CCN Guest Lecture Report
CCN Guest Lecture Report
CCN Guest Lecture Report
NAGPUR
Session 2021-2022
Bachelor in Engineering
In Electronics Engineering
By
Nikhil Raut (A-45)
Section A
Batch - 3
Report Title :
1
ENT 451-CCN
CRYPTOGRAPHY
Introduction
Cryptography began with ciphers, the first of which was the Caesar Cipher. Ciphers were a
lot easier to unravel compared to modern cryptographic algorithms, but they both used keys
and plaintext. Though simple, ciphers from the past were the earliest forms of encryption.
Today’s algorithms and cryptosystems are much more advanced. They use multiple rounds
of ciphers and encrypting the ciphertext of messages to ensure the most secure transit and
storage of data. There are also methods of cryptography used now that are irreversible,
maintaining the security of the message forever.
The reason for more advanced cryptography methods is due to the need for data to be
protected more and more securely. Most of the ciphers and algorithms used in the early
days of cryptography have been deciphered, making them useless for data protection.
Today’s algorithms can be deciphered, but it would require years and sometimes decades
to decipher the meaning of just one message. Thus, the race to create newer and more
advanced cryptography techniques continues.
Cryptography is an important aspect when we deal with network security. ‘Crypto’ means secret or
hidden. Cryptography is the science of secret writing with the intention of keeping the data secret.
Cryptanalysis, on the other hand, is the science or sometimes the art of breaking cryptosystems.
These both terms are a subset of what is called as Cryptology.
Types of Cryptography
2
ENT 451-CCN
Secret Key Cryptography, or symmetric cryptography, uses a single key to encrypt data.
Both encryption and decryption in symmetric cryptography use the same key, making this
the easiest form of cryptography. The cryptographic algorithm utilizes the key in a cipher to
encrypt the data, and when the data must be accessed again, a person entrusted with the
secret key can decrypt the data. Secret Key Cryptography can be used on both in-transit
and at-rest data, but is commonly only used on at-rest data, as sending the secret to the
recipient of the message can lead to compromise.
Examples:
● AES
● DES
● Caesar Cipher
3
ENT 451-CCN
YPublic Key Cryptography, or asymmetric cryptography, uses two keys to encrypt data.
One is used for encryption, while the other key can decrypts the message. Unlike symmetric
cryptography, if one key is used to encrypt, that same key cannot decrypt the message,
rather the other key shall be used.
One key is kept private, and is called the “private key”, while the other is shared publicly and
can be used by anyone, hence it is known as the “public key”. The mathematical relation of
the keys is such that the private key cannot be derived from the public key, but the public
key can be derived from the private. The private key should not be distributed and should
remain with the owner only. The public key can be given to any other entity.
Examples:
● ECC
● Diffie-Hellman
● DSS
4
ENT 451-CCN
Hash functions are irreversible, one-way functions which protect the data, at the cost of not
being able to recover the original message. Hashing is a way to transform a given string into
a fixed length string. A good hashing algorithm will produce unique outputs for each input
given. The only way to crack a hash is by trying every input possible, until you get the exact
same hash. A hash can be used for hashing data (such as passwords) and in certificates.
● MD5
● SHA-1
● SHA-2 family which includes SHA-224, SHA-256, SHA-384, and SHA-512
● SHA-3
● Whirlpool
● Blake 2
● Blake 3
Due to numerous protocol and implementation flaws and vulnerabilities, SSL was deprecated for use
on the Internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the
Transport Layer Security (TLS) protocol. While TLS and SSL are not interoperable, TLS is
backwards-compatible with SSL 3.0.
5
ENT 451-CCN
6
ENT 451-CCN
IP security (IPSec)
The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols
between 2 communication points across the IP network that provide data authentication, integrity,
and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The
protocols needed for secure key exchange and key management are defined in it.
Uses of IP Security –
IPsec can be used to do the following things:
Components of IP Security –
It has the following components:
7
ENT 451-CCN
Working of IP Security –
1. The host checks if the packet should be transmitted using IPsec or not. These packet traffic
triggers the security policy for themselves. This is done when the system sending the packet
apply an appropriate encryption. The incoming packets are also checked by the host that
they are encrypted properly or not.
2. Then the IKE Phase 1 starts in which the 2 hosts( using IPsec ) authenticate themselves to
each other to start a secure channel. It has 2 modes. The Main mode which provides the
greater security and the Aggressive mode which enables the host to establish an IPsec
circuit more quickly.
3. The channel created in the last step is then used to securely negotiate the way the IP circuit
will encrypt data across the IP circuit.
4. Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate
the type of cryptographic algorithms to use on the session and agreeing on secret keying
material to be used with those algorithms.
5. Then the data is exchanged across the newly created IPsec encrypted tunnel. These
packets are encrypted and decrypted by the hosts using IPsec SAs.
6. When the communication between the hosts is completed or the session times out then the
IPsec tunnel is terminated by discarding the keys by both the hosts.
IPSec Architecture
IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. These protocols
are ESP (Encapsulation Security Payload) and AH (Authentication Header). IPSec Architecture
include protocols, algorithms, DOI, and Key Management. All these components are very important
in order to provide the three main services:
● Confidentiality
● Authentication
● Integirity
IP Security Architecture:
8
ENT 451-CCN
1. Architecture:
Architecture or IP Security Architecture covers the general concepts, definitions, protocols,
algorithms and security requirements of IP Security technology.
2. ESP Protocol:
ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security
Payload is implemented in either two ways:
● ESP with optional Authentication.
● ESP with Authentication.
Packet Format:
●
●
●
●
●
●
9
ENT 451-CCN
●
●
●
●
●
● Security Parameter Index(SPI):
This parameter is used in Security Association. It is used to give a unique number to the
connection build between Client and Server.
● Sequence Number:
Unique Sequence number are allotted to every packet so that at the receiver side packets
can be arranged properly.
● Payload Data:
Payload data means the actual data or the actual message. The Payload data is in
encrypted format to achieve confidentiality.
● Padding:
Extra bits or space added to the original message in order to ensure confidentiality. Padding
length is the size of the added bits or space in the original message.
● Next Header:
Next header means the next payload or next actual data.
● Authentication Data
This field is optional in ESP protocol packet format.
3. Encryption algorithm:
Encryption algorithm is the document that describes various encryption algorithm used for
Encapsulation Security Payload.
4. AH Protocol:
AH (Authentication Header) Protocol provides both Authentication and Integrity service.
Authentication Header is implemented in one way only: Authentication along with Integrity.
10
ENT 451-CCN
Authentication Header covers the packet format and general issue related to the use of AH for
packet authentication and integrity.
5. Authentication Algorithm:
Authentication Algorithm contains the set of the documents that describe authentication algorithm
used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation):
DOI is the identifier which support both AH and ESP protocols. It contains values needed for
documentation related to each other.
7. Key Management:
Key Management contains the document that describes how the keys are exchanged between
sender and receiver.
11