Detailed Syllabus

Introduction and Number Theory

|
1.1 | Security Goals, Services, Mechanisms and attacks, The OSI
security architecture, Network security model, Classical
Encryption techniques, Symmetric cipher model, mono-alp
habetic
and poly - alphabetic substitution techniques : Vigenere cipher,
playfair cipher, Hill cipher, transposition techniques : keyed and
keyless transposition ciphers, steganography. (Refer Chapter 1)
1.2. | Modular Arithmetic and Number Theory : Euclid’s algorithm -
Prime numbers — Fermat’s:and Euler’s theorem - Testing for
primality - The Chinese remainder theorem, Discrete logarithms.
(Refer Chapter 2)
2 Symmetric and Asymmetric key Cryptography and key Management | 12
2.1 | Block cipher principles, block cipher modes of operation, DES,
Double DES, Triple DES, Advanced Encryption Standard (AES),
Stream Ciphers : RCS algorithm. (Refer Chapter 3)
2.2 | Public key cryptography : Principles of public key cryptosystems -
The RSA algorithm, The knapsack algorithm, ElGamal
Algorithm. (Refer Chapter 4)
2.3 | Key management techniques : using symmetric and asymmetric
algorithms and trusted third party. Diffie Hellman Key exchange
algorithm. (Refer Chapter 5)
3 Hashes, Message Digests and Digital Certificates . 06
3.1 Cryptographic hash functions, Properties of secure hash function,
MDS, SHA-1, MAC, HMAC, CMAC. (Refer Chapter 6)
| 3.2 | Digital Certificate: X.509, PKI. -—(Refer Chapter 7)
4 | Authentication Protocols & Digital signature schemes 08
4.1 | User Authentication and Entity Authentication, One - way and
mutual authentication schemes, Needham Schroeder
Authentication protocol, Kerberos Authentication protocol.
(Refer Chapter 8) +

Scanned by CamScanner
 a

: 4.2 Digital Signature Schemes - RSA, ElGamal and Schnorr signature

| P| schemes. (Refer Chapter 9)
5 — | Network Security and Applications
5.1 | Network security basics : TCP/IP vulnerabilities (Layer wise),
Packet Sniffing, ARP spoofing, port scanning, IP spoofing, TCP
syn flood, DNS Spoofing. _ (Refer Chapter 10)
5.2 | Denial of Service : Classic DOS attacks, Source Address
spoofing, ICMP flood, SYN flood, UDP flood, Distributed Denial
of Service, Defenses against Denial of Service Attacks.
(Refer Chapter 11)
5.3. | Internet Security Protocols : SSL, IPSEC, Secure Email : PGP,
i Firewalls, IDS and types, Honey pots. (Refer Chapter 12)
| 6 System Security 06
| 6.1 Software Vulnerabilities : Buffer Overflow, Format string, cross -
i site scripting, SQL injection, Malware : Viruses, Worms, Trojans,
} Logic Bomb, Bots, Rootkits. (Refer Chapter 13)

000

aaa
ore
yee
7) cian
rae
—
Tete
.
2
ie ee te
‘
G
pat

Scanned by CamScanner
 Lab Code Lab Name Credit
CSL604 System Security Lab 01

Lab Outcome .
Learner will able to
1. To be able to apply the knowledge of symmetric cryptography to
implement simple
ciphers.
To be able to analyze and implement public key algorithms like RSA
and El Gamal.
To analyze and evaluate performance of hashing algorithms,
To explore the different network reconnaissance tools to gather information about
networks.
5. To explore and use tools like sniffers, port scanners and other related tools for analys
ing
packets in a network.
6. To be able to set up firewalls and intrusion detection systems using open source
technologies and to explore email security.
7. To be able to explore various attacks like buffer - overflow, and web - application
attacks.

Suggested Experiment List : (Any 10)

_St.No. ad oes ee Descripti

1 Design and Implementation of a product cipher using Substitution and
Transposition ciphers. |
2 Implementation and analysis of RSA cryptosystem and Digital signature
scheme using RSA/EI Gamal.

| 3 Implementation of Diffie Hellman Key exchange algorithm.

| 4 For varying message sizes, test integrity of message using MD - 5, SHA - 1,

and analyse the performance of the two protocols. Use crypt APIs.

Scanned by CamScanner
5 Study the use of netw
ork Feconnaissance
nslookup to gather inform tools like WHOIS, dig,
atio n about networks and doma traceroute, | '
6 in registrars,
|
.
Study of packet
Sniffer tools ; Wi
reshark, : cn |
1. Downlo ad and install wireshar
k and capture icmp, tcp |
Promiscuous mode. , and http packets in|]
2. Explore how the Pa |
ckets can be tr aced based on differen
7 Download and instal t filters
l nmap. Use it with
.

Perform OS fingerprin different options to

‘

ting, do a ping scan, Scan open ports,

_
!

Scan etc, tcp port scan, udp port

scan, xmas
‘
8 Detect ARP Spoofing
using nmap and/or op
Wireshark, Use arpi en source tool ARPW
ng tool to generate ATCH and
Wireshark, gr at ui to us arps and monitor usin
g
9 Simulate DOS atta
ck using Hping, hpin
g3 and other tools.
10 Simulate butter Overtl
ow attack using Ollydbg,
Splint, Cppcheck ete,
11 a. Set up IPSEC unde
r LINUX.
b. Set up Snort and a
study the logs,
12 Setting up Personal
Firewall using iptabl
es.
13 Explore the GPG tool
of linux to implement
email security.
14 SQL injection attack, Cr
oss - Cite Scripting attack
simulation,

Scanned by CamScanner
 Table of Contents

Stace pre erie eres

Syllabus : Security Goa
ls, Services, M ec 1-
to 1
1-57,
model, Classical Enc hanisms and
attacks » The
ryption techniques, Osi Security architecture
techniques : Vigenere
Symmetric ciph
er mode , ™Mono- , Network security
Cipher, Playfair
cipher, Hill elpher alphabatic 4nd poly-a
, trans Positi lph abetic substitution
on techniques : keyed and
keyless transposition
LE Introduction.............,.
.
~ — Syllabus Topic
: SOY GOO
neetinannt
1.2 Security Goal (Dec intninnsr an er
. 15)
~ Syllabus Topic :
Services
TENANCE S AORN Sa
1.3 Security Service (D aT ted vaaseangsanv
eseiis
ec. 16) O4 et esemenanetensese
en
~ Syllabus Topic : Me
chanisms and Attacks.
............
1.4 Security Mechanisms (Dec,
15, May 16) Serananasnnnsenate
1.4.1 Specific Security Mech
eteenannsaesssasss
enaseeeosseessseie
ae

essersses,
anism / Attack Preven
—

tion “Wttnestcaviaasessonrsee
1.4.2 Pervasive Security Me esernessnsst esievenssesics 1-8
+

chanisms / Attack Detect

ion
fa

1.4.3 Attack Avoidance

es

.°
si

1.5 Security Attack (May 18)

wa

1.5.1 Difference betw een Act

ive Attack and PRN
¥ E censu AE
Syllabus Topic : Te OST Secutity APCLECII i s 1-16
1.6 The OSI Security Architectu e i e n n e n n t i i i nnir 1-16
;
re.. . Sst Mole
Y Syllabus Topic :
ee Operational Model for Networ
NTT OS aR bepeeiecta vs aegeenedtlccoeasseci
cade
k Security eeaeee ‘see enentasenene,
Basic Terminology in Networ
k Securit FOCOO Te en en eset ensue,
1.8.1 Cryptanalysis/ Cryptographic AtACKS .sr
etssnnnntnsntnnnisiet tines. 1-2
Y Syllabus Topic : Classical Encryptio 0
n Techniques WDE
easrgvccs Dassoerb
1.9 Encryption Methods ..sccesssessseo. wij ee
meediononrlonconcoise
¥ Syllabus Topic : Symmetric Cipher
Model .........cccccccccsssssseseesse Bion cu si
LSii aN EEE IESE seman vies 1-23
1,9,] Symmetric Key Cryptography......
..... seasons niadtasesd ngnuesvaniinaniasgesvessesscee
essares 1-23
1,9.2 Asymmetric Key Cryptography........
sccccsssssessseesestssesssnsece enecennteetent anuagraansee
azs 1-25
1.9.3Difference between Symmetric and Asymme
tric Key Cryptography -escessssessses.. 1-28
1.10 Block Cipher Principles ...,....s..s.ccssesssese ssed
ees eenrsnnnaci Fssisdetstitidia ticasteartviaclenetoes sseetessabeseta 1-29
1.10.1 Stream Cipher.........sssessscseee: MEAT CNS OPN Sense asEs ete nreteeteoesenre

¢
®

Scanned by CamScanner
 ‘fj ‘
Table of Contents

-n ; ne Stream and Block Cipher (Dee: el —— 42 peel

yt
1.10. . a aussersenennntnates 2.

Le a pea one
v iia : Mono-alphabetic and Poly-alphabetic Substieotipe roe 2 syitab
. al
LU Substitution Cipher Techniques (Dec. 15).....-s-sessesseeere
[.11.1 Caesar Caplaetsssrrernenenennreenerern gaueaeieaat . nit
1.11.2 Monoalphabetic Cipher ...........0scee sanecennesnees
ieee ESET
rnnss v Syllabui
1.11.3 Polyalphabetic Cipher (Dec. 15)...-sosssusensesesceermerne
| 1.11.3(A) Procedure of Polyalphabetic Cipher......ssssssscsssrssersneereren 2.5 Disc
| 1.11.3(B) Difference between Polyalphabetic and Monoalphabetic (Dee. 17).....+:-+:s+s-+-+- 2.6 Fern

il Y Syllabus Topic : Playfair Cipher.eecsessesssinssnsesssseseeneunnnenseneeneeneesnsnnertineesneesansaneeeey _ + Chapt

1.11.4 Playfair Cipher.......
1.11.5 One Time Pad (Vernam Cipher)
if — Syllabus Topic : Hill Cipher-.scssssosotoscsstststssessstststennennnesee :
{We 1.11.6 Hill Cipher ..scscceccssssssessssnvsssssecseveennesnensenseneverseuencneeveee Syllabus : 8
H v Syllabus Topic: Transposition Techniques...sssesesseserennees ieee HaiienimrnenentTinmannenunatTY Encryption St
jj j 1.12 Transposition Cipher Techniques (May 16).........c.s:-cse:sesssssessesecesesesesssssessscenenees steed | ¥ Syllab
Ly ¥ Syllabus Topic : Keyed Transposition Cipher.........ssssssssssssesssassessssene 3.1 Ble
Py : 1.12.1 Columnar Transposition Technique ............s0.+ ¥ — Syllab
{| 112.2 Keyless Transposition Techniques 3.2 Bl
/ Y — Syllabus Topic : Steganography ..vcccccsssssstessesssssssessse
3.
1.13 Steganography Applications and Limitations ..cc.-ccscsccsssessecsosssce 3.
e Chapter ENS aaiiccvsssssseveavassuarieciasiieseesresr inn
3,

3.

3.

orem, Discrete logarithms. ¥ Sylls

21 Modular Arithmetic .........cccscssssseseecccsosessssssese L 3.3 1
21d Mathematical Background CCCP eee eeeretenteeanensen e
SOSSSAE E DOOR OR SE RE ES Sree cers tne eeceadEbeess
etesrepaneeceit
¥ Syllabus Topic : Prime Numbers........... F Onset
es neseneee:

2.1.1(A) Prime Numbers... sssdsonesansnecansnessceoyso

abieessassesnissssossscdioounscclbesoese,.cidvll i
2.1.1(B) What is GOoo.D?
eeccecccsecccsseossesses : & sadieoee

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp
) 3 Table of Contents
Y Syllabus Topic : Buclid’s Theorem sstts
eessnsasserseseeseas
12 Euclid’s or Euclidean Algorithm ssesn
sssutnsnsisssonissersceneess
sersestanees 2-4
2.2.1 Extended Euclidean AIZOTHOM.
..cescccccss
scsees,
¥ Syllabus Topic : The Chinese on 2-8
Remainder Theorem.............
,
23 Chinese Remainder TOTEM sses 2-11
Vv ssccnsssssersonene
Syllabus Topic : Euler’s Theore
m .....cccse 2-11
2.4 Euler Totient Function PUG) ssusaisais, 2-15
TUONO OCLC OMe auNteseeceneneas

2.4.1 Euler’s Theorem Sanaanem

onnecy setemnaescensassansssssssesessseeestestetersssssasts
¥ Syllabus Topic : Discrete Logarith tessesssssssccesesansnssanee 2-16
......ccccsescccsseesesss
2.5 Discrete Logarithm svvsssesensnssesnssa
rtensatstsnesessetsetessessessec
2-17
ess
2.6 Fermat Theorem................. 2-17
.. ,
© Cha seoreee 2719
End
p st
ooo. er c cs c sesec.

; Syllabus : Block cipher principles, block cipher

modes of operation, BE: S, Double DES,
Encryption Standard (AES), Triple DES, Advanced
Stream Ciphers : ACS algorithm.
| Y Syllabus Topic : Block Cipher Principles...sissssen
nnnnanteninnuninvnueseeee, 3]
3.1 Block Cipher Principles sss siitetmaeen’racagntece ssssconaneseserssssesensanssansasens
evsesess 3-1
“Syllabus Topic : Block Cipher Modes of Operation veniesnii
ntnmnnorneeerecc. 3-1
3.2 Block Cipher Modes of Operation ....1mnninnmitunvnininmriin
npaneeteeeec. 34
3.2.1 Electronic Codebook (ECB) Mode (Det. 16) voces ee
3-2
3.2.2 Cipher Block Chaining (CBC) Mode (Dee, 16) scomncolbeas
arzenes ee ee see 3-3
3.2.3 Cipher Feedback (CFB) Mode asrccsicaassovstiSeasnsiinsstsitidsiseiiiutsisSionsees
eenmaregrrmmennaane BA
3.2.4 Output Feedback (OFB) Mode......sessssssstassstinsininttnmnmenneusueus
uenesnens 346
3.2.5 Counter (CTR) M0de.....nsssmsnstinunanmninnunesinmnsn
nunnuuntens 37
3.2.6 Algorithm Mode Details and Usage ......sssssnsuisusaietitnsesnntntnsi er)
¥ Syllabus Topic : DES sisssestedscisccsS copsreeres leanne: sav abassncatveu eb tasiuedcd Oh ea cassanaseosvssaubunseaanaccayvecusaiuia
edis 3-9
3.3. Data Encryption Standard (DES) (Dee. 15, May 16, May 17, May 18) .scsess:ssssnesnsnene 3-9
3.3.1 Conceptual View of DES...........ss000 sststctesnncenes fe PMN eos ocnenattete
ean sesseersnessieees S71
3.3.2 Detail Steps OF DES secsssssesseeosercnsoncecansanssnnsensivontlienssaidfesvereesilla
creesaessnansstt
dtlle seen 3-11
3.3.3 Britial Permutation (IP) 04.028 wcwsinaBesssanctveescsellecnsisscetheeiessiaaticaitaaeaenies rereaietinis 3-12

3.3.4 Rounds Sieiooneeeeenonidiittoainmimio atic sRtenevans 3-12

Scanned by CamScanner
 Cc pt. &2

: MU-Sem. ——=
ET sys
cypt.s Seouty WEEE 4.3.1¢
esserser erererre tt 4,3.1€
3.3.5 Final Permutation.....scss
seseesns 4.3.1¢
3.3.6 Strength Of DES ......s+ssssesss
3.3.7 Weakness in DES .... 4.3.2

“y— $yllabus Topic : Double DES cecccssesscssvecssssescssnesseavsnseaneneeneet® Y_ Syllabus

3.3.8 Double DES ..sssssssseessacsessssssssnessenennearsnsenennrent®
4.4 ‘Knap
7 Sylisloas Topic : Triple DES nvesisessnnscne rs unanmmn sneenoed 44.1
ennnnnenenrneri nnmeneegePG
ih Triple DEES sesesnsereensvmeetnsnststnsest
3.3.9 44.2
sseennnnsssenes
tion Standard (AES) ssssssseccossnnseesn
¥ Syllabus Topic : Advance Encryp 4.4.3
sanvcenecnnennets
1 3.4 Advance Encryption Standard (AES) ......-wssssssseersr ananeenn Y Syllabus
| : ‘ 3.4.1 Tntroduction to AES ..s.ssssessecsssssscssencesssecesetnnnnrssseceneneneren®
4.5 ElGa
i 3.4.2 Silent Features of AES.....sssssssssssssssssssnenreeceesesennensssent®
4.5.1
AES Encryption and Decryption Process .....--+ss-+-1
eoneuceheeeessesusceedeaseuneneesee
| Il 3.4.3.
4.5.2
Detail Steps for AES Encryption......sssessesssnserses
wuwereresecceeeeetesseseuanenaeenes
3.4.4
padereeenesceneseeseeeomeseeeeeneaee
4.5.3
3.4.5
3.4.5(A) Difference between Data Encryption Standard (DES) and Advance
4.5.4
i
: 4.5.5
Data Encryption Standard (AES).........+0++
« Chapte
. ¥ Syllabus Topic : RCS Algorithm... anenedeeeeteeeebeseecneeeeneeeenenenscoenne

if if 3.5 RC5 Algorithm..... Sees kee es ease ERA nO eNeeL ee emsenennennenenenee

he y, e Chapter Ends..........
Foner pe Syllabus : Ke
Hellman Key «

faa
Syllabus: Public key cryptography: Principles of public key cryptosystems- The RSA algorithm, The knapse . 5.1 Key
algorithm, ElGamal Algorithm.
4.1. Public Key Cryptosystem with ApplicationS.....sscsscsscsssssssssssvessessseseenes Beisel echbstna neasecbuntes fee
4.1.1 Applications for Public- Key Cryptosystem, O00 Snes eevee edenenaeennaeneseaseeeseeeeeenaerseeens
¥ Syllabus Topic: Requirements and Cryptanalysis Se eeee ee eneneeeenenseeseeeeeeneserreneasennes

4,2 Public Key Requirements and Cryptanalysis..

4.2.1 Public Key CryptanalySis ...sccsssssssrsseetsrersssesnesresscssesssseseeos bobbie me .
¥ Syllabus Topic : The RSA Algorithm............... sith stkenk ables joeositantt hssasipsvsnstteoddevee er
43 RSA Algorithm : Working, Key Length, Security (May 17) Sh. Ssaneheded Bessdhssoactge
ete woes Te
4.3.1 Computational Aspects ..........ssssesessecssese seesenenedueosssaduencoabisoceetasssdemapeesestesesapantetsemeae a

4.3,1(A) Exponentiation in Modular Arithmetic...ss.ccccscscsesssesssssessaeesssee . 41 |

Publ Key... nininmmnnnnnnennacimaandl
using theion
43.(B) Bfcient Operat

Scanned by CamScanner
 P| crypt. & Sys. Security (MU-Sem. 6-Comp) Table of Contents

4.3.1(C) Efficient Operation using the Private Key v.sscsssssecscsssssssescssscccsseccosscs

ssuscssecsssvecssvensee 4°9
4.3.1(D) Key Generation (May 16)............ (iSite
4-10
4.3,1(E) The Security of RSA... ssssssesstasdsavassseesstussaetisssscssssseasesssssssseessessecseaseene 4¢1 1
4.3.2 Solved Examples on RSA AIQOrith ....cscsessssesscsrssssess All
¥ Syllabus Topic : The Knapsack Algorithm
....cccccsssseeec.
4-25
44 Knapsack Algorithm.......... isan savas ssShiosbasiinactns
4-25
4.4.1 Problem Statement............. seeevecusssavs svosssssstessasssssssacsonsuscssssssesaszecseressesseceresseesseveseee
4220
4.4.2 Dynamic-Programming AgppROW CA sssscccicietamen
asilbvarruausnssiaoaacrcacear HN
BAD AMNYSEY iis mmerniriaiincnnlemnasapanniisnasiiting’
4-27
“Syllabus Topic : EIGamal Algotithth ..sussssrninmmannitusieeeerecc,
4-27
4.5 ElGamal Algorithm... ennisnnenensnninnshiniminninisin soeeoseeseeseccc.,
svvsnee 4-27
4.5.1 Generation of ElGamal Key Pair essssscsecssessessssssssrsssstssnssssccsesaesiranssesissassesesessees
4-28
49.2 Encryption and Decryption senssninisnnnncinnsniniiseressescc,
4-29
45:3 EiGamal Encryption swsennenusteasinirisitiismenaniaiasien
ceseoseoesnece 4-29
45.4 — HGamal Decryption ....mrsnnssssenmnssenrstininsishitterrieoesocsecoc
4-29
a
4-30
e Chapter Ends ........
seremiciesmeintat

Syllabus : Key management techniques : using symmet

ric and asymmetric al gorithms and trusted
third party. Diffie
Hellman Key exchange algorithm.

5.1 Key Distribution and Management..... sroveassnsnacsecacaceesnssuususs

ssasesetsrssssunsasansansassenscescose ‘aie ana 5-1
E 3.1.1 Management es svsconunuensessnsscseaneseonsnvocasssusseesssasseserstsunusseessesssssev
eeetetsrsnsisserersessnecsenen 5-1
| ¥ — Syllabus Topic: Key Management Techniques-
“ee symmetric and Asymmetric
Algorithms and Trusted Third ANY Sot cceceansitiemond tascam
Demers ER
5.1.2 Symmetric Key Distribution using Symmetric and Asymmetric Encryp
tions ....,... 5-2
9.1.2(A) Symmetric Key Distribution using Symmetric Encryption .....ssssssssssssenssessssnnene 52
5.1.2(B) Distribution of Symmetric Key (Secret Key) using Repinnatsic Encryption
. asastuanes 5-8
5.1.3 Distribution of Public KeyS .esseccsessescesssseseeueseseessessese esau cavncoensceaus sdawasesinaviceatiias 5-10 .
5.1.4» Key Generation, Distribution, Storage and Usage seveesnonnonennnsnnangnvnnnnanenntes vue 13
S.L4(A) Key Generation ....cussssscsssecsssssesses a a Beavis 5-13
5.1.4(B) Key Distribution .......sssee cso iseaicatiatiaa SER NER eres 5-13

Scanned by CamScanner
 SANE): “Key Stonsge sc ssciassasnsnivinieinayoemannnonee
|
5.1.4(D) Key Usage wiasccscssassnsasssaspissnssjccesiusezosssanonssseveviso
tnnasannvannenonstsonsessiessstboesesiis “reson Sg
SAA(E) Key Validation ...ussssnnnnnnnnnnnnnunnnennse
S-LAC
orm
F) Key Updation..essssssssustsssssesnssssnnasssvasvensssessessaeesucense
esieseeonstenesiniey 5p
5.1.5 Importance of Koy Mamagermeent sssssssssssnsvssssvstesassssnssvsscvasetseeseresa
neecanonanemssonessiaie
Y — Syllabus Topic : Diffie Hellman
Key Exchange Algorithm 7 saianmnnnvannnnnnennSl
3.2 Diffie Hellman Key Exchange (Dec. 15, May 17) ...uscc
ccssssssseeessn
© Chapter Ends o.oo... cscs.

Syllabus : Cryptographic hash func

tions, Properties of secure hash
function, MD5, SHA-1, MAC, HMA
C, cMac. |
6.1 Hash Functions....0...-cccsssse.
ee en,
Y — Syllabus Topic : Cryptogra
phic Hash PUNCHIONS W....sesccssccc
ccsscsssesesess See
| wees OL
6.1.1 Cryptographic Hash FUMCTIONS ....sssses
csesteseecnecteeess
wate,

6.1.2 ssveens OOF

Applications of Cryptographic
Hash “erereetuezennecnnsnentansavasasssasvesensues
seneesatntsonsiicstsssssen Oo
6.2 Simple Hash Functions enconiacen
eeauiei
Y — Syllabus Topic : Proper
ties of Secure Hash Function
..........csssss.,
6.2.1 Properties of Hash Function CN
) ecnssscitesesssssccsee sicennstiitiass
6.2.2 Characteristics of Sim ple Hash Function daavnaneanuu
vgists
6.2.3 Simple Hash Function Requireme
nt and Security (Dec. UB inthe
tseanagaboss
6.2.4 Hash Functions Based on Cip
her Block CHAIN woo... csccc
ececsccssseceeecs
vw Syllabus Topic ! MDS..cecc
cccsssscss..
63 MDS Message Digest Algoritht
ccs... coauteey
Y — Syllabus Topic : SHA-
Loeccssssose.
6.4 Secure Hash Algorithm (SHA)
(May 17, May 18)...
6.4.1

6.4.2. Applications of Cryptographic Hash Functions eerntv

deecatveseesetastsseiafbeeaschascega
esisd} OI

\
|
Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 7 Table of Contents

¥ Syllabus Topic ? MAC......sssssssssssssessssessenssecssssesenststssisyssssssessscccccccsesecccccessssseceessesssesananarensaranmners 6°18

6.5 Message Authentication Codes (May 18) ........sscssscssssssssssseseecseeccecccccccccccccceccesecesssussssssearsneers
6-18
6.5.1 Significance of MAC... eecssecceseses, (HONIG OE EE ee La ee Cees aces coed pennnenaenDesanessnsonee® we 6-19
6.5.2 Message Authentication Code based'on DES Comhaniininnmmaannnnnnnmns OUP

6.5.3 Matheniatical Equation.......0. 81S at adeanee ees 6-20

¥ Syllabus Topic : HMAC w.asesssssssnsessrssesssssststnsssctesescanessanesiivsotasesssssessscecssseesussseasesss
sesece 6-20
6.5.4 HMAC (Hash based Message Authentication COE)
...sseecsssessaressresssesssersseresneesseees O20
6.5.4(A) Complete HMAC Operation...
COC rrr errr

6.5.5
Difference between Message Digest and Message Authentication Code .......s00- 6-22
Y — Syllabus Topic : CMAC seseseasesssscessessntsncesasenecsessesesssensseessesseresscesssacssasesasssesessessesnsessansarsavaneze
serss 0°23
6.6 CMAC (Cipher Based Message Authentication Code) setsseeatiantnsesssnévstesicssiscacsisiviswcents ODS
6.6.1 The CMAC Tag Generation Process Dpaeeturnp diene conrad nseciaererneneteee 6-24
6.6.2 The Verification PLOCESS.essessosssssssnssetssssstssestnsstassssssusssosescessesssetsseesuseease 6-24

e Chapter Ends

Chapter
7 : Digital
seannrenenrotatecsats

Syllabus : Digital Certificate : X.509, PKI.

¢ — Syllabus Topic : Digital Certificate X.509 ..s.s.cssssessccesssssesee nseansvn visionhves

sesanati 7-1
"1 X.509 Authentication Service/ Digital Certificate (Dec. 15, Dec. 17) ..ccccccccscccssscsssssssossssssssece 71
7.1.1 Importance Of Digital Certificate.....s..scsssssessceesssessssssssecssersssscnsiscseessetssssscssevensesesees 7-3
“Syllabus Topic : EID wereeesnconcansusnsnsa sos snenstasiussscinstsscta bsteben isc Slice wed siaea as Salient aya ag MA
2 Public Key Infrastructure (PKD) .esscsscssnssnssntssteseseseneossee stile ccasersesasverencenecet 1-4
7.2.1 Components of PKT.......... sap ecnccens scsbivenevesvineavsve’ lic ansscootaonunsvioccsetisshca 7-5
7.2.1(A) Certification Authority (CA) ws.ssecsssssssssssssssssssssecssssssssssesssessssnssssasssssssersesasssnsssesees 15
7.2.1(B) Registration Authority (RA) sccssssssssvssusatusseittesese srmeesaiaeicapiesen 7-5
PRG) PRU NR R st cesccscsssccs eran itanresale le vners aden esslscnniiaas incest insmare TG
7.2.1(D) Public Key Certificate/ Digital Certificate .........es+» aiaisinnsieti RG 7-6
7.2.1(E) Certificate Distribution System (CDS) Repository ......:.::cssssssseesesnsseeseeneaes 198
7.2.2 PKI Applications / Services ...-.:iscsc:sesesssocssscecseocseeecenstivorataconesanseisiensectine Sees Sheneenes 7-7

0 Chapter BMGs os, deseccsssifecntnsnssipbanseeesssasnitrsnssinsannrepnsegerensorsenysvasnesnsasanearsnonsensaensssvnstanrghiDaatnnnesnayses

Scanned by CamScanner
 a

Ghupier 62 Authentication P rotocols svartaal authentication schemes,

Authe! ntication, One-way we
entication and Entity rotocol.
Syllabus : User Auth Authentication p eeceeeenemeneeroren
seannneneee®peee
protocol, Kerberos
Schroeder Authentication
r Authentication...
Y Syllabus Topic : Use
.....--ssrrnnsrn"
8.1 User Authentication
on
8.1.1 Means of User Authenticati 10.
{ ¥ Syllabus Topic : Entity Authentication wm" 10.
ersunenennereene nett
| ‘ 8.2 Entity Authentication senaeeesusssesnanece 49
-
8.2.1 Physical and Legal Identities ......
nteess
j | 8.3 Authentication Protocol ....s:ssssssssssssssenee eersetsnsensets® 10
tication Protocol Peseresssesssssenrerescn
8.3.1 Why there is a Need of Mutual Authen Y Syllab
sssssssssessennnnnnsss cece
Authentication Protocol ..-sssssssss
; Y Syllabus Topic : Needham Schroeder
ssessessssessessneneneneneesnsnsnes ntteeeE 10.2 Pa
{fi 8.3.2 Needham - Schroeder Protocol ..ssssssssssesvossss °
eeecescncnsceest gO
:
Y Syilal
em
Syllabus Topic : Kerberos Authentication Protocol...
i

|i "
...+-+sssssssssssersercensee rsnseersareasnensnnteresees 4 103 i
8.4 Kerberos Authentication Protocol (Miay 16, May 18) ....
Difference between Kerberos Version 4 and Version 5 ..ss esssessssessesseesescnsensesteensens ! .
8.4.1
seec snsnaneeneents s
© Chapter EMds .....cccssscssseesssnsescsnesens 1

ee | ¥ Sylle
|
| Syllabus Digital Signature Schemes - RSA, ElGamal and Schnorr signature schemes. | 10.4 )
| f

9.1 aailegeenenensennecnn seve

ital Signature (May 16, Dec. 16) ..........» sacar noses Lostasseasedsve
Diga Sed i
ia 63 ves
| | Digital Signature Goals.......cs.sscssssssssss essssssssecessessavsssvsenecsssesseeaven sada Naan enim 9-2, v Syl
hemesER.... sr..es ssssng t sssspen
sssssses
sssspo sseesee
veseeey 10.5
93 Sus
Syllab eTopic : Digital SigE naturePEScRE re..:. rc egerisa
seezecnseose
2 igital Signature Algorithms/ Schemes (May 16, Dec. 16) ...:ccsscssecdiesooisjacsslasscssattessesseever v
10
Syll
Syllabus Topic : RSA Signature Scheme..... Wousssiiaauiisideatoadesivadntedasvi
sudsbbii davUbabeCcEee 6

9.3.1 RSA Signature Scheme.........sssssecesoee 5

eresoree eoccc...
eeeoeeI ... y a a ee .
YI Syllabus Topic : ElGamal Signat ure Sc he M€-eE S A Ww
ig L AAPA PASSA ALE AA AAA
sy
EEE
93.2 ge
ElGamal Scheme ves... nnn es nc ese neater onset
;
otboeroee arersgt cro - .
cae cee
3 10.7
¥ Syllabus Topic : Schnorr Signature Schemes
ted UEee ae ee and
fo ge le ae
9.3.3 Schnorr Digital Significance ScheMe .errocseecsscosose.. 9
i ciocnancuceccc bE “<_ we } : *
CNN £ ©
7 ee
‘
,

Scanned by CamScanner
 p) 9 , T able of Contents =
ie Crypt. & Sys. Security (MU-Sem, 6-Com
1

Module 5
a ee
Chap
10 te
: Netwr
ork Security Basics PA te stiiaaatiiaabii
y' labus : Network security basics ; TCP/IP vulnerabilities (Layer wise), Packet Sniffing, ARP fing,
po port
Syl
spoofing,
scanning, IP spoofing, TCP syn flood, DNS Spoofing.
Y , Syllabus Topic : TCP/IP Vulnerabilitics (Layer Wise) sscssessccsssseseccesccsscoscssscossssesseesuenersssarereeeeees 10-1

10.1 TCP/IP Vulnerabilities (Layer Wise)

salt
10.1.1 Application LACT vessesseessessesseeues ... 10-1
10.1.2 Transport Layer .ocsssesssesscoscesseses
.. 10-3
10.1.3 Network LAV er Sv sisusccsssasssineceissiestic:
-+ 10-4
10.1.4 Data Link Layerii...sesescsssesccsssscssssses
«10-7
10.1.5 Physical Layer ..csssssssssssstertievitsseeeses .. 10-8
Y Syllabus Topic : Packet Smiffing o...eseetesesccscccnescecesseens
10-9
10.2 Packet Smiffing.........secescsscssscseerssimutsssesssseescsessss,
severe 10-9
v Syllabus Topic : ARP SPOOFING... cessecessesssseseees
ww. 10-9
10.3 ARP Spoofing woesescsscsssscessssssssssecsosses
10.3.1 What
Is ARP SPOON Deernnntessvstiatenesntnibereoubitsshiofediacs
severe LO-9
10.3.2 ARP Spoofing Attacks... cscsseeesees
10-9
Y — Syllabus Topic :-Port Scanning..........
10.4 Port Scanning..........,
10.4.1 Types of Port Scans...... enenbnentaalaceestedae
ud empwet
taanec
tscase
sccass
lticia
stesss
sésccs
asanse
mnmetes 10610
Y Syllabus Topic : IP SPOOHNG
eonciastcnait iS
10.5 IP Spoofing (Dec, 15) i
an
¥ Syllabus Topic : TCP SY 10-11
N Flood ne REE ae ann
lt on eweacbuembdshiSikias
10.6 TCP SYN FIO 10-11
eee sscccscsseschessecs
10.6.1 Attack Description...
*Proneresvennnernvsntsqaistssnsssgar
ssncesonceseesstivsieserses
vi Syllabus Topic : DNS Spoofing .. 10-12
Ses
10.7 DNS Spoofing....,
eessseenseasvessaiseessuessess
10.7.1 Medusislfo
t r kicsbtig a DNS
onal
spose Atta
j ck rE 5S daye remand soe
* Chapter Ends.... tssesens 10613
Seer aE aistenaeeent
asereennsen,
VO Sine
’

Scanned by CamScanner
 ts
Table of Conten
go
j2.1-1
12.1.

Dental of Serv
ice y syllabes
Chapter 11: 1 Ip S¢
12.2
ial of Servic o
syllabus = Den 6 Ag
of Service. Defense: i
Distributed Denial Classt a
Denial of serv! ice - amine oo
¥ Syllabus Topic: -“eu
s Attacks ves
esseete** Sil May 17, Dec: |)
12

1. DOS and DpbO Dec- 16,

s (Dee. 15, Syllabu
cnai|ianvnsteeetnt“117-3
111.1 DOS Attack | y

-inacameoivsnnveni
of Att ee += ‘*Faire
11.1.1(4) Classification 17) a 123
Attacks (May ae 12
11.1.10B) Types of DOS 2
Source Addres s
Spoofing ccemansseeneenannnsennseqssmers Tc
%
¥ Syllabus Topic :
fing. renner
11.2 source Address Spoo io
}
cuaeaneneenseeennnee?
nnacacancnonsnsansemmee eee’
aqeramssnssegeeest sda
suceneansennscnans
enaeannnessee®
vananeeasensnansce
nsnensanene® eesn 7
ad
ET :
trnnst ennnnancenrnsine sylla
SYN F008 sevsssee , ll
v

HA
4

yf
=

ecnnstso
2ST

lacsabcpsoensnnnocacnernslnnrn
aes
nnmre
y teeessuan
aneoen
snsonciom

P FG
e ess psttosonontetsennnaeTou eae
: UD
iap

ic
aamamelas

Y Syllab us Top _ ccttsusue

ehne mnsn
ntel

I! _cai sins
emrame

nnen sean et
cas

i Fe

UDP F100 csessesresnesste esee nvan nera nsou

ff 11.5. n wasnodanseonmmannanesaneteresenes®
nnentantt s renee
dibanente
s sste
11-9 ¥ Vv
ServicBe e vuessssssssssmesesen
tic gnrr
Y tributed Deniali of
Syllabus Topic : Disistri
ihi;,
ceocecanseaeascenenssaqeensennennscgnsnencecgcnannapesonoqnenmmssseteneyengeeeest
| 116 Distributed Denial of Service Attacks
ert
| i 11.6.1 Distributed Denial of Service Attacks ..s.esesneensessssseenennsersertn
scceonsnnononnnestsobinstnntanoninn
Pil 11.6.2 Characteristics of Distributed Denial of Service ‘ARUIORE
11.6.3 Methods of Denial of Service Attacks ..ccssseeseesersscee
Attack .cscsecssscsssesessesesessesenssesnssonsneneseress LA
Y — Syllabus Topic : Defenses against Denial of Service
sg 10477008s
assaaganninsnansssanananenssense . &
11.7 Defenses against Attacks .....ssssssssssssssssesserecsecssnannnscernsenannerencen
lhuisHivsineieiunneneencnce v Syl
@ Chapter Ends ......ccscccccsssesssenaseseesseee
12.5

Cha Intet
12: p rity F
Secur
met e tocols
pots. i; ;
i | Syllabus : Intemet Security Protocols : SSL, IPSEC, Secure, Email : PGP, Firewalls, IDS and types, Honey

_¥ Syllabus Topic : Internet Security Protocols - SSL, IPSEC ...mnennnnesnnsennnnnnn 12-1 v S)

12.6
Oe

" 12.1 Secure Socket Layer (SSL) (Dec. 15, Dec: 17) sii Se RE 12-1

12.1.1 Working Of SSLssesisisssssleuissssessnssnereincneeee Mieco

12.1.1(A) Handshake Protocol (May 16) ..rnvsssmenne M4

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 44 Table of Contents
12.1.1(B) Alert Protocol *ersssersenenastonttetoiesernenssouseeyitildinsens
nnaayruesevusioaveni ovovorusuacedeniaarsanscenon DOT
12.1.1(C) Record Protocol
¥ — Syllabus Topic : IPSEC ernsrasensesres
cccoonnrronnesenscstsasssesanrssesiusisesantintdte rsensssemeaseresssanonevenanenarsese DOLL
12.2 IP Security Protocols (May 16)
12.2.1 Authentication Header
12.2.2
Encapsulating Security Pay
load ij AUN RSET Ey sane cat onatt
HE ATMS RESEW os vees oane 12-14
12.2.3. Security Association Databa
se (Dec. 17)
¥ — Syllabus Topic : Firewa
lls
12.3. Firewall Introduction (May
16, Dec. LY sean
casme re incest
12.3.1 Firewall Characteristics......
........ UBiarvennen
12.3.2 Limitations of Firewalls.........
...sece. Weseeessssseaseesscsernsaeasscartiss
sssssesiessesacesseneesce,,,
12.3.3. Firewall Architecture and Types
(Dee, 16, May VY) ccccsscssesssesssccc
slstsnensamneesavanesact 209
12.3.4 Firewall Configurations ........c
usssssssnsssssusssesssecs eveeeeseanesecerssta
12.4 nsseess
Introduction to Intrusion Detection...
..seccssrssscsesesesesececess i
12.4.1 Intrusion Detection .....cccccssecssccssessss
sescececnseseseee oe a sonares
v Syllabus Topic : IDS and TO sce S
iscissieserevccaye:
12.4.2 Intrusion Detection System : Need,
Methods, Types of IDS (May 16).......
........ 12-29
12.4.3 Intrusion Detection Methods/ Techmiqu
es......sccccccssses....
12.4.3(A) Signature Based Detect
ion set eseenenessssensessecssatacnsessevsatesss
asese
12.4.3(B) Anomaly Based Detection .svsesusosereneooo
e..
12.4.3(C) Stateful Protocol Anal
Si .......:ssssceseecesesess
12.4.4 Types of TODS isssssp5:sesibsptdnermnnmeconnessencentoar ines stesernsea
neesnsasasssssesusetersserarscatstasenes
~ 12.4.4(A) Network based IDS (NI
DS) ESCH Eennnnanesh SCIAN ALES StS sts ath Anenn
e macnasenceicecinncsciasnis TOCA
12.4.4(B) Host Based IDS (HIDS) Se ee
¥ — Syllabus Topic : Secure Email - PGP
vsnmnnnenenninnnsinuians
inninnanmen 12-39
12.5 Electronic Mail Security : Pretty Goo
d Privacy (May 16)
12.5.1 Working of Pretty Good Privacy (Dec. BS)
viscid NA isiesiiciteasepserensnnecsrmrveancses 12-41
12.5.2 Backdoors and Key Escrow in PGP a. ee eT
¥ Syllabus Topic :Honey POLS sseeeeeesneenest
nnenssneeneneueeseanseat ntcneneertestntntstinaiessooee 12-47
12.6 HONCYPOts-wesemscrnmennetnntnsnnttie
ntnininnentetet suai tmmnentnisistinseeeee., 12-47
* Chapter Ends Be rmoeereeaenneca ah tirereane ennui en Me nan AAR

Scanned by CamScanner
 *
re Vulnerabilities
Syllabus : Softwa a
Log ic Bom b.
Viruses, Worms, eeen ns
ty -seeecenee
13.1 Program Securi
«++. crvcerssrroerern eeee
13.1.1 Secure Programs (Dec. 15) es
Program — te syllabus
13.1.2 Non-malicious sveseseeecer
eereen
: Ma lw ar e - Lo gi c Bomb, Bots security
Y Syllabus Topic
.veserer
13.1.3 Malicious Software we 13-6
Network
esreeree
uses and Worms wessse mono-alf
/ Syllabus Topic : Vir vee LB-T
13.1.4 Virus and Worms (Dec.
15, Dec. 1 cipher, F
Us vsereesssesssseterereere dedi seeeee 13-8 stegano¢
13.L.4(A) Types Of ViT
o..sssseeetreee ee
13.1.4(B) Types of Computer WOT ts
Virus ard Worm evveersercesteerereneer" yee 13-10
13.1.4(C) Difference between
¥ Syllabus Topic : Malware - Trojans, Rootkits...--s-sssce
enererrree* wee 13-10 4.1 Intr
ee
13.1.5 Targeted Malicious Code... vc TAL:
auannnsecessistinssegeeaageneeeeeeeeet
13.1.6 Controls against Program Threats ccsunusenagenanssenqu ... 13-13 In toda
.enssscesersrenseeeeenes
¥ Syllabus Topic : Software Vulnerability - Buffer Overflow on infc
neny ... 13-13
13.2 Buffer Overflow (Dec. 15)...-......csssssessseeseererssescenennnaneesen
13-15 Sensiti
t String.....sssssssssssssseseestennnnenssceetiarenteerents
VY — Syllabus Topic : Software Vulnerability - Forma
Attacks ........ssssssssssssessnsssssesssnessneessnsssnd ees eese
ee eeegegeneens
enscauacaneonscansnnsnng Tee ae .. 13-15 The th
13.3 Format String
svunsverttcseeinsctvonasad ai sesvevanee . 13-18
‘Syllabus Topic : Cross Site Sicripstiza gy esescossesesestscseateredniasnconee is a ne
13.4 Cross Site Scripting (Dec. 16, Det. 17) ...scesscssecsescssosesessessesnseneeteteneentenanquennaventeey ++ 13-18 interne
13.4.1 Stored and Reflected XSS Attacks ........0++ 13-19 The I
13.4.2. Stored XSS Attacks..... prencerecseeseneates LOSE i
When
ISAS wonetee
‘Reflested' MSS: AMaGKS sscsswsssvcaiscincsccreculcsscessnelayerasdtovusniervestiavaanssicssieetenvanetensve LO onad
13.4.4 Other Types of KSS Volnerabilities <...<.:iessessvisessssisersesseast atinescrseitsntasasctunesetueee ... 1341
13.4.5 XSS Attack Consequences enreneangmagneansenemt
Amor
tase sseestias ony narantguedd acenunssal ea stravtioaseadtnes ws 13-20
¥ Syllabus Topic : SQL Injection ...cssssessessssssessssee of all
sesoeeeee LOU
13.5 SQL Injection (Dec. 17) .ecscssccssssssesesssssn severe 13-20
don’
° Chapter EMd .ccccscsessessov and ¢
sree Ore
On |
e Lab Manual write wenicd cuuisantnes wansvisbuesaanay scuraitsbasis aseeeceneeeonssensceaetoases wseeeeeLel to L-66 ‘ trans
Qo0 man

Scanned by CamScanner
 Module 1

Introduction to Cryptogra
phy

Syllabus
Security Goals, Services,
Mechanisms and attacks, The OSI security
Network Security model, Class architecture,
ical Encryption techniques, Symmetric ciphe
mono-alphabetic and poly ~alphabetic subst r model,
itution techniques : Vigenere cipher, playfair
cipher, Hill cipher, transp osition techniqu
es : keyed and keyless transposition ciphe
steganography. rs,

1.1 Introduction

- In today’s high technology world, organizations are

becoming more and more dependent
on information systems. Computer data often travel
from one computer to another.
Sensitive and confidential information must be protected,
— The threat to information security from criminals and terror
ist are increasing. Hence, there
is a need to protect the information that is being exchanged
between individuals through
internet.
- The Internet is ever growing and we are truly pebbles in a vast
ocean of information.
When it comes to the Internet there are millions and millions of users
logging on and off
on a daily basis, ae
- Among those millions upon millions look at where we are. The fact is that about 30 - 40%
of all users are aware of the things happening on their computers. The other simply either
don’t care or don’t have the proper knowledge to recognize if their system is under attack
and or being used by unauthorized users.
- On the Internet nothing is quite what it appears to be, because information is just
transferred from one computer to another in a heartbeat. The uninformed will get hurt in
many ways.

Scanned by CamScanner
 Introduction to Cryptograp te
-Sem. g-Comp) 1-2
.
t & Sys. Security (M
U
eas _
ey Crypt. & Sys.
ilove syllabus TOPIC scurity Goals __
—~> 2. Integrit

- Principle of
4.2 Security Goal > (MU
- Dec. 15 reaches to ai

- In this case
(el 600.12) 1.2)
Pie

" @. 1.2.1. Fave

Define the goals of security. Ref. sec. which is being
through autl
In formation
is to protect data or as sent by
i. | — | Main goal of information security lity of the data.
eve the conf iden tial ity, int egr ity and availabi intersection
transmitted and achi
security |
i! :
— ‘The two imy
Following are the main goal of information
. . .
.
7

°o Datain
Goals of information
security o System
and free
1. Confidentiality

> 3. Availa
2. Integrity
— Principle of
3. Availability
the time as
4. Data Authentication : available to
software an
Fig. 1.2.1 : Goal of information security
For example
| -> 1. Confidentiality
— Informatio:
, Confidentially is most common aspect of information security. Confidentially
is defined on email a
J as the contents of a message are accessed only by intended person
. Aim of confidentially time as on
is that only sender and his intended receiver shoul
d be able to access the contents of a authorized
message.’ : "i j — Thereiso
For example
attack.
In military application information
from one hi — These thi
authority. During this transmission
objectives

contents of message which cau

ses loss of Message confidential
ly
The attack threatening the confidentiality is
traffic analysis
Because of interception occurred between
ender of rece;
confidentially. co » Sender is losing mest

Scanned by CamScanner
 Integrity
Introduction 4
lo Crypto
t graphy
a PrincNncip
ip!le
- of integrity st
1 ates that co; ‘
Teaches to authorize person
Ntents of message should not be modified until it

a4

‘The two import

ant concepts :
° Data integrity
: Assures information is
changed only in au
Oo System integrity :
ei

thorized manner.
Assures that the s
ystem performs its
and free from unauthorized intended function Pro
manipulati on. perly
; > 3. Availability

i software and hardware components,

For example

— Information stored in bank, stud

ent’s information stored in Universi
i ties information stored
on email accounts . All these information need to be avail
able to all authorized users at any
time as on when required. Imagine the situation
if all above inform: ation is not available to
authorized users,
There is only one attack which threatening principle of availab
ility called denial of service
attack,
i These three concepts are termed as CIA triad and represent fundamental security
objectives for data and information services as shown in Fig. 1.2.2.

Availability

Fig. 1.2.2 : CIA triad

Scanned by CamScanner
 Comp)
er Crypt. & Sys. Security (
tion — X.800 defin
+ a. Date Antiee z applications in networks.
__ Data authentication is important in many iver to angele whether that data really was sent”
| .
_ Data authentication allows the user oF receiver Ut

‘| — by
In the
the actual
two -sender
party or communication
n0t this; mechhanism is achieved through symmetric:

‘ah cryptography. ‘cation Coda

age Authentication Code"
_ The sender and receiver share a secret key to calculate a Mess :
('t (MAC) of all communication data. : . . ' =

\ _ Receiver knows that the data is send by exact or actual sender, if and only it mes
i | arrives with a correct MAC. — 9
il _ Data origin authentication is a property that a data has not been modified when it will

\ " transmit, this means data integrity.

| + 1. Authent
als :
ie! Sign and verify Vj] ‘
Application data} pot is assuran
Client application f i : Server application . Authenticati
j me ee 5 _. password or
} ; ig. 1.2.3: Data Authentication during trans

“i Syllabus Topic : Services It can be fur

i : (i) Peer e
Hii
i 13 Security Service
networ .

messaf
itl ia; (ii) Data ¢
: ie a one can be achieved, (Ref. 9) receive

0.1.3.2" Write short note on security service, (Ref. sec, 1.3 PAs
- X.800 is a Serviceservi provided by a protocol: layer of communicating
“ennesitansd open 4 "a
systems, to ensure ne
the enough security of the system/ organization or of the data transfer ay requested.
_ ‘ service
; as a communication
oy
REC 2828 defines Security service provided by a system to ; Or privile g

give protection to the system resources. : Authoriza

! the user a
‘ for access
iota

i
Bee

Scanned by CamScanner
 ey Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-5 Introduction to Cryptography
Seas
——S

— X.800 defines security services into following categ

ories :
Categories of security services

1. Authentication

2. Authorization

3. Access Control

4. Non-Repudiation

5. Auditing
6. Data integrity

7. Data 2 Confidntiay |

Fig. 1.3.1 : Categories of security services

Authentication
v

—_
.
ETT

It is assurance of parties that they are authentic user in the communication network.
TT

Authentication helps to identify the claimed identity of an entity, such as username

password or any other important information such as-encryption or decryption Keys stolen
TT

during transmission between sender and receiver.

It can be further classified as follows :

.

(i) Peer entity authentication: It checks that the entities connected in communication
network are authentic and do not perform any ees like masquerade and replay of
messages in network,
(ii) Data origin authentication ; It checks that the data is authentic without any changes
received by the receiver.

> 2. Authorization } :

Authorization service helps for checking whether the entity has the right to perform action
requested. Authorization means providing authority or permission of accessing the system
or privilege of accessing data, directories, files etc of the system.
Authorization is one of the most important security aspects. It provides identification of
the user as authorized user. It is a kind of permission given by the network administrator
for accessing the network.

Scanned by CamScanner
 i n t r o ductotCrioypntogry
6 —— AP crypt.
comp) _ =——
ee Crypt. & Sys. Security (MU-Sem :
4 ‘_ There
i and ne!
a “e helps |
For example ATM pin while withdrawing money bj
Password used for sever login,ing” emploIy! ee identification. oyeeonee
An auth
any empl oo usera
are valid => 6. : D
5 : office for check
machine used in an ATM card user and company To as
helps whether server administrator,
modificati
not.

Access Control J
stems. It prevey (i) Conn
-> 3. ‘7 vonne
tient : sae
ite
s Contr ol is the abilit y to limit and control the access to
Acces
ul ni scented use of a resource. The service used to preve nt unanthoriZ itions access can i CK attemr
can access to resources, under what condition
complete control over who . (ii) Check
(ii)
and what are different accessing methodology. commi
oe
For example
s fin Select
is to be made available only to legitimate
It controls the access of resources which vor d
Secondly it looks to the conditions of accessing the resource or network and what 1s allowed
;
be done to the resources. inserte
yc
=> 4. Non-Repudiation
, (iv) Conne
.
rmat ion and later on nll $e
Principle of non-repudiation states that if sender sends some info
,
denied that he never sends that information called non-repudiation.
(v) Select
(i) Non-repudiation, Origin : Proof that the message was sent by the specified party. singic

(ii) Non-repudiation, Destination : Proof that the message was received by the speci i netwo:
party.
7. D
For example
It is protec
Ramesh sends a request to bank about money transfer into Suresh account but later¢
(i Conn
Ramesh Denying the money transfer request to bank. Principle of non-repudiati‘does
on i
allow such type of refuses of sender. Non-repudiation prevents either sender or receiver fi0% protec
denying a transmitted message. a (ii) Conn
-> 5. Auditing (iii) Selec
- Auditing services helps to trace which user accessed what ? when ? and which way a | i.

~ In general auditing does not provide protection but cant be

the tool for analysis
ci "4 é.ata
problems.

Scanned by CamScanner
 = TT

- There are different security mechanism are used to provide security services and also
helps to prevent all types of attacks,

=> 6. Data Integrity

To assure that the message received js 4s sent with no duplications, insertions or

modifications, delays or replays. The destructions of messages have also been recovered.
(i) Connection integrity with recovery: : It provides integrity of the user data on a
connection and detects modifications, insertions, deletions or replay if any with a recovery
attempted.

(ii) Checks Connection integrity without recovery : It checks the integrity of the data in
communication network and detects various attacks like modification, deletion replay of
messages in network but without any recovery of same.
_ (iii) Selective-Field Connection recovery : It
provides integrity of selected fields within a

| user data or a data block to determine whether any of the selected fields are modified,
inserted, deleted or replayed. . .
7 (iv) Connectionless integrity : It determines and checks the modification of single data block
and for preserving its integrity in connectionless network.

. (v) Selective-Field Connectionless recovery : It determines and checks the modification of

: single data block of selected fields and for preserving its integrity in connectionless
network.

> 7. Data Confidentiality

_ Itis protection of data to be accessed by unauthorized user.
B (i) Connection confidentiality-: In case of a TCP connection set up between two systems, to
protect user data that is transmitted over the connection.
; (ii) Connectionless confidentiality : To protect data in a single data block.

(iii) Selective-Field confidentiality.: To protect selective fields with a user data or a

connection or a single data block.
; (iv) Traffic flow confidentiality : To protect data that might be derived from observing the
data flow. . |

Scanned by CamScanner
 4.4 Security Mechanisms

Q. 1.4.1 Specify mechanisms to achieve each goal. (Ref. sec. AA).

Q. 1.4.2 — List with examples the different mechanisms to achieve security.
(Ref. sec. 1.4) a ede
Q.1.4.3 Whatare eight security rhechan métot impler
As discussed earlier ITU-T Recommendation X.800, Security Architecture for Qs
defines systematic way to Defining the requirements for security. Characterizing {t
approaches to satisfying those requirements.
Following are the eight different security mechanisms.

1.4.1 Specific Security Mechanism / Attack Prevention

These mechanisms are incorporated into the appropriate protocol layer in order to provid
some OSI security service. It is the security mechanism implemented to prevent
agai
various types of attack before they can actually reach and affect the target systems.
1. Encipherment

To use mathematical algorithms to transform data into a form that is not, easil
understandable. The transformation and subsequent recovery depen
ds on the algori
and the number of keys used.
2. Digital Signature

The data is appended to, or a cryptographic transformati

on of, a data unit that allows
receiver of the message to prove the source and integrity
of data unit against forgery.
' 3. Access Control

Various mechanisms used to enforce access rights to the resou

rces or it isthe proces#
limiting the access to the resources of the Informat
ion System. Firewall is the b
example of limiting the access control.

4. Data integrity
Way
n

Various mechanisms used to assure the integrity of the data. Content should not moll
before it reaches to intended person.
:

Scanned by CamScanner
 eos
def Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-9 Introduction to Cryptography
eee

5, Authentication Exchange

The mechanism used to ensure the identity of the entity by information exchange.
6. Traffic Padding

To insert bits into gaps in the data stream to frustrate traffic analysis attempt.
7. Routing Control .
To allow some selected routes in network for routing or can change the
route if any attack
is detected in the network.

1.4.2 Pervasive Security Mechanisms / Attack Detection

These mechanisms are not specific to any of the OSI security service
or protocol layer.
This technique also called attack detection which is implemented to prevent
, if attacker bypass
_ the installed security measures to access the desired target/information,
Attack detection
| technique notifies such incidents happens and takes the responsibility to report
someone that
i something went wrong somewhere in the system. Such type of
mechanisms used to inform the
administrator or authorized user that something went wrong in the system now its job of
| administrator oro authorized user to take action against Geteciend attack,

1. Event detection

Detection of security related events. Intrusion Detection technique is the

best example of
event detection. -

2. Security audit trail

Data collected and used to facilitate security audit.

3. Security recovery

It deals with the recovery action and management Fini

for data that is lost or
disrupted in the network during communication.

1.4.3 Attack Avoidance

In these techniques data is sent Over an insecure channel such as Internet in encrypt
ed
‘ormat and decrypted at receiver side using keys under assumptions that attacker may have
iccess to the transmitted data.

— — — Scanned by CamScanner
 —

(eP Crypt. & Sys. Security (MU-Sem. ntroducti

Sector to Crypta Ora d
6-Comp) 1-10

The encryption and decryption is per

oo
—
formed on sending data by using Well
cryptographic mechanisms such as : ky a

— Private Key Cryptography. t

— Public Key Cryptography.

— Hash Functions.
A We will‘discuss all these cryptographi
c mechanisms in upcoming chapters,
1.5 Security Attack

Q.15.4 | st and explain v ou

_ (Ref. sec. 1.5)
Q. 1.5.2 _ Categories the differe
___ loss: (Ref-sec
In computer and computer
networks an attack is any att
| i empt to alter, disable and des
or gain unauthorized access 01
j of confidential information.

Security attacks

(a) Passive attack

|_(b) Active attack :

Fig. 1.5.1: Security attacks
= (a) Passive Attacks

a
Scanned by CamScanner
 ay Crypt. & Sys. Security (MU-Sem, 6-Comp) 1-11 Introduction to Cryptography

_— The two types of passive attacks are :

Passive Attacks

1. Release of massage contents

2. Traffic analysis

Fig. 1.5.2 : Types of passive attacks

“> 1. Release of message contents

: Release of message contents attack is quite simple to

understand. When. we send a
confidential email to our friend, our aim is
that only intended person should access"
this mail. If this mail is accessed by unauthoriz
ed users then co ntents of message are
released against somewhere else. Such type of attack
is called release of message
contents,
There are different security mechanisms are available
to prevent such type of attacks,

Fig. 1.5.3 : Release of message contents

For Example
Telephonic conversation between two people, an electronic mail and a file may
contents sensitive information sent/ transfer over insecure channel such as Internet.
We would like to prevent third person from modification of these type
of transmission
as shown in Fig. 1.5.3. _ *
— The main goal is to prevent the cryptanalyst from learning sensitive and confidential
information through transmissions that take place through telephone calls or email
messages or files transferred on network.

Scanned by CamScanner
 Introduction to Cryp
—
7 —_
comp) 112 2)" crypt. & Sys
[4 crypt. & Sys. Security (MUSET soe ion
. i )
Traffic analysis
.
> 2.
the message using
encryP q
sird person) is able to captur ¢ the contents of th :
nt en ts of
— Suppose we masmé sk the co
(here it is called
tl
th e message.
||
information from
but not extract the ¢ or any ¢ uj
sages to get the location,
i
me ss
m ag
e e n
o of mes
e a patt cn
The opponent might observ
¢ a

—
sage.
regarding the origin of mes ification off te 1.
=~ 2
Masquerade
t to det ect , bec aus e they do not involve mod
= Passiveve attacks are difficul hs
information. ivey
and neither sender nor rece generally done
- e sent and received is in normal fashion
me
rv ed pattern of messages as show
nk
that a third party has read message or obse
— It is generally «
awarede
wi
d by means of encryption.
Fig. 1.5.4. These attacks can be prevente
to a secure nets

= Once attacker |
of data or netw

:
Capture message from
Bob to Alice; later
raplay message to Alice
|
|

| _
Fig. 1.5.4: Traffic analysis | 4 cf

:
:
The emphasis when dealing with passive attacks is on prevention rather tha
detection. ; Such type of attac
> (b) Active Attacks 2. Replay Attack (F
Active attacks involve modification of a data stream - It isa netwo
or creation of a false stream ol
messages, Attacker aim in such type of attack is to corrup added into v:
t or destroy the data as a
network itself. Active attacks means information is modified or - The newly g
gets altered d
transmission between sender and receiver. as replay atts
Active attacks are divided into four categories as shown in Fig. 1.5.5. — Replay atta:
information

Scanned by CamScanner
 (er Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-13
SSS
SSS
Introduction to Cryptography

“Activeattacks.

Masquerade | | Replay] [Moatioaton| [7 Denlarors

. | service (Dos)

Fig. 1.5.5 : Types of Active attacks

1. Masquerade

A masquerade takes place when an attac

ker pretends to be an authentic user. It
is
generally done to gain access to a system,
or steal important data from system.
It is generally done by stealing login id and Pass
word of authentic user to gain access
to a secure network.
Once attacker gain access, they get full acces
s to the network for del etion or changing
of data or network policies of organization as shown
in Fig. 1.5.6.
——

oh wae
Darth | message from Darth
that appears to be
~

Fig. 1.5.6 ; Masquerade attack

Such type of attack involves pretendin g the user from accessing author
ized information.
2. Replay Attack (Rewrite)

It is a network attack in which original data get modified and new malicious code
added into valid data, during transmission, .
The newly generated malicious code retransmitted again and again to receiver called
as replay attack (Reusing information).
,
Replay attack involves passive capturing of data and retransmission of subsequent
information in order to create unauthorized effect as shown in Fig. 1.5.7.

Scanned by CamScanner
 to Dtogran,
_— Introduction
1-14 |
(ET crypt. & Sys. Security (MU-Sem. e-Comp (er Crypt. & Sy%
— - The ca
: such ty
K ear lost.
arth ¢| Capture message fro
re | Bee tog ln 4. Denial of S
— Denial
A na hy commu!
eh a
Bob
— It is ger
j making

Fig. 1.5.7: Replay attack overload

for users
3. Modification of messages §
- In modification, the original data that has been sent by the authentic user is been
disrupt or modified by the attacker to make it non meaningful for the Tecelver,
Usually the content sequence is been changed.
~ Modification is also called replay attack. When contents of message modified after
sender sends it but before it reaches to indented recipients,
such type of attack is
called modification of message as shown in Fig.
1.5.8. .

= — Due to int
Darth modifies Because c
ae
Suresh is
services at
- Once Din
things:
© Flood
| . .
Fig. 1.5.8: Modification of messages : overlo
i sf
For Example *
: i > Pee
if author
- If aan
Bob wants I
to transfer amount of Rs.1000/- into Alice account, ie s
transmission process an attacker called D during thi aa
the actual amount fi Differ
OT of R INS, 1000/. — ; eet te conversatin and
Rs. 100/- into Alice account. mogieg
. 7 rotectec
and sends just e
%
7
af

Scanned by CamScanner
 I EEESS<SC_”’”:”C

er Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-15 Introduction to Cryptography

— - The case happed here
Contents of messa ge get altered
such type during transmission process
of attack called modifi
cation. | n this case Integrity of original
lost. message is

4, Denial of Service (DoS)

— Denial of service attack means m

aking the network unavailable for the user to
communicate securely.
— It is generally done by interrupting
in the network connection between
making some the users or
services unavailable for user or disrupts
overloading with unwanted messages, so the entire network by
that network becomes slow and unavailab
for users shown in Fig. 1.5.9. le

a
Suresh

Dinesh

Fig. 1.5.9 : Denial of service

— Dve to intentional action of Dinesh,

Suresh is unable to access the data
from server.
Because of Dinesh intention he deni
ed use or services of sever to Suresh:
even if
Sure sh is authorized user. DoS attack attempt
to shut down the network, computer
services and deny the use of resources or services
to authorized users.
—- Once Dinesh got entire access of network or
server he can do the following
things :
© Flood the entire network or server with traffic until
shutdown occurs because of
overload.
:
© Block ongoing traffic which results in a loss of access
to network resources to the
authorized users. Different security policies like firewall,
Intrusion detection -
system helps to protect such type of attacks,
© Different security policies like firewall, Intrusion detection system
helps to
protect such type of attacks.

Scanned by CamScanner
 introduction to Cryptograpy
Comp) 1 “1 6
Sys. Security (MU-Sem. 6-C
et Crypt_&
een Active At| t
1.5.1 Difference betw

Active Attack ae a
Sr.
a
co
No.
er me re ly ne ed s to observe the
: contro 1 of Attack i]
have physical e media or
1. | Attacker needs to commu! nication in th
the media or network.
network.

ed.
It cannot be easily detect
2, | Itcan be easily detected.
It does not affect the system.
3. | It affects the system.

4. | Itinvolves in modification of data. It involves in monitoring of data.

5. | Types of active attack are : Masquerade, Types of passive attack are : Release of |
replay, denial of service, distributed denial
of service. 5
message, traffic analysis.
17 Op
Conside
6. | It does not check for loopholes or It scans the ports and network in search
_ another acrc
vulnerabilities, for loopholes and vulnerabilities.
_ aspects of th
7. | Itis difficult to prevent network from Passive attack can be prevented. | The tec
active attack.
— The ori
___ Syllabus Topic: The OSI Security Architecture that it i

_- Anadd
1.6 The OSI Security Architecture
the mes

i= The m™m
ITU- T International Telecommunication Union
Telecommunication Standardizatior messag
Sector X.800 (It is a service
Provided by a protocol layer key to:
of communi
—. Atrust

— The tru
the sen
defining and providing security r - The me
‘equirements.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 4-17
— = SSS SSS Introduction to Cryptography
es
- The OSI security architecture focuses main
ly on the following three concepts :
o Security Attack : An action that may compromise
the security of the information that
is owned by an organization is
called security att ack,
o Security Techniques/ Mechan
ism : Security mechanism is the process that desi gned
how to detect, prevent or rec
over fr om a security attack,
o Categories of Security Service : A processing or
communicating service that
enhances security of data processing and
information transfers of an organization.
The services are intended to counter
security attacks, The security service
can use of
One or More security mechanisms to prov
ide security. All these features of OSI
security architecture has been discusse
d in detail in the following section.

Syllabus Topic : Network Security Model. ~

L 1.7 Operational Model for Network Security

Consider a message/ data is to be transferred from

sender to receiver or from one party to
another across internet. During this data tran
smission process.it is necessary to protect secur
ity
aspects of this information from an opponent or attacker,
The technique used to provide security is as follows :
EE

— The original message is encrypted with the help of

a key, which scrambles the message so
that it is not readable to any third party.

An additional code can be attached to the encrypted data

which is based on the contents of
the message, which can be used to verify the identity of the sender.
The message is now, transmitting through an insecure channe
l such as Internet. The
message when received at the receiver side is unscrambled either
using same or different
key to obtain the original message.
- A trusted third party (such as Virtual Private Network)
is required for secure transmission.
The trusted third party is responsible to distribute the private key and
secret information to
the sender and receiver while keeping it away from any opponent or attacker.
— The model for security is shown in Fig. 1.7.1.

Scanned by CamScanner
 Introduction to Crypte
-18
(BF crypt. & Sys. Security (MU-Sem. 6-Comp)
Security (MUSE (ay Crypt. & Sy:
R
Basically ¢
text into pl:
3. Encryptio!
Recipient

Message
The proces
Sende “Secure [4 encryption.
Message | message |S;
Let, P be th
Key we getC as

“Fisted third party (suchas

distribute private keys to pri

Fig. 1.7.1: The modal for network security

i.e.

1.8 Basic Terminology in Network Security Decryption

q
The process
As we are living in information age we need to keep watch on our data or we must aware decryption C
about every aspect of our lives. Information/Data of every individuals having same value as
- as decryptio:
like our personal assets. The main aim of encryption technique is to hide the information/data
Let, C be th
from unauthorized users, protection from unauthorized change and data
should available to C it results o
authorized users as an when required or needed. Before studying
this whole subject one need
to understand the following definitions called as basic terminolog
y in network security.
1. Plain text
Plaintext is ordinary readable text before
being encrypted into cipher text or aft
decrypted OR the original message er being ie.
is known as plain text,
. , | The process
Example of plain text
5. Cryptograp
al English language so that eve The word c
understood the meaning and rybody, shoul
concept wr itten in clear text Yp § 0, (w
this book is in readable for form. Means the text writte
m called as pl aintext. _ information
2. Ciphertext
The many 5
Cryptanaly
The person
message cal
message cal

Scanned by CamScanner
 ee Crypt. & Sys. Securi
ty (MU-Sem, 6-Comp
) 1-19
Introduction to Crypto
graphy
Basically a are two process Tequired to convert
text into plaintext, called plaintext into cipher
encrypt ion and text and cipher
3.
decryption,
Encryption
The process of conver
tin & the plain text Messag
encryption.. e to cipher text messag
e is known as
Let, P be the plai
ntext, E js encryp
we get C as show tion ;
n in Fig. 1.8.1.

Plain text(P) LiZ?h on

4. Decryption

§ cipher text Messag

as decryption e into plaintext mess
age is called
Let, C be the cipher tex
t, D is decryption, and
P is plaintext, If we perf
es

C it results original plain tex orm decryption on

t P as shown in Fig . 1.8.2.
Cipher tex
t t (c) D(C) Plalain
i text (P)
Fig. 1.8.2 ; Decryption
ie. P= D©
The process of encryption and
decryption are controlled b y crypto
graphic keys,
Cryptography
The word cryptography comes fro
m the Greek words KPVIIT (hid
den or secret) and
Yp * ©, (writing). Cryptography is the art as well
as‘science of secret writing of
information / message and makes
the m non-readable,
The many schemes used for encrypti
on constitute the area of cryptography
.
Cryptanalyst
The person who studies encryption and decryption metho
ds and finds contents of hidden
message called as cryptanalyst. The process of studying
methods of breaking ciphertext
message called:as cryptanalysis.

Scanned by CamScanner
 Introduction to Cryptog
ee Crypt. & Sys. Security (Mu-Sem. 6 -Com 1-20
s
ss ib le ke ys , algorithm er Crypt. & Sys. Se
use all po
0

lyst attempt to
An attacker also called as el n original plaintext message. - 1. Known Pl:
; techniques to break ciphertext and 0
— In this type
7. Cryptology,
n as cryptology. om
sis together is know
The area of cryptography and cryptanaly — He will finc
8 Key . . ecryption algorithm which
type of atta

{ii It 18is the secret information or number used in encryption and decryp will discuss
;
is known only to’the sender and receiver. -> 2. Ciphertext

1.8.1 Cryptanalysis/ Cryptographic Attacks In this type

s access to cor
| — Cryptographic attacks are designed to discover the loopholes in cryptographic algorithms only. Such ty
these attacks are designed to decrypt data without prior permission and without access tog
key. This is job of Cryptanalysis to find the weakness into the algorithm used fo) > 3. Chosen Plai
encryption and decryption of data and then decipher the data. Before studying differen}
- In this c
attacks against Data Encryption Standard we must know different types of cryptographic later ake cy
attack methods.
4 _ called choser
- As mentioned above the process of trying to break any cipher text message to obtain the
BT hie otnck &
corresponding plain text message is called cryptanalysis and the person
who is attempting attacker to fi
cryptanalysis is called cryptanalyst.
used against
* Cryptographic Attack Methods
» ,- public key.
There are five cryptographic attack methods that include plaintext-
based as well as cipher 4. Chosen ciph
__ text based attacks.
, d — In this type
Cryptographic Attack matching ple
Methods — Such type of
J1. Knowey Plat
may get the |
, riecet att;ack
5. s Sid e ch
ch anne
2 Cher ox attack iy
' = Ta davtype
om
- Fj |

3.
8s hosen Paton attack
f

; designed cry
= =— ‘ee
4, Chetan her text t attack and keys use
— mel ec
A = Cryptanalys:
5. Side Channel Attack ra
|
perform par
Fig. 1.8.3: Cryptographic channel atta
Attack Methods

Scanned by CamScanner
[&Z crypt. a sys. Security (MU-Sem, S-Comp) _ 1-21
tee
Introd
ee an
uction to Cryptography
ae a
= 1, Known Plaintext attack

In this type of attack cryptanalyst

try to access plain text and its corresponding cipher
text.
.
He will find is there any cor
relation between plain text and cipher
type of attack is called known text produced; such
plain text attack, Example of such type
wil
l discuss in mono-alphabetic of attack we
cipher technique.
> 2. Ciphertext attack only

In this type of attack cryptanalyst

has only access to cipher text but
access to corresponding plain text such doesn’t have
type of attac K is called as Cipher text
only. Such attack
type‘of attack we will discuss in Caes
ar cipher technique.
Chosen Plaintext attack

In this type of attack cryptanalyst can encrypt plai

n text of his own choice (guess) and
later on findcipher text obtained froin. correspondi ng plai
n text such type of attack is
called chosen plain text attack.
This attack helps cryptanalyst to find the
encryption key as well. This mapping
helps
attacker to find which plain text is encrypted. This is
m Ost common attack technique
used against-asymmetric key cryptography,
where a cryptanalyst has access to a
public key,

Chosen cipher text attack

In this type of attack cryptanalyst chooses a ciphe
r text and attempts to find a
matching plaintext.
Such type of attack generally associates with decryption proce
ss because cryptanalyst
may get the temporary access to decryption process.

Side channel attack

In this type of attack cryptanalyst always try to find out. which technology
used to
designed cryptographic algorithms and which are the different software or
hardware
and keys used during encryption and decryption process.
Cryptanalyst may find the additional: information like CPU usage, time
taken to
perform particular task, voltage used and so on. Such type of attack 'is called side
channel attack.

Scanned by CamScanner
 (MU-Sem. 6-
& Sys. Security
:: . Tt focuses OD
ability
Threats and Vulner
as f
harm 'YSstem
@ ma y result in
that i
E n incident — Privacy prog
potenti al
i Ci‘ause of
tas i a
O th:
such as log i
of assets
or a group
. akness 0. a in set ( soure )
(4) Principles of Sec
— Vulnerability , 1s v
|
exploited by one or more threats. destruction of an asset as a result of a thtey — The three
es
— Risk is potential for loss, damage, OF integrity of it
exploiting a vulnerability. — Privacy defi
- Exam ple: Ina system that allows weak passwords, aye awe information.
o Vulnerability : Password is vulnerable for Hen OSE or.exhaustlv , f security depe
{ :
o Threat: An intruder can exploit the password weakness to break into the system
da
© Risk : The resources within the system are prone for illegal access/ modify/
by the intruder.
1.9 Encryption
— Threat agent-entities that would knowingly seek to manifest a threat.

* Difference between Security and Privacy 4 Before discussing

types of cryptography
(1) Definition of Security and Privacy and asymmetric key c
:
( —- While both are interlinked terms that are often used in conjunction with each
othe
I While one cannot exist without the other, they are often misappropriated.
A — Security is the state of personal freedom or
being free from potential threats, wher
H privacy refers to the state of being free from unwanted attention,
ae

(2) Objectives of Security

and Privacy
cuneate

~ The three main goals of security are confidentiality, integrity and

availability, ; ~ -
: . nautho
..rized
means safegu
access. arding both
It affects your inform
inform assets
ationsecuri and cyber
confidsecuri
ential
ation ty and ty data af , Ce
1.9.1 Symmetric
the three goals. Privacy, on the othe! - Symmetric key c
information, Tganizations with Tespect to perso
In symmetric ke:
(3) Programs for Securi y As shown in Fig
and Privacy
ty and
cipher text is tre
As ecurity Program Tefers to a set of Protocols and
regulations set in place to pro Bi Side
all the confidential information assets and resources i the ciphe
i r t:
that an organization collects @fmm Nt that encry
owns,
6 called as Data E

Scanned by CamScanner
“2
: :

7 | [FP cryp& t.
Sys. Security (MU-Sem, 6-Comp) 4-23
System
i ‘ Introduction
OUCHON 10 to Cryptography
Cryptography
J - It focuses on the data and information
il rather than personal information of individuals.
| .
— Privacy program, on the
an ty other hand, fo uses on protecting only
such as Jog in credentia personal information
ls,Passwords, etc,
: _ (4) Principles of Securi
4 ; ty and Privacy
- me titer core Principles
of security inchide Protecting confident
integrity of information iality, preserving
assets, and promoting avai
i lability of data and inf
— ae
Privacy defines the i ormation,
) rights of indindi
ivividual and organizat
i ation. To some extent, ions with respect to person
izati
em privacy can be achieved al.
security depends on Privac with security initiatives
y of credentials and acc and
ess to data.
damage

|
and asymmetric key cry -€. symmetric key ¢
ptography as shown in
Fig. 1.9.1,
other, * ee
TyPes of cryptography
Teas

Scanned by CamScanner
 4-24 troducti 10 Crypt
Introduction
ET crypt. Sys. Security (MU-Sem. 6-Comp)
[PF crypt. &
Mathematically it is represented as P = D (K, E(P)).
D (kK, E(P)) = Decryption ofp @ Disadva
Where P = Plain Text, E (P) = Encryption of plain text,
. — Once the
text using shared key K.
i i A A¢ dv4u, tod
o oem
— For Example : Stream and block cipher, Data Encryption Standard (DES),
; Encryption Standard (AES) and BLOFISH. 4 — Insymm
~— 1 seco
Secret key

oe ue ee ‘ 9.2 Asyn
|

jt Transmitted Asymmet
ciphertext ;
i}
_ In asymn
iN decryptior
Plaintext , '
Plaintext
As
* mentic
Encryption ‘algorithm Decryption algorithm
(e.g. DES) . (Reverse of encryption algorithm) may |}
i | : , ‘ Other is px
| _ Fig. 1.9.2 : Symmetric Cipher Model
7
_ Messages,
— Here th a . ‘
caiman Ee ede is that if an attacker/opponent got cipher text 7? He/she may af It is also c
ermu * r

‘aa ee
the main exieodof ol decrypt and obtain the original plain text, F _ only its cc
i iI ttre chai 18 came into picture. Always sender has to think on appl | Message.
ng technique ; on plain text messa etl
1essage and convert it into ci The
I) so that attacker cannot read the actual plain text easily,
Sec
| - Symmetric ciphpher model convert the plaj “tee
rig
;
Sl
_—
nce
‘
. techniques.
following Plain ain (ext message : :
into cipher text by’ u
dec:
*yption
oe cryptosyst.
Advantage
ges of Symmetric key cryptogr:aphy Sender
(Ramesh)

oe Ort sender
he cannot decrypt it withou encryption and
decryp
permission aetio i
ates tne pe foe
Plaintext

Scanned by CamScanner
(ay Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-25 Introduction to Cryptography
ee tte POOR

@ Disadvantages of Symmetric key cryptography

- Once the key is stolen while transmitting data between sender and receiver it is very easy
to decrypt the message as same key is used for encryption and decryption.
In symmetric key cryptography, key is transmitted first and then message is transfer to the
receiver. If attacker intercepts the communication between
sender and receiver then he can
decrypt the message before it reaches to intended
recipients.
a
9.2 Asymmetric Key Cryptography
Asymmetric key cryptography is also called as public key crypt
ography.
_ In asymmetric key cryptography two keys are used, one for encryption and other for
decryption.
As mentioned asymmetric key cryptography involves use of two
keys one is public key
that may know to everyone and can be used to encrypt messages, and verify
signatures.
Other is private key known only to the receiver of the message
or verifier, used to decrypt
_ Messages, and sign (create) signatures.
It is also called as asymmetric key cryptography because one
key is used for encryption
only its corresponding key must be used for decryption. No other
key can decrypt the
message,
_. The sender and receiver can encrypt messages using encryp
tion key (public) or verify
signatures, he cannot decrypt messages or create signatures because he-
required
decryption key (private) which is known only to the receiver of the messag
e. Public key
cryptosystem /asymmetric key cryptography as shown in Fig. 1.9.3.
Sender
Receiver
(Ramesh)
(Suresh) |

Plaintext a "— Clphertext sont a Plaintext

Encryption Decryption
using B's using B's
public key private key
Fig. 1.9.3 : Asymmetric Key Cryptography

Scanned by CamScanner
 F
Introduction to Crypto,
ee f

sat comp) 126 ~ EF cop. as

& Sys. Security (MU-Sem SS ;
nted as P= D(Kd, B (Ke) ion, Ke = a
iti
con of plain text, D = Dectypaon 8° = Encrypig — Public ke
Mathematically itis rePF=S° claimed |
, Where P = Plain Text, E (P) = Bnoryptio
g informatis
eg R= Deane Tl mmunicate with the receiver Suresh then
— For example, sender Ramesh wants ars and public key then and then communicaa sender an
denying a
must have each one of this i.e. private key
will be successful. 4 . Bots
Ramesh and Suresh must know Ww dewey
- Table 1.9.1 shows the possible pair of keys that
ove
(

communicating with each other.

Table 1.9.1 : Pair of private and public keys Helinwn..
i
I Nea For Exat
| | : ld kno algorithm.

|| Ramesh Private Key (A) | Yes A must know Not known (o B RES HnISS
Ramesh Public Key (A) | Yes A must know Yes it is known to Suresh also” In Asymm
;
Ppboth h ave
| Suresh private key (B) | Not known to Ramesh (A) | Yes Suresh (B) must know - over i
;
Fy Suresh public key (B) Yes known to Ramesh (A) | Yes Suresh (B) also known it ' ; The nian
, i
a Following -are the possible cases of public key cryptography as per the table mentiol for used e1
| | pi i! above. ‘ j ? cannot dec

rH Case 1 , RSA algor

i cryptograp
| if 1. When Ramesh wants to send a message to Suresh. Ramesh can encrypt the message ul Easy t
ry i Suresh . public c key.
mes key. = This isi possible
i because Ramesh and Suresh knows the public: key, —t
F Disadvan
hy . aiicien, send this message to Suresh (Keep in mind this it is encrypted using Su
|
, ef Because ot
3 8S; a ac
transmissi
on decrypt the Ramesh message by using Suresh own private key. Because
ures ows his pri : a ke

4. ‘ i
It 1Sis Important to Private
note that messais not aware
Ramesh
key the . about Suresh private key. _ - of ten, y |
ge only decrypted usin dt
nothing . else. ae i Sane pve = Asymmetr

/ Case 2 cryptograp

If Suresh wants to send the message to Ramesh, then reverse the above case 1. S
encrypt the message only with Ramesh public key. The
reason only Ramesh can‘ 1
the message to obtain its original plain text format using
his private key

Scanned by CamScanner
 SE SS'SE EEE

: [&7 crypt. & sys, Security (MU-Sem. 6-Comp) 4-27 Introduction to Cryptography
—- Public key cryptography achieves authentication
(authentication helps to identify the
claimed identity of an entity, such
as user name password or any other important

= Principles of public key cryptography also include mathematical background to

understand the use of key pairs in algorithms like Rives
t Shamir Adiman
(RSA) and Diffie
Hellman Algorithm,
a For Example : Rivest Shamir Adlman (RSA) and Diffie Hellman key exchange
algorithm.

7 Advantages of Asymmetric key cryptography

— In Asymmetric key cryptography, key cannot be distribute among sender and rece
iver as
both have their own key, so there is no problem of key distribution while tran
smitting the
data over insecure channel.

The main advantage of asymmetric key cryptography

is that two separate keys are used
for used encryption and decryption; even if encryption key
is stolen by attacker he/ she
cannot decrypt the message as decryption key is only avail
able with receiver only.
RSA algorithm and Diffie Hellman key exchange are impl
emented using asymmetric key
cryptography.
Easy to use for user and scalable does not require much administrati
ve work.
Disadvantages of Asymmetric key cryptography

Because of different key used between sender and receiver require more time to get
the
transmission done as compare to symmetric key cryptography. (Slower that symmetric:
key cryptography very few asymmetric encryption methods achieve the fast transmission
of data). ; -
Asymmetric key cryptography utilizes. more resource as compare to symmetric key
cryptography.

Scanned by CamScanner
 introduction to Cryptogra,

4-28
-Comp)
(MU-Som, 9 aphy
{4F
= crypt. & Sys. Security
ASY mmetric Key Cryptogr sicall¥ :
cry
Sy™ met
ric and
1.9.3 Difference between Asymmetric Key Cryptography real iphet
igorith :
symmetric Key Cryptography ei
hy two piock cipher
key cryptogr ap
| In asymmetric cryption and pow! in Fig.”
single or one is for en
In Symmetric key cryptography keys are used,
ryption and ption.
same key is used for enc other is for decry!
also
cryptography is
decryption.
is also called Asymmetric key or
Symmetric key cryptography key cryptography
private key called as public em.
as secret key cryptography or
conv!entional
cryptographic syst
cryptography.
represented as
Mathematically it
3. | Mathematically it is represented as
p= D(Kd, E (KeP)),
P=D (K, E(P)). encryption and 4.10.1 Stream cl
“Where Ke and Kd are
Where K is encryption and decryption
decryption key. In stream ciph
key.
pit at a time, |
P = plain text, D= Decryption
accepting only
D = Decryption E(Ke, P) = Encryption of plain text
using private key Ke. — One time pad
E(P) = Encryption of plain text XOR with ea
4. | Symmetric key is faster than asymmetric Because of two different key used on varying til
key cryptography. asymmetric key is slower than
asymmetric key cryptography.

5. | For encryption of large message In asymmetric key cryptography plain

symmetric key cryptography still play ‘an text and cipher text treated as integer
important role. numbers.

6. | Symmetric key cryptography utilizes less Asymmetric key cryptography utilizes

resource as compare to asymmetric key more resource as compare to symmetti¢
cryptography. key cryptography. ;
—————
There is 3
7. | For Example : AES, DES and For Example : RSA, Diffie Hellman with a str
BLOWFISH Key exchange algorithm. Ci, C2,€3, .,

Scanned by CamScanner
 1-29 Introduction to Cryptography
_ & SS

10 Block ciph
0 raphic algo rithm is used for transformation of plaintext into cipheatext.
; ally oP tog :
and Block cipher are main method of encrypting text using key and

.infes are explained on the basis of two different algorithm types as

1, Stream Cipher [|

2. Block Cipher

Fig. 1.10.1: Algorithm types / Block Cipher Principles

4.10.1 Stream Cipher

to each binary digit in a data stream, one
_ Imstream cipher keys and algorithms are applied
am cipher operates on plaintext
bit at a time, rather than encrypting block of data (4 stre
:
accepting only one bit at a time).
which each bit of plaintext message
— One time pad is the best example of stream cipher in
It is a symmetric cipher operates
XOR with each bit of key to obtain cipher text message.
is shown in Fig. 1.10.2.
on varying time transformation individually on each bit. This
Encryption — Decryption.
ystream
«— 4
erage
Loi aeseiese
|
ae

>P
a

Fig. 1.10.2: Stream Cipher

There is a keystream generator which outputs a stream of bils - Ky,

Ky Kyser; XOR

bits
with a stream of plaintext bits, pj, Pz, Pyy---1 Pj» to produce the stream 0 f ciphertext
‘ 4
1+ C2,€3, ..... Cj. Broadly it can represented as shown below
c i: . i

* (1.10.1)
c = peek.

Scanned by CamScanner
 RET’ crypt.
& Sys. Security (MU-Sem. 6-Comp) 1-90 Introduction to
— =
Cryptog,,
4'
. g
~ During decryption, the cipher text bits key stream to recoye; |
are XOR with a same key
plaintext bits. the |

Pp, = c ®k,
a
“(0am :
~ The stream cipher security depends on
the simple XOR and one time pad. a
stream output is random ; If the a |
that, it will take harder timefor a cryptanalyst to break te
However if it will keep on repeating same stream
bits then it can result an attack on the
cryptosystem,
i
— For example : Suppose we have plaintext
as pay 100 in ASCII (i.e. text format). Whe
is converted to binary valu
es let us take that it is translating as 010111001
n it
spene
also applying XOR logic in encryption algorithm. We can
see effect as,
In text format In binary format
|

Pay 100 010111001. Plaintext

|
+ 100101011 XOR operation with the key
|
ZTUIIA%D —- 1010010 Cipher text
XOR Logic is shown in
table below
|
Ay

Input 1 Input 2 Output

|
0 0 0
0 i FY
1 0 1 / =
1 1 0 |

encrypted with the same keystream,

XORing the tv
Cl ®C2 = (p
k) 1
@ (p2
® @ k)
(pP1@ p2)@&,@ k)
= (p1@p2)@00...0
Cl @C2 = (plGp2)

Scanned by CamScanner
 (ey Crypt. & Sys. Security (MU-Sem. 6-Co
——— mp) 1-31 Introduction to eye
1.10.2 Block Cipher

Block Cipher break plain text message into fixed

blocks and encrypt each block with corae
key size (fixed). Divide each plaintext message
into block of 64, 128, 256 bits and apply
common key size 40, 56, 64, 80, 128,
: 168, 192 and 256 bits which generate
cipher text
message same as size of plaintext
,
block or as per size of plaintext mess
age.
Fig. 1.10.3 shows encryption of
64-bit plaintext using block cipher
with 56-bit key.
Too
64 - bits | 64 - bits | 64 - bits 84 Plaintext
: ere ites Petia) 2 eas
- bits. block of 64 - bit
Be a si each

Common key size

40,56,64,1256
28 bits

: Ciphertext
—_———_ § block of 64 - bit
mn ACH
Fig. 1.10.3 : Block cipher
Block cipheris main method of enc
rypting text in which keys and alg
orithm are applied to
block of data rather that individua
l bits like stream cipher. Data
Encryption Standard
(DES) is the best example of
block cipher in which each blo
ck of 64- bit get encrypted
using 56-bit key and cipher text of
64-bit get generated,
At receiver side decrypt message with
same key to generate plaintext.
Like in stream cipher, block ciph
er also uses the conc. ept of key gene
rator. Block cipher
are used in Chaining mode, this is because for
repeating text pattern, the same cipher
block will be generated which can give clue
to cryptanalyst regarding what is the o
riginal
plaintext hence chaining mode is used
for block ciphers. We will discuss c oncept of
chaining mode in block cipher modes
of operation.
As in chaining method, previous block is mixe
d with current block to avoid repeats in
patterns. Block cipher is little time consuming but
secure than stream cipher so generally
used in computer based cryptographic algorithms. Strea
m cipher is faster than block
cipher.

a EP a Fe re
Scanned by CamScanner
 Introduction to Cryptog apy

& sys. Security

EF crypt. (MU-Sem_$- COMP 1-32 >
Cipher —————
Stream and Block CIP wi
1.10.3 Differentiate between
Tt
Q. 1.10.1 Compare and contrat -oo
aetreamn ciphers.
ee i
(Ref. sec. 1.10.8) _ Gee | pee
|
| Se. No. | Stream Cipher ee | a at | a Cc.

main method of
1. In stream i
cipher keys ip xi is in which keys ai i
and Bloc k cipher
Igorithms are applied to each. encrypting are applied to block
algo
binary digit in a data stream, one bit algorithm bite Tike ofstreall
data} a Da
that individual bi i‘ >
at a time, rather than encrypting | rather
cipher. | . s
block of data.
is less _ time | Block cipher is more time consuming. | a” Bs2
ifTah *
2. Stream *
cipher .

consuming. i.

3. . | Because of one bit encrypting at a | As block of data is encrypting at a time t

}
fo. time, 2 stream cipher is faster than | block
; cipher is slower than stream
ei block cipher. ; cipher. For Ex

i | 4, Stream Cipher doesn’t used in| Block is used in chaining modes of|
| Su
| chaining modes of operation. operation. : i cip

/ } t I 5: Hardware implementation is easy | Software implementation is easy using no

fi using stream cipher. block cipher. | !

P|
| fli 6. One Time Pad is the best example | Data Encryption Of
Standard (DES) is the | th:
PU of stream cipher. , ‘| best example of block cipher. :
hi) 1.10.4 Confusion and Diffusion
Claude Shannon introduced two properties of opera
tion of secure cipher.
Properties of operation
of secure cipher

Scanned by CamScanner
 er Crypt. & Sys. Security (MU-Sem. 6-Comp)
eGQsseee 1-33 Introduction to Cryptography

=> 1. Diffusion

It means any of the character in plaintext is changed, then simultaneously several

characters of the cipher text should also be changed. Similarly
if the character of cipher
text is changed then simultaneously several
characters of plaintext should be changed. It is
a classical transposition cipher,
“Diffusion” = Transposition or Permutation
abed — dacb
Data Encryption Standard is the best exampl
e of diffusion.
->°2. Confusion

Each character of cipher text depends on different

part of the key. In confusion the key
does not directly related to cipher text. Itis a class
ical substitution cipher.
“Confusion” = Substitution |
a—b Caesar cipher
For Example

Suppose we have a Hill cipher with an matrix n x n, and

suppose we have a plaintext-
ciphertext pair of length n? with which we are able to solve for the encryption matrix. If
we change one character of the ciphertext, one column of the matrix can change
completely.
tis,
Of course, it would be more desirable to have the entire key change.
When a situation like
that happens, the cryptanalyst would probably need to solve for
the entire key
simultaneously, rather than piece by piece.

1.10.4(A) Difference between Confusion and Diffusion

1, | Confusion obscures the relationship | Diffusion spreads the plaintext Statistics

between the plaintext and ciphertext. through the ciphertext.
2. |A one-time pad relies entirely on|A double transposition is the classic
confusion while a simple substitution | example of a diffusion-only
cipher is another (weak) example of a | cryptosystem. ,
confusion-only cryptosystem.

|
ee
Scanned by CamScanner
 m. 6-Comp)
& Sys. Security (MU-Se

Confusion

No. | 5 is, perhaps, not enough |

_ ‘ena tsi relatively small blocks, 4
a . 4 ia iffusion alone
1S, P }
3, | Confusion alone 1s, apparently, “enough”,
since the one-time pad is provably secure. stream cip
her is simply a weaker version
of a one-time pad.
s spread any
ems Well-designed block cipher
4. | The codebook aspects of such syst block, thus
local statistics throughout the
provide confusion analogous to though ion.
employin g the principle of diffus
on a much grander scale a simple
js substitution.

Substitution Techniques
Syllabus Topic : Mono-alphabetic and Poly-alphabetic

1.11 Substitution Cipher Techniques

> (MU - Dec. 15)

(Ref. se 1 ES 15,2 ens

_ A substitution is a technique in which each letter or bit of the plaintext is substituted of

| replaced by some other letter, number or symbol to produce ciphertext. Substitution meat
replacing an alphabet of plaintext with an alphabet of ciphertext. Substitution technique als
j . called confusion. The best example of substitution cipher is Caesar cipher invented by Julitt
Caesar.
Substitution Cipher techniques are as follows :
Substitution Cipher
techniques

1. Caesar Cipher

2. Monoalphabetic Cipher

3. Polyalphabetic Cipher _|
4. Playfair Cipher |

5. One Time Pad (Vernam Cipher) |

aa

6. Hill Cipher

Fig. 1.11.1 : Substitution Cipher techniques

Scanned by CamScanner
eee ——— . EEE ee

1.11.1 Caesar Cipher

- Julius Caesar introduced the easiest and the simplest use of substitution cipher.

— In Caesar cipher technique each letter is replaced by the letter /alphabet which is three
places next to that letter which is to be substituted. Or In Caesar cipher technique, each
alphabet of a plaintext is replaced with another alphabet but three places down the line as
mentioned in table below.

For example

— Plaintext : Sun rises in the East

- Ciphertext : V<QULVHVLQWKHHDVW

Following is the list of possible combination showing the letters 3 places down of each
alphabet:

abedefghij kLmnopqrst uvwxyz

|D
GHIJ KLMNOP
EFrtext
Ciphe QRSTUVWXYZABC
The corresponding number equivalent to each alphabet is given below : |

abcdefghijk 1 mnopdqft stuvwXyz

10 11 12
0123456789 13 14 15 16 17 18 19 20 21 22 23 24 25

Mathematically the Caesar cipher algorithm can be expressed as

C = E(3,P)=(P
+ 3)mod 26
P = D(3,C) =(C-3)mod 26°
Where C = Ciphertext/ or alphabet

P = Plaintext/ alphabet
E = Encryption
D = Decryption
Mod 26 because in English there are total 26 alphabets.

Scanned by CamScanner
 Introduction to =YPIOCryptoq,.
BF copt. &S Security (MU-Sem. 6-Comp) 1-36
(e ys. LY

break ciphertext obtained from plaintext mess: age with the } D

is very easy 10 ind Pla intext
will be having only 25 possible keys to lecrypt ihe
ve « atta
Brute-Force attack because the attacker i
ciphertext. Cipherter
isti i force attacks are : - Kansas
Further some more characteristics which lead to easy brute
1. The encryption and decryption algorithms are known.
_| For example,
2. Only 25 possible keys.
sa - Acanbe
3. And plaintext language is easy to rerogtiine with few repetition of alphabet having
’ _ B can be:
ciphertext letter.

* Brute-Force-attack Such type

brute-force att
A brute - force - attack means trying every possible key on a piece of ciphertext until aq _ a
intelligible translation into plaintext is obtained. We can create more complex cipher text from
given plaintext with the help of another substitution technique called ena ee ciphemg 1 -11.3 Polyz
y
a prevent brute-force-attack.

j
if -
1.11.2 Monoalphabetic Cipher cee (
hi — In Caesar cipher the attacker can easily guess the plaintext as it is easily recognizable.
As in m
j Be iHie Monoalphabetic cipher substitutes one letter of the alphabet with any ; monoalphabet
random letter from
' f the alphabet. . ‘ polyalphabeti
| iy j — Itis not necessary that if A is substituted with B then compulsorily B has to be substitu ec
stematically
with C. It can be replaced with any other letter of the alphabet. The only wea
kness in this
;
algorithm : 1.11.3(A) F
is that if more repetition occurs then attacker can easily guess the plaintext.
© .
— This random substitution is just done to have uniqueness.
nica =
— In this the substitution of characters are random permutation
W: .

of the 26 letters of t . mae

HM! irenigor examplealphabet.

7
times as |

RES Would
reacge
-_—
il - Following is the substitution that we are taking : “= below.
eas

Scanned by CamScanner
|
EP
SS
crypt. & Sys. Security (MU-Sem. 6-Comp) 4.97 Introduction to Cryptography
tail eneneneeereerseeesisinnssinmmmeneninenmenimecrameminasaieanl
aaa
Plaintext : East or West
Ciphertext ; aesy xk taay
- Ciphertext obtain with this technique yields
completely different text as compare to
Caesar cipher. In this method, each letter provides
multiple substitutes for a single letter.
For example,

- Acan be replaced by: d,j

,r, y
- Bcan be replaced by : h, U, mM, p
etc.
Such type of large key space makes
this cipher technique extremely diffic
ult to break by
brute-force attack. But this can make the cryptanalysis
attacker strai ght forward to guess the
pattern. ‘

1.11.3 Polyalphabetic Cipher

As in monoalphabetic cipher we use only one fixed alphabet, but

draw back in
monoalphabetic is these are fairly easy to
break. So to make it harder to break, the conc
ept of
polyalphabetic cipher arises which uses more
than one alphabet and SWitching between them
Systematically.

1.11.3(A) Procedure of Polyalphabetic Cipher

1. Pick a keyword (for our example, the keyword will

be “MEC” as shown in Example 1).
2. Write your keyword across the top of the text you
want to encipher, repeating it as many
times as necessary.

3. For each plain text letter, look at the letter of the keyword above it (if
it was 'M', then you
would go to the row that starts with an 'M'), and find that row in the
Vigenere table given
below.

ea aT et a

Scanned by CamScanner
 4-38 Introduction to Crypt,
——<aSs50 EE
[ET crypt. & Sys. Security (MU-Sem. o.com)
—
!

D |e IF 4. Ir
R d
4. Then find the column of your plaintext letter (for example, 'w', so the twenty-th V
column), .
5 F
r 5, Finally, trace down that column until you reach the row you found
before and write dp c
Ah the letter in the cell where they intersect (in this
case, you find an T’ there). Repeat
same till you will convert all plain text messages into ciphe F
rtext.
cat hey Example1

MECMECMECMECMECGMECMECM

weneedmoresuppliesfast
| Ciphertext IIPQIFYSTQWWBTNUIUREUF
Thus, the plain text message “We need more supplies fast!”
comes out :

IIPQIFYSTQWWBTNUIUREURF

Scanned by CamScanner
 graphy
ie EB cops & Sys. Security (MU-Sem. 6-Comp) _ 1-39 Introduction to Crypto —
a a

1.11.3(B) Difference between Polyalphabetic and Monoalphabetic

=> (MU - Dec. 17)

(phabetic ciphers and }

.3._poWit
io 1.11___ thehabheletip cofcipexherams?pl(Refes. sec.comp
ly-halp Dec. 17, 5 Marks
Polyalphabetic Ciph
Polyalphabetic cipher is more secure and Monoalphabetic cipher are not very
hard to be broken. secure and can be easily broken.

More than one alphabet is used for One fixed single alphabet is used for
substitution. substitution.

In a polyalphabetic cipher, the In monoalphabetic, the same

substitution rule changes continuously substitution rule is used for each
from letter to letter according to the substitution. .

elements of the encryption key.

In polyalphabetic for particular alphabet, In monoalphabetic, for a particular

different substitution can be done using alphabet, only one substitution can be
Vignere table. used.

Polyalphabetic cipher includes, Playfair Monoalphabetic cipher includes

cipher, Vigenere, Hill cipher, one-time additive, multiplicative, and
pad ete. monoalphabetic substitution cipher.

Syllabus Topic : Playfair Cipher

— ——= —— Sees

9.11.4 Playfair Cipher

EG. 1.11.4 . Write
a short note on Playfair cipher. (Ref. sec: 1.41.4) CIE ae a) ea ‘|
by name Playfair besa - :
It was invented by Charles Wheatstone in 1854 but known
Playfair made this technique popular. It was used by Britisher in World War 1 ¢ Lord

It is multiple letter encryption technique, which uses 5 x 5 Ma

trix table to store the
_ of the phrase given for encryption which latter on beco letters
mes key for encryp
| decryption. tion and
For example : Keyword is FAIR ExAMPLE

Scanned by CamScanner
 LEP cryp
& Sys. t.
Security (MU-g em. 6-Comp) 1-40 Introduction to Crypt
— Inthe first step all letter
s are t © be filled
| are already been placed jg in that matrix from left to right, the letters y
not be placed again in that matrix. ror Example :
— After filling up
of the Siv For pair ke
en letter, fill rest of the spa
ith no Tepetitions. ce in the matrix with
the Temaining The pair c
The letters I and
J will be Consider row letter t
Place J in rest of ed as one letter. So If I is 7
the matrix, already placed then no Need ty ;

the letters which are already Written/ ment

ioned need not to be placing that letter
matrix, in Biven
'
For in given ex
ample A and E
are already mentioned in matr
write that letter ag
ain in the giy en matr ix so it is not mandatory 1,
it ix.
Table 1.11.1
F fca log Pp E
1 2. Checking f
xX | M | p Lo fsB- column. -
i I if
Cc D | @:| wwe,
Me
Le ce ee
I } Ul Vi{w|]ylez
‘| ' Encryption using Table
1.11.1 keyword matrix
LR - 1. | The plaintext received is to be
broken in pair of two letters,
2. For example CYBER can be BE will be «
broken into CY BE R(X).
ial 3. Ifboth letters are same or only one Checking fo;
letter is left then put X with that alph
abet.
4. If both pair alphabet appears in
same row replace the letter with the
alphabet (wrapping immediate right
around to the left side of the row if a lette
| r in the original pair was on
the right side of the row).
.
5. If both letters appear in same column replace
it with alphabet immediate below to thit
letter (wrapping around to the top side.of the column
ifa letter in the original pair was on
‘I the bottom side of the column).
6. If none of the condition explained above meet, then replace them with the letters on tt
same row respectively but at the other pair of comers of the rectangle defined by i
original pair.

Scanned by CamScanner
 Ee

F copt.& Sys. Securly p)

X)
nt ex t CY BE R ca n be encrypted as : CY BE R(
mple : The plai
yor Exa 6.
at CY do es no t oc cu r in sa me row or column so W’ e see step
\, For pair CY we check th me
ac e it wi th HU . If pa ir forms a rectangle, pick sa
ctangle, repl
The pair CY forms a re
site corners.
row letter but oppo
FIA] IJsJRIE

X|M|P/L/|B

c|D|G/H|K
N/O/Q/S/T
Z
U/VIWly|
|

t as HU.
so CY will encryp
re pl ac e it wi th im mediate next 1n that
so
are in same column
Checking for BE both
* column. ©
F/A;|I]R
X/M|P{L
c|D|G/H/|K
nlolels
U vIw]y |Z

.
ne en cr yp te d as K B (Below to Eis B)
BE will
Check foir nR(gX)
FIA] IRIE

x|M|P{|L/B
c!ilD|G/H|«#
n/o}]Q{s/T
u;| Vi wy Z|
same Tow
for ms a rec tan gle , rep lac e it wit h FL. If pair forms a rectangle, pick
The pair RX
letter but opposite corners.
R(X) will be encrypted as FL.

Scanned by CamScanner
 ’

[GET crypt. & Sys. Security (MU-Sem.6-Comp) _1-42 Introduction to YPtor

Solved Examples on Play fair cipher

11 USS |
crypt : “The key is hidden under the door’
EnSoln. using Playfair’¢
7.
Pi Keyword - domestic
- Keyword is domestic, z
yl — In the first step all letters are to be filled in 5 x 5 matrix from left to right, the letters which
are already been placed is not be placed again in that matrix.
i - After filling up of the given letter, fill rest of the space in the matrix with the remaining
li letters alphabetically with no repetitions.
i -
I r — The letters I and J will be considered as one letter. So If I is already placed then no needtp
fei place J in rest of the matrix,

I d/o |m/ejs

t}i |e ja}b}-

, f}g jh {k/1
| nip /qhrju
i ‘Iviw|x y|z

‘ — By using Playfair Cipher (Use following steps to encrypt given word or message) we
want to encrypt the plain text message “The key is hidden under the door” using keyword
domestic. .

1. The plaintext received is to be broken in pair of two letters, if duplicate letter put x |

; 2. Th, ek, ey, is, hi, dx, de, nu, nd, er, th, ed, ox, or 7 Playte
a
. - .
3. - If both letters are same or only one letter is left then put X with that alphabet. ~ “moonm
the letter with the immediate rig Soin, .
4, If both pair alphabet appears in same row replace Z E os ie was
letter in the original pairW Is Blnys
alphabet (wrapping around to the left side of-the row if a
ane 7 Play
on the right side of the row).
j oe immediate below ies e ;
in same column replace it with alphabet imm ise
mn if a letter in the original pa "
the top sid e of the co lu
letter (wrapping around to the
e

column). :
on the bottom side of the

Scanned by CamScanner
 he same ro open Paid shove meet, then replace them with the letters on
the original pair. } © other pair of corners of the rectangle defined by
Refer above matrix for the same,
th > Step 6 > cf
ek — Step 5 > ar
ey > Step 5 ae

is > Step 6—> bo

hi > Step 6 > ge

dx — Step 6 > mv
de > Step 4 os
a ever

nu —Step
4— pn -
ecru:

nd —Step
5 > vt

er > Step
5 > ay .
eee

th > Step
6 > cf
ed > Step
4 so

ox — Step
6 > mw
age) we
f or > Step 6 > ep

The plain text message “The

Key is hidden under the doo
r” encrypted as :
cf, ar, ae, bo, &C; MV, os, pn,
vt, ay, cf, so, mw, ep.
|
Ex. 1.11.2
3 Pvt _ cipher monoalph
abet Kav
onmission” and encrypt th ic cipher ? Justify. Construct a Playfair matrix with
e Message “greet”, the key
Soln. :
|

Scanned by CamScanner
 For Playfair,
the Order igs
looking digr Unchan
aph. It isasy » We just substitute comm
on diagraphs
bstitution= cipher,

Mill i the key “moonmission

Hol ” and encrypt the Messap,
Use5x5§ Matrix

(j i
Mio
a
i-
fnli|s

} atb leldle
fig lalkly
ih) ,
heat
Pigiritju
‘i
‘Vv Wixlylz
The
The Message is “greet
” divide the latter's into
Message greet : set of two characters. Me
Fr ex et
Ciphertext is ; hq,
cz, du
Ex. 1.11.3
Cip!
Ex. 1.11.
Construct a pla yfair
matrix with the key “occur
“tall tress”, rence”, Generate the cipher Using pla
text for plain text
Soln. :
Soin. :
Draw
Draw matrix 5 x 5

a
eh
>
5

wr}

g h | if
m
p t
w
2

Viw/x |y)}z

The message is “Tall trees” divide the latter’s into the set of two character.
Massage Tall trees : Ta Ix It re es
Ciphertext is : pf, i/jz, tz, eo, rt

Scanned by CamScanner
 E Ee Crypt. & Sys, Sec
urit ¥ (MU-leSo
m, 5-Camp)
1-45
Ex. 1.11.4 Introduction
to Cryptography

Ja zx, zx
Ciphertext : sb, uz, uz
a Ex. 1.11.5
plain text Using playtair cipher encrypt
son. the plaj
Pi the plaintext ‘ ‘Why, ' .
don't YOu?". Use the
key “keyword”.
Draw matrix 5 x §

Scanned by CamScanner
 GPF crypt.
& Sys. Security (MU-Sem, 6-Comp) 1-46 Introduction to Cryp
era , go
Ex. 1.11.6

Use Play fair cipher to encrypt the following message “This is a columnar transposition» he a
key APPLE, |, ~ an:
Soln. : :
2
The key used is APPLE SO put it into 5 f
x 5 matrix,
Draw matrix 5 x 5 2 '
.
-
A/P |L/E/B
5.

“For!
C/D/IF/G/H

W|/K|MI|NIo
QiRIis!/tiu

IV} wlxlylz
The plain text message is “This
is a columnar transposition” divide
of two character, the latter’s in to the set

Message : “This is a columnar transposition”

— Now break the message “This
is a columnar transposition” into
each. So message will look like pairs of two alphabets
as given
So
TH IS IS ACOL UMNA RT RANS PO SI TION
For ex
~ By using play fair cipher the cipher text obtained
is given below:-
- Tt
UG MQ MQ CI MB SO IE SU QP MT BK QM ON 4
i
“]
1.11.5 One Time Pad (Vernam Cipher) :
In
: tr
— One time pad invented by Vernam called as Vernam cipher
i : «
that improves the security re
.
over substitution and transposition techniques, u
- :
The one time pad technique uses a random key of the same Sd
length of the message (as long
as the message), so that the key is: not repeated. The case happens here is: one isi 2
generating new key for every new. message while : sending
; the message
to the recel ver
called as one-time pad. The key is used to encrypt and decrypt a single message.
— Each new message requires a new key of the same length as the new ae . This } i
method is unbreakable. It produces random output with no relationship to the plaintext

Scanned by CamScanner
 er Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-47 introduction to Cryptography
aes SSS

— The algorithm used are as follows :

1. Each alphabet will be treated as number following a = 0, b = 1...,.and so on.

2, Do the same for the key used for encrypting.

3. Add both the key numbers andplaintext numbers,

4. If the sum is greater than 26 (0 to 25), then subtract it from 26.

5. Then the result number is to be translated into alphabets again.

— For Example plain text message is How Are You.

Plaintext OlWlAlRigilylolul ~
14} 22/0 |17|4 | 24] 14] 20
Key 3 c |b

13 |2. 4-1

Total - 20 | 16 | 23 | 19 | 42 | 20] 24 | 31 | 43]

Subtra if >26 (0 to 25) |-20 | 16 | 23 | 19| 16 | 20} 24) 5 | 17
26 ct
Ciphertest uja}x|tlajuly |r {rR
. = §o the ciphertext obtained for the plain text how are you is uqxtquyfr

For example — .

— The best example of one time pad is recharge voucher of:any mobile company.
- Allrecharge voucher having different key or code imprinted on it. Once that code entered
into mobile, customer will get talk time according to the voucher cost. If another customer
trying to use same code of voucher he/she get recharge failure message. The company is
regenerating all keys or code in such a way that every recharge voucher having new and ©
unique code on it called one-time pad.

- Another example of one time pad is license software or license copy of operating system
and antivirus having few keys available according to license. Iflicense key is of 50 users ?
Only 50 users can activate their software after 50 users the new user has to buy the new
software along with new key. Once the key has been used nobody can use same key for
activation.

Scanned by CamScanner
 ef Cyt. & Sys. Security (M
U-Sem,6-Comp) 1-48 einai ae !tOduction toc TYDto,
Vernam Cipher
has two di
Sadvantages : Ss
1. Large random key Cannot rypt_ &
: be created, gon
oe
2. Key distribution and 8eneration where,
of keys can be problematic,
Pp i WaIDY oF “ryPlography f c, and P;
.

it is not Péssible to implement

*

ecause &€nerating new

key every time for sending one time pad commercigyy, P

enrae”
tio

complete transmission a new message took more

Process, time a
Ke
‘ F
Syll
yilabus Topic : : Hill Cipher
1.17.6 Hill Cipher “a5 _ ing th
Using
|
pallies

When we use encryption

algorithm -we take
substitutes them in the m_ succéssive plaintext
m cipher text latter, letters and
~ Hill cipher is 3 Polygraphic ;
substitution cipher
based on linear algebra.
— Each letter is Tepresented by a number
i modulo 26. Often
(A= 0,B=1,C= 2, ....Z=25) the simple scheme
is used, but this is not-an essential
— feature of the cipher.
To encrypta plaintext message, each — For the;
block of m letters (considered
vector) is multiplied
by an invertible m x
as an m-component
m matrix, against modulus - When v
plaintext message, each 26, To decrypt the
block is multiplied by the matrix ]
encryption. inverse of the matrix used for
; Using t
- - sin
~ . The technique can be described .
as following way : °
iphert
Ciphert
| Ci = (Ky, Py +Ky P. + K,; Pi;)
mod 26
C2 = (Ka, Py + Ky P + Ky; Ps) mod 26 Pisiotte
C3 = (K3), P., + K,,
= Advant
P., + KaPi3) mod 26

if
(1) In this
- This techniques uses column vectors
‘
and matrices : i
C, Ky Ky Ky ][ Pa ] ?
nform
=
C. = | K, es oo sy mod 26 se sing
C, i3 Ky, Ky K,; oe:
3 Disady
- This technique can be different way like, When
d i | :
C, = KP; mod 26

Scanned by CamScanner
 (MU-Sem. 6-Comp “Ag Introduction to Cryptography
T crypt. 8 Sys. Security

Where,

C, and P, are the column vector which is hold length 3. K is used to representing the
encryption key. Which is used 3 x 3 matrix for Example :
254
Key (k) = | 9 12
3 717

- Using the vector we can represent the Key and first three letters of the plaintext HEL as
follow.
C, = KP; m od 26
"

[2 54 |: ‘|
= |9 12 mod 26
3 717JL11
18
= | 89 |no 26
| 236-
rg .

= 11 =ALC
2

.
- For the given plaintext HEL, we get ciphertext is ALC.
inverse of the
_ When we get the entire ciphertext it requires to do decryption using the
matrix K.

- Using the general terms in Hill cipher techniques is

Ciphertext C=E, (K, Pi)= KP; mod 26

Plaintext P,=D,(K, Pj) = kK 'C,mod 26 ==K ‘KP; = P,

r Advantages of Hill Cipher Techniques

large matrix, in hill cipher more frequency
. (1) In this techniques, when we used the
information hiding is possible when we uses a large matrix.
te single letter frequency.
(2) Using the hill cipher techniques completely secre

@ Disadvantage of Hill Cipher Techniques

When we know the plaintext attack, it is easily broken.

Scanned by CamScanner
 [eP Crypt. & Sys. Security (MU-Sem,
6-Comp) 1-50 een oc
goescr
i Si,
Ex. 1.11.7
‘
|
Encrypt the message “Exam" using the Hill 9 4
cipher with the key ¢ aI . ee
at

using |
Soln. :

9 4 som
key (k) = | °
57
Plaintext (Pi) = “Exam”
°
94 4 23
g
Ci = KPimod26| . |x “a
5 7
mod 26
0 12
151 167
= mod 26
60 84
[ 21 | }
8 6
= VLIG
For the given plaintext, we
get ciphertext is VLIG.
Ex. 1.11.8
.
Use Hill cipher to encrypt 2465
the text DEF, The key tobe
usedis} 9 2 14
387
Soln.:

Plain text (Pi)= DEF

Ci = KPimod 26
24 5 3
Key (K) = 921 {xf 4 mod 26
7 3.87
a
i
5
4

,
=

47 21
‘
a
40 |mod26=| 14 = voy
76 24
For the given plaintext, we get cip
hertext is yoy,

Scanned by CamScanner
 = i . togra phy
[FP aonypt. a Sys. Security (MU-Sem. 6-Comp) _1-51 to CVE
Introdu ction
Fi> ——__

ex, 1.11.9
BZ”.
Using hill cipher encrypt plain text “COE” use key “ANOTHER

Soln. =
Plain text (Pi) = COE

By using Hill Cipher

Key = ANOTHERBZ

It is represented as
Ci KPi'mod 26
AN O c

T H E |x] O | mod 26
Il

RBZ E
0. 13 14 2

Cipher Text (Ci) 19 7 4 |x} 14 | mod 26

17 1. 25 4
: 238
a = 152 mod 26
148
4

22 tod26
“48° °

ef = EWS
For the given plaintext, we get ciphertext is EWS.
i rr
é __ Syllabus Topic : Transposition Techniques
i.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Se
m, 6-Comp) 1-52 Introduction to ¢
@. 1.12.3 What is keyless Transposi
tion Cipher? Give any example of
_ (Ref, sec. 1,12) rail fence ch
Q. 1.12, 4 Whatis transp
osition technique? (Re 3) Read the text
f, sec. 1.12)
In transposition ci
plain text letters wi
phe T technique plaintext mess
thout altering the
age is hidden by rearrangi
ng the Order ot
(4 ) Combine all
In transposition ci
original letter, (5) The resullan
Pher,the letters are written in 4 row und ;
_@
column as Per er the key and then arr Example 1
alphabetical ord
— There are two types
er. ange the ie
of transposition cipher Selec
s: single columnar and
transposition cipher double columnar —_
s, _
In transposition technique
, there is no replacement
their positions are of alphabets or numbers
change d or reordering Occurs insteag
’ ciphertext. of Position of plaintext is don
e to Produce
~ Transposition cipher
is a kind of mappin
Pe€rmutation on the pl g achieved by perf
aintext message. Tran orming some sort
performs sp osition cipher also ca of 2:
permutations on pla
intext.
ll ed diffusion which Sele
pene
| || > . Diffusion means permutation of bit or byte |
Step3: Reac
Positions,
Step4: _oiey:
~ There are two types of transposition
techniques
Types of transposition Step5: Fina
techniques Ciphertext : oie

The ciphertext «
1. Columnar transposi
tion techniques
| rounds of su
2. Keyless transposition :
techniques A more comple
| and then rez
’ Fig. 1.12.1 : Types of tra
nsposition techniques
} he
iy : 5 The onder g
Syllabus Topie : Key
ed Transposition
Cipher ,

j ewes
1.12.1 Columnar Transp r
osition Technique Plaintext : |

[.Q.1.12.5 Describe the columnar tra

nsposition technique m Gola (R
Columnar transposition technique
is very simple to understand having
following steps :
(1) Write plaintext message into a
rectangle of some Predefined size (ro
ws and columns).
(2) Select the random key accordin
g to the size of rectan gle also called colum
ns. (In this
technique order of the columns is the key). —

Scanned by CamScanner
 Introduction to Cryptography

f (3) Read the text present in each selected random key columns.
| (4) Combine all text present in each column as per selected random key order.
6) The resultant text called ciphertext
shown in Fi 8. 1.12.2.

@ Example 1
Select any Plaintext: are you missing somebody,
| Step 1:
1 2 3°45 6 +—Column size
ofu
Write plaintext - Ali fs[sfifn
row - by - row

eee

Fig. 1.12.2 : Columnar transposition techniqu

e
‘Step 2: Select random key (according to column size) 542316
‘Step3: Read text present in each column according to key.

Step 4: oieysmrisdesoyamgounb
Step 5: Final ciphertext is
Ciphertext : oieysmrisdesoyamgounb
The ciphertext obtained in step 5 can be made more + comnplicnted by performing multiple
rounds of such permutations. ;
A more complex way to encrypt the message would be to write it ina rectangle,
row by row,
and then read off the message column by column, but to decide the order of the columns
.
The order of the column will be the key of the algorithm.

'> Example 2—

Plaintext : the book is related to history.

1/2/3/4/516]7

tihlelblolo
TR
;a

Scanned by CamScanner
 KEP cpt. & sys. Security (MU-Sem.6-Comp)
_1-54 __ Introductio
pce
Select the order of columns (Key) : 4351267 ee crypt & SY
ge
Ciphertext : beoyertryolhtiethsdooaikts 1. preparing
1.12.2 Keyless Transposition Techniques, in this key
. he
~ ° Keyless transposition technique also called Rail anot
fence technique.
14573 4
~ Algorithm for keyless transposition technique
is given below :
tt That is, th
(1) Write plaintext Message into Zigzag order.
f numbered
(2) Read plaintext Message of step 1 in order of row by
row as shown in Fig. 1.12.3, letter has
® For example . _ write. Fot
— Plaintextintext message
mesag isis -: be care full while chatting. tf
; hand side
row 1—+ *\ a 6 u | h I c a t nN
rivet / ,
\/ \/ \J\/ \/\/ \/ \/ \/ .
heave!
42163 3
Fig. 1.12.3 : Zigzag order of plaintext
2. Preparir
— . plaintext
; a
Write obtained in row 1 and row 2. The resultantBo ciphertext mbere
* i
is ™ vay 3
Ciphertext :eaeulhlcatnberflwiehtig. the ey.
5 . 5
~— This technique doesn’t want any key. heave
Rows are also fixed (2) so that attacker
may get clu
to break the ciphertext obtained
using rail fence technique.
42189
Ex. 1.12.1
WEAT
Use Transposition Cipher to encrypt
the plain text “WE ARE THE BEST”
use key “HEAVEN". . ;
Solin. : HEBE
;
3. Encryp
Single Columnar Transposition
of the k
Single columnar transposition cipher is the
simple cipher. Read the key, and numbered
‘each letter of the key as per their appearance in the Hee hs
alphabet. The total encryption process is 1234.
divided into three parts :
AEE.
| 1, Preparing the Key
BES}
} 2. Preparing
Preparing the
the Plaintext
Plaintex
Then tt
3. Encryption
Le.
| : ABEE

Scanned by CamScanner
F

Security .6-Comp)
FT crypt. & Sys.(MU-Sem __1-55 Introduction to Cryptography
E
| 4, Preparing the Key : Suppose the key is another. We can assign the number to each Jeter
;
in this key as shown below

another

1457326

That is, the first letter a is numbered 1. There are no B's or C's, so the next letter to be
numbered is the e. So ¢ is numbered 2, followed by h, and so on, In the key. if the same
letter has occurred more than one time, it should be numbered 1, 2, 3, etc. from left to

write. For example, the key is heaven. Here e is occurred two times. So first ‘e’ from left
hand side is numbered as 2, whereas second ¢ is numbered as 3.

heaven

421635
2. Preparing the Plaintext : The letters from the message is written in rows under the
numbered letters of the key. One letter from message is to be written under each letter of

the key. Let us say that the message is - we are the best. We can write it as shown below :

heaven

421635 ©

WEARET

HEBEST

3. Encryption : Now, arrange the above message written in rows under the numbered letters
of the key as per ascending order of the numbers at the top of the plaintext letters.

aeehnv

123456
AEEWTR .
BESHTE -
Then the letters are copied down column wise from top to bottom. The result is ciphertext,
ie.
ABEEESWHTTRE

Scanned by CamScanner
 SS Crypt. & SYS.
ep Sys. Secur
Security
ity (MU
(MU-Sem. 6-Comp) 1-56 Introduction tg C EF

Syllabus Topi
pic c :: | Stega r
te yano raphy = }
“FT copt BS
goaoa—
1 -13 Known ©
Steganography Applications
and Limitations original im
Q. 1.13.1 —
What is Steganography
comp
co ared =
? Give its advantages
(Ref. sec, and disad
i
vanta
:
ges,
1.13) :
f

s se
i
Je an oF
ae

Q. 1.13.2 What is Steganography? What are applications - and limitations" ema”col ded mi
steganography?
Ref..sec. 1,13) attacked: mé
Steganography isa attacks helt
technique of hiding
file or image: Steg the message, file and image within other
anography word m original me!
“secret writing”, is of Greek origin that means “covered Writing? , 4. Reformat A
— attacker chi
In other words, it is the art as
well as science of hiding the communication
that know body aware in Such Wa don’t store|
the existence of communication.
~ The goal of hiding messages, 5. Destroy E
files and images is to fool attacker
attacker to detect that there and not even all, mnlaled ite
is another
message hidden in original
| — message.
The main aim of Steganography eel eS
is to achie‘ ve high
; ;
security and encode ’ me
the sensitive day é. Known
» audio, video
Internet Even if there is small change in ste and send it over insecure channel such a
nographic image or data will change complet and, when
meaning of the messages,
help agains "
7. Multiple E
~ Im Steganography the term cal
Cryptography. Like cryptanal led as Steganalysis which is similar to cryptanalysis jg
ysis, the goal of steganalysis is to identi _—
messages, files and images, to determ fy suspected pbs
ine whether any hidden
available into those messages, and also or encoded information is
to try and gain access to that messages, files eee
images and 8. Compressi
attack tries
- Attacks on steganographic techniques
are very similar to ‘attacks
techniques/ algorithms and on cryptographic ae
Similar techniques apply: The
strength of a-steganographic
algorithm depends on its abil
I ity to successfully withstand atta
cks, .
i Following are the possible att
acks on steganography. .
1. Stego-only attack : In this type of atta
ck, onl y the medium (files and images) containing
hidden data is available for analysis,
This attac k also called as Visual attack.
2. File only attack : The attacker has access the file
he must determine if there is a messagt
hidden information inside that file.

Scanned by CamScanner
.-<g

' [@ crypt. & Sys. Security (MU:Sem. 6-Comp) _ 1-57 introduction to Cryptography

3, Known carrier attack : In this type of attack, the steganalyst has access to both the
original image and the image containing the hidden information are available and
compared to assume the message. The stego object (that contains the hidden information)
is compared with the cover object and the differences are detected, This attack also called
as file an original copy : It might happen that attacker have a copy of both the file i.e. the
encoded message and a.copy of the original file. If the two files are different, then
attacked may guess that there must be some hidden information inside a file. Such type
attacks helps attacker to destroy the hidden information by simply replacing it with
original message.
4, Reformat Attack : Most popular attack on steganography
is reformat attack, in this attack

attacker change the format of the file (BMP, GIF, JPEG) because different file formats
don’t store data in exactly same way.

s. Destroy Everything Attack: An attacker could simply destroy the message and all
related information. This can works correctly because there are different file formats are
used to store data in different ways. .
6. Known message attack : In this type of attack, the original message prior to embedding
and when transmitting over Internet is known to sender. This type of attack analysis can
help against attacks in the future.
7. Multiple Encoding of a Files : The attacker gets n different copies of. the files with n
- different messages. It might happen if some companies are inserting different tracking
information into each file. If the attacker tracks all the data during transmission then he |
may try to replace the tracking information with its own available information.
8. Compression Attack : One of the simplest attacks is to compress the file. This type of
attack tries to remove the unrelated information from a file during compression then what
is the use of hiding the data if extraneous information is removed.

Chapter Ends...

OOO

Scanned by CamScanner
 2.1.1(A)
2.1 Modular Arith
metic — A pri
by la
2.1.1 Mathematica
l Backgroun Exam
d. | .
. In cryptography, — Thep
—

- Relat
have
ry and algebra tec
hniques are used for designins
cryptosystems. One of the — Exar
examples of cryptosystem in
DES ‘and AES algorithms. the 1
®@ Basics of Number Theory and Mo gcd |
dular Arithmetic
2.1.1(B)
Basics of Number Theory
GC]
1. Integer Arithmetic | Positive
integers
2. Binary Operations. |
integers
Fig. 2.1.1 : Basics of Number Theory Fo:

= 1. Integer Arithmetic BCC

— ‘ —
aritl
I nteger arithmetic
'
is used to create background for modular arithmetic. The set of integ 8c

i.e. Z.
number represented by single alphabet

Scanned by CamScanner
 et Crypt. & Sys. Security (MU-Sem.6-Comp) 2.2 Modular Arithmetic & Number Theory
— Forexample:
Z={...—3,-2,-1,0, 1, 2, 3,...} setof integers,

=~ 2. Binary Operations

- In cryptography different binary

! operations are a pplied to set of integers. Among those
three basic operations are addition, subtraction
and multi plication |
- The concept here is to provide
ee two inputs and generate onl y one output. Set of integers
is
not closed under operation division, i.e, quotie
nt of two in tegers may not be integer.
|
Syllabus Topic: Prime Number
s 7

2.1.1(A) Prime Numbers

A prime number is a positive integer which is greater than one and which is divisible
by 1 and itself i.e. the only factors of prime number are 1 and itself.
Example : 2, 3, 5, 7, 11 etc.
The prime number concept is use by cryptographic algorithms heavily.

Relatively prime number : Two numbers are relatively prime to one another when they
have no common factors except 1.
Example : 21 and 44 are relatively prime numbers, since common factors between both
the number is one i.e. Greatest Common Divisor GCD of a and n is:1 it is written as
gcd (a, n) = 1 hence they both are relatively prime.

2.1.1(B) What is GCD?

GCD stands for Great Common Divisor, also called as greatest common divisor of two
positive integer a and b: The GCD of two integers is the largest integer that can divide both
integers. Most needed concept of cryptography is GCD and prime number. Two positive
integers may have common divisors but we are interested in largest divisor. |

For example : ' 7 -

gcd(3,5) = 1 hence 3 and S are relatively prime numbers to each other.

gcd(12,60) = 12
Pa

Scanned by CamScanner
 Modular Arit
hmetic & Numb
er 7,
”
ei Crypt. & Sys
——___

Modular Arithr

le it is Observed tha — Modular ari

t 12 is the greatest
the numbers so, and also common he
division sin
&cd(12,60) = 19. a
— Leta be;
For exam ple
: Find GCD (4 of naturaml
0, 20) :-
Method 1 For examp
arithmetic, |
Find Prime factor
s of given number both leaves |
s,
40 = 2425 245 Ifabez
20 = 24245 quotient and

Select common diviso Most of the

r from above
arithmetic,
“. ged (40,20) = 2*2%*5=20
Modular Ari
gcd (40,20) = 20 1. [(amod
Method2 2. [(amoc

40 = 2*20 3. ((amoc
—_——

20 = 1*20
.

——
“ged (40, 20) = 20
2.2 Eucli
1. Rewweds °
2. If(R=0) then goto step 4 else Q.2.24 st
3. a=
b=Rb
goto
, step2 Tt is a ba
Suppose we hz
4. GCD=b :
Now divic
Example

GCD = (15, 12) Where gq |

15% 12 = 3 Suppose
obtain :
12%3 = 0
Hence
if r,=Q0
GCD (15, 12) = 3 the remainde

bi
i
{

Scanned by CamScanner
 (er Crypt. & Sys.
y: Securitity (MU 5 Sem. 6-Comp)
| _ 2-4 . Modutar Arithmatic & Number Theary

Modular Arithmetic

- Modular ari ic is a si le concept of using Remainder which is left after an integer

, . lar Sen ine it is a simp
ivision since MODULO is the remainder in mathematical terminology.
set
if (a-b/n) where Z is set of integers and N is
Leta, b, € Zand n € N then a=b (mod n)
of natural numbers,

Hor example ; 23 = 1 (mod 11). Congruence calculus is often called as Modular

arithmetic. Modular arithmetic considers that 23 and 11 mod (12) is equivalent. Because
both leaves same remainder when divided by 12.
andr
b = aq +1 where 0 <r <a wheqre
If a, b, € Z be any integers, then J q, r such that
by a.
quotient and remainder respectively, when b is divided
c conc epts and algo rith ms us e the concept of GCD, modular
Most of the cryptographi
arithmetic.
properties: -
Modular Arithmetic exhibits the following
b) mod n
1. [(amod n) + (b mod n)] mod n= (a+
—b) modn
2. [(amod n) - (b mod n)] mod n =(a
* b) modn
3. [(amodn) *(b mod n)] mod n = (a
m
_ Syllabus Topic : Euclid’s Theore

2.2 Euclid’s or Euclidean Algorithm

(Ref. sec. 2.2)
@.2.2.1. State Euclid's Algorithm with example.
eger.
or a met hod for cal cul ati on of GCD of two positively int
It is a basic techni que
>0.
b such that d= gcd (a, b) assumin ga>b
Suppose we have two integers a,
Now dividing a by b we can state that
’ c, eolese-k}
a = gb+r O<r,<b
remainder.
Where g implies quotient and r implies
algorithm to
ose that r, # 0 beca use b >rl, we can divide b by r, and apply division
Supp
obtain:
b= Qtth O< n<
The division process continues till
if r,=0 thend =r, and ifr, #0 then d = ged (r,, r,).
the remainder is 0. The following equation describes the process.

Scanned by CamScanner
 ~QTa1
+4,
t O< T<T,_,
1-1 = Gait
, 40
d= ged (a, b)=r
SiaAt
mes
,
eae
ch Sta Ze we
have d =
a. gcd(r, Ji) fi
vig of two nally ¢ = &c
Vision algor In te ge rs by Tepetitive d(r,, O) =
ithm ca n be Tn - Thus, the
is is known ca lc ul ated by repeti STeatesy
as the E Uclide tive applicatio
Euclid’s al an algorithm, n of th
gorithm : E
UCLID (x,y
)
1, XX yy
iz, FY = 0, retum
x = ged (x, y)
3. “R=xmody
4, xey
5. yeR
6. Goto2.

Ex. 2.2.4

Find GCD (40,

20) usin 9 Euclid’s algorithm.
Soin. :
Pi

We know that,

ged (x,y) = ged (y, x, mod y)

ged (40, 20) = gcd (20, 40 mod 20) = ged (20, 0)
i

om step 2 of algorithm,
If y =O, return x= gcd (x, y)

. ged = 20

Scanned by CamScanner
 Solve / find ged (36, 10).
Soin. :
|
We know that,
|
ged (x, y) =

| gcd (36, 10) =

“. ged (10, 6)
Bed (6, 10 moa 6)
Il
I

Bed (6, 4)
STeates, |
Q of the gcd (6, 4) ged (4, 2)
ll

gcd (4, 2) ged (2, 0)

“. ged (36, 10) 2
i

If ged (x, y) = 1 then x and y are relatively prime to each other

e.g. ged (8, 15) =1

«. 8 and 15 are relatively prime.

‘ Ex. 2.2.3
Using Euclidean algorithm calculate gcd(48,30) and ged(105,80).
Soln. :
(i) ged(48,30)

= gced(30,48 mod 30)

= ged(30,18)
gcd(18,30 mod 18)
"ow

gcd(12,18 mod 12)

gcd(12,6)
"

gcd(6,12 mod 6)
"

= gcd(6 0)

1. ged(48,30) 6
Nt

—__S—s—s—

Scanned by CamScanner
i EP crypt. & Sys. Security (MU-Sem, 6-Comp) 2-7

= gced(105,80)
= gced(80,105 mod 80)
= gcd(80,25)
= gcd(25,80 mod 25)
= ged(25,5)
= ged(5,25 mod 5)

. &cd(5,0).
» ged(105,80) 5
Ex, 2.2.4
Using Euclidean algorithm calculate gcd(20,16) and gcd(50,60).
°
Soln. : '

(i) ged(20,16)
= ged(16,20 mod 16)
= gcd(16,4)
= gcd(4,16 mod 4)
= gcd(4,0)
. ged(20,16) 4

(il) gced(50,60)

gced(50,60 mod 50)

= gced(50,10)

= gcd(10,50 mod 10)

gced(10,0)

..ged(50,60) = 10

Scanned by CamScanner
 ‘N\

—* ©YS. Securi
a =n. =Comp) Modular Arithmetic & Number Theory
2. 2. 1 Extended Eucl
idean Algorith
m
Q. 2.2.2
Write Extend
ed Euclidia n al
gorithm. (Ref, sec, 2.2.1)
— As we learn 4m in
; sch a
get an intege f ; Col days, when we divide integer values by other nonzero integer we
—
‘ Ber quotient (the “answer ”) plus a remainder (generally a rational number).
For instance,

<i Ww
13/5 = 2(“the quotient”) + 3/5 (“the remainder”).
© can rephrase this division, totally in terms of integers, without reference to the
aie division operation:

- 13 = 2(5)4+3
~ Note that this expression is obtained from the one above it by multiplying through by the
divisor 5.
— The greatest common divisor of integers a and b, denoted by gcd(a, b), is the largest
integer that divides (without remainder) both a and b. So, for example:
gcd(15, 5) =5, ged(7, 9) = 1,

ged(12,9)=3, ged(81, 57) =3.

The ged of two integers can be found by repeated application of the division algorithm
this is known as the Euclidean Algorithm. You repeatedly divide the divisor by the
remainder until the remainder is 0. The gcd is the last non-zero remainder in this
algorithm. The following example shows the algorithm.
Finding the ged of 81 and 57 by the Euclidean Algorithm :
81 = 1(57)+24
57 = 2(24)+9
24 = 2(9)+6
h is 9 = 1(6)+3
| 6 = 2(3)+0

It is well known that if the ged(a, b) =r then there exist integers p and s so that :
a

p(a) + s(b) =
By reversing the steps in the Euclidean Algorithm, it ispossible. to find these integer p
rrr

and s. We shall do this with the above example:

Starting with the next to last line, we have : 3 = 9 — 1(6)

Scanned by CamScanner
 Modular Arit
hmatic & Nu
mber Th

(24)

=ee 3( 57 = 37 ~ 2(24), so :
2(24)) — 1(24)

at 24 = 8] _ 1(57
), giving us:
= 367) .— 7(81~
1(57))
= 10(57) ~7(8 1)
—
So we have found
p =_ 7 ands = 10
The procedure we have follo:
we have to make, Itis nado isa bit messy because of all the back Substitutions
and s by doing some acer e seat the amount of computation involved infinding
uxiliary computations as we go forward in the Euclidean algorithy
(and no back substitutions will be necessary). This is known
as the extended Euclide a
Algorithm.
Given two integers a and b, we after need to find
other two integers S and t such that
Sxa+txb = ged (a,b)
The extended Euclidean algorithm can calculate the gcd (a, b) and at the same tim
calculate the value of S and t. As show the Fig. 2.2.1.
=

. Fig. 2.2.1

Scanned by CamScanner
FT cop S16, Security (MU-Sam.6-Comp) 2-10 0
Modular Arithmetic a. Number They
- . ‘tian
The extended Euclidean algorithm uses the same number of steps as the Buclidia
algorithms.
- The algorithm of extended Euclidean is as shown below :

nea *
:
1, b;

s,- 1 .
’
8-0; Initialization

he0 ; el;
while (1,> 0)
{
gett ;

rer1-qXh;. updating
1's

Ss S,-qX%; updating s’s

5; %; Soe 8;

tet,-qXxh; updating t’s

tehitet

}
ged (a, b) 1,38 83th

Ex. 2.2.5
‘Given a = 161 and b = 28 find gcd (a, b) and value of s and t.

Soln. :

Scanned by CamScanner
 28 21 7 () \ ~J i a’ 6
2! 7 () | sal 4 -5 6 ~ 23

7 0 ~t, 4 6 ~23) 1
We get, ged (161, 28)=7 s=~1 and t= 6. The answer can be tested ,
(-1)X 16] 4+6x28 = 7

Syllabus Topic The Chinese Remainder Theorem

2.3 Chinese Remalnder Theorem <n,

a, 2.3.1 Stato the Chinese remainder theorem with example. (Ref. sec, 2.3) a]
According to D. Wells, the following problem was posed by Sun: TsuSuanChing. There
are certain number repeatedly divided by 3 and remainder is 2, repeatedly divided by§
and remainder is 3, repeatedly divided by 7 and remainder is 2. .

What will be that number? The problem can be solved by well known theorem called
Chinese remainder theorem. If that it is possible to reconstruct integers in a certain range
from their residue modulo a set of pair wise relatively prime modulo.
xX = a, (mod m,)

X = a, (mod m,)

xX, = a, (mod m,)

Consider n positive integers which are relatively prime in pairs i.e, m,, M2... m,. Then the
congruence of above equation have common solutions.
Two integers a and b are said to be congruent modulo n, if (a mod n) = (b mod n)
i.e. a &b(modn)
where X = a,(mod m,) X = a2(mod m3) X = ay(mod m,)....... X = a, (mod m,)
where M = m, xm; Xx m;

which is given by X= ajMiyy + a]Moya+ asMpyy+.....0+-0.+++«/2¢M,y; (modM),

where Mj = M/m; and y= (M))"' mod(m,) for | <i<r. |

+h lees
ova
. Bh
.

Scanned by CamScanner
 rc t_& Sys. Security (MU-Sem. 6-Comp) 2-12 Modular Arithmetic & Number Theory
_ = — = ——

Ex, 2.3.1
State CRT. Find x for the following equations,
x =1mod2

x =1mod3

xX =3mod5

X =1mod7
Soln.:

The general equation of Chinese remainder theorem is,

xX = a, (mod m,)
x = a, (mod m,)

X, = a, (mod m;)
Let, a,=1, a,= = 3, m3 =5 and m,=7
1,a;=3,a,= 1 and m,= 2, mz
vided by 5
M. = m,+ Mx M,* my,

em called = 24#3%5%7

fain Tange f M = 210

For all set of elements

*210
| MI = M/ml = “9 = 105,

| M2 = M/m2
10 san
= ~3-=70;

i 210 ©

[
M3 = Mi= m3
"5"=42,
f 10
hen the | M4 = M/m4= a =30
I

Find out inverse modulo.

Let y;» Ya ¥3 -+» Ya Fepresented as inverse.
¥ Inverse of (M/m1) mod m, = Inverse of 105 mod 2
= 105°" mod2=105mod2=1
Yo Inverse of (M/m2) mod m,= Inverse of 70 mod 3 = 70°” mod 3
70 mod
3 =1

Scanned by CamScanner
 SS
ef Crypt. & Sys. Security (MU-Sem, 6-Comp) 2-13 Modular Arithmetic &Number, |

¥3 = Inverse of (M/m3) mod m, = Inverse of (42) mod 5 = 42° mod

= 42° mod5=3
y, = Inverse of (M/m4) mode m,= Inverse of 30 mod 7 = 30
-2
Mod7
= 4
According CRT
(modM),
X = aMyyi + aMoyot asMsyst--eeeeeeseeeees a,M,y;
249
X = [(105)*1+*1+(70)« 1+ 1 + (42) «3 «3 + (30) * 1 * 4] mod

= [105 +70 + 378 + 120] mod 210 = 673 mod 210

. X = 43
—_
Ex. 2.3.2
A bag has certain number of pens. If you take. out 3 pen at a time, 2 pens are left, If YOU tal,
pens at a time, 1 pen is left and if you take out 5 pen at a time, 3 pens are left in the bag, yp,
is the smallest number of pens in the bag ?
Soin. :
x = 2mod3, x=1mod4, x=3mod5 rm

The general equation of Chinese remainder theorem is,

xX = a, (mod m),)
x = a,(modm,)

X, = a, (mod m;) |
According
to given equation al= 2, a2 = 1 & a3 =3 and my= 3, m, = 4 and m; =5 |
M = m,* m,* m,* m, |
= 34445

M = 60
For all set of elements

M1 = M/ml =60/3= 20,

M2 = M/m2 =60/4= 15,
M3 = M/m3 = 60/5= 12,
Find out inverse modulo.
Let Y;, Yo, ¥3 .-. Y, Tepresented as inv
erse,

Scanned by CamScanner
 ea Cryp Sys.
t. &Sys Sacuri
ES . Security (MU-Som. 6-Comp) 2-14 _ Modular Arithmatic & Number Theory
=
¥1 = Inverse of (M/m1) mod m, = Inverse of 20 mod 3
= i-
a 20 * mod 3 = 20 mod 3 =2
D:dM), Y2 = Inverse of (M/m2) mod m,= Inverse of 15 mod 3 = 15° mod 4

Jay, = 225mod4=1
a2) Ys = Inverse of (M/m3) mod m,= Inverse of 12 mod 5 = 125"? mod 5
= 12’ mod5=3
According CRT
Oe X = apMyyi + aoMoyot asMoys4.... a,My;(modM),

= [(2e20%2+1 "15414312 «3 | mod 60

X
= [80+ 15 + 108] mod 60 = 203 mod 60
re le
ft yoy
b ta,
in the
._X = 23
99,
Ex. 2.3.3

Define the Chinese remainder theorem find the solution to the simultaneous equations.
mod 7.
wl x =2 mod 3, x=3 mod 5, x = 2
Soln. :
theorem is,
The general equation of Chinese remainder
x = a,(modm,)
x = a,(mod m))

| =
: 4 (mod m3)
xX,
1 m3 = 5
aneous equations
According to given simult
x=2mod7
x =2mod 3, x =3mod5,
a = 2, and m, « 3,m,=5,M;=7
Let, a, = 2, a, = 3,

M = m,+ m,* m* My
i
= 357

M = 210

For all set of elements

M, = M/m, = 105/3 = 35,

M, = M/m, = 105/5 = 21,

= 105/7 = 15,
M, = M/m,

Scanned by CamScanner
 | 4
ep Crypt. & Sys. Security (MU-Sem. 6-Comp) 2-15 Modular Arithmetic & umber
ns
———

Find out inverse modulo.

Let y1, Yo Y3 +++ Yn represented as inverse.

y, = Inverse of (M/m,) mod m, = Inverse of 35 mod 3

| = 105°” mod3 =35 mod3 =2
mods
rs e of (M /m ,) mo d m,= In verse of 21 mod 5 = 21°”
| | y2 = Inve
= 21°mod5=1

In ve rs e of (M /m ,) mo d m, = In ve rse of (15) mod 7 = 15" mod

| . ys =
= 15°mod7=1

According Chinese Remainder Theorem.

ys+t-.ceenececeoseeet® a Myr (modM) ,
ayMuy; + aMoy2+ a;Ma
‘
X =
1+2+ 15* 1d 105
] mo
X = [2%35*24+3%21"
233 mod 105
10= 5
X = [140+ 63 +30] mod
x = 23
-
Syllabus Topic : Euler’s Theorem

)
2.4 Euler Totient Function o(n
eo
ed Eule r Toti ent func tion whic h states that, how many numbers are betwe
o(n) is call
y prime to n.
1 and n- 1 that are relativel
e to it.
All positive integers less than n are relatively prim
For example: ifn=4 find o(n) =?
er is i
o(n)= (4) = 1 and 3 are relatively prime to 4 because.their gcd is. 1. (The numb
to relatively prime if their gcd is always 1)
In this case 4 and 2 are not relatively prime, because gcd (4, 2) =2
| ’ “ 0(4) = 2 (ie. 1 and 3)
-9@ =? | | |
= 1, 2,3, 4 are relatively prime to 5 '
4

4 : i
3383
nm

9
to

(7) = 1,2,3;4,5;6 are relatively prime 7

Scanned by CamScanner
 2-16 Modular Arithmatic & Number Theory
t.a
Crypt
(El cyp Sys,.sSecurity (MU-Sam. 6-Comp)
. & sys

~O7) = 6
This implies that $(n) will be casy to calculate if n has exactly two different
prime factors say p and q

“. O(a) = pxq
ie = (n) = Op) «b (q)
According to definition of Euler Totient function,
$(peq) = (p- 1) * (q- 1) if p and q are prime

Hence proved.

2.4.1 Euler’s Theorem

prime :
It states that for every a and n that are relatively
a“ = 1(modn)
r’s theorem.
For example : Prove using Eule
a=3, n=10; ¢)=?
Let, $(n)=9 (10) ={1, 3,7, 9) =4
According to Euler’s theorem,
3° = 1 (mod 10)
3¢ = 1mod 10
1 mod 10 (81 mod 10=1 & 1 mod 10=1)
81 =
ll

Hence proved.
.
Ex, 2.4.1
1.
Solve using Euler's theorem : a = 2 andn=1
Soln.:
Calculate o(n) = First
={1 to 10) =10
g(n) = (11)
According Euler’s theorem
aX” = 1 (modn)
2° = 1 (modn)
11 =1)
1024 = 1 mod 11 (1024 mod 11 = 1 and 1024 mod
Hence proved.

Scanned by CamScanner
 (ar Crypt. & Sys. Sec
There is no poin
noting that 7? = 1
positive a< 19,

A a? o a’

i 1 1 1

2 4 8 16

3 9 8 >

4 16) 7 9
7 | b=a! mod > 3] 6) | a
© €xponent j j 6/17} 7 |4
11s referred as the i
discrete logarithm
of b for base q mod
This can be written as, p.
ee

on jet
d log ,, p(b)
© equation d log,,
p(b) called as discre
te logarithm Which 10S
| I
5 E
cryptographic algorithm is used in different
s like diff;1¢ Hellman
algorithm and digita
ital l sig =
For a = Prime numb sj nature algorithms
er P. Let a, b be non zer one
wes o integers (mod p). The “12
thata* = b(mod p) is called problem of finding X
Discrete Logarithm Pr —|*
Integer such oblem, Suppose that
that a° = 1 (mod p), n is the smallest
i.e. n = or d,(a). By = |=
x =L,(b), and call it the discre assuming 0 < x <n, we
te log of b w.r.t. a (mod p). denote _ wie |
Example: P= 11, a=2, 15 | 16 | 12
b =9, thenx =L,(b) =L,(9)
=6
To explain discrete Logarith 16 Polul
m considers the following exa
mple.
7 i= 7(mod 19)
: V7 fatal
| lieest
| a 1 (a| 18
e |
7 DP =ks 49es =2x19+=11(m=od
1119)
7 = 343= 18x 19+1=1 (m In general t
od 19)
(mod n) is gn),
7 = 2401 = 126 x 19+7=7
(mod 19) ; Ifa number j
7° = 16807 = 884 x 19 + 11=11 (mod 19)

Paros

Scanned by CamScanner
 There is no point in continuing because the sequence is repeating. This can be proven by
:.
for all
a that 7° = 1 (mod 19). Table 2.5.1 shows all the powers ofa, modulo 19
positive a < 19,
Table 2.5.1

A a ela a lathe tate wt | a | alt | al | a | al | al! al’

Dhadadaftafadadadeyryadadadyadadada
214]s8]ieli3| 7/14] 9 | 18] 17] 15} 1} 3 | 6 | 12] 5 | 10
lis} 7] 2] 6 | 18] 16] 10] 1] 14] 4 | 12 | 17] 13
3/9185
4lil7ioli7z/u}6{ 5} 8] 4] i] 7] 9] 7] mn] 6] 5

76] 4} 2) 5] 6] uy i7) 9) 7 7 16] 4

sleoluliato}]

6/17,7]4]5] 11] 9 wlilela}7l}a}s {ul 9 | 16

plnlalatalalafafefr7papad papaya pa
8} 7] yy i] i] 8 | 7 | ie] | 2
gf} 7fis}a{i2]1]
5 | 7) 6 |] 16] 11.) 4 ] 17
| 6] 16} 11) 4 17} 1/9]
9/517

18 9 | 14/7 ]13]16] 8 | 4] 2
1/5 |12] 6 | 3 | 1] 15) 17

7p app 7p ey 7p a pay 7
ulaftafada}afap
1fi2{ a1] 18] 7] 8 7 tf 2] | 8] 7 8
solutis| 7 {sf
it} tof ie} 18] 6 | 2) 7) 5] 5| 8 9 |3
wlit}i2| 4 | 14]
4] 18) 5 | 13] 219 {12} 16| 15
4u|/o6{sfi7}/i0} 7/3]
5] is] 4] 3474] 7] 8] § 14
slieliz}9]2{u}i3|
9] mys] 4] 7 17 | 6
wloluls|4]7}i7}o]1]i}
17] 4] mt] 6] 6] 7 5 | 9
wilaluliwle}7/5])9]1]
1 {18} 1] 18] 1 | 18] 1 | 18] 2D 18
i} 1dig\ 1 {18} 1]18]
nent to whom a number can belong
In general terms, that the highest possible expo
(mod n) is (n).
If a number is of this order, then it is called as primitive root of n.

Scanned by CamScanner
 [ar Crypt. & Sys. Security (MU-Se
m, 6-Comp) 2-19 Modular Arithmetic & Number Theo,

The i mportance of thisis notion noti isi that ifif isj a Primit
: ive root of n then its powers iis,
By WY ccwea stiraesdtecnomene : a %) ore € disti
distinct(mod n) and are all relative i ly prim
i e to n, j,
particular, for'a prime number p, if is a primitive root of p,
then,
2
a, a” ...., viaeewernaNiN a ore distinct (mod n). For the prime
number 19, its primitj,,
roots are 2, 3, 10, 13, 14, and 15,
,
2.6 Fermat Theorem
—$_

Q.2,6.1- State and Prove Fermat's theorem, (Ref. sec. 2.6) _ —$$_|

Fermat theorem plays an important role in public key cryptography.

For this theorem t,
understand one has to have knowledge of Prime number, Co-prime number, prin
factorization and GCD i.e. greatest common divisor that has already been explained in th;
chapter. .
Theorem

- Forany prime number p , a is the integer which is not divisible by p then

a’! = 1(mod p) -+(2.6,1)
A variant of this theorem is . ,
— Ifpisaprime and a is aco prime to p (i.e ged(a, p) = 1) then,
a? = a(mod p) ; (2.6.2)
— Basically this theorem is useful in public key RSA and primarily testing.
Let us have a = 3 and p=5 then as per the above theorem in Equation (2.6.1) we have
3°! =34=81=1(mod 5).
Since on dividing 81 with 5 will have remainder 1.
Hence proof above theorem.
Considering another form of theorem in Equation (2.6.2).
Let us have
a = 3 and p = 5 then we have
aP = 3°= 243. |
Now we calculate 243 mod 5, we will have result 3,
a mod p =3 mod 5 =3
Hence, 3°=3 mod 5.

Scanned by CamScanner
 ec Pl. & Sys. Securityrity (MU-(MSem,
y. 6-Comp) _ 2.20
Modular Arithmetic & Number
Theory

Solve 6'° mod 14,

‘ Soln.:

We know that Fermat theorem.

ae! = 1 mod p
¥
‘i
Hence 6 = 1modll AL)
Coren to
| ac 6, p= 11...puta.and p in equation (1)
r, Prime | ie. 6") = 1 mod1
din this |
6° = - (6° mod 11) x (© mod 11)] mod 11
= [4*3]mod11 =12mod11=1
ie. 6° mod1l = 1
Ex. 2.6.2

(2.6.1) We can solve any large mod operation using this method, Solve
6” mod 11,
Soin. :.
According to Fermat’s little theorem a” = 1 mod p, 6” mod 11

+(2.6.2) Hence a = 6, p = 11 if we put these values in above equati

on then will get,
121
6 mod it = 6"! mod 11

» have
. = [(@ mod 11) x (6 mod 11)] mod 11 = [4x 7} mod 11
= 28mod11=6
6" mod 11 = 6.
Ex, 2.6.3

Define Fermat's little theorem find the result of :

() 3" mod 11 (ii) * 3'° mod 11
Soln.:
Refer section 2.6 for definition

() 3" mod 41
According to Fermat's little theorem a?" = 1 mod p, 3 mod 11
__ Hence a =3 and p = 11, Put these values into above equation,

Scanned by CamScanner
 [(3° mod 11) x (34 mod |
9 mod 11)] mod : 11 = [1x 4] mod 11 |
3° mod 11 (4 mod 11) =4 Eyfabus
“3 r mod 11 = 4 Blockc
ce

a Advanc

|
Chapter Endy.
—_—
Qo0
——

3.1 BI

— Basic;

—- Strea
algori
— Forn

Scanned by CamScanner
 Module 2

Symmetric Key
Cryptography

Syllabus

Block cipher principles, block cipher modes of operation, DES, Double DES, Triple DES,
Advanced Encryption Standard (AES), Stream Ciphers : RC5 algorithm.

aes
iDtep Eng,

ae —= = ——— ——==— Deen

Syllabus Topic : Block Cipher Principles

— ==

3.1 Block Cipher Principles

— Basically cryptographic algorithm is used for transformation of plaintext into cipher text
—. Stream cipher and Block cipher are main method of encrypting text using key and
algorithm. we
-— Formore details refer Section 1.10 of Chapter 1.

Syllabus Topic : Block Cipher Modes of Operation

3.2 Block Cipher Modes of Operation

Q. 3.2.1 Explain with examples. 16 CB

ets secs. 9.2.2and 324) | Dec. 16. To

>, CFB, ore and CTR

mode) with the help of: block digramn el
a 3.2.3 What are block ye algorithmic modes
weDorenee

rs... (Ref..sec, 9,2).

Scanned by CamScanner
 EF crypt. & Sys. Secur
Cipher that May b
| “typtographic algori y = The drawback of
and decry the input genera!
pteg
| attacker or crypta
The modes
included in
this Standard are:
1.
| Electronic Codebo ok (ECB)
mode
2. Cipher Block Key
Chaining (CBC
) mode
Cipher Feedback
»

(CFB) mode and

Output Feedback (O
FB) mode Fig. 3.2.
Counter (CTR)
Mode — Only small messz
repeating the sam
3.2.1 Electronic Codebook (ECB)
Mode
3.2.2 Cipher Bloc
> (MU - Dec. 16)
Q.3.2.4 Describe ECB. (Ref. sec. 3:21) | Q.3.2.5 Describe
— In Electronic Codebook (ECB) mode the given plaintext message is divided into
blocks of - — To overcome th:
64 bits each and each 64-bits blocks get encrypted independently. The plaintext block plaintext the Ci;
produces ciphertext of same size (64-bits each). mode, each bloc
encrypted,
- The given plaintext is encrypted using same key and transfers the encrypted data
— In CBC mode
(ciphertext) to receiver.
Initialization V.
At the receiver end each block is decrypted independently using same key in order 1 block 1. In ne
produce original plaintext message of same size i.e. blocks of 64-bits each. Previous ciphe:
|
The Electronic Codebook (ECB) mode encryption and decryption process is shown in
block 2. The P
oat
Fig. 3.2.3,
Fig. 3.2.1 and Fig. 3.2.2. = Initialization V
hes
pols .
Plaintext pralieg
more complica
Different crite
Encrypt] A good initial;
Plaintext blog
Ciphertext Ciphertaxt
en Ciphertext blox

block 1 block2 In case of cip

s of CBC mods
oni c Co de Bo ok (E CB ) mode encryption proces
Fig. 3.2.1 :: The Electr

Scanned by CamScanner
 ey Crypt. & Sys. Security (MU-Se
m, 6-Comp) 3-3 Symmetric Kay Cryptography
—_
The
heidr eect of ECB mode is‘ that for the occurrence of more than one plaintext block in
put generates the same ciphertext block in the output, which gives clue to the
attacker or cryptanalyst.
Ciphertext Ciphertext Ciphertext
block 4 block 2 block N

|
Key —»} Decrypt Key—»}Decrypt} -- Key —»| Decrypt

Plaintext Plaintext Plaintext

block 1 block 2 block N
Fig. 3.2.2 : The Electronic Code Book (ECB) mode decryption process

~ Only small messages can be encrypted using ECB mode of operation where the chances of
repeating the same plaintext message are quite less.

3.2.2 Cipher Block Chaining (CBC) Mode

: > (MU- Dec. 16)
isin en ee
— To overcome the problem of repetition and order independence in ECB even for repeated
plaintext the Cipher Block Chaining (CBC) mode is used. In the cipher-block chaining
mode, each block of plaintext is XORed with the previous ciphertext block before being
encrypted.
- In CBC mode the first block of the. message (plaintext block 1) is XORed with an
Initialization Vector (IV) which is then encrypted using key k and produces ciphertext
block 1. In next step each block of plaintext (plaintext block 2) is XORed with the
previous ciphertext block 1 before being encrypted and produces output i.e. ciphertext
block 2. The procedure is continuing till all plain text block gets encrypted as shown in
Fig. 3.2.3.
— Initialization Vector doesn’t have special meaning it is simply used to make input message
| more complicated or unique.
- Different criteria for IV are fixed-size input value it should be random or pseudorandom.
A good initialization vector should be unique and unpredictable. In all modes of operation
plaintext blocks are represented by using P1, P2, P3,...vss#u- Pn and corresponding
ciphertext blocks are represented by using C1, C2, C3............. Cn.

— Incase of cipher block chaining mode even if plaintext block repeats in the input, output
of CBC mode yields totally different ciphertext blocks as shown in Fig. 3.2.3.

a he
=, hae

Scanned by CamScanner
 (FP ory. & Sys, Security
(MU-Sem. 6-Comp) _ 3-4 Symmetric Key Cryptogracs,

Plaintext Plaintext Plaintext

block 1 block 2 block N

Initialization (Iv) ei Pa

Le r
Dy
W
,

K —+ Encrypt K —# Encrypt

Cc, Cz Cy
Ciphertext Ciphertext Ciphertext
block 1 block2 block N

Fig. 3.2.3 : Cipher Block Chaining (CBC) mode encryption process

~ CBC mode is applicable whenever large amounts of data need to be sent securely,
provided that all data is available in advance (e.g. email, FIP, web etc.).
- In CBC decryption, cipher text block 1 get decrypted using same key used earlier during
encryption process and the output of this step is then XOR with initialization vector (IV)
and produces plaintext block 1. .
— In next step the ciphertext block 2 is decrypted and its output is XOR with ciphertext
block 1 which results plaintext block 2. Repeat the process for all ciphertext block in order
to produce original plaintext blocks as shown in Fig. 3.2.4.
Ciphertext Ciphertext ” Ciphertext
block 1 block 2 block N
Cy Cy

K ——»] Decrypt K —+ Decrypt} --.---

|
v— Mi
wa
AL

<*
9
£

+ |
Py Py Py
Plaintext Plaintext Plaintext
block 1 block2 block N
Fig. 3.2.4 : Cipher Block Chaining (CBC) mode decryption process
3.2.3 Cipher Feedback (CFB) Mode
—

CFB mode uses block cipher as stream cipher meaning is that data
is encrypted in smaller
units of block say 8-bits rather than predefined size of
64 bits.

Scanned by CamScanner
 FF crypt. & Sys. Security (MU-Sem,6-Comp) 3-5 Symmetric Key Cryptography

- CFB mode may be used as a stream cipher. In CFB encryption process 64 bits
initialization vector is used which is kept in 64 bits of shift register.

- The IV (shift register) is then encrypted and produces 64-bits of ciphertext i.e. encrypted
IV. Now the leftmost S bits (size of 8 bits) of the encrypted IV are XORed with the first
S bits (size of 8 bits) of plaintext P,to produce the first S bits of ciphertext C,, which is
then transmitted to next step.
- Innext step contents of the 64 bit shift register are shifted left by S bits and C, is placed in
the rightmost S bits of the shift register and which again undergoes to encryption process
as shown in Fig. 3.2.5, |
- This process continues until all plaintext units have been encrypted. Here panme key Kis
used during encryption and decryption process.

Initialization vector (IV)

|
| S - bit shitting <«— S- bit shifting

(shit register) ie

—+| "Encryption —+)" Encryption: *

ann me
---—»| “Encryption
Key
Key Sy i k eae Key

ae
Plaintext x, Plaintext 4

rT
Plaintext L

| 7 .

Ciphertext C, Ciphertext C, Ciphertext Cy

Fig. 3.2.5.: Cipher Feedback (CFB) mode encryption process

— Decryption of CBC mode reverse of CBC encryption, the same technique is used, except
that the output of encryption process is XOR with the received ciphertext block to produce
the original plaintext block as shown in Fig. 3.2.6.

Scanned by CamScanner
 . Security (MU-:
Ber crypt. & Sys
Initialization '

[ Encrypt
(64!
select §
§ bits
Fig. 3.2.6 : Cipher
Feedback (CFB) Plaintext
mode
3.2.4 Output Feedback Decryption Process P,
(OFB) Mode

Ciphe

Fig. 3.2

— Decryption process

Output of encryption Process is

placed in least significant s bits of
shift register (left shift)
of next stage and repeat the Process until
all units encrypted.
In case of output feedback mode (OFB),
difference is that output of encryption process
O, instead of generating cipher text C, is directly placed in next
stage of shift register
without XOR operation to avoid bit errors during transmission as shown in Fig.
3.2.7.
- In OFB mode, if there is a small error in individual bits, it remains an error in individual
Fig
bits which do not corrupt the whole encrypted message (to avoid bit errors during
transmission) which is the biggest advantages of OFB mode over all other mode. 3.25 Counter (c

In this case Initialization Vector is extracted from a double length encryption key.
‘

Scanned by CamScanner
 reo ae. ty fiu-Som. 6 Comp)
37 Symmetric Key Cryptography
Initlalization
vector

*—S- bit shiting +— 8 - bit shitting

On-1} . shitt registor
64 - bits

Encrypted IV.
- 8d bits

Ciphertext C,
i

- Ciphartext Cc,
Ciphertext Cy

Fig. 3.2.7 : Output feedback (OFB) mode

encryption process
kept in 64 bits of |
V and XOR with

tister (left shift) !

Tee

yption process |
shift register
—

g. 3.2.7.

n individual Fig. 3.2.8 : Output feedback (OFB) mode decr

rors during yption process
3.2.5 Counter (CTR) Mo
de
9.3.2.8 Compare ECB and counter mode of operation, a
(8.42.9 Explain
(Ref. sec, 3.2.5) z
Counter mode of operation, fe.
(Ref, Seo. 3.2: 5)

Scanned by CamScanner
 AT coypt. 2 Sys. Securty (MU
3.2.6 Algorithm Mode L

Mode

Electronic code book

(ECB)
Cipher Block Chaining
(CBC)

Cipher Feedback (CFB)

el.
Output Feedback (OFB)

a
Counter (CTR)

Fig. 3.2.10 : Counter (CTR) Decrypti

on Process
|
The advantage of counter mode is that it can make executio
n speed up which can help i |
multiprocessing system.

Scanned by CamScanner
 re Crypt. & Sys, Security
(MU-Sem, 5-Comp)
3-9
Symmatric Kay Cry
3.2.6 Algorithm Mode ptography
Detalls and Usage
Table 3.2.1 : Su
mmarization of algorithm mod
es

Details ; - Usage
Electronic code book
Same key is use to encrypt and |
(ECB) A single value is transmitted
decrypt 64 bit at a time.
in secure fashion,
Cipher Block Chaining
Ciphertext of Previous
(CBC) step and It is used for authentication
plaintext in next step are purpose,
XORed.
Cipher Feedback (CF
B) K number of’ random from Encrypted stream of data is
ciphertext bits of Previous
step transmitted for authentication
and k bit from plaintext of the
next step are XOred,
Output Feedback (OFB) It is similar to CFB, only| For transmis
sion of =
difference is that input to | stream of data
ed earlier and later .
encryption step is preceding
in Fig. 3.2.10, DES output.
Counter (CTR) Both counter and plaintext | It is
used in the mre
block are encrypted together, °
which need high speed of
transmission,

Syllabus Topic : DES

3.3 Data Encryption Standard (DES)

>
Q3at Explain working ot DES detailing the
(MU- Dec. 15, May 16, ay NT, me
Fiestel structure,
+8)

(Ref, sec. 3.3)

a 0.3.3.2 Explain working of DES. (Ret 566. 3 3)
0.3.3.3
:
Explain DES; detailing the Fiestel
Structure and S-block design.
(Ref. sec. 3.3)
can help in 0.33.4 Whetis the purpose of S-boxesi
in DES? Explain the avalanche
= (Ref. sec. 3.3) ofect? pee
LCAL AERTS

Scanned by CamScanner
 PFT crypt. & Sys. Securtty (MU-Sem. 6:
“
~ DEs ;
“
in Carly
| i At the decryption side, DES
M, ach g Tequest 2
56-bit key.
‘als for
essis
ngie g lis ; m —
=
Which a heg ed. ve 3.3.2 Detall Steps of DES
te |
és I regi:, -
in 1975sa43in aMEE, Was acc
w draft of epted as Des.
ather The principle of DES is very s
7 “ject because of
© F, Fed, ;
smal] each, which is initial permutati
Prevent alysie om
Cc a :
. that Inte After initial permutation on 6
: os rna] achi
4 tecture € of D called left plaintext and right p
Publishe of ES
NClassifi g D, The left plaintext and right plz
eg licatio “
with 16 different keys for eacl
cain right plaintext gets combinec
blocks.
The result of final permutatior

Divide plaintext me
ssage into 64-bit blo
ck each
OR
The given plaintext messag
: e is divided
into size 64-bits block each and
56-bit key at the initial level. Fig. 3.3.15 ch and encrypted using‘
hows conceptual view of DES. 56 - bit
key —,]

siiady 64 bits

56 - bit ae sie
kay DES” te >. DES:

164 - bi Te- bt
|ciphertext ciphertext

Fig. 3.3.1 : Conceptual view of DES

Scanned by CamScanner
- At the decryption side, DES takes 64-bit ciphertext and creates 64-bit plaintext and
56-bit key.

3.3.2 Detall Steps of DES

- The principle of DES is very simple. Divide plaintext message into block of size 64-bits
each, which is initial permutation,
- After initial permutation on 64-bit block, the block is divided into two halves of 32-bit
called left plaintext and right plaintext.
along
- The left plaintext and right plaintext goes through 16 rounds of encryption process
with 16 different keys for each rounds. 16 rounds of encryption process left plaintext and
combined
right plaintext gets combined and final permutation is performed on these
blocks,
- The result of final permutation produces 64-bit of ciphertext as shown in Fig. 3.3.2.
__84-bitplaintext |

f= “Thitial permutation ~~

Thet plain| [Right plain

text (32-bit)| | text (32-bit)

{Frond | [Round
WML
; Encrypted data

WLLL

Kia a

[84 - bitciphertext | :

Fig. 3.3.2 : Detail Steps in DES

Scanned by CamScanner
 rity!
Sys: secu
PF copt &

!
'i Yo © Process OF rearra: : Ste©p 2+ 2 Expansion pet
. shown iin
n Fig.Fig 3
| NSE Fandom bit ofsarc shufllng cach bit of original pig oe text (LPT) a
b lock, © —First bit ofof original
orig PlaintextPtintext
{ . the 2"4 block message
re block. “te panes:
from 32-bits to 48-8
|| Places with 57" bit ead place with 48"bit
of Original Plaing
| Original pl] jaintext messag
Table 3, 3.1: e wey
shown in Table 3 3
| Initial Permutation
: m
Plaint
: ext block (64 bits
)
——-,

ss Qn9s
: his Protea called Juggle
ry of bit Position of plai
orginal plaintext blo ntext block which is applied
cks in a sequence. to al
i After initial permutation
the 64-bit plaintext block get
(32-bit) and RPT (32-bit). divided into two halves LPT
Fig. 3.3.3 : E
— Now 16 rounds of encryption process were
completed on LPT and RPT.
pe During: Shis:m
3.3.4 Rounds Fig. 3.3.3.
— From Fig. 3.3
Q.3,3.6 — Explain 16 Rounds of DESin details, (Ref. S60 GaAy > 7
RES 48-bit key ;
Q.3.3.7__ Explain permutation and substitution steps in DES. (Ref. sec: 3.3.4
) operation is ;
Before discussing about DES rounds let us know about key discarding process.
Step 3 : S-box si
| py Step 1 : Key discarding process .
peuad | _-~ _ S§-box subst
f ; — We know that 56-bit key is used during encryption process. Here 56-bit key is 48-bitait whicwhic
¢ transformed into 48-bit key by discarding every 8"bit of initial key ie. 8", 16", 32"... | ~ S-box perfi
- From this 56-bit key a different 48-bit sub-key is generated during each round
the process | ~ The substi
called key transformation.
Input for ¢
then comt

Scanned by CamScanner
 Ef Crypt. & Sys. Security (MU-Sem,
cop
8-Comp) 3-49
Symmetric Key Crypto
Step 2 : Expansion graphy
Permutation Process
‘Nite a

tound is generated -
from initial 58 - bit key). «'S - Box substitution
32-bit

“P.- Box permulation

32 - bit

Plied
(0 all
22 - bit
_ RPT,
alves LPT
| Fig. 3.3.3 : Expansion Permutation (Details steps of
Single Round of DES Algorithm)

During this process bits are permuted hence called as

expansion permutation shown in
Fig. 3.3.3. "
From Fig. 3.3.3 it is clear that 32-bits of RPT get expanded to 48-bit
which is KORed with
48-bit key generated during key discarding process. The resultin
g output of KOR
operation is given to next step called as S-box substitution.

Step 3 : S-box substitution

S-box substitution is the process which accepts 48-bit key and expanded right
plaintext of
; 48-bit which get XORed and produces 32-bit output as shown in Fig. 3.3.4.
oy is
S-box performs just jugglery on each bit positions and produces compressed bits.
The substitution performed using 8 substitution boxes the reason called
cess as S-boxes. The
input for each S-box is 6-bit which produces output of 4-bit each.
The output of S-box is
then combined to form 32-bit block.

Scanned by CamScanner
 FP crypt & Sys, Security (MU-Sem. 6-Comp

RPT (32 bit)

-

Expansion » 48 - bit key

|

a XOR |
|
E RPT°T, (48(48 -- bit)
bit) »C]
>

re fay GESts S7 Se
pe Ao S3 Sa) h Ss
Shoxes < © 51) (2 7
4

| [a2- bits output

S box substitution
I ;
Fig. 3.3.4 .

as Step 4 : P-box permutation

out put fro m eig ht S-b oxe s is then permuted, so that on the next
: — We know that the 32-bit others as possible.
ediately affects as many
? round the output from each S-box imm
is inpu t to P-b ox in w hich 32- bit s are permuted using straight forward
The output of S-box
r bit in the specified table
—_

mech anis m i.e. repl acem ent of each bit with ano the
permutation
bop called as P-box permutation.
% ' ¢

E Step 5: XOR and swapping

text only left plaintext
Till this step we have performed all operations on 32-bit right plain
was not touched yet. Recall step 2 as given in Fig. 3.3.4 detail steps of each round, output
produced by P-box permutation get XOR with the left plaintext (32-bit) to produce the
new 32-bit right plaintext.
It is q quite obvious ous th that output of XOR operatioi n becomes new right plaintext and the old
right plaintext becomes new left plaintext, th e complete process isi called as XOR and
swapping operations.

Scanned by CamScanner
 eo it. & Sys
vy . Securi ty ( MU-Semm6
, Comp)
3.1- 5
3.3.5 Symmoatric Key Cry
Final Permutation ptography
:
The last operat
ion a data encr
yption Standard
RPT produced is a Permutatio
from XOR and n of 32-bit LP
sw ‘apping Proces T and 32-bit
Successful comp s. Final] Permutation
letion of 16 ro wa s Pe rf ormed after
und s.
- For exampl
;e
7“ 4;
ition of 4" output
bit and so on, . input
Table 3.3.2 ; Fin
al permy tation

29 | 64 | 32 391 8 | 47
14 | 22 | 6 30 | 37 | 45 | 5
44 / 12! 20} 59 35 | 28 | 26 | 44
1 | 33°} 56 | 53 | 30 44

steps on it in ord
er to Produced en
crypted ciphertext
f
3.3.6 Strength of DES

‘O that on the nex | 1. The DES enc

t | tion technique ideall
; oe y suited for im)
Possible, | lookups ete.), 4 . lementation of ha
| e rdware
(bit shifts,
: straight forward a lige ‘
2. ss
It en Brute “orce attack
impractical as DE .
© Specified table | S uses acne keys
Possible key combinations whic so that there are
2°

y left plaintext
round, output + 5. DES uses 56-bit
f equal to 7,2 x 19' keys so that there are 2% Possible
) produce the S keys required key combinations
tp break DES which 1S Toughly
I 6. A machine Perfor cipher,
ming one DES
encryption per
thousand year microsecond wo
an id the to break the cipher uld take More
old
, than a
s XOR and 7 Ifa smaii change in :
eith er Plaintext or the
key, the ciphertext
should change mark
edly.

Scanned by CamScanner
 3.3.9 Triple DES

Q.3.3.10 Explair
Q.3.3.11 Writes
Triple DES per
uses three keys

First it perfon
ciphertext agair
the second cit
ciphertext Cp.
Mathematically

!
Pt >EK1(Pr) =
elerypted = Cp=EK3 (J
using KI Obtains firg |
} nother key called
= Mathematically K2 and Convertaj Where
Double DES
is Tepresented
j ; oePt >EK1 (Pt) => TE
MP = EKi¢Pt) =
as

EK2(E(K1(P)))=
Cp¢ =E= EK2EK1@)))
EK1(Pt) = Encrypted plaint EB
ext with Key Ki
. TEMP = EKi (Pt) Cp = EK3
= Temporary Variable
. EK2(E(K1(P))) = Encrypted Results
to store results Decryption of
of fire step using K2 The final ciph
Cp = Final Ciphertext
. _ Which results
Decryption of Double DE ; iP
S is reverse of Encryption Ciphertext, 4
after double DES encryp . Wh at ev er the ciphertext obtained
tion pro cess get decrypted Plaintext pt.
using K2 and obtain the firs!
ciphertext, the result of previous Step (cip
hertext) decrypted using K1 which yields tte To decrypt th
original plaintex t. To decrypt the cipher text Cp and obta
in the plain text Pt Double DES | peration,
need to perform the following operation.
|

if

Scanned by CamScanner
 Syllabus Topic : Triple DES

3.3.9 Triple DES

-Q. 3.3.10 - Explain Triple DES.(Ref, sec 23, 3.9):

Q.33.3.11. Write: short note
te on: MV uh ple DES. (iene sec. 3 3, 9)

Triple DES performs the same operation as double DES only difference is that triple DES
uses three keys K1, K2 and K3 while encrypting plaintext. .
First it perform encryption on plaintext which is encrypted using K1 obtains first
ciphertext again this ciphertext is encrypted by using another key called K2 which obtains
the second ciphertext which is again encrypted using K3 and converted into final
ciphertext Cp. ,
Mathematically, Double DES is represented as,

Pt >BK1(Pt) => TEMP = EK1(Pt) => EK2(E(K1(P))) =»EK3 (EK2(EK1(Pt))) |

=> Cp = EK3 (EK2(EK1(Pt)))
Where Pp Pt = Plaintext
EK1(Pt) = Encrypted plaintext with Key K1
TEMP = EKi1(Pt) = Temporary Variable to — results

EK2(E(K1(P))) = Encrypted Results of first ciphertext using K2

EK3 (EK2(EK1(Pt))) = Encrypted Results of second step using K2
Cp = EK3 (EK2(EK1(Pt))) Final ciphertext encrypted using K1, K2 and K3
Decryption of Triple DES is reverse of Encryption,
The final ciphertext obtained after Triple DES encryption process get dice
s using K3
which results second ciphertext, second ciphertext decrypted using
K2 which results first
ciphertext, first ciphertext again decrypted using K1 which generate the original
Plaintext Pt.
To decrypt the diols text Cp and obtain the plai
n text Pt, we need to perform following
operation.

Pt = DK3(DK2(DK1(Cp)))

Scanned by CamScanner
 PF cop. a Sys. S

34.3 AES Enc

The plaintext

Therefore, th
4x4 matrix
AES operate
shown in Fi;
is 32 bits. 1
Fig. 3.4.1.

Round ke’

Round k

Round

— Them
i, The AES algorithm is a symmetric key algorithm which means the same key is used to
both encrypt and decrypt a message. mentic
“ keyris
if — Also, the cipher text produced
by the AES algorithm is the same size as the plain text
State |
for m
— AES consists of multiple rounds for processing different key bits like 10 rounds for
processing 128 - bit keys, 12 rounds for processing 192 - bit keys, and 14 rounds for array

processing 256 - bit keys. S€ve

Wis

"
Scanned by CamScanner
er Crypt. &: Sys. §Security (MU- “Sem. 6-Comp) | 3-19
Symmetric Key Cryptography
3.4.3 AES Encryption and Decryption Process

- The plaintext given is divided into 128-bit block as consisting of a 4 x 4 matrix of bytes.
- Therefore, the first four bytes of a 128-bit input block occupy the first column in the
4x4 matrix of bytes. The next four bytes occupy the second column, and so on.
-. AES operates on a 4 x 4 column-major order matrix of bytes; called as state array
shown in Fig. 3.4.3. AES also has the notion of a word. A word consists of four bytes that
is 32 bits. The overall structure of AES encryption and decryption process is shown in
Fig. 3.4.1, i
Plaintext(128-bit) Plaintext(128-bit)

Round kay Lae mound key 1" Round Found kay a, (Fira! Round
“Ns unakey | ipveubByies
vy — a

‘TnvShiftRows:
Repeat |
Nr-1
Bound
—+ AGG round: Repeat
Round key ———-— Nr-1
Bound

Round key
Final round
tae
Round key Add rou: rsd round|KO key] 14" 4" Round

Cipher text (128-bit) i < abcde Cipher text (128-bit)

Fig: 3.4.1: AES Encryption and Decryption process

- The numbers of rounds are 10, for the case when the encryption key is 128 bit long. (As
mentioned earlier, the numbers of rounds are 12 when the key is 192 bits and 14 when the ~
key is.256.) Before any round-based processing for encryption can begin each
byte of the
state (plaintext) is combined with the round key using bitwise XOR operat
ion. Nr stands
for number of rounds.

AES divide plaintext into 16 byte ( 128-bit) blocks,

and treats each block as a 4 x 4 State
arrays as shown in Fig. 3.4.3. Itthen performs
four operations:i in each round consists of
several processing steps like. substitution step,
a TOW-wise permutation step, a. column-
Wise mixing step, and the addition of
the round key. Except for the last
roundi in each case,

Scanned by CamScanner
 FP crypt. & Sys. Security (MU-Sem. 6-Comp) 3-20 Symmetric Key Cryptograph,

es only
all other rounds are identical. Final Round doesn’t have (MixColumns) it includ
SubBytes, ShiftRows and AddRoundKey.
‘ntext USINg Same
The process of transforming the cipher text back into the original plain
jon process the sey
encryption key is called as decryption process of AES, during decrypt
of rounds are reversed.

3.4.4 Detail Steps for AES Encryption

For encryption, each round consists of the following four steps

(1) SubBytes

(2) ShiftRows

(3) MixColumns, and

(4) AddRoundKey

. ;
/Substitute by te
4. The SubB yte step a fi xe d S-box lookup ta
ble as
te us in g
of re pl acement of each by ). It
— SubBytes() co ns is ts
in to th e 4 x4 state array (16 byte
n-linearity
4.2 to achieve no -
shown in Fig. 3. the S- BOX in DES
.
sa me fu nc ti on as
the
performs roughly ar su bs titution in the
ms a no n- li ne
ra te s on ea ch by te in the state and perfor
— It ope
is what makes AES a non-linear cryptographic
GF (28) field, which
Galios Filed
es techniques and if apply
me

_ s the state transformation using SubByt

on which will create orl iginal val
ues.
e cal led as Inv Sub Byt es tra nsf orm ati
revers
g ansformation is Also same. It also shows
For every same two byte value the resultin tr
that the InvSubBytes transformation creates the original one.
mation is also the same
Note that if the two bytes have the same values, their transfor
The corresponding substitution step used during decryption is called InvSubBytes.

Scanned by CamScanner
 Er crypt & sys Securty(MU-Sem.6-Com321
p) Symmet
Key Cryptog
ric raphy

041 12 13
15 J6 |7 14
0 | 63 | 7c | 77 | 7b | F2| 6b | 6f |C5}30/1 | 67 | 2b | Fe | D7] Ab| 76
1 | ca | 82 | C9] 7d | Fa | 59 | 47°] FO | Ad} D4] A2] Af | 9c | A4 | 72 | CO
b7 | Fd | 93 | 26 | 36 | 3¢ | F7 | cc | 34 | as| es | Fr | 71 | D8} 31 | 15
be

4 |C7|23 |C3]18|96|5 |9a|7 | 12 | 80 | E2| Eb | 27 | B2 | 75

|]] ww ]

9 | 83 | 2c | la | 1b | 6e | 5a | AO| 52 | 3b | D6 | B3 | 29 | E3 | 2F | 84
Wwlol~ wr] &

D1}0 | Ed} 20 | Fe | Bl] 5b | 6a | Cb | Be | 39 | 4a | 4c | 58 | Cf

in
w
AT

DO | Ef | Aa| Fb | 43 | 4d-| 33 | 85 145 | FO }2 | 7f | 50 |3c | OF | A8

51 | A3| 40 | 8f | 92 | 9d | 38 | F5 | Be | B6 | Da| 21 | 10 | Ff

5
a
Ec | 5f | 97 | 44] 17 | C4] A7| 7e | 3d | 64 | Sd | 19 | 73
=.
&

60 | 81 | 4f | De | 22 | 2a 14 | Be | Se | Ob | Db
oo
60

oN
=~
S

oo
e
w

a |EO|32 |3a|0a|49|6 |241}5c |C2| D3] Ac] 62191 | 95 | H4] 79

b | £7} c8|37 | 6d | 8b | DS| 4e | A9| 6c 156 14 | Ba 165 17a | Ae ls
c | Ba] 78 | 25 | 2e | Ic | A6| B4| C6] E8 | Da} 74 | if | 4b | Ba | gb |.8a
d | 70 | 3e |B5/66 |48|3 |F6]0e |61 135 |57|Bolg6}c11| 14 | 9e
© | El} F8 | 98 | 11 | 69 | D9] 8e | 94 | 9b | te 187 9 |°]
ce | 55 | 28 | De
f | 8c | Al | 89 | Od | bf | B6 | 42 | 68 | 41 | 99 | 2a |oe | Bo 54l| bp | 46
. Fig. 3.4.2: S-Box Lookup table for SubBytes

a 10 21 CO 81 CA FD BA 0C .
05 07 01 25
State Array 60 byte(128-bit) | 6B C5 7c oF
27 12 19 24 blocks cee te
15 27 30 35 ecemmnees
*. -

Tt vi b '

Fig. 3.4.3 : SubByte transform

ation
—

Scanned by CamScanner
 Of thise . input
tp the Sh i PFT copt.& Sys. Socut
iftRows Wa
alray nsfor, —
OVer in the Order ofa roy, Malicg From Fig. 3.4
© t row rents Ne in this Step), column of —
TOlatedieg,
byt ANS une of day,
Yte to the left Position same operati
oe
bY two And three posi:
ed. Each byte of the
Second row, is » ,
Correspon trance
Utllarly the
third and fourth rows are eerrne)
PoSition 48 shown jn
TOW tr, "Sformation
Fig. 3.4.4,
als,
= The 4 bytes
VShiftRoMatio
ws)n durin 8 decrypti,on a t
process ig: called Inverse in Rijndael’s
shi source of difi
_ShitRows
C813
: 0] FET
FF] ap
64 4. AddRoundKey
[es=
] zo Felon
F21FE/ eo] on
ee
s In the na ddk
FE} 60 | 25'| 5
11876 [4 schedule is
state
AA FE 84 Dy 7@ [Ea] 12/45
The nitind ti
: aha ae
DALAT FE) - € roun

nvShiftRow operations. "

Fig. 3.4.4 : ShittRows tran when each t
sformation
3. MixColumns text as show
04 | EO
eration on the state
attay obtained from
mn 1s multiplied ShiftRows column.
with row of a fixed matrix, 2a C8
This step takes
outputs of four bytes
(eac
81 | 19
h input byte affects
the ' ES | 9A |

.
Plimary source for Provid ep > The same
ing complete diffusion to
the ~ ShiftRows
~ Except fo
B8/1E 041 £0} 48| 28
doesn’t h;
11] 98 81] 19] D3} 26
[03] of] 01 02} =| 90/AE}
Fil cs [EB] 9A 7A] 40 Teverse 7
iy InvMixe,
Predefined matrix
State array
New state
Same enc
Fig. 3.4.5 : MixColumns tran
sformation

Scanned by CamScanner
_ °° ~~»

(ET cryp& t.
Sys. Security (MU-Sem. 6-Comp) 3-23 ——__Symmetri
Kayc Cryptography
- From Fig. 3.4.5 on the left hand side, the row of the leftmost matrix is multiply with
column of state array (XOR operations) which produces the new state. Perform the
same operation on all columns which provides diffusion (mixing data within
columns).
- The 4 bytes of each column in the State are treated as a 4-byte number and
transformed to another 4-byte number via finite field mathematics (modulo multiplied
_ in Rijndael’s Galois Filed by a given matrix) as shown. MixColumns step is primary
source of diffusion in AES.
4, AddRoundKey

- In the AddRoundKey step, the Round key one generated using Rijndael's key
schedule is combined with the new state obtained from MixColumns transformation
State. i

- The round key is added by combining each byte of the state array using bitwise XOR
operations. The actual ‘encryption’ is performed in the AddRoundKeyQ function, -
when each byte of state array is KORed with the round key to produce final cipher
text as shown in Fig. 3.4.6. .
04 | BO
| 48 | 28 AO} 88 | 23/24} | a4] 68 | 6B] on
66 | CB] F8 | 06 | xor| Fa} 54| 43 | 6c} =| 0c | of 5B |
6A
81} 19 | D3 | 26 FE | 2C 39 | 76 TF | 35 | EA | 50
E5|9A17A | 4C 17 | B1| 39| 05 F2 | 2B} 43 | 49
Fig. 3.4.6 : AddRoundKey
— The same process of AddRound
Key is applied for nine rounds
i.e Repeat SubByte,
ShiftRows, Mi xColumns step and XOR with
Round key 9 more times,

Scanned by CamScanner
 Ption ocey,.
InvShif S throug the funct 41
Ex. 3-4 .
.Inyerse fun
ri 0, Inv
ction, as Sub By tes (), fava AddRoundK (),
it simp ly XORs th olumns () andeyAddRouplus the inverse AES function,
ndKey () does not require
AES encryption ‘
nce, and decrypts when fpot soln. :
iaa aaiin &
State with the subkey (XOR encr
ypts when @PDligy We aware
3.4.5(A) Diffe
rence combin7 ations
=
, sb
f Enerypa between Data Encryption Standard (DES) and Adv —
i ia
Pp on Standard (AES) ance Day key during encr
: = Se are z into some tempc
permutation and
i
j| what will be the
Data oe €ncryption standard — : so when sender se
takes 64-bit | It allows the
i Plaintext as a input and creates data length (plain text size) |
cryptanalyst abl
Ciphertext i.e. it encrypts data in 64-b
bloc
it | of 128, 192 and 256 bits.
k
of size 64-bits per block. pene Bet ao
does not solve ir
2. | In DES plaintext message is divided | AES
divide plaintext into 16 bya| r
into size 64-bits block each and | (128-bit) blocks, and treats each :
encrypted using 56-bit key at the initial | block} —==
as a 4 x4 State array and supporting |
level. . 35 RCSA
three different key lengths, 128, 19),| (7) Sms GOA
and 256 bits. i
ij 3. The left plaintext and righ
y t plaintext | The number of rounds are 10, 1 5 i
{| goes through 16 rounds of encryption | case is for the’ ee
| when the encryption key is 128 bit notable for bei
process along with 16 diff erent keys for long. (As mentioned earlier, the number
each rounds, XOR, shift, etc
of rounds is 12 when the key is 192 bits}
and 14 when the key is 256.) _ Example
i 4. DES uses 56-bit keys so that there are | AES
' is stronger than DES because of!) Key.: 00(
a0 Possible key com binations which is key size vary from round to round.
roughly equal to 7.2 x 10'° keys
required to break DES cipher. Plain Text
| Ciphee'ts
5. Different versions of DES are double | AES
doesn’t have any future version.
DES and triple DES is added. ; ‘

6. DES doesn’t use Mix Column, Shift|

RCS is a
i AES uses Mix: Column, Shif: t Rov || te: Xt
block siz,
Rows method during encryption and |
method during encryption al! |.
dec ryption process. decryption process ©ch instance
| b= key —
7. DES, double DES and Triple DES (168- | AES also are vulnerabl to brut
e e fore €| | :
bit key) are. vulnerable to brute force | attacks.
attacks. t i

Scanned by CamScanner
 inati . Crypt the Plain text bY applyin: .
combinations, shift Tows, mixing columns, it plays permutation and
Jugglery ow «
key during encrypti with the Oicent
input bits and uses 128
on Process. What bit
if

receiver and performing the AES

cryptanalyst able to modify Steps still
the contents of original message,
the get contents of original
message get modified before it Teaches to inte
nded Teceipts then we say that AES encr
yption
does not solve integrity problems, Only solution
is that use AES to ol in efficient & secure way.
16 byte
ach block Syllabus Topic : RC5 Algorithm
er

supporting
128, 192, 3.5 RCS5 Algorithm

RCS is a symmetric key block encryption algorithm designed by Ron Rivest in 1994. It is
is for the’
is 128 ‘bit notable for being simple, fast (on account of using only primitive computer operations like
2 number XOR, shift, etc.) and consumes less memory.
192 bits
Example

Key.: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Plain Text : 00000000 00000000
Cipher Text : EEDBA521 6D8F4B15
RCS is a block cipher and addresses two word blocks at a time. Depending on input plain
text block size, number of rounds and key size, various instances of RC5 can be defined and
Ech instance is denoted as RCS - w/r/b where w = word size in bits, r = number of rounds and-

b= key size in bytes.

Scanned by CamScanner
 For example, if

u = 32/8 =4,¢=
— Lis pre initialize
Jouiabel to O”
Lfi/u] = (Llwi] <<<:
Step - 3: Initializing
_ ama 5 of siz
5/0} =;
fori = ; to 2(r+1)-1
_ Shi] = Sfi-11 + Q
Step 4: Sub-key mi
— The RC5 encryy
the basis of user
Two’s complement addition
of words where addition is
z=
|
modulo
Bit wise Exclusive-OR

Step 1 : Initialization of constants

P and Q. .
_
RCS makes use of 2 magic constants
P and Q whose value is defined by
the word size ¥,
5-04 %e
| Word size (Bits) | _PP Hexadecima) Step 5 : Encryptio
16 b7el — We divide th
9e37
[ 32
undergoing ia
b7e15163 9e3779b9
block.
L 64 b7e151628aed2a6b 9e3779b97f4a7cl15 RC5 Encryp

1. One-time. in
Tespectively
XOR A anc
wn

- Here, Odd(x) is the odd integer nearest to xe is the base of natural logarithms and ¢ is tt Cyclic left
golden ratio.
Add S[2¥j)
uF

Step 2 : Converting secret key K from bytes to words. XOR B wi

exe pelt
Secret key K of size b bytes is used to initialize array L consisting of ¢ words W" 8. Cyclic leg,
c = béu, u=w/8 and w = word size used for that particular instance of RCS.

Scanned by CamScanner
 CE} crypt. & Sys. Security (MU-Sem, g C.
-8-Com
For examplple,e, i
if yw, fe Choose w Symmatric Key
Cryptography
= 32 bits
and Key k j
s OF f sisi ze 96
b
- Lis pre initialized to
eeisey se me ea 0. Vv ale e before sae
Secretkey K to it
Lfifa]= (Lfa/i] <<<) + Kf],
; ;
Step -3:*Ini
alizin g Sub-key S.

= 2(+1) is initialized us;

5Poi aa nO)
Step 4: Sub-key mi
xing,
— The RCS encryp
tion al gorithm uses Sub
. the basis of key S. Lis merely, a
€r entered secret key. temporary array formed
Mix in on
user’ 5 sec key with S and L,

j=ae b ‘yy % C
Step 3% Encryption.
We divide the input plain text block into two registers A
and B each of size w bits. After
undergoing the encryption processes the result of A and B together
forms the cipher text
block.

RC5 Encryption Algorithm .

1. One time initialization of plain text blocks A and B by adding S[0] and S[1] to A and B
respectively. These operations are mod
2. XORAandB.A=A*B

3. Cyclic left shift new value of A by B bits.

4. Add S[2*i) to the output of previous step. This is the new value of A
5. XOR B with new value of A and store inB

6. Cyclic left shift new value of B by A bits

Scanned by CamScanner
 7. Add S[2*i + 1] to the output of previous step. This is the new. value
of B.
8. Repeat entire eae (except one time AL EaeaLACD) r times.
ASKS S07. ep fi
B=B4+S[l]
for’ i=ltor dos
A=ee Bh <<< By. +S2* i

9, Beanies RCS Decryption cannoe defined as :

fori =rdown tol do: Ra
e = ((B-S[2*i+1)) Fees ~
= ((A-S[2 *i]} >>> B) *
B=ES. S[i}:
A=A-S[0] fog sige a
wetim A, Be ee eee ee
Chapter End...

QQ],
ane
te

Scanned by CamScanner
 Syllabus

Public key cryptogr

The knapsack algo
aphy: Principles of
rithm, ElGamal Algo Public key Cryptosystems - The RSA algorithm,
_
a

rithm.

oad Public Key Cryptosy

stem with Applications
Public key Cryptosystem
also called as as ymmetric key Crypt
ography or Public Key
Cry
ptography already discus
sed in section 1. 9.2. (Chapt
er 1)
I| Two different keys are used
during encryption and decryptio
n process (one key for
encryption and second key used
at the time of decryption). RSA
algorithm is the best
example of asymmetric key cryptography
as shown in Fig. 4.1.1.
Private Key (only known to owner).
- -
Public Key(possibly known to
everyone).

, Encryption
Plaintext public key © ‘
Cipher text
?

P :
Cipher text oe Plaintext
.

. Decryption ~
Fig. 4.1.1: Asymmetric Key Cry
ptography

Scanned by CamScanner
 (crypt. a 5)
SSS

Z. Digital si;
3. Key exch
for conve:

Eneryptig

Bob
(eg Asam
text = x

Fig, 4.1.2(a)
- Itis easily ; Encryption
With Public Ke
Configurable y
than secret
key,

—_.
.

4.2 Publ

— Cryptographic
: Encryption algori i
thm -
(6.9. RSA) text Decryption algorithm Pain text 1. Itis comy
output
(PR)),
2. Itis com;
Alica
(b) Encryption With - Senerate.
Private Key
Fig. 4.1.2:
Public Key Cryptography
3. Itis com
1.1 Applications for-Public
- Key Cryptosystem Private
Applications of Public
key Cryptosystem are
classified Into three categories
Encryption/decryption 4, It is coy

: Durin g this process

receiver's public key. the sender encrypts the message with Me determin
5. it Is con
Plaintex;

Scanned by CamScanner
 Fig. 4.1.3
‘ Syllabus Topic : Requirements
and Cryptanalysis

4.2 Public Key Requirements and

Cryptanalysis
Cryptographic algorithm is based on
two related key one is diffie and second
is Hell man.
1. It is computationally easy for receiver B
to generate a key pair (public (PU) and priv
ate
(PR)).
2. Itis computationally easy for sender A knowing PUb and
the message to be encrypted to
generate the corresponding ciphertext Cp = EnPUb (Pt).
3. It is computationally casy for the receiver B to decrypt the resultin
g ciphertext using his
private key (PRb) to recover the original message.
Pt = DrPRb (Cp) =DrPRb [EnPUb (Pt)].
4. It is computationally infeasible for a Ctyptanalyst, knowing the public
key PUb, to
determine the private key PRb.
th the 5. It is computationally infeasible for a cryptanalyst, knowing PUb'
and Cp to recover the
plaintext message Pt. 4

Scanned by CamScanner
 =

Ro
Aldema
plain te:

* The

l. Sel
Cor

ty
Cor

- »
Sel

le<
Cal

pe
6 Pu

Scanned by CamScanner
 PP cryot & Sys. Security (MU-Sem. 6-Comp) 4-5 Public Kay Cryptography

rithm —---———
Syllabus Topic : The RSA Algo

4.3 RSA Algorithm : Working, Key Length, Security ~

> (MU - May 17)
Qa 4.31 Briefly defi ine idea behind RSA and also explain |
: (1) Give public key and private key,
(2) Describe security in this system. (Ref. sec. 4.3) | May 17.5 Marks |
sec. 4.3)
a 4, 3.2. Explain RSA Algorithm |in Details along with suitable example: (Ref.
Q.43.3- Explain RSA algorithm. used for public key cryptography. (Ref. sec. 4.3)
st-Shamir-
Ron Rivest, Adi Shamir and Len Aldeman have developed this algorithm (Rive
It is a block- cipher which converts
Aldeman) in 1978. It is a public-key encryption algorithm.
plain text into cipher text at sender side and vice versa at receiver side.

& The algorithm works as follows

1. Select two prime numbers a and b where a # b.

for both the public and private keys)
2 Compute n =a * b (nis used as the modulus

3. ‘Computed(n) = (a—1) * (b- 1).

Select e (public key) such that, e is relatively prime

to $(n) i.e. ge d (e, o(n)) = 1 and
4
1<e<o(n). ,

Calculate d (private key) such that,d = e! mod $(n) or mod $(n) = 1.

a

6. Public key = {e,n}, private key = {dn}.

7, Computecipher textusing,
C=P*modn where, P <n where C= Ciphertext,
- 3s
P=Plaintext,e=Encryptionkey

8. Compute Plaintext P using the given formula.

P=C*modn.
Where, d = decryption key.
Both sender and receiver know the value of n. In addition, the sender must know
aa |
encryption key ‘e’ and receiver must know decryption key‘d’.

, )
Scanned by CamScanner
 —

FF crypt & Sys. Security (MU-Sem. 6-Comp) _4-6 Public Ly

@ For example

1. Select two prime numbers a = 13, b = 11.

n=a*b=13* 1] = 143,
YN

= 120.
= (13-1) * (11- 1)= 12* 10
(n)
= 1 and] << Hnje;,
Select ¢ such that, e is relatively prime to 0(n) i.e. gcd (e, o(n))
>

selected as 13, ged (13, 120) = 1.

5. Findingd
e*dmod(n)=1; 13 *dmod120=1
Do the fol low ing i you are
i procedure till not get i getting
are not
d is calculated using following met hod .
a integer numbers
a (o(n) * i) + 1
= e

(120+1) 121 _ Bis

d.= - 3 ='13 = 9,30 (i 1)

where, i ='1to 100

241718.93 0 = 2)
240+1 =F;
= 4

361 —
=" 360+1 7113 = 27.76 (i= 3)

480+1 481_
d= 13 = 1 =37

Hence. d = 37
6. Hence public key = {13, 143} and
Private key = (37, 143}
7, Encryption
integer.
Plain text message (P) which is in binary format converted into
Here P is selected as 13 such that P<n
(13 < 143)
Now, C= P*modn=13"
mod 143
- Hler to find out 13"° mod 143, use the following procedure
3 mod 143 = 13

i
Scanned by CamScanner
_ ~ CC SSsSTS*=C OO LL

FT crypt & Sys. Security (MU-Sem. 6-Comp) 4-7 Public Kay Cryptography

13” mod 143 = 169 mod 143 = 26

13° mod 143 = 26 mod 14= 3 104
13° mod 143 = 104? mod 143 = 91
“ C = [(13° mod 143) *(13* mod 143)*(13 mod 143)] mod 143
| = [91 * 104 *13] mod 143
= 52
8. Decryption

To decrypt given plain text message we must know the C and d. |

P = C'modn=52” mod 143 |
|

Again use above mentioned procedure to find out 52°” mod 143. As |

52 mod 143 = 52 | ||
52° mod 143 = 130 |
= 26
52° mod 143 = (130)’ mod 143 |
52 mod 143 = (26)’ mod 143 = 104 |
= 91
52'6 mod 143 = (104)’ mod 143 . |
52 mod.143 = (91) mod 143 = 130
Hence, P = 52” mod 143
[(52*? mod 143) * (52* mod 143) * (52 mod 143)] mod 143
[130 * 26 * 52] mod 143 = 13°

4.3.1. Computational Aspects

@ Computational Aspects

There are two main issues arises in complexity of the computation we can see that one by
one. At the first we see the process of encryption and decryption.

4.3.1(A) Exponentiation In Modular Arithmetic

In RSA, both encryption and decryption method, integer can increased as power and mod

| n. Le, [(p mod n) x (q mod n)] mod n = (p x q) mod n so thedo given equation say’s that, we can.
practically.
reduced the result using modulo n. This calculation we can

a ie:
Scanned by CamScanner
 [FFcrypt.
rypt. && Sys. Security
Sys. Security (MU-
(MU-Sem.6-Comp) 4-8 Public Key Cryptograpp,

| ‘ consideration is the efficiency of that exponentiation. Because when We US¢ the Rs

| :
algorithm at the time of large exponents that time efficiency might be increases-
1 :
- We can take one example of exponentiation. Let’s compute x15.
ht for war d app roa ch we req uired 14 multiplications as :
As per regular or straig
AME
x = XX XX XX KXXXAKAXAKKX AXE XK KEK 3

We can find same result using only four multiplication i.e. (x) (x’) (x') (x)
— In this method we can take square of each partial result.
n.
is suppose we want to calculate x7 mod n for some integers x and
- Another example
— Wecan compute that value is as follow :
eee

x)= x2 (x) DD
ree ee

(x’) mod n and then calculate

patil | ~ Inthe above case we calculate that (x) mod n, (x’) mod n,
AR

(x‘ mod n)] mod 't

[(x mod n) x (x’ mod n) x we want to find thea
mat hem ati cal wa y as: if their is value ‘a’
— So wecan define that as a
power x i.e. a’.
x
modn
> . i=
, x= wo”
i i

the Public Key

4.3.1(B) Efficient Operation using
ses the spe ed of the ope rat ions using public key, because
In RSA algorithm we can increa
choice called as ‘e’.
of that it create aparticular
of ‘e’ that is the choice is
choices are used for the value
— Almost all co mmon
the popular co mmon choices.
65537 (216 + 1) and the choice 3 and 17 are
e choi ces has only two I bits beca use of that it requires minimum multiplications to
Thes
s
find the exponentiation
mes accessible toa
like e = 3. So RSA algorithm beco
When we use very small public key
simple attack.
ers are uses the viilueee=3
Let’s take one example having 3 different RSA users. That 3 us
t lue for ‘n’ each have unique value called
in this RSA algorithm. But they have differen va
as. Gil N2, N3). If user x sends the encrypted message M to all three users, then it creates
3 cipher texts that are as follows :
Ctl = M3modN1

Scanned
a
by CamScanner
 FPerypt. @ SY
S. Security (MU
-Sem 8-Comp) 4-9
cr2 Public Key Cryptography
= M3 mod n2
ereptiy

mw bresente
as M3d< Ni, No.3. SMe M is less that each of

key generation Process

value of e that be is done that time user nee
comes r elatively pri d to selects the
me to (n)
If value of e is selected
and then Prime p and q
are generated,
We can find the gcd (O(n),
e) is ¥ 1 then us er can discard
generate a new p, q pai the p, q values and they can
r.
4.3.1(C) Efficient Operation using
the Private Key
C key, because At the time of Operation
we choose a constant value
called as ‘d’. When we use that
constant value d is smal] value,
that does not give the efficient
result.
he When we choose a small value of
choice is d that is ace essible to a brute-force attac
k, and also other
forms of cryptanalysis,
So there is one way to speed up the
plications to computation that is use of CRT. CRT is Chinese
remainder theorem, in that if we
want to calculate the value M =
cd mod n it gives .
intermediate result is as follows :
essible to a
X, C’ mod p

X, C* mod q
rolue e =3
Where, p and q are the relatively prime numbers.
Jue called C! mod p=C*™mod
x - p
it ereates
X, C* mod q=c?™-» mod q

Scanned by CamScanner
 ——

FP crypt. & Sys. Security (MU-Sem.6-Comp) 4-10 Public Key Cryptog fa eh

Ae
pment

— first when y,,

So q quantiti es of d mod (p — 1) and also d mod (q - 1) can be calculated
7 the end result that result is four time faster evaluates than M = c’ mod n directly,
check

4.3.1(D) Key Generation

tem eac h use r nee d to cre ate 4 pair of keys. This procedure
In the public key crypto sys
involves the following tasks :

(1) Finding two prime numbers called p and q.

ating the other.
(2) Select the e or d for calcul
the rel ati vel y prime numbers.
pan dq are
First we want to select p and q where means We
ient large set
ose the pri me num ber s that are mi ight be suffic
When we cho
s.
choose p and q as large number ber.
use ful tec hni que tha t finds the large prime num
At the present there is no any the random
use d for fi nd in g lar ge prime number is to pick
h we
So general procedure whic er is prime or not if that numb
er is
tha t number whether r tha
t numb
nu mb er and tes t nd
an odd
om nu m ber an d ch ec k that number until one is fou
not prime then choose the next rand
.
that tests are prime.
en t and pop ula r alg ori thm is use d for finding the prime number
fici
For example : One ef
thm”
that is “Miller-Robin Algori
en number is prime or not, if in te
ger nis
, the pr oc ed ur e for tes tin g the giv
In this algorithm
and randomly chosen integer a.
prime to perform the calculation we want to n
If n “Fails” the test that means n is not prime.
If n “passes” the test, then n may be prime or not prime.
But if n passes many tests with different randomly chosen values for a
Then we can say’s that the value of n is exactly prime number

oose an odd value or n at randomly.

(2) Choose an integer a <n at randomly

Scanned by CamScanner
(ec Crypt. & Sys. Security (MU-Sem. 6-“Comp) 4-11 Public Key Cryptography

(3) Perform the primary test using Miller-Rabin Algorithm. If n fails the test, then discard
the value of n and go to step 1
(4) If n has passed the number of tests which are sufficient to decide the prime number
then accept n; otherwise go to the step 2.
- When we find the prime numbers i.e. p and q that time process of key generation is
completed by selecting a value of e and computing d or vice versa.

4.3.1(E) The Security of RSA

There are four possible attacks on RSA as follows:

1. Brute force attack ; Hacker tries all possible private keys.
uct of two
2. Mathematical attacks : Hackers, attacks on n ie. tries to factorize the prod
prime numbers.
3. Timing attacks: It totally depends on running time of decryption algorithm.
of RSA algorithm.
4. Chosen Ciphertext attack : Hacker tries to attack on the properties

4.3.2 Solved Examples on RSA Algorithm

Ex, 4.3.1
private key d
Prime number p = 3, q = 11, @ = 3, m= 00111011 (m-message) then calculate
and cipher text C.
Soln. :
Use RSA Algorithm [Refer Section 4.3]
Step1: Prime numbers p=3, q=11 7
Step2: n=p*q= 33
Step3: o(n) = (P-1)*@-1)=G- 1) *(11-1)
2*10=20
Step4: Select e such that it is relatively a to (n) i.e. ged(e, (n))= :

ged (¢, 20) =

gcd (3, 20) 1
e 3 is given.

Step5:; Calculate d such that

d = e' mod¢(n)

Scanned by CamScanner
Po LT crypt.& Sys. Sys. Secur
SSeS Security (MU-Sem. 6-Comp) 4-12 Public Key Crpog |
edmod@(n) = 1
3*dmod20= 1
4s (O(n) * i) +1
e

Find d such that it is divisible by e.

Where i= 1to9

d= = 20xi)+ 1 _= 20 xi) +1 21_

=3=/
j 3 3

d=7

Step 6: Publickey = {e,n}= {3, 33}

| Privatekey = {d,n} ={7, 33}

message. —
Step 7: Calculate cipher text message for given plain text
written as 59
binary 0011 1011 which can be
f | Plain text message given in
on
| Binary to decimal conversi
1)
P=59
0011=>15901
p<n=59 mod 33
| c¢ = P® modn where
ae mod 33
= [59° mod 33] * [59 mod 33]
| = 3481 mod 33 * [59 mod 33] mod 33
hd c = [16 * 26] mod33
c = 20
|
| Step 8: Calculate plain text message.
20
p.= c’modn=mo d '33
by
L dt P = [20' mod 33] * [20° mod 33] mod 33
*
= [20° mod 33] * [20° mod 33] * [20° mod 33]
[20' mod 33] mod 33
*
d 33] * [400 mod 33]
= [400 mod 33] * [400 mo
[20 mod 33] mod 33
= [4] * [4] * [4] * [20] mod 33 = 1280 mod 33
P= 6

Scanned by CamScanner
FT cro. & Sys, Security (MU-Sem, 6-Comp) 4.13 Public Kay Cryptography.

Ex. 4.3.2

Calculate cipher text using RSA algorithm given data as follows : Prime numbers p, q a8 7, 17
respectively and plain text message is to be send is 10,
Soln.: By using RSA Algorithm : [Refer Section 4.3 ]

Step1: Prime numbers are 7 and17 a=7, b=17

Step2: n=a*b=7*17=119. .
Step3: (mn) =(a-1) *(b-1) = (7-1) * (17-1)
=6* 16=96
Step4: Select ¢ such that it is relatively prime to 9 (n) i.e. ged(e, $(n)) = i
If we select s then it is notrelatively prime p 96 because
3m b*2
96 = 2*2*24*2"2*3
gcd must
be 1.
We select e as 5 (gcd must be 1).
5S = 1S:
ged (5,96) = 1
Step5: Calculate d such that
d = e'modo(n) —
edmod¢$(n) = 1

5*dmod 96 = 1
Using RSA algorithm
is (eave)

OF *
wheel? toe 22 ptt i94
d must be completely divisible by ‘e’,
“ eeret = 39¢ - 0823) +1
ae as =57.8
(96 * 4) +1
= 5 =77

d = 77

Scanned by CamScanner
 Using RSA Algori
thm [Refer Sect;
on 4.3]
Step1: Pand Q denoted as
@ and b in our Algori
thm
a= 13, b=17
Step 2: =8*b= 13 * 17-991 | Steps, S
o(n) ~@-D*0~)= | te
03 -1e¢7_p
=12* 16= 192 | E
Select e such that itis re i is Yieyj lc
latively Prime to (n) cis given as 19,

%
Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Com 4-15 Public K Cryptography
et t. &

Step5: Calculat e that,

d such

d = e°' mod (a) e* mod ¢ (n) =1

(b(* n)
i) +1
d= c where i= 1 to9

_ (192*191)+1 (192 *2) +1 = 20.2

= =10.1= 19

_—- (192*193)+1 (192 *4) +1 = 40.4

= 30.3 = 19

192 * 5 «6
éOr tt = 505 =(927 +! _ 60.6
(192 * 7) +1 (192 * 8) +1
= 19 = 70.7 = 19 = 80.8

(192
* 9) +1
me 19. 72!
d= 91
Step6: Public key = {e,n} = {19, 221}
.
Private key = {d,n} = {91,221}
12.
Step 7: Calculate cipher text c for given plain text message
¢ p modn
it

12” mod 221

[122° mod 221] * [12° mod 221] * [12° mod 221]
[12° mod 221] * [12° mod 221] #[12° mod 221] *
[12* mod 221] mod 221
[207] * [207] * [207] * [183] mod 221
c 181
original plain
Step8: Send c = 181 to receiver as if required for decryption to obtain
text p.
P oc! mod n =181” mod 221
This yields value of original plain text message i.e. 12
P = 12 : :

|
Scanned by CamScanner
eS
——_—_—— a. |

EF crypt. & Sys. Security (MU-Sem. 6-Comp) _4-16 Si el Con ee

Ex. 4.3.4

In public key cryptosystem given N = 187 and encryption Key

(E) as = 17. Find ,,

corresponding private key (D).

Soln.:

RSA Algorithm [Refer Section 4.3]

a and b. if we select a = 17 and } 3]
Step1: Select two large random prime numbers
which results n = 187.
11 =187.
n = a*¥b=17*
Step2: Calculate $(n) =(a- 1) (6-1) -
(17- 1) (11-1)
16 * 10 = 160
ll

Step 3; Select e such that it is relatively prime to $ (a) and less than @ (n). But : US give

in problem statement that e = 17.

Step 4: Calculate d such that,

d = e' mod (n)

e'modo(n) = 1
g = GOMEDAL
€
herei= 110.20
(160 * 1) +1 (160
* 2) +1

* * 7
= 40 = fh ag iO = +1 3770
160*5) +1 ,
= ee S)+t _ 56.52
_ (160*7)+1 me

160* 9) +
- i281 if ay
— (60* 12)+1
17 =113

d = 113

Scanned by CamScanner
 0) SMETYPt
Paes the follow ing -
=17 a=,
00%,
| (i) p=7,
Maio
F=11, en
"
47 Me=o5
8 hi (iil) Find the Co
rrespondin 9 ds
for ()) a
Soin. : nd (ii) a
ng dec
i Use RSA Alg
orithm

Step 4: Select e such that it i ‘Slatively

ged(e,20) = | prime to 9 (n) ie. godte, (n))=1
gcd (7, 20) = ]

© = Tis given,
Step5: Calculate d such that
d = 7! mod $(n)
edmod (n) = |
7#dmod20 = 1.
.
ds GO)" D+ x

ere = 1 10 100
Find d such that it is divisi
ble by e,
Consideri = 1 you can contin
ue till d will get integer value,
Q(n) = 20 ande=7
d = (20*1)+1)/7=217=3
-d= 3

Step6: Public key = fe, n} = {7, 33}

: Private key = (d, n} = (3,
33}

Scanned by CamScanner
ET crypt & sys Securty (MU-Sem. 6-Comp) _ 4-18
LE
Lr,,

ns
Step7: — Calculate cipher text message for given plain text message. .
Plain text message given is M = 12 we consider M as i.e. P = 12

C = p‘modn where p<n

= 12’ mod 33
C = 12.
Step8: — Calculate plain text message. ‘
P = c’ mod n=12? mod 33
P = 12
When we convert plain text message into cipher text the corresponding cipher
tex; he
the same plain text.

ii) p=7 , q=11, e=17, M=25

By using RSA Algorithm : [Refer Section 4.3]

Step1: Prime numbers are 7 and 11 as per our notations a = 7, b=11

Step2: n=a*b=7*11=77. .
Step3: (n) =(a-+ 1)
(b-1)
=(7-1) * (11-1) =6* 10=60
Step4: Select e such that it is relatively prime to $ (n) ie.
gcd(e, o(n)) = 1
€ is givén as 17

ged (17,60) = 1 (ged must be 1)

Step5: Calculate d such that

d = €' mod ¢ (n)

edmod¢(n) = 1
17*dmod = |
Using RSA algorithm

d = @a)*)er
: where i = | to 100
((60*1) +1 17)
a = 3.58
dm ust be completely
divisible by ‘e”,

Scanned by CamScanner
 ———
Public: Key CiCc ryptography
After puttin
putti g value of i. = 15 into above formu
la we got value of d
= ((60*15) +1) 17) =
53
d= 53

Step 6: Public key = {e,n} = {17,77}

Private key =
{d, n} = {53,77}
Step 7: Calculate cipher text Message for given plain text message M = 25.
Plain text denoted as P = 25 (m denoted as P)
c P* mod n
I

25"7 mod 77
It can be represented as
CcC=9

Step 8: Now calculate plain text P required at the time of decryption. Once sender sends 9
to the receiver then receiver can calculate plain text
p.
P = C'modn

= 9° mod 77
P = 25

Decryption process always yields original plain text message

§ . P= 25

(iii) Find the corresponding ds for (i). and (ii) and decrypt the cipher texts
-will decrypt
Decryption key for question (i) is d =3 and for question (it) is d= 53 which
the message successfully.

Ex. 4.3.6 MU. ele Lema! Marks |

Inan RSA system the public: kay: ie a of uuser A is defined ‘28:

private key d. What is the.cipher text When you: encrypt message
Soln.:

By using RSA Algorithm : [Refer Section 4.3]

In the problem statement Public key (e, n) = (7,119) is given, means we don’t need to
select ¢ & n. if we select following prime numbers which results n= 119 as shown below.
Step 1: ers
Prime numbare 7 and 17 a=7, b=17

J
Scanned by CamScanner
 et Crypt. & Sys. Security (MU-Sem. 6-Comp) _ 4-20

Step2:;) n=a*b=7*17=119,

Step3: 4(n)=(@-1), (6-1) _ | lene.

=(7-
1) * (17-1) Becau
=6*16=96
| Step4: — Select e such that it is relatively prime to 6 (n) i.e. ged(e, O(n) = 1
E =7 as per problem statement. Ex. 4.3.7
Step5: Calculate d such that errant ti
d = e& 'mod ¢ (n) ee
s . Soin. :
ed mod@(n) = 1 .
; Usin
i 7*dmod96 = 1
} : p=3
1 Using RSA algorithm Step 1:

d = ((o(m) *i)+1)/7 wherei=1 to 100 ‘ _ * Step2:

= (96*14 1/7 = 13.85 Step 3:
f + d must be completely divisible by ‘ce’,
“3

= -((96*2)
+ 1)/7 = 21.57 yes Step 4:
((96*3) + 1/7 = 48.28 |
il

((96*4)
+ 1)/7 = 55 :
d = 55 . Step 5:
Step 6: : Publici key= {e, n} = {7,
119}
s : Private key = {d, n} = (55, 119}
P72 Pa n ul ate cii pher text
Calc
Message for given ?
Plain text messa
text denoted as P= 10(m deno
ted as p)
C = Pmodn “ase
|
o i
| a

Scanned by CamScanner
 SLY. & Sys, Secours,
arity (MU Sam, §-Comp
)

|
i .
| Using RSA algorithm

p=3, q=11, e=7 and M ='5

pee hs Prime number p= 3, q~ 11

Seas MEP
e Aled ay
Step3: $(n) = (p-1) *(q—1)
=G6-1)4(1~1)-
$(m) = 2* 10229
p 4:
Step Selelect € such that ititiis
Telatively | prime to (0)
ie. ged (e, (n)y = 1
gcd (e, 20) = 1 : ged (7, 20)=1

€ = 7. is given.
Step5: Calculdate
such that co
d = e'mod o(n)
edmodd@(n) = 1
7*d mod 20 = 1
at (> (n) * i) +1
€

Find d such that is divisible by,e.

where, i = 1to100

d = QOKD#
7 ee ja;
20+1 21 ‘

nd5 d = 3

Step6: Public key = {e, n} = {7, 33}

———

Private key = (d,n} = (3, 33}

Scanned by CamScanner
 sage plain text M = 5.

Calculate cipher text message for given plain text mes

C = M modn where M<n

= 5’ mod 33
33
= (5° mod 33) * (5°* mod 33) * mod
57% mod 33) *mod 33
= (5° mod 33) * (5'* mod 33) * (
d 33
* (25 mod 33) *mo
= (125 mod 33)* (25 mod 33)
= (26 *25* 25) * mod 33
= 16250 * mod 33
c= 14 i ae

Ex. 4.3.8
te
; n two pririm e nun mber
yption algorithm to be used is . RSA. Give s 11 anes ‘and 3 anand pub
\ | Th € encr
the ciphertext
e given . plaintext is 7,
| - key (8) isi 3. Calculate the decryption key and Calculat
Soln.: -

Using RSA algorithm

Given: a=11, b=3, e=3 and plain text P= 7

.
i

Step 1: Prime number a= 11,b=3

le Step2: nea*b=11*3=33

Step3: $(n)=(a-1)* (6-1)

. = (11-1)*#@-1)=10*2
= 20
: Select e such that it is relatively prime to (n) i.e. ged (e, $ (n)) = 1. a

ged (e,20) = 1

ged (3,20) = 1
e=3 is given.
Step5: Calculate d such that’
d = e' mod
9 (n)
edmod@(n) = 1

Scanned by CamScanner
 3 *d mod 20 = |

d = G@si+1
Find d such that it is divisible bye

Where i = 1to100
qd = GO*iet where i= 1;
3

d=
~J

step 6: Public key = {e, n} = (3, 33}

Private key = {d,n} = {7,33}

“Step 7: Calculate ciphér text message for given plain text message-
Plain text message = 7
c= P* modn where P<n

= 7 mod 33
= [7° mod 33] * [7 mod 33] * mod 33
= [49 mod 33] * [7 mod 33] * mod 33

= [16 *7] mod 33

i
c = 13
—Ea
so, cipher text = 3

Ex. 4.3.9
of ‘e’ and ‘d’ using RSA algorithm
d ‘Q’ = 19 find the value
For the given parameters ‘p= 3an
and encrypt message ‘M' = 6.
: ;
Solin. :
19
num ber s ate P = 3 and Q= 19 we are denoting P & Qasa=3, b=
Step 1: Prime
Step2: n=a*b=3*19=57

Step3: o(n)= (a-1), -1)

= (3-1)* (19-1)

Scanned by CamScanner
 i |

Prono & Sys. Security (MU-Sem. 6-Comp) Public Key Cr, —_

_ 4-24.

O(n)= 2* 18 =36
(n))= 11 SO< Hn) xz
Step 4: Select e such that it is relatively prime to (n) i. geal lh

selected as 5, gcd (5, 36)= 1.

is also relatively prime to ¢ (n)
can sel ect ¢as 7 be ca us e 7
Here ged(5,36)= 1 One
will select ¢ as 7
ce we
It better if you select large private key ‘therefor
ged(7,36) =
| Step 5: Calculate d such that
d e | mod (n)

ed mod
@ (n) 1
7 *d mod 36 = 1

Using RSA ene

1 to 100
= ((o(n) +) + 1)/7 wherei =
—
((36*1) + DM = 5.28

d must be completely divisible by* e'.

(3642) +1)/7= 10.42
il

((36*3) + 1)/7 = 15.57

"

((36*4) + 1)/7 = 20.71

((36*5) + 1)/7 = 25.85
((36*6) + 1)/7 =31
d — 31
Step 6: Public key = {e,n} = {7,57}
Private key = {d,n (31, 57}
= }
Step 7: Calculate cipher text message for given plain text message m = 6.
Plain text denoted as p = 6 (m denoted as p)
Cc P* mod n
6’ mod 57
279936 mod 57
5

Scanned by CamScanner
 Public Kay Cryptography

’ . ¢
at e pl ai n toxt P. Once sender sends 9 to the receiver then receiver can
ow calc ul
n text p:
— calculate plai
p = C’modn

= 9" mod 57=6

= 6
‘on process always yields original message / plain text j.¢,
peetyP"
. p= 9 mod 57=6
P=6

s vosmwws_
e—=r—:U“

“4 Knapsack Algorithm
—
should take the item as 2
in O-l Knapsack, items cannot be broken which means the thief
ng it as 0-1 Knapsack.
whole or should leave it. This is reason behind calli
the value ofxjcan be either 0or1, where other
Hence, in case of 0-1 Knapsack,
constraints remain the same.

0-1 Knapsack cannot be solved by Greedy approach. Greedy approach does not ensure an
optimal solution. In many instances, Greedy approach may give an optimal solution.
statement.
The following examples will establish our

Example 1
n
- Letus consider that the capacity of the knapsack is W = 25 and the items are as show in
the following table.

“Profit| 24| 18 | is | 10
“Weight 24 | 10 | 10 | 7
~ Without considering the profit per unit weight (p/w,), if we apply Greedy approach to

solve this problem, first itemA will be selected as it will contribute maxsmum profit
among all the elements. ;

Scanned by CamScanner
 ene & Sys. Security (MU- Sem.6-Comp) _4-2
6
— After selecting item A, no more item will be selected. Hence, for this
Biven sq aw:
‘total profit is 24. Whereas, the optimal solution can be achieved by Selecting j item at
C, where the total profit is 18 + 18 = 36. “bey
Example 2
— Instead of selecting the items based on the overall benefit, in this example the; tna,

selected based on ratio p/w;. Let us consider that the capacity of the knapsack sy.
;
and the items are as shown in the following table. 4
ee

: 280 | 120
40 | 20
7 6
—- Using the Greedy approach, first itemA is selected. Then, the next item Bis
Chose
Hence, the total profit is 100 + 280 =380. However, the optimal solutio
n Of this instays
can be achieved by selecting items, B and C, where the total profit is 280 + 129
-= 40)
— Hence, it can be concluded that Greedy approach may not give
an optimal solution,
= To solve 0-1 Knapsack, Dynamic Programming approach is requi
red.
4.4.1 Problem Statement

A thief is robbing a store and can carry a max;mal

weight of W into his knapsack. Ther
are n items and weight of i" item is w, and the profit of selec
ting this item isp; What ites
should the thief take? |
4.4.2 Dynamic-Programming Approach

Letibe the highest-numbered item in an optimal soluti

§ for
onW dollars. Tha
S'=S - fi} is an optimal solution for W « w; dollars
and the value to the solution Sis V;pls™|
value of the sub-problem.

We can express this fact in the following formula: define efi, w] to be the solution
items 1,2, ... , iand the max;mum weight w.

|
Scanned by CamScanner
 Public Key Cryplograpny

following inputs ;
The algorithm takes the
Ww
weight
axymum
The m

The nu
mber of items 1 Wa>
eee Vim and w = <wy, W2 jana
o sequences y = <V pp Ve
_ The (v, w, n, W)
sack
pyna mi-0-I-Knap
gto Wdo
& w =

fo. wl =?
meefai. n0) = 0
eek to W do
ifw; éw then
then
i-l, wi)
. ify, + ef
off, ww
efi, w] = ¥i +
w]
geeefvl= ol) oad
ear
Lion
g
e a,
st ar ti ng at e[ m, wand tracin
e,
d from the tabl
n
efi, ¥) = ° S
ass
n be d e d u c e
s to take ca
_ The set of item es came from. e
s w h e r e th e op t i m a l va lu
lu ti on , an d w e continue —
packwar d the so
th en i t e i m i s not part of w e c o n t i n u e tracing with
l, w], and
_ Ifeli, wl = cfi- iis pa rt of the solution,
te m
Otherwise, i
with cfi-1, 1
cfi-1, w-W]
;
Analysis entry
44.3
(n + 1) .( w + 1) entries, where each
as table ¢ ha s
al go ri th m ta ke s 8(n, w) times
This
compute.
requires 6(1) time to

4.5 ElGamal Algorithm

bl ic -k ey cr yp to sy st em s pr oposed. Many of them are

other pu
~ Along with RSA, there are Problem.
te Logari thm
based on different versions of the Discre m
; *
e d on th e Di screte Logarith
iptic Curve Variant, is bas
Gamal cryptosystem, called Ell
- El

ngth fro m the ass ump tio n that the discrete logarithms cannot be
Proble: m, Itderives the stre
i

i
=

Scanned by CamScanner
 PB cont. & Sys. Secur:
Thus the private k

4. 4 5iF Encryption

ae Generation of The generation

EIGamal Key Pair ess for RSA. But

453 ElGamal E
|
Suppose sendet
Choosing a 8enerator elemen
6
t Ps (p, & ¥)» then:
5
This number i — Sender represe:
must be betwee
n 1 and p — 1, but
A o Itisa senerator of the
cannot be any number, ;
'
_ Toencrypt the
, multiplicative group of
3 integers modulo p- — Theencryptior
every integer m co “prime to p, there is This Meany by t|
an integer k such that g= |
o Randomly
For example, 3 is gene Tator of group 5 (Zs
= (1, 2, 3, 4}). o Compute
. Nf 3" | 3"mod 5 Cc

1 Cc
3 4.
= Send the cipt
iA 2 9 4 | - Referring to
4 | 3 27 2 encrypted as

4 | 4 81 |
o Randon
o Compu
- Choosing the private key. The private key x is any number bigger than 1 and smalic
than p-1.
— Computing part of the public key. The value y is computed from the parameters p, 2
~ Send the ci
the private key x as follows :
45.4 ElGan
y = g*modp
— Obtaining Public key. The ElGamal public key consists of the three parameters (p, g.¥) | To decryp

— For example, suppose that p = 17 and that g = 6 (It can be confirmed that 6 is a gent 2 Com
, an 7! 71,5
of group Z;7). The private key x can be any number bigger than | and smaller than
10 os

we choose x = 5. The value y is then computed as follows : S Obta

y = 6° mod 17=7

Scanned by CamScanner
-

+, & Sys. Security (MU-Sem.6-Comp) _ 4-29 Public Key Cryptography

“ws the private key is 62 and the public key is (17, 6, 7).
-

52 encryption and Decryption

the equivalent
The generation of an ElGamal key pair is comparatively simpler than
RSA. But the encryption and decryption are slightly more complex than RSA.
rocess for
P
elGamal Encryption
public key is
suppose sender wishes to send a plaintext to someone whose ElGamal
u
y), then -
(p» &
ers modulo p.
5
endet represents the p Jaintext as a series of numb
a number modulo p.
crypt the first plaintext P, which is represented as
To enc
follows:
cry pti on pro ces s to obtain the ciphertext C is as
The en
r k;
ly generate a numbe
° Random re -
o - Compute two values C1 and C2, whe
Cl = gmodp
C2 = (P’y‘) modp
nsisting of the two separate values (C1, C2), sent together.
send the ciphertext C, co {[is
l ke y ge ne ra ti on ex am pl e given above, the plaintext P=
Referring to our ElGama
encrypted as follows:
, say k= 10
o Randomly generatea number
where —
o Compute the two values Cl and C2,
C1 = 6° mod 17
"

C2 = (13°7") mod 17=9

Send the ciphertext C = (C1, C2) = (15, 9).

4.5.4 ElGamal Decryption

s are taken :
~ Todecrypt the ciphertext (C1, C2) using private key x, the following two step
is (C1)*, generally referred
© Compute the modular inverse of (C1)* modulo p, which
to as decryption factor.
© Obtain the plaintext by using the following formula —
C2x(C1)* modp = Plaintext

J
Scanned by CamScanner
 encrypted as follows -
© Randomly Senera
te a number, say
© k=
Compute the two va
lues Cl and C2, 0
here—
i Cl = 6 mod 17
C2 = (13°7") mod 17=9
Send the ciphertext C = (C1, C2)
= (15, 9).
4.5.4 ElGamal Decryption

_
To decrypt the ciphertext (C1, C2) using private key x, the following two steps are taken:

oC ompu te the modular inverse of (C1)* modulo p, which is (C1)*, generally referred
to as decryption factor. :
© Obtain the plaintext by using the following formula
C2x(C1)* modp = Plaintext

Scanned by CamScanner
 Syllabus

Key Manage
third party. p

: Ie is Nes. -

Scanned by CamScanner
 L Module 2

Key Management
Techniques

Syllabus
Key management techniques : using symmetric and asymmetric algorithms and trusted
third party. Diffie Hellman Key exchange
algorithm.

5.1 Key Distribution and Management

—_

Before discussing the key generation and usage let us first discuss what is Key.

5.1.1 Management
parties and
- The main aim of Key management is to generate a secret key between two
store it to prove the authenticity between communicating users.
generation, storage and
- Key management is the techniques which support key
maintenance of the key relationship between authorized users.
a broad survey of the
- The purpose of this unit is to give idea about the issues involved and
various aspects of key management and distribution of keys.
- Key management plays an important role in cryptography as the basis, for securing
ctyptographic goals like a authentication,
confidentiality, data integrity,, and digital
signatures.
- It is not the case where communicating parties are using same key for encryption and
decryption or whether two different keys are used for encryption and decryption the basic ;
Purpose of key management is key generation, key distribution, controlling the use of
keys, updating, destruction of keys and storage, backup/recovery.

Scanned by CamScanner
 [ee Crypt. & Sys. Security (MU-Sem. 6-Comp) __5-2 Key Managemen tech
ag « a mic pt aS
symmetrici as well
known
Key can generated by using well
be
— prthere are NB
cryptographic algorithms like
Rive: SA), Diffie Het
st Shamir Adleman n and(Rdecryption of data
exchange algorithms and can be used
later for encryptio

: Key Management Techniques ~ Using symmetric ang ned

ree ae Syllabus Topic i
y ope - Algo rithms and Trusted Third Party Asymima *
: a = per need. Ever
} : :
5.1.2 Symmetric Key Distribution using Symmetric and Asymmetric
Encryptions called as sessi(i

session key is
5.1.2(A) Symmetric Key Distribution using Symmetric Encryption
connection, tre

1. Key distribution Scenario -

End user use
2. Hierarchical Key control e distribution c
7 py Key Distri
3 F lifeti 5
. Session key lifetime
; _ so KDC shar
A transparent key control scHeme .
4.
| _ Bach user has
5. Decentralized key control
— When two parties share the same key that protected from access by others, th some fashion

nothing but symmetric key and the process between two parties that exchanges €S th the
called as symmetric encryption. by

— Ifhace
two persee eef . . i with
ith each other viai Messages or exchange dal
|

— Two parties/persons X and Y achieved the key distribution in various ways :

1, X can select a key and physically handover to the Y.
2. A third person can select key and handover to X and Y.
3) :
If X and Y uses a key previously then any one person i.e. X or Y can send the old
with encryption to other person.
4. X and Y has its own encrypted connection to third person and that person can delit
| a key on the encrypted links to X and Y. a i 1 Key distrit
~ The gc
: a the manual delivery of the key. In link encryption device data
cen only two partners. This is end to end encryption. ee distrib
— But in distributed system one host can communicated with many others hosts or dev| ~ Let ug
so because of that each device needs many keys that supplied dynamically. One ti
~ In wide-area distributed system it is difficult to manage aumber of keys-

Scanned by CamScanner
 i -Sem. 6-Comp
(MU —==—= Key management techni ues

N ho sts communicate each other than [N(N ~ 1)\/2 keys are required.
fe i
une tackeT succeeds to gaining access to any one key then other related keys will be
when at
opened tribution centre is responsible for distributing keys in the form of pairs of users as
res distr
w yery Use shares a unique key with key distribution center
.

mporary Key communication is encrypted between end users, This temporary key
as ee key.
sed for some logical duration in between connection like, in frame relay
port connection etc. after that session key will be discarded.

ses same networking facilities which have session key provided by key
yser U enter. Session key is in the form of encryption. Master key is also provided
gjstribution e
spution Center (KDC).
by Key Dist system.
Master key to end user or
so KDC shares iat
bution in
gach user bas one master key shares with key distribution centerthat can be distri
some fashion.

Cryptographic
Data protection :

Session : Cryptographic
keys protection

Master No Cryptographic
keys protection

Fig. 5.1.1 : The use of key Hierarchy

q '. Key distribution Scenario
~ The scenario refers each user — its own unique key calle master key with key
distribution center,

i assume that user X wishes to create a connection with user Y, So he requires

me time séssion key for protecting data.

A
Scanned by CamScanner
 r So X has mater 7
Fins also
isa its
+ own Key K, that is Known
Mater key K, shares only itself and the key distribution
with key distribution Center, andy
center.
:
j . Key distribution
Steps

Authentication steps
i
| Fig. 5.1.2 : Key Distribution Scenario
So following Steps are required
:
1. X sends request for session key to the KDC
whic h Protect the Connegti. |
between.X and Y. The mess . ‘
age incites the identity of X and y and a tig |
On |

identifier, which is used for the transactio

n.
2. KDC sends back the message
to sender X is in the form of
encryption Using K,
— SoonlyX can read the original messag
e .
— The message includes 2 ite
ms for X :
1. One-time session key f

2. Original request message

called as nonce. i
In side Y it also includes 2 item
,
1, One-time session ke
~ FS
y
2. Identifier of X
—
X stores the session ke
y for next Session an
with Ky, d forward that key
to Y, that is encrypted
2. Hierarchical key
contro}

dif; ficult to handle area key

In large area, So distribution center does not work properly. It |
it is not done in
Because of that opt Practically.
ion of k ey di
stribution center
or hierarchy of Key Distrib replace with Hierarchical key cont
ution Center (KDC ), |

Scanned by CamScanner
ee Crypt. & Sys. Security (MU-Sem. 6-Com 5-5 Key mane
jement tachniquaes

- For example : Each local KDC is responsible for small area like single
building or
single LAN.
If two different domain wants to communicate or share some key that time local
oem KDC
connect or contact with global KDC.
The hierarchical approach having three layer or more layer,

It depends on the geographic scope number of the users.

This scheme minimises the effort used in master key distribution

sess ion key lifetime

er,
Session key is used for exchanging data over the network from sender to receiv
It provides security because each cipher text with one session key is required. So if
delay of session key affects on message and network.
connection
Because of that security manager must try to balance these competing
oriented protocol, it uses same session key, so each have same life time or life period.
Session key for the length of time or some amount of time connection is open.
If connection less protocol each new session key have its own new life time so each
ge.
session key has different life time or life period. For each exchan
or period only and
So better way is that given session key fora fixed aniount of time
only fixed number of transaction.
4, Atransparent key control scheme
se it provides end
This scheme is used in network or transport level. It is useful becau
{
to end encryption.
example is TCP. -
- The scheme mostly used in connection oriented end to end protocol

Security
service

Host 2

Fig. 5.1.3 : Automatic key Distribution for Connection Oriented Protocol

| 1, Host send the packet request connection

a a

Scanned by CamScanner ;
 a — : > & sys
; : 4 C g
Ask for KDC for session ity | fet
3. KDC distributes session key to both hosts | we vs° e
4. Buffered pi packet transmitted. . | r Ie
site ¥
pa ne
- In Fig. 5.1.3, Host wants to established connection with Another hos " 2 - acces
ak, * en '
the request packet the KDC he Ye, pin £9;
- Key distribution center provides the session key to the host USiNg the en . electro™
key also provide to the another host. TY Ption t. | air B
4 ve i
— KDCis encrypted with master key only with the host, j a reributio” ;
5. Decentralized key control i is
' Application
' o PP”
- This approach requires that each system can communicate in sec
. . ’
.
i ¢ are SO
ure Mariner
is need to use multiple master’s keys for configuration, 50 then |F BS Ther
.
- Full decentralization is not possible in practical for large “, area netw ork. "" This prop?
Key:
- So session key will be created as follows : i: eight t
: 1. X sends the request to Y for session key including with or j
iginal Message M,, following P'
2. Y replay to'the : X with original encrypte me
d ss a using shared
“SSage
replay attach with session key selected of f(™M,), mater key. Thy
another M,.
3. Using the new session key x returns f(M,
) to Y.
ID, || M,

@ E(KmlKs||1Dx][10,|)F(M,))]
F(M.) ©

@ EK, |IF(Mg))
Fig. 5.1.4 : Decentralized Key distribution
« . ; ; a

ae
required,
* ninal contains at most (n — 1) master key as multiple session keys®

_ Controlling Key Usage

| | .
— Using key hierarchy and
autom reduce the n¥
ated~— key distribution technique. We can
of keys,

Scanned by CamScanner
ka Crypt. & Sys. Security (MU-Sem. 6-Com ) 5-7 Rev mannoanank eannmeaae |

We use different types of session key like :

1, Data Encryption : Use for communication in the network

2, File Encryption key : Used for encrypting file which stored for publically available
or accessible on the locations,

3. PIN Encryption key : PIN is personal Identification number. It is mostly used for
electronic transaction like banking or €-transactions.

Basically master key is physically secured using cryptographic hardware of key

distribution centre.
Application program uses the session key which is encrypted with the master key.

There are some limitation to use any key for that purpose of uses tag with session key.
This proposed technique is used with.DES in that it used 8 extra bits in each 64 bit DES
key. :
That eight bits are reserved for parity checking from,the key tag. That bits are used for

following purposes :
Control Master Session
ke
Control Master
r
Encrypted
vector ey ¥ vector key Session key

Ciphex text input

Encrypted session key

Fig. 5.1.5 : Control Vector Encryption’ Fig. 5.1.6 : Control Vector, Decryption

- All the time of key generation control vector is cryptographically coupled with the key.
'Pling and decoupling process can be given to Fig. 5.1.5.
* ‘- 1: Control vector is going through the hash function that produces some value
Sagth of that value is equal to the encrypted
key.

Scanned by CamScanner
ll
 _5-8 Key management techn, |
EP crypt. & Sys. Security (MU-Sem.6-Comp)

- Step 2: 2: Hash
Hash function
func! reduces or maps the value from large . input range to the smay) inp : ar —tyPt
Crypt. & Sys.

- i 2. Q gener,
Pe tke number of range is 1 to 100 that can be reduces
by 10% so range is now | to ly ; _ toP,
roximately. /
= ste 3: ihe that Hash value is then XOR with the master key.to produte some Op, a, hon:
This output is used as for key ingut, | jf ; —_
- This key input is used for encrypting the session key thus, i
Hash value = H=htcv) , At the end |
Key input = M,@H from eavesd
Cipher text = E([M,@ H], §,)
, ‘ 4 2
Where, M, is the master key and S,is session key. For plain text we can TeCove,
session key using following operation:
D([Mx@ H),E([M,@ H],S,))
— Recovering of session key we use both master key that user must =
With Kpc and
control vector. Because of that link between séssion key and. its
contro]
Vector i
maintained.
— ,
There are two main advantages of control Fi
vector over the use of an 8 bit tag.
a: .
1, There is no restriction for control vector to its length. es t K
2 eee tay
2. Itis available in clear form at all stages of operation.
i, F Sends
5.1.2(B) Distribution of Symmetric none N,
Key (Secret Rey) using Asym metric
Enotyp tlon 2. Qsends
(1) Simple Secret Key Distribution nonce N

(2) Secrete Key Distribution with Confidential 3. Preturn

and Authentication
(3) Hybrid Schemes : . 4 Pselect
| 5. Q decry
1. Simple Secret Key Distribution 3. Hybrid Soh
If P wants to communicate with Q following This technig
procedure is used shown in Fig 5.1.7. |
1. P generates a publici Key/private
‘
that shares g
key pair and transmits‘ a message
.
to Q
isis wi
Public key (PU,) and identifier P (ID,).
cons th the mas
Public key i,

Scanned by CamScanner
- El
. m.6-Comp)
(FT cop t, 8& Sys.Sys. Securi Securly (MU-Se 5.9 techniques
Koy management

2. Qgenerates a session key K, and enc using P'sP’ public key (PU,) and transmits
“oP. typteted d using

usj
p decrypts the session key K, s by DY using & jits own privat
:
e key. Now both P and Q
suaw Kp
a
4. P discards public/private key and Q discards P's public k
— rae c key.
K,. The communication ion isi secure
At the end of communication both P and Q discards fj
dropping. The communication b ecomes unsafe fro m man-in-m
j iddle attack.
from eaves:

ooQing
4

es
: Anitiator 4

butio n of Secret Keys using Public-key Cryptography

Fig. 5.1.7: Distri
st ri bu ti on wi th Confidentiality and Authentication
Di
9, Sec ret Key (Dp) and
e using Q’s public key consists of identifier of P
ed messag
1, P sends € ncrypt
none N,.
us in g P’s pu bl ic ke y consists of P’s nonce N, and Q’s
message
9, Qsends an encrypted
nonce N>.
ke y to Q .
us in g Q’s pu bl ic
3, encryP ted
Preturns N,,
K, an ds en d a me ss ag e M =E (PUg, E(PR,, Ks) to Q.
4, Pselects a secret key
key.
5. Qdecrypts it to recover the secret
3. Hybrid Schemes
Dis tri but ion Ce nt er ) ke y Distribution Center
KDC (Key
This technique retains the use of ecret session keys encryp
ted
that shares a secret master key with each user and distributes s

with the master key. 7 |

Public key is used to distribute the master key.

Scanned by CamScanner
d
 Key me
managementmiSchnig
eT cy
:

n of Public Keys
5.1.3 Distributlo keys :
public
distribution of
Following techniques are used fo r the
1. Public Announcement
2. Publicly Available Directory
3. Pul
3. Public Key Authority
4. Public - key Certificates

4. Public Announcement
her key tgbe
as RSA, any user can send his or
In a public key cryptograp hy, such
own in Fig. 5.1.8.
other user or broadcast it to the group as sh

Fig. 5.1.8 : Public Announcement

— This type of approach is having a biggest drawback. Any user can pretend to be ate
Pand send a public to another user or broadcast it.
— Until user A has got this thing and alerts to other user, a ffstenider 1si able to read
encrypted messages for user P,
2. Publicly Available Directory Steps

Tie Ps
- Adynamic publically available directory is used to achieve the security. Maintenzar’
and distribution of public directory is controlled by a trusted entity. 2. A;
- This technique is explained as follows and shown in Fig. 5.1.9. ke}
pul
' (a) A tusted entity maintains a directory for each user as < name, public key >. the
(6) Each user has to register a public key with the directory. » PP,
|
(c) A user can replace the existing key with a new one at any time for any patton enc

reason, ide
i]
4&5 (
It is more secure than public announcement but still having some weakness * |

hacker can obtain the Private key of directory or tamper with the information ie
directory. |

Scanned by CamScanner
 AOESIO
D S’ ~S DIS
(ey Crypt. & Sys. Security (MU-Sem, 6-Comp) ‘
5-14
Kay management techniques

Pubtio kay
directory
PUp PU,
p
Q
Fig. 5.1.9 : Public y Avai; lablene Di Directory
,
ority
3. Public’ Key Auth

- It & gives stro nger security.

i As shown in the Fig. 5.1.10, a central authority keeps 4
dynamic directory of publi h user knows the public |
key of mindy, pu lic keys of all users. Additional, eac

- Working of this techniques explained by following steps :

Fig. 5.1.10 : Public Key Authority

Steps
authority for public key of Q.
1. Psendsa time stamped request to
e. A mes sag e is € ncrypted using authority’s private
ted mes sag
2, Aauthority sends an encryp , Q’s
ryp t it by usi ng aut hor ity ’s pub lic key. A message includes
key, so that P can be dec by P with
be use by P for the enc ryp tio n, the original request se nds
’ public key which can
the time stamp. |
on and sen d an enc ry pted message to Q. An
en cry pti
3. P uses Q’s public key for an (N,), Which is used to
encrypted message contains the Id entity of A (ID,) and nonce
identify the transmission uniquely.
key fro m the aut hor ity simi larl y like 1 and 2.Now P and Q start
4&5 Q retrieves P’s public requiring.
steps may be
the communication. Two additional

Scanned by CamScanner
 s. Securi (MU-Sem, 6-Comp

6. Q sends an encrypted message to

P, A mes Sag
e encrypted using P’s public
contains P’s nonce N, and Q's
non
key Whig,
ce N,.

to ensure Q that its Corr

espondent is P,
4. Public- Key Certificat
es
A public key authority
has some drawbacks in
the system.
If a user has to communicate with
authority for a public key for every
he wishes other User
to contact, This approach provides
certificates to users for exchangin
keys among them withou g the
t c Oontacting to the authority.
The data and public key maintained by
authority itself may be vulnerable to the
tampering.
The certificate authority shown in Fig. 5.1.11 is a gove
rnment agency o; Tustes
agency,

_ Fig. 5.1.11 : Public - Key Certificates

‘
Steps

1. User ‘P’ sends its public key

to the éertificate authority to
get the certificate,
2. A certificate authority sends ‘
a Certificate in a encrypted for
certificate consists of timest m using its private key. A
amp, identifier of P (IDp)
and public key of P.

Scanned by CamScanner
 5 1.4 K ey Seneratig,

5.1.4(A) Key Generation» DI

Striby
- Key &neration is th
cryptography, © Process
ae The eC key ‘s
an be Bene
the fu nctions rateg
of Passw
ory Sa :

5.1.4(B) Key Distribution

- Key Distribution
also calleg
securely distribute from the foe Key Transportatig ;
use of it then transmitte tie Where
g ey are. iS the Process by which keys are
loaders), automated Methods ( Se — tr sig Ks Stored to where there be
combination of automated "Bs ods (€.g., file transfer, key
and manual Methods. an
ot key agreement Protocols), or a
cryptographic sy
“ire stem.: The 80al of any ke
hi
Sve the int
.
egrity
:
and trust in any
y dj. Stribur
o that the keys are distribu ‘ON proc esiss:
te {0 inte¢ nded recipiipient
s only,

o To ensure that it is not modified

during transmission
o To ensure that transmission mechanism
is secure and intact
5.1.4(C) Key Storage

- After successful generation of key, it should not store on multi-user machine unless they
are in encrypted
or secured form (e.g., temper-resistant security module) (name of the
__ Physical storage device).
- Itis important to define the key storage for data management of cryptographic key; the
Proper use of.the function depends on the key type, protection requirements and lifecycle
stage, There are different function provide by key storage ‘ .

I. Operational Storage :
2. Backup Storage
3. Archive Storage

Scanned by CamScanner
ET cry & sys. Seourty MUSem.6-Comp) 5-14 Key SITET
a

1. Operational Storage

— If the key isrequired for operational purpose that keys can oetaken fromm “Pera, |
‘

storage when not present in active memory (the memory

which is iia Wing *
the key stored in operational storage is lost or corrupted, then that Key mys ||
recovered from backup storage.
- Certain key types such as PIN, master keys are always stored in physical hacdy, |
and never on software system. The operational storage avice uses a key Suh |
encryption key store on local hard disk of a server which is directly connecteg tog|
|
network,
.
- Once the key is stored in a database, the database administrator
should not Aces: i|
the keys in the clear text form. If database administrator stolen ie Key, he/she Shy j
not use it to read the encrypted data. Apart from this, storage nina Must be pro i

by strong physical and logical security such as dual control and rigorous accesg lop, |]
|

2. Backup Storage

~ In case of hardware or software failure if keys are lost then there should be Sty |
back up mechanism required to recover the lost data or corruption of theOperating
storage. The backup of only the important keys aré stored.
— Finally, the backup determination depends on key usage whether the applicatio, ‘
important to use the key.
3. Archive Storage

1A Key Ariifie is the term used to recover the large historical encrypted data.
The data backup storage keeps the data of today whereas
archive Storage address
the data management of tomorrows or overcome the future
challenges of data storag:
management.

5.1.4(D) Key Usage

'
The important aspect of key management
is key usage. Whether authorized user
securely or whether they are properly mai using key
ntaining the privacy and integrity of
the key.
— Separate key should be used for encryp
tion or digital signature to prevent
"gain the access of keys and com the attacker wht
promise the security. :
— Means whatever the key tis
ed for en cryption it should
otherwise it usage is not per not use for any other purpo
the rules and regulations.

Scanned by CamScanner
64 a(é) Key Validation Hayy repintepeneternet (oir brit pet

once key get generated, Stored ang

' . TO
which 1s performing the encryption Perly ig ed, te
‘ i . 9 then it fie to validans The application
encryption process is able to recover th M dat a should Validate
oi the key, whether
ata prior to Placing partic the
ular application inte
one key validation
detects the malfurj
si encrypted data, Th
e key Validati On j Typted data and assures recovery of
Ns us
compare the results with originally ¢ NCrypted data'© encrypt Pt th the data encrypt the data dat and
n-spite of this if attacker modifies OF
underly;
encryption process. Ying structure then it should retest the

- af) Key Updation

ion pertormice’
A function performed oron a cryptographicic key j
key in order to compute a new, but related key
for the same PURPOSE:
515 Importance of Key Management

‘Because of strong key management privacy of customers’ personal and corporate

information is maintain (confidentiality);

Preventing data modification (data integrity);

Authentication of users was done prior to transaction over insecure channel
(authentication);
every
Replacing handwritten. signatures with the electronic equivalent signature means
transaction gets signed.
eee
Syllabus Topic : Diffie Hellman Key Exchange Algorithm ai

52 Diffie Hellman Key Exchange

SEARO

Scanned by CamScanner
 OQ, —————————

ep Crypt.
pt. & Sys. Security (MU-Sem. Kay manag ement
L6chni
6-Comp) 5-16
l e example.
Q.5.23
Meek | Illustrate Diffie Hellman key exchange algorithm wit h e u i t a b
(Ref. sec, 5.2) , in»
thm, prone f MAN
’ 8 2.4 In what way, the Diffie Hellman key exchange #199
4
hare y

middle attack. (Ref: sed. 5.2): uel

-Q.5.2.5 Briefly explain Diffie Hellman key exchange: ch an ge algorithm o,
™
as Key ex
iq Hellman in 1976, Dite
— The Diffie Hellman algorithm was widel y knows t
d Diffie and ic)Marpriva te eryptographic key ,
agreement algorithm developed by Whitfie!
Hellman algorithm is used to generate sameis nooe i
5 need to
iS transfe r this KeY non vay
that there
sender as wel Las receiver end so
receiver. y for key agreement ) not ¢,,
onl
algori thm is used t to C O M M UNICate yy,
Remember that Diffie Hellman ver wa n
an d recei m lite
de cr yp ti on of message. If sender
Di ff ie H e l l man Algorith
encryption or
oth er the y fir st agree on the same key 5 start with the algorithm.
each on or dec ryp tion. Let u
on they can use this
key for encrypti
m
llman Algorith ree on try
&. Steps of Diffie He wi th Su re sh they must ag
is th at if Ra me sh wa nts to communicate
1. The first step
p and q.
large prime nu. mbers number a, and calculat
e R such that
ndom in teger
another secret large ra
2, Ramesh selects
R= q° mod p

esh. | ae
3, Ramesh sends this R t o Sur number b, and calculate
lar ge ra nd om int ege r
ther secret
4, Suresh independently sel ects ano
.
S such that. —
$= q’ modp
.
5. Suresh sends the number S to Ramesh
using Ry = S1 mod p '
6. Now Ramesh is calculating his secret key by
7. Suresh is calculating his secret key S, by using
S, = R’modp
munication called as key
8. If Ry = S_ then Ramesh and Suresh can agree for future com
agreement algorithm.
9, We have Ry =S, = K hence proved. (K is called symmetric key)

Scanned by CamScanner
 For example

1; Ramesh and Sures, Kay mang Ment techniques

OTe agree
g. Ramesh selects Seuss on two]

ther Secret Be Prime ny

R = ‘
9 Mod p= 73
large rang,
Om number mbets
5 SAY pa
'7 and
q = 7,
Mod 17 44 ie, 8@=5 an
id calculate R
= 7X7 x9 such that
*7 7) in
3. Ramesh sends number R to Suresh 1h
4. Suresh selects another ders tar ile
S ge
= q° — p=73 jFa ndom
eder. pn . i
3.Le .b = 3 and calc
ulate ¢ such th
at
1% 767) mog ~
5, | Suresh
sends numbe 17=3
r § to Rame
6. ‘Ram esh now sh
calculatesales :
its secret key
Ry as follows
Ry =
a
§ :
mod p = S* mod 17
Rx
= 3° mod 17 = 5
%3x3%3) 3 *3
ll

On two 7, Suresh is calcul mod 1725,

ating his Secret ke
y S, as follows :
Sk R? mod p = R: mod 17
hat
it mod 17 =5
il

g. IfRg=S,_ then Ramesh and Suresh can agree

for future communication.
9. We know that if Rx = Sy =K =5. Hence proved.

ulate Ex, 5.2.1

:
Si 0 We ifp ==7 and q = 17 using Diffie Hellman algorithm. Select a = 6, b = 4.
Soln. :
By using Diffie Hellman algorithm

1. Ramesh and Suresh are agree on two large prime numbers say p

7
= (17x 17X17 x 17x 17x 17) mod
y
R =1

3. Ramesh sends R to Suresh.

Scanned by CamScanner
 ‘ arge numb er 4 i.e. b = 4
and calculate 5 such that ,
= q mod p=17' mod p cnt $ Ss
suresh is c
= 17 17% 17. 17) mod 7
S = 4
.3. Suresh sends numberS to Ramesh
wR. =5
* Ramesh now calculates it’s Secret
key Ry as follows :
\ future.
Ry = S" mod p = $° mod p = 4° mod 7
Ex. 5-2-3
= (4K4xK4x4 mod7
4x)4% | prgenerator o
Ry = 1
0 show tha
7. Suresh is calculating his secret Sx as
follows : '

q@ WA has F
Sx = R’modp=1‘ mod7
qi 1 has F
Sx = 1
| re) Calculate
8. IfRy = S, then Ramesh and Suresh can agree for c
future communication. i
soln. :
ise
Ex. 5.2.2 i To
| ae
Solve p = 353 and q=3, a=97 andb=233,
°
In gene:
Soin. : Q(n).

By using Diffie Hellman algorithm Where

between 1a
1, Ramesh and Suresh are agree on two large prime
numbers p = 353 and q=3. Accor
2. Ramesh selects another secret large random
number a = 97 and calculate R such that
It state:
R = q' mod p=3” mod 353
If
R = 40
For ex
3. Ramesh sends R to Suresh (value of R = 40)
As me
4, Suresh selects another secret large random number b =.23
3 and calculate $ such that a2
S = q’modp=3™ mod 353
‘ Caleu
S = 248 Acco
5. Suresh sends value of S to Ramesh
’
6. Ramesh now calculates it’s secret key Ry as
follows :
Ry = S*mod p=248” mod 353
8 ; ae
Ry = 160 ' a 10
‘

Scanned by CamScanner
 If generator g => And n or
p
: 11
(i) Show .
that 2is primis using
9 Difp; fie y
Ve root ‘ of 44 Silman algSOori
rithm solve the following :
- (ii) If B
has public 8 key
key 3 What
atjis B's Pr
ivate
(iv) Calculate shar key?
eg Secret key
Soln. :
4
(i) To show that
2 is Primitive
root of 11

According Euler’s theorem

It states that for every a and n tha

t are relatively prime,
If a™” = Imodn
For example

As mention in (i)
a=2 and n=11
Calculate $(n) i.e. (11) = { 1 to 10} = 10
According to Euler’s theorem

*) = {modn
2° = 1mod11
1024 1 mod [1
ie 1024imod11 = 1 and

Scanned by CamScanner
 TE lll
Kay MANagEMeNt tocy,arity
a

Imod 11 = |
Hence 2 is primitive root of 11.
(ii) - ‘A’ has public key 9 then private key Is

1. Say A as Ramesh and B as Suresh.

Representing g as aq (i.e. g= 2 = 9)
Using Diffie Hellman algorithm

2. Suresh now calculates R such that

11]
R= q modp [Hereq= 2 and p=
]
2° mod 11 [ais 9 public key
Ras

3. Ramesh now y sends R to Suresh.

— calculates S such that
3 (it’s random number)
(iii) Suresh has public key
S = q mod p=[q=2,p=11,b=3]

b 3
S = q modp=2 mod 11
S = 8 .

Suresh now sending S to Ramesh.

esh and Sur esh cal cul ati ng their secret keys individually.
(iv) Now Ram
Ry as follows :
1. Ramesh calculates it’s secret key
S* mod p [S=8, p=11, a=9]
Rx
8° mod 11=7
ows :
2. Suresh calculates it’s secrete key S, as foll
S, = R’modp [R=6,b=3,p=11]
6 mod 11=7
Shared secret keys of Ramesh and Suresh are 7.
Hence, = Sx = 7

Note: In above example we have solved by using our nol fo

So here Adenotes Ramesh, 8 denotes Suresh, gi
use any notations.

Scanned by CamScanner
 secret no.
and ®xchan
gs n
(i) Whatis co
mmon Secret kay
(ii) What are th 2
eir Secret nu
mbers rs >
(iil) Can in
truder m ga
i in any know
and 11. If yes, » sho Show h Owledge fro ™ prot Oc
Soln.: owe I Tun ifi he sees P, | 9 of and two keys 6
According to Di
ffie Hellman al
gorith
Let us say A as
~*

Ramesh and B ™;

as Suresh
Also p = 13 and g =2
Here in our example
we are denoting g as
q
‘Pps
, 13, . q’'= 2

Secret numbers denoted as, a = 6 and b= ‘

11 by using Diffie Hellman algorithm.
Ramesh and Suresh agree on
two large prime numbers p=13
andq=2.
Ramesh selects ariother secret
no. a = 6 and calculate R such that
R = q'modp(q=2,a=6,p=13]
= 2° mod 13
R = 12
Ramesh sends R to Suresh

Suresh selects another large random number b = 11 and calculate § such that
S = q’modp [q=2,b=11,p=13]
= 2" mod 13 "
S=7
Suresh sends $ to Ramesh
ws :
Ramesh now calculates it’s secret key Rx as follo
Rx = s'modp [S=7,a=6, p=13]
7° mod 13

Rx 12

Scanned by CamScanner
 oo”
8)" crypt. & sys. Secur MU-Sem.6-Comp) 5-22 == —S——__Key mana nal Nite

7, Suresh is calculating his secret key S, as follows :

Sx = R° modp [R = 12, b= LI, p= 13]
12" mod 13

"i
Sx 12
(i) Shared secret key of Ramesh and Suresh is
Ry = S,= 12 [A and B = 12]

(ii) Secret numbers of Ramesh and Suresh are

R = 12andS=7

(iii) If intruder m knows p, g and a, b then what will happen. [Here g = qJ

CaseI: — Value of p, q, a, b are known to m represented as,
Ramesh m Suresh

p= 13,q=2 p=13,q=2 p=13,q=2_

Use Diffie Hellman algorithm,
After selecting large prime numbers, it’s time to select random numbers aand b.

The secret random number selected by Ramesh and Suresh are,

Ramesh m Suresh

ax6 a=8b=6 bell

Case 2:
Consider m as intruder selected two random numbers say a = 8 and b = 6 as his own secret
key, because he wants to calculate value as R and S,-as he intercepted conversion between
Ramesh and Suresh

Ramesh Intruder m | Suresh

R= q'modp | R= q'modp S= q" modp

= 2mod13] = 2° mod 13 = 2" mod 13
= 12 R=9 S=7
S= q’ mod 13.
= 2°mod13=12

Scanned by CamScanner
 , Following are the valucs available with Ramesh, Suresh and intruder m
Ramesh intruder m Suresh §
R=12 R=9,8=12 $=7

case 4:

amesh sending his R = 12 to Suresh but intruder m sending his own R = 9 to Sur esh
R
= 12. Suresh sending his S = 7 to Ramesh, here again intruder m sending his own
which values
12 to Ramesh. In this case Ramesh and Suresh doesn't aware that
yalue of 5 = use of his interception].
ding and receiving [Intruder m sending his own value Beca
wpey afe $8
rollowi ng are the new values with Ramesh, Suresh and intruder m.
Intruder m Suresh
Ramesh
gz12,S=12 R=12,S=7 S=7

R=9
ulating secret keys-
on above values Ramesh, Suresh and Intruder m calc
Based
case5?
Ramesh Intruder m Suresh

S= 12, a=6, S=7,R=12 R=9,b=11 *

p= 13 a=8,b=6,p=13 p=13

Rx = s’ mod p

= 12° mod 13 Ry =S modp S, = R°.mod 11

Ry=1 =7T mod 13 =9"' mod 1 1

=3 S,=3
S,=R° mod p

= 12° mod 13
=1

happe ning ? Rame sh is think ing that val ue of his secret key is 1 and Suresh
- Think what is
also thinking that value of his secret key is 3.

- Butactual communication is intercepted by intrude m.

aid
Scanned by CamScanner
 >
& Sys. Security (MU-Sem. 6-Comp)
(ey Crypt. _5-24 Key management L€chnig
ut
— During real communication between Ramesh and Suresh intruder m sending his oy
secret keys to Ramesh and Suresh. If Ramesh sending his secret
key RK = | to Sing
because ofroacelneine eae attack. Intruder m sending his secret key RK = 3 to Stns,
In return Suresh is sending his secret key SK = 3 to Ramesh, intruder m sending his
Srey
key SK = 1 to Ramesh.

- Both Ramesh and Suresh not aware that communication intercepted by

intruder p, Suc
type of attack is called as man-in-the-midd C|
le attack.
ti

Chapter End;

Qdy

Scanned by CamScanner
 Syllabus

| Cryptogr: aphic ha sh
HMAC, CMAc, “tions, p

6.1.1 Cryptographic Hash Fun

ctions
- In hash function H
accepts a varia ble length bi .
produces the fixed size hash value can be seiememena Of input data called as ‘M’ and
% as
h = H(™)
A sod has function provides a pro
perty that hash function is applied on
large amount of
data Input (M) and then it produces the fixed amount of
output data
~ If any bit or bits changes in the data, then whole hash
function output data will also
change.
~ When hash function provides security application this is called cryptographic hash
functions. . : |
~ Cryptographic has function is one of the algorithm which is computationally infeasible.
~ Input is padded with some fixed out of length (For e.g. 1024 bits). It includes original
message in bits and padding bits. !

Scanned by CamScanner
 tographic Hash Functic
4

th field produces difficulty fo, the

~ Because of these securities will provided, the leng
h value.
attacker to create alternative message with the same has
L bit
"Message / datablock (M) - fa

ey | Hash value h
es. H — 1Y (fixed length)

Ha sh Function
ryptographic
.
Bl oc k Dia g ra m ofC
Fig. 6.1.1:
for to im pl em en ti ng cr yp to graphic Hash functic,
used
— Cipher Block chaining is mostly hash function.
pular cryptographic
whirlpool is another po padding is done.
is app lie d on ori gin al message when
thm
- Cryptographic hash algori s.
fix var iab le len gth inp ut is added like 1024 bit
- Inpadding lue h.
alg ori thm is app lie| d so it creates a Hash va
— After this hash function
Hash .
6.1.2 Applications of Cryptographic
It is mostly
t adap tabl e cry pto gra phi c alg ori thm is’ the cryptographic hash function.
Mos .
Int ern et pro toc ol and sec uri ty app licatio. n.
used in
:
used in Cryptographic Hash Function
Following are some application which are
.
1. Message Authentication
ice that verify or checks the integrity of
— Message Authentication is a nothing but serv
that message. .
is exactly
- Message Authentication checks that the data received from sender which
modification wil
same as sent to receiver. (i.e. content of the data will be same no
have done or insertion deletion or updation).
— Some authentication provides a mechanism that checks identity of sender is valid0
not.

— When Hash Function provides a value, which is used for message authenticatot
purpose then that value is invoked as Message Digest (MD).

———
Scanned by CamScanner
 helps
es in wh ic h a ha at code can be
ny approach
Fi g- 6. 1. 2( a) , describes how ma
The
ssage authentication.
to provide the me ReceivereB
Sender A ———E— e
E(K(MI|H(M)I)

—o- LO
|
i Compare
= K H(i) ‘ Hash
(Key for
message (Key for junction
Decryption)
encryption)
Hash function
Fig. 6.1.2(a)

t en cr yp te d us in g sy mmetric encryption.
e tha
with hash cod age is come from
Message add
es the same secret key, A mess
(a) d receiver B shar at ha sh co de provides a security OF
sende r A 2 ”
chang e d . A f t e r th
gender A th at must not be
n.
u thenticatio
+
ti ve a
structure t0 ac Receiver B
sender A

Compare
E(K,H(M))

@)
Fig. 6.1.2(b)
on . Th is m i nimizes the
encrypti
d us in g. s ymmetric key
te
Hash code is encryp s that don’t requ
ired any confidentiality.
application
Joad for those A
Receiver B
sender
eoy
=

H(MI|S)
Fig. 6.1.2(c)
ca ti on on ly us e hash function. In
ti
for message authen communicate wi
th
(c) No encryption required ke y W
‘w he n th ey
ares the same secret
this process two person sh
each other.
th e or ig in al me ss age M and S
value over addi ng
Sender A calculates the hash
e to message M.
and attach the result of hash valu

ed
Scanned by CamScanner
 Cryptographic Hash Fyn,
the hash value toChee .
Because receiver B processes S and it can recalculate I .

pleceiver B
Sender A

" 9-2
K
H(MI||S)
E(K[MIJH(MI|S)))
Message Authenticatio,
me, 6.1.2(4): Simplified Examples of the use ofa Hash Funetion for
(c) is encrypted with eny,,
(d) Confidentiality is added to this process oe
Message concatenate with hash code.
5. "Papas (b) has more advantage over process (a) and process : ( d) which encrypts
Pts the
whole data or message.
_7— Minimum calcul is requite
ati d in on
process (). saationigachieved. Ti:
~ Using Message Authentication Code (MAC) message authentication is achieved. This

is also called as a keyed hash function.

shares the same secret
- MAC are used between two perso ns for communicationt pias
key to authenticate information transfer between two users.
key and produce output as hash
A MAC function takes input as data block and secret
value. ;
MAC function is applied to the original message and the produced result will be
check or compare with stored MAC value.
2 Digital Signature
It is another importarit application this digital signature is similar to the message
authentication application. ‘
Operation of the digital signature is same as that of the MAC.
In this approach message with hash value is éncrypted with the user’ s
private key. If
anyone wants to check the integrity of the message with
its digital signature when he
knows the users public key only.
- Forcreating a one-way password file
we use the hash functions.
- Hash Function password is Stored in th
i g
that actual hash value.. Peran g
© operatin
System so hacker cannot access

Scanned by CamScanner
 rity (MU-Sem, 6-Cor 5! -
Coyptogranhin piaal
Cryptographic anh Pippin
" : a

when user enters a password the hash value of the paseword ia conmpared with the
purpose.
‘i stored nash value for verification
Has f function is also used for intrusion detection as
well as virus detection
- one system stores the H (F) for each file.
Receiver B
—
Sender A

Compare

-D

Fi g. 6.1.3(a) ? Simplified
Example of Digital Signatures
Receiver B
on

uffei 4 PUa
Y Compare

“ea O
E(K[MIIE(PRa, H(M))

of Digital Signatures
’ Fig. 6.1:3(b) : Simplified Example

message it is possible when he knows the

If attacker want to change or modify the
users private key.
s :
¢ od e is us ed to pr ovide a di gital signature is as follow
Hash
yption the sender’s private key. This is
"Hash cod e is encrypted with public key encr
e the dig ita l sig nat ure as well as authentication. Because only sender
used to provid
encrypted.
can create a hash value that was
3. Other Application
ly used Hash function. The password
To creating one way password file we common
cker cannot access the data or that
will stored on operating system because of that ha
password file.
Pseudo
- Toconstruct the pseudo random function cryptographic hash function is used.
the PRF for
Random Number (PRNG) is another example. A common application is
creating symmetric key. {

A
Scanned by CamScanner
 of
val Ue A) ig. 1 Sformin
& ini put message m into a fixed size
in Ction string (Ca
, lley
@Pplie. d on . hash function and it is de , ay, |
input Message noted by H. Here h is the Output of h a
Has, fies m, at ih. ant

h = H(m)
Ction Protects
the integrity
Message, then of the message. If attacker tries to modi
the contents of Origin f
applying Hashi
ng algorithm.
al message may hangeded iitt can
chang can behe jo.‘denti
jyin| "eh,“|
The most popular hashing algo gi.
Here, there rithms are MDs
. are two Simple hash and Shi, C
Principle. func tion, all hash functions are Oper.
ate Using itn ny
(1) The Message
file is like a si
m ple input it open a seq
When uence of n-bit blocks,
input is Proces
sed o nly one block at
the given time in iter
&enerate an n-
bit hash functi ative Fashio, ey]
on,
The simple hash
function is the bi
t-by- bit XORing done of eve
This can be shows ry block.
the following ways

CH, = By®B,®..... ©B,,

_ Where, | a

|
CH; = isi” bit of hash code, 1 <i<n
m
|
= mis the number of n-bit blo
ck in the input
|
‘By = i” bit inj block
|
® = XORing operation
When this Operation is perform it Pro
_

duces a simple Parity for each

Process is known as a longitudi bit location thi
nal redundancy check.
In simple hash function each n-bit hash
function value is equally possible, Thus,ti
probability of that data error will result should
be in unchanged hash value 2 — n includitt|
the more predictably formatted data, and
this function are less effective.
We give the input as a simple or normal text fil
es or message, the hig. her order bit: of &# 4
octet is constantly zero.

Scanned by CamScanner
 ctions
Seyateqranhic Haah Fun

when 128-bit
78-bit hash v alue is used, rather effectiveness of 2 -- 128 the b i on thr
funetien
" ¢ hash (13
an effectiveness of
wpes of files of Message has

performance j
;
qo improve t
re the matter
I lance, Use simple
blo ck is ways
pro ces i.¢. one-bit circular shift, and alse
sed
‘ + MO Est?

after the eve ry

the rotation on hash value
are summarized by as follows :
The steps
, Set the n- bit
hash value initially zero,
process the each and every successive n-bit block of data is as follows :
2
the left by one bit.
The current hash value is rotate to
2.

(a)
ween block and hash value.
(b) Perform the XOR operation in bet

co mp le te ly inp ut and any reg ula rities are overcome

the effect of “r andomizing” the more
that appeal jnthe input.
R or rotated XOR.
e ba sh co de is en cr yp te d, it is insufficient for simple XO
spth
pro pos ed by the Nat ion al Bur eau of standards. They used the simple
es are
ghese techniqu ck of the message and then encrypted with
entire
ti on an d ap pl ied to 64 -bit blo
xOR func oc k ch ai ni ng i.e. (CBC) mode.
the cipher bl
message used
ows :
de fi ne th e design are as foll Ay-
blocks Aj, A, Ay--.-
We ca n
qu en ce of 64 -b it
are consist a se
(1) The message M
ck and attach the
h = H( M) as blo ck- by- block XOR of every blo
Define hash code
(2) final blocks.
hash code as the
h
>.
"

z
+

>
®
®
@

Zz
a
=
i

ypted
Next,
e me ss ag e plu s has h’ code to produce the encr
t the whol
Using CBC mode encryp
message B,, B2, By. eee Byet

0 f cipher block chaini

ng, we get
pl e, the de fi ni ti on
For exam
Aj B,_,@D (kK, B)

Ane = By ® D (K, Bye)

code:
But, Here Ay,1is the hash
g® @ An
Anat = Ay @A++ @D(K, By)
By) + -@ Bn-1
D (K, B,) ® B, @D (K,
=

Scanned by CamScanner
 OQ} Crypt. & Sys. Soc (MU-Sam. 6-Comp) 6-8 LN
Crypt
plographic,4 a
fash

Syllabus Topic : Properties of Secure Hash Function =~, \

6.2.1 Properties of Hash Function

Q.6.2.4 What ara the properties of hash functions? (Ret. em Occ. 77

There are four main properties of has function :

L. Itis quick to compute the hash value for any given ne

2. It is infeasible to generate a message from its has value except t by tryiinng aj Mrs
messages. nyt

3. A small change to a message should change the hash value so ex ten

ae that the
hash value appears uncorrelated with the old hash value.

4. Itis infeasible to find two different message with the same has valuue.
6.2.2 Characteristics of Simple Hash Function

Characteristics are needed in a secure has furiction are

as follows :
1. Heanbe applied to a block of data of
any size.
2. H produces a fixed length output.
3. H (x) is relatively easy to compute for any given x, making both hardware and “to |
implementations practical.
| 4. For any given value h, it is computationally infeasible to find x such
that H (x) =h. This
| Sometime referred to in the literature as the one-way property
. |
5. For any given block x, it is computationally infeasible to find y #x
with H (y) = H (x,
| 6. It is computationally infeasible to find any pair (x, y),
such that H (x)= H (y).
6.2.3 Simple Hash Function Requirement and
Security

> (MU - Dee. 17

Vhat is the role of ahah tunion
(Ret'sec. 6.2.3) ~~
ts a ma
Requirement and Security
’ Before taking any action, we
need to define the two points,
- Fora hash value h = 9 (m), we
can say that m is the pre-image
block whose hash function, usi of the h. That is m data
ng function H, is h.

Scanned by CamScanner
 Here.
. the CoOl
llli
issi
; on ecurg
if
For region,
undesirable,

Assume, SUPPoOse the lon

2th of hash ¢,
the block of length of bit ‘Ode is
S With. bs n. and funes
Here. the total number of Possible ton H Ue ae input me
MECSsap ee ;
Total number of hash values is 2" Bes is 2p,

6.24 Hash Functions Based on Cipho; BI

‘Ock
Without using the secret
Chaining
key, the
numbe;
:
function based on a cipher block chai T of Proposal have liée
_, ning, A made for the h
The Rabin is proposed first techniques that ‘ ash
_ The penis M are divide into the fixed Sie worl king the following ways
method like DES to calculate hash code followin 2 eae, “ » M,, ...
M y use ENCr
yption
HF, = Initial value
HF, = En, HF,_,)
C = HR
- Itis same like a CBC techniques but in aes
this particular conditio D se
cret key is not
— Using the any hash code, that design Is used,
likely to the bi
encryption algorithm is DES. It produ ced on rthd
ay attack and if
ly 64-bit hash co used thi
de then the d
accessible. esign is the:

- As well, the birthday attack used the another version and

if the
‘ . candidate access only one
, message and also used it’s correct signature and not attain a mul tiple signings
.
- Hereused the outline:
- Individually, assume that the candidate prevents a message with
a signature in the form of
the encrypted hash code and then an encrypted message is m bit long,
1, To calculate the unencrypted hash. code C used algorithm which is defined at
beginning of the subsection.
2. Todesign any desired messages in the form of P,, P2, P, .... Py_»
3. Count :

Scanned by CamScanner
 ay
oes
ker Crypt. & Sys, Security (MU-Sem, 6-Com ; Cryptographic Hash F,,,7

4. Accomplish 2™ any random blocks ; for any block A, compute E, (A, HP, .
accomplish the additional 2"? any random blocks; for any block B,5: Sig
(B, C) where the D, is the decryption function like to E,. ‘
5. Place on the birthday paradigm, along high probability there will be A ang By
E,(A, HFy_2) =D, (B, C).
6. From the message M,, Mp, Ma,... My-2 A, B, this message has the hash Code ne
and used the prevent encrypted signature.
— This mode of attack is called as meet-in-the- middle-attack.
— The number of researcher are proposed insight intended to strength then the bag; thy
chaining approach.
— Using example of Davies and price are describe change.
HF; = E, (M,, HF,_;).® HF,_;
another change proposed the

HF; = E, (HF,_,,M,) ®M;

— These systems shown ‘to be unsafe variety of attack.
— Many of these attacks have also been shown to have weaknesses.
Syllabus Topic : : MD5

6.3 MD5 Message Digest Algorithm

— It was developed by Ron Rivest. This algorithm takes an input of arbitrary length aaj
128 - bit message digest is produced. The input message is produced in 512 - bit blocks,
Padding bits Massage.
(1 to 512) (n mode2”)
ff} L* 512 bits = N*82 bits |
# . |

i 7 n bits : >|

” Message

lees
i
Boas
Moat.
Sd
4 e e
Mi, Heeob
ae
eee
a
NE
men te Nie bucin fh cea deviant at

IV 9} MDs.
Ty] 128 rebits MDS
7128
p= oe
bits — MDS 7128 eee Bebits “MDS
— }——> 128 bits
128 7 Ww, es cy, bo cy, , massage
digest
Fig. 6.3.1 : Detail steps of Message Digest 5 Algorithm

Scanned by CamScanner
 1, & Sys. Security (MU-Sem. 6-Comp ryptographic, Haah Functions

est. Following g spsteps

s processing of a m essage to produce message digdige
Fig: : 6.3 _| show ge st. Followin
the procedure of MDS.
explains
Steps MDS Messa ae Diges
Algorithm _—

(1) Append Padding Bits

(2) Append Length

(3) Initialize MD Buffer

(4) Process Message in 512-bit

(16 word of 32 bit) Blocks

(5) Output

e Digest Algorithm
Fig. 6.3.2 : Steps MD5 Messag

length of
is padd ed to mak e the length of message is 448 mod 512. The
The message of 512.
m e s s a g e 18 64 bits Jess than an integer multiple
the padded length of padding
in g m e s s a g e co nsists a single 1-bit followed by 0 bits. The
The padd
n 1 to 512.
bits is in betwee
Length
4 (2) Append ab ove step 1. It is appende
d
p p e n d e d to th e re su lt of
message is a
64 bits of original
s to most significant byte.
-

as t si gn if ic an t by te
such that le
of 512 bits.
elds a mes sage of integer multiple
The output of step 2 yi is L * 512 bits.
ng th of expanded message
eee M,-1 - The total le
= As M,, M,, axe M,

7
4 (3) Initialize MD Buffer
buffer is
is use d to sto re the int erm ediate as well as final result. A
- A 128 - bit buffer
R, S.
represented as four 32-bit registers as P, Q,
P = 67452301
Q = EFCDA1389
R = 98BADCFE
S = 10325476.

Scanned by CamScanner
wl
ey Crypt. & Sys, Sec
urity (MU-Som. 6- Comp) 6-12

It used a little-endian methods, Hence initial

values (IV) are represented ag,
P =. 012345
67
Q = 89ABCDEF
R = FEDCBA98
S = 76543210
> (4) Process Message in 512-bit (16 word of 32 bit) Blocks
— It consists of four rounds of processing as shown in Fig. 6.3.3. These fou, rn
~ have similar structure but differ in.primitive logical function referred as A B c D

— Each round takes input 512-bit block, processed it and produces 128 bit outpy, th
output of fourth round is added to the first round CV, to produce CV, , tig
addition modulo 2™, .

128
CVe
Fig. 6.3.3 : Four rounds of MDS
algorithm

Scanned by CamScanner
 nny

is Produced
ay a output

CVqt1 = Sum32(CVq, REY [MMa.RFe

tM qaRFL
MDS5Sum = CVL UMa, RFa My, eA
Ng,
oy iP
Where,
[V = the initial value of
the PORS buffer, ment;
1oned j
he Mq = the qth 512-bit block
of the message
n Step 3

* CVq = the chaining variable processed with the q-th block

- Oc
+ wt of mes
RF = the round function using primitive logical function b
dinace ‘De, d.a
MD5Sum = the final hash result or message.

Sum32 = addition modulo 232

Syllabus Topi
c : SHA-1

6.4 Secure Hash Algorithm (SHA)

—_e a

> (MU - May 17, May 18)

Q.6.4.1 Write note on SHA-1. (
Q.6.4.2 _ What characteristics
ar er ee ure hash function? Explain the operation
_of secure hash algorithm o1 512 bit block. (Ref. sec. 6.4)
The SHA was developed by NIST in 1993. It is referred as Secure Hash Algorithm-1.
SHA - 1 takes an input message of a maximum length less than 2™ bits and produced an
output of 160 bit message digest. The overall processing of SHA-1 is much similar to MDS.
The processing is explained as follows.
(1) Append Padding Bits

- Padding means addition of bits to the original message. To make length of origi
massage to a value 64 bits less than multiple of 512. The message is padded to make
the length of message 448 mod 512.

Scanned by CamScanner
 intege r multiple of 517 h
me ss ag e is 64 bit s less than an
ed
- Tielength of the padd by ™
of a single 1-bit, followed i
padding message consists
between 1 to 512.
length of padding bits is in
(2) Append Length
of or ig in al me ss age is apperg,
— A block of 64-bit is appended to a message. 64 bi ts
adding).
to the result of above step 1 (Original message + P te.
by
fican t bytes (0 m os t significant
— It is appended such that least signi
(3) Initialize MD5 Buffer
5 well as final result. The buffer ;.
the intermediate 4
- A 160-bit buffer is used to store
represented as five 32-bit registers.as P, Q, R, Ss T, as-
p = 67452301
Q = EFCDAB89
R = 98BADCFE
§ = 10325476
T = C3D2E1FO
. Fir st fou r reg ist ers are sam e as MDS. These five register
— It uses a big-endian method
as,
P, Q, R, S, T are represented
p = 67 45 23 O1
.
Q = EFC ABD89
R = 98 BA DC FE
s = 10 32 54 76
T = C3 D2 El FO
(32 bit 16 word) Block
(4) Process Message in 512-bits
as shown in Fig. 6.4.1. These rounds
— It consists of fo ur rounds of 20-step each
F2, F3, F4 have similar structure. Thes
e rounds used different
referred as Fl,
primitive logical function.
produced 160 bit output. The
Each round takes input 512-bit block processed it and
output of fourth round is added to the first round CV, to produce CVi41:
Each round also uses an additive constant k,, where 0 $ + $79.
K, = 5A 827999

Scanned by CamScanner
 K, = GEDOEB AI
K, = 8FIBBCDC
K, = CA62C1 D6

output
(5) g all L 512 bit blocks, the 160 bit message digest is produced as
After processif
output.
where the chaining
sion function uses a feed forward operation
the . SHA Vqcompres
input 0 f the first
round is added to the output obtained (last step)
.
after

variable C a steps to produce the next chai ning variable CVq+1 as shown in
execution -
rig. 64-1. CV,
160

al s 32

FikW [0.19] 02
B
ST FoJK,W [20...99]°*
>= 5: 20 steps

Faw [40.58]
e220

Van

Hash Algorithm
Fig. 6.4.1 : Four rounds of Secure

- Theen tire SHA1 process can be:summarize

d as follows :
poy

CVq#1
= Sum32 (CVG, F
K20, 39] ,K40...59] , K60.

Scanned by CamScanner
[apr Crypt. & Sys. Security (MU-Sem. 6-Comp)

where ining mode

used to deal with the firat bloc
IV = initial yalue of the PORST buffer,
Mq = the qth 512-bit block of the message
with the q-th block of message
CVq = the chaining variable processed
ng of 20 steps
2 = output of the first round consisti

F2L___] = output of the second round

nd
F3L _ _] = output of the third rou
d
FaL Rak | = output of the fourth roun
Sum32 = addition modulo 232,
ster cme
SHAG = the Tinal hash Yesult or message dige
MD5
Difference between SHA-1 and May1
6.4.1 => (Mu - Dec. 15, Dec. 16,

Q. 6.4.2. ‘Differential te betv

(Ref. sec. 6.4.
di ff er s fr om each other in desiz
They
MD 4. Bo th are quite ‘similar.
Both are derived fro m
goals.

‘Sr. ; a
||
No. i
Hence
ge st . He n ce it It use s a 128 bit message digest.
e di
1. [It uses a 160-bit messag against Brute - fore,
- force atta cks is weaker than SHA1
is stronger against Bru te |

attacks.
|

than MDS.
cryptanalysis
is not vulnerable against| MDS is vulnerable against
2, |SHA-1
cryptanalysis.
————

‘'|MD5 is faster than SHA-I. |

3. |SHA-1 is slower than MDS. ——

res ent the) It use s a lit tle end ian method to represet |
|It uses big - endian method to rep
4,
message. the message.
—
5. |SHA has 20 rounds. MDS has 64 rounds . |

6. | Bit rotation counts for SHA ne: sen |

- 1 are the}InBaliMDS dewey round has its
same for all rounds. ;
|

Scanned by CamScanner
 1, & Sys. Security (MU-Sem. 6-6 Cryptographic Mash Function’

42 Applications of Cryptographic Hash Functiona

a

Applications of Cryptographic itest Pantene |

ras

[Bate Auhonicnon
} |
|2, Digital Signatures
|
}
3, Password Storage
|
|
| 4, Key Generation

5. Intrusion Detection and virus Detection Technique

|
Se

|
Hash Functions
Fig. 6.4.2 : Applications of Cryptographic
|
pata Authentication
a 1. 7
proof of identi ties and ensur e that the origin of an electronic message is
t establish
fied or not.
k if a message has been modi
d and to chec
_

x Digital Signatures |
fy the proof of message.
ss ag e di ge st using P rivate key and identi
Encrypt me

» 3 Password Storage
in the storage; hackers cannot get
Mess age digest of password is compared with that
essa
password from storage.

+ 4, Key Generation
lly expensive
gen era ted fro m dig est of pas s-p hrase; can be made computationa
Key can be
to prevent brute-force attacks.

> 5, Intrusion Detection and virus Detection Technique

Keep and check hash of files on system.

_
Scanned by CamScanner
 ”

Crypt. & Sys. Security (MU-Sem, 6--Comp) 6-18

ographic
Se"
Hash Funes

Syllabus Topic ; MAC

6.5 Message Authentication Codes ae

> (MU May 1%,

List
.6. 5.1” What is the need for message authentication ?_gec. LES
LL Ze 0 Mariel
6.5 —

message authentication. Explain any one:

a good solution for Messin
- As studied earlier encryption mechanism does not provide t! ify the legitimate a Ba
plain ke
eiv er to id en = det eod ivi
icult for the rec
authentication because it is diff 0 ©into t,
apply the mmethod a ma
To tackle such type of problem, we can -
can pas ss the e
err or
itimate plaintext
message so that only leg
‘ for dig
in the ne
twork communication
_— Such type of error detection codes are used g communication channel, Te
duced durin
integrity verification against the bit errors intro block of data that is generates
is a sm all fixed- size
Message Authentication Code (MAC) cret key K as follows.
sé
MAC is 2,
M of variable len gth usi ng
based on a message
called cryptographic checksum.
MAC. = C(KM)
iver B via MAC, then the firg
send th e se cr et me ssage to recelV
— If sender A wants to
condition is to share a secret key K.
the MA C by app lyi ng K to the message M.
‘1. Sender A calculate s
C Hash! to B
>. Asends the original message M and the MA h? over
uses K to calculate its own MAC Has
3. When B receives the message, B also
message M.
com par es Has h! with Has h2. If matching is correct then B assures tha
4. B now
Messag eM has not been changed or alters
during transmission. “In case if Hash and
realizing that message was
Hash2 doesn’t match then B can reject the message,
changed during transmit as shown in Fig. 6.5.1.
C, = E(k, P))

C, = E (k, [P,®C, ] }
C=
E (k, [P3®C,] }

C, = E(k, [P,® C,_1]}

Scanned by CamScanner
 U-Sam, 6-Comp) 9-19
Step 1 Stop 2 Stap 4
Mosaage Mosan
mange Me:
ne we i a i Vee seypat
Sender
—— | mac —+ [Sani neem
MAG op
mae [ MAC MAG B.
Hash _ Hashi Heat ) ~

— Compare - |

Secret key ons Secret at k key

Fig. 6.5.1 : Message Authentication code (MAC)

o7
MAC
gol significance of
the original message
earlier MAC ensures that only receiver can identify
Smentioned
modifies the original message M he cannot modify the ie Hash! ‘a
tacker .
Bven if at ation, receiver’s calculations of MAC Hash? will diffe
r from it.
sh 1 modific
case of Ha not modifying the MAC? Because key used to calculate the MAC is
y attacker iS
ly to se nd er and receiver of the message. The attacker don’t know the ey used
known on modify the MAC.
sm is si on , the reason he attacker cannot rson
during tr an
ss ag e is co mi ng fr om A not from any third pe
er B assures that me ’
In this case recelV de cr yp tion is known only to
me of en cr yp ti on and
ed at the ti
pecause the secret key thKe us
m e ssage.
d re ce iv er of
sender an
es da ta co nf id en ti ality and authentication.
MAC provid
3.
Code bas ed on DES
a ge Authentication
6.5.2 Mess n m.
d A C s is r e f e r r e d to as th e D a t a Authenticatio Algorith
e
most widely us M n
One of the ph er Bl oc k Ch ai ning (CBC) mode of operat
io of
signe d us in g th e Ci
The algorithm is de
g. 6.5.2.
DES, as shown in Fi blocks
BC ) mo de the gi ve n pla intext message is divided into
(C
_ Jn Cipher Block Chaining get en cr ypted independently. The plaint
ext block
4- bi ts bl oc ks
of 64 bits each and each-6
me size (64-bits each).
produces ciphertext of sa
(D ES en cr yp ti on ) us in g s ame key and transfers the
crypted
_— The given plaintext is en
ceiver.
encrypted data (ciphertext) to re of
d as us in g th e Ci ph er Bl oc k Chaining (CBC) mode
- The algorithm can be define
zation vector (IV).
operation of DES with initiali

Scanned by CamScanner
(a _ el CU

| AP crypt. & sys. Security (MU-Sem, 6-Comp) _ 6-20 Cryptographic Ha ash Funiery

|| Message M = Py,Pp.....Pp,

| ar Pa

DES
K
peneerree®

. encryption
DES
.
25) i

os a Cy i
of operation |
Fig, 6.5.2: MAC design using DES in CBC mode
Code (DAC)
Data Authentication
Ka
- Using DES encryption algorithm, E and secret key
also called MAC is calculated as follows.

6.5.3 Mathematical Equation

generation) .
— Message Authentication code (Da ntication code
= C, or the. leftmost m bits of the
— The MAC code consists of either the entire final block

——Fyrabus Tople HMAC

block with 16 <= m <= 64. —eEEee

ticatio n Code)
* 6.5.4 HMAC (Hash based Message Authen
—— XOR
| ___Jet
Becr mingeayty
Transia

Fost, | Message
‘Message digest algorthm
Transmitting Key H)
Rash
ae
| OS2 |: Hash {H)-

!
Message digest algorithm
f
HMac |
Fig. 6.5.3 : HMAC Operation

~ / 4
Scanned by CamScanner
 rs, BecuTI (MU-Sem §-Comp)
OE Seyptographic Hash Function’
Complete HMAC Operation
5.4)
(M DS, SHA-I ete.)
i) wressage Digest Algorithm : The message digest algorithm used
(i ‘I input message m whose MAC is
to be calculated
‘The shared secret key used in HMAC
(i) ae
(ii? k The string 0X36 byte repeated 64 times
* -
!
i X5Cbyte repeated 64 ti
ye IEP mnie
oprd- The string O
4 fixed and different 64 byte strings ipad and opad)
(ir OS] = Output of step |
0S2 = Output of step 2 |

(K) must |
» The Jength of message m must be equal to length of key, i.e. length of key
gteP pe equal to number of bits in the original message block. For example in original /
initial length of key is 170 bits and message length (i) 512 bits then odd 342 bits into
and make it equal size
key length
key now transmitting and XOR with ipad to produce'OS1 (output of stage 2
gr ST
i (OS1 isa variable).
Append message m to output of step 2 i.e. original message m i) added with output
step 3 of step2 which will produce message digest (OS1 +m)
e output
MD s and SH A -1 is app lie d on the output of step 3, This will produc
Step 4; The
Hash (H).
of
OR the secret key K with opad to produce output variable called OS2(output
step 5: x
step 1)
Add Hash H with OS2(Here the message digest calculated in step 4 is taken into
step 6:
with output of step 5.
consideration (Hash H) and appended
+ Hash H) to generate
alg ori thm is app lie d on output of step 6 (OS,
Step7: Message digest
aa
final output called as MAC.
atical form as,
Wecan also write above steps in mathem
HMAC = H (K @opad, H(k @ipad, message m))
Where,
HMAC = Final output
k = secret Kay

b 4
Scanned by CamScanner
 aphic Hash p,.
€ Crypt. & Sys. Security (MU-Sem, 6-Comp) ¥
'
6- 22

® = XOR operation
M = input message m ted 64 times.
Opad and ipad = fixed and different 64 b yte strings FePo te (i.e. key k and mes,
by "Re
Append zeros to the end of key to make length 64
Step 1:

must be equal)
Step 2;
XOR 64 — byte string computed in ste
p 1 with ipad.
Z
Step 3; tr in g r e s u lting from step
Append the message m with 64 byte
Step 4; digest algorithm on output of step 5.
Apply message : ad.
Step 5: st ri ng co mp ut ed
.
in step with °P
XOR the 64 by te from step 5. |
th 64 by te st ri ng & enerated
Step 6: Append hash H outpu t of step 4 wi
A- 1) on output of step (6) to Beh |
digest algorithm (MD5,SH.
-
Step 7: Apply message |

final output i.e. HMAC.

nticatl |
6.5.5 Difference between Message Digest and Messag® Autne mee
—— |

atication.Code
Sr]
No. | —_,

A Message Authentication Code algorithy |

A message digest algorithm takes a
single input . like message and takes two inputs one is a message and anoty|
a "message digest" is secret key which will produces a MAc|
produces
(called as hash) which helps us to which allow us to verify and check t
integrity andthe authentication of the
verify and check the integrity of the
message. message.

change to input message ke

Any change to in message or the secret
Any
produces different result i.e. different will result in a different MAC bein
hash being generated. generated.

Once the hash is generated which will Without secret key it is not. possible fv
not give any clue to the attacker about attacker to identifies and validate the cored
original content of the message. MAC. et

Most popular message digest Most popular MAC are MAC using DES #
algorithms are MDS and SHA-I CBC mode and HMAC ' _

Scanned by CamScanner
 Sem. 6-Comp)
g Sys. Security (MU- 6-23 Cryptographic Haah Function?
CG \

cMAC Cipher Based Message

Authentication Code)
6. pera
sph er-based message authentication codes (or CMACS) are a tool for calculating
_ +J ee authenticatio
* !
n codes with
j
a blockni cipher
.
coupled with a secret key. You can use a
mac to prove both the integrity and
authenticity of a message.
ch |
cipher-based message |
cMAC (Cipher-based MERAEe Authentication Code) is a block
ntication code algorithm. It may be ued to provide guarantee of the authenticity and,
& the integrity of binary data. This mode of operation fixes security deficiencies
Mm cBOM ac (CBC-MAC is secure only for fixed-length messages).
0
ore of the CMAC algorithm is a deviation of CBC-MAC that Black and Rogaway
ec
, a sed and analyzed under the name XCBC and submitted to NIST.
po
xCBC algorithm efficiently addresses the safety deficiencies of CBC-MAC, but
The
~ _apires three keys.
req 4 Knrosawa planned an improvement of XCBC and named the resulting
thei r pape rs. The y later submitted OMACI, a |
om One -Ke y CB C- MA C (OM AC) in
ae of OMAC, and added security analysis.
refin sac algoritha reduces the amount of key material necessary for XCBC. CMAC is
The O
equivalent to OMACI.

- ee
Ke eed
soe
pe Aras
esaas|S Rna
my

Ky E

Fig. 6.6.1 : CMAC

d
Scanned by CamScanner
 - To generate an t-bit CMAC tag (1) of a message (m) using a b-bit block ciphe, tp
secret key (k), one first generates two b-bit sub-keys (ky and ky) using the,Shee ty

algorithm (this is equivalent to multiplication by x and x? in a finitefield GF(2"), “,

- Let « denote the standard left-shift Operator and @ indicate bit-wise exclusive os

1, Calculate a temporary value ky = E\().

2. Iimsb(k) =0, then ky = ky < 1, else ky = (ko « 1) ® Ci where Cis a definite,

‘My fn
Coefficients . ‘
that depends only on b, (Specifically, Cis the non-leading

lexicographically first imeducible degree-b binary polynomial with the it,

number of ones: Ox1B for 64-bit, 0x87 for 128-bit, and 0x425 for 256-bit blocks
3. Tfmsb(k:) = 0, then ky = ky « 1, else = (ki K OC.
4, Return keys (k,, ks) for theMAC generation process.
As a small example, supposeb= 4,C= 0012 andko=Ex(0) = 0101, The,
= 1010, and k) = 0100 @ 0011 = 0112. ‘
6.6.1 The CMAC Tag Generation Process

1. Divide message into b-bit blocks m= my II... [| ra-1 Il 7%, WhETE 11, «5 Mn-1 AEE comple,
blocks. (The empty message is treated as one incomplete block.)
2. Ifm,isa complete block then my! = ky ® m, else My’ = ka, © (Mp Il 10...02).

3. Letco= 00...05,

4. Fori=1,...,n—1, calculate c;= Ey(c-, ® m). °

5. Cy = Ex(Cn-1 ® m,')
6. Output t = msb,(c,).

6.6.2 The Verification Process

1. Use the above algorithm to generate the tag.

2. Check that the generated tag is equal to the received tag.

2.1. Apply the MAC generation process to M
to produce T.

Scanned by CamScanner
wg C pt & SYS. security (MUSE.
.
sone 2) Cryptographic Hash Functions

return VALID; else, return INVALID.

yy. UT=™ Govt and industry,
AC is widely used in a
- cM it has message size limitation.
-
Bu be overcome using 2 keys and padding.

- Itcan« forming the Cipher-based essage thentication

M Au Code (CMAC).
Thu —
Chapter Ends...

o00

Scanned by CamScanner
 Module3

Digital Certificate :
&

Syllabus

Digital Certificate : X.509, PKI.

Syllabus Topic : Digital Certificate X.509

X.509 Authentication Service/ Digital Certificate —.

> (MU
- Dec. 15, Dec. 17)

Q. 7.1.1 Give the format of X.509. digital certificate. and explain the use of a digital’
signature init. (Ref.sec.7.1) : yay SE]
Q. 7.1.2 What is a digital certificate? How does ‘it help to validate the authenticity of A
user? Explain the X.509 certificate format. (Ref. sec. 7.1) __ PISS EOS
Digital certificate is an electronic file that is used to identify people and resources over!
insecure channel or a networks called Internet. Digital certificate also enable secur
confidential communication between sender and receiver using encryption.
For example when we travel to another country, our passport provides a way to establish
our identity and gain entry. Digital certificate provide similar identification in the
electronic world.
The role of Certification Authority (CA) is to issue certificates with authorized digit
signature. Much like the role of the passport office, the role of the CA is to validate
certificate owner’s identity and to “sign” sthe certificate so that it cannot be tampered t
unauthorized user.

—_—
Scanned by CamScanner
 | ee |

Digital Certificate
signed a certificate
web
Be net ae wk resources to Bey h Owner can present their certificate to people, over
Cir identity for confidential communications
0 e€ 7 + .

’ and
4
Cg re channel.
i s X.509 defines .
dard called a cfines structure of digital certificate. The International
onic Union (ITU) permitted this Standard jn 1998,
3 4 shows qmnatits of X.509 digital certificate,
, ere. Digital Certificate contents
PS Certificate version number
=a Certificate serial number

TS Algorithm for signature identifier

— _ Certificate Issuer name

Fe Validity Details
Name of the certificate owner
Public key of certificate owner

Issuer unique identifier

Owner unique identifier

Extensions to certificate

Certification Authority (CA) Digital Signature

Fig. 7.1.1 : Structure of X.509 Digital certificate
n pertaining to its
Asundard digital certificate typically includes a variety of informatio
issue digital certificate)
eme andr19 the Certification Authority (a trusted agency that can
Bich as: ‘
L
Certificate version number
letfiesa particular version of the X.509. Current version is X.509 v3.
Cetifeate serial number
UniqueXt sinteger number gene
rated by certification authority.
for signature identifier
Iden
3 algori '
gorithm used by the certification authority to sign the certificate.

Scanned by CamScanner
(ey Crypt. & Sys. Security (MU-Sem. 6-Comp) 7-3 Digital Contin
=——— ts
4. Certificate Issuer name

The name of the Certification Authority that issued the certificate.

5. Validity Details

The validity period (or lifetime) of the certificate (a start and an end date).
6. Name of the certificate owner

The name of the owner and other identification information required for identifying the
owner such as email id and contact details.
7. Public key of certificate owner

Certificate owner’s public key, which is used to encrypt confidential information of

,
certificate owner.
8. Issuer unique identifier

Indentify the CA uniquely ie. whether single CA signed it or is any CA using sams
details. |
9. Owner unique identifier —

Indentify the owner uniquely if two or more owner has used the same name over a time.
‘10. Extensions to certificate

This is an optional field which allows a CA to add additional private information10

certificate. These additional fields are called as extensions of version 2 or 3, respectively
11. Certification Authority (CA) Digital Signature

In creating the certificate, this information is digitally signed by the issuing CA. The C4
signature on the certificate is like a tamper-detection seal on packaging any tampet!
with the contents is easily detected.

7.1.1 Importance of Digital Certificate

— Digital certificates are based on public-key cryptography, which uses a pair.of keys!
encryption and decryption. A digital certificate can securely attach your identily;
verified by a trusted third party, with your public key.
— As defined earlier digital certificate is a mechanism. for users to obtain assurance ab out
identity and authenticity of a web site.

—_ |
Scanned by CamScanner
 s. Security (MU-Sem, 6.
ie Sa) 74 Tile Se 3M Digital
igital Certificate
ee- Bygy ! inspecting
pe the digital certific ate ona Web
Site, users can help prevent identity theft and
z fraud.

+ aital certificates are implemented as part of .

3 the secure Socket Layer (SSL). “SS Of security mechanisms provided by

gSL encrypts all data sent between a send
er computer and
; : eos
yent data from reading during transmissign Processand fr a remote computer (server) to
‘eerver computer. We will study SSL in unit ry. om a sender computer to the

A general user can create their online digital certificate:

lot of third party agencies
companies providing facility of creating users own digital -
Ttificates,
Syllabus: :PKL
Same

72 Public Key Infrastructure (PKI)

1e. Ga What Pat? Be

0722 Explain Public key. help of architectural block
| toa
diagram. (R&f. seo. 7.2)
ely. 0728. Does a public key
mmetric. eneryption?
Explain your answer.. (Ref
CA's ~ Public Key Infrastructure (PKI) is cryptographic technique used to secure electronic
iomation with the help of certain techniques such as digital certificates and digital
“ature and transmission of this information securely over internet.
~ Fil consists of certain security policies, software’s and techniques that are required for
key generation, key Management, secure storage of generated keys and distribution
g for : Rnerated keys, ,
ee. . :
ee key infrastructure is created by combining a number of services and
‘ologies. To complete this technology, there are various components of PKI are
it thé
“Auited, s

Scanned by CamScanner
7.2.1 Components of PKI

For this framework to be functional, we need various components of PKI,

Following are the different components of PKI :
1. Certification Authority (CA)
2. Registration Authority (RA)
3. PKI clients
4. Public key certificate/ digital certificate
5. Certificate Distribution System (CDS) Repository

7.2.1(A) Certification Authority (CA)

Q.7.2.4 List the certifying authorities in india and world

the digital certificate. “(Ref. sec: 7.2.1(A)). z
— As mentioned in previous section Certification Authority (CA) is a trusted unit that
helps
to issue certificates.
- A CA takes the certificate request from owner, verifies the requested information
according to the terms and conditions of the CA, and uses its private key to apply
digital
Signature to the certificate.
— Responsibility of the CA is to identify the correct identity of the person who asks
for a
certificate to be issued, and make sure that the information contained within the certific
ate
is legal and later digitally sign on certificate.
- The.CA may generate a public key and a private key (a key pair) or the person applying
|
for a certificate may have to generate their own key pair and send a
signed request
containing their public key to the CA for validation,
‘~ After the verification from CA it sends certificate for final verification to registration
authority (RA).

7.2.1(B) Registration Authority (RA)

i j ‘ : ifical®
~ Registration Authority (RA) acts as an intermediate entity between the eS
Authority (CA) and the certificate owner responsible for to user registration and accept
requests for certificates.

Scanned by CamScanner
 yser registration is the process of coll
ect; Un
: “ § ‘ ‘
and veri
‘
fies user identity
7 tl
i s

regi a user acco & user info rmat ion

G which Is then used to ster
i & lo Policies
;
of C A and RA i
auther ti t
RA mutually
poth CA .
and . © user's ; ‘
* completion of registrat ion process, ‘4 r
identity and then issue certificate s upon

12. i(C) PKI Clients

ae
The users which request CAs or RAs to issue certifi
es . aigitel ceviltvane seit w GA Cates are called to as PKI Clients. To
» a PKI

details of the client. Key pair. The key pair contains the
2, Then sends request to the CA for the
CA Certificate through RA
juira 4, After verification from CA and RA client ¢
i an Use Certificate to : .
user and certificate owner.. 5 prove itself authorized
:
. Brery communicatio
helps n between a client
: and the CA is secure because client is respon
for ensuring the security of its private sible
key. If the Private key is lost
or stolen, then the
lation tacrypted message cannot be decrypted or any unaut
horized person can uses this private
ligital
key ta decrypt the messages.

for a T2\(0) Public Key Certificate/ Digital Certificate

ficate
Yel section 7,1 for digital certificate.
T24(E) Certificate Distribution System (CDS)
lying Repository
ee
quest
7 The rtlicate Distribution System ‘(CDS) distributes certificates to users and
“Eatizations. Certificates have a specified life time, but CA scan reduce this life time
ation the
by
_

;
Process known as certif icate revocation.

3
ae
CA publishes Certificate Revocation List (CRL) which mentions serial number so |
“ificates whi
A
4 tes which are no longer usable, reasons for certificate cancelation, and date when
ycale
Poly for new certificate.
pting
"cate can distributed to the users directly or distributed with the help of a
directory
Server. ‘ ‘ ‘ «i
| CDS distributes certificates in support with the directory service server.

Scanned by CamScanner
 & Sys. Security (MU-Sem. 6-Comp)
5? crypt. _7-7 Digital Cortticat

— The role certificate distribution system is to perform following tasks :

o Generate public and private key pairs. Certify the validity by signing with public key,
o Revocation of expired or lost keys.
o Distribute or publish the certificate along with the public keys in the directory service
server.

7.2.2 PKI Applications / Services

Different services increase the importance of PKI like : e-mail, secure file transfer,
document management services, remote access, e-commerce and Web-based transaction
services etc. ,
E-Mail and Messaging
Secure e-mail and messaging use key pairs for encryption of messages and files, and for
digital signatures. The most common secure e-mail / messaging protocol is Secure
Multipurpose Internet Mail Extensions (S/MIME), which extends the Multipurpose Intemet
Mail Extensions (MIME) standard.
Web Access

Browsers and We observers use encryption for authentication and confidentiality and for
applications like online bank in and online shopping. Typically, using Secure Sockets Layer
(SSL), servers authenticate themselves
to clients. SSL also encrypts traffic.

Chapter Ends...

oOoOU

Scanned by CamScanner
 eral

seryj Ce

raNnsfer,
SACtion

i ec and Entity Authentication

User One-wa —
and for schemes, Needham Schroeder Authentication ay and mutual authentication
| protocol.
Protocol, Kerberos Authentication
Secure
ee
Internet

Syllabus Topic : User Authenticati

on

y and for 41 User Authentication

sts Layer
- User authentication is a process that allows a device to verify the identity of someone who
comects to a network resource.
ater Ends...

god - Thre are many technologies currently available to a network administrator to authenticate
Wet, :
Firebox authenticates user

Userentersname ~ User connects to

and password network resources
Fig. 8.1.1: User Authentication

Scanned by CamScanner
 Authentication P
tt c 0g
Authentication is very important when you use dynamic IP addressing (DHCP
) fo,
computers on the trusted or optional network.
It is also important if you must identify your users before you let
them Connect to
resources on the external network.

To get access to services such as HTTP or FTP the user

types a domain along with their
login name and password.

For the duration of authentication, the user name is

associated with connection
from the IP address from which the user
authenticated.
This makes it possible to monitor not
only the computers from which connecti
on;
. Ofiginate, but also the users who
start the connection.
While the user is authenticated,
all the connections that the user tart
s s from the IP addres;
includ e the session Dame.

8.1.1 Means of User Authentication

Four means of authenticating user

's identity based on something of
the individual
1. knows - e.g. password, PIN
2. possesses - e.g. key, token, smartc
ard
3. is (static biometrics) - e.g. finger
print, retina
4. does (dynamic biometrics) - €.g.
voice, sign
_
Can use alone or combined. All can
Provide user authentication and all
have issues.
Syllabus Topic : Entity Authentication

8.2 _ Entity Authentication

psec Meee (sk, pk) < Gen -

¥
Pa \
Bj Vey (rg, ones _ 4) —,
: Oj Pa(By, ---+sBj_ 1)
<—
Oy
_ Is it Charlie?

Fig. 8.2.1 : Entity Authentication

Scanned by CamScanner
 authentic.
ommunication between the prover and verificr must be
others
generate (p,, %,) Gen and convinces
ish electronic identity, Charlie must
8.2.1
pub lic inf orm ati on p, rep resents him as show in Fig.
ist the
verifier that his or her opponent
.

pro toc ol mus t con vin ce the

entity authentication
© esses the secret S.
tionalional ifi an honest verifier Vix
is funcnct
a tion p protocol
_ authentic‘-a
entity
onest provider P,,.

a n d L e g a l identities
qo physical
th
atio n is pos sib le onl y if all par ticipants have set up a network wi
ntic
entity ricated
authe communication links.
.
authen 1.1.11.5
4.1.11.3

1a 03
1.1.10 1
l Identities
Fig. 8.2.2 Physical and lega

pro toc ol is to est abl ish a convincing bou nd between

on
|. Arole of a entity authenticati s.
| sysical network address and legal identitie mo ve from one physical node to
ys ic al loc ati ons and
be in many ph
canty
- Aume legal identi
awher node.

§Authentication Protocol :
Authentication Protocol

f
1 . One Way Authentication

2. Mutual Authentication |

tocol
Fig, 8,3.1 : Authentication Pro

Scanned by CamScanner
 & |_Grypt. & Sys. Security (MU-Sem. 6-Comp) _8-4 Authentication Protocols
:

7 t

=~ 1. One Way Authentication

2 ae
— As defined earlier authentication mechanisms help to chi
prove the identity of the Sender of gata
the message.
: wh
— Authentication mechanisms ensure that who sends the
message i.e. origin of an electronic re a
message is correctly identified.
- One-way authentication refers to the authentication of only
in orde
one end of communication ¥ pr0t0co)
users. For example, One-way authentication follows the flow : If there are two users,
user channel.
A and B wants to communicate with each other user B
authenticates user A, but user 4 i bet se
cannot authenticate user B. This process called one-way
authentication. Finally the be 7S ad
integrity and originality of message is confirmed.
Key Dis
- There are different factors of authentication mechanisms used to
give -strength for a if sender :
: authentication. First method. is known as one-factor authe
ntication. Password is th. for sessi¢
! example of one-factor authentication because it is somet
hing that we know: people Wi
— Any operating system first ask for a user name and
then for a password. It then looks up _ group me
the name in a password table and sees if the passwords
match. This is known as a capable t
reusable password since the same password is used for each
login. requested
— Second method of authentication is known as two-factor
authentication. Withdrawing . Authentic:
cash from an ATM machine is an example of two-factor
authentication. For authentication -key of eac
present the ATM card (something we have) and enter PIN
(something we know) or use of
one-time passwords - a new password must be used for each
login.
> 2. Mutual Authentication

— ‘Mutual authentication also called as two-factor authentication.

Mutual Authentication is 2
security mechanism used to authenticate sender with the receiver. Sender
must prove its
identity to a receiver, and the receiver must prove its identity to
the sender, before any
unwanted threat sent between the sender and receiver,
- For example : If sender wants to communicate with the receiver over networks
they must
first mutually authenticate each other.
— ‘Meaning is that when sender A sends confidential message which is intended to receiver
B. If B can decrypt the message using A’s public key, then B has verified that the message |
originated from A. |
- Both communicating users (sender and receiver) are verifying each other i.- nuts |
authentication mechanisms helps to verify identity of the sender.

Scanned by CamScanner
A
Lthenticar

RRSt e:0,
2 Py,
ae
Sys:
Sacurity (MU-Sem. 6-Comp) 8-5
Authentication ion P Protocols
tig bepat i mportant application of mutu
the ig
al authentication is that co mmun
+ machine and server mach ication between
ine over a network must be secure
before performing
gensding and receiving process. any
data
why there Is a Need of Mutual Authenticati
on Protocol ?
ite _ f 1
es 1 achieve mutual
Aleks red must
© are two a is be paral Provision of some
‘ eo which suppose to verily identity |
of the sender over an insecure commun
S Bier ication
By tse feet channel.
ication. Finally 1 roachieve this goal most of the protoc
ols depends on an authentication server
also called
> give -strengih fr S “ey itse
Disnder
tribut ionts Cen
A wan ter (KDC).
to establish a secure communication with rec
mM. Password inthe - jo eiver B, then A can request
session key from Key Distribut
ion Center for communicating wit
now: . Je wants to sec
h B. If group of
urely communicate with Key Dis
rd. It then tak tribution Center then providing
up = ember 2single key called a master every
key or secret key, Authentication
This is known servers are
as i" capable to delivers good quality session keys and distribute securely to client who
requested it.
ation. Withdrawing Authentication server also maintains a table
containing a name and a master key or secre
. For authentication t
key of each client.
we know) or use of
- The secret key is used to authenticate client to the authentication
server and then for
securely transmission of data between client and the authentication server.
- There are different protocols are used to perform this task but among
this the well known
Authentication is a protocol called as Needham-Schroeder Protocol.
8 ;
ider must Prove! "Syllabus Topic : Needham Schroeder Authentication Protocol
sender, before any
_'32 Needham - Schroeder Protocol \
etworks they must
| ~ Me first mutual protocol was publishe
d in 1978 by Needham and Schroeder.
Thisi |
receiver f 4pptvach was Proposed
eae message for various
Sertion and distribution of those purposes that includes secret-key and public key
d that ~ Nevdtam and Schroeder protocol useskeys a between |
sender
secret key and receiver.
known to the sender and also to an
|'
mute! authentication. server. Sender and receiver
other §& share a secret key and use it for secure
“Omtunication with authentication :
server,
|

Scanned by CamScanner
 Secret-key Protocol
seaham-senroede
> petal steps of N
ests for a session key to authentication server is COFAMUNI Catigg : ge z
ae re as shown in Fig. 8.3.2. “The message sent by A to authenticatio, ee ~ auth 1
with receiver k address Na, B’s network
t key y Ka, A’s network adare: ’ addre, poss ble
server includes
A’s secre’
ee |
is basically a random number used to demonstrate the i:
Nb and a nonce. A nonce ; :
b e request sentby'y A to authentication Sery
req
2
freshness of a request denoted by N. The
okt
' which is in encrypted format E denoted by,
E (Ka, [Na, Nb, N]) c. jast 3
generated key Ky,
Step 2: Authentication server returns a message, containing a newly
ver), nonce N (to match
(used to encrypt communication between sender and recei
ticks Mn
the response received from authentication server with the request sent),
r A)
(contains the same shared. secret key Kab, as well as the name of the sende
encrypted with B’s secret key Kb and whole these message encrypted with sendey
private key or secret key Ka to ensure that no one else can read it. The message
that authentication server sends back to A can be expressed as:
E (Kab, N, {A, Kab} Kb, B,Ka’

Step 3: After receiving replay from authentication server, sender decrypt the ticket an
sends the ticket {A, Kab} to the receiver B. A sends the ticket to B which is notis
encrypted format because it was previously encrypted by authentication senz
using B’s secret key Kb.
(A, Kab) Kb

Step 4: B decrypts the ticket received from A using the secret key Kb and compatt
sender identity. B is again encrypting the ticket using shared secret key Kab at
generates nonce N1 and sends it back to receiver. This can be represented as

E (N1) Kab
Tn this step B got the session key (Kab) for communicating securely with A.
Step 5: Sender is decrypting the nonce N1; using the shared secret key Kab this proved!
senders identity. The sender sends response N1+1 encrypted using the
“
secret key Kab.

E(N1 +1) Kab.

Scanned by CamScanner
 hentic Protocols

A and receiver
Now sender B can Securely communicate with each other using
or ait?: _ session key generated.
com: ni : : ;
; : ess of this protocol is that for Ja: os .
Suthe win gre” - to generate and distribut ‘BE networks it is not possible for single
* .Netwoy, “to, +: +
pentication sery el § c
number of session key which is practically
demon Egg OA ssible.
henticay,Dticat; th c pare 4
th
is that if seion key Key b between
weakness 1S that if session sender A and receiver B is> stolen, aeand the {

scket to B isA rec orded, attacker can easily copy the contents of a sender A by performin
.
B

3. Authentication request

Receiver B
Authentication server

rpt the ticket and| 4, Authentication response

B which is notjy
5. Sender responds to receiver
1entication serve
Fig. 8.3.2 : Needham - Schroeder Secret-key Protocol

Syllabus Topic : Kerberos Authentication Protocol

<b and compare

cret key Kab a 84 Kerberos Authentication Protocol ‘

resented as
=> (MU - May 16, May 18)

dt listributed -system.
1b this provel® Ts, |
using the ue Retheros is also calléd as authentication eihtocel. Like when to start~ in journey we |
need a
Continn ticket then only we can do our journey
safely.

Scanned by CamScanner
 of the ticket as a token to prove the identity of the tia
Kerberos uses the concept
introduced Kerberos in Windows 2000 server as a default authentication
Microsoft
protocol.

Kerberos uses the concept of a ticket as a token th at proves the identity of a user.
of password, tickets ie
Tickets are digital documents that store session keys. Instead
issued during login session and then can be used in any Kerberos services.
For client authentication phase requires two tickets :
o Ticket Granting Ticket (TGT), which act a identifier for user and session key

o Aservice ticket to authenticate user to gain access to user for particular service.

Thé same concept of ticket is used likewise we use railway tickets it has time duratiog
expiration dates after that ticket become invalid.
In Kerberos these ticket includes different contents like time stamps to indicate an, stag
and expiration time, after time expiration the ticket become invalid. :

The timestamp is the time-set by Kerberos administrator depending upon how much tin
service is required to the client.
Kerberos Servers

To accomplish the task of secure authentication, Kerberos uses a trusted third partyi
called a Key Distribution Center (KDC).

The Key Distribution Center uses two techniques for authentication :

o Authentication Server (AS), which performs user authentication.

o Ticket- Granting Server (TGS), which permits/ grants tickets to users.

The role of an Aavihentication server is to store a.database like secret key of the ust
and its services.

The secret key of a user is generated using one-way hash of user provide password.
ewer
The-main aim of the Kerberos is provide centralize authentication of entire n
git?
rather than storing the sensitive information. at each user. machine, the sen
information will be maintained at particular secure location only.

Scanned by CamScanner
 maAluthentication Protocols

K Authentication
t server

Client
< __ Client-TGS session kay Gj

<r Teket-Granting ticket il

Ticket-Granting
Ticket-Granting ticket server

|
cin UghAttenioaor= >
Td
Authenti

<€ _ Clear-to-server ticket

—__f")

Fig. 8.4.1: Kerberos athentication process

- This phase is called as Authentication phase because during this phase only
ztentication can be done between authentication server, ticket-granting server and
sevice provider.
- Asshown in Fig. 8.4.1, first client and authentication server authenticate themselves
to each other.
~ Gient and Ticket granting server authenticate themselves. Finally client and |’
requested service provider authenticate themselves to each other regarding which ; i
‘tformation/ service client wants.
1 |
Ubentication Details
we tibetan phase user has to provide username and password on the client
© Which cryptographically hastied to create a secret key for the client.

Scanned by CamScanner
 Authanticatig
SS Protvo
a ry 4

After client verification done with authentication server, AS will replies the follow;
n
details to client as shown :in 8.4.1.
© The client Ticket Granting Sever (TGS) session key Kt, encrypted USiNg clieny
secreta key Ke (which now stored in authentication server), s
© The Ticket Granting Ticket (TGT) encrypted using the secret key of the Ticke
granting server. The ticket granting ticket includes the client ticket granting Seve,
session key Kt and its validity period.
The client now decrypt the Ticket Granting Server session key Kt using his secret;
Ke. To request as service client sends following two message to Ticket Granting
Server (TGS).
o The Ticket Granting Ticket and the ‘name of the service Sr that client want; ,,
request.

© Authentication token which includes client ID and time stamp, encrypted Using
client ticket granting server session key Kt.
Upon receiving all the details from client Ticket Granting Server decrypts the Ticks
Granting Ticket using Kt, thus retrieving the client Ticket granting server session key
stand the validity of the ticket granting ticket. If it is valid then Ticket granting Seng
sends following messages to the client.
New client server session key Ksc, encrypted using TGS session key Kt.
© Client to server ticket, encrypted using specific services key Ks, known to Tickt
oO Granting Server only. (Client to server ticket contains the client ID, netva:
address, validity period and the client server session key Ksc).
Upon receiving all the details from Ticket Granting server client decrypt the client
server session key Ksc, and authenticate him to service Sr by sending follow
messages.
o Theclient server ticket sent by the ticket granting server in previous step.
o Theclient ID and the time stamp encrypted suing client server session key Ksc.
The service provider decrypts the client to server ticket using secret key Ks ®
obtains the client server session key Ksc. With the help of client server session kt
Ksc, service provider decrypt the client ID and time stamp information. te a
final identity service providers increment the time stamp by 1 and send it back
client.

Scanned by CamScanner
 qhe client decrypts and verifies (hig reg
. . . . “pons ; '
once this verification get succeed Pal a USINg Client to 5 €rver session key Ksc.
‘NOW Client
Kerberos; protocol was specially
‘
design to ~ Server can start
en
sqsecure network. c the authentication of the client over
qwo types Kerberos versions are exits i.e. Kerberos
4

eee
= ‘ 84 and §,
pifference between Kerberos Version 4 and Versio n 5
lo hee ae i |
* seas eel Kerberos version 5 |
a

s v4 was released prior to the The version § was

version 5 in the late 1980's. bli i
after the NiBsatences shed
— . . a
e of in
version 5.1993, years |
Ticket support is Satisfactory in this Ticket Support is
well extended. Facilitates
yersion forwardin : fickéts £, renew ing and postdati:ng

jtee uses the a “receiver-makes-right”

7
It uses the ASN.1 coding system
* | encoding system. .

Since the same key is used repeatedly In V5 this is avoided by requiring a sub
to gain a service from particular session key which is used only for one
server, there is a risk that an attacker connection.
can replay messages from an old
session to the client-or server.

Kerberos V4 uses DES encryption | In Kerberos V5 the cipher text is tagged

techniques with an encryption type identifier hence
any type of encryption can be used.

Kerberos uses IP addressing Kerberos V5 can use any address since the
address is now: tagged with type and
length. ane

In V4 the ticket lifetime has to be In V5 ticket lifetime one can specify an

specified in units of 5 minutes. explicit start and finish times allowing
arbitrary lifetimes.
ain |
It contains only a few IP addresses Kerberos V5 tickets can now cont 1]
ses for
and other addresses for types of multiple IP addresses and addres
ocols.
httwork protocols. different types of networking prot
Chapter Ends... .

000
=

Scanned by CamScanner
 Module 4
eH CHAPTER

fe) Digital Signature Schemes

Syllabus
Digital Signature Schemes - RSA, ElGamal and Schnorr signature schemes.

9.1 Digital Signature

=o

=> (MU - May 16, Dec, 16)

| Q.9.1.1 What is‘a digital signature? (Ref. sec. 9.1) ~~ DESDE)

— Digital, signatures are essential in today’s modern world to verify the sender of g
document’s and his identity. a | _ As ment
- Adigital signature is represented in a computer as a string of binary digits and computerjs key, whi
using a set of rules and regulations (algorithm) to identify the person signing the document) E Public k
as well as the originality of the data can be verified. : a Btery
—~ A digital signature is defined the signature generated electronically from the digital 7" a
computer to ensure the identity of the sender and contents of the message cannot be
modified during transmission process. ._ —92 Dic :
— Digital signature techniques achieve the authenticity, integrity and non-repudiation of the
data over Internet.
— Concept of digital signature is that sender of 4 message uses a signing key (Private Key)to
sign the message and send that message and its digital signature to a receiver ov
insecure communication channel.

~ The receiver uses a verification key (Public Key) of the sender only to verify the origindl
the message and make sure that it has not been tampered with while in transit as shown8
Figs9, 1.1.

Scanned by CamScanner
r —
: 1 & Sys. Securit MU-Som, 6-Com ; .
-2
D ital Signature Sc hemes
igital '
Hash value of @ Message whey a Srypted wi
at e-Doc
gignature On that e-Document, t i
h the private key of a person is, his digital
-oital signature is an cxamp]
Digi" . ple of Asymmetric ke |
algorithms (0 complete the process, ¥ Cryptography which uses three different
1. First step is
key Beneration al Tire

corresponding public key,

:
L0rithm Which generates private key and a
Next step signing algorithm Which
selects ; }
a

generated in step 1, to produce a Signature Sending message and a private key =,

Sorith ‘ :
message and public key, M which verifies the authenticity of sending

Sonder

Confidential
document
ormassage

key (verification key)

Fig, 9.1.1 2 Digital Signature

block diagram

- As mentioned above the signature is generated with the help of private key. The’ private
key, which is never shared, is used in signature generation, known
to sender only.
-» Public keys, which are known by everyone, can be used to verify the signature of a sender.
Every sender and receiver having a private and public key pair, the reason digital
signature called public-key cryptography.

9.2 Digital Signature Goals

Digital Signature Goals

iota

1. Message authentication
—
~

2. Message integrity

3. Non-repudiation

Fig. 9.2.1 : Digital Signature Goals

Scanned by CamScanner
 MU-Sem. 6-Comp - ™

“> 1. Message authentication

A digital signature technique can provide message authen

tication. Digital signature js Used
to establish proof of identities and ensure that the origin of an electronic
Message j,
correctly identified.

zy Message integrity

Digital signatures are used to detect unauthorized modif

ications to data which ASSUrES thar
the contents of massage are not changed after sender sends but
before it reache, ty
intended receiver,

> 3. Non-repudiation

There are situation where a user sends a message and later on refuses that he had sent thes
message. This is known as non-repudiation because the person who signed the docurmer,
cannot repudiate the signature at a later time as shown in Table 9.2.1.

Table 9.2.1 : Differences between Paper Signatures and Digital Signatures

: Digital Signature |
No. | peices |
1. | Message Paper signature may be forged. | Digital signature cannot te)
Authentication copied.
|
: |
2. | Message Integrity | Independent to the contents of | Depends on the contents of te
the document. document.
— |
3. | Non-repudiation | Paper signature. required) Any computer user can
handwriting expert to achieve | achieve non-repudiation "
non-repudiation. _ | Digital Signature.

in7 many application areas like sendit"

Now-a-day’s digital signature techniques is used
. ‘ 1

anit
confidential e-mails, during secure payment transfer . and possibly allae software a
+ taority Of wwe
and integtity
authentication
universities, educational institutions those want to achieve
confidential information.

Scanned by CamScanner
 oe sys. Security (MU-Sem. 6-Comp)
9-4 Digital Signature Schemes
a
Syllabus Topic
: Digital Signatur
e Schemes
__
pigital Signature Algorithms, Schemes

7. Explain any digital sig

> (MU - May 16, Dec. 16)
nature algorithm in det
a ail,
(Rel. sec. 9.3)
+ Ma 16, Dec. 16, 6/3 Marks
~ pollow ing are the widely used digital signature
schemes to generate the digital signatures.
Digital Signature Alg
orithms/
hemes

1. RSA signature
schema

2. Digital Signature Sta

ndard (DSs)}}

So
3. ElGamal scheme

a
Fig. 9.3.1; Digital signature
schemes

_ Syllabus Topic : RSA Signature Scheme

93.1 RSA Signature Scheme

Ron Rivest, Adi Shamir and Len Aldemani have deve
loped this algorithm (Rivest-Shamir-
Aldeman) in 1978, It is a public-key encryption algorithm. It is a
block-cipher which converts
plain text into cipher text at sender side and vice versa at receiver side.

* The algorithm works as follows :

I. Select two prime numbers a and b where a ¥ b.

2. Calculate n= a* b
4 Calculate $(n)= (a - 1) * (b =i),
4. Select e such that, e is telatively prime
to (n) i.e. ged (e, 6(n))= 1 and 1 <e <$(n
).
nding ‘Calculate of such that d= e- " mod 6(n)
red mod 6(n)= 1,
anies,
! N
: their 8 Public key= {e,n}, private
key= {d,n}.
I Signature Generation

Useprivate key = {d.n)

Scanned by CamScanner
 Compute signature § = P’mod n where, P <n and

Where S = Generated Signature, P = Plaintext, ¢ = Encryption key and n = Block size.

Signature Verification
i)

Use signer's Public Key = (¢,n) and Compute V,,

V,. = S'modn=m™modn
Verify if V,, (Verified Message) = m (Original Message)
Both sender and receiver know the value of n. In addition, the sender must kp,,,,
encryption key ‘e’ and receiver must know decryption key ‘d’.

Syllabus Topic : ElGamal Signature Scheme

9.3.2 ElGamal Scheme

The word cryptography is incomplete without mathematics. Cryptography is based ,, |

specific areas of mathematics like finding greatest common divisor using Euclid, ‘aed-
algorithms. Finally most important concept called prime numbers used in differer,
cryptography algorithms. ,
1. This scheme is variant of digital signature algorithm.
2. This scheme is based on computing assumption of discrete logarithms over finite fiz;
with a large prime factor.
3. It is computationally infeasiblto
e compute q, and s.
ElGamal ‘scheme is based on difficulty of computing discrete logarithms. This schex
assures that the authenticity of message m sent by sender/ signer to verifier.

a System parameters

— LetH be the hash function.

— Leta be the prime number.
— Letg<abearandomly chosen generator, ©

@ Key generation

— Chose randomly a secret key x with 1<x<p-1.

— Computey = g’ mod a.
— The public key (a, g, y)

Scanned by CamScanner
 Digital Signature Schemes

¢ steps are performed by signer of documents.

qrese SIP
re generation
signal?
To sign a m essage m, signer needs to perform following steps,

Chose random integer i such that

ing el x le i<a-l
\ par
gr = g mod (a)

Compute
¢-(H(m) - xgr ) k' mod (a— 1)

jis =Othen repeat above step.

the pair (qr, 8) is called as Digital signature of message m. The signer has to repeat all
these steps during every signature generation.

ry Verification
pigital signature (gr, s) of message m was verified as follows,
0<q,<aand0<s<a-1
gm) = y"q, mod a.
re” = y"q. mod a is equal then verifier accept the signature otherwise he reject it.

Where,

H(m) = xq,+Simoda-1

According to format s little theorem

gHi = xq
g is
: qr i 5

= (g) x(g)
We know that y = q° mod a
Above equation can be rewrite as follows,
m ~ 8
g” = (y) x(gr) moda
Hence proved.
Here, H(m) = SHA = 1 (m) is 160- bit string output produced by secure Hash Algorithm.
Se

Scanned by CamScanner
 Syllabus Topic : Schnorr Signature Schemes

9.3.3 Schnorr Digital Significance Scheme

—
Schnorr digital signature scheme is mainly based on discrete
logarithm. Using this
We generate a digital signature. Scheme
It minimizes the message-dependent amount of calculation required for
Senerating the
digital signature.
The main aim of signature generation is it does not depend on the actual message,
This is done, when the processor is in the idle mode.
At the time of Signature generation message dependent part requires multip
lyin
integer with n-bit integer. 8 8 Qnbit
This method is mainly based on prime modulus m with
m — 1 having a prime facto Th of
appropriate size som—1= (mod n)
We use m = 2! 024
and n= 2)”
P is a 1024 bit number and n is 1 60 bit number. In the first part this approach
is th:
generation of public/private key,
|
For this purpose we use following steps :
1. Choose two prime m and n such a way that n
is a prime factor of m—1,
2. choose one integer called as a such that o"
= 1 mod m. The value a; m and n compris
a global public key. That key is common to group
of users.
3. After the 2 step choose any random integer called as ‘P’ that
may consist of
0<P<n. this is we called users private key.
4 After all of above we generate public key by calculating U
= a” mod m this values
nothing but user’s public key.
To generate a digital signature we use a users private key ‘p’
and the public key ‘U’.
For generating digital signature following steps are uses
that are as following :
1. Select any random integer A with 0 < A <n and calculate
x = a* mod m. Tb
calculation is a preprocessing step independent of the message M to be signed.
2. The Add/concatenated that message M with ‘x’ and hash value then that result p
calculate the value e :
e = H(MIlx)

Scanned by CamScanner
 dial Signature Schemas

‘ Calculate y = (A + Pe) mod n. The signature contains the pair (¢, y)

0 ther user can find the signature using following
Way :

. Calculate Kea u' a

i check that e =H (MII x )

Then see that the verification work is same as like :

je aus a aaa’ a‘=x (mod m)
i
hence,

Chapter Ends...

O00

Scanned by CamScanner
 -{ ‘Module 8 |
pg coke tae

r k S e c u r i t y Basics
Netwo

| syllabus Packet Sniffing, AR

P
vul ner abi lit ies (Layer wise),
Network security b asi
cs ; TCP/IP ng.
ing, IP spo ofi ng, TCP s yn flood, DNS Spoofi
spoofing, port scann

nerabilities (Layer wise)

Syllabus Toplc : TCP/IP Vul

e)
10.1 TCPAP Vulnerabilities (Layer Wis

10.1.1 Application Layer

is us ed largely by programs for
network
— Description : The application layer and
unic atio n. Data is pass ed from the program in an application-specific format,
comm
later encapsulated into a transport layer protocol.
ion and transport layers, the application
Since the IP stack has no layers among the applicat
presentation and session layer
layer must contain any protocols that act like the OSI's
protocols. This is typically done through libraries.
it is encapsulated into
Data sent over the network is send into the application layer where
the lower layer
the application layer protocol. From there, the data is send down into
protocol of the transport layer.
— The two most common end-to-end protocols are TCP and UDP. Common servers havt
93: etc.) while clien’
particular ports assigned to them (HTTP has port 80; Telnet has port
use ephemeral ports. Some protocols, such as File Transfer Protocol and Telnet may set Uf
session to epheme
fa
a session via a well-known port, but then forward the actual user
ports.

Scanned by CamScanner
 saan
en /OtWOrk Security Basics
and switches do not make
use of this la
R yer but bandwidth throu; a
*

jo. 28 with the Resource Reservation Protocol (RSVP), Ottling applications }

an example of an attack
iw

sol injection is a onal that exploits a security weakness

h appening in th
- at of an cinaiasee The weakness e database
is present when User j Nput
gitered for string literal escape characters emb is cither incorrec
edded in SQL 5 tateme tly
ois srongly typed and thereby unexpectedly execut nt s or user input is
ed,
jpis in fact an ovcenrence uf a amie
general class of vulnerabilities that
can occur at
ime one programming OF scripting language is embedded inside another, nad
qake 2 simple login page where a legitimat
e user would enter his us €rname and pas
sword
plead to enter a Secure area to view his personal particulars or uplo
ad his comments in a
forum.
When the legitimate user submits his particular
s, an SQL query is generated from these
tails and submitte d to the database for verification,
if valid, the user is given access. In other word
s, the web application that controls the
jogin page will communicate with the database thro
ugh a series of planned commands so
as to verify the username and password combinatio
n. On verification, the legitimate user
is granted suitable access.
Through SQL Injection, the hacker may input exclusively crafted SQL comman
ds with
the target of bypassing the login form barrier and seeing what lies behind it.
This is only doable if the inputs are not properly sanitised (i.e., made invulnerable) and
sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the
means for a hacker to communicate directly to the database.
—— a

The technologies vulnerable to this attack are dynamic script languages including ASP,
ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking
attack is a web browser, knowledge of SQL queries and creative guess work to important
ee

table and field names. The utter simplicity of SQL Injection has fuelled its popularity.
a nie

A way to defense

A network-based intrusion detection (IDS) tool such as Snort can be set up to detect
certain types of SQL injection and XSS attacks as they take place. Snort actually has a
.

default rule set that contains signatures for detecting these intrusions.

Scanned by CamScanner
 However, they can be easily bypass
ed by an attacker, mainly by converting the
Malco, |
input string into its hex-encoded value,
\
10.1.2 Transport Laye
r
Description : The transport
layer's responsibilities contai
Capabilities independent of n end-to-end Mess age tans
the core network, along with y |

flow control. End to end message err or con tro l, fragm, entation ay ley| |
transmission or connecting applications
layer can be categorized at the Wan
as either :
1, connection-oriented
e, g. TCP
2. connectionless e.g.
UDP
The transport layer can be thou
ght of accurately as a transpor
whose responsibility t mechanism e. ga Vehics,
is to mak € sure that its contents
destination safely and comp (passengers/goods) teach i
letel , unless a higher or lo
delivery. wer layer is responsible for yg
:
The transport layer provides
this service of connecting app
the use of Port lications collective
s. Since IP provides only a ly throug
top effort deliver the tr
y, ansport layer js
the fn

7 An example of an atta
ck
Port Scan Attack

hether the port is used and can con

further for flaws. sequently be pr

* Away to defense

Placing a NIDS on the outside of the

advantage, as it should all
ow the adminis

Scanned by CamScanner
 Network Security Basics

ot all scans will be followed by an actual attack, as the hacker may determine
were urrently has no weaknesses that they can take advantage of. This could
He newwork
| H er of alerts that do not require attention.
(mg large ume ,
on yet hazardous effect of this is that the staff may lose faith in the IDS and
for the traffic that it
, ign0 ring alerts: External firewall can be used to provide alerts

dent
we NIDS inside the DMZ (De-Militarized Zone, a part of the network that is
. ga winside” OF “outside” the corporate entity) the advantage that could be taken is
¢ NIDS attack signature " database can be done to consider only those
at te tailoring ©
ll will
as that are appropriate to the systems in the DMZ; at the same time the firewa
c.
a locked all other traffi

Pee packets across a single

ption + Network layer solves the problem of receiving
es of suc h pro toc ols are X.2 5, and the ARPANET's Host/IMP Protocol.
" network: Exampl
added to
adve nt of the con cep t of int ern etw orking, additional functionality was
with the
ely rece ivin g data from the sour ce netw ork to the destination network. This
this layers nam an
rou tin g the pac ket acr oss a network of networks, known as
ysually involves
e) internet.
internetwork or (lower-cas
eiving packets of data from
suite, IP performs the basic task of rec
In the Internet protocol tocols;
in at io n. IP ca n ca rr y data for a number of different upper layer pro
source to dest are
ea ch re co gn iz ed by a un ique pr otocol number: ICMP and IGMP
these protocols are
ly.
protocols | and 2, respective
SS enaeeneennnaR

out diagnostic
the pr ot oc ol s ca rr ie d by IP, such as ICMP (used to send
- Some of data) are
sm is si on ) an d IG MP ( use d to. handle IP Multicast
| information about IP tran
rf or m in te rn et wo rk la ye r functions, illustrating an
lyered on top of IP but pe
OSI model.
ati bil ity be tw ee n the Int ernet and the IP stack and
incomp
RI P are als o par t of the network layer. What
OSPF, an d
All touting protocols, such as tha t the ir pa yl oa d is totally alarmed with
ork layer is
makes them part of the netw ar en ca ps ul at io n of that payload is
layer. The pa rt ic ul
management of the network
imelevant for layering purposes.
ae

Scanned by CamScanner
 Os
i Crypt. & Sys. Security (MU-Sem. 6-Comp) 10-5 Network Secu rity
i Basic, |

* An example of an attack

Denial of Service attack - SYN Flooding

The basis of the SYN flooding attack is in the design of the 3-way Kandshake that begi,,
Sq
TCP connection. In this handshake, the third packet verifies the initiator's ability
receive packets at the IP address it used as the source in its first request, or jts ret ty
Ur
reachability.
Fig. 10.1.1 shows the sequence of packets exchanged at the beginning of a norma] Top
connection.

Initiator Listener

Connect() Listen()

TCB initialized to
SYN-ACK
SYN-Received state
Success code
returned by
connect()

TCB transitions to
Established state
(Data packets exchanged)

Fig. 10.1.1: DOS Attack

The Transmission Control
Block (TCB) is a transport
protocol data Structure (in
of structures in many facta:
operati Ons systems) that holds
connection. all the information abou

Usually, each TCB exce

eds at leas
takes more than 1300 byte
s.
The TCP SYN-RECEIVED
State is used to point out
and that the legitimacy that the connection is only half¢
of the request is still in
question.
The important aspect
to note is that the TC
Bi
packet before the connection is fully
recognized or the initiator’s return reach
abilit’
been verified. :

Scanned by CamScanner
 + & SYS: Security (MU-Sem.6-Comp) 10.6
Gs * Network Security Basics

mis situation leads to a clear potential Dos attack wh ere in

coming SYNs basi
s the
“ gtlocation of so many TCBs that a host's kernel memory is exhausted
tn order avoid awithmemory
| * Bahl g” 10parameter exhaustion,
a listening operating
socket that sets Systems
cap on general]
th i a
Y associate

in the SYN-RECEIVED state, © number of TCBs

co acortently

- ajthough
at this action
represents protects
another (minor)a host's available
resource memory
vulnerable resource
to attack from attack » the backlog
.

with no room left in the backlog, it is not possible to

|

‘ service New connecti

ame TCBs can be reaped or otherwise removed from the § 10n requests
until s YN-RECEIVED state,
Depleting the backlog is the goal of the TCP SYN floodin
& attack, which
adequate SYN segments to fill the entire backlog. nh Semis to:send
The attacker uses source IP addresses in the SYNs that are not likel
state. Y to start any ly re: Tesponse
that would free the TCBs from the SYN-RECEIVED
pecause TCP attempts to be dependable, the target host keeps its TCBs stuck in SYN-
RECEIVED for a relatively long time before giving up on the half connection and reaping
them.

_ Inthe meantime, service is denied to the application process on the listener for rightful
new TCP connection initiation requests. Fig. 10.1.1 shows a simplification of the sequence
of events involved in a TCP SYN flooding attack.
7 Away to defense

- Both end-host and network-based solutions to the SYN flooding attack have merits. Both
types of defense are frequently employed, and they usually do not interfere when used in
combination.
Because SYN flooding targets end hosts rather than attempting to tire out the network
capacity, it seems logical that all-end hosts should implement defenses, and that network-
based techniques are an elective second line of defense that a site can employ.
End-host mechanisms are there in current versions of most common operating systems.
Some implement SYN caches, others use SYN cookies after a threshold of backlog usage
is crossed, and still others acclimatize the SYN-RECEIVED timer and number of
retransmission attempts for SYN-ACKs.
Because some techniques are known to be futile (increasing backlogs and reducing the
SYN-RECEIVED timer), these techniques should definitely not be relied upon, Based on

Scanned by CamScanner
 10-7_ oe - _Network Security Bagi
SSnitin
experimentation and analysis, SYN caches seem like the best end-host Mechanism tf an .
hand, _ access
— This choice is motivated by the facts that they are capable of withstanding
Profoung Me ac sp’
attacks, they are free from the negative effects of SYN cookies, and they do not neeq any ae mpt *
’ heuristics for threshold setting as in a lot of hybrid approaches. ee york @
. — Among network-based solutions, there does not seem to -be any tough argument f,, gendi
: SYN-ACK spoofing firewall/proxies. o vaoker o
— Because these spoofing proxies rip the TCP connection, they may disable SMe the host (
high-performance or other TCP options, and there seems to be little advantage to thiy atil the
approach over ACK-spoofing firewall/proxies. “a M tab!
— Active monitors should be used when a firewall/proxy solution is administrative | ;
impossible or too costly to deploy. a7 Away to
— Ingress and egress filtering is frequently done today (but not ubiquitous), and j,, ) — The best
commonly acknowledged practice.as part of being a good neighbor on the Internet. automatic
— Because filtering does not cope with distributed networks of drones that use straisy attaching |
attacks, it needs to be supplemented with other mechanisms, and must not be relied upg - Detection
by an end host. occurrenc
. known O1
10.1.4 Data Link Layer
- Once det
— Description : The link layer, which is the method used to move packets from the netwat connectin,
layer on two different hosts, is not actually part of the Internet protocol suite, because?
can run over a range of different link layers. 10.1.5 Physi

— The processes of transmitting packets on a certain link layer and receiving packets fron!) — Descripti
given link layer can be controlled both in the software device driver for the network c= Retwork ¢
as well as on firmware or expert chipsets. These will perform data link functions such}
adding a packet header to prepare it for transmission, and then in fact transmi
t the frat It operate,
over a physical medium. A ding (s
a co et,”
— For Internet access over a dial-up modem, IP packets are typically transmitted
modems, PPPoE 1s often used. Bs 3 ICes th
For broadband Internet access such as ADSL or cable

On a local wired network, Ethernet is usually used, and on local

wireless Oe otkadiFT Physi
The ae
802.11 is usually used. For wide-area networks, either PPP over T-carriet sed. 18g)
SONET/SDH (POS) are frequently
lines, Frame relay, ATM, or packet over

Scanned by CamScanner
 Notwork Security Bagica

AQ pai”?
A comtl (MAC) Address spoofing |
f 8
ii ng attacks involve the use of a known MAC address of another host to
Cc target switch forward frames intended for the remote hostst ‘to th the
MA (10 make the
“eit , attacker
wre
wor gle fr am e
on i h the other host's source Ethernet address,85, the netnet
wit wor
work
.
— sin
nding so that t he switch forwards packets intended for
py *°YT overwritvaess the CAM table entryry
cker.
a 4 t0 the network atta
os On ‘
mth
neh ffi c. When the host sends out traffic, the
«ane host sends traffi‘ c it will not get any tra
alil . 0 nce again so that it moves back to the original port
y 1s rewritten
‘ att sable entr

,way to cerense
ent WLAN system to
against MAC spoofing is for an intellig
est WAY to protect
prohibit offending machines from
y detect MAC spoofing attacks and
in several ways:
“hing to the WLAN. This is done
juromatical

g any
spoofing attacks is to fla
«
a

e wa y to avo id MA C
- On
tion and Containment ed WLAN adapter differs from
the
_ Dele manufacturer name of a detect
h the
accurrence in whic .
an iza tio nal ly Uni que Identifier) for that equipment
now OUI (Org
attacker from
intelligent WLAN system can avoid the kn own
once detected, an AN.
AP s or an y AP s located throughout the entire WL
by
connecting to any near

er
iis Physical Lay
on data on
ye r is re sp on si bl e fo r en coding and transmissi of
al la
. Description : The Physic
a.
network communications medi
Phy sical layer of the
in, the str uct ure of bits tha t are sent from the
- ltoperates with dat a
at the Phy si cal la ye r of the destination device.
ed
sending (source) device and receiv twork
, cab les an d co nn ec to rs are standard ne
- Etemet, Token Ring, SCS I, hubs, repeaters
devices that function at the Physical layer. ork
ain of numerous ha rdware-related netw
laye r is also con sid ere d the dom
~ The Physical logy.
LAN and WA N top olo gy and wireless techno
design issues, such as

Scanned by CamScanner
 i Crypt. & Sys. Security (MU-Sem. 6-Comp) 10-9 Network Secu rity Basiog

‘An example of an attack

— There is not a lot to be said about the attack on this layer.

— Someone can physically carry away your network card or unplug your internet cable.

Syllabus Topic : Packet Sniffing =,

10.2 Packet Sniffing

——_|
When any data has to be transmitted over the computer network, it is broke
n down ints
smaller units at the sender’s node called data packets and reassembled at receiver’, Node
in original format. It is the smallest unit of communication over a computer network,
1, d
also called a block, a segment, a datagram or a cell.
The act of capturing data packet across the computer network is called packet
sniffing 5
is similar to as wire tapping to a telephone network. It is mostl
y used by cracker; on
hackers to collect information illegally about network.

} Syllabus To: pi
ARP Spoc
oting.
10.3 ARP Spoofing

10.3.1 What Is ARP Spoofing?

ARP spoofing is a type of attack in whi

ch a malicious actor sends falsified ARP
Resolution Protocol) messages over a local (Addr
area network. Thi S results in the
attacker’s MAC
linking of:
address with the IP address of a
legiti
network.

- Once the attacker’s MAC address is

connected to an authentic IP address,
the attacker
begin receiving any data that is int
ended for that IP address. ARP spoofing can enti
malicious parties to intercept, modify
or even stop data in- transit. ARP spoofing atta
can only occur on local area networ
ks that utilize the Addre ss Resolution Protocol.
10.3.2 ARP Spoofing Attacks

The effects of ARP spoofing attacks can have serious

implications for enterprises. In
most basic application, ARP spoofing attacks are used
to steal sensitive information.

__at
Scanned by CamScanner
 and this ARP spoofing attacks are oft
en used to facilitate other att
pey ACKS such ag -
pot-service attacks
ia
; attacks often leverage ARP spoofing
to link multiple [Pp addresses
with a Sing]
av t's MAC add
ress. ne Be
cesull, traffic that is intended for many differen
t IP addresses will be redi
Ae MAC add ress, overloading the target with traffic.
a
arget’s
| ae Syllabus Topic : Port Scanni
ng

| od port Scanning

me act of systematically scanning ‘ comput

er's ports, Since a port is a place
where
;aformation goes into and out of a computer, port scanning identifies open doors to a
computer.

port scanning has legitimate uses in managing networks, but

Port scanning also can be
malicious in nature if someone is looking for a weakened acce 8S point to bre
ak into your
computer.

40.4.1, Types of Port Scans

, Vanilla : The scanner attempts td connect to all 65,535 ports,
2, Strobe : A more focused scan looking only for
known services to exploit fragmented
packets : The scanner sends packet fragments that get through
simple packet filters in
a firewall.

3, UDP: The scanner looks for open UDP ports.

4, Sweep : The scanner connects to the same port on more than one machine FTP bounce : i
the scanner goes through an FTP server in order to disguise the source of the scan.

5. Stealth sean : The scanner blocks the scanned computer from recording the port scan
activities. a
Port scanning in and of itself is not a crime, There is no way to stop someone from port
canning your computer while you are on the Internet because accessing an Internet server
_ "Psa port, which opens a door to your computer. There
are, however, software products that
“a stop a port scanner from doing any damage to your system.

Scanned by CamScanner
 3ys. Security00M
(MU-Sen!. 6-Comp) M
10-11 _Network Security Basic,

=
ee EN SN OS

Syllabus Topic : IP Spoofing ing

.
*
U9 ir spoofing

> (MU- Dec, 15)

Q.10.5.1_ Write in brief about ; IP spoofing. (Ref. sec, 10.5)
In this attack, attacker establishes a large number of “half-open” connec
tions Using |p
spoofing.

The attacker first sends SYN packets with theeaponted (faked) IP

address to the victim iq
order to estabtieh a connection.

The oT creates a record in a data structure and responds with SYN/ACK Message ty
the spoofed IP address, but it never. receives the final acknow
ledgment message ACK for
establishing the connection, since the spoofed IP addresses are unrea
chable or unable to |
respond to the SYN/ACK messages.
Although the record from the data structure is freed
after a time out period, the attacker
attempts to generate sufficiently large number
of “half-open” connections to overflowW the
data structure that may lead to a segmentation fault
or Jocking up the computer.
In session hijacking, the hacker takes over the
control over the TCP session between two
machines whereas in spoofing the attacker pret
ends to be the pimtientieats user and gain
access to other machine.

_ ; Syllabus Topic : TCP SYN Flood

10.6 TCP SYN Flood :"

TCP SYN flood (a.k.a. SYN flood) is a ‘type of Distribu
ted Denial of Service (DDo!
attack that exploits part of the normal TCP three- -way handshake
to consume resources
the targeted server and render it unresponsive.

Essentially, with SYN flood DDoS, the offender sends

TCP connection requests fa
than the targeted machine can process them, Causing network saturation.

|
Scanned by CamScanner
Pf cog tS $_ Securily (MU-Sem, 6-Comp)
Notwork Security Basics
264 Attack Description
10."
When a clientient a and: serv er establish
i
a hormal TCp «
jooks Jike this: three-way handshake", the exchange

j, Client requests connection by sending SYN (synchroni ,

" OnIZ¢) megs
9, Server acknowledges by sending SYN. ACK nena eyes
(syn chro nize . ack now ledge) message
back to the client.

; established. ~ Be) message, and the connection is

ih SYN flood attack, the
attacker sends repeated SY
N packets to every ; tton the - |
targeted server, often using a fake IP address. ™_e
_ The server, ougaars ot the attack, receives
multiple, apparently legitimate requests to
establish communication. It responds to
each attempt with a SYN- ACK packet from
each
open port, .
_ The malicious client either does not send the expe
cted ACK, or if the IP address is
spoofed never receives the SYN-ACK in the
first place, .
- Either way, the server under attack will wait for acknowledgement of its SYN-ACK
packet for some time. ,

Syllabus Topic : DNS Spoofing

10.7 ‘DNS.Spoofing | : , ¢

- Domain Name Server (DNS) spoofing (a.k.a. DNS cache poisoning) is an attack in which
altered’ DNS records are used to “redirect online traffic to a fraudulent website that
as

resembles its intended destination.

Once there, users are prompted to login into (what they believe to be) their account, giving
of sensitive
the perpetrator the opportunity to steal their access credentials and other types
ogee: ae

information. mg
Furthermore, the malicious website is often used to install worms or viruses on a user Ss’
Computer, giving the perpetrator long-term access to it and the data,it stores.

Scanned by CamScanner
(ey Crypt. & Sys. Security (MU-Sem. 6-Comp) 10-13 Network Security Basi
cs
10.7.1 Methods for Executing a DNS Sp
oofing Attnok |
- Manin'the middle (MITM)
The interception of communications between users and
a DNS server in order to r 0
users to a different/malicious IP address. : . “
DNS server compromise
The direct hijacking of a DNS server ; ) which iis configured to ici
address,
~ Sem 8 milion .
_& S
Chapter Ends.
Qog

____<i
Scanned by CamScanner
 syllabus
penial of Service: Classic DOS attacks, of ae :
ae Address 5 Poofing, ‘ ICMP f lood, SYN
flood , UDP flood , Dist ribu ted Deni al
8, Defenses against Denial of
Service
Attacks.

Syllabus Topic : Denial of sérvice -- Classic DOS Attaches

444——DOS and DDOS Attacks

—

Denial of service and distributed denial of services is a type of attack that causes
ailable to the
legitimate users unable to use services or the: resource, or services become Bmunav
legitimate users. y

4144 DOS Attacks

=> (MU - Dec. 15, May 16, Dec. 16, May 17, Dec. 17)
ways in which an
Q.144.1 What is a Denial of service attack? What are the different
attacker can mount a DOS attack on a system?
Ref. sec. 11.1.1) : ' at
cks. .
Q.114.2 Write in brief about Denial of service atta
[soe
(Ref. sec. 11.1.1) occurs,
bri efl y wit h exa mpl e, Ho w the following Denial of service attacks
Q11.1.3 Explain @ Dec. 16, Dec. 17,5 Marks
___.._{Ret. sec. 41.1.1) flow
nd in g or ma ke s the ne twork or bandwidth over
.- Inthis attack, the attacker keeps on se vices.
ils qr spa m mail by dep riv ing the victim to acce ss ser
by e-ma internet service OF
any
tin uou s effo rt of att ack ers to mak e victim un able to use
- Ttis a con
resources.

Scanned by CamScanner
 ey Crypt. & Sys. Security (user. 6-Comp) 11-2 Denial of s,
rVieg

- The e attacker’s
attacker’s m main target for websites or services which include financial site bank Site or
credit card gateway systems.
- Th € targeted : network wich are toot for DOS are mobile phone network OF credit das
gateway network.
Bouffeer ove: rflow technique is used to make denial service attack, What an attackers does;
I takes cket (where is a unit of data) divide’into small chunks, the attacker checks i
the IP aiden of the particular network in that packet and floods the network of Viet
with repeated request. As IP is a fake, from attacker’s machin €.
— This acts consumes bandwidth which let other service tofail or unavailable for: ‘Other Use

A DOS attack dows following actions «

1. Flood whole network with unnecessary traffic.
2." Damage connection between two systems so that communication cannot
occur,
3. Disrupt services to legitimate users. ‘
4. - Prevents individuals to access network services,

11.1.1(A) Classification of Attack

s
(1) Bandwidth attack

> Every website is given particular amount

of bandwidth to host (e.g. 50 GB) loading
any websites takes certain of = It
amount of time to display whole webpage.
- If more visitors load particular websites ie
page or consumes whole 50 GB
than particular websites can be ban, bandwidth an
— The attacker does the same by ' 4,
opening 100 pages of site and
refreshing, consuming all bandwidths keeps on loading and
to make the site out of services. in
(2) Loglc attack ‘ on

Attack on the network software to make Ser

it vulnerable,
For example: in TCP/]P stack, >: Du
» -A |
(3) Protocol atta cks | for
7
. ?
This attack; consumes mo
re amount of
Particular features of some
protocol that

Scanned by CamScanner
 rvice
Denial

aintentionel Dos attack

1
nes because of huge popular
suddenly end up.
§om em Be Popularity among users the particular wets ‘
pes of DOS Attacks —
atte) Ty
> (MU- May 17)
of DOS attacks in detail,
i] nel, 4.4(8))types
744 Explainse0.§any1 three
LS ES
() Fl ood attack
anak keeps on flooding or overloading victim's system with ‘n’ numbers of ping
ss which result into huge traffic which the victim itself cannot handle

tis very simple to launch but difficult handle.

ath attack
g) Ping of De
in IP layer or network layer for
sending huge ICMP packet (These packets are used victim’s
Sends this huge oversize packet to the
indicating. error message). The attacker
or freeze resulting. in DOR
system which causes victim’ s system to crash
a

3) SYN attack
service attack. In TCP handshaking of ,
It is a TCP SYN flooding attack, a denial of
tw or k co nn ec ti on is do ne be tw ee n se nd er and receiver through synchronous (SYN) |
ne
es.
and acknowledgement (ACK) messag
e server
tion, with server with a SYN message. Th
An attacker initiates a TCP connec
i
repl y send s an ack now led gem ent message. (SYN - ACK) message.
in
which causes
clie nt (att acke r) does not res pon d back with acknowledgement
- The
server to wait. |
up the buffer space
to conned with other client. This fills
- . Due to which it is unable ; |
for communicate.
for SYN message preventing other
packet to server.
1. Clients sends synchronize (SYN)
.
to client.
2. Servers send syn-ack (SYN— ACK) nt. as
with ACK pack et and conn ect is €sestablished clie
3. Clients responds back y {

shown in Fig. 11.1.1.

Scanned by CamScanner
 SYN

SYN-ACK

Connection are allfull

, SYN.°
a , ! %
Legitimate connection
is refused

Fig. 11.1.2 : Chaotic handshake

1. Client sends multiple SYN packets to all with bad
address.
2. Server send SYN; ACK packets to in correct addr
ess.
3. Legitimate user is denied Pica server cannot accept additional connee®{100
shown in Fig. 1812...

_—a
Scanned by CamScanner
 Service
Denial ofOe
. 5 Sy security (MU-Sem. 6-Comp) _ 11-5
* ——

oP att ack : It is an att ack whe n pac kets are overlapped with each other
reardr are
e them, usually corrupted packets
and the receiver is not able to reassembl
em.
send by attacker to hang or freeze the syst q

= It is an atta ck of sen din g inva lid ICM P packet to the target which slow
Nuke
gown the affected computer till it is completely stop.
rf
IP address broad casting is done. A Smu
smurf attack : It is an attack in which
ds a packet which seems to
program is used to make network inoperable, It buil
ains ICMP ping. ‘The echo
originate from another address. This packet cont k
imum ping and echo make networ
responses are sent back to victim. Max
unusable.
sy, Targa ete.
“The various tools used for DOS attack or Jolt2, Neme
Syllabus Topic : Source A ddress Spoofing

Spoofing
*

42 source Address
nections using IP
k, att ack er est abl ish es a large number of “nalf-open” con
In this attac
‘
spoofing.
N pac ket s wit h the spo ofe d (fa ked) IP address to the victim in
ds SY
The attacker first sen
tion.
order to establish a connec
in a dat a str uct ure and res pon ds with SYN/ACK message to
- The victim creates a rec ord
message ACK for
the spoofed IP address, but it never receives the final acknowledgment
are unreachable or unable to
stablishing the connection, since the spoofed IP addresses ae

respond to the SYN/ACK messages. |

attacker
e is freed after a time out period, the
~ Although the record from the data structur
eer

ons to oyerflowthe
attempts to generate sufficiently large number of “half-open” connecti
locking up the computer.
ita structure that may lead to a segmentation fault or
session between two
;

g, the
}
hack
.
er takes over the cont rol over the TCP
session hijackin
Ih : ‘ *

Thachjhines whereas in‘ spoofing the attacker pretends to be the authenticate use
r and gain
a 2 *
*cess to other machine,

Scanned by CamScanner
 Syllabus Topic : ICMP Flood

41.3 ICMP Flood

| ¢Q. 11.3.1_Explain ICMP flood attack, (Ref, $90.11.3) on The pe

(Dos) atacy ie that 1m
— Ping flood, also known as ICMP flood, is a common Denial of Service€ (Da Note
a victim’s computer by overpowering it with ICMp ,
which an attacker takes down
‘ hy sicular’
requests, also known as pings. . SS
, , knowing h
victim's network with request packets
- The attack in volves flooding the
er of reply packets.
network will react with an equal numb me oa
— Additional method s for bringin g down a tatget with ICMP request s include the 4 SYN Floc
and scapy.
Use nf

convention tools or code, such as hping

outgoing channels of the network, con
This strains both the incoming and bin
considerable bandwidth and resulting ! in a denial of service.
: -
: .
¢ Attack Description 3 pre vledgem
acknow |
3
ity of two computers by meesys.
- Normally, ping requests are used to test the connectiv
the round-trip time from when an ICMP echo request is sent to When an ICMp echo regtz
2) An attacker ini
is established. During an attack, however, they are used to overload a target network si ae
data packets.
Executing a ping flood is reliant on Atackers knowing the IP address of their tare
Attacks can therefore be divided into ‘three calgeoues, based on the target and how is}
address is resolved. :

— -A targeted local disclosed ping flood targets-a sole computer on a local network fe i Z
attacker needs to- have physical access to the computer in order to discover out is?
address.'A successful attack would result in the target computer being taken down eo aii

— A router disclosed ping flood targets routers in order to interrupt communications beni 1 F by sea
i dependent on the attacker knowing the intern
® computers on a network. It is 21 1p
all computers connected to the &
a local router. A successful attack would result in
; “being taken down. > 7
. ys ; , IP 24 dress#*
- A blind ping flood involves using an external program to disclose the
target computer or router before executing an attack.

Scanned by CamScanner
 eral of Service

gore larly against a large network. ility to carry out a DoS attack,

a Syllabus Topic :
syjy flood
|

i sYN Flood

at_Wite brief note on Syn flood. (Ref seo. 11,4)

ve
nis 9 TcP SYN flooding attack, a denial of service attack. In TCP handshaking of
- fiat connection is done between sender and receiver
through synchronous (SYN) and
nowledgement (ACK) messages.
he

"sq attacker initiates a TCP connection with server with a SYN message. The server in
reply sends an acknowledgement message. (SYN — ACK) message.
causes server to —
: The client (attacker) does not respond back with acknowledgement which
wait.
the buffer space for
‘pe to which it is unable to connect with other client. This fills up
municate.
SYN message preventing other for com

SYN

-_— / :

of >

shake
Fig. 11.4.1: 3 way hand

Scanned by CamScanner
 Clients sends synchronize (SYN) packet to server.

Servers send syn-ack (SYN — ACK) to client.

Clients responds back with ACK packet and connect is established
shown in Fig, 11.4.1. . Clien, a

SYN

SYN-ACK

Connection ar
a all full

SYN
OS

Legitimate
connection
is refused

Fig. 11.4.2 : Chaotic handshake

1. Client sends multiple SYN packets to all with bad address,

2. Server send SYN : ACK packets to in correct address,
3. Legitimate user is denied because server cannot accept additional connectios
shown in Fig. 11.4.2.

‘ Syllabus Topic: UDP Flood

11.5 UDP Flood

- A UDP flood attack is a Denial-of-Service (DoS) attack using the User Dat?
Protocol (UDP), a connectionless computer networking protocol. i
. ; , : ission CO
ol

- Using UDP for denial-of-service attacks is not as easy as with the Transms
Protocol (TCP).

Scanned by CamScanner
 evel, I r
jom ports on a remote host, 7 sending a huge number of UDP packets
t0 ;
ult, the distant host will ; .
AS a res
Pe aily for the application listening at that port:
. . .
:
: af that no application is listening at that port:

sacl with an ICMP Destination Unreachable packet

12

® ls
int
Thus: for 4 Jarge number of UDP packets, the ill-treated system will be forced into
‘

client
y ICMP packets, eventually leading it to be unreachable by other er clients,
ending man

ensuring that th
spoof thes IP addressck of the UDP packets, ing
cker(s)ICMmay
attaat)
Thenees also
P return packetdo not reach them, and anonymiz
-
,
their networkc
«
jocationlS)-

attack: by limiting the rate at which ICMP

Most operating SY stems ease this part of the
sponses are sent.

tiple
ted Den ial -of -Se rvi ce (DD oS) attack is an attack in which mul
4 Distribu r network
d co mp ut er sys tem s att ack a target, such as a server, website or othe
aapromise
nia l of ser vic e for user s of the targeted resource. The flood. of
source, and cause ade
ec ti on re qu es ts OF ma l for med pac ket s to the target system, forces it to
> inning messages,.conn
d sh ut do wn , . the reb y den yin g service to legitimate users OF
ox down or even cr as h an
systems,

1181 Distributed Denial of Service Attacks

re an att ack er use s your own computer to attack on
eT

ice, it is whe
- Disributed denial of serv
.
anoher computer. er
sec uri ty vul ner abi lit y to take control on for comput
les and
- It takes advantage of loopho /
d huge data to other computers. "
lo send vulnerability spam or sen
ack ing vic tim com put er are calledas Zombie systems.
The systems which are used for att
lau nch DD OS att ack are Tri noo, Tribe flood, shaft etc.
Various tools to

Scanned by CamScanner .
(ey Crypt. & Sys. Security (MU-Sem. 6-Comp) __11-10 Denial of Ser.

Measures to protect from DOS/DDOS attack are:

Implementing filters on routers.

Disable unused network seryices.
Examine the physical security routinely.
Maintain regular backup schedules and policies.
Maintain password policies,
Using fault tolerant network configuration.
Tools for detecting DOS/DDOS
attacks Zombie Zapper, find — DDO
S remote jn
detector (RID).

11.6.2 Characteristics of Distributed Denial of Service Attacks

A denial of service attack is charac

terized by an explicit attempt by
prevent an attacker,
legitimate users of a service from using the
desired resources, Exariple
denial of service attacks include: 5 of
©. Atternpts to “flood” a network, thereb
y preventing legitimate network traffic
oO Attempts to disrupt connections between
two machines, ihe
access to aservice. y Preventing

° Attempts to prevent a particular individual from

accessing a service.
o Attempts todisrupt service toa specific’: system or person,
. The distributed format adds. the “ many
to one” dimension that makes these anu
more difficult to prevent. A distributed denial of
service attack is composed of fez
elements, as shown in Fig. 11.6.1. First, it involves a victim, i.e.,
the target host
has been ‘chosen to receive the brunt of the attack, Second, it involves the press
of the attack daemon agents. .
' These are agent programs that actually conduct
the attack on the target 7
. 2.4
Attack daemons are usually deployed in host computers. These daemons af ec |
‘the target and the host computers.
‘ : ‘nt acces! st
The task of deploying these attack daemons requires the attacker to as ats
infiltrate the host computers. The third component of a distributed . ,
. * . 7 F . ‘ j nl a

attack is the control master program. Its task is to coordinate the attack:

Scanned by CamScanner
4
 >
§ SYS
— — Denial of Service
— is the real attacker, 1
———

the real atta7 cker ter , g a control

mindbehjbehind the attack. By usin
pera. Slay
.
ret a distributeg tan the scenes of the attack. The
mae g steps take place during
LACK +
: “

e control master program receives the “exec "

Seute” message and propagates the
command to the attack daemons unde T its contro l,

LO}te . tru;

On

| attacke, lo
‘Xamples of

©ey
Victim: 7 Bit tease
| Real attacker }
Pe cee = Swees eee
es eee. a
traffic,
BT : Fig. 11.6.1 : Chaotic handshake
Preventing

| _ Although it seems that the real attacker has little to do but sends out the “execute”
command, he/she actually has to plan the execution of a successful distributed denial
;
of service attack.
_ The attacker must infiltrate all the host computers and networks where the daemon
sé attacks attackers are to be deployed.
-d of four h for bottlenecks and
_- The attacker must study the target’s network topology and searc
host that
' wnerabilities that can be exploited during the attack.
presence r programs, the real attacker is
~ Because of the use of attack daemons and control maste
makes it difficult to trace who spawned
not directly involved during the attack, which
+ victim. »the attack.
‘ect both some, well-known attack methods (Smurf,
> Inthe following subsections, we review
agr am Pro toc ol (UD P) Flo od) and t the current distributed
SYN Flood, and User Dat
Flood Network, Stacheldr aht, Shaft, and
a

denial of service methods (Trinoo, Tribe

See

E55 and
aaa

| service
gees

dby networks.
isms that can be employe
' Wedescribe defense mechan

Scanned by CamScanner
——= «|
[AF crypt. a sys. Security (MU-Sem. 6-Comp)_
acks
11.6.3 Methods of Denial of Service Att

of service attack Method,

We described below some widely known basic denial S tha
g
by the attack daemo ns.
are employed
a large amount of Intemey
Smurf attack involves an attacker sending
Message Protocol (ICMP) echo traffic to a set of Intemet Protocol (Ip) broag
fied with a source address of the ee
addresses. The ICMP echo packets are speci Ret
victim (spoofed address).
echo requests and reply to iets vi
Most hosts on an IP network will accept ICMP
target victim. This multip}
an echo reply to the source address, in this case, the 5 the
traffic by the number of responding hosts. On a broadcast network, there ¢
‘i Ould
ICMP packet.
potentially be hundreds of machines to reply to each
The process of using a network to elicit many responses to a single packet has been
labeled as an “amplifier”. There are two parties who are hurt by this type of attach.
the intermediate broadcast devices (amplifiers) and the spoofed source address ge
(the victim). The victim is the target of a large amount of traffic that the amplifier
generate. This attack has the potential to overload an entire network. |

SYN Flood attack is also known as the Transmission Control Protocol (TCP) syy |
attack, and is based on exploiting the standard TCP three-way handshake.

The TCP three-way handshake requires a three-packet exchange to be performed

before a client can officially -use the service. A server, upon receiving an initial SYN
(synchronize/start) request from a client, sends back a SYN/ACK (synchronize!
acknowledge) packet and waits for the client to send the final ACK (acknowledge).
However, it is possible to send a barrage of initial SYN’s without sending the
corresponding ACK’s,. essentially leaving the server waiting for the non-existes
ACK’s. Considering that the server only has .a limited buffer queue for ne

connections, SYN Flood results in the server being unable to process other incomulg
connections as the queue gets overloaded. > ' :

UDP Flood attack is based on UDP echo and character generator services provided"!
fe
most computers on a network. The attacker uses forged UDP packets to connect #
:
: on one machine Ps ef
echo service to the character generator (chargen) servic¢ on and
machine.

Scanned by CamScanner
 i of Service
Denial ice

result 18js that the two servj ces Consume all : ;

. sicher
f
availab le network bandwidth be tween
L achines as they exchange ch

mation 28 at
b t re ‘

a
with wenn
mc caled ICMP Flood, floods a machineine wan ICMP packets instead of UDP
packets:

qrinoo’s attack daemons implement UDP Flood attacks again

st the target victim
qribe Flood Network (TFN) uses a command line inte
rface to communicate betwee
ihe attacker and the control master program. Communica
tion between the ami
master and attack daemons is done via [cp echo reply packets. TFN’s attack
gaemons implement Smurf, SYN Flood, UDP Flood, and ICMP Flood attacks.
stacheldraht (German term for “barbed wire”) is based on the TEN attack. However,
unlike TFN, Stacheldraht uses an encrypted TCP connection for communication
between the attacker and master control program. Communication between the master
control program and attack daemons is conducted using TCP and ICMP, and inv
olves
gn automatic update technique for the attack daemons. The attack daemons for
Stacheldraht implement Smurf, SYN Flood, UDP Flood, and ICMP Flood attacks.
Shaft is modeled after Trinoo. Communication between the control master program
and attack daemons is achieved using UDP packets. The control master program and
the attacker communicate via a simple TCP telnet connection. A distinctive feature of
Shaft is the ability to switch control master servers and ports in real time, hence
making detection by intrusion detection tools difficult.
TFN2K uses TCP, UDP, ICMP, or all three to communicate between the control
master program and the attack daemons. Communication between the real attacker
m. In addition,
and control master is encrypted using a key-based CAST-256 algorith
detection systems.
TFN2K conducts covert exercises to hide itself from: intrusion
SYN, UDP, and ICMP Flood attacks.
TFN2K attack daemons implement Smurf,

Scanned by CamScanner
 A?" cryp& t.
Sys. Security (MU-Sem. 6-Comp) _ 11-14 Denial .
Sot Servi

11.7 Defenses against Attacks ti

Many observers have stated that there are

currently no successful defenses AZaing,
,
fully distributed denial of service attack. This
may be true. Nevertheless, there ate
numerous safet y measures that a host or network can perf
orm to make the network ang }
neighboring networks more secure, These meas
ures include :

; Set ame
z
Filtering Routers : Filtering all packets entering and Jeaving the network Protects i, rs
network from attacks conducted from neighboring networks, and Prevents the :
network itself from being an unaware attacker. This measure
requires installing
ingress and egress packet filters
on all routers.
- Disabling IP Broadcasts : By
disabling IP broadcasts, host com
puters can no longer
be used as amplifiers in ICMP Flood and Smurf atta
cks. However, to defeng agains
this attack, all neighbouring networks
need to disable IP broadcasts.
- Applying Security Patches : To
guard against denial of service
computers must be updated with attacks, hog
the latest security patches and
example, in the case techniques, F,
of the SYN Flood attack, there
are three steps that the hos
computers can take to guard themselves
from attacks : increase the Size
connection queue, decrease the Of the
time-out waiting for the three-
employ vendor software patches way handshake, anj
to detect and circumvent the pro
blem.
~ Disabling Unused Services
: If UDP echo or charge-n-ser
disabling them will help to def vices are not required,
end against the attack. In gen
are unneeded or unused, the eral, if network services
services should be disabled
attacks. to prevent tampering and
s
~ Performing Intrusion Detection : By performing intrusion detection, a host £
being a victim of an att
ack. Network monitori
Suarding against denial ng is a very good pr
of service ‘attacks. e-emptive way

By monitoring traffic patterns, a networ

k can determine when it is under atta
can take the required steps to defend itse ck, a4
Prevent it fr: om hostin
lf. By ins pec tin g host systems, a host can a?
g an at tack on_ aaneother netw
ork,
ant

Chapter En

oo

Scanned by CamScanner
 Module 5

Internet Security
Protocols

ternet Security Protocols : SSL, IPSEC, ;

Secure Email : PGP, Firewalls, IDS and
pe Honey pots. ee ee
——

yer (SSL)
42.1 Secure Socket La

> (MU - Dec. 15, Dec. 17)

994.4 List the functions of the different. prot of SSL. Explai the handshak
ee ocols: OF SSL. Explain
12.1end12:04(A)
‘
pfotoool (Ref.secs.
bes =

Ot required, (0,121.2 What are the different protocols in SSL? Haw do the client and server establish
ork services nection
? (Ref.sec.124)
"___anSSLoon EATS
ipering and Secure Socket layer invented by Netscape communications in 1994. Secure Socket layer is
client's web
an internet protocol used for securely exchanging the information between
yn, a host browser and the web server.
ity and data confidentiality
is while as Secure socket layer ensure the authentication, data integr
es a secure tunnel between client and
ive way of between web browser and web server i.e. it creat
ity to web traffic in all the way.
server. The main role of SSL is to provide the secur
TCP/ IP protocol suite is shown
ittack, and - The current version of SSL is 3.0. The position of SSL in
t can also in Fig, 12.1.1.
also
is works in betwe en applic ation lay er and tran sport layer the reason SSL is
_~ SSL
called as Transport Layer Security (TLS).
ee

apter Ends.
gag

Scanned by CamScanner
 [7 crypt. & Sys. Security (MU-Sem. 6-Comp) _12-2 Intarmet Security Protoce,
Transport Layer Security (TLS) protocol is used to ensure security betven,
communicating applications and their users on the Internet.

Main function of transport layer protocol is to protect attacker when a server and Clie
communicate, it ensures that attacker or third party should not modify
i
or tamper With ty t
message.

TLS is the successor to the Secure Sockets Layer (SSL).

Client machine Server machine i ]

(web b browse
browser) (web browsar) fr

Application layer

Data link layer?“

Physical
Bake
pene layer” a
SSL encrypted data

Fig. 12.1.1 : Position of SSL in TCP/IP protocol suite

The data will not be passed directly to
transport layer instead it Wi Il pas
sed to secure
socket layer.

Secure Socket Layer will perform enc

ryption to the data received by applic
ation layer ané
add its own encryption information
header called SSH i.e, Secure Socket
the
Layer Header. lt
receiver’s end SSL will remove
the SSH header and then pass
data to applicatic:
layer.
~ The Fig. 12.1.1 shows position of SSL
protocol in TCP/ IP protocol suite. SSL
uses digital certificate and digital proto!
signature for securely communication
machine and server machine. between clitt

~ SSL encrypt the data received from application

layer of client machine and add its
header (SSL Header) into the encrypted
data and send encrypted data to the
server sidé

Scanned by CamScanner
 ity (MU- a
Pgs Se Seu ASeme-Comp)
ceiving encrypted data, Server ___|nternet Security Protocols
remoy
es
' a ihe decrypted data to application layer NP SSI- header and decrypts the data and
| aa Li composed of four Protocols
in
| §8 Wo |
AYCTS, whic: h Suppor
t SSL as shown in
pg.rof the
four, the two most important er
|
| oO andsbake Protocol _and the SSL _R neo ‘that are at the heart of SSL are the SSL
ecord Protoco}, the other 1
Protocols such as SSL
change Cipher Specification and the SSL Alert Prot
ogo| | .
yjous WO protocols. maya Minor role relatively to
re role of these higher-level protocojg ‘Vite
Connection establi
her techniques for data encryption ang alert (warning
| @# .

of required
. ishment, use .

puting actual data transmis. sion process betwee error j .

OF if any) generation
| before
§ N client and se
rver,
| SSL architec
ture / SSL Intern
al Protocol stru
‘Al - ee aes ; cture
gu
SSLppa
oratfnor |
5

SSL hand
ener eV Ption, algorithms and alert massage
|.SSt change
connec! ' shake 3 ;
establishmen
; Protocol cipher
| Specificatio a
n (ane
fe Py
‘ SSL
. —
'8cord protoco| SSL protocol!
: layer
VA aMeessage authen
tication, confidentialit an
| y d integrity /
| += TcP
.
“Tp
: __-| \|). Transpor
t and
“ layer intemet
@

Fig. 12.1.2 : SSL protocols internal

architecture
- TheSSL Record Protocol is responsible for
encrypted data transmission and encapsulation
of the data sent by the higher layer protocols (handshake
, alert, HTTP) also to provide
basic security services to higher layer protocols,

_ ~ SSL was designed to make use of TCP protocol to provide a reliable secure
process-to-
Wocess delivery of entire message/packets. We will discuss how client machine securely
|
‘ommunicate with the server machine by using unde
rlying network architecture.
lata Working of SSL a |
, |
Wewill discuss SSL Handshake Protocol and the SSL Record Protocol in details.

Scanned by CamScanner
 i Crypt. & Sys. Security (MU-Sem. 6-Comp) 12 4 Internet Security Proy
coh

12,1.1(A) Handshake Protocol

protoco I.
Q. 12.1.3 Write in brief about SSL handshake
(Ref. sec. 12.1. 1(A))
ests when we meet to our friend/colleagues, we have habit 1,
-— As the name suggest
Ilo and do the shake-hands with each other before starting our actual communica
hi/hello an
SSL handshake protocol uses somewhat same ideology but in terms of client and Serve, aR 3
an
The ¢e first sub-protocol of SSL called handshake protocol used for secure communica,
between client and the server using an SSL enabled connections.
— In this protocol client authentication to the server is more important that sep, 4
authentication because server has different options available for client authentic ation ‘ : >

details steps of SSL handshake protocol are shown in Fig. 12.1.3,

Server
machine
(web browser)

” Server certificate. a }
client certificate request,
. Server key exchange

Server hello done =

Client certificate : : ; -
: C6rtificate
_.Gllent key verification
exchange
} onal
change cipher specification *
_cliont handshake finished

Change ai Ipher. specification out

Server handshake finished

Fig. 12.1.3 : Sst, ha

ndshake protocol

Scanned by CamScanner
} go pt aS s. Security (MU-
U-Sem. 6
Comp)
aol
a12-
__Intomet Security
Protocols
|. itis used by client an
d server to st
he rauditioking is done vise. Art Commy nication
using SSL enabled connection.

|
Phases of handsh
aking

(a) Phase 1: Estabi shi

Capabiitiog3 culty Connection |

( b) Phase 2: Sorver Authentica

tion and key
exchange
(c) PI Phase 3: : Client
authentication and
Key exchange
(d) Phase 4 : Fi
nalizing and Fini
shing

Fig. 12.1.4: Phases of handsh

aking

¢
i
>» (a) Phase 1 : Establishing Security Connection/Capa

client hello and the server hello.

Client hello
bilities
In this phase logical connections is established betw

The client hello message contains the following parameter,

een client and server and establish
security capabilities associated with that connections. It consists

(i) The highest SSL version number which the client can support.
of two messa es, the

(ii) A 32-bit timestamp and a 28-byte random field that together serve as nonce during key
exchange to prevent re- play attacks. ;
(iii) A session id that defines the session (a variable length session identifier).
(iv) There is a cipher suite parameter that contains the entire list of cryptographic algorithms
which supports client’s system.

(i) A list of compression methods that can be supported by client. ,

© Server
|
(i) The SSL version number, the highest among both SSL number of client and server, will
by server.
be supported by client and other will be supported
ion, however this
(ti) A 32 byte random number that will be used for master secret generati
random number is totally independent from the random number of client.

(ii) A session id that defines the session.

Scanned by CamScanner
 Internat Securit Protec
————— lh

(iv) A cipher suite contains the list of all cryptographic algorithms

that is sent by the liens
from which the server will select the algorithm.

(v) A list of compression methods sent by the client from which the server wil] Select the
method,
> (b) Phase 2 : Server Authentication and Key Exchange

In this phase, the server authenticates itself if it is needed. The server sends its CCFtificat,
its public key, and also request certificate (digital certificate) from the client,
- Certificate : The server sends a certificate message to authenticate itself to the
Client
If the key exchange algorithm is Diffie Hellman than no need of authentication.
— Server key Exchange : This is optional. It is used only if the server doesn’t Sends its
digital certificate to client.
— Certificate Request : The server can request for the digital certificate of client
The
client’s authentication is optional.
— Server Hello done : The server message hello done is the last messa
ge in phase
This indicates to the client that the client can now verify
all the certificates received
by the server, After this hello message done, the server waits
for the client’s side
response in phase 3.

(c) Phase 3 : Client Authentication and Key Exchange

In this phase, the client authenticates itself

if it is needed. The client sends its Certificate,
client key exchange and certificate verify to the serv
er. .
- Certificate : Client certificate is optional, it is
only required if the server had
requested for the client’s’ digital certificate.
If client doesn’t have client’s digital
certificate it can send no certificate message or an Aler
t message to the server. Then it
is upto server’s decision whether to continue
with the session or to abort the session.
Client key Exchange : The client sends a clien
t key exchange, the contents in this
message are based on key exchange
algorithms between both the parties.
— Certificate verify : It is necessary only if
the server had asked for clied
authentication. The client has already sent its certificat
e to the server. But additional
if server wants then the client has to prove that
it is authorized holder of the privat
key -The server can verify the Message with its publ
ic key which was already seat!
ensure that the certificate belongs to clie
nt;

Scanned by CamScanner
ad
 __Internet Security Protocols

ndshaking protocol. It contains 4

teps: ‘ . ient i.e . change cipher specs, finished. The
ve ee responds back with change cipher spec and
finished. i
Change cipher spec : It is a client side mess age telling
- about the current status of
cipher protocols
hi and parameters which has bee
nN made active from pending state.
Finished : This message announces the finish of the handshaki
ng protocol from client
side.
Change Cipher Spec : This message is sent by server to show that it has made all the
pending state of cipher protocols and parameters to active state
_ Finished : This message announces the finish of the handshaking protocol from
server and finally handshaking is totally completed,

l
12 4.1(B) Alert Protoco

sSL uses the Alert protocol for reporting error that is detected by client or server, the
to other party. If error is seriouis then both
party which detects error sends an alert message
parties terminate the session.
_ Table 12.1.1 shows the types of alert messages. SSL alert protocol is the last protocol of
SSL used transmit alerts (warnings, errors, fatal etc.) if any via SSL record protocol to the
client or server.

- The SSL alert protocol format is shown in Fig. 12.1.5. Alert protocol uses two bytes to
generate alert. First 1 byte indicates two values either 1 or 2. “1” value indicate warning
and “2” value indicate a fatal error (if fatal error terminate the session/ connection).

Whereas second 1 byte indicates predefined error code either the server or client detects
any error it sends an alert containing the error (error occurred during handshaking, error
occurred during data processing at server or client side, certificate defeats, etc.)
Level Alert

“ FatalWvaming | Error code

1 byte 1 byte

Fig. 12.1.5 : SSL Alert protocol

Scanned by CamScanner
 LE} CP. 8 Sys. Securly (MU-Som. 6-Comp) 12-8 _ __InHS
temet Securit P otg putt! or
Table 12.1.1: Types of alert messages
ae
a tio"
Alert Code Al ert Messag
e Descri ption i *, .
0 close_no
—nottif
ity No more message from sender a oe
10 :
tnexpected_message | An incorrect message
received “: F
2 0 bad_record_mac A wrong MAC received |
30
mac = |
decompression_failure Unable to deccmpens,
4
40 a
handshake_failure BE Unable to finalize handshake by
the sender. " “nom
42 bad_certificate , ived a corrupted certificate.
Rece
a nding oF
42 Nocertif;icate Client has no-certificate to send to serv
er. 4x psign7ore
42 Certificate expired Certificate has expired.
7
12.1.1(C) Record Protocol
_
After completion of successful SSL e
handshaking the keen role of SSL reco
rd protocol | se
starts now.
‘ ,
4. i ee
— SSL record protocol is second sub-prot ]
ocol of SSL also called lower level protocol
. on
— As defin ed earlier the SSL Record Protoc Divi
ol is responsible for encrypted data transmiss
ion
| 16334 bytes
~
and encapsulation of the data sent by the higher layer protoc
ols (handshake, alert, HITE)
also to provide basic security services to higher layer protocols, ~ Next step 15
oq data should
- SSL record protocol is basics for data transfer and specially used to build a data path — Mer th
between client and server and encrypt the data path before communication.
ee - Niter
Code) me
is c
- SSL record protocol provides different service like data authentication, data” dla is nov
confidentiality though encryption algorithms and data integrity through message gy . Te oh
authentication (MAC) to SSL enabled connections. Poco)

The details steps involved in SSL record protocol and SSL record header format as sho q |
— DEA be,
in Fig. 12.1.6. 4 s Finally ,

Scanned by CamScanner
 6-Comp) te
S. security (MU-Sem. _— _* 2-5 ‘
——
———————S—S—— ae
——— Security Prote

Massage / data a)
—_— application dala

a | Data 2 | [oats]
pata die tation Data 1
frag
——

a rae SSL record header

pata compression YY,
———_]
ent Ma
, jor
t
eee ah version Boral gphjor,
roe cS gth
a Mac addition WP.iy :
a §
ty
i:
ler 2
5 Plaintoxt (compressed) 3
———]
pata encryption
a
—_|

: MAC (0,16,20 bytes)

——.|

Fig. 12.1.6 : Record protocol and record header

all nec ess ary aut hen tic ati on and cryptographic param
_ at this sta ge
ougheeSSL
edions ie
“petween client and server now it’s time of secure SSL data iomeri
record protocol.
data i.e. actual data that client wants to send over
_ SL record protocol takes . application4
d not exceed
different blocks for each length shoul
ss .
serve r. Divi de this data into the
ission
distribution or data fragmentation.
16384 bytes this process is called as data
on size of
HTTP)
is Dat a com pre ssi on usi ng loss less compression techniques; compressi
_ Next step
bytes.
data should not exceed 1024
ation
a on and com pre ssi on step the MAC (Message Authentic
Path - After the data fragmentati appended to the compressed data
(the
and MAC is then
Code) is computed over the data payload.
is now encapsulated) to form a new encrypted data /
data SSL record
again goes through data encryption process.
and MAC i
ssage _- The compressed data chniques like DES, triple DES, AES, and
crypto gr ap hi c te |
protocol uses symmetric key to op er at e on block ci pher.
are specially desi
ques gn ed
IDEA because these techni ne ry pt ed bl oc ks oblttai ned from
jown each e
co rd he ad er is pr etended onto
~ Fina1 lly SSL re rd.
as an SSL reco
encryption process. Re co rd Pr ot oc ol i 5 referred
to
L
od uced by the SS
oc k pr
bytes:
t t© exceed 32, 767
ut bl
~~ Bach outp
is no
The length of a record

Scanned by CamScanner
 rypt. & Sys. Security (MU-Sem. 6-C
omp) 12-10 = Intemet Securin, p
SSL record header refer Fig 12.1
.6 consist of 8-bit content type
Of the message whether any app to which identify ‘
lication data or connection ter ‘hae,

Message.
min ati on o, any
oe
~ Next field is Major Version which is 8-bit
field used to indicate latest version a
use (€.g., 3). Minor Version which is 8-bit
‘ .
i 0
field indicates the lowest vers
use (e.g., 0), ion Of Ss it ;
iy
— Plaintext (compressed) / compressed length which
is 16-bit field indicates the length 8
the plaintext being compressed.
~ Finally sends SSL layer encrypted data
to TCP and IP (Transport and Interne;
layes
necessary transmission over network
) fog
— At the receiver end, the encrypted blocks are decrypted and then checkeg Fin
dad
authentication, data confidentiality and data integrity, reassemble these data int, iiss
unit, and delivered to the application-layer protocol, > ie

— The Record Protocol provides two services in SSL connec

tion :
a) Confidentiality : This can be achieved by using
secret key, which is alread
y defineg
by handshake protocol.
b) Integrity : The handshake Protocol
defines a shared secret key that is used
the
to assure
message integrity.

and authentication is don

e of both client and server.
1. Fragmentation : The origin
al message that is to b €
sent is broken into
size of each block is less tha n or equal to 2" (16384)bytes
blocks. The
.
2. Compression : The fr
agmented blocks are 12.2.1
compressed which
is optional. It shouldh: Aut
into loss of original dat
a. ; p Els desi,
Cation code (a short pi fj
4 ece of information
ee
is to be calculated |ty and assurance of message) for each data auth
using shared secret block
key transit) a
4. Encryption :The
overall] Steps includ é Access
in 8 Message is
encrypted using symmetrick th
but the encryp tion shou ey HP
ld NOt increase
the overall block size datay IP |
,
~ Th © ma
i;
data tor

Scanned by CamScanner
 __Inlemet Security Protocols

pen g Header: After all the above operations,

header is prepended in the
b. ancrypted plock which contains following fields:

Content type (8 bits) specifies which protocol is used for Processing.

; Major Version (8 bits) specifiesthis thefieldmajor version of SSL used, for example if
gSL version 3.1 is in use than contains 3,
°
Minor Version (8 bits) specifics the minor version of SSL used, for example if
. sSL version 3.0 is in use than this field contains 0.
of the original plain text
0 Compressed length (16 bit) specifies the length in bytes
block.
> an Syllabus Topic : IPSEC

2 IP security Protocols
{ee
> (MU - May 16)
Write in brief about eee protocols for: ‘security.
9, 12.2.1 Rk ages
Ref. sec. Hee): LEV AFI CIS
Fnseit of data and its authenticity is prime concern for secure communication, to
sl this tO features, [PSec provides two protocols at network layer :
av
IP Security Protocols

1. Authentication Header ;

2, Encapsulating Security Payload

Fig. 12.2.1 ; IP Security Protocols

{22.1 Authentication Header

_ 7 Itis designed for authentication, integrity of payload which is carried in IP Packet. It is

first protocol of IPSec called Authentication Header (AH) protocol designed to provide
data authentication (to identify source host), data integrity (if data get modified while in '
transit) and non-repudiation but doesn’t provide data confidentiality (if attacker able to
access the contents of a message) because Authentication Header does not encrypt the f
data/ IP packet. :
~The main functionality of this protocol is protection against replay attacks (sending same
data to receiver again and again) and protection against tampering of data over a network.

Scanned by CamScanner .
(BF cop sy. sooutty MU-Som. Comp) 1212 intome Sac
SOUT Protec
- Authentication Header is also used to protect the upper-layer or the entire IP packet. wi
the help of message authentication code (MAC - used to generate fixed length value from
message and secret key to provide authentication) using well known hashing algorithms
like MDS5 or SHAIL.
- By using Hash function and symmetric key algorithm, message digest ls Calculateg ang
inserted in authentication data as shown in Fig,12.2.2 because of ae AH Protocoy
provides data authentication and data integrity, but not confidentiality or privacy,
— The internal fields of authentication header format are shown in Fig. 12.2.2.
— This protocol uses cryptographic checksum which is similar to hash function or MeSsap¢
digest, the checksum is inserted in authentication header and placed in location depends
on which mode it is using (tunnel mode or transport mode).
8 -bils 8 - bits 16-bits 31-bit
- Application layer /’ | Next header |Payload lengthl, Reserved
Lediciuliaiiaiiabaiiall
4

a » Security parameter index (SPI)

Transportlayer “ ; (32
- bits)

IPSec { 4 s; Sequence number (32 - bits)

faver Authentication header] (AH)
Yy Authentication data (digest) Wy
= ble inIn leng
variable length YYYY
IP header | ~~ Network layer

Fig. 12.2.2 : Authentication Header

* Abrief description of each field ©

Next header (8 bits)

- The next header is an 8 - bit filed which is used to identify the type of payload/ day
carried by IP packet.
— Identifies the type of header immediately following this header.

Payload length (8 bits)

- The payload header is also an 8 - bit filed which defines length of the authenticatia
header. , é
— Length of the AH in 32-bit words minus 2.

Reserved (16 bits)

AH contains 16 - bit field which is reserved for future use and always set to zero.

Scanned by CamScanner
 C & sys.
SY: Security (MU-Sem, 6.6 ‘Omp) 12-15

ay parameter Index (SPI) (32 bits) eee tOMet Security Protocols

fy, 3
« tc a 32-bit it field
1¢ used In combi :

for; Sm gpl 3s iby iGiocel 7 DNation With 5

“= uf and AH securit y PFotoco !
acket belongs, we will gjly ident; ify a Securit
to unique Ource IP address
ress, destinat i on IP address
destinati
iteg ang IPP
apie., field also defining eUaR ntSA
which differe te Next hit, ¥ association (SA) for the traffi ic to
: se .

eo) ~ calculate the Message Authentication Code (Macy

AY), algorithms and keys, were used
sed t to
ence number (32 bits)

less3 tis also a 32 bi it field. It prevents the retransmi ssion of d

“Peng : peplay attack. . . .

Magram which is also known as
Ss
A monotonically increasing counter value,
; =
tion Data
guthentien
_ This is variable length -field whose length depends ‘bia, caceone |
Authentication data field of AH protocol is the output of askin en algorithm used.
digest algorithm. : € algorithm or message
_ AH protocol performs the integrity check value (Icv
) on packet header or MA
computed over the complete IP packet C is
including the ou ter TP header to
ensure that the data
has not been changed during transmission process,
. As mentioned earlier AH doesn’t encrypt the data the reason it doesn’t provide
confidentiality during transmission.

¢ Modes of Operation

AH can work in two modes :

ita
Modes of Operation of AH

(i) AH Transport Mode |

(ii) AH Tunnel Mode:

Fig. 12.2.3 : Modes of Operation of AH

9 (@) AH Transport Mode

der and
mod e the aut hen tic ati on hea der is placed between original IP Hea
In Transport
original TCP header as shown in Fig. 12.2.4.

Scanned by CamScanner
 YONA ee MOTO SeCUTyFr,

IP TCP Original data

header header
(a) Before applying AH
,
rl

IP AH TCP Original data

header header
(b) After applying AH

Fig. 12.2.4 : AH transport mode

> (ii) AH Tunnel Mode

~ In Tunnel Mode the AH is inserted between the new IP hedd

er and original 1p header
- The inner IP address contain source and destination addre
ss of sender and
out IP address contain the address of security gateway
or firewall as show
a in Fig, 1225

IP TCP, Original data

header header
(a) Before applying AH

Soa :
IP AH Original IP TCP Original data
header _ header header
- (b) After applying AH

Fig. 12.2.5: AH tunnel mode

12.2.2 Encapsulating Security Payload

One of the most important feature that Authentication
Header was unable to provit
called data confidentiality (if attacker able to acces
s the contents of a message).
An Encapsulating Security Payload is primarily desi
gned to provide encryptis
authentication and confidentiality
for the data or payload that is being transferred in al
network
~ As defined earlie; r ESP js used to encry t
pt the entire payload of an IPSec
ESP alone packet the .
can provide data authentication, protection is
against replay attacks and
integrity by adding ESP header, ESP trailer and MAC to
the packet.

Scanned by CamScanner
y crypt. & SYS: Securit {MU-Som. 6-Com

aad Internat Security Protocols

BSP has the same fields gg defined in
a header, i, divi Ry but itj inte Bates these fields in
-
j
ing just
instead of having a different way
header, BSP trailer and ESp Authen elds into three components; An ESP
tication block, as :
ft is designed for Confidentiality ang int st ‘ow in Fi
egrit n in Fig, 12.2.6,
'
combination of AHLESP adds a header er andg g >raileM8sages, ESP can be used alone or with
for adding ESP header and trailer, r to the p ayloa d, Following
In the initial are the steps
step, ESP trai
step 1 ler i8 added
to Ip Payload,
Payload and trailer or
siep ?# :
encrypted
sep 3! After the encryption ESp header
jg added to
the encrypted
seep 42 ESP header, payload and ESp trail packet,
step 5 This authentication data is add
ed
step 6: Lastly the IP header is added.
The main functionality of ESP is
. ‘0 provid
them. Encryption algorithms (Tri ple DEs, eBlthe Confidentiality
owfish,
to IP packet by encr
ypting
and IDEA etc.) used to combin
es the

ESP Header

This contains two fields, Security Parame

ter Index (SPI) of 32 bits and Seq
uence Number
of 32 bits, as defined in AH protocol SPI is a 32- bit field used in combination wit
rce h sou
‘IP address, destination IP address
and ESP security protocol to identi
fy a security
association (SA) for the traffic to which
IP packet belongs,
Sequence number

Itis also a 32 bit field, It prevents the retransmission of

data gram which is also known as
Replay attack as defined earlier. This field is not encrypted but it’s authe
nticated to
perform anti-replay checking before decryption.

Encrypted data

‘This is variable length filed contains transport

layer segment or IP packet which is
Protected by performing ESP encryption,

Scanned by CamScanner
ESP Traller ,
ep trailer field contains padding
(0-255 bytes), pad length 8-bits
and next header
8 - bits.

Padding (0-255 bytes)

Padding filed used to expand plain text message to required size or to align the enctypteg
data by adding padding bits to the actual data which provides confidentiality to traf,
flow.
If an encryption.algorithm requires the plaintext to be a multiple of some number of byte;
(e.g., the multiple of a single block for a block cipher), the Padding field is used to Xpand
the plaintext (consisting of the Payload Data, Padding, Pad Length, and Next
Heade;
fields) to the required length.

. Pad Length (8 bits)

— This is mandatory field in ESP protocol which used to indicate the number of pag
(protection) bytes added into the packet.
—
Indicates the number of pad bytes immediately preceding this eld.

Next Header (8 bits)

The same bit length as of pad length used to identifies the type of encrypted data in tk
Payload Data field,
Identifies the type of data contained in the Payload Data field (an upper-layer protocol
-
TCP, UDP, or an IPv6 extension header).

ESP Authentication Data

(ication | 0 bits 16 bits 24 bits 31 bits
Epa icetion lave ‘a pSecmity parameter Index (SPI}_ + || esp
| fe ~ Sequence number header
Transport layer 2 PIUVTIITTTITTTIIITTTTTT TE,
gf 6 S YT; Encrypted data ro Stam
,
/ 8
=
=Oo
oo
Woed
layer J | ESP header & 2 Paddin ig —_ = ESP
5 8| ae Pad length |Next header} | trailer
= : *y — _ ESP authentication data (optional)
IP header |. Network layer — S i (variable length)

Fig. 12.2.6 : ESP header, trailer and encryption

i —
Scanned by CamScanner
 1, & SYS SECU
(MEE Sem. 6-Comp) 19.15 cols
Intemot Security Protoce
de
ig IS yariable length field whose length .
is?varjad Je-length field (must be Pends upon encryption algorithm used,
an integer;
Be Check Value computed overile Bh number of 32-bit words) that contains the
jateg “od 4 earlier ESP encrypts th SP packet minus the Authentication Data field
4 ntl ed . e498
3 AS ig ansmissi00 MA the reason it provide data confidentiality
odes of Operation
: MCry pte, =e rk in both modes namely ;
to rats, psPo wo .

“Fr of b
Ytes z
Xt Hea,
de
=>) (i) ESP Tunnel Mode
Fig. 12.2.7 : Modes of
Operation
‘ aW nsport mode
ESP Transp (i
T Of paq

jn this case ESP header is added before the transport layer header (like TCP,UDP) and
trailer is added after the IP Packet whereas if authentication is
required then authentication
data is added after the ESP trail er:

5 12.2.8 shows transport mode in ESP.

ita in the Fig.

IP TCP Original data

— header header
(a) Before applying ESP

- +#—_—— Authenticated ——————4

: ———— Encrypted —-___—_|
7, : =
;

° Original ESP TCP Original data ESP ESP

| IP. header header trailer auth
pti ; header :
eee (b) After applying ESP

r : Fig. 12.2.8 : Transport mode in ESP

: ? (i) ESP tunnel mode

header and ESP trailer after the
> In this case ESP header is added before original IP
Original data,

Scanned by CamScanner
(ay Crypt. & Sys. Security (MU-Sem., 6-Comp)
12- 18 Intorne! Security Protocol,

IP TCP Original data

header header
(a) Before applying ESP
4 Authenticated
+ Encrypted ———————_->|
eS WME
New IP ESP Original TOP Original
‘ data
header header ESP ESP
|P header trailer auth
header
(b) After applying ESP
Fig. 12.2.9 : Tunnel mode in ESP
It is an important aspect of IPSec, ‘Sec
urity Association (SA) is a contract
communication part between the
ies about factors like IPSec pro
tocol version, mode of Operation
(tunnel or transport), Cryptographic algorithm, key etc. Sec
secure channel between two urity Association create, a
communicating parties,
_ If both AH and ESP are
used SA for actual operation
then they will need two sets of SA
one for AH and one for ESP.
For communication each party
needs two set of SA one for incomi
for outgoing transmission bec ng transmission ang one |
ause SA is simplex unidirection
al.
The whole packet is encrypted
. As whole packet is encrypted
added, which will contai so New IP header willk
n information for routing
from on network to another,
Security Association so thy

_ 12.2.3 Security Association Databa

se
> (M
- Dec
U. 17
Q. 12.2. 2 What are security associations ? (Ref. $66
,12.2.3) ES
Security Association can be very
complex.
Each participating parties need to have
inbound and outbound SAs to allow
commun bidireeticd
ication. It is a two directional tabl
e.
Each row in table defines Security Association
which is collectively called as Secut!
Association Database. Each requires party requ
ires maintaining its own database.
For one way communication (called unidirectional)
single SA is: requir5 ed wherea
,
s for
fo
way communication (bidirectional) two security assoc
iation are required.

_——
Scanned by CamScanner
 6A uses different parameters to
security parameter index (Spy ).

protocol format (AH or ESP): an

i
a Protoco]
d Scurity : Ser); en eryption
i algorithms;
tien
perame! ters we have discusseg in Pervious
bit sti
suifer (SPI), Almost all these
srameters. ] let us have
Small look out on
these
Security Parameter
o Index (SP) ;
number used tg
uniquely identify
nected devices, a
The SPI is plac
ed in
Cket to the S€curi
ty association,

o Security Protocol Identifier (SPI) ; To identify which

for security associations. protocol (AH or ESP) is used
If both are useq then they
have Separate security associat
ions
Syllabus Topic : Firewa
lls

- 23 Firewall Introduction

- "> (MU - May 16, Dec. 16)

0.12.31 What isa firewall 2 What are the firewall design principles ?
TEaGe
0.12.3.2: What
. a are firewals
a) ? (Ref sec. 12.3) : Dec. 16, 3 Marks

be tween Linsi id eé @ id ou tsi ide net ork to protect

i i

all traffic bi tween intr anet and

Organization fr

e the protected environment.

~ The |main purpose of the firewall is to keep attackers ~~ id
what is al o ed and what is not allowed.
For that policies are set in the firewall to decide
d wed. sites, carl provide
places, allo wi ed users, allowe
~ Mor eov er we can dec i
leci de the all owe
W w
different access rights to different category of the user s.
lege
j ites ar 2 allowed through col
~ Example : Cyber am through which only ever « ae
ocked using firewall.
ittemet and non-educational sites like facebook, twitter

Scanned by CamScanner
 EF cptsy. secu MU-Sam
6. Comp)
. _12.20
12.3.1 Firewall Characterlstics

[otess” What are the various characteristics of firewall 7 (Ref sac. 12.3.1)

Following lists the characteristics as well as design goals for a firewall :

1. All inside and outside traffic must pass through the firewall. This is possible only
because of physically blocking of all access to the local network except via the
firewall.

2. The traffic defined by the local security policy will only allowed to pass through the
network. Different types of firewall are used to define the policies as per the norms
decided.

3. The firewall itself is immune to penetration. Different techni

ques are used to contro}
access and enforce the site's security policy
.
Service control : This policy helps to determine which type of internet servic
es that can
be accessed inbound and outbound. Firewall can filt
er traffic on the basis of IP address
and TCP port number. It also act as proxy server that receives and interprets each service
request before passing it on.
— Direction control : Direction control determines the direction in which particular service
Not all firew
eq
requests may bebe initiate
initi d ane allowed to flow HEUER the firewall. ; tec
encoding

— User control : This technique is used to controls access to a service according to which +2 At
user is attempting to access it. . ; ak
‘ : é Ww.
— Behaviour control : Controls how particular services are used. For example, the firewall P eee. ca
-
Ya al ne tw
may filter e-mail to eliminate spam.
. . {Tchitee
12.3.2 Limitations of Firewalls g Prewan

’ > 1 atism ie
I Q. 12.3.4 What are the disadvantages of firewalls? (Ref sec. 12.3.2) ‘ «is< planplanned @ : ; D00D
or falls f
be ap , t of securing your organize and
ivotal componen
A firewall may activity verification (through stateful pa
7
n integrity OF
e issues of info rmatio
address th your inner network (thr ough NAT). Your network picks uP
‘ of
inspec tion) and secrecy ; transmi ted activity through the firewall ‘—
firewall by accepting all tat all by receiving itted ac
id all transmitte
benefits from a fn o m @ fi re w
ck nefits fr
these beenefi
network P! ks up
the firewall.

Scanned by CamScanner
 3. Architecture |

4. Configuration

5. Monitoring

6. Encryption

7. Masquerading |

8. Vulnerabllities

Fig. 12.3.1: Limitations of Firewall

jow ing are the limitations of firewall :

rallo
a Viruses
ent
t computer viruses because virus uses differ
Not all firewalls have full protection agains
sfer them over Internet.
*

encoding techniques to encode files and tran

i

42, Attacks
s or ringy.in to or out of the
attackers with modems from ente“l
A fire wall | c cann ot p pre vent user
and its protection com
internal network, thus bypassing the firewall
|
+3, Architecture
ty
: ‘ : ds upon single chanism failure. If that . securi
Firewall architecture depends upon sing
security me
firewall programs: which opens
entire
mechanism has a single point of failure, affects on
the loop falls for intruders.

+4 Configuration
n. Only
Firewall doesn’t have mechanism to tell administ
rato r about incorrect configuratio
erly.
in the field of netw ork secur ity C an configure firewall prop
ined professionals

Scanned by CamScanner
 EF orypr, Pt. & Sys, Security (MU-Sem. 6-Com )
12-22 Intemot Security Protocols
~> 5. Monitoring
Firewall doesn’t give notification about hacking, It will notify only about threa
Occurrences. The reason is, organization demands additional
tware hardware, sof
different networking tools and
as per there requirement hence there is no control on
it.
> 6. Encryption
Firewall and Virtual Private Networks (VPNs) don't
encrypt confidential documents and
E-mail messages sent within the organization or
to outsiders. Dignified procedures and
tools are needed to provide protection agains
t confidential documents.
> 7. Masquerading
Firewalls can’t stop hacker those who steal login id
and password of authentic user to gain
access to a secure network. Once attacker gains : L Packet Filteri
full access of the entire network, attacker
can delete or change the network policies
of organization. tis the most simpl
> 8. Vulnerabilities
Packet filtering is «
Firewall can’t tell other venerability that might allow some protocol type
a hacker access to your internal
network, Ifthe firewall is pla

12.3.3 Firewall Architecture and Types In the Fig, 12.3.3 |

| network] and alloy
=> (MU - Dec. 16, May 17) ; Also the traffic usin
@. 12.3.5 Explain the different types of firewalls and mentio
the ‘layer
n’ in which they athe packet rather
operate. (Ref sec. 12.3.3) ‘8 ee | Me biggest disadva
Q. 12.3.6 What are the typesof firewalls2. Nit Policies.
(Refsec.12.3.3). 6. ae
~ A firewall is a kind of reference monitor. All network traffic passes through firewall.
That’s why it is always in invoked condition. —
- A firewall is kept isolated and cannot be modified by anybody other than administrator.
- Generally it is implemented on a separate computer through whichet intranet and extranc® ets
are connected.

Scanned by CamScanner
 ing are the common architectural implementations of firewalls
Implementations
of firewalls

X Packet Mang Gateways or vereening

routers |
2. Statetul inspection
fewslle
|
3. Application proxies
|
4, Guards

= Personal firewalls

Fig. 12.3.2 : Implementations ofo ficiri

ns 7
5 4, Packet Filtering Gateway

i jsthe most simple and easy to implement firewall.

_ packet filtering is done on the basis of packets source or destination address or based on
some protocol type like HTTP or HTTPs.
- [fthe firewall is placed just behind the router then the traffic can be analyzed easily.
- In the Fig. 12.3.3 it is shown that how packet filtering gateway can block traffic from
network | and allow traffic from network 2.
- Also the traffic using telnet protocol is blocked. Packet filters do not analyze the contents
dfthe packet rather they just check IP address of the packets as shown in Fig. 12.3.3.
~ The biggest disadvantage of the packet filtering gateway is that it requires lot of detailing
- — Wset policies,

Packet
filtering
gateway (69

Scanned by CamScanner
 Crypt, & Sys. Security
Sm. (MU-Sem. 6-Comp)
6-Comp) jee
If port 80 is blocked, If Some applications
essentially need use of port 80 then
Wwe have to provide all the details
of those applications
in this cas, |
for which port 80 is needed,
> ; 2. 4 z A
Stateful Inspection Firewall
~
ona
Packet filtering is done one packet :
at time. Sometimes attacker may use j
their attack. Attacker can this technique for . It a
split the script of attack into different
complete script of attack cannot be ide : packets so that the |
ntified by packet filtering firewall.1 ete-
~ To avoid this stateful inspection firewall
keeps record of states of the Packets from
packet to another. Thus Sequence . ,
of packets and conditions within
identified easily, the Packets CAN be

> 3. Application Proxy .

— Packet filters cannot see inside the pack
ets, From the packet headers they just
addresses for filterin get Ip
g,
~ Application proxy is also known as a
bastion host, Fig. 12.3.4 shows firewa
ll Proxies,

Remote
file fetches
Fig. 12.3.4; Firewall
Proxies
Example

Scanned by CamScanner
 rnet a school Bi anh Bowsinadt’
_ i order to increase the speed of the inte ownload limit for the
students.
Astudent can download only 20mb data per day etc

oh personal Firewalls

0,123.7. ‘What is personal firewalls? (Ref sec. 12.3,3(5)

_ fora personal use to keep separate firewall on a separate machine is quite difficult and
costly. SO personal users need a firewall capability at lower cost.

_ Anapplic ation program which can have

capabilities of a firewall can solve this problem.
traffic on a single host.
Itcan screen incoming and outgoing
firewalls
- Symantec, McAfee, Zone alarm are the examples of personal firewalls. Personal
tems.
can be combined with antivirus sys

234 Firewall Configurations

d? (Ref sec. 12.3.4)
[0.12.8 How firewalls ate conti pred and manage

Firewall Configurations

ter
1. Firewall with screening rou

2. Firewall on Separate LAN

Screening Router
3, Firewall with Proxy and

nfigurations ©
Fig. 12.3.5 : Firewall Co

eee
Scanned by CamScanner
 ET crypt. & sys. Security
(MU-Sem. 6-Comp)p 12-26 Internet Security Protocolg
> 1. Firewall with screening rout
er

Outside network

Screening router
Fig. 12.3.6

The screening router is placed in between

intranet and extranet. Another Name for
Screening router firewall is network level or packet-filter ing
firewall. Protocol attributes are 3 n
a iF fa, 2
used for performing the Screening of incoming
packets.
address Ate
The attributes like source or destination +ANisn
address, type of protocol, source or destination
Port,
a
or some other Protocol-specific attributes plays a vital role. A screening router 424 Introdu
performs packet-filtering and is utilized
as a firewall. In a few cases a screening
Touter a
may be utilized as perimeter assurance for the
internal network or as the whole firewalt
_ With the rap
solution.
; | _ issue for con
“> 2. Firewall on Separate LAN
. Asdefined e
Unauthorized internet users from accessing
private networks connected to the internet are
prevented 4 e ee
by firewall, especially intranets. All messages entering
or leaving the intranet others, becat
(i.e., the local network to which you are
connected) must pass through the firewall,
which F their Securit
examines each message and blocks those that do
not meet the specified security constraint 4
To overcome the problem of the exposure of LAN, a
proxy firewall can be installed on it —
own LAN. :

network

Proxy gateway

Fig. 12.3.7

Scanned by CamScanner
 oe inyomet Security PICS
|) 3
1 with Proxy and Screening Router

Proxy firawall

screening router
Fig. 12.3.8
rect
is ins tal led beh ind the pro xy firewall, then it ensures the cor
ning router yone fails
a double guard protection. If an
all. mn other words it is

sed
pAN is nol expo
n Detection
introduction to i Intrusio
si
A ce nt ye ar s, se cu ri ty has becomes an eesent
Internet during re
n of
with therapid expansio stems.
ut er ne tw or ks and computer sy
issue for comp assets
t valuable
m a i n a i m © f a security system is to protect the mos
the
as defined earlier g; ani zat ion s like ban ks, com pan ies, universities and many
ation) of an or n in some form, and
(dota/secret inform se cr et in fo rm at io
others, because these org aniz
ations have data or
acy, int egrity, and availability of
uri ty po li ci es are keen for protecting the priv
their sec
ation or data.

ees
these valuabl e inform g on
ty po li ci es an d requirements dependin
i
ll have diff er en t se cu ri
_ As these organizations wi
.
their vision and missions se cu rity policies, firewalls,
mp li sh thi s ta sk ar e
en carried out to acco e different services
_ = Many efforts have be (I DS s) to co nf ig ur
usion Detection Syste mis
anti-virus software even Intr
er networks.
inoperating systems and comput death,
(l ik e den ial ser vic e att acks, IP spoofing, ping of
attacks
, But still detecting different mi ng 4 crucial problem to so
lve
comp uter ne tw or ks is be co
network scanning etc.) against
inthe field of cryptography and network security.

Scanned by CamScanner
 ice attacks,
Scannin mation SY¥stem

g a Networks Perform, an
an Mtrusion, e lp address, , Ping Scan
et ©. Which is legally és ’ Sendin

t Alloweg

Scanned by CamScanner
 ot. & SVE: Security
(M U-Sem
Comp) 12.29 Internat Security Protocols
Syllabus Topic : ID
S and Types

intrusion Detection System : Neeg, Meth

ods, Types of IDS'

> (MU - May 16)

‘Explain the significance of an Intrusion Detection Systern for
securing a natwork
(Ret. see. 12.4.2) 9 :
ios : May 16,6 Marks
» what is IDS? Differentiate statistical Anomaly d
Pa dotection. (Ref. sec. 12.4.2) Y detection and rule base intrusion

af as What is intrusion detection system? Enlist and explain different types of IDS
or (Ref. sec. 12.4.2)

geet What are the challenges of-intrusion detection? (Ret, sec, 12.4.2)
snirusion Detection system has some policies or mechanisms to protect computer systems
7 from many attacks. As the use of data transmission and receiving over the internet
iqereases the need to protect the data of these connected systems also increases. Many
scientists have different definition of IDS but as per our point of view IDS can be defined _
qs below point.
#An Intrusion Detection System is software that monitors the events occur in a computer
ems or networks, analyzing what happens during an execution and tries to find out
confidentiality,
indications that the computer has been misused in order to achieve
integrity and availability of a resource or data”.
round, and only generate the
The IDS will continuously run on our system in the backg
rules and regulation or attack
alert when it detects something suspicious as per its own
action to prevent damage.
signature present into it and taking some immediate

? \ntrusion detection
le attacks on the
System examines or monitors system or network activity to find possib
stem or network. Signs of violation of system security policies, standard secunty
prctices are analyzed.
ae i m from
Intusion Prevention is the process of detecting intruders and preventing ie
intusive effort to system.

* Challenges of Intrusion Detection

: ; systems, itsae is important to realize that
In order to better understand intrusion detection
; i ce of
computer systems come in a number of forms. According to the sour
~ kasto networked

Scanned by CamScanner
 Crypt. & Sys, Security (MU-Sem, 6-Comp Internal Security p fe Moody

threats, potential intruders can be roughly classified into two categories ;

l. Outside Intruders ; The attack is launched by an unauthorized computer user, The

attacker will stole or broken passwords, using system vulnerabilities oF impo.
configurations, human engineering techniques, to gain access to computers,
Inside Intruders : Internal intruders, who have permission to access the systen With
ia

some restrictions, In this case, the intruder already has legitimate access to a COMPAatey
system, but utilizes any of the previously mentioned techniques to gain Nd itiongy
privileges and misuse the computer system, Sometimes inside intruders are more harmy, ‘l
than outside intruders. It is ‘observed that 80% of intrusions and attacks come from Withig
organizations,
Following are the possible type of attacks that intrusion detection needs to face ;

Type of attacks

1. Denial of Service (DoS) attacks |

2, Ping scan al

Fig. 12.4.1 : Type of attacks

> 1. Denial of Service (DoS) attacks

These attacks attempt to “shut down a network, computer, or process;

or otherwise deny
the use of resources or services to authorized users”,
- There are two types of DoS attacks:
(i) . Operating system attacks, which target bugs in specific operating systems and
cant
fixed with patches;
(ii) Networking attacks, which exploit inherent limitations of networking protocols a
infrastructures.
An example of operating system attack is teardrop, in which
an attacker explois"
vulnerability of the TCP/IP fragmentation re-assembly code
that do not properly halt
overlapping IP fragments by sending a series of overlapping packets that are fragment?
Typical example of networking DoS attack is a “SYN flood” attack, which 7
advantage of three-way handshake for establishing a connection. In this attack, a ke
establishes a large humber of “half-open” connections using Ip spoofing. The attacke!

Scanned by CamScanner
 ictil m creates a record jn g data
the ¥} 4 structure q
j a spoofed IP address, but it never
receive nd responds with SYN/ACK message
8 the fj to
es
gablishing the connection, since the SPOofgped tektowledgment message ACK for
gespond t0 the SYN/ACK messages, Addresses are unreachable or unable to
anhoug! the record from the data struct
nempts to generate sufficiently large nu Ure is freed after a ti ‘
a mber of “hate, Me out period, the attacker
gata structure that may lead to a segment Atioi
n fay| to pen” connect 10N8 to Overflow the
r locking Up th
e computer,
» » Pingscan
The simplest form of scan, an attacker sends
an
spidate machine (which is the same way the Ping tool echo request packet to every
works),
Any addresses that respond are
noted ag active,

' ’
connection attempts, active. Since many system
this type of scan is s log any
relatively easy to recogn
ize from standard audit
data
.
Q) UDP scans : This scan consists of sending
UDP packets to likely ports on candidate
machines at worst, scanning for any open UDP ports, Since UDP is
connectionless, such
attempts are harder to control using filtering firewalls,
and may be capable of finding
unprotected services and hosts. Many variations on these scanning
techniques exists -
including scans using fragmented packets, and scans spread across a long period or a
number of source machines. In practice, completely blocking scans is probably infeasible -
but may give an administrator early warning of an impending attack.
,
() Rlogin : The RLOGIN attack is characterize3 d by a high rate of connection
s from Sones |
0 another, often within a small period of time. In this attack, the intruder is attempting to
gain access to the system.

* Need of IDS
| ection has its primary goal the detection of abuses of computer systems also
~ Intrusion Det | |
itperforms a variety of functions like :
I Monitoring and analyzing user and system activity.

Scanned by CamScanner
 Internet Securit
Auditi
‘ting system con
. figura I
tions and vulnerabilities.
Assessing the integrity of critical system and
data files.
Recogniti sos
°snition of activity patterns reflecting known attacks.
Statistics .
auistical analysis for abnormal activity patterns.
Operating-system aud
it-trail Management, with recognition
Policy violations. of user activity reflecting

— IDS should offer reports of attac

ks in real time, ideally as the intrusion
allowing security personne is in Progress
l to take corrective action.
IDS S sshould cooperate with
: other Security: mechanisms,
; . .
increasing the overall security of
systems, Ideally, IDS should be capable of detec
ting failures or attacks on other security
mechanisms, forming a second level
of defence,
IDS should be capable of responding to intrusive
behaviour: by increasing its monitoring
in the relevant sections, or by excluding or restricting
intrusive behaviour.
IDS should protect itself against attacks, ensuring that the integri
ty of the greater system,
and audit information up to the point of compromise
remains intact, and ensuring that a
compromised or hostile component cannot adversely affect the functio
ning of the system
as a whole.
- Other than monitoring network intruder and policy violations, the IDS can be useful
ia
many other ways : :
© To identify problem based on security policies.

© To maintain the logs of all the threat those are detected by IDS.
- As users are monitored continuously in network, making them analyze so that ks
violations cannot be committed.

— Using some preventive measures so that violation cannot be occur like terminating the
or block access to the targets or the accounts that
ar
network connections, user session
likely to be violated. |
. - y, which helps#
The IDPS (Intrusion Detection and Prevention System) can acts penie
1 i x

This helps to in validate &

un-packagingthe payload of the request and remove header.
intruder attacks.
attacks.
s ch an ge the sec uri ty
i en vii ronment to prevent itit from
— The IDPS can sometime

Scanned by CamScanner
 1, & SYS: Security (MU-Sem, 8-Comp)
12-39
Internet Security Protocols
intrusion Detection Methog s/
Techni ques
7 Exp ain methods for intrusion detectio
n

ae : Signature Ba
protocol analysis. Most of the IDPS usesSes 4 th “© techniques to re
sed, anomaly
based
duce or make
network
;43(4) Signature Based Detection
‘Ogres. 12 .
nis process of comparing the Signatures of know.
;
i of
rity ‘ onserved. Here the current packet j n threat with the events th
packet Is been matched With ] St ate been
CUrity petwo rk. °8 entry of the signatures in the
-snature is defined as the pattern (structure BZ
— si - Dy contain sommsncaddcens, desta *) that we search inside a data packet. The data
g packe » tion address, Protocol, port number etc.
|. faa ttacker adds any malicious code j
© Ito these data packet he is generating attack
‘Stem, pattern or signature.

that q
‘ite ;
_ Signature based IDS reais '
even of such attack pattem for detecting the known or
documented attacks. Single signature is used to detect one or more types of attacks which
| ge present in different parts of a data packet. ,
ful i ; ;
m - Signature based IDS used to monitor the events occurred in the network and match those
events against a database of attack signatures to detect intrusions.

- Italso uses a rule set to identify intrusions by watching for patterns of events specific to
known and documented attacks.

less - Forexample, we may get signatures in the IP header, transport layer header (TCP or UDP
header) and application layer header or payload.

; the - Signature based intrusion detection system sometimes also called misuse detection

a techniques. It checks for the attack pattern with the existing stored database pattern and if
_ atch is found then generates the alert.
in te ecause
Signature based IDSs are unable to detect unknown and newly generated attacks b
the fee : ; isti da tabase.
. | krequires manual updating of each new type of attacks into to the existing

E> The most well known example of signature - based IDS is SNORT IDS freely available
for atack detection and study purpose.

Scanned by CamScanner
 [3 cop. & Sys. Security (MU-Sem. 6-Comp) 12-34 Intamet Security Protocols
— ==

vw Advantages

An advantage of misuse-detection IDS is that itis not only useful to detect intrusions, bus
it will also detect intrusion attempts.
Effective at detecting known attack without too many false alerts as compare tn
anomaly
detection technique.
uses misuse detection technique
Most of the current network intrusion detection system
to the rules and regulation ae °
for finding the attack pattern and detect them according
— Furthermore, the misuse detection IDS could detect port - scans and other
EVENS that
possibly precede an intrusion.

# Disadvantages

- Detecting only known attacks therefore it cannot identify new attacks efficiently.
— If there is single variation into attack signature it invalidates the attack Signature or unable
to detect it. ;
— Constant updating of attack pattern is required.

12,4.3(B) Anomaly Based Detection

Q. 12.4.8 Explain Anomaly-based Instruction Detection System. (Ref sec. 124.38) |

- Itis the process of comparing activities which are supposed to be normal against obs
erved
events to identify deviation.
- An IDPS uses Anomaly based detection techniques, which has profiles that represen
normal activities of user, host, connections or applications.

For example

Web activities are a normal activity done in a network. Anomaly based IDS works on tk
notation that “attack behavior” enough differ from “nor
mal behavior” (IDS developer ms
define normal behavior).

- Normal or acceptable behaviors of the system (e.g. CPU usage, job execution time et if
the system behavior looks abnormal i.e. increasing CPU speed, too many job execulic® '
6°
a time then it is assumed that the systems is out of normal activity. Anomaly
detection is based on the abnormal behavior of a host or network.
Z ark ani *
~ Database for such type of IDS is the events generated by user, host and ner
“normal” behavior of the systems. These events (historical data) are collected

Scanned by CamScanner
 _ 5 Sys, Security (MU-Sem. 6-Comp Intarnat Security Protocols

Work on
i
and abno tal x io we :
normal
ver 4
Q
ly based IDS chec kss ongoin
i g traf f Ic,
“a ons t
8
An
he t acti vili
iti es, transactions
identify intrusi
d
, to identry i 'y detecti ng anomali es, - based IDS general
”
ly
io :
uses
il ced techniq ues. 8. Host
an
:
ris can be done in two ways
Anomaly Based
Detection

1. Threshold detection

2. Profile Based datection

a =
|!
>
H

Fig. 12.4.2 : Anomaly based detection

at Threshold detection
measured
groups and frequency of all events is
old is defined for all users for all
comparing with threshold.
tection
4 2. Profile Based de
tics for
cr ea te d an d th ey are ma tc hed against the collected statis
s
Profiles of individual ar e
tterns.
checking the irregular pa
x Advantages
network. If it
st em 0 bse rve s and checks the deviation of normal
sy
An anomaly detection om no rm al de viations it will immediately
ious in the ne tw or k fr
abserves any changes Or suspic
unknown attack.
| igforr and alert about the

? Disadvantages due to the

: larg e number of false alarms
s generate
- Anomaly detection technique
users and networks.
unpredictable behaviors of order to
” of sy st em events, records in
g data set
- It also requires extensive “trainin
terns.
characterize normal behavior pat Ov e ample, a
r time (for exa
vior us ua ll y ch an ge s
di ti on , be ca us e a usct’s normal beha hos t to ano ther host),-it is
very
. | In ad ve s fr om on e
user’s behavior may change when he mo vior.
|
col lec t the hi st or ic al da ta of normal and abnormal beha
difficult to

|
Scanned by CamScanner
 ker Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-36 1 nternet Security Protocolg
et
4
12.4.3(C) Stateful Protocol Analysis a qrese
Unlike anomaly based detection which uses host and network specific Profiles, the «
pp?
stateful protocol analysis relies on Vendor devel
oped universal Profiles. The stateful Protogg,
analysis means the IDPS is able of checking the network, applications, and Protocols that ‘ | 4
op &
pre defined in them. It can identify unexpected sequence of
threats in form of commands. E ese
@ Disadvantage of stateful protocol analysis
. 2 Amon:
- Stateful protocol analysis are extensively resource deman . net
ding. the
- These methods don’t capture threats or attacks
that don’t hamper the general acceptey i 42. A.A) !
protocol in network.

12.4.4 Types of IDS , As the

Latior
Q. 12.4.9 Explain types of Intrusion detection systems (IDS). (Ref. sec,
12,4.4) —
Q, 12.4.10 Describe the different types of IDS and their limit
ations. (Ref. sec. 12.4.4)
The types of IDS are differentiated mainly by the types of event they Monitor o
scrutinize.
There are four types of IDS,

Types of IDS
Technologies

1. Network based Out

‘

2. Wireless

3. Network Behavior Analyse}

4. Host Based

Fig. 12.4.3 : Types of IDS

——
> 1, Network based

The IDS monitors network traffic. It analyzes the network

activities and protocol activitié These e
to identify suspicious activity of the network,
t £9 detec,
~~» 2. Wireless
:
The IDS monitors the Wireless network traffic.
It analyzes the network activities
protocol activities of wireless network.

Scanned by CamScanner
 Ne
‘i
twork E tehavio Ur Ana lyse Intamet Security Protocols
Protocols
Bas network behavior an
specifi (Distributed Denial
alyze

fes
id ‘+

ty the
s. Th © Profiles pposiPis of Service) Attacks cnt that create
a
and ©Protoco}s
statefy] 4.ro CO Host
os Based : * Malware, aan 1 POlicy
oy sna rntt
violation overflow,
M Of é on a
‘4.

™mm ¢ IDS monitors the host and the

even
SCCurs with:
ong aboveve four types of IDS two * Within th at
are ; host.

: spe nerworks and hosts. © portant and Most ¢ Ommonly used to moni
Omutor
the gen eral ac , ‘A Networ
k based IDS
cept d 94a ) (NIDS)
as the usage and popularity of Internet js tis reac:
petwork are increasing for example TCp hijack; Casing ttemendou Sly, the attacks
- * : Cl

ng, DOS, Ip Spoofi tacks to the“

Ng etc,

ae

Fig. 12.4.4 : NIDS architecture

based IDS It need Nees “mai. *
tocol activities - These network attacks cannot be detected by host
architecture of NIDS is shown in Fig. 12.4.4.
to detect the attack and resolve it. General

rin g, cap tur ing and ana lyz ing packets or network traffic
~ NIDS detects attacks by mon ito
cts malicious data
, indication that computer has been mis used, It dete
and, tries to give
ictivities 4 _ Pfésent into packets by monitoring network traffic.

aS
Scanned by CamScanner
 12-38 Intemet Security Protocols
et Crypt. & Sys, Security (MU-Sem, 6-Comp)
oy

NIDS continually monitors network traffic and discovers that if hacker/ intruder are
attempting to break into a system,
- When NIDS installed on main server which consist of multipl
e hosts in a single network
it detects attacks present in the multiple hosts by checking incoming packets that looks
unordinary.
— NIDS uses raw network packets as the traini
ng dataset for offline detection collected from
well known research laboratory such as Defence Advance Research Project Agen cy
(DARPA).
- As defined earlier it can be installed on servers, workstations,
personal computers o-
machines dedicated to monitor incoming network packets from switches, routers and
probes for intrusions.

@ Advantages of NIDS

- Avwell placed network - Based IDS can monitor a large network.

- NIDS just listen to the network; it does not interfere in the network.
- NIDS can be made very secure against attack and made invisible to many attackers.
- Network-based IDS use live network traffic for real time attack detection
and also
operating system independent.
_- Itisabletom
@ Disadvantages of NIDS
F Disadvantage
It becomes difficult for NIDS to recognize the attack in large or busy network due to
high
traffic is there in network. It will be difficult for NIDS to analyze, _~ Host-based 1]
host. Monitor
- NIDS cannot analyze the network if communication is in encrypted format.
and log gener
- Difficult to detect the whole process of attack, usually detect only the initial level of
~ When host-b:
attack,
data can be in
—- We have seen a different type of IDS but we must know how these IDS detect whether
given packet is malicious and the system behaviour is abnormal. There are two main types
of detection techniques for analyzing events generation, system logs, audit trails, and
malicious packet activities namely : anomaly detection and misuse detection also called
signature based IDS.

- (NIDS) usually consists of a network sensor with a Network Interface Card (NIC) 9r i
card operating in casual mode. The IDS is placed along a network segment or boun a
and it monitors all traffic on that network segment.

Scanned by CamScanner
 | «, geculit
; 49; intarnat Securl Protocols
E 2
a apt §
Host pased IDS (HIDS)
:
ects information fi m the operating system audit trails, and sy
stem logs.
y eal ro ating system, an
ie a sec riesoof records of events, about an oper
computer
ae
iit trail 18 a tors system activity)
yser activin 8 dy an auditing system that moni
iy installed on individual host which is connected to the internet ;

e pros Of Hee g the co mp ut er sy st em they are installed on

yz in
focus monitoring and anal the file system
ry in? ysly monitors the state of system. It check content of RAM and
suspicious.
. yee that their content do not look
i ici iciciious activity of system log.
40° jooks for the real time malicious, susp
tt generally
4 ie ges of HIDS
: e on OS au di t tr ai ls ; th ey can help detect Trojan
d S operat
. ned earlier Host-base eateID
s the software integrit
y violation,
s at cr
7 se oF other attack th or
which usually encrypted.
network traffic,
of the encrypted
5 analyZe most er.
eypted BY the sender and/or receiv
|
IDS.
so me ti me s no t po ssible for Network
ich is
d detect attack, wh
| jpisable to monitor an
HIDS .
+ pisedvantages of gen era lly ins tal led on individual
beca us e the y
S ar e di fficult to manage, er en t system configuratio
n
E Host-based ID t be ca us e 0 f di ff
difficul
ni to ri ng to in di vidual host is
host. Mo
and log generation. as an in fo rm at io n source the amount
of
stem lo gs
S use operating sy
- When host-based ID orage on the system.
iring additi onal local st
ata can be increase, requ rvice and network scan
\

ne tw or k de ni al of se
suitable for detecting
- Host based IDS are not kets received by in
dividual host.
only those pac
atacks because it only checks
Email - PGP
Fe Syllabus Topic : Secure

Se
‘

cu ri ty : Pr et ty Good Privacy
5 Electronic Mail
|

=> (MU - May 16)

(Ret. sec. 12:6) Tees

St Wt Inbrie! about Email security.

Scanned by
wd
CamScanner
(ey Crypt. & Sys. Security (MU-Sem.6- 12-)40
Comp wedittematat SeSecurit
Urity Protoco, E

We all are aware that most popular use of Internet is to send the te and chatting With
the friend’s, partner etc, But have you ever think that if we are sending mail to
Intended
person is going in his inbox only?

Security concerns have estimated that only about one ini every 100 m essages
i BES isis secur
; d
against interception and modification: attacks. Are we aware that sendin
nding g an an emailemail ;.|
business partner or friends in clear text message is going through thousands
of Machines
(between sender and receiver before it reaches to intended recipients?)
these mach}
might read and saved the contents of email for future use?
Many people think that name given in sender of the mail identi
fies who actually sends it,
When you send a message through email, we cannot
guarantee that it will be deliver
Correct destination or received exactly what
you sent. And even there is a no Way of
knowing that the message is received read and
forwarded by attacker.
Because of wide spared problem of email modifica
tions, sending it to wrong destinatig
by intermediate parties, email spoofing
, we need a competing solution
to overcome and
address the issues of authentication, in tegrity and reliability of the messages
Sender and receiver,
betweey

The public key cryptography

play an important role because of two
intended sender can decrypt th keys used, 9
© message using his public key as mes
private key of the sender. sage encrypted yg; ;

The solution is called as Pretty Goo

d Privacy (PGP) programy softwa
Secrecy and non-repudiation of data re which provide tig
sent over Internet especially by ema
il.
Pretty Good Privacy (PGP) is
a popular open- source freely ava
techniques used to encrypt and dec ilable software package!
rypt email messages over the Int
ernet.
PGP is an e-mail security progra
m written by Phil Zimmermann in
become a de facto standard for €-m 1991, PGP progas
ail security used to store the enc
can benon-readable by other use rypted files so thai
rs or intruders.
This program also be used to
send an enc rypted digital
sender's identity and know
signature, let the receiver veri
that the Message was not changed
or modified vhil
transmission.
Once the file is encrypted using PGP program
only the intended recipient can dear °
Once message content digitally singed by sender,
the sender guarantee to the recipi
that message or file comes from valid sender and
not by attacker.

ald
Scanned by CamScanner
 a signature functionality of Pq Intornat Security Protocols
’ «ital § P au
Ra and not from an intruder, Rarantegs 4 At the message
or file come fram the
: working of Pret
ty Good Privac
y
5.
it

S
set ned earlier PGP
uses the Concept of
7 3 tin text message using PGP, it first Compr

afte data compression PGP generate the Session ke

y. Table 12.5.1 show
‘ , the message in order to achj leve s how PGP
the confidential
ity, integrity and
repudiation.
Table 12.5.1 : Encryption and Decryption of Pretty Good Pri
. vacy
| ameter
parameter
_ Paramete
. | ay 2
Algorith
oritinm
Description |
|
; a c

_| pigital SHA or RSA A hash code of a message is created using

signature SHA-1. This message digest is encrypted using
RSA with the sender's private key and added
| with the message.

1 | Message IDEA or Triple | A message is encrypted using IDEA or 3DES

encryption DES with Diffie- | with a one-time session key generated by the
Hellman or RSA _ | sender, The session key is encrypted using
Diffie-Hellman or RSA with the recipient's
public key and Rdded with the message.

A message is compressed, which saves the |

. |Compression | ZIP
transmission time and disk space.
;
. | Bail Radix 64 For email applications transparency, an
compatibility | conversion encrypted message converted to an ASCII
string using Radix 64 conversion.
To resemble the segments before
Segmentation
decryption process.
Soe

aad
Scanned by CamScanner
 OrypAt Sys, Geourty (MU-Sem, & Com Internet Securt Protocels

Following are the detail encryption and decryption steps of PGP

) ’;

eee
Encryption and decryption
alopa of PAP

1.PGP Authontication \

2,PQP Confidentiality \

3.PAP Authentication and Confidentiality |

4, PGP Compresaion }

6.PQP E-Mall Compatibility _|

6.PGP Sogmentation |

Fig. 12.5.1: Encryption and decryption steps of PGP

> 1. PGP Authentication

1. Ramesh has (private/public) key pair (Rd/Re) and he wants

to send a digitally sj
message mm to Suresh,
Ramesh hashes the message using SHA-1 to obtain SHA(m),
hm

Ramesh encrypts the hash using his private key Rd to obtain ciphe
rtext c given by
¢ = encryptra(SHA(m))
Ramesh sends the pair (m,c)to Suresh
Suresh receives (m,c) and decrypts c using Ramesh's public
key Re to obtain signature
S = decryptp.(c)
He computes the hash of m using SHA-1 and if this hash value is equal
to S then
message is authenticated.
Suresh is sure that the message is correct and that came from Ramesh. Furthern®
Ramesh cannot later deny sending the message since only Ramesh has access
private key Rd which works with respective
public key Rd.
2. PGP Confidentiality

Ramesh wishes to send Suresh a confidential

message m,
Ramesh generates a random session key k fora symmetri
c cryptosystem.
Ramesh encrypts k using Suresh’s public key
Be to get,

__ —_
Scanned by CamScanner
 protocols
Internet Security
| : 4 gecurity (MU-Sem. 6-Comp) eet
yi = encryptne(k)
pts the message m With the session key k to get ciphertext c
pen ¢ = eneryptx(m)s
gon? ,c)
I, h l ue (k’
res the va a
sen
ds Su
«fi ond
d(h’)
in
gnc ryp
ts
ing vat
e
key By to ob
ta k.
ryptn
ues ( dec k’ us his pri
f ves the val ic) and
b sur
sh ci
& dec
e session key k to decrypt the ciphertext c and recover the message
p uses th
m = decryptk(c)

for
wie? etric key aeypicaysems are combined in this way to provide security
is used only to
Pu e and then efficiency for encryption. The session key k
a
dis not stored for any length of time.
message"
enetsh
GP Authentication and Confidentiality
— .
4a*
authentication and confi denti ality can be combined so that Ramesh can
rhevcontisevd eme s fOr alt uired are as
ential message which is encrypted before transmission. The steps req
sift
.
|
glows *
si gn at ur e c for his message m as in the Authentication scheme
tes a
| Ramesh genera
¢ = encryptra(SHA(m))
tes a ran dom sess ion key k and encrypts the message m and the signature c
1 Ramesh genera
cry pt osystem to obtain
ciphertext C
using & sy mm et ri c
C = encrypt(m,c)
n key k us ing Suresh public
key
1, He en cr yp ts the se ss io

k’ = encryptne(k)
- 4 Ramesh sends Suresh the values (k’,C)
session
C and decryp ts k’ using his private key Bd to obtain the
$, Suresh receives k’ and
kyk
decryptpa(k’)
k =
5
6 i the sessi on key k to obtai n m and c
Suresh decrypts the ciphertextC using
;
(m,c) = decrypt(C) ;
ri. § uresh now has the message m. In order to authenticate it he uses Ramesh public key Re
|
to decry . m using SHA-1.
decrypt the signature c and hashes the message

a
Scanned by CamScanner
 £

ar Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-44 Internet Securi

— Prot y
CC 3
If SHA(m) = deeryptre(e) : 5 ots tb

L 2 gach 6
Then the message is authenticated.
E 3 : this yal
=> 4. PGP Compression § a po?
. set
PGP can also compress the = if desired. The compression algorithm js ZIP ang i a & es cons
decompression algorithm is UNZIP.
; another
1. The original message mis signed as before to obtai
. n a poP automa
c = encryptra(SHA(m))
. i pt, th

ian recel
2, Now the original message m is compressed to obtain
@ followin’ ah
M = ZIP(m)
BE. i Authent!
3, Ramesh generates a session key k and encrypts the compress
i
ed message ang the Signat, 3 Non-rept
.
using the session key re
; :
ores
C = encrypt(M,c)
oo _ ce oc
4. The session key is encrypted using Sures
h’s public key as before. 7, Segment
5. Ramesh sends Suresh the encrypted sessi de
on key and ciphertext C. we kK
125.2 nag
6. Suresh cccryps the session key using his private key
and then uses the Session key 4 _
decrypt the ciphertext C to obtain M and c Suppose, we
can get unav
(M,c) = decrypt,(C)
a Backdoor i
7. Suresh decompresses the message M
to obtain the original message m
= ABackdoor
m = UNZIP(M)
provide unaut
8. Now Suresh has the original message m
and signature c. He verifies the signature
SHA-1 and Ramesh’s using - A backdoor i
public key as before,
encryption al;
> 5. PGP E-Mail Compatibility
~ ABackdoor ;
—- Many electronic. mail; systems can only trans
mit blocks of ASCII text. This; creates! «ven be j
problem when sending encrypted data which mple
is in cipher text form might not correspod
to ASCII characters that can be transmitted. Nst to give al
Statement for
_
PGP overcomes this problem by using Radi
x-64 conversion.
Suppose the text to be encrypted has been converted into binary
using ASCII coding .
encrypted to give a ciphertext stream of binary. Radix-64 conver
sion maps. arbi
binary into printable characters.
1. The binary input is split into blocks of 24 bits (3 bytes
).

Scanned by CamScanner
 ib . ~ Internet Security Protocols
is then split
into four Sets
cach of 6 bi-bits,
i
ss 6-bit set will then have a value between 0 andn 2° ~ | (= 63),
ria

1.? a 8 yalue js encoded into a printable character

”
|

jf cf goqsraint of e-mail 18 that there is usa

oo are the service offered by the PGp .

r

wit
2. Confidentiality
|. soayetition
sepusiation 4, Integrity
s F mpression 6. E-mail Compatibility

, * Se gegmentation
packdoors and Key Escrow in PGp
.

Su ppases We have ; saved your password in laptop. So, anys one who
: has access the laptop,
woe unauthorized access to your account. And that is a simple way of saying what

a Backdoor Py,
_ aBackdoor is a method for bypassing normal authentication in a system and thus,
provide unauthorized remote access to the system to malicious users.
_ abackdoor is a “feature” in the software of-PGP like an utility functions but not in the
| qgcryption algorithm that allows an outside party to decrypt which is encrypted by PGP.
_ ABackdoor may be implemented as a hidden part of a program or a separate program or
| wen be implemented by hardware.
I. just to give an example, in 2003 a Backdoor was planted in Linux Kernel. Ina conditional
| silement for checking root access permission, ‘= =' was replaced with '='. As a result, it ji
gave unauthorizd access to malicious callers. Even very recently, in 2015, Salles i
that automatically
Networks have warned about a malicious Backdoor in their firewalls
derypis VPN traffic. i
and Asymmetric
are two types of Backdoors -Object Code Backdoors
/* There

a:

|
rr

Scanned by CamScanner
 LB" crypt. sys. Security (MU-Som 6-Comp) _12-46 Internet Security Protec
In Object Code Backdoors, software source code remain
s unchanged, but the object egqa
gets modified maliciously. As the object code is designed
to be machine readable,
becomes much more difficult to detect. These types of Backdo
ors are inserted in the
disk object code or inserted at some point during compilation, linking or loading,
_ Recompiling the software source code may get rid of the
Backdoors. So, malicious us ones
sometimes change the compiler source code in such a way that, whenever jt compiles -
if
a
links and loads the source code, the Backdoor is inserted. These Backdoors can be a 3

by recompiling the compiler and removing the Backdoor inserting codes. a

— Normally, Backdoors are symmetric. Anyone who finds the Backdoor,
can in turn Use ig
' But, Asymmetric Backdoors can be exploited only by the
attacker who plants jr, eVen .
the Backdoor implementation becomes public. This type of
attacks are termeg J
Kleptography and they can be carried out in software
, hardware or in combination
both. The theory of Asymmetric Backdoors is a part of a larger ficld na A poney,
Cryptovirology.
or new
* Counter measures hackers¢
— Once Backdoors are detected, rebuild a clean system and transfer data. _ Multiple
- Another method is to use Diverse Double Compi
ling or DDC, It requires a different e “There ar
compiler and the source code of the compiler to be
tested. That source code, while employe
compiled with two different compilers, would result in two different
stage-1 compiles informat
showing same behaviour.
_ hackers’|
- Thus, the same source code compiled in two different stage-
1 compilers, must result i
two identical stage-2 compilers. This method was applied to
verify that C. compiler of (> Honeype
GCC Suite contained no Trojan, using the icc as the other compi
ler. Normally, Operating as firew
Systems vendors implement these type of methods to make sure they are addition,
not distributing
compromised system. ‘Systems,
@ Key Escrow og There are

- Key escrow is a cryptographic key exchange process in which a key is held in escrow, Method;
stored, by a third party. A key that is lost or compromised by its original user(s) may 0 Pro,
a

used to decrypt encrypted material, allowing restoration of the original material ©

|
unencrypted state.
keys. Escrow systems® ’
Key escrow systems provide a backup source for cryptographic
sotnsenle risky because a third party is involved.

Scanned by CamScanner
 : Protoco Is
| clippet Chipi was a U.S. go eh
g Vvernment
The .

93. The
i

ryption chipset introduced in 19

Ce With q
.

as ih eimai ENCtYption devi

aciliitate on ini
encryptiion thefag 8overnment-held (eser aster
intoats,th The ’ iceembaj den es. ip
ty pper
vety
by 19 ,
.96, ; but the coneNe ept Se
°r olri
CVcu d
th re
was de ’ te
encryption tool, which is used worldwide, © Pretty Good Privacy (PGP)
as a “fair”
(also known
tat escrow “typlosystem
: ecrypt encrypted data ) is an
; arrangement in which the keys
ed tod ss ag are held in escrow 80 that, und
a authorized third party may gain access to those keyg in ci :
en an a
a
Syllabus Topic : Hone
y Pots

oo 5 Honeypot ——___

_ Ahoneypot a a decoy computer system for trapping hackers or tracking unconventional

op new hacking a sai ate designed to purposely engage and deceive
hackers and identify malicious activities performed
over the Internet,
Multiple honeypots can be set on a network to
forma honeynet.
There are many advantages to honeypots. The main one
is the ease with which they are
employed. Another advantage is that although honeypots seek small amounts of hacker
information, the information is considered highly valuable for studying and uncovering
hackers' motivations. |
- Honeypot systems are not perfect, however. They contain the usual technology risks such
%s firewall penetration, broken encryption methods and failure to detect attacks. In
addition, honeypots are unable to detect attacks against systems that are not honeypot
systems. |
- There are two different kinds of honeypots. They are classified based on their deployment
method :
0 Production Honeypot : Used by companies and corporations for the purpose of |
researching the motives of hackers as well as diverting and mitigating the risk of f
attacks on the overall network.
© Research Honeypot : Used by nonprofit organizations and educational institutions
for the sole purpose of researching the motives and tactics of the hacker community
oe ae

for targeting different networks.

dan np i ca

ia | y
Scanned by CamScanner
 _-ntemet Security Protocols

Honeypots are not always designed to identify hackers.

Honeypot developers are often more interested in getting into the minds of hackers, which
then permits them to design more secure systems, as well as to educate other professional,
about the lessons learned through their efforts.
Overall, honeypots are considered an effective method to track hacker behavior and
heighten the effectiveness of computer security tools.

Sa,

Chapter Ends.
QO0Q

Scanned by CamScanner
 Module 6

Software Vulnerabilities

sy cat e scripting, SQL

vulnerabilities : Buffer Overflow, Format string, cross-sit
sof twa re ; s, Worms, Trojans, Logic Bomb, Bots, Rootkits
injectio n: Mal war e : Vir use

_—

g1_ Program Seounty

rams
Secure Prog

ats sours prowan? el see 18.8)

gid

and integrity.
is wh ic h pro vid es or enf orc es availability, confidentiality
rogram
. Asecurep
nee ds.
peo ple ma y ha ve dif fer ent security requirements and
_ But different
.
Examples
her work is good enough.
1. Naive user : Fit for his or
ing.
his / her tests while programm
2, Programmer : Passes all
d.
na ge r : All re qu ir em en ts and specifications are covere
3, Ma
g.
lo pe r : Co rr ec t im pl em en ta tion, functioning and testin
4, Deve
llowing ways,
~ This security can be judged by fo
1. By fixing software faults faults can be
k fix method new
While fixing software faults especially by quic nes, side effects of
by work pres sure, deadli
introduced. Mainly these faults are caused
requirements efc.
the fault fixing, system performance
2, By testing program behavior In requirement
ma y cau se fau lts / failures in the program.
ors
While coding typing err

Scanned by CamScanner
 —<—— Software Vulnorabititiog
od then again it May cause
understo ; 8
not clearly. ent
‘ea’ments |.are Aga components inaethe prmogararm hayg
se
‘ requireme
if in dif fer s 3
analysis pha . a . o r
ioneeal or acc ntal flaws fi
ide
lementat jon
ng and imp
wrong codi each other
whl
at e w i t
i h use by 4
to communic fa ul ts ar e faults.
pr og ra m. Accidental g h l y ¢ o avoid such
the thorou
te st in g must be done g al so . Te st in g can check that what
Therefor e this test in
for
jimitations program
But there
are some
chee k what; program should
not do. Again
It ca nn ot as well as changing
ld do. ex data structures
program shou © od in
i g, c o m p
ic. omplex
complexity for testing:
gi es ar e th e challenges
technolo
alysis uld be taken
3, By program an
r j u d g i n g so ftware security. Care sho
oaches fo
It is one of the best appr to deployme:
nt stage: While developing program,
m e n t an al ys is
ire considering all the scenarios,
right from requ Id be pe
P rformed care fully by can te
testing and deb
uggin g sh ou
se cu ri ty me th od s and. techniques
p eciali z e d
Based on the analysis s
implemented.
Program Errors
13.1.2 Non-malicious
> (M c. 15)
- DeU
programming errors. |
ex am pl e § exp lai n non mal ici ous
@.13.1.2 With the help of : DS
1.2)
(Ref, sec. 13. 2) a
ogram ef rors ? (Ref. Sec. 13.4
Q. 13.1.3 Whatis non malicious pr
a pro gr am me r ca n ma ke mi st akes/errors. Most of these errors are no!
While programming, security. Program
‘of errors do not have huge impact on
intentionally done. Many such kind
it is non-malicious.
may produce wrong or incorrect results but
program errors,
Following are the three types of non-malicious

1. Buffer overflows

| Q, 13.1.4. What is buffer overflow in software security ? (Ref,s ec. 13.1.2(1))

space.
into ov erflow
— Attacker can insert malicious data values / instruction codes
cannot i
- Array bound checking is not performed by C compiler, pointer li mits
definedas well.
- Example:
int B[15];
— Here the array bound is (0 to 14). i.e. B[O)......B[14].

a5 re
-

Scanned by CamScanner
 also known as aliasing.
Running normal
<< << —— After attack

—
Program
Instructions a Program
Instructions

Data
>} ata

> should be taken

cloping Program,
he HEAP
ReeDynamic Memory ©
2
ee eee» Malicious code{

all the scenarios, ~~ Procedure Call _ Procedure Call

hniques can be yt. Frame

(MU - Dec. 15) Fig. 13.1.1 : Buffer overflow attack

rors. - As shown in Fig. 13.1.1 attacker changes the return address and thus can transfer the
. 15, 5 Marks
control of the program.
sa
1 Incomplete mediation

|
e errors are not
urity. Program U12.1.5 What is incomplete mediation in software security?
(Retsec.19.1.212)). pe
introduced as sensitive
Due to incomplete mediation serious security threats can be
data may get exposed and can result in uncontrolled con
dition.

Example : URL: http://www.onlinestore.com/purchase/total ai

t to the server,
WV space. User can edit the total cost and resubmit the 1 eques

ts cannot be URL : http:/Awww.onlinestore.com/purchase/total = 035.

Such kinds of vulnerabilities are very dangerous.
jlities. Such editing permissions
Proper care should be taken to avoid such vulnerab
Should not available to the user.

Scanned by CamScanner
[a Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-4 Software Vulnerabilities

3. Time-of-check to time-of-use errors (TOCTOU)

— This is one of the best examples of RACE condition.

- RACE condition is very vulnerable to attack. *

- Example : If two threads are sharing their root and current directories then, Let
_ Thread X’s current working directory is /college.

Thread xX calls open(“shadow"); ; ; | |

¥ ealls chdir(“/department”) | | |
eystem monitor permits both the calls

open ‘shadow ") executes with ‘department as working directory

Xs ‘call now opens ““/department/shadow”

_ Proper locking mechanism can prevent this kind of attack. Time lags should be.
considered. After checking values it must be locked using digital signatures and
certificates. Thus after check data cannot be modified.

Syllabus Topic : Malware - Logic Bomb, Bots

13.1.3 Mallclous Software

Q. 13.1 6 What are different types of malicious code ? (Ref.ee 13.1.3)

Q. 13.1.7 What iis malicious code ? (Ref. sec, 13.1 8) |

Q. 13.1.8 What are ‘the different types of malicious software’ S 27 (Ret. sec. 13.1.3)

Malicious software is software where an attacker can get partial or full control of the
program. Thus attacker is free to do anything that he / she want to do.

Fig. 13.1.2 shows different types of malicious software’s.

Malware is currently the major source of attacks and fraudulent activities on the Internet
Malware is used to infect computers. Malware, short form is malicious software or also called j
as malicious software.

awail'* !

Scanned by CamScanner
f Trojan Horses

visasbombs Worms Viruses

Fig, 13.1.2: Different types of malicious software’s

it) potnet
under control of an attacker.
ig a network of zombies, i.e. compromised computers
is acomputer connected to the
i - program loaded on zombie computer (a zombie
provides remote control mechanisms
sa that has been compromised by a hacker) that |
tely control a computer.
Bot - a small program to remo
SE men
unication (C&C) channels to command
Rot is characterized by Remote control and comm
ds and information between the —-
victim (Means of receiving and sending comman
the zomb ies) as show n in Fig 13.1. 3. For example, perform denial-of service
ae and
. ‘amteae
attack, send spam.
(Botmaster)
7
| em

———_ ee ee ee ee ee
1
1
1
t

i
1
1
J
i
'
1
1
t
t
1
1
SS Se

ee eee
eee
é

eee

ee eee
eee
eee

ee

2 en a ae
Fe

a a ee a
wan

Scanned by
ath
CamScanner
 ep Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-6 Software Vulnerabilities
(2) Trojan horse

It is a computer program. Along with some useful code or function, some hidden
malicious code or function is there which may hamper performance of Security
mechanisms. Useful information can be stolen by attackers.

(3) Bacterium

Bacterium is a special kind of virus. Virus is getting attached with different files but
bacterium does not get attached to a specific file.

(4) Logic bomb

Logic bomb is generally usedin DoS (Denial of Service) attacks. When specifieg
conditions are met it activates malicious program logic. It may damage system Tesources
greatly.

(5) Time bomb

This gets activated when specified time occurs.

(6) Rabbit - | .
It is a kind of virus / worms that replicates itself without any limits. The intension
is to
exhaust resources.

— iasiliinand
(7) Trapdoor / backdoor

An intruder can enter into the system by’ bypassing ‘all security servic
es or mechanisms.
Thus intruder knows the flaws or loopholes in the system and can get

anal
these loopholes to

Lina iae sc
gain access to the computer.

_____ Syllabus Topic : Viruses and Worms a

|
a 3
13.1.4 Virus and Worms

Q.13.1.9 Writea brieonf- Viruses and.their types. (Ref. sec. 13.1 4)

> (MU - Dec. 15, Dec. 16) |
a. 13.1. 10 What are the aiferent types of viruses and worms? How
do. they pope |
: _ (Ret. sec. 13.1.4). a eR 7 le PETROELS
— Virus and worms are the classes ofSissi software which are capable of replicate itself
or copy the contents many times or even can modifies the system settings or data.

Scanned by CamScanner
 _
curity (MU-Sem, 6-C Sottware Vulnerabilities
1, & Sy® os _

wee n wor m and viru s are, viru s nee ds a host programme to

basic¢ differences bet nt! y
agate OF spread itself whereas worm does not need host it propagates independe

wt slowly:
gpreads OF infects system without priory informing the user the activities like
ing the
, ton of file, halting of system etc, virus can affect system mildly, effect
ata or can cause severe like denial of service.
le files, Whereas worm are standalone
most all viruses come with some of the executab
they ente r syst em by find ing loop hole in the system and take advantage of file
“oftware
ranspott features of system,

i 4,a(A) Types of Virus

Types of virus

(1) Boot sector viruses |

(2) Program Virus

(3) Malina. virus |

® Stealth Virus

@) Potmorhi Virus

6) Macro Virus

l
(7) Active X and Java contro

us
Fig. 13.1.4 : Types of vir

4 (1) Boot sector viruses

cts the stor age med ia like disl ects and hard drives. All disks or arian
~ It infe
tor is-called as Boot Sector.
contain sector and the first sec operating
Bo ot Re co rd wh ic h is used to read and load
~ This boot carries Master
also sprea ds other
system.
g sy st em Bo ot sec tor
tor while rebootin
~ The virus infect itself sec
other system.
computers if same disk is shared to

Scanned by CamScanner
[EF crypt. & sys. Security (MU-Sem, 6-Comp) iy Io _— Software Vulnerabilities

> (2) Program Virus

ieee
A program virus gets active when program containing these virus gets openeg
program.
(-bin, exe, ove), once if gets open it starts copying itself and infect other
“> (3) Multipartite virus

— It is combination/hybrid of boot sector and program virus.

‘ 4

— It infects the program files. When this virus is active it will affect boot sector also
after booting or starting up it will affect other computer also.

hes
=~ (4) Stealth Virus

ites
- “Dubbed Brain” the first computer virus was a stealth virus it tries to disguise itself
so that antivirus software may not able to recognize it.
— Italters the file size, concealing file’s memory and so on.
= (5) Polymorphic Virus 4

It keeps on changing it patterns or. signature to get undetected. Usually it acts like a
‘chamleon’. These are not actual virus, it is a virus which hides actual virus of the system.

= (6) Macro Virus

virus
Applications such as MS word, excel sheets has macro supportive language. These
infects victim every documents once it get into victims systems.

+ (7) Active X and Java control

properly.
— All web browser need java control active X enable to function
gs of browser to check for
Awareness is needed about managing and controlling settin
sounds, since these can invite
enabling or disabling popups, downloading files and
software.
virus which can affect computer by downloading unwanted

13.1.4(B) Types of Computer Worms

1, E-mail worms
any infected websites.
It spreads through infected email message of

2. Instant messaging worms

ead s by sen din g link to con tac t list of instant messaging application.
It spr

Scanned by CamScanner
 erabilities
U-Sem.6-Comp) _13-9 Software Vuln

it
k re s ces whi ch are ava ila ble and system. If it found vulnerable,
all net w o r our
b 5 a
F in access,
gvantage and ga
s
{ Relay Chat) worm
gc anter® copy of itsel { through link in infected websites.

Network worms
file charing
P network.
4
gr place
5 a c O py of itself
in
a folder which is sharable and spread via P2
n Virus and Worm
¢) Difference betwee
sec. 13.1.4(C))
ig thedidifference between Virus and Worm ? (Ref.
Worms

Email worm, IRC worm, file

_| types Stealth virus polymorphic,
sharing worm etc.
metamorphic etc.
It does not need host it spreads by
_ | Mode of Need host program to spread,
itself.
spreading
that can - ‘Itis self-replicating spreads
What it is? | Itisa software program
through a network.
copy itself and infect the data or
| information without the
knowledge.
,
The name originated by the shock
4. | Inception ‘Creeper’ virus first known virus
in wave rider a novel of science
spread through ARPANET
fiction in 1975 from where name
1970.
is adopted.
as
Worm existence ig moderate
Prevalence More than 100, 000 known
computer virus have been there compare to virus.
through only few have attacked
habe system. 2
Famous v:
us virus and worm are TLOVE YOU virus Morris worm, melissa, conficker etc

Scanned by CamScanner
EET crypt.
Crypt. && sys.
Sys. S ecurity (MU-Sem. 6-Comp) _13-10 Software Vulnerabllitiog

; Syllabus Topic : Malware - Trojans, Rootkits —s

13.1.5 Targeted Maliclous Code

Q.13.1.12 Explain different targeted malicious code. (Ref. sec. 13.1.5)

Q.13,1.13 Write a short note on targeted malicious code, (Ref. sec. 13.1.5) |
This is a computer code which is written to attack a particular system, a Particular
application and for a particular purpose.

Example

(1)' Trapdoor/ backdoor

An intruder can enter into the system by bypassing all secur
ity services or mechanisms,
Thus intruder knows the flaws or loopholes in the syste
m and can get these loopholes to
gain access to the computer.
Trapdoors are the entry points -which are
notdocumented but still inserted during
development for testing purpose, for future code.

||
extensions or for an emergency access if
software fails. These loopsholes are purposely kept
in the system with good intension.
— Major sources of Trapdoors / Backdoor
s —
o During testing of the system stubs, driv
ers are created. These are temporary
which functions
then further replaced by actual functions.
Sometimes some malicious code is
intentionally injected
into the system for testing purpose.
oO Poor error checking conditions.
© Undefined opcodes in hardware processo
rs.
(2) Salami Attack

> (MU - Dec. 15, Dec. 16)

Q. 13.1.1 Define the following with exa
- Sal
m amipAtll
acke
. SO
(Ret, sec. 13.1.5(2
‘Q. 13.115 Explain briefly with)) example, how
yee . GERI
the following attacks.occur.- Salami Attack,
(Ref SeGMSAi6{2)) o
It is series of small attacks
which results in large attack
roundoff” . It w orks on “collect and
trick. It is a fraudulent practice of
st ealing money repeatedly. It takes advantage
of rounding operation in financial tra
nsactions. It always rounds down and
fractions of amount remained will thus the
be transfered into some another acc
transaction will go undetected. Such ount. Thus the
type of attacks can be easily automated
.

Scanned by CamScanner
 Software Vulnerab
ilities
g Write a short Noto On Govor, cha
co nnel, Rar
be - channel the proces
iv ses Which are
ct tion
by security policy
5 | ap ile can “OMMUnicate
i
5 (ore
Such types of att and transfe and transfer th
e
jects a c k a
s re Virtually 1 r da ta Us in
tem, a Part i oly‘ é 13.5 show s channel crea | © ) deteactable by system or& Cu rrent System
admini..strators
Ula,
tion,
i I eh
, om Protected
j _
data
| +---[Gorviog Pym} —
Ueainate
[W/Trojan.h,)
Sonvort Channal

Spy
= Mechanisy |
se loopholes to Fig. 13.1.5: Covert chan
nel creation

ed~ duri‘ng COde id Tro}jan

.
7 Write a short note on trojan, (Ref. sec, 13,4
intension, 5(4))
ie compu ter
C program. Along with some
useful code or function some hid
- or den malicious
code functi
unctt on is: there which may hamper
rary functions performance of security
.
mechanism
is
s . Useful

icious code is information can be stolen by attacker s.

I

§) Rootkits
¢ program
installed by an in: trud
— ion.
insta’
er. Intru der installs it by
on. The purpose is to gain
+4 ti ically itis
a
control of the co
—_— mputer : m is in
kind of Trojjan
an ho rs e Iwares, System sc i ste) fected with a
h m a a g e an cannot detect it.
ery hard to tr If sy The best solu
at ust infected oper ing tion is
snl Mit
it becomes
v at ing sy:syCstDem-. ROM,
infected system and bo Pendrive and
0 shut down th ot that system by some UL
e infected s .
Clean it,

Following are the types of rootkits :

ollect and 1. User Mode
e ted
advantag 0 pi ivile es. y
automaticall:y activa

ab le ro ot ki ts
i t s an d can be easily re
at system startup. These are de te ct

Scanned by CamScanner
 _13-12 Software Vulnerabitit
mp)
(a Crypt. & Sys. Security (MU-Sem.6-Co nit es
. ———————
= :

2, Kernel Mode |
can corrupt the functionality f
Kernel mode rootkits are installed like an OS hence
0
complete OS. These Rootkits are very hard to detect. It can be detected only after |
5
some event,or crash.

3. Firmware
ware. At system |
Firmware’s are dangerous amongst all. Malcode is created inside a fir
. a
startup this malware will be reinstalled. It is very hard to remove

(6) Man in the middle attack (MITM/MIMA)

two parties without
Attacker relays and sometimes alters the communication between
knowing to communicating parties.
X Attacker Y 1

— Itis explained as follows :

cker :
1. X sends a message to Y, which is intercepted by Atta
Please send account number”.
X “I want to deposit money in your account.
ot tell it is not really from X.
2. Attacker relays this message to Y; Y cann
it with account number.
4. Y receives a message from X and responds
Y “My account number is 012345”.
in int erc ept s a mes sag e fro m Y replaces Y's account number with his
4. Attacker aga
to X, claiming that it is Y's message.
own account number and relays this
— Attacker “My account number is 067891”:
ves mes sag e fro m Y and gets the acc ount number of Y. Thus X believes that
1. Xrecei
ey in that account.
is Y's account number and deposits mon
communication. ,
2. Xand Y both think that it is a secure
s
13.1.6 Controls against Program Threat
ts
et.asee
against prog im thr(Ra . 19.,46) —
le .
G1awi1 1nt8
difere control measures ?
dif fer ent wa ys whi ch ma y give rise to a$ ecurity threat. Car
Program can fail by m
any
-
elf.
ta ke n du ri ng th e de velopment 0 f the program its
must be

Scanned by CamScanner
 _ Software Vulnorabilitios
. the controlling techniques ;
afl
aor" os
i amental principles of programms... x
o pha Programming like encapsulation, modularity and
hiding:
i goemation ‘
_ are
geviews mo st effective. Reviews,
Revi
Walkthrough and
ialinspection techni
echniques can b
ys ad to control program threats. q .
gussd analysis gives systematic approach
to identify Potential threat s

ging ca be performed to minimize the flaws in the §

© menta
tion and working of the program. aeeeio. It ensures $ correct
imple
nil esign makes it easy for development
and testing,
“gk rediction and mang
ement ensures easy risk
Management
\

, Static analysis examines design and code before release to identify flaws,

‘ Configuration management ensures system controling, modifications during

development
and maintenance.
Syllabus Topic : Software 2 Vulnerability - Buffer t Overflow

32 Buffer Overflow

=> (MU - Dec. 15)

Qta24 Witte in brief about :Buter overflow attack, aioe ;
eo (Ref. sec. 13.2) paaze Vere 8s eee ,

Itis also known as buffer overrun. It deviates from a standard, where the process stores
ata in buffer overruns the buffer's boundary and overwrites adjacent memory locations,

Bulle overflow can be triggered by inputs that are designed to execute code or alter the way
* program operates, Bound check can prevent buffer overflow.
: C and C++, as it
The languages which are commonly associated with buffer overflow are
“rides no built in protection against accessing or overwriting data in any part of memory.
Toverflow occur when a process tries to store data in buffer then it was intended to hold.

Scanned by CamScanner
 ‘ :
aoa)

Software Vulnerabilities
(ay Crypt. & Sys. Security (MU-Sem. 6-Comp) _13-14

@ Types of buffer overflow

J. Stack based buffer overflow : When program writes in memory address, on program's

call stack outside the intended data structure, then stack overflow occurs. The condition
where Buffer being overwritten is allocated on the stack (i.¢., is a local variable or
parameter to a function).

2. NOP (No Operation) : It is an assembly language instruction command that effectively

does nothing at all. NOP enables developer to force memory alignment to act as a place
holder to be replaced by active instruction later on in program development. NOP opcode
can be used to form an NOP slide, which allows code to execute when exact value of
_ instruction pointer is indeterminate. Fig. 13.2.1 shows NOP operation.

j nea er uaa tsTe cavesnae rma

RE RT
Ee xu
“
f
Phewes ees
i
é
&

Fig. 13.2.1 : NOP operation

3.. Heap buffer overflow : In Buffer overflow, the overflow occurs when an application
copies more data into buffer then the buffer was designed
to contain. The heap space is
dynamically allocated by new(), malloc(), calloc() dynamically allocated in runtime.

Scanned by CamScanner
 1 SS: Security (MU-Sem, 6-Com
YZ
—=
ee
- a a Softw. il
OftWare Vulnerabilities
| Syllabus Topic : Soft
ware Vulner
ability - Format Stri
ng
P iia
a
rormat String Attacks é

i" poauctton
ata i bait
Of an input string is evaluated as
¢

a vommand by particular application,

«

qo understand this attack it very import

ant to understand the following definiti
ons
The format function is an ANSI C conversi
to. on function, ? like
: printf. a fprintf, , sprint,
snprintf etc which converts a primitive variable of the Programm
ing language into a
human-readable string representation.
7

Table 13.3.1 shows the different format functions,

Table 13.3.1 : Format functions

fprint Writes the printf to a file

printf Displays output of a formatted string

spnntf Prints data into a string

| suprintf Prints data into a'string and checking its the length
ion and is an ASCII Zstring _
~ The format string is the argument of the Format Funct . rol

contains text and format parameters, for example printf (“This is my

. *
.

tumber ; % d\n”, 0007),

d content of its —
~ The example display output on screen the text This is my roll number an
format parameters i.e. 0007.
g attack.
s used in format strin
~ Table 13.3.2 shows list of common parameter

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-16 Software Vulnerabilities

Table 13.3.2 : Common parameters used in a format string attack

Parameters Output % Passed ‘a

%d Decimal number Value

Joc. Character anes

Jou Unsigned decimal number _ Value

Tox Hexadecimal number Value
Jos String or words Reference

%n Writes the number of characters into a pointer | Reference

%% % character (literal) Reference

' Yop External representation of a pointer to void Reference

— The format string parameter, like %d %x %s Joc Yop defines the type of conversion of
the format function. ;

—
— We have demonstrated the following examples on Linux environment by using Linux
cross compiler (gcc) which results how the application can behave when the format
function does not receive the necessary values for validation in the input of format string.
- First example shows the application operating with normal behaviour and normal inputs,
then, we will discuss the application operating when the attacker inputs the format string
and the resulting behaviour.

Example 1

#inelude <stdioh>

Void main()

inti = 77:
; chara = 'a’; ;
: printi("The value
of int i & char
a is : 9d Yed\n", i, a);
‘printf("The value of int i & char a is : %c Sc\n", i, a);
—
} ne SEE NPEAD aN, aot, ne ve ene ir a . Le

Scanned by CamScanner
 cys: security (MU-Sem. comp) 13-17
Software Vulnerabilities

rogram as example. c and

= # gee example]. c
P osh] Compile and runn it using
ae e zant
y - abov
gantosh]#. j/a.out
eo ost

.@4 th
: . at £() writes the value of the i :
_ first PT? j : nteger variabl e¢ i and of the char acte i

FO) which displa y its ASCII On thecharact

value.g ASCII anes
other erhand,se the sec ond ; print é ()
8 808
ntsit? e integer variab le i to the corres pondin
co" ,

yp the programmer passes a attacker-controlled buffer as the argument to a print® ()

following program
, anacker can perform and writes to arbitrary memory addresses. The \
such an error: ___it
nin

* ynclude<stdio. i
argv)
' void main(int arge, char**

{
char buf[100};
etrnepy(buf, argv[1], 100);
:
_ printf(buf);

nts, it must use the format string to determine

As print has a variable number of argume *p %p
above, the attacker can pass the string "tp *p tp
he number of arguments. In the case
tp sp %p *p" and try to fool the printé statement to think about it has 12
i tp tp
;
| aguments ?
next 12 addr esse s on the stac k, thin king they are its arguments as shown in
It will print the
the output statement.

[root@localhost santosh]}# gec example2.c

Yep TP"
{root@localhost santosh]#t/a.out "Yop Yop Yop %op Yop %P TP %P Top Top
Oxiiffeeee Ox64 Oxf7ecl45 Oxffffdbdf Oxitffdbde (nil)‘Oxffffidecd show the memory
a seq uen ce of for mat stri ngs, mak ing the pro gram
The attacker can pass sibility that the
attacker increase s the pos
idiress where a lot of other data are stored, then, the caus ing its non- availability.
crashing the pro gra m and
PTogram will read an illegal address,
Drintf ("%sS os¢ sTST
TeS 5SMSosTMS% ISMsS )s

Be Scanned by CamScanner
 GA] Crypt.
ie
& Sys. Security (MU-Sem, 6-GCom 13-18
fi
Software Vulnaratie
¢

If attacker pass Yos into the printf function which will fetch a number from the stack
treat this number ax an address, and prints the memory
contents pointed by this address as ‘
atving, until a NULL character (i.e., number 0) is encountered,
In this case Whatever number fetched by the printf function
might not be the address, the
memory displayed by this number might not exist because of such illegal fetching of
meme
address the program will crash such type of attack is called as
format string attacks,
Syllabus Topic : Cross Site Scripting ne

13.4 Cross Site Scripting

“> (MU - Dec. 16, Dec, 17)
Q. 13.4.1 Explain briefly with example, how the Cross-Site scripting attack,
Dec. 16, Dec. 17. eee
- Cross-Site Scripting (XSS) attacks are a type of
injection, in which malicious Scripts are
injected into otherwise benign and trusted websites. ;
- XSS attacks occur when an attacker uses a web applicat
ion to send malicious Code, ;
- generally in the form of a browser side
. . '
script, to a different end user. 4

- Flaws that allow these attacks to succeed are quite wide

spread and occur anywhere a web
application uses input from a user within the output it gener
ates without validating or
encoding it.
- An attacker can use XSS to send a malicious script
to an unsuspecting user. The end ]
user's browser has no way to know that the script shoul
d not be trusted, and will execute
the script. :
Because it thinks the script came from a trusted sourc
e, the malicious script can access any
cookies, session tokens, or other sensitive informatio
n retained by the browser and used
with that site. These scripts can even rewrite the conte
nt of the HTML page.
~ Cross-Site Scripting (XSS) attacks occur whe
n :
1. Data enters a Web application through an untrusted
source, most frequently a web
request. / ,
2. The data is included in dynamic content that
is sent to a web user without being
validated for malicious content.
The malicious content sent to the web browser often takes
the form of a segment of
JavaScript, but may also include HTML, Flash, or any
other type of code that the browser
may execute,

Scanned by CamScanner
 - Software Vulnerabilities
_goourity (MUST. eee

. jous

jored and Reflected XSS Attacks

ee
{o"4. and reflected There
eg attacks can generally be categorized into two categories ; stored
ON 5 ih less well-known {pe of XSS atack called DOM Based XS
ll , .
_ .

p
stored xss Attacks 7
ge? re the injected script pt isi permanently stored on the target
$ red al tta cks are tho
: se whe :
as in a dat aba se, in a mes sag e for um, visitor log, comment field, etc.
cerverss such
then ret rie ves the mal ici ous scri pt fro m the serv er when it requests the stored
_ thew ctim o som etimes referred to as Persistent or Type-I
XSS.
form tion. Stored XSS is.als
ag Reflected XSS Attacks
h as
ack s are tho se whe re the inj ect ed script is reflected off the web server, suc
Reflected att ludes some or all of the
in an error message, search resu lt, or any other response that inc
part of the request.
input sen tto the server as e,
ve re d to vi ct im s vi a an ot he r ro ute, such as in an e-mail messag
_ Reflected atta
cks are deli
e.
or on some other websit
o cli cki ng on a ma li ci ou s li nk , submitting a specially crafted
When a user is tricked int able
to a mal ici ous sit e, the inj ected code travels to the vulner
form, or even just browsing
back to the user’s browser.
web site, which reflects the attack Reflec ted
the cod e bec aus e it cam e from a “trusted” server.
es
- The browser then execut
rsistent or Type-II XSS.
ed to as Non-Pe
XSS is also sometimes referr

1344 Other Types of XSS Vulnerabilities

XSS was
Sto red and Ref lec ted XSS , another type of XSS, DOM Based
~ In addition to
identified by Amit Klein in 2005. the OWASP Article : Types
categori zati on as desc ribe d in
OWASP recommends the XSS orga nizing them into a matrix
cove rs all these XSS terms ,
of Cross-Site Scripting, which Clien t XSS, where DOM Based XSS 1s
4
XSS and Serv er vs.
of Stored vs. Reflected
Subset of Client XSS.

Scanned by CamScanner
 abies
eg

13.4.5 XSS Attack Consequences

— The consequence of an XSS attack is the same regardless of whether it is stored o

reflected (or DOM Based). The difference is in how the payload arrives at the server
~ Do not be fooled into thinking that a “read-only” or “brochure ware” site is not vulnerab c |
problems for the end user that
to serious reflected XSS attacks. XSS can cause a variety of
plete account compromise.
range in severity from an annoyance to com
s session cookie, allowing an
— The most severe XSS attacks involve disclosure of the user’
over the account.
attacker to hijack the user’s session and take
— Other damaging attacks include the disclosure of end user files, installation of Trojan
or modify presentation of
horse programs, redirect the user to some other page or site,
content.
to mo dify a press release or news item could
— An XSS vulnerability allowing an attacker
confidence. .
affect a company’s stock price or lessen consumer
site ould allow an attacker to modify dosage
— An XSS vulnerability on a pharmaceutical
information resulting in an overdose.
Syllabus Topic : SQL Injection

13.5 SQL Injection

Dec. 17)
> (M- U

BETS
ue “(Ref. sec. 13.5)
into
urc e code inje ctio n tec hni que in whi ch malicious SQL statements are inserted
— It is aso
ent.
entry field of database to dump data base cont
4

wh ere confidential data is stored.

Attacker targets the database organization
base table by
us is to get inf orm ati on fro m the database server s tored in data
_ Its main foc
g mal ici ous que ry sin ce dat aba se can be accessible by query.
sendin
r ent ers an add iti ona l dat aba se via web form, the attacker sends #8
— When legitim ate use s before proceeding alwa)°
we b fo rm fie ld. Th e at ta ck er
h same
* own comm and throug
or ga ni za ti on ’s da ta ba se has any loop is it vulnerable or not.
checks whether

Scanned by CamScanner
 (MU-Sem, 6-Com 10
crypt. & Sys. Security

a Software Vulnerabilities
steps fo r SQL Injection
) 3 The attac cker looks for
: login PAR
pagES
es Search,
‘ . :
| HTML commands like POST of GET, ages or pages that display
miss or feedback R
° Attacker chec ks the source
code of the web
spittts ‘
Page by righ t clic' k on web page and view
gy I checks term <form> tag eve
rything insides .
getting vulnerabilities, <form> ag </form >have potential of
(4) The attacker puts single
i quote under the text
l
response iS an erro me Which
acceceptst
r ssage such as “a = +91 ( PIS
Something like usus ername and password. If .
6) Attacker th
an uses SQL c ) then ite
ommand such i
as SE LECT i
.
to add information to database,
NO retrieve data w in ene a
or INi sd
SERT comman
vx Benefits for attacker using SQ
L Injection
(1) Obtain basic information about
website OF organization

FROM command where co

mmand.
(3) Can add new data to the dat
abase by executing INSERT co
mmand
(4) Can modify data in the databa
se by UPDATE command,
© Prevention from SQL Injection

SQL injection attacks happen becaus

e of poor website coding and poor admi
Website nistration of

Step which can prevent SQL injectio

n
(1) Replace all single quotes to two single quotes,
(2) Check the user input of any character and string that should not be malicio
us,
(3) Numeric value should also be checked.
(4) If there is SQL error it should be modified immediately but not be displayed to outsiders.
(5) SQL server 2000 which is a default server should never be used, ,
(6) Both database server and web server be reside in different machine.

Scanned by CamScanner
 J
Scanned by CamScanner
 List of Experiments weer
_ mpl?
tation and analysis of RSA cryptosy

s
Implemen system ......
. ave

n
Experiment 1:
l............

o a
aie of
Scheme using RSA/E\Gamma opie” oti

ncn is
ane Dig Signa Ll
Experiment 2 :
Vv

Experiment 3 : , test integrity of message using pe tion 2

nce
MD-5, SHA-1, and analyse the performa nisiesieofscsithguespicteswoeisiisiexece: ”
pomoncls, Use crypt ARIS: ccsccnss iscecesssvisss L9 sotto”

Experiment 3(a) : nt
Write program in Java to impleme MDS algori
thm The algor!
n ati on. sii ESS eis dsesapeewe ald select
for key generatio and cipher verific \.

Experiment 3(b) : Write a program in Java to implement SHA-1neseenaleegrsornninetnnhmntecssnns 3, Caleu

esrs
esce ssssesessssess L-2 3, Calc
using Libraries (API). ......:-ss eereenn
k........ ..-+sssssecse Selec
Experiment 4: Study of packet sniffer tools - witeshar L-25 4,
rk re , 5 Cale
Experiment 4(a) : Download and install wiresha and captu icmp tcp,
cuous mode. .....+.1-+--+-+ vere L-25 © Publ
and http packets in promis
d ed ssen 1. Fin
Experiment 4(b) : Explore how the packets can be tracessenbsnasns eseneeorsn ssssenneeetnne
seesseesrsnrsn
sssssscs L-33
different filters. ......cs
°
. e with different options
Experiment 5 : Download and install nmap Us it
m erprinting, doa ping *
to scan open ports, perfor OS fing
n
neee
, xmas scan CLC. sessecsnereere Lo PP:
sc a n , t c p p o r t s c a n , u d p p o r t s c a
W
ng ping, hping3 ssaenndneoetnhnerenetorolnesnvas
s. LAT
Simulate DOS attack usi H nnerse n
ssscssssees 1-47
Experiment 6:.
..sss
Experiment 6(a) : DoS using hping3..
VvVVVy

a c k e t e c t i o n u s i n g I n t r u s i on Detection System... L®
Experiment 6(b) : DoS att d
n g r s o n a l F i r e w a l l u s i n g i p t a bles.... vet
Experiment vi Sett i up p e e
y e ° BS ea es es ce ss er enscnnenerrnnner -
Set up Snort and stu t d h
Experiment 8:

Scanned by CamScanner
 Scanned by CamScanner
ee
abe koe oe ia; x
sR? ge Tea Sake eae
ig ap ern eet z
es ide fe PAE ug
Aer
ahs 5 %. a ng
i. St
ee PL s * Siler
Neer ahha Be: We ee Soe So
frotnee - a:
sureadoad waef ayy Zoquuns pue conerdures 10J woyssas 4s9}e] ygr 2:
fF senenenee®
i
aanneneee®
: +p, Kay uondéisep MOUY ISNUT J9AtaIaI pur ,a, Aay WondCoy,
*NOUY Isnul Jopues oy) ‘VORIPpe UT “U JO SNTEA oY] MOU IoAysoer PUL Jepuas tog
“fay uordAiap = p “aray A
“R[NULIOJ WAAIs oy} Sursn ureyqo 9q Wes q XSITE] U POU =y +4
‘ezis Woo] = u pue Aoy uoNdAsug = 9 YxowE]g = J TxaWeydry = 5
: pue u> q ‘aiaqa U pou g=75
‘B[NULIOS ayy Bursn yxo}aydI9 ino putz +
“{U‘p) = Aay oqeatad *{u ‘a} = fox ongng j
"1 = (u)$ pour pa so (u)p pour | 2 = psem yons Jo aenaeD 5
“(U)O> 9 > | pur | = ((u)d ‘a) pod “3'T (u)> 0} ound Apoaneyar
st a eq Yons 9 329/95 7
“U-D ¢ (1-®) = (a)p qemogy f
Get =uaenge) 7
“d# 8 a1oym q pur e srequinu sumd om} 19999
SMO][OJ SE SyOM EUTLOSE A
: wopnies
Zuoe sXoy ayeaud eo
pue stfgnd syes9uag *49y ond Asap pue wond! al
PAPE UY We om UNWOSTe you SuIsq ‘ofenFue
10 +45 UT unp Hog ye ] S u r
Vvsu wourjduy st
quawrudisse ‘sr yo aano aiqo 7
aap?
 public class Sample
{
Public static long p, q.n, phi, m, d, e, enc, dec;

public static long GCD(long phi)

{

long a, ¢, b;

for(long i=4; i<phi; i++)

{
a=i; b=phi; c=b;
while(b!=0)

c=b; ie
b=a%b;

Bigintege

Biglntege

return e; ae
i
Public static long Encryption(long n, long phi, lon
i { - g
m) fe

long x=m, y=m; ee es { i

e=CCD(phi); gue

‘or(long a=Oja<e-lat+)

Scanned by CamScanner
 )
(MU-Sem. 6-Comp
pt. & Sys. Security L-3 Lab Manui

ra fom
mo enc:
elu

}
ablic atatic BigInteger Decryption(long
p .
e, long enc, long n, 7 long phi)

{
jong y, temp=phit 1.x;
ll;
pighnteget object2=nu

try
{
for(long i= 1;i<phi; i+ +)
{
{((@*e)%phi)==1)
{
d=1;
i=phi;

}
lighnteger object] =new Big] nteger(Long.toString(enc));
ligInteger object3=new BigInteger(Long.toString(n));

objectl =object] .pow((int)d);

object2= object1.mod(object3);

}
ttch(Exception exception)
¢

¥stem.out.print("\n Exception In DEC :" + exception);

}
tum object?;
}

Scanned by CamScanner
——
ee Crypt. & Sys. Security (MU-Sem. 6-Comp) __L-4 Lab Manu;
SS 5656800 eee ee ew ew wN008( 000 —E—SsSS>>— =,

public
aS static void main(String
e argsf)

{
DatalnputStream in=new DatalnputStream(System.in);

");
Spateasoulipebni(\n Enter First Prime No:
p=Integer.parselnt(in.readLine()); ;
System.out.print("\n Enter Second Prime No :");
| q=Integer.parselnt(in.readLine());

System.out. print("\n, Please Enter Message Betleen: ( 0 to 82): "5 ;

iter parselnt(in, seated:
n=p ra
phi=(p-1)*(q-l)s
eno=Eneryption(n,phim); ;
System. out. print(\n Encrypt. KEY: ee Sie. ae eS
Syatemnal eons Enerypted DATA: Meat ene); ions
Lat is

Bighnteger Result=new Bigntegen"1239);,

Reak=Dezyptoncesepi

System.out.print("\n Decrypt. KEY: e 4 ea oo

System.out. print("\n Decrypted. DATA: oe ReslesineO ete
}
catch(Exception exception)
{
System.out.print("\n Exception In Main: " + exception);
}

‘ seh Os Meee Syainch a chatsdigs atta MEL mee DRnipeas algae sam aeek
oe cas UNE ak RS cal ke ea ‘

Save above program with program name as RSA, java (In java class name should be s2”
; program name).
Scanned by CamScanner
 5, Security (MU-Sem. 6-Comp) —_L-5
Lab Manu:

oulP a Files (x86)Javaljdk1. (.0_25\bin>javac RSA

1 aapro ,
splay note but students can run it
1
i i yill d is
|
}
1
peo Files (x86) Java\jdk 1.7.0_25\bin>
4 Java RSA
j
] C:

ie
pater First Prime No :
sitet Second Prime No : 11

32):13
please Enter Message Between (0 to

gnorypt: KEY : 7
Encrypted DATA: 117°
Decrypt. KEY : 103

Decrypted DATA : 13

Ty out another example:-

C:\programfiles\jdk1.6\bin>java RSA

Enter First Prime No : 3

Enter Second Prime No : 7

Please Enter Message Between (0 to 32):11

Enerypt, KEY : 5
Enerypted DATA': 2
Decrypt. KEY : 5
Decrypted DATA: TL.

Scanned by CamScanner
 A Cc yet. & ‘Sys, Security
‘ (MU-Sem. . 6-Comp) __L-6 Lab My —
.

®
7 ent
€E *perim
> 2: Implementation of Diffie Hellman key exchange algorith
;
AimmM: Our Lineaim is writ. e a program m,
in Java to implement Diffie Hellman key exch,
algorithm. ange
Objective
Diffie Hellman algorithm is used to generate same (symmetric) private cryptographic 5
at sender as well as receiver end so that there is no need to transfer
this key from sender
receiver. Remember that Diffie Hellman algorithm is used only for key agreement not fo,
encryption or decryption of message. If sender and receiver want to communicate With each
other they first agree on the same key generated by Diffie Hellman Algorithm later on they can
use this key for encryption or decryption.
Solution : |
Following the important steps of Diffie Hellman algorithm :
1. The first step is that if Ramesh wants to communicate with Suresh they must agree on two
large prime numbers p and q.
2. Ramesh selects another secret large random integer number a, and calculate R such that Deobai |
Market, N
. R = q modP No.
C
é
Ramesh sends this R to suresh. Mis.

4. Suresh independently selects another secret large random integer number b, and calculate
S such that.
S = q modP
Suresh sends the number S to Ramesh.
Now Ramesh is calculating his secret key by using Ry = s’ mod P
7, Suresh is calculating his secret key S, by using |
|
Sx = R’ mod P {
;
re e for fu icatiion call led
ture communicat
as
:a nd Su re sh ca n ag
8. If Ry = Sx then Ramesh
* agreement algorithm. a
symmetric key).
We have Ry =Sx = hence proved. (K is called
9.
me er:
|jmport java.math. BigInteg
n {
blic class DiffieHellma :
at ic Bi gh nt eg er on e = new Bighnteger("l");
final st

Scanned by CamScanner
 L-7 Lab Manu
Sys. gecutity (MU-Som. 6-monte)
args[}) {
tatie void main(String
pote ¢
Geil anner stdin= new Scanner(System.in);
pigtnteset Ps
. we ‘ ,G a ©

gystem.out-printn(
ays Enter the first prime number pol your hater ) ’
siring ans = stdin.next();
p= getNextPrime(ans);
gystem.out.printin("Enter another prime number q';
BigInteger g = new Bighnteger(stdin.next());
system.out.printin("Ramesh: select your secret number a ";
_Bighnteger a = new Bighnteger(etdin.next());

Bighntegerresulta = g.modPow(a,p);
System.out.println("Ramesh can sends the valite of Rto Suresti "+resulta+".");
System.out.println("Suresh select your your secret number b");
BigInteger b = new BigInteger(stdin.nexi());
BigIntegerresultb = g.modPow(b,p);
System.out.printIn("Suresh now sends value of Sto Ramesh "+resulitb+"."); *
i! Now calculate secret key of Ramesh & Suresh Rk&Sk
BighntegerKeyACalculates = resulth.modPow(a,p);.
BigIntegerKeyBCalculates = resulta.modPow(b,p); :

System,out, printhn(’Ramesh takes "+resultb+"raise to mod p"-+a+" 18 “+p);

System, out.printin(*The Secret key Rk Ramesh ealoulates i is "+KeyACalculates+".")
;.
System.out.println(""Suresh takes “+resulta+" raises to mod p"+b+" mod "+p);
System.out.printin("The secret Key Sk Suresh calculates is "+KeyBCalculates+".");

public static BigIntegergetN extPrime(Str

ing ans) {

BigInteger test = new Biglnteger(ans);

while (\test.isProbablePrime(99))
test = test.add(one);
return test;

ee

Scanned by CamScanner
 : e!
ep Crypt. & Sys. Security (MU-Sem, 6-Comp) _L-8 ; Lab Manual 4 gr?
ay
mee above program by using DifficHellman.java in JDK bin directory or set path before ’
compilation. Now compile the program using javac DiffieHellman.java and run using java q
DifficHellman , gxP?
7
Output
“ aitaar et aetng oe i‘ i . y . c
C:\Program Files (x86)\Java\jdk1.7.0_25\bin> java DifficHellman q pit e

Enter the first prime number p of your choicel? : ie ti

:
_ Enter another prime number in q7 ; 0 ft ¥
Ramesh: select your secret number a.5 ; : _ 28 _ bi
Ramesh can sends the value of R to Suresh il. ‘ j sgontl

Suresh select youryour secret number b3 =o ; esse

Suresh now sends value of $ to Ramesh Be. . golutl

‘Ramesh takes 3 raise to the power5 miod 17 - - R

The Secret key Rk Ramesh calculates is 5. es i Follo

Suresh takes 11 raises to the power3 mod 17 ‘ inno’

The secret Key Sk Suresh calculates is 5. aa

: inp
os = on
C:\Program Files (x86)\Java\jdk1.7.0_25\bin >java DiffieHellman

Enter the first prime number p of your choicel? ae / im

in
Enter another prime number in qll

Ramesh: select your secret number a.9 _ ates t

4
Ramesh can sends the value of R to Suresh'10. °
q1
’ Suresh select youryour secret number b3

Suresh now sends value of S to Ramesh 5.

Ramesh takes 5 raise to the power 5 mod 17

Tho Secret key Rk Ramesh calculates is 14.

:
17
Suresh takes 10 raises to the power 3 mod
calculates is 14.
The secret Key Sk Suresh

>
1

Scanned by CamScanner
 ee security (MU-Sem. 6-Comp) _L-9 Lab Manual

For varying message sizes, test integrity of message using

performance of the two
experimen ° mMpD-5, SHA-1, and analyse the
protocols. Use crypt APIs.

at 3(a) + Write progra m in Java to implement MD5 algorithm for key

erime ‘
exP generation and cipher verification,
im is to write java program to implement MDS algorithm for key generation and
ura
ja ,
s cipher ¥ erification.

a |
anjectiv?
ft was developed by Ron Rivest. This algorithm takes an input of arbitrary length and
producéd in 512 - bit blocks. This
sae pit message digest is produced. The input message is
is produced. The input
thm takes al input of arbitraryo length and 128 - bit message digest
gor procedure of MDS.
“ duced in 512 - bit blocks. Following steps explains the
message is pro

solution +
5 algorithm.
Refer Chapter 6 for complete steps of MD
s :
Following Program Demonstrate the MD5 algorithm in detail
Se meeps ie ee
Input Strea m;
saportjava.io.Byte
import java.io.File; ;

import java.io.FileInputStream; 3
import java.io. LOException;
import java.io.InputStream;
import javacio.PrintStream;
import java.io. UnsupportedEncod ingException;

public class Md5

{
Pirate static final int BUFFER_SIZE = 4096;

Private static final int S11 = 7;

Private static final int 512 = 12;
private static final int $13 = 17; |
Private static final int S14 = 225.
Private static final int S21 = 53
Private static final int S22 =-93.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) __L-10
private static final int $23
= 14;
‘Private static final int $24
. . :
%
= 20;
private statie final int $3] = 4; °

|
Private static final int $82 = 11:
E
private static final int $83 = 16;
; z
private static final int S34. = 23;
private static final int S41 = 6;
E
private static final int S42 = 10; sb

private static final int S43 = 15;

‘private static final int S44 = 21;

private static byte padding[] =

-{ (byte) 0x80, (byte) 0, (byte)
0, (byte) 0, (byte) 0, (byte) 0,
(byte) 0, (byte) 0, (byte) 0, (byte)0, (byte) 0, (byte)0,
» (byte)0, (byte)0, (byte) 0, (byte) 0, (byte). 0, (byte) 0,
(byte) 0, (byte)0, (byte) 0, (byte)0, (byte}0, (byte)0,
(byte) 0, (byte) 0, (byte) 0; (byte) 0, (byte) 0, (byte) 0,
(byte) 0, (byte)0, (byte) 0, (byte)
0, (byte) 0, (byte)0,
(byte)0, (byte)0, (hyte) 0, (byte) 0, (byte)0, (byte) 0,
(byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte)0, (byte)
6, -
(byte)0, (byte)O, (byte)O, (byte) 0, (byte)0, (byte)0,
(byte) 0, (byte) 0, (byte)
0, (byte) 0, (byte) 0, (byte) 0,
+ (byte) 0, (byte) 0, (byte)
0, (byte) 0}; ‘

Private InputStream ini = null;

private -booleanstring p= false;
private int _state[]= null;
private long count= 0; 2 ae : wey
private byte buffer[]= null; ;
private byte — digest[] = null; ‘ . oa

static String stringify(byte buf[])

*private |
StringBuifersh = newStringBulfer(2* buflength):

Scanned by CamScanner
 Lab Manual
io 52051 Zbullength: i++)
jot
°
(bulli] & 0x0) > >

i] & ox08);
Fwat * ( pulf

' + hy);
™ c t e r ( (ehar) ((h > 9) fa! + 1h--10105:'0''0 + 1); ‘
jpappen
do e Char a r) 9) ?'w +
ter({cha (1 >
oen Charac
;
saapen
b.toSt ring()s
ren e
}

int y, int 2)
private final int F(int x,
{
yetumn ((x &y) | ((~x) & 2))s

y, int z)
private final int G(int x, int
{ .

retum ((x & 2) | (9 & (~2)))5

«
ec}

int 2)
private final int Hint x, int y,

z) .
private final int I(int x, int y. int
ted
retum (y ~ (x | (~2)))5
}

lefi(int x, int )
private final introtate_

Scanned by CamScanner
i@ Crypt. & Sys. Security (MU-Sem. 6-Comp) L-12 0 Lab Manua

Bah
return ((x << n) | (x >>> (32 -n)));
}

tarivata final int FF(int a, int b, inte, int d, int x, int a, int ac)
{

-at= (F(b, c,d) + x + ac);

é = rotate_left(a, 5);
at=b;
etum ai ;
oF

forivals final int GG(int a, int b, int c, int d, int-x, ints, tat ac)
{ |
a += (G(b, c,d) + x + ac);
a = rotate_left(a,
s);
at=b;
‘retuim a;

vo}

ielvate final int HH(int a, int b, int c, int d, int x, int s, int ac)
{

-at= (Hib, e,d) +x + ac);

a= rotate_left(a, s);
at=b;
teturi a}
}

private finel int II@int a, int b, int c, int d, int x, int s,int ac)

a += (I(b,¢,d) + x + ac);
aN “as rotate_left(a, 8);

Scanned by CamScanner
 , gomsseees (MU-Sem, 6-Comp) L-13
L
Sea.
Lab Manual

| te final void decode(int output{], byte input}, int off,

intlen)
{
yeti = 0:

int) on

{
output] = ((Gint) (inputfoff + j] & Oxf)
| (int) (inputfoff + j + 1) & Oxf) << 8)
| (Gnt) (inputfoff + j + 2] & xm) << 16)
| ((Gnt) (input[off + j + 3] & Oxi) << 24);
}
J

| private final void transform(byte block [], int offset)

| fed
| inta = state[0];
int b = state[1]; igs ;
' int c = state[2]; | :
ated’ state(3]3 20047 Se ae
jntxf}= new inlf16};.

decode(x, block, offset, 64);

/* Round 1 Spero ah Se
/* 1*/
a = FF(a, b, ¢; d, x[ 0], S11, 0xd76aa478);
2 */
d = FF(d, a, b, c, x[ 1], S12, Oxe8c7b756); /*
3 c = FF(c, d, a, b, x[ 2], S13, 0x2420
70db); #3
: lbdceee); /* 4 */
b = FF(b, c, d, a, xf 3], S14, Oxe
Oxf57e0fal); /* 5 */
a= FF(a,b, c, d, xf 4], S11,
*/
da b. e 5], $12, 0x4787c62a);:/* 6
d= FF x[
(bu
0 = FF(e,d, a, b, x[ 6], $l 3, 0xa8304613); /*
Oxfd469501);/* 8 “f
“b= FRO, 6, dex 71 S14

Scanned by CamScanner
 ker Crypt. & Sys,
Security (MU. Sem, 6-Comp)
|.
** FE(@,b, 65d, x[ 8),
Si, 0x698098dB); /*
d=FF, a, bo x[ 9 «,
9]. S12, Ox8b44f7ap
© = FF; d, a, b, ; /» 19 xy
xf10}, S13, OxfffS
b= FF, od, a, bb1); /« 11 "/
x[11], S14, OxB9Se
a. FF (a, b, 0, d, x[12 d7he);/* 19 #/
], $11, Ox6b901129
d= FF, a, b,c, ); /# 13 */
x(
13], $12, Oxfd9871
e* EF (dia;
93); /» 14 +/
b, x[14], S13, 0x
a679438e); /* 15
b= FF(b , e, dia, x{15}, S14, 0x */
49b40821); /* 16 #/

/* Round 2 */
@ = GG(a, b,c, d. xf 1]. $2
1, 0xf61e2562/*);17 #/
d= GG(d, a, b, o, x{ 6], $29, Oxe040b3
e = GG(c, d, a, b, xf11], $23, 40);/* 1g #/
Ox265e5a
51); /* 19 4
b = CG, ¢, d, a, x[ 0} S24,.0
xe9b6e
2 = GG(a, bso, d, xf 5], $21, Oxd6 7aa); /* 90 /
2n1054), fe 21%) :
d= GG(d, a, b, o, x[10}, $22,
012441453); /* 99 er
© = CG(e,d, a, b, x{15}, S23, Ox
dBae
°F S60, ed, 4, $24, O:e7 681); /# 3
2 2 =GG(a, b, 6, d, xf91, S21, dBtbe8fe)s24s)
Ox21elede6
"7 O6(€, ab, x14), $22, 0508 ); /* 95 Hy
© = GGle, d, a, b, x{ 3], $23, Oxf4 370746); /* 26.4) .
d50d87); #274)
b= GC , ¢, d, a, x[ 8], $24, Ox455al4ed);
a= GG(a, b,c
/# 29,
, d, x[13], 892, Oxa%e3e9
05);/*
“= GC(d, a,b, o, sf 2], $22, Oxfeetaata); Pos OS
¢= GC(c, d, a, b, xf 7], $23,
Ox676f02d9);/* 31 #/
b= GG(b, ¢, 4, a, x[12}, S24, ee Bi
Ox8d2ade8q): /* 32%) Be
ta
/* Round 3 */

#= HH(a, b, ¢, d, x{ 5], $31, Oxftfago4g), /* 33 *)

7
i

d = HH(d, a, b, c, x{ 8], $32° 0x8771{681); /* 34 */

c = HH, d, ab, x[11], $33, Ox6d9d6129); 4
/# 35 #)
Saggy co aR

2]
a.
b= HH(b, ¢, d, a, x[14], $34, Oxfd
a

e5380¢); /* 36 /
a

a = HH(a, b, c, d, xf 1], $31, Oxadtbeead4); /* 37 +

E
d = HH(d, a, b, c, xf 4]; $32, Oxtbdectas); /s
3g 4):
it

Scanned by CamScanner
 apt: & Sys. Security (MU- -Sem.
8-Comp) L-15
2 HH(e. d, a. b, x[ 7], $33, Oxf6bb4b60); /* 36 ¥/ Lab Manual
} = HH(b. ¢, dea. x[10], S34, Oxbebthe70); /*
49 */
a= HH(a, b, c,d, x[13]. $31, Ox289b7e06);
/* 4] */
d = HH(, a, b, e, x[ 0}, $32, Oxeaal 27fa); /* 49 */
¢ = HH¢e, d, a, b, x[ 3], $33,
Oxd4ef3085); [* 43%)
= HH(b, ¢, d, a, xf 6], S34, Ox4881d05); /* da, #/
a = HH(a, b. c. d, x[ 9], 831, Oxd9d4d039);
/* 45 *y
d= HH(d. a. b,c. x[12], $32, OxeGdb99e5); /# 46 */
HH(c, d, a, b, x[15]. $33, Ox1fa27eR8); /* 47
b = HH(b, c,d, a, x[ 2], $34, Oxe4ac5665);
/* 4g +/

/* Round 4 */
a= II(a, b, ¢, d, x[ O}, S41, Oxf4292244);
I* 49 */
d= I, a, b, ¢, xf 7], $42, 043208107);
/* 50 «7
c= Me, d, a, b, x[14], $43, Oxab9493a7);
/# 5) 4
b= II(, c, d, a, xf 5],
S44, Oxfc93a039); /*
52 ef.
a= Ifa, b,c, d, x[12}, $41, 0x655b59¢
3); /* 53 4
d= I(d,a, b, ¢, xf 3], $42, Ox8f0ece92);
/* 54 4/
e=Il(e,d, a, b, x{10}, $43, Oxffefi47d); *
55 ¥
b=II(b, c, d, a, xf 1), $44, 0x85845dd1);
/* 56 */
a= II(a, b, c, dj xf 8}, 541,
Ox6fa87e4f}; /* 57 */
d= Id, a, b, ¢, x{15], S42,
Oxfe2ce6e0); /* 58 */
¢= II(e, d, a, b, xf 6], $43, 0xa3014314);
/* 59 ¥/
b= IIb, ¢, d, a, x[13], $44, Ox4de081
1al); /*60 */
a= II(a, b, c, d, x[ 4], S41, Oxf7537682); /* 6L-*
/
d= Id, a, b, e, x[11], $42, Oxbd3af235);/# 62%)
2
c= Ile, d, a, b, x[ 2], $43, Ox2ad7d2bb); /*63-*/
b= II(b, ¢, d, a, x[ 9], $44, Oxeb86d391); /* 64 #/

fate(0) +=
Slatef1] += b;
Mate[2] += ¢:
Mate[S] Pe! dP vel pen et

Scanned by CamScanner
 er Crypt. & Sys, Security (MU-Sem, 6-Comp)
L-16 4 . -
Lab Wa,
‘ Dual
Private final void update(byte input], intlen)
a
int index = ((int) (count >> 3)) & Oxf;

count += (len<< 3);

int partLen = 64. - index;
inti = 0;

if (len>= partLen)
Bf fat
System, arraycopy(input, 0, buffer, index, partL
en); ;
transform (buffer, 0);.
fo
for (i = partLen; i + 63 <len;i its
64)
transform/(input, i);
‘index = 0;

}
else
{

System.arraycopy(input, i, buffer, index, len - i);

3
private byte] endQ
fet
byte bits[] = new byte};

for (inti = 0;i < 8; i++)

- bits{i] = (byte) ((count >>> (i * 8)) & Oxit);
int index = ((int) (count >> 3)) & Ox3f;
intpadlen = (index < 56) ? (56 - index) : (120 ~ index);

update(padding, padlen);

i
Scanned by CamScanner
 L-17
Lab Manual

Encode the content.state array into 16 bytes array

if

j oie bytef] encode(int input[], intlen)

{

} pyle
uput[] = new byteflen];
+ gt i = 95

+ jot p = 9

ae rj <iensit+,j+=4)

outpuili] = (byte) (Gnput{i]) & Oxf);

wuiputfi + 1] = (byte) ((input[i] >> 8) & Oxid);
| aatput[j + 2] = (byte) ((input[i] >> 16) & Oxf);
| tputlj +3] = (byte) ((input{i] >> 24) & oxti
|
a return output;

x 7 jst ey
; ‘
a
ue x 6
el
th #5 in ai 8
the digest for our input stream: ae

* This method constructs the input stream.digest, and return it, as @

ae * a String, following the MD5 (rfc1321) algorithm,
* @return An instance of String, giving the message digest...
digestifier was unable to read the .
* @exeeption IOException Thrown if the
input stream. sie
*) ‘

public byte[] getDigest()

iiss

throwsIOException» 6% pees.
Dy
eee

Scanned by CamScanner
 Crypt. & Sys, Security (MU-Sem, 6-C
omp) L-18
byt ‘bulfer[] = new byte[BUFFER_ SIZE];
int got = -);

if (digest != null)
Tetum digest;
while (got = in.read(bulfer)) > 0)
update(buft er, got);
this.digest = end(:
return digest;
}

: /**

* Get the digest, for this string digestifier,

* This method doesn't throw any IOE
xception, since it knows that the
* underlying stream ws built from
a String.
RY
: i ‘

public bytef] processString()

{
if (!stringp)
iran new RuntimeExceptio
n (this.getC lass(). -getName(
)
+"‘TprocessString]"
+ "nota string.");
by
Bf
returngetDigest();
io) catch (IOException
ex)
{ ‘

hires new RuntimeExcep

tion (this. getClass(),
-getName()
+ "[processsString]*
+ ": implementation error.");

Scanned by CamScanner
 ecurity (MU-Sem. 6-Comp) __L-19 Lab Manual
—
SaaEaEEEEEieieeieeomamms
(2 ot. & SYS.
—

as & proper string. */

«cet the digest
ig est()
gs getsiringD
inle
pie‘Str
olrt

{
dies" == null)

ow i}
ew RuntimeException' (this.getClass().getName()
% + "[getStringDigest]"
+": called before processing.");

tur! stringif y(d igest);

_ ee
* Construct a digestifier for the given string.
* @param input The string to be digestified.
* @param encoding the encoding name used (such as UTF8) *
i ‘
i

public Md5 (String input, String enc)

{
byte bytes[] = null;

by
{
bytes = input.getBytes(enc);
} catch (Unsupported ncodingException
OY a -
{ " aie.
throw new RuntimeException("no "+enc+
" encoding!!!");
}
this.stringp “ —
_this.in = new ByteArrayInputStream (bytes);
this.state = new int(4];
this buffer = new byte[64];
this,count= 0; cs,

Scanned by CamScanner
 er Crypt. & Sys. Security (MU-Sem. 6-Comp) __L-20
state[0] = 0x67452301
;
state(1] = Oxefedabeo,
‘state[2]= Ox98hadcfe:
state[3] = 0x10325476;
7

je
* Construct a digestifier for the given string.
* @param input The string to be digestified,
” .

public Md5 (String input}

pet
this(input, "UTF8");
}

[*®

* Construct a digestifier for

the given input stream.
* @param in Theiinput stream
to be digestified.
ey

‘public Md5 (InputStream

in)
{
this.stringp = false;
this, in = in;
2
this.state = new int[4];
ae
this, buffer= new byte(6
4};
this.count= 0;
‘state[0] = 067452301;
State[1]= Oxefedabg9;
state[2] = Ox98badefe;
state[3] = 0x10325476;
}

Scanned by CamScanner
 mp) to,
“= Aon ot 8 YE: security: (MU-Sem.6-Co
L
Manus 7 je void main(String args) Lab Manual

é _aoescetion

ws
{ fength i” 1)

al
,outprintln( "Md5 <file>"):
4 =
7 i net 3

1
i

yida md> = new Md5 (new FilelnputStream(new Fi le(args[0])));

2 md5.getDigzestQ);
Bi

(b));
ti n (stringify
aqgemoutprin
}
} :
_ Save above program with program name
Md5 java into the JDK bin directory and compile
_jrusing javac Md5 java and execute using java Md5
b1.txt,
- To get correct output please create one text file (Give
any name to that text file here we
have created one text file b1.txt) as an input to MD5 algorithm.

Output
fo get correct output pleasé, create one text file (Give-anynni e to that text file here I have created one text ‘
ale blixt text provide in b1.txt is Cryptography & System Security) as an input to MDS
algorithm .

C:\Program Files (x86)\Ja

1.7.0. 25\bin>java
va\j c: Md5,java
dk
3
Pingtiemspic iin.
4 | C\Program Files (x86)\Java\jdk1.7,0_25\bin
jav>a Md, 5 “aebl.txt '
i
“4 :

| (86802dea5126270864153563166198a :
e i sl
ae j MDS enerypt the text Cryptography & System Security & produce the digest as

_| 936302dea5126270864f53563/66198a

(Program Files (86)\ava\jak1.7. 0_25\bin>

Scanned by CamScanner
 ey Crypt. & Sys, Secu
rity (MU-Sem, 6-
Comp) L-29

Write a Program in
Java to im Plement
Using Librarie SHA-1
s (API),
- Objective

Aim of this assignme

nt is to impleme
nt Secure Hash Algorithm ~ | usin
Refer Ch apter 6 for g Librarie (APT)
theory of SHA-I -
Solution :

th
import javax.crypto,*:

a
import java.io.*:
import java.securit ye
public-class SHA
{
public static String Ge
tdataQ

String Message=null;
try
:
{\
DatalnputStream in=new Dataln
"
putStream(Syste m.in); .
System.out.print("\n Please
Enter One Message : ");
Message=in.readLine();
}
catch(Exception exception)
‘ 4

}
retum Message;
}
public static § tring Comp
i ( ute(String Message,Ke
y key)

byte[] digest=new byte[519];

String store=null;
,

MessageDigest digest] = MessageDigest.getInst

ance("SH A-1"),
digest2.update(Message.getBytes()); cans

Scanned by CamScanner
 guts , Security (MU-Sem. 6-Co he ; ie

Lab Manual i!
=digest] digest); 2s .
Mana) | en —
alue=
ya |
~1 M90rith jt Mac mac=Mac. -getlnstance("HmacMD5"); ‘ |

‘
:
yo itl il(key i
upsate »(value)s

~- iF mac. JdoFinal(); 5
ibrarie (APY )

angBuller buffer=new StringBuffer();

mnie si <digest. length;i+ +)

{
_ 1 yaluel =digest[i] & Oxff;
yo

ifvaluel <16)
{
: :
hulfer.append('0);
}
pulfer.append (Integer.toHexString(value1));
}
ae
gore=bufler.toString);

. |
catch(Exception exception) |
i et
y System.out.print("\n Exception : " + exception); ae aes
} ‘
é
r
i
retum store;, f.

}
public static void main(String args[])

7 om Pet z
‘ | String Mes sage,holderl sholder2;
;

| tats y 4 s
Instance(’AES");
m i KeyGenerator generator= KeyGeneralor.get

{ j generator. init(128);
| erateKey();
ator- -gen
SecretKey key=gener
- Message==Getdata(): :
(™ fiessage * key ):
holderl = ompute
=C
- Bel '9
| :. + holderl
Digestt !
("\n Message
System out. Pp rint

Scanned by CamScanner
 ka Crypt. & Sys. Security (MU-Sem, 6-Comp)
L-24 cman Manual
Message=Getdata();

holder2 = Compute(Message,key):
System.out.print("\n Message Digest? : ["
+ holder2 +" }:
iffholder] equals (holder?2))

{
System.out.prin
| t(“\n
{ Messaze
ag) Is Same... ap
i
i

else
{
System.out.print("\n Message Is Not Same .."):
}
}
catch(Exception exception)

{
~ System.out.print("\n Exception In Main :" + exception);

} } «
. ii

Save above program with the program name SHA

jJae, Compile it using javac SHA java
and run it using java SHA

Output

C:(Program Files (x86) Java\jdk. 7.0 ) 25\bin>j javac

SHA java
Tt will two note but students ean run it

CA\Program Files (x86)\Java\jdk1.7.0_25\bin

>java SHA

= Enter One Message : Cyber Crime & Security

“Message Digest] : [e1b061ca3f0601 7ob18799dal M006]

Please Enter One Message : Cyber Crime and Security

2 |

Message Digest2 : (b846499838/2ad69254734507ac9007

2) : =: 8 ge a 28
Boke ace
ee

Scanned by CamScanner
 ) _L-25
Sem.6-Comp
= Sys: security (MU- Lab Manual

SE Manny Fag

il
again with same message
& Run!
ar
,
1.7.0_25\hin>javac SHA Java
a Files (x86) Java\idk
a

SHA
k 1,7.0_25\bin >java
on™ Files (x86)Java\jd
.
.
rity
guerne Message + Cyber Crime & Secu
i

it pigest] : [elb061ca3fc60170b18799da 1 ffhO06 A}

ity
gee Enter One Message : Cyber Crime & Secur

sos Digest [e1b061ea3fe60170b18799dal fbO06f}

yessaze JsSame. -.

old/new message SHA-1 always generates new message

Keep in mind that for every
- igest
wireshark
> Experiment 4: Study of packet sniffer tools -
and capture icmp, tcp, and
nload and install wireshark
> Experiment 4(a) : Dow
us mode.
http packets in promiscuo
Make sure that packet
ll a pack et anal yzer & cap ture the network traffic.
dim: To insta works, it cannot detect
ures the liv e pac ket s from different net
analyzer only capt done by using intrusion
the pac ket is mal ici ous or not. This detection was
whether Students can
cus s IDS in exp eri ment number 9. The
detection system (IDS), will dis available
her e I hav e sel ect ed Wireshark as it is freely
er tool
select any packet analyz
on Internet. \

| Ofective pture
pa ck et an al yz er will try t ca
k
{
is a ne tw or k pa ck et analy zer. A networ po ss ib le . Yo u cou Id think of
Wireshar k detailed as
es to di sp la y tha t pa cket data as wh at's going on
inside a
s an d tri ed ex am in e
twork packet as @ measuring device us
to
g on inside
_ ‘network packet analyzer to ex am ine what's goin
ician
e a vo lt me te r is used by an electr
lik
"work cable, just

id
7

Scanned by CamScanner
 ey Crypt. & Sys, Security (MU-Sem. 6-Comp)
a_L-26 Lab Manual |
an electric cable (but at a higher level, of course).In the past, such tools were cither very
expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed,
Wireshark is perhaps one of the best open source packet analyzers available today
Solution:

A brief history of Wireshark

— In late 1997, Gerald Combs needed a tool for tracking down networking problems and
wanted to learn more about networking, so he started writing Ethereal (the former name of
the Wireshark project) as a way to solve both problems.
- Ethereal was initially released, after several pauses in development, in July 1998 as
version 0.2.0.Within days, patches, bug reports, and words of encouragement started
arriving, so Ethereal was on its way to success.
— Not long after that, Gilbert Ramirez saw its potential and contributed a low-level dissector
to it.

— In October, 1998, Guy Harris of Network Appliance was looking for something better
than tcp view, so he started applying patches and contributing dissectors to Ethereal.
— In late 1998, Richard Sharpe, who was giving TCP/IP courses, saw its potential on such
| courses, and started looking at it to see if it supported the protocols he needed. While it
didn't at that point, new protocols could be easily added. So he started contributing
dissectors and contributing patches.
— The list of people who have contributed to the project has become very long since then,
and almost all of them started with a protocol that they needed that Wireshark or Ethereal
did not already handle. So they copied an existing dissector and contributed the code back
to the team.
— In 2006 the project moved house and re-emerged under a new name : Wireshark.
— In 2008, after ten years of development, Wireshark finally arrived at version 1.0. This
release was the first deemed complete, with the minimum features implemented. Its
- release coincided with the first Wireshark Developer and User Conference, called
SharkFest. —

- Some Intended purposes of Wireshark

- Network administrators use it to troubleshoot network problems;
- Network security engineers use it to examine security problems,

— Developers use it to debug protocol implementations,

Scanned by CamScan ner

 4 SYS: security (MU-Sem. 6-Comp) L-27
f
a ¢ ook Lab Manual
_evse jt to learn network protoco] internals
Lab Manuay OP. Be

: * pe sayeth ese examples, Wireshark ca n be he] , .

ols were Cither Ve, pesid® pful in Many other situations too.
ul that has chan
> today, Sed,
we are some of the many features Wir
gllowin’ esh. ark prov id es
Ovid ;
fe gilable for UNIX and Windows.
AY
pture live packet data from a network interface,
ing Problems and ‘ nish packets with very detailed protoco
© former n ame of l information,
open and Save packet data captured,
in July 1998 a5
igement Started
jmport and Export packet data from and to a lot of other capture programs,
pilter packets on many criteria.

-level dissect, a search for packets on many criteria.

Colorize packet display based on filters.
nething better Create various statistics.
‘hereal.

ntial on such
wireshark Main Window
a er arc Tene ae)
ed. While it pr
pr Situs Grobe, Sunes, Tekephory, Joos eae
contributing SExeei nerve AQQE MERA

since then,
w Ethereal rieace can be sed For caphuringI zy, Open ys
tn aton ath ihe carver corfiguraticn. & B Open nperieaty capeed e / a
code back ‘a Capeum Hep below For cette. © pan Recent: a fd erent 4

.O. This
ted. Its’
#
called

Scanned by CamScanner
 Wireshark Main Window

Capture option dialog box

UY ents TCO Tha!

jSapcure

| Interface: ILoca | v | [bS7wak2 Brondcom Netxtreme Giqabt Ethernet Driver: ‘Pevicoiprl =}

IP address: 10,120,03,75
| Unklayer header type: Ethemet |
| [2] cacture packets 1 pr omiscuous made
L] Capture packets hn peap-ng fermat (experimental)
Buffer size; | _& wegabytets)
[7] Unit eech packetto OS bytes
i| [Ceptura Fier:
File(s) ee
. ca
|
nara naan
alex)
-————
= Display Options
“| | fh] Update Ist of packets inred tine
j oO Use fuitipke files
hi @) fast Maewey
Automatic ccroling in live capture
re ‘
« fiegeby tess
a os ee fice's

| td : Bed ie1 pyartig > Padrbed

ey Hide capture info dalog
be '
ww thas,
ea
t > Pietss
s ‘ Name Resclution——-. —---——
L «

"Stop Capture ..; Enable MAC name resobticn

|... after Enable network name resaLban
f DD wn afber
Enabé transport name resalibon

. ‘ | Start cancd

Capturing Live Network Data

Capturing live network data is one of the major features of Wireshark. The Wireshark
capture engine provides the following features :
Capture from different kinds of network hardware (Ethernet, Token Ring, ATM, ...).
Stop the capture on different triggers like: amount of captured data, captured time,
captured number of packets.
— Simultaneously show decoded packets while Wireshark keeps on capturing.

Filter packets, reducing the amount of data to be captured.

——
Scanned by CamScanner
 .s curity (MU: -Sem. 6-Comp) L-29 Lab Manual
5 SYS —

go multiple files while doing a long term capture, and in addition the option to
a att ett bu uffer of these files, keeping only the last x files, useful for a “very long term"

ion:
op “enti still lacks the following feat
ures
pure
ap cil sais capturing from multiple network interfaces (however, you can start multiple
sia— an - of Wireshark and merge capture files later),
le

Dever: Wevice\nel =] inst — (or doing some other action), depending on the captured data.
stor ca :

pe COptUTe Interface

- RE: ‘Capture Se
= megabytets)
cacture ° eae as Les eee
=] Compile EPF = 92, 168, 2102 -¥A eet sits Fe eee
ppaddrest: o2.168.2h.002
Packets in real time Seumotsss wt Remote Settings
Buffer size: Me > megebyte(s)
Fcutue in aaRTTNE
ling in live capture

[i cacture pachstsin pcep-ng format (periments |

fo dalag
Clumeachpacketto ins ———— etch
ae =
_[Gepture Fiter: L__ Eee
2 resokticn
pe 4 = "paste sere
Capture Fels)
ame resolibon a pa :
=e [3 Automatic serofing in ive center |
ame resolinon 1 Use mutiple fites
os voile * Dleeeateero
emma :
ited

: oe “Warne Reschton

bis s ~ [a] enable AC name rescltion

The Wireshark
Stop Capture see CC Enable network name resoktc
Be

'M, -:-)-
aa

ptured time,

Scanned by CamScanner
 er
a jt.

Crypt. & Sys Security (MU

= isinomenes
| VY a
= n
5
Live capture
ma Plure from many different network media oP" se
nanceireshark
aoe can capture traffic from many different network media types - and despite ;
its as publ
ans cluding wireless LAN as well. Which media types are supported, depends
on many ike
hings like the operating system you are using.
fcee

Import files from many other capture programs pec

Wi - |
Wireshark can Open packets captured
P from a large
g number of other capture programs,
gr For piv
a list of input formats,
E . pe velC
xport files for many other capture programs WwW
Wireshark can save packets captured in a large number of formats of other capture
m
programs. For a list of output formats. w
Capturing Packets - 1
fans i eh ta) a ie cia Ra a EE a ere aa t
ie ER Mer Go Ceotre false atts Teeshony Ink Bterch tb A
JueSea a “ARBs Nee F 21 BjR QRaQgmy@OAtne ,
rem yee. ?
Ine, Tine Sore’, Destination ; _ Protocol Lencth info sy
Le.cegeco § 192.188.0.3 Broadcast ARP 42 Gratuitous AAP for 192.163.0.2 (2
20.295039 192.268.0.2 192.1658. 0.2 NENS 92 Nate query NESTaT “eODODOD<

41.C2£659 192,148.02 224. 0,0. 22 S4.v3 mentesship ceport / Join grou

‘Sia laea3es © 197.269.0.2°°" 292.168.0.1 © ONS 110 Standard query SRV _Idap. Sept
7 61.048652 — 192.268.0.2 239.255.255.250 | ssop LPS M-SEGRCH Y HTTPAL.L
71.050784 192.168.0.2 192.168.0.2. _ ONS 86 Standard query SOA nbtOOKhd. woe
,82,055053, 192,168/0.1. °°. 1922168.0,2 °° SS0P 337 nTTP/2.2 200 ox f
91,082028 152.168.0.2 192.168.0.255 NBNS 110 Regiztration nB NELQOSio«td>
AS4.241945 192,468.0.7 ~~ 7 -192.168.0.1°. ~ ONS - QO? Standard query 4 praxyconf.wold;
SEL 2.226256 91925168.0.2 >" - 292.168.0200 TCR G2incu-2 > Mtep [SYN] reels
12.4,227262. 192.123.0.1 (92,168.02. Tor * @O http > ncu-2 [SYN, ACH] ~~
Bi)

= Frame 4: 62 bytes on wire (496 bits), 62 bytes caatured (496 bits)

= Ethernet I7, Src: 192.168.0.2 (G0r0b:Sd:20:cd:02), Dst: Netgmar_2d:75:9a Cod:09s Sbr2d: 75:98)
& Internet Protocol, Src: 192,168.0.2 (192.168.0.2), Dst: 102.168.0.1 (192.168.0.1)
= Tranitmiss
ton ConeroT protocol, Ste Portt ncu-2 (3198); Dst'Port: http (50), Seqr SA, |
j Sturcs fort: neu-2 (3196)
Desttracton port: http (BO)
[stream tndey: 4]
Sequecce rember: 0 (relative sequence number)
Heade~ length: 28 bytes -
& Fls08), 0002 OD RS SE ae ae eee
window size value: 64240 cE posse ee:
7 9 ob Sd 20 cd 02 08 00.4500... [-u.. aveeks
pao 09 92 3b 5 aa go 99 06 61 2¢ cO a8 OD U2 ¢cO a8 “gicges —
020 GO OL De 7e 00 50 3c 26 «95 ce 00 oe o) _ 70 02 vay LPG x
030 fa fo 27 #6 Of 00 02 C4 O05 bd Belen! eee
en eee eee sbetieeneibetecG wanted son aD Aine in ae RE,
@ [ries Cipesticat
ise oamn0e acs 120 Displavac: 120 Novied Olnad tines 0:00.000 [Profiles Qelau ae
Wikealiith captures dackeie and allows you to examine their content.

Scanned by CamScanner
 1 4 att
5 |S oye: Sear Cae Sore) 33
—=—=== Lab Manual
Z

; is an open source software project, and is released under the G ;

and - se a

on any numbern of— eeyou

= its
On Many
lel
Licens¢WOrTyI
a without ne on
Ng about license fees ark
freelykeysuse orWiresh or such. In additio
» Mi SOUICE code is
Py available under the GPL.
eee}
»
use of that. it is very easy for people to add new protocols to Wireshark, ¢3
ren Ea
seins. OF built into the source, and they often do.
rogTams. For pie
spetopment and maintenance of Wireshark

-_# was
- was initially
initially developed by y Gerald Combs. Ongoing i devel opment and
: . : ‘ .
er Capture egintenance of Wireshark is handled by the Wireshark team, a loose group of individuals
apo fix bugs and provide new functionality.
_ qeere have also been a large number of people who have contributed protocol dissectors
so Wireshark, and it is expected that this will continue.
_ You can find a list of the people who have contributed code to Wireshark by checking the
spout dialog box of Wireshark, or at the authors page on the Wireshark web site.

_ Wireshark is an open source software project, and is released under the GNU General
Public License (GPL). All source code is freely available under the GPL. You ae
‘
welcome to modify Wireshark to suit your own sieeds, and it would be appreciated if you
i
contribute your improvements back to the Wireshark team. t

back to the community: i

- You gain three benefits by contributing your improvements
iate them, and you will know A
- Other people who find your contributions useful will apprec a
developers of Wireshark have helped
that you have helped people in the same way that the
people.
always f
improve your changes even more, as there's
- The developers of Wireshark might things on top of your i'
room for impr ovem ent. Or they may imp lement some advanced i
| .
too.
code, which can be useful for yourself
k will maintain your code as well, co ¥
- The maintainers and developers of Wireshar
API chan ges or othe r chan ges are made, and generally keeping it in — ee
when - , cae
with Wire shar k. So if Wire shark is updated (which is =
is happening y
ite and your changes wil
get a new Wireshark version from the webs
you.
without any effort for

Related command lineTools

al-based wireshark.
- Tshark ; Termin

j
a.
Scanned by CamScanner
 G

BE cope
Crypt. & Sys. Security (MU-Sem.6-Comp) _L-32 Lab Manuay gs
= Tepdump : Capturing with tcpdump for viewing with Wireshark.
r.
~ Dumpcap : Capturing with dumpcap for viewing with Wireshark.
~ Capinfos : Print information about capture files,
sm
~ Rawshark : Dump and analyze network traffic,
Ww
— Editcap : Edit capture files.
”
— Mergecap : Merging multiple capture files into one. ess
N
- Text2peap : Converting ASCII hexdumps to network captures.

Keyboard Navigation
2
S
Accelerator
ee cna
iz boy
pet ean ey
_ Description
eS reed Fo!

Tab, Shift + Tab Move between screen elements, e.g. from the toolbars to the packet
list to the packet detail. ~
Down Move to the next packet or detail item. =
Up Move to the previous packet or detail item. ~
Ctrl + Down, F8 Move to the next packet, even if the packet list isn't focused.

Ctrl+Up,F7 ~ Move to the previous packet, even if the packet list isn't focused.

Ctrl+. Move to the next packet of the conversation (TCP, UDP or IP)

Ctrl+, Move to the previous packet of the conversation (TCP, UDP or IP) 1
Left In the packet detail, closes the selected tree item. If it's already closed, j '
jumps to the parent node.
Right In.the packet detail, opens the selected tree item.

Shift + Right In the packet detail, opens the selected tree item and all of its subtrees.

Ctrl + Right In the packet detail, opens all tree items.

Ctrl + Left In the packet detail, closes all tree items.

Backspace In the packet detail, jumps to the parent node,

Return, Enter In the packet detail, toggles the selected tree item.

Conclusion

Thus we have studied a network packet analyzer i.e the Wireshark.

Scanned by CamScanner
 6-Comp) _L-33 Lab Manual
é cnet: 4, sys. Security (MU-Sem.
4(b): Explore how the packets can be traced based on different
ment ‘
a filters.

:experiment is to download & install freely available vulnerability tool

f thisis
ili in the network or not.
yi , angcan the entire network and find any vulnerability
a"

sous bility
" "ter, Nessus is. a proprietary compreFhensive vulnerability sc scanning 6 progra
mpuler,
pr
m.
It is
it is
jn comp for personal use in a non-enterprise enviroa
nment. Its goal is‘ to detect potential j
of charge

inet abilities on the tested systems.

vu

for example
Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc).

_ Default passwords, a few common passwords, and blank/absent passwords on some

system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary
attack.

- Denials of service against the TCP/IP stack by using mangled packets

On UNIX(including Mac OS X), it consists of nessusd, the Nessus daemon, which does
the scanning, and nessus, the client, which controls scans and presents the vulnerability
results
to the user.

According to surveys done by sectools.org, Nessus is the world'

s most popular
vulnerability scanner, taking first place in the 2000, 2003
,:and 2006 security tools survey.
Tenable estimates that it is used by over 75,000 organizati
ons worldwide.
Nessus Is also: .
-
A “Free, Powerful, up-to-date, easy to use, remote security
scanner”.
Open-Source, free to use, modify, etc.

Vulnerability definitions, called plugins, are free as well.

~

Easy is a matter of perspective.

Scanned by CamScanner
 ————
re

=, Securit
EF ont.
Crypt. & Sys. Security (MU-Sem.6-Comp) L.34
cry!
Lab a
tual Nessus 3 eng
Operation of Nessus qhe

“ anne for the ab

— In typical operation, Nessus begins by doing
a port scan with one of its four internal port configuration stan
Scanners (or it can optionally use AmaporNmap) to deter
mine which ports are OPEN On the checks and patch
target and then tries various exploits on the open ports.
The vulnerability tests, availabi, a Nessus 0 pects
subscriptions, are written in NASL (Nessus Attack and many other ty
Scripting Language), a Scripting
language optimized for custom network interaction.
In July 0f2008, 1
- Tenable Network Security produces |
several dozen new vulnerability checks (calleq users full access
plugins) each week, usually on a daily basis. These checks are available for free The Nessus 2 eng
to the
general public; commercial customers are not allowed to use this Home
Feed any more. source projects b
The Professional Feed (which is not free) also give access to support and additi
onal Scripts Tenable Networ!
(audit and compliance tests...).
several times Sin
— Optionally, the results of the scan can be reported in various formats, such as plain text,
and Windows s:
XML, HTML and LaTeX. The results can also be saved in a knowledge base for
need for an agen
debugging. On UNIX, scanning can be automated through the use of a command-line
Nessus 4.0.0.
client. There exist many
different commercial, free and open source tools for both UNIX
and Windows to manage individual or distributed Nessus scanners. If the user chooses to
do so (by disabling the option 'safe checks’), some of Nessus's vulnerability tests may try
to cause vulnerable services or. operating systems to crash. This lets a user test the
resistance of a device before putting it in production. Nessus provides additional
functionality beyond testing for known network vulnerabilities.

For instance, it can use Windows credentials to examine patch levels on computers
running the Windows operating system, and can perform password auditing using
_ dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure
they have been configured per a specific policy, such as the NSA's guide for hardening
Windows servers. ,

Brief History of Nessus

- The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Internet
community a free remote security scanner. On October 5, 2005, Tenable Network
Security, the company Renaud Deraison co-founded, changed Nessus 3 to 4 proprietary
.
(closed source) license.

Scanned by CamScanner
 «vy (MU-Sem. 6-Comp) _L-35 Lab Manual
Sys: gecully
0/month per
3 eng ine is still free of cha rge, though Tenable charges $10
ais
other
tion audits for PCI, CIS, FDCC and
pe N°ar
fot the ability to perform configura
A vulnerability audits, the latest network
sci cation standards, technical support, SCAD
urations and the ability for
oe J patch audits, the ability to audit anti-virus config
, social security number
rform sensitive data searches to look for credit card
ta.
r types of corporate da
oa many a08 ne vi si on of the feed license which will allow hom
e
july 0f 20 , T e n a b l e se nt ou t a re
use.
fessional license is available for commercial
gers full access to plugin feeds. A pro open +
a min ori ty of the plu gin s are still GPL, leading to forked
2 Nessus 2, engine and ahn.
on Ne ss us li ke O p enVAS and Porz-W
source projects based 2 engine and has updated it
still mai nta ine d the Nes sus
tenable Network Security has IX
the rel eas e of Nes sus 3.N ess us 3 is available for many different UN
geveral times since t the
ch auditing of UN IX and Windows hosts withou
and Windows systems, offers pat e released
is 4-5 tim es fas ter tha n Nes sus 2.0n April 9, 2009, Tenabl
need for an agent and
Nessus 4.0.0.

S¢enner ed vulrerabilties, a wide variety

of
Welcore te Nettus Vulnerebiiry ands of the most commonly updat
sbiity warner wha iuhada n tegh epeed chachs for thous
feo s
Compl ete netwo rk vulna r
O ngleeme Hare y® reperhng.
to ape wrdertaqa, mnd ehecti ananb vaaand we MPa
| AERrrang cotinnt, Br Bane s vere, nd va canon wm
(wart bean Take econ by eetet ang eee et anan voi wba wat
| Yow Can vtart a nee
A ven Pepets Mase consular regietering.
for purges updates
et arwer hae not been pofipured
The
filer Cogent
ae
ty Aehbows tart Bean Terk

W tne tates OD view Reporte

G veda Pg

fet Aho
Oey

0 tren

Main Window
Fig. 1 : Nessus

Scanned by CamScanner
IY abl. & Sys, Security (MU-Sem,
6-Comp) _L-36 Lab Manua|

Manage Policies
WD Wehome Wreeuertiy Wed poli tanci
be mana
es ged here, You can patect
OD Wat thaws tank a predefined pobre hen starti
# new ng
Bean,
V View Reon
11 Manian COEU MBSE It tence tomer eye tae e eren
”
BB 08 a new poncy nme
t =
Other Options 2X Ovtete veierted
poncriay
A Neen Bank,
W henge Potten
W Wwotate Piigine

Seset Premet
Pls irene rma f thy nae
pet
=—=—— ”

Fig. 2 : Updating and addi

ng a policy
Nessus Featur
es
— Plugins : Use its
own scripting l an
guage(NASL) to define how
Client/Server it tests for vulnerabilities,
architec ture : Client and Ser
.
ver can be anywhere on the
— Protocol aware : i.e. It network
will detect FTP running
on port 31337
Appl ication Aware : Te
sts web servers Tunnin
g on the same port
Intelligent Scanni
ng ; Anon ymous FTP
Reports provide vulnerab
number of resolutions. ility listings and a goo
d
~ Client/Server uses SSL
to protect report results
Much better about not cr
ashing targets,
Nessus Architecture
: Nessus Cllent and ta
rget systems
Native Unix GTK Client (Li
nux, Solaris, and others).
Windows Client (NessusW
X).
~ Windows Client is pre ferred, more
report options, better interface
.

Scanned by CamScanner
 6-Comp) L-37 «
Sys: security (MU-Sem.

Nessus Server

a
Target Systems

Fig. 3 : Nessus Architecture -

jessus Client on Windows

vulnerabilities, .
twork

The fret tor hoe ‘SHil nage Service Privilege Extalelien®

1gs and a good peoblon hae nol basn apo bed
abhy of fs armalcious user, who br the .
vine
tf enethorrea (133A Hn tolagon Peshea bea Io gue 23dioral poke
5 rottvar eantt 3441 onthi hat

+ E. patbins-asn (1) Mier - i a

i} -netvorr Moel
(I sn 10 308 arch confechant/ecantituletinfrslIEs ; Nee
:
1 ' 1 tactan: Meda
i i -pellepseran (1 I9Acel
: } t wnpthane sn
tt dterl
gy Wafemings
2} wanda
& ton boa!
® lnonid

Scanned by CamScanner
 er Crypt. & Sys. Security (MU-Sem. 6-Comp)
—————————————— _L-38 I Lab Manual
Nessus Server

Runs on most Unixflavors (Unix, Linux, *BSD).

=
I find it runs best on Linux, your mileage may vary.
Performs all scanning functions, sends results back to client.

Includes a plugin update facility.

Nessus Reports

Numerous different formats.

Problem — How to get the reports to the user securely.
Answers include.
Commercial Products.
Write your own Perl or PHP application.

Scanning Methodologies

Someone scans your system(s) and makes the report available to you.
The end user requests a scan directly from the server, the machine is scanned, and report is
sent automatically. "
When the user connects to the network the system is scanned automatically (Popular with
wireless and VPN).

Servers are scanned on a regular basis (maybe weekly) and results are compared.
Network Perimeter is scanned on a regular basis.
Which ones should I do.

Challenges ~ False Positives

Must verify to some degree the vulnerabilities Nessus has

found.
This is time consuming and sometimes quite difficult.
—_—
Nessus is getting better, but still a ways to go.

Challenges — Crash and Burn

Nessus will crash systems, routers, firewalls, and any other devices on the network!

Happens no matter how careful you are Monitor your configuration closely, test new
plugins first.

Scanned by CamScanner
 sys. security | (MU-Sem. 6--Comp) L-39

aie for the worst.

’ _ what about the application

guend®es ~
gus does some application level vulnerability assessment.
«Ness fe from SPI Dynamics, EEye, and ISS are better.

uke gure you have at least one other tool to test the application!

yenges -§can What ? When ?

cha ‘
Getting permission to scan is half the battle.
There js no guarantee that it will not crash the system.
asyou know, people don’t like it when you find things wrong with their systems.

l it take ?
challenges ~ How long wil
- Depends.
Number of hosts.
Number of open ports.
| ) :
scanned, and report is z Number of services running on those ports.
What kind of host (Windows, Unix, Mac).
tically (Popular with How many hosts have firewalls.
- Speed of the network.
compared.
- Other network traffic.

- How many vulnerabilities are found.

|
before the last.
_- Fthe host sales after the first plugin or just
Challenges — How long does It usually take ?
| - One host = A morning or afternoon.
if
> More than one host = 1 Day.
- > Entire Class C subnet = 2-3 Days.
Entire Class B = Weeks.
|
_~
network!

osely, test new . Conctus network Security

.
like Nessus for
| Thus -we have studied the vulnerability ;

me
Scanned by CamScanner
ey Crypt. & Sys. Security (MU-Sem. 6-Comp) _L-40 a Lab Mariual

> Experiment5: Download and install nmap. Use It with different options to
scan open ports, perform OS fingerprinting, do a ping scan,
tcp port scan, udp port scan, xmas scan etc. |

Aim: Aim of this experiment is to download & install port scanning tool to identify the
number of computers on a network & to find the port open on one or more target
computers.

Solution :

What Is NMAP?

Nmap : “Network Mapper” It was developed by Fyodor.

— An open source tool for network exploration and security auditing.
- N-map uses raw IP packets in novel ways for information gathering
N-MAP features

Ping Sweeping : Identifying computers on a network.

Port Scanning: Enumerating the open Ports on one or more targe
t co mputers.
OS Detection: Remotely determining the Operating system and some hardware
characteristics of network devices.

Ping Sweeping

Ping Sweeping allows the hackers to

automatically map out the entire targ
et network and
Pinpoint all alive systems within a
particular range of IP addresses.
Operations on PING Sweepi
ng
When Host is not Alive

If the station isn’t available on the

network or a packet filter is preven
from passing, there will be ting ICMP packets
no Tesponse to the echo frame.

—ICMP
_— Echo Request
——s

Source -
192.168.0.8 Destination
192.168.0.10

Scanned by CamScanner
 ssponse from an active host will
retu mM an
" gavailable on the netw
he
IC
ork or ICMp is filtered
ss

_ ICMP Esho Reques

ny
t

HH
: ICMP Echo Repty
Source
192.168.0.8
Destination
192. 188.0.19
Port Scanning is the process of connecting to
TCP and UDP
fnding which services and appl Port for the Purpose
ications are open on th ¢ Ta
rget Machine. "
TCP establishes a connecti
on by using what is called a
header contains one byte field for the Three way handshake. The TCP
flags.
These flags include the following :
eo ACK: The receiver will send
an Ack to acknowledge data.
o SYN : Setup to begin communicatio
n on initial Sequence number.
° FIN : Inform the other host that the
Sender has no more data to send.
o RST: Abort operation.
o PSH: Force data delivery without waiting
for buffers to fill.
o URG: Indicate priority data.
The port numbers are unique only within a computer system. Port
numbers are 16-bit
unsigned numbers. The port numbers are divided into three ranges: the Well
Known Ports
(0-1023), the Registered Ports (102449151), and the Dynamic and/or Private Ports
(49152-65535).
All the operating systems now honor the tradition of permitting only the super-user open
the ports numbered 0 to 1023.
Some are listed below :
echo 7/tep Echo
ftp-data20/udp _—‘File Transfer [Default Data]

ftp 21/tep File Transfer [Control]

Scanned by CamScanner
 FP cryer _& Sys, Securi
ty (MU- “Sem. 6-Comp) __L-42

Ssh 22/tcp SSH —_— Remote Login Protocol

telnet 23/tcp Telnet
domain 53/udp Domain Name Server
www-http 80/tep World Wide Web HTTP
— Nmap ("Network Mapper") is a free and open source utility for networ
k exploration or
security auditing.
~The FIVE port states recognized by Nmap such as :
1. Closed 2. Filtered 3, | UnFiltered
4. Open-Filtered 5. Closed-Filter
1. Download Nmap from www.nmap.org and install the Nmap Software with WinPcap
Driver utility.
2. Execute the Nmap-Zenmap GUI tool from Program Menu or Desktop Icon.
Type the Target Machine IP Address(i.e. Guest OS or any website Address)
4. Perform the profiles shown in itheae EE Faget
* gers oom ee if

j Scan Type | Switeh| : Se

Comm

TCP connect() | -sT Opens a connection to every peel interesting port on oS

scan the target machine. ise
TCP SYN scan | -sS This is a “half-open” scan.

TCP FIN -sF This scan attempts to pass through packet filters by sendinga
TCP FIN packet.
Amas Tree -sX Sends a packet with FIN, URG and push flags set.
Null -sN Sends a packet without any flags turned on.
| Scan Type Switch | Description

ACK scan “SA An ACK packet with random acknowledgment and sequence
numbers is sent.

UDP scan -sU__| This sends 0 byte UDP packets to each port on the target
machine(s). |

| Lis scan -sL Simply lists targets to scan.

Scanned by CamScanner
 oii a SYS: Security (MU-Sem. 6-Comp) L.43
a iY
w Lab Manual
along
So Manu ion steps
installa tion steps along with output in Linux environm ent are listed
wink i Pr -=Se s Sudo apt Pp 1 nstall nme
*
be low

te Peria eet pol

ackage Lists... Done
dependency tree
ing state SO CREE RRS Done
ean aa itional packages w
Oration of ‘ Liblinear3 abt AU SCE
ae Pile s-1¢ |b
Beet) Cuca liblinear-dey ndiff
following NEW packages Will be tnstalled:
Lae liblineac3 nmap nk ig
rg hewly installed, 9 to remove
LIME RUA UC st
eC ee SE
this oo
Meeoperation,By 24.5 MB of ACC y
he aL a
F Co
VinPcap

gs aoe eee

tegtt wow. secuntytrails.com

command: nmap -T4 -F aww. securityialls.com

| Hostlo
+ Naan Outpia Pons /Hosts Topo | Scans |
Detalsgy
~ |3 | Detetsi
ppmap-T4-F wawesecuritytras.com
cn ) at 2018-85-12 21: a
| Starting Nmap 7,40 ( Wttps:7/nmap.org
sue
Be
Pi 03 ;
www. securitytrails.
“|. jimap. scan report forlatenc con (182.139.243.5)
‘| Host és up (@.064s y).
Not 7 9a filtered ports
4
PORE STATE SERVICE
i) eo/tep, open http
i g4z/tep open https
seconds
up) scanned in 5.83
“|| wage donuts 1 IP address a. host

"Barer Hosts

Scanned by CamScanner
ey Crypt. & Sys, Security (MU-Sem. 6- r Lab Mariual

Scan Tools Profile Help |

Target: [| Profile: >| sean| Cancel]
a

Command: [nmap Ta -sV -PS -PE -iL. random-hosts

[Hosts Services | Nmap Output Ports / Hosts | Topology | Host Details [Scans |
Port {Protocol |State |Service | Version
@ 21 tcp open ftp vsftpd 2.0,1
1 @ 22 tcp openssh OpenSSH 3.9p1 (;
‘1@ 25 tep open smtp Sendmail 8.13.1/t
1@ 80 ~~ tep apen http Apache httpd 2.0-4
Se | @ 110 ~ tcp closed pop} ;
Phleties (Lo ae
29 hosts shown. Host Filter: : a
Students can also compile and execute the below program
ROSE EE LAM OMERKEKERSANAREnEA RE EOEREOR ERED O DR
TITLE: C Program of PORT-SCANNING compile & tun by using cross
compiler of Linux environment
FASHETHERELER TREE EAA 2S EE NOOR TEER SEES]

include <stdio.h>
#include <stdlib.h>
#include <unistd.h> ee
# include <netdb.h>
#include <netinet/in.h>
#include <sys/eocket.h>

FILE *ps;

int main(intarge, char *argv[]) 5 phat

{ 4 e dene ae
bets int sock, portyis
structhostent hs
_ time. teurtimes

a
Scanned by CamScanner
 ee, |,

efope” ("Yete/bbb/ portscan.txt","w");

I S20) Goice spe = time (NULL}

yo “5 Jocaltime (&eurtime);
‘
Details
| [Scans] : (loctime);
r
.
peasctiime
fersion = gprint(PS Mp tte nee Ree OAT AMR RRE ERR EN ATEN OS HER TE NAL ON RR AR
EE Ee
tted 2.0.1 —| an");
\
:

fprintf(ps,"\nPort Scan Results : %s",t);

2NSSH 3.9p1 tt
fprint{(ps,"\oF ‘ollowing ports are open:\n");
Tdmail 8.13. 1t
])) == NULL)
—

with=getosthyname(arev[1
{
eas
!");
id gont{'Gethosthynameka error!
exit(1);
eat “
"et Rare a :: j for(port= 0; port<=65000; port+-+)

“vironment pet
‘tttctwey !
4 structsockaddr_inaddr;

if (sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) :

> .
print{("Socket ka errorl!");
exit(1);
‘

addr.sin_family = AF_INET;
;
// host byte order
addr.sin_ port = htons(port); // ‘short, network byte order
~ addr.sin_addr = *((structin_addr *)h->h_addr);
j | addr.sin_zero[0]="\0';
i=0;
while(1)
{
addr.sin_zero[i]="\0's
ets

Scanned by CamScanner
of Crypt. & Sys. Security (MU-Sem. 6-Comp). L-46 LD Marne

if(i>8)
break;

}
== -l)
if (connect(sock, (structsockaddr *)&addr, sizeof(structsockaddr))
{
if printf("%ed closed\n", port);
close(sock);

else

printf("%d open\n", port);

fprintf(ps,"\n%d" port);
close(sock);

}
* eth,);
#222444 AREER REE EEERERES ERES THAR AAR HRS IH EE EH)
fprintf(ps,"\n*#*##4

fclose(ps);

Output

froot@localhost}# ec port_scan.e
{root@localhost]# ./a.outlocalhost
22 open
25 open

111 open

631 open

5335 open

32769 open

[root@localhost]#
*/ - e ~ ‘ ose i dentist eey 2: ED ae Ne E S, | A ae 365

Scanned by CamScanner
 ai secuti (MU-Sem.6-Comp) —L-47
, 1 &
!
erent
Lab Manual
Rata 6: : Simulate DOS attack using Hping
, hpin
g3 and
other tool
This can be done In two ways s
one Is Usin
another using IDS tool, g hpings
tool and

: DoS using hping3

jment 6(a)
exper
ution *
" penial of serviCe attack means making the network unay ailable for the user to
i mmunicate securely,
co
ae services done
pis generally unavailable network theconnection
for userin orthe disrupts
by interrupting betwee N the users or making
entire pea
by overloading with
pawanted messages, so that network becomes slow and unavailable,
oS attack attempt to shut down the network, computer services and
deny the use of
resources OF services to authorized users.

once attacker got entire access of network or server he can do the following things :
o Flood the entire network or server with traffic until shutdown occurs because of
overload.
Block ongoing traffic which results in a loss of access to network resources to the
authorized users. Different security policies like firewall, Intrusion detection system
helps to protect such type of attacks.
Different security policies like firewall, Intrusion detection system helps to protect
such type of attacks.

What Is hping3 ?
P protocol. Hping is one of the
i hping3 is a free packet generator and analyzer for the TCP/I
firewalls and networks, and was used to
de-facto tools for security auditing and testing of
implemented in the Nmap port scanner.
exploit the Idle Scan scanning technique now
an
le using th ¢ Tcl language and implements
- The new version of hping, hping3, is scriptab the
so thatnee
i i ription of TCP/IP packets, en:
human readable descrip!
ise See ATH, Ba ow level TCP/IP packet manipulatio
to |
day ea

programmer can write scripts related

4

analysis in a very short time. i

7 )
= Sat

_ hping3 also used to .... oc ks attempts using the

stan dard
ll th at bl
ts behind a firewa
" Traceroute/ping/probe hos
Utilities,

Scanned by CamScanner
— Perform the idle scan (now implemented in nmap with an easy user interface).

— Test firewalling rules.

— ‘Test IDSes.

— Exploit known vulnerabilties of TCP/IP stacks.

- Networking research,
— Learn TCP/IP (hping was used in networking courses AFAIK).
‘— Write real applications related to TCP/IP testing and security.
- Automated firewalling tests.
- Proof of concept exploits.
— Networking and security research when there is the need to emulate complex TCPAP |
behaviour.
- Prototype IDS systems. _
- Simple to use networking utilities with Tk interface.

DoS using hping3 with random source IP

you installed Kali Linux to leam how to DoS. You only need to run a single line
command as shown below :
ot stNerntiroeg stage met rien meen eng SS UR rpg ae meee oneeneneee er
a tee een
santoshdarade:~#‘hping3 -“<¢ 1001 -d 120-5. -w64-p 21. ~flood —rand-souree www hping3testsite.c
om
‘HPING wow bping3testaiteicom fl 27.0; 0.1):S set, 40 headers + 120 databytes
| a
hhping in flood mode, no replies willbe shown C cee
|
— www hpingStestsite.com bping statistic — — .
dasti2 ‘packets transmitted, 0 packets Boeeeds 100% packet loss
round-trip aaa 0190 010.0, ms
eitighslaniteesae
Ee |

~ hping3 = Name ofof theeg Rcatten binary,

|
-¢ 100000= Number of packets to send.
-d 120 = Size of each packet that was sent to target mach
ine.
Pe

-§ =] am sending SYN packets only,

-w 64 = TCP window size.
Se

-p 21 = Destination port (21 being FTP port). You can use any port
here.
--flood= Sending packets as fast as possible, without
taking care to show incoming
replies. Flood mode.

all
Scanned by CamScanner
 . Lab M. J wt j-source = Using Random Source [p Addresses. You can ia
os
or interface) ual
an tnames. See MAN page below, also Use
a OF ~sPoof
i jge HO® ng3tests ite.com = D estination IP address
to

or target machj .
bping?
ww a website name here. In my case~ resoTe] solves to 127.0. Ines [Pp address,
0,1 (as entere
d in fetcthostYou can
* glso .
s file)
command to DoS using hping3 and nping
ppl’
* simple SYN flood— DoS using HPING3
jared: a hping3 -§ flood -V www. hpingStestailecpopes
sag los aaddr: 127.0. 0.1, MTU; 65536

onc sewwbping3testsite.com (lo 127.0.0.1): § set, 40 headers + 0 data byte

_ jn sood mode, no replies will be shown * ¢ =
e £omplex TCP,/Ip es hping3testsite.com hping statistic ~~~

602] packets transmitted, 0 packets received, 100% packet Soae"

jo? mil ang/max = 0.0/0.0/0.0 ms.

. © Simple SYN S flood with spoofed IP—DoS using Hnic3

IN a single line Siosbdarade: ~# hping3. -S-P -U —flood -V ean -SOurce ‘wore hpingdtestte, coe

ea! Jo, addr: 127.0.0.1, MTU: 65536

using
rEstests|te.com ; HPING www.hping3testsite.com (lo 127.0.0.1): SPU set, 40 head +0 data bytes
' hpingin flood mode, no replies will be shown ~C
i ~www.hpingStestsite.com hping statistic ---
554220 packets transmitted, 0 packets received, 100% packet loss
| nund-trip min/avg/max = 0.0/0.0/0. 0 ms
i | sintoshdarade: ~#

. TCP connect flood - DoS using NPING

enite Medel
Sutoshdarade:~# 1nping --tep-connect f-rate=90000 --<¢ 900000 - “wn hpingdt
20 EST
tin gNpi ng 0.6 .46 (ht tp: :// nma p. org/nping ) aat 2014-08-21 16: 2
an areas

}
Sta
‘ete Hae

0. 004ms | Avgrtt: ] 684ms

i “CMaxrit:7.220ms |-Min rtt: .69%)
5537 | Failed: 16343. (74
TCP conection attempts? 21880 | Successful connections:
| -
pinged in 3 Ne seconds |
i Nping done: i IP:address . «Le “

cae a oy

darade ey hping3
pos attack using
:

to> simmlate
ssndied how
j

i
icoming ji Cnctusion :: Hence we have
i

Scanned by CamScanner
 5 SYS. Security (MU-Som. 6-Co
->
mp) L50_
. Experiment 6(
b): Dos attack
Aim: T © install int detection using Intrusion
rusion System and detect Detection System,
‘wh ether
by capturing the live n any malicious activities detected OF not
of service attacks. ©twork packets, IDS detect IP Spoofing (fake IP
address), Denial
Objective
“An Intrusion Detection
System is software
system s or networks, that monitors the events occur in a computer
indications
analyzing what happe ns during an execution and
that the computer has tries to fing out
b
integrity and availability of a resource oreendata”.
misused: in order to achieve confiden
tiality,
The IDS will continuously run on our system in the background and only generate the
alert when it det ects someth
ing suspicio us as per its own rules
signature present into it and tak and regulation or attack
ing some immediate action to prevent damag
e,
An Intrusion detection : § ystem exam
ines or monitors system or network activity to
find possible attacks on th €
system or network. Signs of violation of system security
Policies, standard security
Practices are analyzed. Intrusion Prevention is the process of
detecting intruders and pre venting them from intrusi
ve effort to system.
Solution: ‘
Refer Chapter 12 - section 12.5 for detail on IDS
For demonstration you can download an y freely
available IDS tool here we have

OeSe
downloade: d Sax2 (Evaluation) IDS tool and tested it. We got following
results .
era Detectol) System - See2fEveluation} -- *
ae \
t

pide se We be
| |” Dashbord | Events
| Corwersatione [logs1

Sart Tine
‘Duration:
Policy

BB re te Events of trereret

QY 100 10 tvents
of rternet
e

"ab Teathe Ceytes A

Scanned by CamScanner
 ; Sach oer Oe : _ __Lab Manual

dow of $ax2 IDS tool

main win
W
Henewrt hntys ns etarti Oydes melts uhh tony Me ay?

at. SO eS oom
oe
i | purtane bony wenn wip

| Paley _—
aaa Rehort — Datnoase Avatyzet

Opterd Sreunity rrerstekgetswe

7 setts ie
_/ CasGener”
9 Adank |
“7, Restek 10/100 1000 Etherrsot NIC (Microsoft's Packet chee Jer)

op 10 Everts of Intreret >

_jop 10 Everts of Internet 2

Scanned by CamScanner
 “sini bab Manua
omp) L-52
ey Crypt. & Sys. Security (MU-Sem, 6-C

card (Adaptor)
Start the detection by selecting network interface
t ' emt
rhe sch Cueicboh Sher
ns Heo @
oe
Mew '
Peterson | toda

wg ai & Hof & Roe

Ae eas

Ketvork Rerponse Database sihow! Pelt

Sis si
| Adopter Genera!) Stag
scene - =i caida
t hearin ted eae
mpicatd
_ Cophee

Pe ult 192.168.38. rr Wt) Soa 37

(reelts lbs UL Re Ces
CO:
with 32 bytes of data?
Pinging 192.168.3022
acs 2 timetins aie
hese Pee eee
eS VO Se a thd
a eee ee pd 32 time¢ins TIL-128 2
heb Ther yo sine 5 of Intranet
a ee eee 30.22: oieteres a
eb Pee he Cs
ee TTL-128
Crem 192. ae eee
Reply
RLS hee ree loss). 5
UN EET ELSE LE CURE (Bz at
tg: Sent = 4. reer ten le = 4, Lost = 8
trip at ee athe Te
Approximate: raund Naxi nari = Ons, Average
= Bins
Hininnn = Seer,

feast e ag Ut pee Kee

10.582 KB/s

{4 trafic (eytes’)

Fiche PR stirPies

Scanned by CamScanner
 = MU -Sem 6-C
em.. 6- om,
mp) _ L-
“4 pt_&& SYS
I : security ( Mi -s Co

= Le gy =
: nmai ; :
nd to check destination host js
La,
M. ual 1s of Pin goon Teachable

nyraZerark Dtruskoy Detaan raon System « OF not.

* Selfvatursgn ;
enNiet cee pases Ps .
“ 7

tee ;i er. wi
i frase el! ZEB
Srrmnre iray
5 Wty at e ‘Z|
nes | Ply al wi iG ac ae ~ Cag
| metre Ramorne Batibe
nm Ari
* PF, cn
= et
Hees i
}

Detection of different attacks

> Experiment 7: Setting up personal Firewall using iptabled:

tu 14.04
Aim : Setting Firewall Using iptables on Ubun
Solution : rating i
od fir ewa ll is an ess ent ial ste p to take in securing any modern ope
- Setting up a go
we can use to
ion s shi p wit h a few different firewall tools that i
tri but
system. Most Linux dis ables firewall.
thi s gu id e, we' ll. be covering the ipt
In
configure our firewalls. nu x dis tri but ion s by default (a modem
in most Li nel-level .
- iptables is a standard firew all included a fro nt end to the ker
to re pl ac e it). It is actually
will be gin
variant called nftables Linux netw at to do.
t can ma ni pu late the le s to decide wh
netfilter hooks tha nst a se t of ru
wor kin , g interface agai
the net
packet that crosses

Scanned by CamScanner
 | Lab Manual
ey & Sys. Security
Crypt. (MU-Sem. 6-Comp) _L-54

to block unwanted traffic. In

rules wo rk
- Inthe previous guide, we learned how i ptables how to create a basic rul
e
ctical exam ple to demonstrate
this guide, we'll move on to a pra H and HTTP traffic.
resulting fir ewall will allow SS
set for an Ubuntu 14.04 server. The
.
Basic iptables Commands
es co mm and s mus t be run with root privileges.
iptabl
First, you should be aware that es. |
configured for iptabl
t rules that are
starting point is to list th e curren eer
fs F aaa a ot
ay
fan win

- Once again, the default policy is important here, because, while all of the rules are deleted
fom your chains, the default policy will not change with this command. That means that
if you are connected remotely, you should ensure that the default poli : INP
| and chains are set to ACCEPT prior to flushing your valen, — 7

Scanned by CamScanner
g opt. & Sys. Security (MU:Sem.6-Comp) _L.S5 "Lab Manual

wake your First Rule

We're going to Start to build our firewall policies, As we said above, we're going to be
working with the INPUT chain since that is the funnel that incoming traffic will be sent
through. We are going to start with the rule that we've talked about a bit above
: the rule
{hat explicitly accepts your current SSH connection.
The full rule we need is this :

§sudsipaAbles
INPUT -m conntrack ~ctetate ESTABLISHED RELATED jACCEPD.
- This may look incredibly complicated, but most of it will make sense
when we go over the
components :
o -A INPU
:TThe -A flag appends a rule to the end of a chain. This
is the portion of
the command that tells iptables that we wish to add a new
rule, that we want that rule
added to the end of the chain, and that the chain we want to opera
te on is the INPUT
chain.
Q -M conntrack : iptables has a set of core functionality,
but also has a set of
extensions or modules that provide extra capabilities.
© In this portion of the command, we're stating that we wish to
have access to the
functionality provided by the conntrack module. This modul
e gives access to
commands that can be used to make decisions based on the
packet's relationship to
previous connections.
° —ttstate : This is one of the commands made available by callin
g the conntrack
module. This command allows us to match packets based on how
they are related to
packets we've seen before.
~

o We pass it the value of ESTABLISHED to allow packets that are part of

an existing
connection. We pass it the value of RELATED to allow packets that are associated
with an established connection. This is the portion of the rule that matches our current
SSH session.
-j ACCEPT : This specifies the target of matching packets. Here, we tell iptables that
packets that match the preceding criteria should be accepted and allowed through.
We put this rule at the beginning because we want to make sure the connections we are
already using are matched, accepted, and pulled out of the chain before reaching any

‘ pan rae ongererermnme RT eet RE as

44 ‘ = Sa aie Age
<3 Gee sa ar el Aa Se
a

Scanned by CamScanner
 -
ET crypt. a sys. Security (MU-Sem. 6-Comp) __-56 canes nual
Seria

Output

Chain INPUT (policy ACCEPT)

targetprot opt souree destination
ACCEPT all -- anywhere anywherectatate RELATED, ESTABLISHED

Chain FORWARD (policy ACCEPT)

largetprot opt source destination

Chain OUTPUT (policy ACCEPT)

targelprol opt source destination —

Accept Other Necessary Connections

ne
— We have told iptables to keep open any connections that are already open and to allow
new connections related to those connections. However, we need to create some tules to
establish when we want to accept new confections that don't meet those criteria.
— We want to keep two ports open specifically. We want to keep our SSH port open (we're
going to assume in this guide that this is the default 22. If you've changed this in your SSH
configuration, modify your value here). We are also going to assume that this computer is

ca
running a web server on the default port 80. If this is not the case for you, you don't have
to add that rule. .
— The two lines we're going to use to add these rules are:
re ia ane
Seudoiptables -A INPUT-p tep = -dport 22 if VEER Bens
$sudoiptables
-A INPUT <p'tep-dport 80-j ACCEPT. ae = igs
- The new options are :
© -p tep : This option matches packets if the protocol being used is TCP. This is a-
connection-based protocol that will be used by most applications because it allows for
reliable communication.
o --dport : This option is available if the -p tep flag is given. It gives a further
requirement of matching the destination port for the matching packet. The first rule
matches for TCP packets destined for port a while the second rule matches TCP
traffic pointed towards port 80.
- There is one more accept rule that we need to ensure that our server can function
correctly. Often, services on the computer communicate with each other by sending |

Scanned by CamScanner
 nt & Sys. Security (MU-Som. 6-Come Lab Manual

network packets to each other. They do this by utiliz Ing 4 pseudo network
ork interface called
the loopback device, which directs traffic b ack to itself rather than to other Computers,
So if one service wants to communicate with another service thatat ig18 | listen
connections on port 4555, it can send a packet to port 4555 of the Leow on
devi Ice. We
aus e it is ess ent ial for the corre ct ¢
want this type of behaviv or to be allowed, bec © COTEct J operation of
many programs.
ACCEPT -
3 -gudoiptables -l INPUT L-ilo-j‘j
SLINPUT 1: The -I flag tells iptables to insert a rule. This is different than the -A ia
which appends a tule to the end. The -I flag takes a chain and the rule position where you
want to insert the new rule.
T chain. This will
In this case, we're adding this rule as the very first rule of the INPU
ntal and
bump the rest of the rules down. We want this at the top because it is fundame
should not be affected by subsequent rules.
is the
ilo : This component of the rule matches if the interface that the packet is using
that
"Io" interface. The "lo" interface is another name for the loopback device. This means
our server, for our
any packet using that interface to communicate (packets generated on
server) should be accepted.
doesn't
To see our current rules, we should use the -S flag. This jis because the -L flag
nt
include some information, like the interface that a rule is tied to ‘which is an importa
¥ eet added :
part of the Tule we
$ sudoiptables -a

Output
SPiNPOT ACCEPT enti

? FORWARD ACCEPT
P OUTPUT ACCEPT
A INPUT -i lo -} ACCEPT
BLISHED -j ACCEPT
“AINPUT -m conntrack ~-ctstate RELATED, ESTA is
|
22 -j ACCEPT
“A INPUT -p tep -m tep ~-dport
“A INPUT: -ptep -mtep —-dport80-j ACCEPT -

Implementing a Drop Rule teria.

ex pl ic it ly ac ce pt pa ck et s based on certainin ¢ cri
rate rules that
— We now have four sepa
r, ou r fi re wa ll cu rr en tl y is not blocking anything.
Howeve

Scanned by CamScanner
ep Crypt. & Sys, Security (MU-Sem. 6-Comp) _L-58 ee Lab Manual

If a packet enters the INPUT chain and doesn't match one of the four rules that we made,
it is being passed to our default policy, which is to accept the packet anyways. We need to
change this.
There are two different ways that we can do this, with some pretty important differences,
The first way we could do this is to modify the default policy of our INPUT chain. We can
do this by typing : i a ta
ce ee ET ee emr i
$sudoiptables-PINPUTDROP.
This will catch any packets that fall through our INPUT chain, and drop them. This is
what we call a default drop policy. One of the implications of this type of a design is that
it falls back on dropping packets if the rules are flushed.
This may be more secure, but also can have serious consequences if you don't have
another way of accessing your server. With DigitalOcean, you.can log in through our web
console to get access to your server if this happens. The web console acts as a virtual local
connection, so iptables‘rules will not affect it. .
You may like your server to automatically drop all connections in the event that the rules
are dumped. This would prevent your server from being left wide open. This also means
that you can easily append rules to the bottom of the chain easily while still dropping
packets as you'd like.
The alternative approach is to keep the default policy for the chain as accept and add a
tule that drops every remaining packet to the bottom of the chain itself.
If you changed the default policy for the INPUT chain above, you can set it back to
follow
along by typing:
SSeS
UT es ACCEPT.”
INPbl
'$ sudoip-Pta oot ST
Now, you can add a rule to the bottom of the chain that will drop any
remaining
packets:
ET PSS
& sudoiptables -A INPUT eee :
jf DROP _ Ese jet SE of ok a eae ae Seitz. SReteae ey Fe +s
BaSADSER Si Shae ee SOE nS a

The result under normal operating conditions is exactly the same as

a default drop policy.
This rule works by matching every remaining packet that reaches
it. This prevents a
packet from ever dropping all of the way through the chain to reach the
default policy.
Basically, this is used to keep the default policy to accept traffic. That way, if there are
any problems and the rules are flushed, you will still be able to access the machine over
the network. This is a way of implementing a default action without altering the policy
that will be applied to an empty chain.

Scanned by CamScanner
Gh cost g Sys. Security (MU-Sem. 6-Comp) _L-59 Lab Manual
of course, this also means that any rule that any additional rule that you wish to add to the
end of the chain will have to be added before the drop rule. You can do this either by
temporarily removing the drop rule :
ea EE a
-}-j ‘DROP TTS
su-adoiptables -D INPUT
_here
gsudoiptables -A INPUT new_rule
§ gudoiptables -A INPUT-jDROP _

_ Or, you can insert rules that you need at the end of the chain (but prior to the drop) by
specifying the line number, To insert Houle
a at ae number 4,+s you could type :
Geudoiptables -TINPUT 4 new rule, here,
gsudoiptables -L -line-numbers_
Output
| Chain INPUT (oie Ane nar amare revere Tamer reet ere nae

ntim targetprot opt source - destination

1 ACCEPT all -- anywhere —_ anywhere
2 ACCEPT all -- anywhere anywhereotstate RELATED,ESTABLISHED 1
3 ACCEPT tcp — anywhere anywheretepdpt:ash +
4 ACCEPT tcp -- anywhere anywheretepdpt:http

Chains FORWARD (policy ACCEPT) >

‘um fargelprot opt source destination E

| pit i
Chain OUTPUT (policy ACCEPT) espe Se

hum targetprot opt source _ destination _ a wee

Saving your (pani Configuration

‘$audo apt-get ‘update

sake

‘$oudo upteget install iptables-persistent

Conclusion
es
Hence we have studied how to configure the firewall using iptabl

Scanned by CamScanner
> Experiment 8 : Set up Snort and study the logs.
Aim : Intrusion detection has become an extremely important feature of the defense-in-depth

a
strategy. Snort is free network intrusion detection software. It can perform protoco]
to detect a variety of attacks and
analysis, content searching/matching, and can be used
, CGI attacks, SMB Probes, Os
probes, such as buffer overflow, stealth port scans
fingerprinting attempts, and much more. The main aim of the experiment is to
implement snort on windows or Linux platform.

Objective

To Study what is snort, Implementation of snort.

Solution :

Theory

Snort is an open source network intrusion prevention and detection system (IDS/IPS)
developed by source fire. Vombining the benefits of signature, protocol, and anomaly-based |
inspection, snort is the most widely deployed IDS/IPS technology worldwide. ‘ |

Hardware and software requirements

— Hardware requirements for this system are dependent upon the size of your network and
volume of traffic. The minimum hardware required is 1 GB RAM, a core processor and at
least 2 GB free space on the hard drive. Snort can be implemented on any Linux platform
or on the latest windows systems.
- There are three main modes in which Snort can be configured: sniffer, packet logger, and
network intrusion detection system.
Sniffer mode simply reads the packets off of the network and displays them for you ina
continuous stream on the console. Packet logger mode logs the packets to
the disk.
Network intrusion detection mode is the most complex and configurable configura
tion,
allowing Snort to analyze network traffic for matches against a user defined
rule set and
performs several actions based upon what it sees.
- Snort's open source network-based intrusion detection system (NIDS) has the
ability to
perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks.
Snort performs protocol analysis, content searching, and content matching, The program
can also be used to detect probes or attacks, including, but not limited to, operating system -
fingerprinting attempts, common gateway interface, buffer overflows, server message
block probes, and stealth port scans.

ar Ree . stl

Scanned by CamScanner
 ot. & Sys. Security (MU-Sem. 6-Comp)
gots _L-61 Lab Manual
LS
Shaina eet,
plementation on windows platform
im

Installing the base Snort system requires two components : The WinPcap packet capture
SL andee ee the following sections we configure and install
poth oWinPcap Snort.

WinPcap
WinPcap (Windows Packet Captur
e Library) is a packet- capture driver. Functionally,
this
means that WinPcap grabs packets from the
network Wire an d pitches them to Snort. WinPcap
is a Windows version of libpcap, which is used for running
Snort with Linux.
Functions

The WinPcap driver performs these functions for Snort :

1. Obtains a list of operational network adapters and retrieves
information about the
adapters.
2. Sniffs packets using one of the adapters that you select,
3. Saves packets to the hard drive (or more importantly for us, pitche
s them to Snort).
Installation

The installation and configuration of WinPcap is explained as below

:
Download the latest installation file from http://winpcap.polito.it
/install/default.htm
The installation file is generally called something like WinPcap_3_0.exe
.
Double-click the executable installation file and follow the prompts.
WinPcap installs itself where it belongs.
Snort calls WinPcap directly, on any of the functions to grab and analyze network packets.
If the driver did not install properly, Snort does not function

snort.org distributes a convenient install package for Windows available at its Web site:

http://www.snort.org/dl/binaries/win32/

Download this package (generally called snort-2_1_0.exe) and perform the following
Steps to install Snort

1. Double-click the executable installation file. The GNU Public License appears.
2. Click the I Agree button. Installation Options window appears.

Scanned by CamScanner
 Lab Manuaj

ey Crypt. & Sys. Security (MU-Sem, 6-Comp) _L-62

riaate te b boxes tO select from amon ;
; log box, click the app rop
3: In the Installation Options dia
these options : to one of the databases listeq
© Ido not plan to log to a database, or I am planning
‘ to logase O rif you are using MySQu
above. Choose this option if you are not using datab ,
or ODBC databases. chose this
ases , and for our example, we
© Snort has built-in support for these datab a
option. button jf
erv er. Only click thisr,radanio J ¥Youpicg
|
o |
need support for logging Microsoft SQL § sstied on this compute
ing toto Microso
ent software ins
you already have SQL Server cli have t
«you
to use MSSQL as your logging database.
i eis os. ve
i optiion on ona Nery
logg ing to orac le. Only cho ose this
o - I need support for
inst alle d on this com put er, and you plan to use racie as your logeing
client software
database server.
window appears.
Click the Next button. The choose components
install and then
In the choose components window, select the components you want to
click the Next button. The install location window appears.
_ - Choose a directory to install to.

Click the Install button.

When the installation is complete, click the Close button. An information window
appears.
Click the OK button.
A new Snort installation requires a few configuration points. Conveniently, one file has all .
the configuration settings required.
Snortpath/etc/snort.conf

When you're ready to configure Snort, open snort.conf in a text editor.

The following configuration options in the snort.conf file are essential to a properly
Functioning Snort installation
1. Network settings 2. Rules settings
3. Output settings 4, Include settings

ail

Scanned by CamScanner
 + & SYS: Security (MU-Sem.6-Comp) L-63
i Gh crypt. Lab Manual
ho

i
AS

|
a st ee ae,

5
hrent// Yow, RNOES orgy SmOFt
Centact: 2.0.0 Ruleset
i

OE Stoners. mer ‘
tdi
!
eucct. conf,v 1. 124 e00so5s16 02182145 Sacer Exp 4
TF =

su ai ey THREES
This Zils comeing a sample ROON TH CoM MAN tuRRKY HbR
Fou con ceke the follow enors costiguration,
ing saya TO oreate
ee

oun DuatOM COn Kiquratiens your

1) Ser the network vary obles for TOL network

2) Contigure Weprocean
org
a) Centagure sutpue plu
4) CuatoMsen your cele gins
ant
Detter RERERIARAHERARARHRREH HES
# Step His dat the neceset Vatiah Le
# i
# You must change the “nllov ; i
B your local
ine verinbles to reflect 4
netwacte,
Tee variable is curcen
8 wetup fer an arc AS46
addcens wperce,
tl¢g |
a a
: Fou cam spegity ry, exp
licitly es:

Implementing snort on a Linux

platform
Download and Extract Snort

1. Download the latest Snort

free version from snort Websit
e, Extract the snort source
code to the es aar ectony as snow melon |
am ny
Bron ere Pot oemetipern 2tee: an See arr tren
; i : t ey
: acre
#ed/ussco

# weet -O enort-2 8, 6.1 tareBe sit: ho

m sooneldomloul16
# tar xvef snort-2.8, 6.1.tar.gz i ; . esi ;
at Rt Sas. dearer AVIAad OEE SEL a re a eee a ree on See
2. Install Snort

Before installing snort, make sure you

faxes dev DaCkAiNs of ltbpcap and lib
pere. _
# eet fly tp. der Rp ar cee Oa Mie a aA,

Installed; 1,0.0-2ubuntul
‘Candidate: 1,0.0-2ubuntul

Scanned by CamScanner
 Lat Mearns i

64
t,& Sys, Securit (MU-Som. 6-Com
Rc

ered-dev
# apt-cache policy libp
libpere3-dlev;
Installed: 7.8-3
; ‘
Candidate: 7.8-3
# cd snort-2.8.6.1
# /configure
# make
# make install
stallation
3, Verlfy the Snort In
to
on as shown below
Verify the installati
# snort --version
~_ -*> Snort! <*- s
/
o" )~ Version 2.8.6.1 (Build 39)
nort/snor t-team
rt Team: hitp://www.enort.oF g/e
™ By Martin Roeschand The Sno |
s etal,
Copyright (C) 1998-2010 Sourcefire, Ine
9-05 2.5 ga caro sse
Using PCRE yersion: 7.8 2008-0
ectory
4. Create the required files and dir

to crea te the con fig ura tio n file, rule file and the log directory.
You have

Create the following directories

pemaai rene nr

‘#mkdirfetclsnot
“# mkdir /ete/snort/rules = |

Create the following snort.conf and icmp.rulesfiles

inchide /etc/snort/rules/icmp.rules |
# cat /ete/snort/rules/icmp.rules
_ Blertiomp any any -> any any (msg:"ICMP Packet"; sid:477; rev:3;)
The above basic rule does alerting when there is an ICMP eds Soins .
Following is the structure of the alert:
<Rule Actions> <Protocol> <Sou rce IP : . to
: Address> <Sourc
;
<Destination IP Address> <Destination> (rule options)
so eRe cpa

Scanned by CamScanner
 4 Security (MU-Sem. &-Comp)
Lab Maney ‘
7 (Hoot t.
$ & Sys. = — ——=—===
L-65
ee ee ————$—= Lab Manual
Table 1: Rule struct
7
ure and example
/ Structure. Example
Rule Actions Alert
j Protocol Iemp
j Sauces IP Address
Any
Source Port Any
‘Direction Operator
>
Destination IP Address
‘Any
Destination Port Any

(tule options) (msg:” ICMP Packet”; sid:47 7; tev:3;)

5... Execute snort

Execute snort from eae ee as mentioned below:

# snort -¢ /ete/anori snort.conf
-1 /war/l a

Try pinging some IP from your

machine, to check our ping rule
of 2a Snort alest forthis ICME rate , Following isis the example

(**] [1:477:3] ICMci

P a cm)
[Priority: 0)
sd 07/27-20:41:57.230345 > I/en: 011 type: 0x200 0:0
pkt type:0x4 proto: 0x800 Jen:0x64
. ek
200.85.231. 102 => 209, 85. 31,104 ICMP
TTL

AlertExplanation
a A couple of lines are added for each ale
rt, which includes the following :
~ Message is printed in the first line.
- Source IP
tor> ~ Destination IP

Scanned by CamScanner
 Type of Packet, an
d header informatio
n,
If you have a di
fferen
t interface for
€xample my ne the network conn
twork interface ection, then us
js Pppo, e -dev -i tion, Ipthis
°0'+« /ete/snort/snort,co a
Execute Snort
as Daemon.
Add -D option *
to run snort \
# snor-Dt -¢ detc/enort
/snoricont l,

O00

Scanned by CamScanner