CCN Guest Lecture Report

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 11

ENT 451-CCN

DEPARTMENT OF ELECTRONICS ENGINEERING

SHRI RAMDEOBABA COLLEGE OF ENGINEERING AND MANAGEMENT,

NAGPUR

Session 2021-2022

ENT451 COMPUTER NETWORKS

Bachelor in Engineering

In Electronics Engineering
By
Nikhil Raut (A-45)
Section A
Batch - 3

Report Title :
1
ENT 451-CCN

CRYPTOGRAPHY

Introduction

Cryptography began with ciphers, the first of which was the Caesar Cipher. Ciphers were a
lot easier to unravel compared to modern cryptographic algorithms, but they both used keys
and plaintext. Though simple, ciphers from the past were the earliest forms of encryption.
Today’s algorithms and cryptosystems are much more advanced. They use multiple rounds
of ciphers and encrypting the ciphertext of messages to ensure the most secure transit and
storage of data. There are also methods of cryptography used now that are irreversible,
maintaining the security of the message forever.

The reason for more advanced cryptography methods is due to the need for data to be
protected more and more securely. Most of the ciphers and algorithms used in the early
days of cryptography have been deciphered, making them useless for data protection.
Today’s algorithms can be deciphered, but it would require years and sometimes decades
to decipher the meaning of just one message. Thus, the race to create newer and more
advanced cryptography techniques continues.

Cryptography is an important aspect when we deal with network security. ‘Crypto’ means secret or
hidden. Cryptography is the science of secret writing with the intention of keeping the data secret.
Cryptanalysis, on the other hand, is the science or sometimes the art of breaking cryptosystems.
These both terms are a subset of what is called as Cryptology.

Types of Cryptography

Cryptography can be broken down into three different types:

2
ENT 451-CCN

● Secret Key Cryptography


● Public Key Cryptography
● Hash Functions

Secret Key Cryptography, or symmetric cryptography, uses a single key to encrypt data.
Both encryption and decryption in symmetric cryptography use the same key, making this
the easiest form of cryptography. The cryptographic algorithm utilizes the key in a cipher to
encrypt the data, and when the data must be accessed again, a person entrusted with the
secret key can decrypt the data. Secret Key Cryptography can be used on both in-transit
and at-rest data, but is commonly only used on at-rest data, as sending the secret to the
recipient of the message can lead to compromise.

Examples:

● AES
● DES
● Caesar Cipher

3
ENT 451-CCN

YPublic Key Cryptography, or asymmetric cryptography, uses two keys to encrypt data.
One is used for encryption, while the other key can decrypts the message. Unlike symmetric
cryptography, if one key is used to encrypt, that same key cannot decrypt the message,
rather the other key shall be used.

One key is kept private, and is called the “private key”, while the other is shared publicly and
can be used by anyone, hence it is known as the “public key”. The mathematical relation of
the keys is such that the private key cannot be derived from the public key, but the public
key can be derived from the private. The private key should not be distributed and should
remain with the owner only. The public key can be given to any other entity.

Examples:

● ECC
● Diffie-Hellman
● DSS

4
ENT 451-CCN

Hash functions are irreversible, one-way functions which protect the data, at the cost of not
being able to recover the original message. Hashing is a way to transform a given string into
a fixed length string. A good hashing algorithm will produce unique outputs for each input
given. The only way to crack a hash is by trying every input possible, until you get the exact
same hash. A hash can be used for hashing data (such as passwords) and in certificates.

Some of the most famous hashing algorithms are:

● MD5
● SHA-1
● SHA-2 family which includes SHA-224, SHA-256, SHA-384, and SHA-512
● SHA-3
● Whirlpool
● Blake 2
● Blake 3

What is SSL and how does it work?


Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between
network application clients and servers over an insecure network, such as the Internet. SSL
establishes a secure link between a web server and browser to transmit data. To encrypt data, SSL
uses two different keys: a public key and a private key. The public key is put into a file that contains
your details called a certificate signing request (CSR). Next, the certification authority validates your
details and gives you an SSL certificate. This allows you to use SSL. Your web server then matches
your SSL certificate to your private key. This allows your web server to create an encrypted link
between the website and your web browser. SSL is especially important for websites where users
enter confidential information, such as addresses and credit card numbers. URLs that use an SSL
connection begin with https rather than http.

Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use
on the Internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the
Transport Layer Security (TLS) protocol. While TLS and SSL are not interoperable, TLS is
backwards-compatible with SSL 3.0.

5
ENT 451-CCN

Why is SSL important?


The primary reason why SSL is used is to keep sensitive information sent across the Internet
encrypted so that only the intended recipient can access it. This is important because the information
you send on the Internet is passed from computer to computer to get to the destination server. Any
computer in between you and the server can see your credit card numbers, usernames and
passwords, and other sensitive information if it is not encrypted with an SSL certificate.

6
ENT 451-CCN

IP security (IPSec)

The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols
between 2 communication points across the IP network that provide data authentication, integrity,
and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The
protocols needed for secure key exchange and key management are defined in it.

Uses of IP Security –
IPsec can be used to do the following things:

● To encrypt application layer data.


● To provide security for routers sending routing data across the public internet.
● To provide authentication without encryption, like to authenticate that the data originates
from a known sender.
● To protect network data by setting up circuits using IPsec tunneling in which all data is being
sent between the two endpoints is encrypted, as with a Virtual Private Network(VPN)
connection.

Components of IP Security –
It has the following components:

1. Encapsulating Security Payload (ESP) –


It provides data integrity, encryption, authentication and anti replay. It also provides
authentication for payload.
2. Authentication Header (AH) –
It also provides data integrity, authentication and anti replay and it does not provide
encryption. The anti replay protection, protects against unauthorized transmission of packets.
It does not protect data’s confidentiality.

7
ENT 451-CCN

Working of IP Security –

1. The host checks if the packet should be transmitted using IPsec or not. These packet traffic
triggers the security policy for themselves. This is done when the system sending the packet
apply an appropriate encryption. The incoming packets are also checked by the host that
they are encrypted properly or not.
2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to
each other to start a secure channel. It has 2 modes. The Main mode which provides the
greater security and the Aggressive mode which enables the host to establish an IPsec
circuit more quickly.
3. The channel created in the last step is then used to securely negotiate the way the IP circuit
will encrypt data across the IP circuit.
4. Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate
the type of cryptographic algorithms to use on the session and agreeing on secret keying
material to be used with those algorithms.
5. Then the data is exchanged across the newly created IPsec encrypted tunnel. These
packets are encrypted and decrypted by the hosts using IPsec SAs.
6. When the communication between the hosts is completed or the session times out then the
IPsec tunnel is terminated by discarding the keys by both the hosts.

IPSec Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols
are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture
include protocols, algorithms, DOI, and Key Management. All these components are very important
in order to provide the three main services:
● Confidentiality
● Authentication
● Integirity

IP Security Architecture:

8
ENT 451-CCN

1. Architecture:
Architecture or IP Security Architecture covers the general concepts, definitions, protocols,
algorithms and security requirements of IP Security technology.
2. ESP Protocol:
ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security
Payload is implemented in either two ways:
● ESP with optional Authentication.
● ESP with Authentication.
Packet Format:






9
ENT 451-CCN






● Security Parameter Index(SPI):
This parameter is used in Security Association. It is used to give a unique number to the
connection build between Client and Server.
● Sequence Number:
Unique Sequence number are allotted to every packet so that at the receiver side packets
can be arranged properly.
● Payload Data:
Payload data means the actual data or the actual message. The Payload data is in
encrypted format to achieve confidentiality.
● Padding:
Extra bits or space added to the original message in order to ensure confidentiality. Padding
length is the size of the added bits or space in the original message.

● Next Header:
Next header means the next payload or next actual data.
● Authentication Data
This field is optional in ESP protocol packet format.

3. Encryption algorithm:
Encryption algorithm is the document that describes various encryption algorithm used for
Encapsulation Security Payload.
4. AH Protocol:
AH (Authentication Header) Protocol provides both Authentication and Integrity service.
Authentication Header is implemented in one way only: Authentication along with Integrity.

10
ENT 451-CCN

Authentication Header covers the packet format and general issue related to the use of AH for
packet authentication and integrity.
5. Authentication Algorithm:
Authentication Algorithm contains the set of the documents that describe authentication algorithm
used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation):
DOI is the identifier which support both AH and ESP protocols. It contains values needed for
documentation related to each other.
7. Key Management:
Key Management contains the document that describes how the keys are exchanged between
sender and receiver.

11

You might also like