MODULE 1

Two main requirements are needed for secure use of conventional encryption:

Cryptography -
A cipher is a secret method of writing, as by code. Cryptography, in a very broad sense, is the
study of techniques related to aspects of information security. Hence cryptography is
concerned with the writing (ciphering or encoding) and deciphering (decoding) of messages
in secret code.
(i). A strong encryption algorithm is needed. It is desirable that the algorithm should be in
such a way that, even the attacker who knows the algorithm and has access to one or more
cipher texts would be unable to decipher the ciphertext or figure out the key.
(ii).The secret key must be distributed among the sender and receiver in a very secured
way. If in any way the key is discovered and with the knowledge of algorithm, all
communication using this key is readable.

Cryptographic systems are classified along three independent dimensions:

1. The type of operations used for performing plaintext to ciphertext All the Conventional Encryption Algorithms -
encryption algorithms make use of two general principles; substitution and transposition through
which plaintext elements are rearranged. Important thing is that no information should be lost.

2. The number of keys used Conventional Encryption involves transforming plaintext messages into ciphertext messages
If single key is used by both sender and receiver, it is called symmetric, single-key, secret-key or
conventional encryption. If sender and receiver each use a different key, then it is called asymmetric, that are to be decrypted only by the intended receiver. Both sender and receiver agree upon
two-key or public-key encryption. a secrete key to be used in encrypting and decrypting. Usually the secrete key is transmitted
via public key encryption methods.
3. The way in which plaintext is processed
A block cipher process the input as blocks of elements and generated an output block for each input
block. Stream cipher processes the input elements continuously, producing output one element at a
time as it goes along.

Conventional Encryption principles - In conventional encryption, it is assumed that it is mathematically impossible to derive the
plaintext from the ciphertext without the key. Therefore, it is essential that the key remains
A Symmetric encryption scheme has five ingredients
secret.
1. Plain Text: This is the original message or data which is fed into the algorithm as input.

Location of Encryption Devices -

2. Encryption Algorithm: This encryption algorithm performs various substitutions and
transformations on the plain text.

3. Secret Key: The key is another input to the algorithm. The substitutions and
transformations performed by algorithm depend on the key.
4. Cipher Text: This is the scrambled (unreadable) message which is output of the encryption
algorithm. This cipher text is dependent on plaintext and secret key. For a given plaintext, two
different keys produce two different cipher texts.
5. Decryption Algorithm: This is the reverse of encryption algorithm. It takes the cipher text and
secret key as inputs and outputs the plain text.
The most powerful and most common approach to countering the threats is encryption. If
encryption is used to counter these threats, then we need to decide what to encrypt and
where the encryption gear should be located. There are two fundamental alternatives link
encryption and end to end encryption.
With link encryption, each vulnerable communications link is equipped on both ends with an
encryption device. Thus, all traffic over all communications links is secured. Although this
requires a lot of encryption devices in a larger network, the value of this approach is clear.
One disadvantage of the approach is that the message must be decrypted each time it
enters a packet switch; description is necessary because the switch must read the address
in the packet header to route the packet. Thus, the message is vulnerable at each switch. If
it is a public packet-switching network, the user has no control over the security of the
nodes.
With end to end encryption, the encryption process is carried out at the two end systems. transmitted unaltered across the network to the destination terminal, or host. The destination shares a key
The source host or terminal encrypts the data. The data is encrypted form are then with the source and so is able to decrypt the data. This approach would seem to secure the transmission
against attacks on the network links or switches.

A connects to a packet switching network to transfer end-end encrypted message to the host at the other end, and
sets up a virtual circuit to the host. Data is transmitted through the network in the form of packets that consist of a
header and some user data. If the host at the other end tries to decrypt the entire packet, it is not possible as only the
host can perform the decryption. The packet switching node will receive an encrypted packet and be unable to read
the header. Therefore, it will not be able to route the packet. It follows that the host may encrypt only that portion of
the packet containing the user data and must leave the header in the clear so that it can be read by the network.

Key Distribution -
In symmetric key cryptography, both parties must possess a secret key which they must exchange prior to using any
encryption. Distribution of secret keys has been problematic until recently, because it involved face-to-face meeting,
use of a trusted courier, or sending the key through an existing encryption channel. The first two are often
impractical and always unsafe, while the third depends on the security of a previous key exchange.

In public key cryptography, the key distribution of public keys is done through public key servers. When a person creates
a key-pair, they keep one key private and the other, known as the public- key, is uploaded to a server where it can be
accessed by anyone to send the user a private, encrypted, message...

Secure Sockets Layer (SSL) uses Diffie–Hellman key exchange if the client does not have a public-private key pair and a
published certificate in the public key infrastructure, and Public Key Cryptography if the user does have both the keys
and the credential.

Key distribution is an important issue in wireless sensor network (WSN) design. There are many key distribution
schemes in the literature that are designed to maintain an easy and at the same time secure communication among
sensor nodes. The most accepted method of key distribution in WSNs is key predistribution, where secret keys are
placed in sensor nodes before deployment. When the nodes are deployed over the target area, the secret keys are
used to create the network.
MODULE 2:
Approaches to Message Authentication
[Message Authentication Code] (MAC) –
MAC algorithm is a symmetric key cryptographic technique to provide message
authentication. For establishing MAC process, the sender and receiver share a symmetric
key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is
sent along with a message to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration −
Let us now try to understand the entire process in detail −
• The sender uses some publicly known MAC algorithm, inputs the message and the secret key
K and produces a MAC value.
• Similar to hash, MAC function also compresses an arbitrary long input into a fixed length
output. The major difference between hash and MAC is that MAC uses secret key during the
compression.
• The sender forwards the message along with the MAC. Here, we assume that the message is
sent in the clear, as we are concerned of providing message origin authentication, not
confidentiality. If confidentiality is required then the message needs encryption.
• On receipt of the message and the MAC, the receiver feeds the received message and the
shared secret key K into the MAC algorithm and re-computes the MAC value.
• The receiver now checks equality of freshly computed MAC with the MAC received from the
sender. If they match, then the receiver accepts the message and assures himself that the
message has been sent by the intended sender.
• If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.
Limitations of MAC
There are two major limitations of MAC, both due to its symmetric nature of operation −
• Establishment of Shared Secret.
o It can provide message authentication among pre-decided legitimate users who have
shared key.
o This requires establishment of shared secret prior to use of MAC.
• Inability to Provide Non-Repudiation
o Non-repudiation is the assurance that a message originator cannot deny any
previously sent messages and commitments or actions.
o MAC technique does not provide a non-repudiation service. If the sender and receiver
get involved in a dispute over message origination, MACs cannot provide a proof that
a message was indeed sent by the sender.
o Though no third party can compute the MAC, still sender could deny having sent the
message and claim that the receiver forged it, as it is impossible to determine which
of the two parties computed the MAC.
SHA-1 -
SHA-1 or Secure Hash Algorithm 1 is a cryptographic hash function which takes an input and
produces a 160-bit (20-byte) hash value. This hash value is known as a message digest. This
message digest is usually then rendered as a hexadecimal number which is 40 digits long. It
is a U.S. Federal Information Processing Standard and was designed by the United States
National Security Agency.
SHA-1 is now considered insecure since 2005. Major tech giants browsers like Microsoft,
Google, Apple and Mozilla have stopped accepting SHA-1 SSL certificates by 2017.
To calculate cryptographic hashing value in Java, MessageDigest Class is used, under the package
java.security.
MessagDigest Class provides following cryptographic hash function to find hash value of a
text as follows:
MD2
MD5
SHA-1
SHA-224
SHA-256
SHA-384
SHA-512
These algorithms are initialized in static method called getInstance(). After selecting the algorithm the
This representation is then converted into a hexadecimal format to get the expected
MessageDigest.

SHA1 -
It stands for Secure Hash Algorithm.
It can have 160 bits as length of the message digest.
Its speed is slow in comparison to MD5.
To understand the initial message, the aggressor would require 2^160 operations.
It is more complex in comparison to MD5.
It provides a decent amount of security.
The assailant would need to perform 2^80 operations which is greater than MD5.
It was presented in 1995.

MD5 -
It stands for Message Digest.
It can have 128 bits as length of the message digest.
Its speed is fast in comparison to SHA1.
To understand the initial message, the aggressor would require 2^128 operations.
It is simple.
It doesn’t provide good security.
If the assailant requires to look for 2 messages that have identical message digest,
then the assailant would have to perform 2^64 operations.
MD5 was presented in 1992.

Public key cryptography Principles –

Different keys are used for encryption and decryption. This is a property which set this
scheme different than symmetric encryption scheme.
Each receiver possesses a unique decryption key, generally referred to as his private
key.
Receiver needs to publish an encryption key, referred to as his public key. Some assurance of the authenticity of a public key is needed in this scheme to avoid
spoofing by adversary as the receiver. Generally, this type of cryptosystem involves
trusted third party which certifies that a particular public key belongs to a specific
person or entity only.
Encryption algorithm is complex enough to prohibit attacker from deducing the
plaintext from the ciphertext and the encryption (public) key.
Though private and public keys are related mathematically, it is not be feasible to
calculate the private key from the public key. In fact, intelligent part of any public-key
cryptosystem is in designing a relationship between two keys.

RSA –
RSA algorithm is a public key encryption technique and is considered as the most secure
way of encryption. It was invented by Rivest, Shamir and Adleman in year 1978 and hence
name RSA algorithm.

Algorithm

The RSA algorithm holds the following features −

• RSA algorithm is a popular exponentiation in a finite field over integers including prime
numbers.
• The integers used by this method are sufficiently large making it difficult to solve.
• There are two sets of keys in this algorithm: private key and public key. You
will have to go through the following steps to work on RSA algorithm − Step 1:
Generate the RSA modulus
The initial procedure begins with selection of two prime numbers namely p and q, and then
calculating their product N, as shown −
N=p*q
Here, let N be the specified large number.
Step 2: Derived Number (e)
Consider number e as a derived number which should be greater than 1 and less than (p-1)
and (q-1). The primary condition will be that there should be no common factor of (p-1) and
(q-1) except 1
Step 3: Public key
The specified pair of numbers n and e forms the RSA public key and it is made public.
Step 4: Private Key
Private Key d is calculated from the numbers p, q and e. The mathematical relationship
between the numbers is as follows −
ed = 1 mod (p-1) (q-1)
The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and
q as the input parameters.
 Key Management -
ENCRYPTION ALGORITHTM
It goes without saying that the security of any cryptosystem depends upon how securely its
keys are managed. Without secure procedures for the handling of cryptographic keys, the
Consider a sender who sends the plain text message to someone whose public key is
benefits of the use of strong cryptographic schemes are potentially lost.
(n,e). To encrypt the plain text message in the given scenario, use the following syntax −
It is observed that cryptographic schemes are rarely compromised through weaknesses in
C = Pe mod n their design. However, they are often compromised through poor key management.
There are some important aspects of key management which are as follows −
Decryption Formula Cryptographic keys are nothing but special pieces of data. Key management refers to
the secure administration of cryptographic keys.
The decryption process is very straightforward and includes analytics for calculation in a Key management deals with entire key lifecycle as depicted in the following illustration
systematic approach. Considering receiver C has the private key d, the result modulus will be −
calculated as −
Plaintext = Cd mod n

Digital Signatures –
Digital signatures are the public-key primitives of message authentication. In the physical
world, it is common to use handwritten signatures on handwritten or typed messages. They
are used to bind signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This
binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key
known only by the signer.
In real world, the receiver of message needs assurance that the message belongs to the
sender and he should not be able to repudiate the origination of that message. This
requirement is very crucial in business applications, since likelihood of a dispute over
exchanged data is very high.

Importance of Digital Signature -
Message authentication − When the verifier validates the digital signature using
public key of a sender, he is assured that signature has been created only by sender
who possess the corresponding secret private key and no one else.
Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny
the message assuming that data integrity has been breached.
Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver
can present data and the digital signature to a third party as evidence if any dispute
arises in the future.
There are two specific requirements of key management for public key cryptography.
o Secrecy of private keys. Throughout the key lifecycle, secret keys must remain secret
from all parties except those who are owner and are authorized to use them.
o Assurance of public keys. In public key cryptography, the public keys are in open
domain and seen as public pieces of data. By default, there are no assurances of
whether a public key is correct, with whom it can be associated, or what it can be used
for. Thus, key management of public keys needs to focus much more explicitly on
assurance of purpose of public keys.
The most crucial requirement of ‘assurance of public key’ can be achieved through the
public-key infrastructure (PKI), a key management system for supporting public- key
cryptography.
 • Step-1:
MODULE 3 User logon and request services on host. Thus, user request for ticket-
granting-service.
Kerberos Motivation • Step-2:
Kerberos provides a centralized authentication server whose function is to Authentication Server verifies user’s access right using database and
then gives ticket-granting-ticket and session key. Results are
authenticate users to servers and servers to users. In Kerberos Authentication server
encrypted using Password of user.
and database is used for client authentication. Kerberos runs as a third-party trusted
server known as the Key Distribution Center (KDC). Each user and service on the • Step-3:
network is a principal. Decryption of message is done using the password then send the
The main components of Kerberos are: ticket to Ticket Granting Server. The Ticket contain authenticators like
• Authentication Server (AS): user name and network address.
The Authentication Server performs the initial authentication and ticket for
Ticket Granting Service. • Step-4:
• Database: Ticket Granting Server decrypts the ticket send by User and
The Authentication Server verifies access rights of users in database. authenticator verifies the request then creates the ticket for requesting
services from the Server.
• Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
• Step-5:
User send the Ticket and Authenticator to the Server.
Kerberos Overview:
• Step-6:
Server verifies the Ticket and authenticators then generate the access
to the service. After this User can access the services.

Kerberos Version 4:
1. Kerberos Version 4
Kerberos version 4 is an update of the Kerberos software that is a
computer-network authentication system. Kerberos version 4 is a web-
based authentication software which is used for authentication of user’s
information while logging into the system by DES technique for
encryption. It was launched in late 1980s.

2. Kerberos Version 5
Kerberos version 5 is a later version of the Kerberos software came after
Kerberos version 4, developed for enhancing security in the
authentication. Kerberos version 5 provides a single authentication
service in a network which is distributed over an enterprise. It was
launched in the year 1993.
 the digital signature uses one hash function, one secret key, and two private-public key
Difference between Kerberos Version 4 and Kerberos Version 5
pairs.
o PGP is an open source and freely available software package for email security.
Kerberos Version 4 Kerberos Version 5
o PGP provides authentication through the use of Digital Signature.
Kerberos version 4 was launched in Kerberos version 5 was launched in o It provides confidentiality through the use of symmetric block encryption.
1. late 1980s. 1993.
o It provides compression by using the ZIP algorithm, and EMAIL compatibility using the
radix-64 encoding scheme.
It provides ticket support with extra
facilities for forwarding, renewing
2. It provides ticket support. and postdating tickets.
Following are the steps taken by PGP to create secure e-mail
at the sender site:
Kerberos version 4 works on the o The e-mail message is hashed by using a hashing function to create a digest.
Receiver-makes-Right encoding Kerberos version 5 works on the o The digest is then encrypted to form a signed digest by using the sender's private key, and
3. system. ASN.1 encoding system.
then signed digest is added to the original email message.
o The original message and signed digest are encrypted by using a one-time secret key
It does not support transitive cross- It supports transitive cross-realm
4. realm authentication. authentication. created by the sender.
o The secret key is encrypted by using a receiver's public key.
It uses any encryption techniques o Both the encrypted secret key and the encrypted combination of message and digest are
It uses Data Encryption Standard as the cipher text is tagged with an
sent together.
5. technique for encryption. encryption identifier.

In Kerberos version 4, the ticket In Kerberos version 5, the ticket

lifetime has to be specified in units lifetime is specified with the
6. for a lifetime of 5 minutes. freedom of arbitrary time. PGP at the Sender site (A)

PGP
o PGP stands for Pretty Good Privacy (PGP) which is invented by Phil Zimmermann.
o PGP was designed to provide all four aspects of security, i.e., privacy, integrity,
authentication, and non-repudiation in the sending of email.
o PGP uses a digital signature (a combination of hashing and public key encryption) to
provide integrity, authentication, and non-repudiation. PGP uses a combination of secret
key encryption and public key encryption to provide privacy. Therefore, we can say that
Following are the steps taken to show how PGP uses hashing
and a combination of three keys to generate the original
message:
o The receiver receives the combination of encrypted secret key and message digest is
received.
o The encrypted secret key is decrypted by using the receiver's private key to get the one-
time secret key.
o The secret key is then used to decrypt the combination of message and digest.
o The digest is decrypted by using the sender's public key, and the original message is
hashed by using a hash function to create a digest.
o Both the digests are compared if both of them are equal means that all the aspects of
security are preserved.
PGP at the Receiver site (B)
Disadvantages of PGP Encryption
o The Administration is difficult: The different versions of PGP complicate the
administration.
o Compatibility issues: Both the sender and the receiver must have compatible versions of
PGP. For example, if you encrypt an email by using PGP with one of the encryption
technique, the receiver has a different version of PGP which cannot read the data.
o Complexity: PGP is a complex technique. Other security schemes use symmetric
encryption that uses one key or asymmetric encryption that uses two different keys. PGP
uses a hybrid approach that implements symmetric encryption with two keys. PGP is more
complex, and it is less familiar than the traditional symmetric or asymmetric methods.
o No Recovery: Computer administrators face the problems of losing their passwords. In
such situations, an administrator should use a special program to retrieve passwords. For
example, a technician has physical access to a PC which can be used to retrieve a password.
However, PGP does not offer such a special program for recovery; encryption methods are
very strong so, it does not retrieve the forgotten passwords results in lost messages or lost
files.
Operational Description of PGP
Introduction: - PGP provides five services: authentication, confidentiality, compression,
e-mail compatibility, and segmentation.
Summary of PGP Services
Authentication
In PGP, each symmetric key is used only once. That is, a new key is generated as a
random 128-bit number for each message. This is referred to in the documentation as a
session key; it is in reality a one-time key. Because it is to be used only once, the session
key is bound to the message and transmitted with it. To protect the key, it is encrypted
with the receiver's public key. The sequence is described as follows:
1. The sender generates a message and a random 128-bit number to be used as a
session key for this message only.
2. The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key.
3. The session key is encrypted with RSA, using the recipient's public key, and is
prepended to the message.
4. The receiver uses RSA with its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message.
Confidentiality
Another basic service provided by PGP is confidentiality, which is provided by encrypting
messages to be transmitted or to be stored locally as files. In both cases, the symmetric
encryption algorithm CAST-128 may be used. Alternatively, IDEA or 3DES may be used.
The 64-bit cipher feedback (CFB) mode is used.
1. The sender generates a message and a random 128-bit number to be used as a
session key for this message only.
2. The message is encrypted, using CAST-128 (or IDEA or 3DES) with the session key.
3. The session key is encrypted with RSA, using the recipient's public key, and is
prepended to the message.
4. The receiver uses RSA with its private key to decrypt and recover the session key.
5. The session key is used to decrypt the message.
Compression
PGP compresses the message after applying the signature but before encryption. This
has the benefit of saving space both for e-mail transmission and for file storage.
The signature is generated before compression for two reasons:
1. It is preferable to sign an uncompressed message so that one can store only the
uncompressed message together with the signature for future verification. If one signed
a compressed document, then it would be necessary either to store a compressed version
of the message for later verification or to recompress the message when verification is
required.
2. Message encryption is applied after compression to strengthen cryptographic security.
Because the compressed message has less redundancy than the original plaintext,
cryptanalysis is more difficult.
The compression algorithm used is ZIP.
E-mail Compatibility
When PGP is used, at least part of the block to be transmitted is encrypted. If only the
signature service is used, then the message digest is encrypted. If the confidentiality
service is used, the message plus signature are encrypted. Thus, part or all of the
resulting block consists of a stream of arbitrary 8-bit octets. However, many electronic
mail systems only permit the use of blocks consisting of ASCII text. To accommodate this
restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream
of printable ASCII characters.

The scheme used for this purpose is radix-64 conversion. Each group of three octets of
binary data is mapped into four ASCII characters.

Segmentation and Reassembly

E-mail facilities often are restricted to a maximum message length. For example, many
of the facilities accessible through the Internet impose a maximum length of 50,000
octets. Any message longer than that must be broken up into smaller segments, each of
which is mailed separately. To accommodate this restriction, PGP automatically
subdivides a message that is too large into segments that are small enough to send via
e-mail. The segmentation is done after all of the other processing, including the radix-64
conversion. Thus, the session key component and signature component appear only
once, at the beginning of the first segment. At the receiving end, PGP must strip off all e-
mail headers and reassemble the entire original block.

Applications of IPsec: -
MODULE 4
IPsec provides the capability to secure communications across a LAN, across private
and public WANs, and across the Internet. Examples are: -

• Secure branch office connectivity over the Internet: A company can build a secure
virtual private network over the Internet or over a public WAN. This enables a
IP SECURITY OVERVIEW business to rely heavily on the Internet and reduce its need for private networks,
saving costs and network management overhead.
Introduction: - IAB included authentication and encryption as necessary security
features in the next-generation IP, which has been issued as IPv6. Fortunately, these
• Secure remote access over the Internet: An end user whose system is equipped
security capabilities were designed to be usable both with the current IPv4 and the future
IPv6. This means that vendors can begin offering these features now, and many vendors with IP security protocols can make a local call to an Internet service provider (ISP)
do now have some IPsec capability in their products. and gain secure access to a company network. This reduces the cost of toll charges
for traveling employees and telecommuters.
 • Establishing extranet and intranet connectivity with partners: IPsec can be used
to secure communication with other organizations, ensuring authentication and
confidentiality and providing a key exchange mechanism.

• Enhancing electronic commerce security: Even though some Web and electronic
commerce applications have built-in security protocols, the use of IPsec enhances that
security.

Benefits of IPsec

• When IPsec is implemented in a firewall or router, it provides strong security that can
be applied to all traffic crossing the perimeter. Traffic within a company or workgroup
does not incur the overhead of security-related processing.
• IPsec in a firewall is resistant to bypass if all traffic from the outside must use IP, and
the firewall is the only means of entrance from the Internet into the organization.
• IPsec is below the transport layer (TCP, UDP) and so is transparent to applications.
There is no need to change software on a user or server system when IPsec is
Architecture: Covers the general concepts, security requirements, definitions, and
implemented in the firewall or router. Even if IPsec is implemented in end systems, mechanisms defining IP Sec technology.
upper-layer software, including applications, is not affected.
Encapsulating Security Payload (ESP): Covers the packet format and general issues
• IPsec can be transparent to end users. There is no need to train users on security related to the use of the ESP for packet encryption and, optionally, authentication.
mechanisms, issue keying material on a per-user basis, or revoke keying material
Authentication Header (AH): Covers the packet format and general issues related to
when users leave the organization. the use of AH for packet authentication.
• IPsec can provide security for individual users if needed. This is useful for offsite
Encryption Algorithm: A set of documents that describe how various encryption
workers and for setting up a secure virtual sub network within an organization for
algorithms are used for ESP.
sensitive applications.
Authentication Algorithm: A set of documents that describe how various authentication
In addition to supporting end users and protecting premises systems and networks, IPsec can algorithms are used for AH and for the authentication option of ESP.
play a vital role in the routing architecture required for internetworking.
Key Management: Documents that describe key management schemes.
IP Security Architecture
Domain of Interpretation (DOI): Contains values needed for the other documents to
Introduction:- The IPsec specification consists of numerous documents. The most relate to each other. These include identifiers for approved encryption and authentication
important of these, issued in November of 1998, are RFCs 2401, 2402, 2406, and 2408 algorithms, as well as operational parameters such as key lifetime.
describing overview of architecture, packet authentication, packet encryption and key
management respectively. In addition to these four RFCs, a number of additional drafts Services are: -Access control; Connectionless integrity, Data origin authentication,
have been published by the IP Security Protocol Working Group set up by the IETF. The Rejection of replayed packets (a form of partial sequence integrity), Confidentiality
documents are divided into seven groups, as in figure- (encryption), Limited traffic flow confidentiality.

Authentication Header
Introduction:- The Authentication Header provides support for data integrity and
authentication of IP packets. The data integrity feature ensures that undetected
modification to a packet's content in transit is not possible. The authentication feature
enables an end system or network device to authenticate the user or application and filter
traffic accordingly; it also prevents the address spoofing attacks observed in today's
Internet.The AH also guards against the replay attack.
Authentication is based on the use of a message authentication code (MAC), with sharing
of a secret key.
The Authentication Header consists of the following fields:-
Next Header (8 bits): Identifies the type of header immediately following this header.
Payload Length (8 bits): Length of Authentication Header in 32-bit words, minus 2. For
example, the default length of the authentication data field is 96 bits, or three 32-bit words.
With a three-word fixed header, there are a total of six words in the header, and the
Payload Length field has a value of 4.
Reserved (16 bits): For future use.
Security Parameters Index (32 bits): Identifies a security association.
Sequence Number (32 bits): A monotonically increasing counter value.
Authentication Data (variable): A variable-length field (must be an integral number of
32-bit words) that contains the Integrity Check Value (ICV), or MAC, for this packet.
Here is the pictorial representation of IP Sec Authentication Header: -
Anti-Replay Service: A replay attack is one in which an attacker obtains a copy of an
authenticated packet and later transmits it to the intended destination. The receipt of
duplicate, authenticated IP packets may disrupt service in some way or may have some
other undesired consequence. The Sequence Number field is designed to thwart such
attacks.
Web Security
Introduction: - World Wide Web is fundamentally a client/server application running over
the Internet and TCP/IP intranets. The Web presents new challenges not generally
appreciated in the context of computer and network security:
• The Internet is two way. Unlike traditional publishing environments, even electronic
publishing systems involving Teledex, voice response, or fax-back, the Web is
vulnerable to attacks on the Web servers over the Internet.
• The Web is increasingly serving as a highly visible outlet for corporate and product
information and as the platform for transactions. Reputations can be damaged.
• Although Web browsers are very easy to use, Web servers are relatively easy to
configure and manage, and Web content is increasingly easy to develop, the
underlying software is extraordinarily complex. This complex software may hide many
potential security flaws. The short history of the Web is filled with examples of new
and upgraded systems, properly installed, that are vulnerable to a variety of security
attacks.
• A Web server can be exploited as a launching pad into the corporation's or agency's
entire computer complex. Once the Web server is subverted, an attacker may be able
to gain access to data and systems not part of the Web itself but connected to the
server at the local site.
• Casual and untrained (in security matters) users are common clients for Web-based
services. Such users are not necessarily aware of the security risks that exist and do
not have the tools or knowledge to take effective countermeasures.
 Web Traffic Security Approaches

Description:-A number of approaches to provide Web security are possible. The various
approaches that have been considered are similar in the services they provide and, to
some extent, in the mechanisms that they use, but they differ with respect to their scope
of applicability and their relative location within the TCP/IP protocol stack.

One way to provide Web security is to use IP Security. The advantage of using IPsec is
that it is transparent to end users and applications and provides a general-purpose
solution. Further, IPsec includes a filtering capability so that only selected traffic need
incur the overhead of IPsec processing.

Location of Security Facilities in the TCP/IP Protocol Stack

Another relatively general-purpose solution is to implement security just above TCP. The
foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-on
Internet standard known as Transport Layer Security (TLS). At this level, there are two
implementation choices. For full generality, SSL (or TLS) could be provided as part of the
underlying protocol suite and therefore be transparent to applications. Alternatively, SSL
can be embedded in specific packages. For example, Netscape and Microsoft Explorer
browsers come equipped with SSL, and most Web servers have implemented the
protocol.

Web Security Threats: One way to group these threats is in terms of passive and active
attacks. Passive attacks include eavesdropping on network traffic between browser and
server and gaining access to information on a Web site that is supposed to be restricted.
Active attacks include impersonating another user, altering messages in transit between Secure Socket Layer and Architecture
client and server, and altering information on a Web site.
Introduction:-SSL is a two layered protocol which was designed to make use of TCP to
Another way to classify Web security threats is in terms of the location of the threat: Web
provide a reliable end-to-end secure service. Two important SSL concepts are the SSL
server, Web browser, and network traffic between browser and server. Issues of server
session and the SSL connection, which are defined in the specification as follows:
and browser security fall into the category of computer system security.
 A connection state is defined by the following parameters:

• Server and client random: Byte sequences that are chosen by the server and client for
each connection.
• Server write MAC secret: The secret key used in MAC operations on data sent by the
server.
• Client write MAC secret: The secret key used in MAC operations on data sent by the
client.
• Server write key: The conventional encryption key for data encrypted by the server and

• Connection: A connection is a transport that provides a suitable type of service. For decrypted by the client.

SSL, such connections are peer-to-peer relationships. The connections are transient. • Client write key: The conventional encryption key for data encrypted by the client and

Every connection is associated with one session. decrypted by the server.

• Session :An SSL session is an association between a client and a server. Sessions are • Initialization vectors: When a block cipher in CBC mode is used, an initialization vector

created by the Handshake Protocol. Sessions define a set of cryptographic security (IV) is maintained for each key. This field is first initialized by the SSL Handshake

parameters, which can be shared among multiple connections. Protocol. Thereafter the final ciphertext block from each record is preserved for use as
the IV with the following record.
There are actually a number of states associated with each session. Once a session is
• Sequence numbers: Each party maintains separate sequence numbers for transmitted
established, there is a current operating state for both read and write (i.e., receive and
send). In addition, during the Handshake Protocol, pending read and write states are and received messages for each connection. When a party sends or receives a change
created. Upon successful conclusion of the Handshake Protocol, the pending states cipher spec message, the appropriate sequence number is set to zero.
become the current states.

A session state is defined by the following parameters:-

• Session identifier: An arbitrary byte sequence chosen by the server to identify an active
or resumable session state.
Transport Layer Security
• Peer certificate: An X509.v3 certificate of the peer. This element of the state may be
null.
Message Authentication Code:-There are two differences between the SSLv3 and TLS
• Compression method: The algorithm used to compress data prior to encryption. MAC schemes: the actual algorithm and the scope of the MAC calculation. TLS makes
• Cipher spec: Specifies the bulk data encryption algorithm and a hash algorithm used use of the HMAC algorithm defined in RFC 2104.HMAC is defined as follows:
for MAC calculation. It also defines cryptographic attributes such as the hash size.
• Master secret:48-byte secret shared between the client and server.
• Is resumable: A flag indicating whether the session can be used to initiate new
connections.

where

SSLv3 uses the same algorithm, except that the padding bytes are concatenated with
the secret key rather than being XORed with the secret key padded to the block length.
The level of security should be about the same in both cases.
For TLS, the MAC calculation encompasses the fields indicated in the following
expression:
HMAC hash (MAC write secret, seq_ num || TLS Compressed. Type ||
TLS Compressed. Version || TLS Compressed. Length ||
TLS Compressed. Fragment)
The MAC calculation covers all of the fields covered by the SSLv3 calculation, plus the
field TLS Compressed. version, which is the version of the protocol being employed.
Pseudorandom Function: -TLS makes use of a pseudorandom function referred to as
PRF to expand secrets into blocks of data for purposes of key generation or validation.
The objective is to make use of a relatively small shared secret value but to generate
longer blocks of data in a way that is secure from the kinds of attacks made on hash
functions and MACs.
P hash (secret, seed) = HMAC hash (secret, A (1) || seed) ||
HMAC hash (secret, A (2) || seed) ||
HMAC hash (secret, A (3) || seed) ||
where A () is defined as
A(0) = seed
A(i) = HMAC hash (secret, A(i - 1))
The data expansion function makes use of the HMAC algorithm, with either MD5 or
SHA-1 as the underlying hash function. As can be seen, P hash can be iterated as
many times as necessary to produce the required quantity of data. For example, if
P_SHA-1 was used to generate 64 bytes of data, it would have to be iterated four times,
producing 80 bytes of data, of which the last 16 would be discarded. In this case,
P_MD5 would also have to be iterated four times, producing exactly 64 bytes of data.
Secure Electronic Transaction
Introduction: - SET is a set of security protocols and formats that enables users to
employ the existing credit card payment infrastructure on an open network, such as the
Internet, in a secure fashion. SET provides three services:
• Provides a secure communications channel among all parties involved in a transaction
• Provides trust by the use of X.509v3 digital certificates
• Ensures privacy because the information is only available to parties in a transaction.
Requirements: - lists the following business requirements for secure payment
processing with credit cards over the Internet and other networks:
• Provide confidentiality of payment and ordering information: It is necessary to
assure cardholders that this information is safe and accessible only to the intended
recipient. Confidentiality also reduces the risk of fraud by either party to the
transaction or by malicious third parties. SET uses encryption to provide
confidentiality.
• Ensure the integrity of all transmitted data: That is, ensure that no changes in
content occur during transmission of SET messages. Digital signatures are used to
provide integrity.
• Provide authentication that a cardholder is a legitimate user of a credit card
account: A mechanism that links a cardholder to a specific account number reduces
the incidence of fraud and the overall cost of payment processing. Digital signatures
and certificates are used to verify that a cardholder is a legitimate user of a valid
account.
 • Provide authentication that a merchant can accept credit card transactions
through its relationship with a financial institution: This is the complement to the
preceding requirement. Cardholders need to be able to identify merchants with whom
they can conduct secure transactions. Again, digital signatures and certificates are
used.
• Cardholder account authentication: SET enables merchants to verify that a
cardholder is a legitimate user of a valid card account number. SET uses X.509v3
digital certificates with RSA signatures for this purpose.

• Merchant authentication: SET enables cardholders to verify that a merchant has a

• Ensure the use of the best security practices and system design techniques to
relationship with a financial institution allowing it to accept payment cards. SET uses
protect all legitimate parties in an electronic commerce transaction: SET is a
X.509v3 digital certificates with RSA signatures for this purpose.
well-tested specification based on highly secure cryptographic algorithms and
protocols.

• Create a protocol that neither depends on transport security mechanisms nor MODULE 5
prevents their use: SET can securely operate over a "raw" TCP/IP stack. However,
Intruders and Viruses
SET does not interfere with the use of other security mechanisms, such as IPsec and
SSL/TLS. • Intruders
– Intrusion Techniques
• Facilitate and encourage interoperability among software and network providers: – Password Protection
The SET protocols and formats are independent of hardware platform, operating
– Password Selection Strategies
system, and Web software.
– Intrusion Detection
Key Features of SET
• Viruses and Related Threats

SET incorporates the following features: – Malicious Programs

– The Nature of Viruses
• Confidentiality of information: Cardholder account and payment information is
– Antivirus Approaches
secured as it travels across the network. An interesting and important feature of SET
is that it prevents the merchant from learning the cardholder's credit card number. – Advanced Antivirus Techniques
• Recommended Reading and WEB Sites
• Integrity of data: Payment information sent from cardholders to merchants includes Intruders
order information, personal data, and payment instructions. SET guarantees that
• Three classes of intruders (hackers or crackers):
these message contents are not altered in transit.
– Masquerader
– Misfeasor
– Clandestine user
 Storing UNIX Passwords
Intrusion Techniques
• UNIX passwords were kept in in a publicly readable file,
• System maintain a file that associates a password with each authorized user.
etc./passwords.
• Password file can be protected with:
– One-way encryption • Now they are kept in a “shadow” directory and only visible
– Access Control by “root”.
• Techniques for guessing passwords:
– Try default passwords.
Salt
– Try all short words, 1 to 3 characters long.
– Try all the words in an electronic dictionary (60,000). • The salt serves three purposes:
– Collect information about the user’s hobbies, family names, birthday, etc. – Prevents duplicate passwords.
– Try user’s phone number, social security number, street address, etc.
– Effectively increases the length of the password.
– Try all license plate numbers (MUP103).
– Use a Trojan horse – Prevents the use of hardware implementations of
– Tap the line between a remote user and the host system. DES.
• User ducation
UNIX Password Scheme
• Computer-generated passwords
• Reactive password checking
Proactive password checking
Intrusion Detection Distributed Intrusion Detection
• Statistical anomaly detection
– Treshold detection
– Profile based
• Rule based detection
– Anomaly detection
– Penetration identidication

Measures used for Intrusion Detection

• Login frequency by day and time.

• Frequency of login at different locations.
• Time since last login.
• Password failures at login.
• Execution frequency.
• Execution denials.
• Read, write, create, delete frequency.
• Failure count for read, write, create and delete.
 Viruses and ”Malicious Programs”
• Computer “Viruses” and related programs have the ability to replicate
themselves on an ever-increasing number of computers. They originally
spread by people sharing floppy disks. Now they spread primarily over the
Internet (a “Worm”).
• Other “Malicious Programs” may be installed by hand on a single
machine. They may also be built into widely distributed commercial
software packages. These are very hard to detect before the payload
activates (Trojan Horses, Trap Doors, and Logic Bombs).
Taxanomy of Malicious Programs
Malicious Programs
Definitions
• Virus - code that copies itself into other programs.
• A “Bacteria” replicates until it fills all disk space, or CPU cycles.
• Payload - harmful things the malicious program does, after it has had time
to spread.
• Worm - a program that replicates itself across the network (usually riding
on email messages or attached documents (e.g., macro viruses).
• Trojan Horse - instructions in an otherwise good program that cause bad
things to happen (sending your data or password to an attacker over the
net).
• Logic Bomb - malicious code that activates on an event (e.g., date).
• Trap Door (or Back Door) - undocumented entry point written into code for
debugging that can allow unwanted users.
• Easter Egg - extraneous code that does something “cool.” A way for
programmers to show that they control the product.

Need Host Program Independent Virus Phases

• Dormant phase - the virus is idle
• Propagation phase - the virus places an identical copy of itself into other
programs

Trapdoors, Logic Bombs, Bacteria, Worms • Triggering phase – the virus is activated to perform the function for which it
was intended
Trojan Horses, Viruses
• Execution phase – the function is performed
Virus Protection A Compression Virus
Have a well-known virus protection program, configured to
scan disks and downloads automatically for known viruses.
Do not execute programs (or "macro's") from unknown
sources (e.g., PS files, HyperCard files, MS Office documents,
Avoid the most common operating systems and email
programs, if possible.

Virus Structure

Types of Viruses

• Parasitic Virus - attaches itself to executable files as part of their code.

Runs whenever the host program runs.
• Memory-resident Virus - Lodges in main memory as part of the residual
operating system.
• Boot Sector Virus - infects the boot sector of a disk, and spreads when the
operating system boots up (original DOS viruses).
• Stealth Virus - explicitly designed to hide from Virus Scanning programs.
• Polymorphic Virus - mutates with every new host to prevent signature
detection.
 Macro Viruses
Advanced Antivirus Techniques
• Microsoft Office applications allow “macros” to be part of the document.
The macro could run whenever the document is opened, or when a certain
command is selected (Save File).
• Platform independent.
• Infect documents, delete files, generate email and edit letters.

Antivirus Approaches

1st Generation, Scanners: searched files for any of a library of known virus
“signatures.” Checked executable files for length changes.

2nd Generation, Heuristic Scanners: looks for more general signs than
specific signatures (code segments common to many viruses). Checked files
for checksum or hash changes.

3rd Generation, Activity Traps: stay resident in memory and look for certain
patterns of software behavior (e.g., scanning files).

4th Generation, Full Featured: combine the best of the techniques above.

FIREWALLS CHARACTERISTICS
Advanced Antivirus Techniques

• Generic Decryption (GD) Introduction: - A system designed to prevent unauthorized access to or from a private
network. Firewalls can be implemented in both hardware and software, or a combination
– CPU Emulator of both. Firewalls are frequently used to prevent unauthorized Internet users from
– Virus Signature Scanner accessing private networks connected to the Internet, especially intranets. All messages
– Emulation Control Module entering or leaving the intranet pass through the firewall, which examines each message
and blocks those that do not meet the specified security criteria.
• For how long should a GD scanner run each interpretation?
Following are the design goals for a firewall: -

1. All traffic from inside to outside, and vice versa, must pass through the
firewall. This is achieved by physically blocking all access to the local network
except via the firewall.
 2. Only authorized traffic, as defined by the local security policy, will be allowed
to pass. Various types of firewalls are used, which implement various types of
security policies, as explained later in this section.
3. The firewall itself is immune to penetration. This implies that use of a trusted
system with a secure operating system.
Originally, firewalls focused primarily on service control, but they have since evolved to
provide all four:
2. A firewall provides a location for monitoring security-related events. Audits and
alarms can be implemented on the firewall system.
3. A firewall is a convenient platform for several Internet functions that are not
security related. These include a network address translator, which maps local
addresses to Internet addresses, and a network management function that audits
or logs Internet usage.
4. A firewall can serve as the platform for IP Sec

• Service control: Determines the types of Internet services that can be accessed, inbound Firewalls have their limitations, including the following:

or outbound. The firewall may filter traffic on the basis of IP address and TCP port 1. The firewall cannot protect against attacks that bypass the firewall. Internal
number; may provide proxy software that receives and interprets each service request systems may have dial-out capability to connect to an ISP. An internal LAN may
support a modem pool that provides dial-in capability for traveling employees and
before passing it on; or may host the server software itself, such as a Web or mail telecommuters.
service.
2. The firewall does not protect against internal threats, such as a disgruntled
employee or an employee who unwittingly cooperates with an external attacker.
• Direction control: Determines the direction in which particular service requests
may be initiated and allowed to flow through the firewall. 3. The firewall cannot protect against the transfer of virus-infected programs or
files. Because of the variety of operating systems and applications supported
inside the perimeter, it would be impractical and perhaps impossible for the firewall
• User control: Controls access to a service according to which user is attempting to scan all incoming files, e-mail, and messages for viruses
to access it. This feature is typically applied to users inside the firewall
perimeter. It may also be applied to incoming traffic from external users; the
latter requires some form of secure authentication technology.

• Behavior control: Controls how particular services are used. For example, the
firewall may filter e-mail to eliminate spam, or it may enable external access to
only a portion of the information on a local Web server.

The following capabilities are within the scope of a firewall:

1. A firewall defines a single choke point that keeps unauthorized users out of
the protected network, prohibits potentially vulnerable services from
entering or leaving the network, and provides protection from various kinds
of IP spoofing and routing attacks. The use of a single choke point simplifies
security management because security capabilities are consolidated on a
single system or set of systems.
Types of Firewalls
Introduction: -The three common types of firewalls: packet filters, application-level
gateways, and circuit-level gateways.
Packet-Filtering Router:
A packet-filtering router applies a set of rules to each incoming and outgoing IP packet
and then forwards or discards the packet. The router is typically configured to filter
packets going in both directions. Filtering rules are based on information contained in a
network packet:-
• Source IP address: The IP address of the system that originated the IP packet.
• Destination IP address: The IP address of the system the IP packet is trying to reach.
• Source and destination transport-level address: The transport level.
• IP protocol field: Defines the transport protocol.
• Interface: For a router with three or more ports, which interface of the router the packet
came from or which interface of the router the packet is destined for
The packet filter is typically set up as a list of rules based on matches to fields in the IP
or TCP header. If there is a match to one of the rules, that rule is invoked to determine
whether to forward or discard the packet. If there is no match to any rule, then a default
action is taken. Two default policies are possible:
• Default = discard: That which is not expressly permitted is prohibited.
• Default = forward: That which is not expressly prohibited is permitted.
Application-Level Gateway: -An application-level gateway, also called a proxy server,
acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP
application, such as Telnet or FTP, and the gateway asks the user for the name of the
remote host to be accessed. When the user responds and provides a valid user ID and
authentication information, the gateway contacts the application on the remote host and
relays TCP segments containing the application data between the two endpoints. If the
gateway does not implement the proxy code for a specific application, the service is not
supported and cannot be forwarded across the firewall. Further, the gateway can be
configured to support only specific features of an application that the network
administrator considers acceptable while denying all other features.
Circuit-Level Gateway: -A third type of firewall is the circuit-level gateway. This can be
a stand-alone system or it can be a specialized function performed by an application-level
gateway for certain applications. A circuit-level gateway does not permit an end-to-end
TCP connection; rather, the gateway sets up two TCP connections, one between itself
and a TCP user on an inner host and one between itself and a TCP user on an outside
host. Once the two connections are established, the gateway typically relays TCP
segments from one connection to the other without examining the contents. The security
function consists of determining which connections will be allowed.
A typical use of circuit-level gateways is a situation in which the system administrator
trusts the internal users. The gateway can be configured to support application-level or
proxy service on inbound connections and circuit-level functions for outbound
connections. In this configuration, the gateway can incur the processing overhead of
examining incoming application data for forbidden functions but does not incur that
overhead on outgoing data.
 The firewall consists of two systems: a packet-filtering router and a bastion host. Typically,
Firewall Configurations the router is configured so that

Description:-The three common firewall configurations:- 1. For traffic from the Internet, only IP packets destined for the bastion host are allowed
in.

2. For traffic from the internal network, only IP packets from the bastion host are allowed
out.

The bastion host performs authentication and proxy functions. This configuration has
greater security than simply a packet-filtering router or an application-level gateway alone,
for two reasons. First, this configuration implements both packet-level and application-
level filtering, allowing for considerable flexibility in defining security policy. Second, an
intruder must generally penetrate two separate systems before the security of the internal
network is compromised.

This configuration also affords flexibility in providing direct Internet access. For example,
the internal network may include a public information server, such as a Web server, for
which a high level of security is not required. In that case, the router can be configured to
allow direct traffic between the information server and the Internet.

The screened subnet firewall configuration is the most secure of those we have
considered. In this configuration, two packet-filtering routers are used, one between the
bastion host and the Internet and one between the bastion host and the internal network.
This configuration creates an isolated subnetwork, which may consist of simply the
bastion host but may also include one or more information servers and modems for dial-
in capability. Typically, both the Internet and the internal network have access to hosts on
the screened subnet, but traffic across the screened subnet is blocked. This configuration
offers several advantages:

1. There are now three levels of defense to thwart intruders.

2. The outside router advertises only the existence of the screened subnet to the Internet;
therefore, the internal network is invisible to the Internet.

3. Similarly, the inside router advertises only the existence of the screened subnet to the
internal network; therefore, the systems on the inside network cannot construct direct
routes to the Internet.

[BYE BYE CRYPTOGRAPHY !]