Because d= 7J5'
e c ry
s always Yields 0rig
in
message /pJ!l-iu.. te X
t
I
I: .
:. . P
P· = 10 mod 11
9 =10 ·
I
' :
'
r ..
,.,
1
; ,· ..
Scanned by CamScanner
........... .... --ii!QJ,.11111--■PRIIIIIW\UIII\HI S .• IUUillllllJIIIWIC;;. .,
·, cunty (MU)
oiyptography and Syetem s,_
~ · -· D (115)-7
·l ·· . ..
· ·'-DNWMNl■illi
>i.··,. . .
' , . '
Scanned by CamScanner
D (15)-e
--.:..-
:)~~---- -----------
UU
em Security ( M M
Cryptography and Syst
ents
Digital Certificate cont
mber
Certificate version nu
ber
Certificate serial num
e identifier
Ah~orithrn for simatur
e
Certificate Issuer nam
Validity Details
e owner
Name of the certificat
e owner
Public key of certificat
r
Issuer unique identifie
ier
Owner unique identif
e
Extensions to certificat ure
y (CA) Disrital Signat
Certification Authorit . . . .
ig ita l ce rt ifi ca te
ure of x.509 D id en tif ic at io n m fo
nn at m n
Fig. t-Q. 2(b) : Struct e ow ne r an d ot he r
of th
te owner : The name . _
6. Name of the certfflca an d contact details.
d for iden tifyi ng th e owne r su ch as em ail id
bl ic ke y, w hi ch 1s us ed to encrypt
require ner's pu
y of ce rt fflca te owner : Certificate ow .
7. PubU c ke
rtificate owner. . y
confidential in fo rm atio n of the ce
i.e .
_ w he th er si ng le C A signed it or is an
uniquely
8. Issuer wuque iden tffler : Indentify the CA
. · the same
· CA using same details iq ue ly if tw o or m ore ow ne r has us ed
r un
ler : Indentify the owne
9. Owner wuque identff l private
name over a time. ld w hi ch al lo w s a C A to add additiona
tional fie n 2 or 3,
10. Extensions to certfflcate: This is an op fie ld s ar e ca lle d as extensions of versio
ese additio nal
informatio n to a certificate. Th ·
respectively. e ce rt if ic at e, th is in
formation is
e : In cr ea tin g th
11. CerUlicadon Authority (CA) Digital Signat signature on the certificate is like a tamper-
ur
the. issuing CA. ~
~A 's ed.
digita!Jy signe d by
m pe nn g w ith th e co ntents is easily detect
aging any ta
. detection seal on pack ?
nfid ttnti~ ity an d au thentication in emails (5 Marb)
es PG P achie~e co :
0. 5(b) Ho w do
curity : pretty gOOd privacy
Electronlc mall se
An1. :
L PGP Authentkatlon : ·
he W ants to send di gt·tan y s1·gned
Re) an d a
bas (p
Ramsaeageb m rivate/public) key pa ir (Rd/
I. to Suresh.
mes in SH A(m). .
H A -! to obta
sage Wling S
2. . Ram.sh bashes ilJe hash using his private ke Rd
mes . .
xt c given by
3. Ramesh encrypts
the Y to obtain c1pherte
. · c = CDcrn>tact(SHA(m))
e
4. Rame.h sends th ,--. m.c to Suresh .
~ ir (. )
,
ive s (m ,c ) an d de cry c in signature S
5. Sure sb n,ce
es h 8 public key Rd to obta
pts USing R am
ha sh o f _s = ~(c)
6. He com pu te s th e
1 t
_ ~ s hash valu e is equal to S then the
d .if
essa ge is au th en ticat ed . m UJJDg· SHA. an
m
sage is
Sufesb is sure that the me, d that is . do es come from Ramesh. Furthennorete
Ratneih cannot hdtr wdeith ny lendi . COrrect an e since only Ramesh has access to his priva
. re bw~:g the ~bhssc ag
~r- u v e l'U key Rd.
by Rd w hi ch .,,,o rb
·
..
.- -:,~11by,i&
·Scanned frs1a1i
CamScanner
· ----- '
...ntograph)' and System Security (MU)
C•,~-
-,.-- ~~====:--=-.:..--.:.__ __ __ __ __ __ __ _~~ ~
D (15)-9
-
z. PGP confidentiality:
I. Ramesh wishes to send Suresh a confidential messa
2. ge m.
Ramesh generates a random sess1·on key k tior a symm etric c · tos
Ramesh encrypts k using Suresh's publ'1c key Be to get ryp ystem.
3.
k' = encrypt8e(k) ·
get ciphertext c
4. Ramesh encrypts the message m with the session key k to
c = encrypti,;(m)
5. Ramesh sends Suresh the value s (k',c)"
6Su resh · ,
· recei ves the values (k ,c) and decrypts k' using his private key Bd to obtain k.
k = decrypt8 d(k')
7 recover the message m
· Suresh uses the session key k to decrypt the ciphertext c and
ffi = decryptic(C) . .
way to provide security for
Public and symmetric key cryptosystems are combined in this
key k is used only to encrypt
key exchange and then efficiency for encryption. The session ·
message m and is not stored for any length of time.
3. PGP authentication and confidentiality :
ined so that Ramesh can ·sign a
The schemes for authentication and confidentiality can be comb
The steps required are as follows :
confidential message which is encrypted before transmission.
Authentication scheme
I. Ramesh ge~rates a signature c foe his message m as in the
c = encrypiRd{SHA(m))
2. Ramesh generates a random session key k and encrypts
the message m and the signature c
using a symmetric cryptosystem to obtain ciphertext C
C = encryptic(m,c)
3. He encrypts the session key k using Bob's public key
k' = encryptee(k)
s
4. · Ram esh sends Suresh the value (k',C)
to obtain the session key k
5. Suresh recieves k' and C and decrypts k' using his private key Bd
. k .= decrypted(k')
6. Suresh decrypts the ciphertext C using the session key
k to obtain m and c
(m, c) = decryp~{C)
it he uses Ramesh public key Re to
7. Suresh now has the mess age~ In order to authenticate
decrypt the signature c and hashes the message m using SHA-1.
If SHA(m) = decryp~e{c)
Then the message is authenticated.
Chapter 7: Program Security [Total Marks• 121
(2 Marks)
Q.1(a)(III) Define with examples: Salami attack.
works on "collect and roundoff' trick.
Ana. : It is series of small attacks which results in large attack. It
takes ~vantage of rounding. operati~n in
It is a fraudulent practice of stealing -money repeatedly .' It
fractions of_amount remained will be
financial transactions. It always rounds down and thus the
go undetected. Such type of attacks can
· transfered into some another account Thus the transaction will
be easily automated.
. (5 Marks)
G.1(b) With .the help of examples explain non-malicious programming errors
.Ana.:
.
,,._. reter
..
·a. . 1 ,a. 2 and. Q. 3of
.
.
Chap
.
ter 1.
C..IJIIM♦itiiiit•ilfli- -.· . I -
Scanned by CamScanner
(
0(15)-10 ...
I
[.
(5 Marki) I
i
t.
Q. ~ ) . Write In brief abOut ; Viruses and their types
.
t'
. d· ks
Ana. : type s of vlru• : like disleclll and hard dnves, ".11 M1.s as:rBha rd '
ll _ _., ,,1,,, .... 11 inf..:ls tlte ,1omg.• media II d B t Secto r This boot carrie s r oot '
. . - • . .
sen~s ""-"'t,tin ~tor and the first sector is ca ~ as oo
t . . . feet itself sector while
The virus h te
Rc!\."L'l\i whk.h is used to read and load operating system.
in
if same disk is share d to ot er syS m.
~b-.-x'<i~ systcn, B~'IOt sector also spreads other computers · · these virus gets opened
·
l"r-o8ram \'lrus : A program virus gets active when program
contammg
(l)
(.bin•.c.,-c, .twc), once if gets open it starts copying itself and
infect other program.
Muldpardte virus : It is combination/hybrid of boot secto
r and program virus. It infects the
(3
program files. Wben this virus is active it will affect boot
sector also after booting or starting up
Scanned by CamScanner
,·.· ( )_ 1
) · · ··c,yptog·raphy and System Security (MU) 0 15 1
----
adfllioiStralOr passwords are required which again limits acces
s to that files. All none system thus
eptable due to following reasons, .
. provides either full access or n~ ~~- But this approach is unacc
assumed that all the users
Lack of trust : Every time it 1s not possible to trust other users. It is
anywhere.
..,e using system with good intension. But this assumption is not justified
Too course : It is hard to provide selective rights to selective users . .
with each other.
Rise of sharing : Due to time sharing concept users always interacts
Complexity : Every time human intervention is required.
may browse other files also.
File listings : File lists are maintained for users. But interactive user
a new modified approach is
Group protection : Due to so many drawbacks of All None system
introduced where groups of authorized users are created. then
access is given to these authoriz.ed users
groups. This scheme also has following disadvantages,
s. i.e. one person one group ;
Group affiliation : One member cannot be a member of two group
nts to get involved into two
Multiple personalities : A single person may have two accou
different groups.
All groups:
the world.
Limited sharing : Files can be shared to only within groups or to
ple files can be locked. But
Single acceu permissions : Using passwords the single or multi
again this scheme has dra\\'.backs like forget password,
attempts to provide a correct password, leaked
password etc.
Per object and per user protection : In the groups ~ffer
ent objects can be assigned to different users.
New users when created their access rights to different objects
are also specified also.
two different reasons :
User authentication : Authentication is basically perfonned for
nn an operation. · ·
1. To check whether a requesting user is having pennission to perfo
2. To pedorm an audit trial i.e. who performed what operation.
Authorization:
or a server gets pennission to
Authorization is the process by .which an entity such as .a user
perform a restricted operation.
F~llowing are the commonly used au~entication techniques :
m itself. Based on the type of the
1. Local user authentication : Verification by the operating syste
Guest
user different access permissions are given. Ex : Administrator,
to check whether it is safe
2. Network host authentication: Verification of remote server in order
to submit data or not. Ex : Digital certificates on the webs
ites.
te servers.
- ·3. Reino&e user authentication :'Verification of a user by some remo
Ex : User verification by sending usemame and ·password.
Scanned by CamScanner
~~~-~· ~~-~~S~~-ty~(~~)_ _ _ _ _ _ _ _ _ _ _ _ _D_(........:1~~~
(
\.
~ryptography $nd System ecun r
Scanned by CamScanner
D (15)-13
' . _,,.. ~
IP spoofing :
In this attack, attacker establishes a large number of "half-open" connections using
IP spoofing._
™· attaeker first sends _SYN packets with the spoofed (faked) -IP address to the victim
in order to
s with SYN/ACK
· establish a connection. The victim creates a record in a data structure and respond
message ACK for
message to the spoofed IP address, but it never receives the final acknowledgment
to respond to the
establishing the connection, since the spoofed IP addresses are unreachable or unable
out period, the
· -sYN/ACK messages. Although the record from the data structure is freed after a time
overflow the data
attacker attempts to ·generate sufficiently large number of "half-open" connections to
structure that may lead to a segmentation fault or locking up the computer.
n two
In session hijacking, the hacker talces over the control over the TCP session betwee
gain access to other
· machines whereas in spoofing the .attacker pretends to be the authenticate user and
machine.
Steps In session hijacking :
1. Sniff the network, by placing itself between victim and target's network.
2. Monitor the packet flow between two machines.
3. Predict the SYN sequence number.
4. . Kill the connection to the victim's machine.
5. Talce over the session.
6. Start injecting packets to the target server.
Types of session hijacking :
1. Active : In active attack , attacker finds the active session and takes over.
session.
2. Passive : With passive attack, an attacker hijacks a session observes and analyses the
Session hijacking levels: · _ _
Network IeveI .• It can be defined as the interce
. ption of the . .n
. transmission betwee
. packets during
1. s providing
. .attracti
· larly ve to hacker
• and
client · server · m· a T·c·p and UDP · session. It is particu . .
• · lmonn
cntica · to the attacker which is used to attack apphcation level session.
· fi ation
Ex. : TCP/IP session hijacking
IP Spoofing
· . . . , .
Packet Sniffer (Man-in mjddle attack)
2. · about gaining, control on HTTP user- session by obtammg session s 1d, _
Application· 1eveI : It 1s
after gaining control it creates a new unauthorized access. ..
Ex. : Sniffing
Brute Force attack
. Misdirect trust · · .
Various tools of ~ion hijacking are -: Wireshark, Juggernaut, IPwatcber etc. -
Scanned by CamScanner
1
5)~
( -.:...
_ _ _ _ __ ___o--:...
··-~c~ry~pt~og~ra~p~hy~a~n~d~S~ys~te~m~S~e~cu~rity~(M~U'!.!.)_ _ _ _ _ _ _ _ _
..
,·
. ., .
<
,• '
. .• . . . ~·
'. -:·'
. ' '. ... : .,·, .
.._. ' -.
. ,,
· ., , ,. -·
. . .. .
•
.. ·.
'\ , I
_., • . ' i
Scanned by CamScanner
_____ (~~)-
_!!_M~16
__
~~rap:..-h.:...yand te_m_Sec_u_rity_(M_U.,;_)_ _ _ _ _ _ _ _
sy_s...... 1
[ May 20161
I
l
l
to the resources.
Q.1(b)
Chapter 2 : Basics of C!Jetoaraeh:( [!_otal Marks
ciphers. (5 Marke)
l l
Ana.: Pleaae refer Q. 5 of Chapter 5.
hentlcatlon Applications [Total Marks - 15]
1: Chapter 6 : Aut_
(10 Marks)
i
·' Q. 4 (b) Explain working of Kerberos.
. t
•.
. .Ana.: .
Plea
. ee me rQ. 1. of Chapter ·&.
·j
. (5 Mar ks)
Q,8(Q .
·'• · . Write in brief about : Email security.
An,..: Please refer Q. 6 of Chapter 6•
.
.-.. ~ '
... _ ~ .
-_.,;
.. Ii• .
Scanned by CamScanner
(16).~
--
~
security (MU) ~ Cry~
· .
Cryptography and Sys tem S urltv [Total Marks - 05]
grarn ec -- .
Chapter 7 : Pro
clasi
The:
hig,h
nece
(S
and address protection. '-'•~1 , be g
a. 5(b) What are the various ways for memory info,
8 ·
Pl ••• refer a. 1 of Chapter · - 05]
Ace
An•. : 9 Database Security (Total Marks AU
Chapter : ope
(S Ma'b)
ieve access control.
a. 3(1) How does the Bell La Padula model ach
. An1. : The Bell-La Padula Model
(BLP) :
ion of the Ac cess ~a trix mo del witb classified data. This mOdel has
Bell-La Padula is an ext ens to use Q.
ication and Set of cat ego nes . Be ll-La Padula model shows how
two components, Classif
Trojan Horse.
~andatory Access Control to prevent the Al
a secure system are :
Two main properties of this model for a higher
me ans : A sub ject at a giv en sec urity level may not read an object at Q
I. Slmp~e security
secunty level (no read-up). A
ject at a giv en security lev el mu st not write to any object at a lower
2. Star ~roperty means : Aow sub
secunty level (no write-d n).
ation.
s model guaran tees secrec y by pre ven ting unauthorized release of inform
Thi
C
J
Secret
Confidential
Unciaaslfled
File A
Lable: Top Seoret +- Write only
-
FIie B
labia: Sec,at ♦ R9lld/Wrtte
...
· FUec ···
~b le : Confidential - AEHld only
-
.' ,
:, , .
·,.. ·t1ea
.. ,1ass1
::;~;;;:~·:·:::::-:-=~~'--__:__-:-----~~
. :: >:,~:-:'.: ,~phyand System Security (MU)
.,·;,;;.,ol09· ··p
'. ·. ::- :A
- riate
. p;op
info rma
.
access rights .and permiss·ions must be
tion . Con fide
.
ntial informati on can be se gran b
ted to individ uaJ s before th
. ey 0can see
M (16)-3
·
ret or Top Sec re t .mformation en Y those who ha ve permissio nt .
ltk ..,· , ... are not tJ1Jsted to see Sec b D ~ see 1t.
.. •,1ttY ·· 'II the reverse as shown i F · ata flow oper at es 1rom Jo 1
,-~hr Jevels. It w1 never e . Even if someonewer evels to
' ~f.e (suc h as a secu rity 1 n ig. 1-Q . 3(a) has II th
, . . sarY offic ial app rova ls c eara nce) t ·
~ . . . o access certa in info rma t' h a e
ss to such mfo rma tion unless they h
."given acce teythshould ~ot
's o;~e _aalndeed_ to know that is, unless a~; :! o e specific
rka) ·~rormation necessary for the conduct .of one uties B II L
• Jill',-, I b d fi d and thus mformat· ic1 fl ow can b· e - aPadula is a simP1e 1.mear model.
. ·,cces . •s Jeve sca n e e me • 10n
controlle d as shown in figu re 1-Q. 3(a).
ls of obJects are static · B ecause of thie
. _r,
; _"I the. secu nty leve . . .
.~ · , 'd · em becomessvery ctions at different le ve1s certam
restnd"ffi
. 111\' !rations are outs1 e the context of protection syst I
vr~ 1 1cu t to perform.
kaj · · .. ·
. ,, : . .· - . . Chapter 1O : ·IDS and Firewall [T l Marks -15)
.. . . s _ ota
_·: :\-: _ __ _. . · _
.· · ·
ificance of an intrusi on detec·t1on . ·
tas . · o.S(c) · ·:Exp lain the sign system fo a .network. compare
· ·- • · • r secunng
1se . signature based and anomaly based IDS.
(10 Marks)
.
· : An~.: . · Please refer a. 3(b) of Dec. 20 15
all des1·gn pnnc . Ies ?
. ,p (5 Marks)
er · all?
.. : . - Q. 5{a) .·.. W~at is a· firew . firew
What are the
1o. .
_ · · Ans;: · Please refer Q. 8 of Chapter
- 1OJ
Chapter 11 : IP Security [Total Marks
ocol. (5 Marks)
a. 6(11) ,Write in brief about': SSL handshake prot
5.
Ans. : : ·PleHe refer Q. 5(a) of Dec. 201
(5 Marks)
security.
Q, 6(111) Write in brief abo ut: IP Sec protocols for
·. Ans.: Please refer Q: 1 of Chapter 11.
.
ol Vulnerabilities Phlshlng
Chapter 12 : Non-Cryptographic Protoc
-, '•·
-lNo.· . ;
e
.s~f ing is the technique to get the identity
of
·Sniffing · ·is the . most effective techniqu another computer with the special privileges so
Which is used ·to ·attack •over · the network .as fo get over to the network .
. and gain over the network
2 .. ·. . ·. . . .· . ... "
.- : .
S~ fin g ~s the ac~ve secur~ty attack'.
~ Sni~ng is a passive k.- . . ,
'
.sec urit y a~
... -- - ...
' . ·...., . .
. . ~- - . -' ' .. .' ·.
Scanned by CamScanner
(16)-4
_ _ _ _ _ __:,:M
=====
Sy
=-
st
--
em
r--
Se
--
cu
~----=----~
rity (MVIIUlJJ)._ __:,_
______ _ _ _ _ _ _ _ _
=
d
=
· .Cryptography an
Sr.
- - - - 1 ------------
packetsnffflng
- - - . . , ; . _ . -w-s
~-+-------
No. - - Spoofing fo llo the te nn "masqu
erade"
n~
word "sniff from the oling the other machi
4. Sniffing word coines Masquerade means fo er
er'' is Ethernet into accepting the other us
the ether'' where "eth on the ne tw ork
network.
network into real or original
ith the help of sn
iffin --
s. Sniffing can be used in the good ·and bad
Spoo fi ng is do ne w
use with the help
o f sniffing it is mo! ·
beca
manner. effective.
(5 Markt)
in brief about : Den ial of service attacks.
Q . 8(fv) Write
f C ha pt er 12.
Ana. : P IN N refer Q . 4 o
□□□
. :.
' , .. ..
Scanned by CamScanner
[ Dec. 201s f
~,
",,•j
~
-/-1
- - . l -~ - D:!f
h
~
"
. iing ~ examples =
a:
dph e-, ii) PC>Jy-afphabetic cipher,
iv) · Session hijacking
(5 Mar ks)
s- ~ of security and spec ify mechanisms to achieve
each goaJ.
Qn and private
user A is defined as (7,119). Calc ulate
RS A~ ~~ PlZt:ilie key (e,n) of publ key ?
ic
encrypt message m= 10, using the
~c i. \\~ is_~cip her -tex twh en you (10 Mar ks)
I
iij _IP ~ I Q .
q Ke)! gae atic n i1 IDEA.
□□□
_(SM arks )
· · - -...-...~.....c~ to achieve security "'
) list exarr.- Ille (iffe cem 11-. .,IIC II-.• _ ' . _ . .. : -
(5 Marks) . ·
-
. ..
. . , .. .-· . ·-
'
, . . '
·: ;.
,·
Scanned by CamScanner
·. .
. ~
. •·C!l!~r!PhY ~nd System seourity (MU) · . · •thm to share a key. The
y chose p :: 23
: · · 1
· .·· · , pectively. Compute ~d
B dec ide t
· o use Olff ie He ll~ ~: :; keys are 6 and 15 res (1 OMa e
O. Q {a) A and - -
pub lic. par am ete rs . The
.
. ·. . -g -= 5 as the . r1t1)
secret key the t they sha re. .
(lO Mar1ts)
of DE S. .
(b) Expla1n working
- II La Pad la model achieve access control ·
· : --· · u (1 OMartta)
Q; S : ·f ) What Is access control?
How does the Be
·
uvithm in detail. (1 oMarks)
· · · d'g lt 1 ,,.e al.r~-·
· ·nahu,,..,
· a !UQ ·
at Is a digital signature. ExplaJ~ any
· ·.Wh· I
(b).
laln session hijacking attack. (10 Marica)
pac ket ~t ing . Exp
·.·a. 4 _{a) Compare packet snif fing and
(10 Martes)
·(b) Exp lain won dng of Ker ber os.
(5 Mar1c1)
at ls a flrew aJI? Wh at are the firewal l design pfinciples?
0. 5 (a) Wh
(5 Marb)
are the vaJ iou. s way s for me mo ry and .ddre: protee ·
· :· . (b) , Wha.t
n delectfon system f securing a net
work. ~ re
laifl the sJg ntfi can ce of an Intr usio
(c) Exp (10 Marlt1)
re based and anomaly based IDS
.
. signatu
(20 Marki)
0 . 6 Write in brief about (any four):
_i) . Email security, · ll) SSL haodsha.kD protocol,
. Den· I of Mee 8:9.:c:c:.~
lrl) IP Sec protocol for security, fv)
v) ·. 10 ~ ·
t .
. ; ...
. .-· . ~: . . : : ' .
.. .. . . . ·· . }:• .r._.
. .• ·: . :· '· '
I • · •••; ' . • • • •
• •
. .. . .·...' ~ . : . . ,. •.
Scanned by CamScanner