Information Security
Information Security
Information Security
MCA
(TWO YEARS PATTERN)
SEMESTER - II (CBCS)
INFORMATION SECURITY
SUBJECT CODE: MCA23
© UNIVERSITY OF MUMBAI
Module 1 Introduction
1 Introduction...............................................................................................................1
2 Cryptography.............................................................................................................2
4 Authentication – I....................................................................................................50
5 Authentication – II..................................................................................................65
6 Digital Signature.....................................................................................................77
8 Integrity.................................................................................................................110
10 Firewall.................................................................................................................168
11 Intrusion................................................................................................................181
INFORMATION SECURITY
SYLLABUS
1.0 OBJECTIVES
The objective of this module is to learn the concept of Information
Security. Why security is required in the first place? After that we will
discuss the key principles of security. These principles help us to identify
the various areas, which are crucial while determining the security threats
and possible solutions to tackle them. This is followed by a discussion of
the services and attacks. Finally we will discuss the functional
requirements of security and current trends in security.
Information is a valuable asset like any other asset. So, information needs
to be secured from attacks. Now the question is what is security?
Security is
1
Information Security In short to secure information, three security goals must be achieved
Confidentiality: Means information needs to be hidden from
unauthorized access.
Integrity: Means information protected from unauthorized change.
Availability: Means information available to an authorized entity when it
is needed.
In early days, the information collected by an organization was stored on
physical files. The confidentiality of the files was achieved by restricting
the access to only trusted people in the organization. And also, only a few
authorized people were allowed to change the contents of the files.
Availability was achieved by designating at least one person who would
have access to the files at all times.
With the invention of computers, information storage become electronic,
means it was stored in computers. The three security requirements,
however, did not change. The files stored in computers also require
confidentiality, integrity and availability (CIA). The implementation of
these requirements, however is different and more challenging
During the last two decades, computer networks created a revolution in the
use of information. Information is now distributed. Authorized people can
send and retrieve information from a distance using computer networks.
Although the three above mentioned requirements confidentiality,
integrity and availability have not changed, they now have some new
dimensions.
22
● What will happen tomorrow if B deposits the check in his account, Introduction
the money is transferred from A’s account to B's account and then A
refuses having written/sent the check? The court of law will use A's
signature to disallow A to refuse this claim and settle the dispute.
This is the principle of non-repudiation.
These are the four chief principles of security. There are two more, access
control and availability, which are not related to a particular message, but
are linked to the overall system as a whole.
1.3 ATTACKS
3
Information Security
Interception
This is an attack on confidentiality. An unauthorized party gain access to
an asset. Ex: wire tapping to capture data in a network, illicit copying of
files.
Modification
This is an attack on integrity. An unauthorized party not only gains access
but tampers with an asset. Ex: changing values in data file, altering a
program, modifying the contents of messages being transmitted in a
44 network.
Introduction
Fabrication:
This is an attack on authenticity. An unauthorized party inserts counterfeit
objects into the system. Ex: the insertion of spurious messages in a
network or the addition of records to a file
Passive attacks are very difficult to detect because they do not involve any
alteration of data. However, it is feasible to prevent the success of these
attacks.
b. Active attacks
An active attack attempts to alter system resources or affect their
operation. An active attack may change the data or harm the system.
Example of attack threatening to integrity is masquerading, replaying,
modification and Repudiation. Example of attack threatening to
availability is Denial of Service (DoS).
66
Active attacks can be subdivided into five types: Introduction
7
Information Security 3. Modification of message: It involves some portions of message is
altered or the messages are delayed or recorded, to produce an
unauthorized effect.
For example, Bob sends message to Alice as “Allow John to access
confidential file X". In transmission the Darth intercept the message and
change it for its own benefit as “Allow Darth to access confidential X
file."
4. Repudiation
Sender or receiver performs this attack. The sender or recipient might
subsequently deny sending or receiving a communication. The client, for
instance, asks his bank "To transfer the sum to someone" and,
subsequently, refuses the sender (customer) to make the request. This is
disapproval. Figure 1.3.11 represents Repudiation where Darth denies
previously sent message to Alice
9
Information Security Comparative Points of Passive and Active Attack:
10
10 Fig 1.4.1 Security Services
1. DATA CONFIDENTIALITY: Introduction
It’s designed to protect data from disclosure attacks. There are four types
of confidentiality services defined by ITU-T standard.
11
Information Security 4. NONREPUDIATION:
Provides protection against denial by one of the entities involved in a
communication of having participated in all or part of the communication.
There are two types of nonrepudiation services defined by ITU-T
standard.
13
Information Security Though it is cost-effective, easy to use, and easy implementation it has
certain information security issues which we have to consider. Plain text
communication through wireless is vulnerable to sniffing, eavesdropping,
and man-in-the-middle attack. The solution to information security issues
is wireless encryption. The two Wi-Fi encryption standards are Wired
Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WPA is
more effective but WEP can be easily cracked.
Service Set Identifier (SSID) is used to identify each Wi-Fi network. It is
recommended that this SSID be changed to a name that is neutral in
representation. Wi-Fi authentication can happen using a centralized
authentication server, open system authentication, or shared key
authentication by the access point. To strengthen the authentication
process MAC filtering may be enabled. Various discovery and analysis
tools are available for a price or for free. These enable the analysis of the
wireless frames and man-in-the-middle attacks, including denial of service
attacks, by sending fake packets or sending fake Clear to Send (CTS)
signals in the name of a fake client making other clients wait indefinitely
for their turn. The tools like NetSurveyor, NetStumbler, WiFi Hopper, and
Meraki WiFi Stumbler allow for easy network discovery. Powerful
jamming signals can be used to jam the entire Wi-Fi network of an
organization this leads to denial of service attack.
Best practices to be followed to avoid or reduce wireless attacks:
14
14
2. Bluetooth Technology and Security Introduction
• Have the devices securely with you or store them securely when not
used by you.
• Pre-shared key authentication and encryption should be used for
Bluetooth communication.
• Bluetooth should be enabled only when required to communicate.
• Bluetooth should be set to non-discoverable and non-pairable mode.
• Set discoverable and pairable mode only when you need to connect
to other devices or vice versa.
• Always remove unwanted devices from the list of paired devices.
• Carry out the pairing of the devices only in a secure area. Have the
paired device as near as possible to the other device with which it is
pairing.
• Anti-virus systems should be in place.
• The device firewall should be active all time.
• Regular patching of the Bluetooth devices should be done.
3. Mobile Security
Now a day’s usage of mobile phones, smartphones, and tablets is
increasing. Different operating systems are used in these devices. Mobile
devices are being used for sending e-mails, instant messaging, gaming,
and various official / personal purposes. Many mobile apps are available
free or at a very low cost. Due to mobile devices lives of users become
easy and more active; however, at the same time, they have created a
number of security issues.
15
Information Security If unauthorized users will be able to access the mobile device then there is
a possibility of leaking personal information such as login ids, credit card
details, and passwords. The security of the various apps or games we
download is also questionable. The apps or games might have been
created with malicious intent and can infect mobile devices. The attackers
might misuse the intercepted information.
Operating systems used by mobile devices may have multiple security
issues or vulnerabilities. These security issues may be misused by the
attackers.
Generally, users do not install anti-virus software on mobile phones. It is
advised to install good anti-virus software such as Avast, Norton, or
McAfee on mobile phones to protect from malicious attacks. Mobile
phone settings should be reviewed regularly and set appropriately. Always
disable unnecessary settings/features.
Best practices to be followed to avoid or reduce attacks on Mobile
Communication:
1.7 SUMMARY
17
Information Security 1.9 TRUE OR FALSE
1. https://www.opensecurityarchitecture.org/cms/definitions/
it_security_requirements
2. https://link.springer.com/content/pdf/10.1007%2F978-1-4302-6383-
8_16.pdf
3. Atul Kahate, “Cryptography and Network Security”, McGraw Hill
4. Cryptography and Network Security: Principles and Practice,
William Stallings
5. Cryptography and Network Security, Behrouz A Forouzan
18
18
2
CRYPTOGRAPHY
Unit Structure
2.0 Objective
2.1 Introduction
2.2 Cryptography
2.2.1 Types of Cryptography
2.2.2 Mathematics of Cryptography
2.2.3 Modular Arithmetic Additive Inverse
2.2.4 Multiplicative Inverse
2.2.5 Euclidean Algorithm
2.2.6 Extended Euclidean Algorithm
2.3 Summary
2.4 Reference for further reading
2.0 OBJECTIVE
2.1 INTRODUCTION
To get original text that is plaintext we have decrypt text from encrypted
text.
In other way means when you make it mathematical way you can give the
numbers to the alphabets that is
A B C D E F G H I J K L M N
0 1 2 3 4 5 6 7 8 9 10 11 12 13
O P Q R S T U V W X Y Z
14 15 16 17 18 19 20 21 22 23 24 25
Suppose “text” message which is converted into 1942319
That is,
T->19
e->4
x->23
t->19
21
Information Security 2.2.1 Types of Cryptography
1) Symmetric Key Cryptography
2) Asymmetric Key Cryptography
3) Hash Function
1) Symmetric Key Cryptography: It is also called Conventional
cryptography or secret Key Cryptography. In this while doing the
encryption process the sender and receiver shares common single key for
encryption and decryption of text or message. The key for encrypting and
decrypting had known to sender as well as receiver. Otherwise, the
message could not be decrypted by conventional means.
The algorithm use is also known as a symmetric algorithm or sometimes
called a secret key algorithm.
22
22
Cryptography
3) Hash Function:
It is a hash function that takes random size input and yields a fixed size
output. It is a easy to calculate but difficult to access an original data. It is
strong and difficult to duplicate the same hash with unique inputs as hash
function .it is one-way function so once you started you cannot go back. It
is same as Digest, message digest, checksum etc.
23
Information Security By using hash function
1) Check Digital Signature
2) Message assurance
3) Source integrity service using MAC (Media Access Control)
address.
4) Key establishments algorithm
5) To generate random numbers
2.2.2 Mathematics of Cryptography:
Cryptography is the mathematics behind encrypting data. Whenever user
wants to transform plaintext data into ciphertext information. There are
operations or a set of operations that is used. For example, ROT13 is a
type of symmetric encryption algorithm that use some rotational
operational on a plaintext data. hence this operation is symmetric and
reversible. Thus, the ciphertext data can turn back into a plaintext data.so
consider all alphabets with 13 alphabets.
A ≡ B (mod C)
a +b ≡ 0 (mod n)
25
Information Security Where To show that two integers are congruent, we use the congruence
operator (≡ ) example
3 ≡ 8 (mod 5) and 15≡25 (mod 10).
Ex.1) Find all additive inverse pairs in Z10.
Sol=> We have m=10
By using modular arithmetic, the sum of an integer and its additive inverse
is congruent to 0 modulo n.
So, we must find all pairs that is equal to 10
The six pairs of additive inverses are (0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and
(5, 5).
2.2.4 Multiplicative Inverse:
In modular arithmetic, an integer may or may not have a multiplicative
inverse. When it does the product of the integer, and its multiplicative
inverse is congruent to 1 modulo n.
In Zn, two numbers a and b are the multiplicative inverse of each other if
a x b ≡ 1 (mod n)
suppose a = 3, m = 11
sol: 4
Since (4*3) mod 11 = 1, 4 is modulo inverse of 3(under 11).
One might think, 15 also as a valid output as "(15*3) mod 11"
is also 1, but 15 is not in ring {1, 2, ... 10}, so not
valid.
suppose a = 10, m = 17
sol: 12
Since (10*12) mod 17 = 1, 12 is modulo inverse of 10(under 17).
Ex.1) Find all multiplicative inverses in Z10.
Sol=> We have n=10
By using Multiplicative Inverse,
a x b ≡ 1 (mod n)
so, there are only three pairs (1, 1), (3, 7) and (9, 9). The numbers 0, 2, 4,
5, 6, and 8 do not have a multiplicative inverse.
26
26
Ex.2) Find the multiplicative inverse of 8 in Z10. Cryptography
a x b ≡ 1 (mod n)
so, we have seven pairs (1, 1), (2, 6), (3, 4), (5, 9), (7, 8), (9, 9), and (10,
10)
2.2.5 Euclidean Algorithm
GCD (Greatest Common Divisor) of the two numbers is the largest that
divides both. Suppose two numbers A and B of two integers and we must
find the Greatest Common Divisor (GCD).
This algorithm has technique to find the GCD of two integers quickly.
Definition:
A method of finding the greatest common divisor of two numbers by
dividing the larger by the smaller, the smaller by the reminder, the first
remainder by the second remainder you have to find until exact division is
found once the greatest common divisor is the exact divisor.
Fact 1: gcd (a, 0) = a
Fact 2: gcd (a, b) = gcd (b, r), where r is
the remainder of dividing a by b
The Euclidean Algorithm for finding GCD (A, B) is as follows:
● If A = 0 then GCD (A, B) =B, since the GCD (0, B) =B, and we can
stop.
● If B = 0 then GCD (A, B) =A, since the GCD(A,0) =A, and we can
stop.
A ≠0
B ≠0
A ≠0
B ≠0
30
30
Algorithm Cryptography
31
Information Security General solutions:
x = x0 + k (b/d) and y = y0 − k(a/d) where k is an integer.
2.3 SUMMARY
1) https://www.itu.int/en/ITU-D/Cybersecurity/Documents/01-
Introduction%20to%20Cryptography.pdf
2) https://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf
3) https://nayakuch.files.wordpress.com/2015/08/cryptography-
network-security-atul-kahate.pdf
4) https://thisismyclassnotes.blogspot.com/2017/05/cryptography-
euclidean-algorithm.html
5) https://www.cs.siue.edu/~tgamage/archieved/S15/CS490/L/CR01.pd
f
6) https://www.rit.edu/academicsuccesscenter/sites/rit.edu.academicsuc
cesscenter/files/documents/math-
handouts/DM6_EuclideanAlgorithm_BP_9_22_14.pdf
7) https://cp-algorithms.com/algebra/extended-euclid-algorithm.html
8) Cryptography And Information Security, V. K. Pachghare
9) Atul Kahate, “Cryptography and Network Security”, McGraw Hill
Self-learning topics:
Variations of DES – 2DES and 3DES, Symmetric and Asymmetric Key
Cryptography together
32
32
Cryptography
QUESTIONS
1) What is mean by cryptography? Explain its type.
2) Difference between Symmetric and Asymmetric Encryption.
3) Explain Mathematical Cryptography.
4) What is mean Modular Arithmetic Additive Inverse?
5) What is mean Multiplicative Inverse?
6) Explain Euclidean Algorithm?
7) Explain Extended Euclidean Algorithm?
33
3
Information Security
3.0 OBJECTIVES
3.1 INTRODUCTION
35
Information Security Block Cipher-
Encrypt a group of plaintext symbols as one block. The key is applied to
blocks mostly 64 bits size at a time. Size of block 128, 192, or 256 bits.
(128 bits used by AES and 64 bits used by DES)
Consider a 128-bit block cipher it required 128 bits of plaintext and
encrypts it into 128 bits of ciphertext. Where the amount of plaintext is
less than 128 bits.
Advantages:
1) Block Ciphers provides us integrity protection like MAC.
2) It provides ease of implementation and less restrictive required.
Disadvantage:
1) Block Cipher are slow and less memory efficient.
2) In this transmission errors are more caused.
We can say that on block cipher is the process in blocks or multiple bits
where stream cipher is the process them to bit or bytes.
Difference between Stream Cipher and Block Cipher.
36
36
Caesar cipher Stream Cipher
and Block Cipher
Each bit of the ciphertext block has highly nonlinear relations with the
plaintext block bits and the key bits.
X plaintext 🡪 E k(x) k-key 🡪 Y ciphertext
Each bit of the ciphertext block has highly nonlinear relations with the
plaintext block bits and the key bits. Example: Suppose that x, y and k all
have 8 bits.
y1 = x1 + x2 + x3 + x4 + k1 + k2 + k3 + k4
y2 = x2 + x3 + x4 + x5 + k2 + k3 + k4 + k5
y3 = x3 + x4 + x5 + x6 + k3 + k4 + k5 + k6
y4 = x4 + x5 + x6 + x7 + k4 + k5 + k6 + k7
y5 = x5 + x6 + x7 + x8 + k5 + k6 + k7 + k8
y6 = x6 + x7 + x8 + x1 + k6 + k7 + k8 + k1
y7 = x7 + x8 + x1 + x2 + k7 + k8 + k1 + k2
y8 = x8 + x1 + x2 + x3 + k8 + k1 + k2 + k3
As the linear relations bad confusion.
3.2.4 Diffusion
It means that if we change a character of the plaintext, then several
characters of the ciphertext should change, and similarly, if we change a
character of the ciphertext, then several characters of the plaintext should
change.
Block cipher uses confusion and diffusion. Linear functions are
responsible for diffusion.
Diffusion = Transposition or Permutation
abcd —>dacb
DES
We can say confusion means relationship between plaintext and
ciphertext. where diffusion means spreads the plaintext statistics through
the cipher text.
Each plaintext block bit or key bit affects many bits of the ciphertext
block.
X plaintext 🡪 E k(x) k-key 🡪 Y ciphertext
x, y and k all have 8 bits. If
y1 = x1 + x2 + x3 + x4 + k1 + k2 + k3 + k4
y2 = x2 + x3 + x4 + x5 + k2 + k3 + k4 + k5
y3 = x3 + x4 + x5 + x6 + k3 + k4 + k5 + k6
y4 = x4 + x5 + x6 + x7 + k4 + k5 + k6 + k7
37
Information Security y5 = x5 + x6 + x7 + x8 + k5 + k6 + k7 + k8
y6 = x6 + x7 + x8 + x1 + k6 + k7 + k8 + k1
y7 = x7 + x8 + x1 + x2 + k7 + k8 + k1 + k2
y8 = x8 + x1 + x2 + x3 + k8 + k1 + k2 + k3
then it has very good diffusion, because each plaintext bit or key bit
affects half of the bits in the output block y.
Difference between confusion and diffusion.
39
Information Security Disadvantages
1) Not suitable for long message.
2) Cipher Block Chaining (CBC):
In this, data is encrypted in specific blocks, and each block is dependent
on the blocks before it for decryption. The process uses something called
an initialization vector to help tie these blocks of encrypted data together.
the first block of the plaintext is exclusive-OR'd (XOR'd), which is a
binary function or operation that compares two bits and alters the output
with a third bit, with an initialization vector (IV) prior to the application of
the encryption key.
If the first block has index 1, CBC encryption is
Ci=Ek(pi Ci-1),
C0=IV
CBC decryption is
40
40
Stream Cipher
and Block Cipher
41
Information Security Advantages
1) It is more secure rather than electronic code book.
2) It has good authentication mechanism.
3) It also works those have input greater than n bits.
Disadvantages
1) Parallel cipher block chaining is not possible.
3) Output Feedback (OFB) mode: -
Output feedback mode have output from encryption function that is
feedback to shift register in cryptography. OFB modes operates on full
blocks of plaintext, ciphertext and text or message but it is not work on s-
bit subset character.
Each plain text block in XORed with the current output block to cipher
text block and which is the encrypted form of the previous output block.
OFM mode notation uses formula,
C[i] = P[i] XOR O[i]
O[i] = Ek(O[i-1])
O [1] = E (Initial Vector)
IV
| -----| -----|
Ek () / Ek () / Ek()
|--O [1] |--O [2] |--O [3]
| | |
P [1] --XOR P [2] --XOR P [3] --XOR
| | |
C [1] C [2] C [3]
That is symmetry of the XOR operation,
C j=P j O j,
P j=C j O j,
O j=Ek (I j),
I j=Oj-1,
I0=IV
42
42
For encryption, Stream Cipher
and Block Cipher
For decryption,
43
Information Security 4) Cipher Feedback (CFB):
It is also called as cipher feedback. It uses Initialization Vector(IV)
previous ciphertext block is encrypted and the output is XORed with the
current plaintext block to create the current ciphertext block. an initial
vector IV is used for first encryption and output bits are divided as a set of
s and b-s bits the left-hand side s bits are selected and are applied an XOR
operation with plaintext bits.
Algorithm
The algorithm process breaks down into the following steps:
Step1: The process begins with the 64-bit plain text block getting handed
over to an initial permutation (IP) function.
Step2: The initial permutation (IP) is then performed on the plain text.
Step3: Next, the initial permutation (IP) creates two halves of the
permuted block, referred to as Left Plain Text (LPT) and Right Plain Text
(RPT).
Step4: Each LPT and RPT goes through 16 rounds of the encryption
process.
Step5: Finally, the LPT and RPT are re-joined, and a Final Permutation
(FP) is performed on the newly combined block.
Step6: The result of this process produces the desired 64-bit ciphertext.
Initial Permutation (IP) –
It work at once in starting. It works how the transposition in IP should
proceed. example consider IP replaces the first bit of the plain text block
or message with the 58th bit of the plain text, the second bit with the 50th
bit of the plain text block, and so on.
5 5 4 3 2 1 1 2 6 5 4 3 2 2 1 4
8 0 2 4 6 8 0 0 2 4 6 8 0 2
6 5 4 3 3 2 1 6 6 5 4 4 3 2 1 8
2 4 6 8 0 2 4 4 6 8 0 2 4 6
5 4 4 3 2 1 9 1 5 5 4 3 2 1 1 3
7 9 1 3 5 7 9 1 3 5 7 9 1
6 5 4 3 2 2 1 5 6 5 4 3 3 2 1 7
1 3 5 7 9 1 3 3 5 7 9 1 3 5
45
Information Security As 64 bits message are divided into two parts that is 32 bit each. And 32
bits are divided
Into 16 rounds these are 5 steps we must follow
1) Key Transformation
2) Expansion permutation
3) S-box permutation
4) P-box permutation
5) XOR and swap
Key Transformation🡪Expansion permutation🡪S-box permutation🡪P-box
permutation🡪XOR and swap
3.2 7 Triple DES:
Triple DES (TDES or 3DES) is symmetric encryption algorithm that
involves using DES three times to encrypt a text. While DES encrypts a
block of data in 16 rounds, three times or triple DES uses 48 rounds. It is
powerful with compare with DES.
3.2.8 Advanced Encryption Standard (AES):
Advanced Encryption Standard is six time faster than triple DES. It is
based on ‘substitution–permutation network’. In AES operations are in
sequential and some of operation which involve replacing inputs by
specific outputs (substitutions) and others involve shuffling bits around
(permutations).
AES is depending on the length of the key as it is variable. It uses 10
rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-
bit keys. Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
3.2.9 RSA Algorithm
As three scientists were found in1978 names Rivest, Shamir and Adleman
so algorithm is called as RSA.It is asymmetric algorithm (means sender
and receiver uses two different keys) this means this algorithm uses
private and public key are used.
The RSA algorithm is set of rules which is based on the mathematical
truth that it is easy to locate and multiply massive prime numbers
collectively, however it's miles extremely difficult to aspect their product.
The private and public keys in RSA are based totally on very big (made of
a hundred or greater digits) high numbers. The algorithm itself is simple
(unlike the symmetric-key cryptographic algorithms). however, the actual
project within the case of RSA is the choice and era of the public and
private keys.
46
46
Encryption and Decryption process in RSA Algorithms are Stream Cipher
and Block Cipher
Step 1) Consider two prime numbers P& Q
Step 2) Calculate N=P X Q
Step 3) For Encryption key such that it is not factor of (P-1) (Q-1)
Step 4) For Decryption key Equation (D X E) mod (P-1) X(Q-1) =1
Step 5) For Encryption calculate cipher text CT from your message or
plain text
CT=PTE mod N
Where PT-Plain Text, CT-Cipher Text, E-Encryption
Step 6) send cipher text that is CT to receiver
Step 7) For decryption, calculate the plain text PT from cipher text CT as,
PT=CTD mod N
Where PT-Plain Text, CT-Cipher Text, E-Encryption
Ex.1) Consider P=7 and Q=17
Consider P=7 and Q=17 are two large prime numbers. (From Step No-1)
N=P X Q (From Step No-2)
=7 X 17
=119
For Encryption key(P-1) (Q-1) (From step 3)
So, (7-1) (17-1)
=6 X 16
=96
we must choose E that is not in factors
As The factors of 96 are 2, 2, 2, 2, 2, and 3 (As 96 = 2 x 2 x 2 x 2 x 2 x 3).
So, we cannot choose 2 and 3 as encryption Key as it is factor of 96. Also,
we cannot choose 8 because 2 X 2 X 2 X 2 same way we cannot choose 9
also as it contains 3 factors so we choose E as 5 because not having factor
2 and 3 so we can go with 5.
For Decryption, (D X E) mod (P-1) X(Q-1) =1(From Step No-4)
Put the values of E, P, Q we get,
(D X 5) mod (7-1) X (17-1) =1
47
Information Security (D X 5) mod 6 X 16=1
(D X 5) mod 96 =1
(As we want =1 so we have to put D value so that we get equations equal
to 1)
So, we consider D=77 and put into it
(77 X 5) mod 96 = 1
385 mod 96=1
For Encryption calculate cipher text CT from your message or plain text
CT=PTE mod N (From Step No-5)
Consider plain text =10
CT = 105 mod 119 (PT=10, E=5, N=119)
100000 mod 119 = 40
Send 40 cipher text that is CT to receiver (From Step No-6)
For decryption, calculate the plain text PT from cipher text CT as,
PT=CTD mod N (From Step No-7)
As we are sent 40 to receiver so PT=40 and CT=119, D=77
By putting values, we get,
PT=40 77mod 119
=10 which is original text
3.3 SUMMARY
In stream cipher text each bit or byte converted into encrypted form and
again bit or byte are converted into decrypted. In Block cipher text at a
time converted into encrypted form and text at a time decrypted. Different
mode of operations is used for cryptographic algorithm. There are mainly
four types of modes Electronic Code Book (ECB), Cipher Block Chaining
(CBC), Cipher feedback (CFB) and Output Feedback (OFB). Data
Encryption Algorithm (DES) nothing but Data Encryption Standard which
is a symmetric-key block cipher published by the National Institute of
Standards and Technology (NIST). Advanced Encryption Standard (AES)
is found at least six time faster than triple DES. It is based on
‘substitution–permutation network’. RSA algorithm is asymmetric
48
48
algorithm. The RSA algorithm is set of rules which is based on the Stream Cipher
and Block Cipher
mathematical truth that it is easy to locate and multiply massive prime
numbers collectively
3.4 REFERENCES
1) https://pdf.zlibcdn.com/dtoken/44c8a9f519cb7729d12ed9ad43161f4
5/Cryptography_and_network_security_by_Atul_Kahate)_5472596
_(z-lib.org).pdf
2) https://www.practicalnetworking.net/series/cryptography/rsa-
example/
3) http://www.crypto-it.net/eng/theory/modes-of-block-ciphers.html
4) https://www.tutorialspoint.com/cryptography/block_cipher_modes_
of_operation.htm
5) https://www.geeksforgeeks.org/block-cipher-modes-of-operation/
6) https://www.cs.utexas.edu/~byoung/cs361/lecture45.pdf
7) https://www.coursera.org/lecture/symmetric-crypto/block-cipher-vs-
stream-cipher-1uN46
8) https://www.techtarget.com/searchsecurity/definition/stream-cipher
9) s.uok.edu.in/Files/79755f07-9550-4aeb-bd6f-
5d802d56b46d/Custom/COnfusion and Diffusion.pdf
10) https://www.includehelp.com/cryptography/mode-of-operation.aspx
11) https://www.commonlounge.com/discussion/6747358d828a45c99f6
1f4c09ff2f371
12) http://www.crypto-it.net/eng/theory/modes-of-block-ciphers.html
SELF-LEARNING TOPICS:
Variations of DES – 2DES and 3DES, Symmetric and Asymmetric Key
Cryptography together
QUESTIONS:
1) What is mean by cipher text. Explain its type.
2) Explain type of stream cipher.
3) Difference between Stream Cipher and Block Cipher.
4) Difference between Confusion and Diffusion.
5) Explain different mode of block cipher.
6) Explain Data Encryption Standard (DES) in details.
7) Explain RSA Algorithm.
49
4
Information Security
AUTHENTICATION - I
Unit Structure
4.1 Objective
4.2 Introduction: Authentication
4.3 Types of authentication
4.4 Biometric Authentication and Third Party Authentication using
KDC and Kerberos Version 5
4.5 Summary
4.6 Reference for further reading
4.7 Unit End Exercises
4.1 OBJECTIVE
4.2 INTRODUCTION
50
50
• The process of showing, recognizing or giving proof of who is? Authentication - I
identification and authentication are simply and often confusing
things. Identities, in particular names, are often well familiar, public,
and not protected. Authentication is necessarily protected. If a
person's identity is publicly known, then anyone can claim to be that
person. What separates the claimant from the real person is proof by
authentication.
• An authentication system may include a system using a plain-text
password. It is an insecure authentication mechanism. Complex
system is an authentication system like the kerberos system.
• Advanced authentication systems use thumb impression, iris image
or hash values derived from data related to users.
The Difference between Identification & Authentication:
51
Information Security
52
52
Authentication - I
5 Example: By verifying Example: Once their
their identity, level of access is
employees can gain authorized, employees
access to an HR and HR managers can
application that access different levels
includes their personal of data based on the
pay information, permissions set by the
vacation time, and organization.
401K data.
53
Information Security 2. Multi-factor authentication
• Users will provide their digital certificates when they are going to
sign in to a server system. The server verifies the credibility or
authenticity of the digital signature and the certificate authority. The
server then uses cryptography techniques to confirm that the user
has a correct private key associated with the certificate.
54
54
Authentication - I
Fig. 8 Kerberos
Step 1. Client sends request for a ticket to TG service from AS
(AS contain the USer ID & Password)
Step 2. AS returns an encrypted ticket to the client.
Step 3. Client decrypts the ticket using his secret key.
Step 4. If a user wants to use the service from the server for this client
must be allowed to communicate with the server.
Step 5. Client submits the ticket to TG server.
Step 6. TG server verifies the ticket for identifying the client and after
successful verification provides a new ticket to the client.
Step 7. Client then submits this ticket to the server.
Step 8. Server checks the ticket and the authentication credential to ensure
that it is an authenticated client or not.
Step 9. After verification, the server provides the service to the client.
58
58
Authentication - I
• TGS receives a request, reads the ticket , and will validate it. If the
ticket has been supplied by the AS, then the TGS has the AS secret
key and can decrypt the ticket, otherwise it’s potentially a forged
ticket, and it will be discarded.
• The TGS then generates a ticket for the targeted service, and
encrypts it using the service’s secret key, then encapsulates this
encrypted ticket into a response which will be itself encrypted using
the client’s secret key.
• The client will receive this response, will decrypt it and extract the
encrypted ticket, and will send this encrypted ticket to the targeted
service, which will be able to decrypt it and validate it.
• Of course, in the meantime, many checks will be done relative to the
ticket validity, so one can be assured that the service is only
accessible by those with the credential to do so.
Kerberos Version 5
• Forwardable The user can use this ticket to request a new ticket, but
with a different IP address Thus, a user can use his/her current
credentials to get credentials valid on another machine.
• Renewable A renewable ticket can be renewed by asking the KDC
for a new ticket with the extended lifetime. However, we cannot
renew a ticket that has expired, we have to renew it before it expires.
A renewable ticket can be renewed up until maximum renewable
ticket lifetime.
• Postdatabale These are tickets which are initially invalid, and have a
starting time some time in the future. To use a postdatable ticket, the
user must send it back to the KDC to have it validated during the
ticket's valid lifetime.
60
60
Kerberos Third-party Authentication model: Authentication - I
61
Information Security • For more security, we can use double encryption techniques. For
encryption two keys are used, ie., user password and the session key.
• The user password has a long life period and is used only for first
time authentication whereas a session key has a period of 8 to 10
hours approximately and is used for requesting different services
after first time authentication.
• The user first logs on the client system by using user id and
password.
• Client sends the request for a ticket to the authentication server for
the particular user by providing his user id to AS and not the actual
password.
• The authentication server checks the user id and sends the encrypted
ticket to the client.
• If the user is able to decrypt the ticket by his password then the user
is considered as authenticated.
• Then the user sends the ticket to the service they want to use. If a
service is able to decrypt a ticket using its own secret key, the
service may presume that the user is authentic.
• In this way, without passing the password information over the
insecure channel, the authentication takes place in Kerberos
environment. So, it is difficult for the assailant to read the secret
information about the user.
The authentication in Kerberos takes place in 6 steps as shown in Figure
11.
62
62
1. The user first login on the client by using user is and password. Authentication - I
2. The client sends a request to the AS requesting a ticket for the user.
Thus This request is totally unauthentIcated and it contains only user
id and not the password of the user.
3. The ticketing service verifies tickets. the user's name in its database.
If the user name is the database then he is an authenticated user and
the ticketing service generates a unique session key for later use
during the user's authenticated session. This ticket sends to the client
a double-encrypted ticket-granting ticket and the session key în the
form:
The client then decrypts the ticket-granting ticket using the user's
password. If the client successfully decrypts the ticket using the
user's password, then the user is authentic. Then the client stores the
ticket TGT(Ktgs Ttgs, Ks}) for Later use.
5. The ticket-granting service decrypts the TGT using its own secret
key (Ktgs) and the rest of the part of the message is decrypted by
using the session key. If the ticket-granting service successfully
decrypts the ticket, it gets the Following information:
6. The client machine decrypts the service ticket using the session key
(Ks) and yields the session key (Ksession) and an encrypted service
ticket
(Kser{T'service,Ksession}).
63
Information Security 4.5 SUMMARY
64
64
5
AUTHENTICATION - II
Unit Structure
5.1 Objective
5.2 Introduction
5.3 Mutual authentication
5.4 Reflection attack
5.5 Summary
5.6 Reference for further reading
5.7 Unit End Exercises
5.1 OBJECTIVE
a. Mutual authentication helps ensure that the data they receive is
accurate and from a legitimate source, reducing the chances that an
attacker has compromised their connections.
b. Authentication ensures that API requests come from a legitimate
source.
c. To authenticate the identities of the client and server application to
each other
5.2 INTRODUCTION
66
66
Authentication - II
69
Information Security 2. Public Keys
Mutual authentication can also be achieved by using the public-key
technology. If A and B recognize each other's public key, 3
messages are need to complete the mutual-authentication process as
follows:
1. A sends her username and a random challenge (R2) encrypted
with B's public Key.
2. B decrypts the random challenge (R2) with his private key. B
make a new random challenge (R1) and encrypts it with A's
public key. B sends these two objects (decrypted R2 and
encrypted R1) to A.
3. A decrypts the random challenge (R1) with her private key and
sends it to B. B verifies R1.
4. This process is shown in Fig. 7
• a set of credentials,
• a public-private key pair, or a public key certificate.
72
72
A. IoT: Authentication - II
• Since only friendly aircraft know the value of the secret key K, only
friendly aircraft can calculate the correct response to a given nonce
n. If Bob fails to generate and send the correct response within a few
seconds, Alice promptly shoots him down.
• Otherwise, Alice knows that Bob must have known the value of K in
order to generate the response he sent, and that Bob must therefore
be on the same team.
• This process can be repeated in reverse so that Alice and Bob are
mutually authenticated.
The Reflection Attack
5.5 SUMMARY
76
76
6
DIGITAL SIGNATURE
Unit Structure
6.1 Concept
6.1.1 Digital Signature work
6.1.2 Benefits of digital signature
6.1.3 Use of digital signature
6.1.4 Tools and vendors of digital signature
6.1.5 Model of Digital Signature
6.2 Compare digital signature with public key
6.3 Digital signature schema
6.1 CONCEPT
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software or digital document. It's
the digital equivalent of a handwritten signature or stamped seal, but it
offers far more inherent security. A digital signature is intended to solve
the problem of tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of
electronic documents, transactions or digital messages. Signers can also
use them to acknowledge informed consent. In many countries, including
the United States, digital signatures are considered legally binding in the
same way as traditional handwritten document signatures.
6.1.1 How do digital signatures work?
Digital signatures are based on public key cryptography, also known
as asymmetric cryptography. Using a public key algorithm, such as RSA
(Rivest-Shamir-Adleman), two keys are generated, creating a
mathematically linked pair of keys, one private and one public.
Digital signatures work through public key cryptography's two mutually
authenticating cryptographic keys. The individual who creates the digital
signature uses a private key to encrypt signature-related data, while the
only way to decrypt that data is with the signer's public key. If the
recipient can't open the document with the signer's public key, that's a sign
there's a problem with the document or the signature. This is how digital
signatures are authenticated. Digital signature technology requires all
parties trust that the individual creating the signature has kept the private
key secret. If someone else has access to the private signing key, that party
could create fraudulent digital signatures in the name of the private key
holder.
77
Information Security 6.1.2 What are the benefits of digital signatures?
Security is the main benefit of digital signatures. Security capabilities
embedded in digital signatures ensure a document is not altered and
signatures are legitimate. Security features and methods used in digital
signatures include the following:
1. Personal identification numbers (PINs), passwords and
codes. Used to authenticate and verify a signer's identity and
approve their signature. Email, username and password are the most
common methods used.
2. Asymmetric cryptography. Employs a public key algorithm that
includes private and public key encryption and authentication.
3. Checksum. A long string of letters and numbers that represents the
sum of the correct digits in a piece of digital data, against which
comparisons can be made to detect errors or changes. A checksum
acts as a data fingerprint.
4. Cyclic redundancy check (CRC). An error-detecting code and
verification feature used in digital networks and storage devices to
detect changes to raw data.
5. Certificate authority (CA) validation. CAs issue digital signatures
and act as trusted third parties by accepting, authenticating, issuing
and maintaining digital certificates. The use of CAs helps avoid the
creation of fake digital certificates.
6. Trust service provider (TSP) validation. A TSP is a person or
legal entity that performs validation of a digital signature on a
company's behalf and offers signature validation reports.
7. Other benefits to using digital signatures include the following:
8. Timestamping. By providing the data and time of a digital
signature, timestamping is useful when timing is critical, such as for
stock trades, lottery ticket issuance and legal proceedings.
9. Globally accepted and legally compliant. The public key
infrastructure (PKI) standard ensures vendor-generated keys are
made and stored securely. Because of the international standard, a
growing number of countries are accepting digital signatures as
legally binding.
10. Time savings. Digital signatures simplify the time-consuming
processes of physical document signing, storage and exchange,
enabling businesses to quickly access and sign documents.
11. Cost savings. Organizations can go paperless and save money
previously spent on the physical resources and on the time,
personnel and office space used to manage and transport them.
78
78
12. Positive environmental impact. Reducing paper use also cuts down Digital Signature
on the physical waste generated by paper and the negative
environmental impact of transporting paper documents.
13. Traceability. Digital signatures create an audit trail that makes
internal record-keeping easier for business. With everything
recorded and stored digitally, there are fewer opportunities for a
manual signee or record-keeper to make a mistake or misplace
something.
How do you create a digital signature?
To create a digital signature, signing software, such as an email program,
is used to provide a one-way hash of the electronic data to be signed. A
hash is a fixed-length string of letters and numbers generated by an
algorithm. The digital signature creator's private key is then used to
encrypt the hash. The encrypted hash -- along with other information, such
as the hashing algorithm -- is the digital signature. The reason for
encrypting the hash instead of the entire message or document is a hash
function can convert an arbitrary input into a fixed-length value, which is
usually much shorter. This saves time as hashing is much faster than
signing.
The value of a hash is unique to the hashed data. Any change in the data,
even a change in a single character, will result in a different value. This
attribute enables others to use the signer's public key to decrypt the hash to
validate the integrity of the data.
If the decrypted hash matches a second computed hash of the same data, it
proves that the data hasn't changed since it was signed. If the two hashes
don't match, the data has either been tampered with in some way and is
compromised or the signature was created with a private key that doesn't
correspond to the public key presented by the signer -- an issue with
authentication.
79
Information Security A person creates a digital signature using a private key to encrypt the
signature. At the same time, hash data is created and encrypted. The
recipient uses the signer's public key to decrypt the signature.
A digital signature can be used with any kind of message, whether it is
encrypted or not, simply so the receiver can be sure of the sender's identity
and the message arrived intact. Digital signatures make it difficult for the
signer to deny having signed something as the digital signature is unique
to both the document and the signer and it binds them together. This
property is called nonrepudiation.
Digital signatures are not to be confused with digital certificates. A digital
certificate is an electronic document that contains the digital signature of
the issuing CA. It binds together a public key with an identity and can be
used to verify that a public key belongs to a particular person or entity.
Most modern email programs support the use of digital signatures and
digital certificates, making it easy to sign any outgoing emails and validate
digitally signed incoming messages. Digital signatures are also used
extensively to provide proof of authenticity, data integrity and
nonrepudiation of communications and transactions conducted over the
internet.
6.1.3 Uses for digital signatures
Industries use digital signature technology to streamline processes and
improve document integrity. Industries that use digital signatures include
the following:
81
Information Security 6.1.5 Model of Digital Signature
The digital signature scheme is based on public key cryptography. The
model of digital signature scheme is depicted in the following illustration
−
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm
which produces the digital signature on given hash. Signature is
appended to the data and then both are sent to the verifier.
• Verifier feeds the digital signature and the verification key into the
verification algorithm. The verification algorithm gives some value
as output.
The receiver after receiving the encrypted data and signature on it, first
verifies the signature using sender’s public key. After ensuring the validity
of the signature, he then retrieves the data through decryption using his
private key.
84
84
Pick a number, any number Digital Signature
In most common encryption systems, the public and private keys are both
generated at the same time. In others, the public key is generated from the
private key. The public and private keys are associated with each other
through a mathematical relationship. However, there is no way use the
public key to figure out the private key. That is because these systems
are based on math problems with no efficient solutions which can take
outputs and work backwards from to get the original inputs.
RSA and Prime Numbers: One example of a hard math problem
providing security for an encryption system is found in the popular RSA
cryptography system. RSA uses prime numbers to ensure security. A
public-key cryptographic system needs a set of algorithms that is easy
to do in one direction, but difficult to undo. RSA uses an easy algorithm
that multiplies two prime numbers.
If multiplication is easy, then the difficult part is factoring the product of
the multiplying those two primes.
A prime number is a natural number (aka whole number used in
counting) greater than 1 and can only be divided by 1 and itself. Examples
of prime numbers are 3, 5, 7, 11, 13, 17, etc.
A product is a result of multiplying two factors. Ex: A * B = C.
The factors are A and B. The product is C.
A composite number is a positive integer that is formed when
multiplying two or more other positive integers. Thus, composite numbers
are divisible by more than 1 and itself. When two primes (or any number
of positive integers) are multiplied, we get a composite number.
Factoring out a number just means finding the numbers that make up the
composite number.
Factoring out the two prime numbers that makeup RSA’s 232 digits length
number will take a very long time. However, generating and checking
those two primes is relatively easy.
Algorithms that have this property, easy in one direction and hard in the
other, are known as trapdoor functions. Other algorithms use other types
of hard math problems with this one-way property to provide security to
their system. Ethereum uses something called Elliptical Curve
Cryptography which will be described in a future post.
Public key cryptography with digital signatures: A digital signature
with public-key cryptography securing a message is created in the
following way. First, the message is digitally signed like explained above.
Then, this bundle is encrypted with the sender’s private key, and again
with the receiver’s public key
85
Information Security
After decryption, the receiver can verify the message was not tampered
with en-route by running the message through the same hashing algorithm
as the sender. If they match, we have a valid message.
can be verified by anyone using the entity’s public key, the message, and
the signature. Data Authentication and signature schemes are sometimes
distinguished in the sense that in the latter, verification can be done by
anyone at any time after the generation of the signature. Due to this
property, the digital signature scheme achieves Non-Repudiation property,
that is, a signer cannot later deny the fact of signing.
RSA Signatures
Unlike the RSA signature scheme, Frank cannot forge Alice's signature on
"random messages" by randomly picking r and s and calculating a
message m so that (m,r,s) is a valid Alice signature [to do this would
require solving the discrete log problem]. However, Frank can create valid
Alice signatures by selecting r,s and m simultaneously. To do this, Frank
picks two integers, i and j (less
88
88
Digital Signature
There are some protocol failures that would compromise the El-Gamal
signature scheme. The first involves the secret exponent k. Should this
become known, then given a signature (m,r,s) the congruence ar = m-ks
mod (p-1), has d = gcd(r,p-1) possible solutions for a. The correct one can
be found by verifying that β = α a mod p. This gives Alice's secret
exponent a and so breaks the system.
89
7
Information Security
90
90
3. Hash keys – used to safeguard the integrity and authenticity of data Public Key Infrastructure
and transactions with algorithms like HMAC-SHA256; anyone with
the secret key can impersonate the originator of the data/transactions
and thus modify the original data/transactions or create entirely false
data/transactions that any recipient will believe is authentic
With an ever-increasing number of keys to protect, and an ever-increasing
value of data being protected by those keys, not to mention the demands of
PCI-DSS or GDPR, this is a challenge that nearly every business needs to
face and address as a matter of urgency.
The most distinct feature of Public Key Infrastructure (PKI) is that it uses
a pair of keys to achieve the underlying security service. The key pair
comprises of private key and public key. Since the public keys are in open
domain, they are likely to be abused. It is, thus, necessary to establish and
maintain some kind of trusted infrastructure to manage these keys.
Key Management
It goes without saying that the security of any cryptosystem depends upon
how securely its keys are managed. Without secure procedures for the
handling of cryptographic keys, the benefits of the use of strong
cryptographic schemes are potentially lost.
It is observed that cryptographic schemes are rarely compromised through
weaknesses in their design. However, they are often compromised through
poor key management.
There are some important aspects of key management which are as
follows −
Cryptographic keys are nothing but special pieces of data. Key
management refers to the secure administration of cryptographic keys.
Key management deals with entire key lifecycle as depicted in the
following illustration −
91
Information Security There are two specific requirements of key management for public key
cryptography.
Secrecy of private keys. Throughout the key lifecycle, secret keys must
remain secret from all parties except those who are owner and are
authorized to use them.
Assurance of public keys. In public key cryptography, the public keys are
in open domain and seen as public pieces of data. By default, there are no
assurances of whether a public key is correct, with whom it can be
associated, or what it can be used for. Thus, key management of public
keys needs to focus much more explicitly on assurance of purpose of
public keys.
The most crucial requirement of ‘assurance of public key’ can be achieved
through the public-key infrastructure (PKI), a key management systems
for supporting public-key cryptography.
Public Key Infrastructure (PKI)
PKI provides assurance of public key. It provides the identification of
public keys and their distribution. An anatomy of PKI comprises of the
following components.
94
94
7.2 PRIVATE KEY MANAGEMENT Public Key Infrastructure
• Securely storing the private key. Once generated, the private key
must be stored securely. Depending on the application, keys may be
stored offline or on the computer used to generate, encrypt and
decrypt data. Private keys may be protected with a password,
encrypted or hashed for security -- or all three.
• Key exchange. The private key of a public key pair should almost
never be shared with others. Public key cryptography, including
digital signatures, is typically used to securely share session keys
used for symmetric encryption. However, other protocols for public
key infrastructure are used to authoritatively share public keys
between cooperating parties.
• Using the private key. The owner of a public key pair uses their
private key for decrypting data that has been encrypted with the
public key of the pair. Only the holder of the private key should be
able to decrypt data encrypted with the public key. For digital
signatures, the owner of the key pair uses their private key to encrypt
the signature. In this way, anyone with access to the public key can
decrypt the signature and verify that it was signed by the private key
owner.
Two keys, public and private, are required to encrypt and decrypt a
ciphertext encrypted with a public key algorithm. Symmetric encryption
uses a single secret key.
When the private key is used to encrypt ciphertext, that text can be
decrypted using the public key. That ciphertext can be a component of a
digital signature and used to authenticate the signature. Only the holder of
the private key could have encrypted ciphertext, so if the related public
key successfully decrypts it, the digital signature is verified.
The public key is made available to everyone that needs it in a publicly
accessible repository. The private key is confidential and should only be
accessible to the public key pair owner. In this method, whatever is
encrypted with the public key requires the related private key for
decryption and vice versa. Public key encryption is typically used for
securing communication channels, such as email.
97
Information Security 7.3 PUBLIC KEY CRYPTOGRAPHY STANDARDS (PKCS)
98
98
PKCS stands for public-key cryptography standard, is a model developed Public Key Infrastructure
by RSA laboratories in early 1990, design to standardize the public key
infrastructure. Public Key Cryptography Standard provides a total of 15
standards named as a number like PKCS#1, PKCS#2, PKCS#3, …..
PKCS#15.
7.3.1 List of Public Key Cryptography Standards
There is a total of 15 Public Key cryptography standards. Let’s discuss
those Public Key cryptography standards one by one.
PKCS #1
The main purpose of this standard is the RSA encryption standard. This
standard defines the basic rules for RSA Public Key functions, more
specifically, the digital certificates. This standard also defines the syntax
for the RSA private and Public Keys, which helps to choose and calculate
the RSA algorithm’s key pair. It also defines how digital certificates
should be calculated, how the structure of the data should be signed, the
format of the digital signature.
PKCS #2
The main purpose of this standard is the RSA encryption standard for
message digest. This standard defines the calculation for message digest.
Now PKCS#2 is merged with PKCS#1. As it merges with standard 1, it
does not have an independent existence.
PKCS #3
The main purpose of this standard is the Diffie-Hellman key agreement
standard. This standard defines the mechanism to implement the Diffie
Hellman key agreement protocol.
PKCS #4
This Public Key cryptography standard also merged with PKCS#1, so it
also does not have an independent existence.
PKCS #5
The main purpose of this standard is password-based encryption. It defines
the method for encrypting an octet string using a symmetric key which is
derived from the password.
PKCS #6
The main purpose of this standard is the extended certificate syntax
standard. It defines the syntax for extending the attributes of the X.509
digital certificate.
PKCS #7
The main purpose of this standard is the cryptographic message syntax
standard. It defines the syntax for the data, which is the resultant form of
cryptographic operations, for example, digital signature and digital
envelopes. This standard also provides various formatting options like
messages that are only enveloped, only signed, signed.
99
Information Security PKCS #8
The main purpose of this standard is the private key information standard.
It defines the syntax for private-key information. In other words, we can
say that it defines the algorithms and attributes that are being used to
generate the private key.
PKCS #9
The main purpose of this standard is to select attribute types. It defines the
selected attribute types that are used in PKCS#6 extended certificates. For
example, email address, unstructured address, and name.
PKCS #10
The main purpose of this standard is the certificate request syntax
standard. It defines the syntax yo request the digital certificate. The
certificate request contains a Distinguished name and Public Key.
PKCS #11
The main purpose of this standard is the cryptographic token interface
standard. This standard is also known for Cryptok. It defines API for
single-user user devices that contain information about cryptography, such
as digital certificates and Public Key. These devices can perform
cryptographic functions. For example, smart cards.
PKCS #12
The main purpose of this standard is personal information exchange
syntax. It defines the syntax for personal identification such as digital
certificates, private keys, etc. In words, we can say that this standard
allows users to transfer their data from one device to another using the
standard mechanism.
PKCS #13
The main purpose of this standard is the elliptic curve cryptography
standard. This standard is used to deal with a new upcoming cryptographic
mechanism called elliptic curve cryptography.
PKCS #14
The main purpose of this standard is the pseudo-random number
generation standard. This standard defines the requirements and processes
for random number generation. As random number generation is
extremely used in cryptography, standardizing their generation becomes
so much important.
PKCS #15
The main purpose of this standard is the cryptographic token information
syntax standard. This standard defines the tokes that are used in the
cryptographic process so that they can interoperate.
The steps required to create a digital certificate involves three parties first
100
100 the end user, second the registration authority and third is certificate
authority. The end user request for a digital certificate and the request goes Public Key Infrastructure
to the registration authority(RA) which then assist the certificate
authority(CA) to create the digital certificate. Registration authority act as
a intermediate between end user and the certificate authority. It also assist
in day to day task of certificate authority.
Services of Registration Authority:
101
Information Security 7.5 X.509 CERTIFICATE
103
Information Security The key size or bit length of public keys determines the strength of
protection. For example, 2048-bit RSA keys are often employed in SSL
certs, digital signatures, and other digital certificates. This key length
offers sufficient cryptographic security to keep hackers from cracking the
algorithm. Standards organizations like the CA/Browser Forum define
baseline requirements for supported key sizes.
Figure: X.509 certificates use a related public and private key pair for
identity authentication and security for internet communications and
computer networking
Issuance Fields
X.509 certificate fields contain information about the identity that the
certificate is issued to as well as the identity of the issuer CA. The
standard fields include:
Version – the X.509 version that applies to the certificate
Serial number – the unique serial number identifier provided by the CA
that distinguishes the certificate from others
Algorithm information – the cryptographic algorithm used by the issuer
to sign the certificate
Issuer distinguished name – the name of the CA issuing the certificate
Validity period of the certificate – the start/end date and time it's valid
and can be trusted
Subject distinguished name – the name of the identity the certificate is
issued to
Subject public key information – the public key associated with the
identity
104
104
Public Key Infrastructure
105
Information Security
Many internet protocols rely on X.509, and there are many applications of
the PKI technology that are used every day, including Web server
security, digital signatures and document signing, and digital identities.
Web Server Security with TLS/SSL Certificates
PKI is the basis for the secure sockets layer (SSL) and transport layer
security (TLS) protocols that are the foundation of HTTPS secure browser
connections. Without SSL certificates or TLS to establish secure
connections, cybercriminals could exploit the Internet or other IP networks
using a variety of attack vectors, such as man-in-the-middle attacks, to
intercept messages and access their contents.
Digital Signatures and Document Signing
In addition to being used to secure messages, PKI-based certificates can be
used for digital signatures and document signing.
Digital signatures are a specific type of electronic signature that leverages
PKI to authenticate the identity of the signer and the integrity of the
signature and the document. Digital signatures cannot be altered or
duplicated in any way, as the signature is created by generating a hash,
which is encrypted using a sender's private key. This cryptographic
verification mathematically binds the signature to the original message to
ensure that the sender is authenticated and the message itself has not been
altered.
Code Signing
Code signing enables application developers to add a layer of assurance by
digitally signing applications, drivers, and software programs so that end
users can verify that a third party has not altered or compromised the code
they receive. To verify the code is safe and trusted, these digital
certificates include the software developer's signature, the company name,
and timestamping.
Email Certificates
S/MIME certificates validate email senders and encrypt email contents to
protect against increasingly sophisticated social engineering and spear
phishing attacks. By encrypting/decrypting email messages and
attachments and by validating identity, S/MIME email certificates assure
users that emails are authentic and unmodified.
SSH Keys
SSH keys are a form of X.509 certificate that provides a secure access
credential used in the Secure Shell (SSH) protocol. As the SSH protocol is
widely used for communication in cloud services, network environments,
file transfer tools, and configuration management tools, most
organizations use SSH keys to authenticate identity and protect those
107
Information Security services from unintended use or malicious attacks. SSH keys not only
improve security, but also enable the automation of connected processes,
single sign-on (SSO), and identity and access management at the scale that
today's businesses require.
Digital Identities
X.509 digital certificates also provide effective digital identity
authentication. As data and applications expand beyond traditional
networks to mobile devices, public clouds, private clouds, and Internet of
Things devices, securing identities becomes more important than ever.
And digital identities don't have to be restricted to devices; they can also
be used to authenticate people, data, or applications. Digital identity
certificates based on this standard enable organizations to improve
security by replacing passwords, which attackers have become
increasingly adept at stealing.
How Do I Get an X.509 Certificate?
A critical component of deploying X.509 certificates is a trusted
certification authority or agent to issue certificates and publish the public
keys associated with individuals' private keys. Without this trusted CA, it
would be impossible for senders to know they are in fact, using the correct
public key associated with the recipient's private key and not the key
associated with a malicious actor intending to intercept sensitive
information and use it for nefarious purposes.
Trusted, third-party CAs like Sectigo act as certificate authorities, but
many enterprises and technology providers also choose to act as their own
CA. They may also decide to use self-signed certificates. Either way, the
certificate authority must be trusted to check and vouch for the identity of
all senders whose public keys they publish, ensure that those public keys
are indeed associated with the private keys of the senders, and safeguard
the levels of information security within their own organization to guard
against malicious attack.
Managing X.509 Certificates
One of the most critical aspects of x.509 certificates is effectively
managing these certificates at scale using automation. Without great
people, processes, and technology in place, companies are leaving
themselves open to security breaches, outages, damage to their brand, and
critical infrastructure failures. Discover how Sectigo Certificate
Manager(SCM) allows you to easily manage the lifecycles of public and
private digital certificates to secure every human and machine identity
across the enterprise, all from a single platform.
109
Information Security
8
INTEGRITY
Unit Structure
8.0 Objectives
8.1 Message Integrity
8.2 Hash Function Properties
8.3 MAC
8.4 HMAC
8.5 MD5
8.6 SHA-512
8.7 Summary
8.8 Multiple Choice Question Answers
8.9 True or False
8.10 Sample Questions
8.11 List of References
8.0 OBJECTIVES
• Practically impossible to find the original input given the hash value
• Practically impossible to find two inputs that produce the same hash
value
A hash function is an algorithm that usually takes any sized input, like a
message or a file, and produces a short random output, the hash value. If
you apply the hash function on the same input, we will always get the
same hash value as the output. If we apply the hash function on two
different inputs, we will get two different hash values as output.
Applications of Hash Function
• Message authentication
• Digital signatures
• Storing passwords
• Signatures of data for malicious behavior detection (e.g. virus,
intrusion)
• Generating pseudorandom number
112
112
Properties of cryptographic hash functions: Integrity
113
Information Security MAC processing works are shown in Fig. 8.3.1.
Let us assume that sender A wants to send a message M to receiver B.
118
118
Integrity
120
120 Figure 8.5.1 Padding Bits
Step 2: Append length Integrity
The next step is to calculate the length of the original message and add it
to the end of the message, after padding. The length of the message is
calculated; excluding the padding bits (i.e. it is the length original
message).
For example, if the original message consisted of 1200 bits and we added
a padding of 272 bits to make the length of the message 64 bits less than
1536 (a multiple of 512), the length is considered as 1200 and not 1472 for
this step. This length of the original message is now expressed as a 64-bit
value and these 64 bits are appended to the end of the original message +
padding.
This is shown in Fig. 8.3.5.2
122
122
Integrity
Step 5.2: Current 512-bit block is divided into 16 sub-blocks. Thus, each
sub-block contains now 32 bits, as shown in Fig. 8.5.7
124
124 Fig 8.5.9 One MD5 operation
We can mathematically express a single MD5 operation as follows: Integrity
8.6 SHA-512
126
126
a = 6A09E667F3BCC908 e = 510E527FADE682D1 Integrity
b = BB67AE8584CAA73B d = A54FF53A5F1D36F1
c = 3C6EF372FE94F82B f = 9B05688C2B3E6C1F
g = 1F83D9ABFB41BD6B h = 5BE0CDI9137E2179
Step 5: Process blocks
Now the actual algorithm begins. Here also, the steps are quite similar to
those in MD5. The combination of a-h, called as abcdefgh will be
considered as a single register for storing the temporary intermediate and
final results. Then the current 1024-bit block divided into 16 sub-
blocks, each consisting of 64 bits.
127
Information Security
a = Temp1+Temp2
b=a
c=b
d=c
e=d+Temp1
f=e
g=f
h=g
Where:
t = Round Number
Ch(e,f,g) = (e AND f) XOR (NOT e AND g)
Maj(a,b,c) = (a AND b) XOR (a AND c) XOR (b AND c)
∑(a) = ROTR(a,28) XOR ROTR(a,34) XOR ROTR(a,39)
∑(e) = ROTR(e,14) XOR ROTR(e,18) XOR ROTR(e,41)
ROTR(x) = Circular right shift, i.e. rotation, of the 64-bit array x by the
specified number of bits
+ = addition modulo 2^64
Kt = a 64-bit additive constant
Wt = a 64-bit word derived from the current 512-bit input block.
Six of the eight words of the output of the round function involve simply
permutation (b, c, d, f, g, h) by means of rotation. This is indicated by
shading in Figure 3.3.6.5 Only two of the output words (a, e) are generated
by substitution. Word e is a function of input variables d, e, f, g, h, as well
as the round word Wt and the constant Kt. Word a is a function of all of
the input variables, as well as the round word Wt and the constant Kt.
Calculation of Wt
The 64-bit word values for Wt are derived from 1024 -bit message using
certain mappings. Wt is used in each of the 80 rounds of each block where
t = (0 to 79). Each wt is of length 64 bits.
Wt is calculated as follows:
129
Information Security
8.7 SUMMARY
130
130
iii. Which attack requires the least effort/computations? Integrity
a) Pre-image
b) Second Pre-image
c) Collision
d) All required the same effort
Ans : c
iv. The _______ criterion states that it must be extremely difficult or
impossible to create the message if the message digest is given.
a) one-wayness
b) weak-collision-resistance
c) strong-collision-resistance
d) none of the above
Ans : a
v. MD5 produces________ bits hash data.
a. 112
b. 128
c. 150
d. 160
Ans : b
131
Information Security 8.11 LIST OF REFERENCES
1. https://www.tutorialspoint.com/cryptography/
cryptography_hash_functions.htm
2. https://medium.com/@zaid960928/cryptography-explaining-sha-
512-ad896365a0c1
3. https://sandilands.info/crypto/HashFunctionsandMACs.html#x27-
13300016.3
4. Atul Kahate, “Cryptography and Network Security”, McGraw Hill
132
132
9
INTERNET AND WEB SECURITY
Unit Structure
9.0 Objectives
9.1 An Overview
9.1.1 Internet Security and standards
9.1.2 Web services Security
9.1.3 Challenges of Computer security
9.2 Internet and web security
9.2.1 Web Security
9.2.2 SSL
9.2.3 IPSec
9.2.4 Email Security
9.2.4.1 PGP
9.2.4.2 Email Attacks
9.3 Web app versus Web service concept
9.3.1 Web App
9.3.2 Web service
9.3.3 Web App Vs Web Service
9.4 WS-Security
9.5 SOAP web service
9.6 SAML assertion
9.6.1What Is SAML?
9.6.2 Common Portion of an Assertion
9.6.3 Statements
9.7 Browser Attacks
9.8 Web attacks targeting users
9.9 Obtaining user or website data.
9.10 Summary
9.11 References
9.12 Bibliography
9.13 Unit End Exercises
9.0 OBJECTIVES
134
134
• Internet Security Association and Key Management Protocol Internet and Web Security
(ISAKMP): An Internet IPsec protocol [R2408] to negotiate,
establish, modify, and delete security associations, and to exchange
key generation and authentication data, independent of the details of
any specific key generation technique, key establishment protocol,
encryption algorithm, or authentication mechanism.
Computer security: Shall be classified as given below:
Threats
Internet security threats impact the network, data security and other
internet connected systems. Cyber criminals have evolved several
techniques to threat privacy and integrity of bank accounts, businesses,
and organizations.
Hacking as a Service, Spam, Phishing are also the threats for the internet
security.
136
136
Web Security Considerations Internet and Web Security
Although Web browsers are very easy to use, Web servers are relatively
easy to configure and manage, and Web content is increasingly easy to
develop, the underlying software is extraordinarily complex. This complex
software may hide many potential security flaws.
Casual and untrained users are common clients for Web based services.
Such users are not necessarily aware of the security risks that exist and do
not have the tools or knowledge to take effective countermeasures.
137
Information Security The Threats on the Web is shown in the Table 9.1
138
138
9.2.2 SSL -Secure Sockets Layer protocol Internet and Web Security
S.
Parameter Description Parameter Description
No.
An arbitrary byte
sequence chosen by
Byte sequences that are chosen
Session the server to Server and
1 by the server and client for each
identifier identify an active or client random
connection.
resumable session
state
48-byte secret
Data encrypted by the client and
5 Master secret shared between the Client write key
decrypted by the server
client and server
A flag indicating
When a block cipher in CBC
whether the session
Initialization mode is used, an initialization
6 Is resumable can be used to
vectors vector (IV) is maintained for
initiate new
each key
connections
1 byte
1 byte 1 byte
Level Alert
141
Information Security One way to provide Web security is to use IP security (IPsec) (Figure 9.6).
The advantage of using IPsec is that it is transparent to end users and
applications and provides a general-purpose solution
Applications of IPSec
Secure branch office connectivity over the Internet: A company can build
a secure virtual private network over the Internet or over a public WAN.
This enables a business to rely heavily on the Internet and reduce its need
for private networks, saving costs and network management overhead.
Secure remote access over the Internet: An end user whose system is
equipped with IPsecurity protocols can make a local call to an Internet
service provider (ISP) and gain secureaccess to a company network. This
reduces the cost of toll charges for traveling employees and
telecommuters.
142
142
IP Security Architecture Internet and Web Security
• Architecture
• Encapsulating Security Payload (ESP)
• Authentication Header (AH)
• Encryption Algorithm
• Authentication Algorithm 143
Information Security • Key Management
• Domain of Interpretation (DOI)
IPSec Services
IPSec provides security services at the IP layer by enabling a system to
select required security protocols. The services are
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets (a form of partial sequence integrity)
• Confidentiality (encryption)
• Limited traffic flow confidentiality
Security Associations (SA)
An association is a one-way relationship between a sender and a receiver
that affords security services to the traffic carried on it. Security services
are afforded to an SA for the use of AH or ESP, but not both.
• Destination IP Address:
• Source IP Address:
• UserID:
• Data Sensitivity Level
• Transport Layer Protocol
• Source and Destination Ports:
Transport and Tunnel Modes
Both AH and ESP support two modes of use: transport and tunnel mode.
Transport Mode
Transport mode provides protection primarily for upper-layer protocols.
Tunnel Mode
Tunnel mode provides protection to the entire IP packet. AH or ESP fields
are added to the IP packet, the entire packet plus security fields is treated
as the payload of new "outer" IP packet with a new outer IP header.
9.2.4. EMAIL SECURITY-
Fig 9.8 Function Modules and Standardized Protocols Used between them in the
Internet Mail Architecture
145
Information Security In todays internet world, electronic mail (Email) is the most heavily used
network-based application. Users, send email to others who are connected
directly or indirectly to the Internet, regardless of host operating system or
communications suite. With the explosively growing reliance on email,
there grows a demand for authentication and confidentiality services. Two
approaches in this regard are i) Pretty Good Privacy (PGP) and ii)
S/MIME.
Email Components
Key components of the Internet mail architecture, includes . (Fig 9.8)
146
146
Notation Internet and Web Security
Ks =session key
PRa=private key of user A,
PUa=public key of user A
EP = public-key encryption
DP = public-key decryption
EC = symmetric encryption
DC = symmetric decryption
H = hash function
= concatenation
Z = compression using ZIP algorithm
R64 = conversion to radix 64 ASCII format
Operational Description
The actual operation of PGP consists of five services:Authentication,
Confidentiality, Compression, E-mail compatibility, and Segmentation
(Table 9.3).
147
Information Security Function Algorithms Used Description
Authentication
Figure 9.9 illustrates the digital signature service provided by PGP. The
sequence is as follows:
1. The sender creates a message.
2. SHA-1 is used to generate a 160-bit hash code of the message.
3. The hash code is encrypted with RSA using the sender's private key,
and the result is prependedto the message.
4. The receiver uses RSA with the sender's public key to decrypt and
recover the hash code.
5. The receiver generates a new hash code for the message and
compares it with the decryptedhash code. If the two match, the
message is accepted as authentic.
Confidentiality
The 64-bit cipher feedback (CFB) mode is used. Each symmetric key is
used only once. That is, a new key is generated as a random 128-bit
number for each message. To protect the key, it is encrypted with the
receiver's public key. Figure 9.10 illustrates the sequence, which can be
described as follows:
148
148
1. The sender generates a message and a random 128-bit number to be Internet and Web Security
used as a session key fort his message only.
2. The message is encrypted, using CAST-128 (or IDEA or 3DES)
with the session key.
3. The session key is encrypted with RSA, using the recipient's public
key, and is prepended to the message.
4. The receiver uses RSA with its private key to decrypt and recover
the session key.
5. The session key is used to decrypt the message.
Compression
PGP compresses the message after applying the signature but before
encryption. This has the benefit of saving space both for e-mail
transmission and for file storage.
The placement of the compression algorithm, indicated by Z for
compression and Z-1 for decompression in Figure 9.11, is critical.
1. The signature is generated before compression for two reasons:
a. One can store only the uncompressed message together with
the signature for future verification.
b. PGP algorithm is not deterministic; various implementations
of the algorithm achieve different trade-offs in running speed
versus compression ratio and, as a result, produce different
compressed forms.
2. Message encryption is applied after compression to strengthen
cryptographic security. Because the compressed message has less
redundancy than the original plaintext, cryptanalysis is more
difficult.
E-mail Compatibility
When PGP is used, at least part of the block to be transmitted is encrypted.
PGP provides the service of converting the raw 8-bit binary stream to a
stream of printable ASCII characters to support the compatability.
Segmentation and Reassembly
E-mail facilities often are restricted to a maximum message length. To
overcome the issue, PGP automatically subdivides a message that is too
large into segments that are small enough to send via e-mail.
Cryptographic Keys and Key Rings
PGP makes use of four types of keys:
i) One-time session symmetric keys
ii) Public keys
149
Information Security iii) Private keys
iv) Passphrase-based symmetric keys Three separate requirements
can be identified with respect to these keys:
1. Generating unpredictable session keys is needed.
2. Users have multiple public-key/private-key pairs
3. A file has to be maintained for public/private key pairs
correspondents of public keys
We examine each of these requirements in turn.
150
150
The signature component includes the following: Internet and Web Security
• Key ID of sender's public key: Identifies the public key that should
be used to decrypt the message digest
The session key component the identifier of the recipient's public key that
was used by the sender to encrypt the session key.
Key Rings
Two key IDs of PGP messages are both confidentiality and authentication.
These keys need to be stored and organized in a systematic way for
efficient and effective use by all parties. The scheme used in PGP is to
provide a pair of data structures at each node, one to store the
public/private key pairs owned by that node and one to store the public
keys of other users known at this node. These data structures are referred
to, respectively, as the private-key ring and the public-key ring.
• Key ID: The least significant 64 bits of the public key for this entry.
151
Information Security Figure 9.13. General Structure of Private- and Public-Key Rings
152
152
9.3 WEB APP VERSUS WEB SERVICE CONCEPT Internet and Web Security
153
Information Security Here service provider publishes their product / functionality in the registry
through Web service Description Language(WSDL). The Consumer of the
servicees find the required service from the registry through WSDL.
Finally the consumer is bound with the provider through Simple Object
accesss Protocol(SOAP).
9.3.3 Web App Vs Web Service
Web applications
• It is Human-oriented
• Accessed by web browsers
• Developed using browser-oriented programming, scripting, and
styling languages/frameworks alongside server ones
• Development and Usability is Easy
• User Interface is Provided with Centralized structured view
• Fully Interoperable where as not having integrated infrastructure
control
• Users are not involved in updating the application while the
complexity is low
Web Services
• It is Machine-oriented
• Accessed by services, applications, and systems
• Developed using standard programming languages
• Development and Usability is comparatively difficult
• User interfaces not available where as having distributed structured
view
• Interaction models are available
• Uses SOAP, WSDL, and UDDI to build the blocks
• Both Synchronous and asynchronous operation modes are available
• Having Integrated infrastructure control
• Clients are involved in the updating process
• Reusability is the major advantage of web services
• The complexity level is comparatively high
9.4 WS-SECURITY
154
154
Operational Steps Internet and Web Security
155
Information Security Functionality
</enc:EncryptedKey>
</wsse:Security>
</env:Header>
<env:Body>
<enc:EncryptedData>
...
</enc:EncryptedData>
</env:Body>
</env:Envelope>
The major transport and description elements of Web services are SOAP,
WSDL and UDDI
A Web service is a software system that supports interoperable machine-
to-machine interaction.
158
158
9.6 SAML ASSERTION Internet and Web Security
159
Information Security 9.6.3 Statements
The top-level statement portion of an assertion is an abstract element.
A valid assertion must contain one of the three statements defined by
SAML, authentication, attribute, or authorization.
These will make up the concrete representation of the abstract element
Statement Abstract Type.
Abstract statement element can be used as an extension point,
Authentication Statement
The authentication statement is derived from the abstract Subject
Statement Abstract Type that, in turn, is derived from an abstract
Statement Abstract Type. In the common portion of the assertion we have
already assigned to the assertion a particular Subject, stated who the issuer
is, and signed the assertion.
<element name=”AuthenticationStatement”
type=”saml:AuthenticationStatementType”/>
<complexType name=”AuthenticationStatementType”>
<complexContent>
<extension base=”saml:SubjectStatementAbstractType”>
<sequence>
<element ref=”saml:SubjectLocality” minOccurs=”0”/>
<element ref=”saml:AuthorityBinding” minOccurs=”0”
maxOccurs=”unbounded”/>
</sequence>
<attribute name=”AuthenticationMethod” type=”anyURI”
use=”required”/>
<attribute name=”AuthenticationInstant” type=”dateTime”
use=”required”/>
</extension>
</complexContent>
</complexType>
Attribute Statement
The attribute statement returns the attributes that the issuer of the assertion
asserts are associated with the Subject identified in the common portion of
the assertion. The schema definition of an attribute is:
<element name=”AttributeStatement”
type=”saml:AttributeStatementType”/>
<complexType name=”AttributeStatementType”>
<complexContent>
<extension base=”saml:SubjectStatementAbstractType”>
<sequence>
<element ref=”saml:Attribute” maxOccurs=”unbounded”/>
160
160
</sequence> Internet and Web Security
</extension>
</complexContent>
</complexType>
The attribute element contains the AttributeValues as shown below:
<element name=”Attribute” type=”saml:AttributeType”/>
<complexType name=”AttributeType”>
<complexContent>
<extension base=”saml:AttributeDesignatorType”>
<sequence>
<element ref=”saml:AttributeValue” maxOccurs=”unbounded”/>
</sequence>
</extension>
</complexContent>
</complexType>
Authorization Statement
SAML authorization deals with conveying the decision on whether some
action or actions may be performed on some resource.
The infrastructure for authorization may be complex, SAML does define
a few additional constructs that can be involved in an authorization
decision
These are a Policy Enforcement Point (PEP) : Responsible for enforcing
the results of an authorization decision.
Poliy Decision Point (PDP): The authorization decision is carried out in
this.
In order to satisfy an authorization request the PEP makes a request on the
PDP, passing authentication and/or attribute assertions as evidence that the
PDP can use to make an authorization decision. A fragment of the
authorization statement is presented below:
<element name=”AuthorizationDecisionStatement”
type=”saml:AuthorizationDecisionStatementType”/>
<complexType name=”AuthorizationDecisionStatementType”>
<complexContent>
<extension base=”saml:SubjectStatementAbstractType”>
<sequence>
<element ref=”saml:Action” “maxOccurs =”unbounded”/>
<element ref=”saml:Evidence” minOccurs=”0/>
</sequence>
<attribute name=”Resource” type=”anyURI” use=”required”/>
<attribute name=”Decision”type=”saml:DecisionType “use=”required”/>
</extension>
</complexContent>
</complexType> 161
Information Security 9.7 BROWSER ATTACKS
• Accessing host files: Certain attacks allow the browser to send files
to an attacker. These files may contain personal information, such as
banking data, or system information, such as passwords.
• Denial of Service
• Phishing Attack
• Brute-Force
• SQL Injection
• Eavesdropping Attacks
• Birthday Attacks
Denial of Service
164
164
SQL commands are inserted into data-plane input so as to run predefined Internet and Web Security
SQL commands.
Eavesdropping Attacks:
Eavesdropping attacks occur through the interception of network traffic.
By eavesdropping, an offender will get passwords, Mastercard numbers
and different wind that a user could be causing over the network.
Passive eavesdropping: A hacker detects the data by paying attention to
the message transmission within the network
Birthday Attacks:
Birthday attacks are created against hash algorithms to verify the integrity
of a message, code or digital signature.
A message processed by a hash perform produces a message digest (MD)
of fastened length, freelance of the length of the input message; this MD
unambiguously characterizes the message.
Spoofing
IP spoofing is used by an intruder to convince a system that it is
communicating with a known, trusted entity to provide the intruder with
access to the system.
IP spoofing involves an alteration of a packet at the TCP level, which is
used to attack Internet-connected systems that provide various TCP/IP
services.
The attacker sends a packet with an IP source address of a known, trusted
host instead of its own IP source address to a target host.
The user may accept the packet and act upon it.
Port scanning
A cracker can use scanning software to determine which hosts are active
and which are down to avoid wasting time on inactive hosts.
A port scan can gather data about a single host or hosts within a subnet A
scan can be implemented using the Ping utility.
After determining which hosts and associated ports are active, the cracker
will initiate different types of probes on the active ports.
Examples of probes are Gathering information from the Domain Name
System (DNS), Determining the network services that are available, such
as e-mail, FTP, and remote logon and Determining the type and release of
the operating system
165
Information Security Dumpster diving
Dumpster diving involves the acquisition of information that is discarded
by an individual or organization.
Information found in trash is very valuable to a cracker. Because the
discarded information may include technical manuals, password lists,
telephone numbers, and organization charts.
It is important to note that one requirement for information to be treated as
a trade secret is that the information be protected and not revealed to any
unauthorized individuals.
9.10 SUMMARY
9.11 REFERENCES
167
10
Information Security
FIREWALL
Unit Structure
10.0 Objectives
10.1 Introduction
10.2 Firewall Characteristics
10.3 Types of Firewalls
10.4 Attacks of Packet Filter
10.5 Bastion Host
10.6 Firewall Configurations
10.7 Limitations of Firewall
10.8 Summary
10.9 Bibliography
10.10 Exercises
10.0 OBJECTIVES
10.1 INTRODUCTION
The dramatic rise and progress of the Internet has opened possibilities that
no one would have thought of. We can connect any computer in the world
to any other computer, no matter how far the two are located from each
other. This can be a nightmare for network support staff, which is left with
a very difficult job of trying to protect the corporate networks from a
variety of attacks.
Most corporations have large amounts of valuable and confidential data in
their networks. Leaking of this critical information to competitors can be a
great setback.
168
168
Internet connectivity is no longer optional for organizations. Firewall
The information and services available are essential to the organization.
Moreover, individual users within the organization want and need Internet
access, and if this is not provided via their LAN, they will use dial-up
capability from their PC to an Internet service provider (ISP). However,
while Internet access provides benefits to the organization, it enables the
outside world to reach and interact with local network assets.
This creates a threat to the organization. While it is possible to equip each
workstation and server on the premises network with strong security
features, such as intrusion protection, this is not a practical approach.
Consider a network with hundreds or even thousands of systems, running
a mix of various versions of UNIX, plus Windows. When a security flaw
is discovered, each potentially affected system must be upgraded to fix
that flaw. The alternative, increasingly accepted, is the firewall.
A firewall can be simple a router that is used to filter the packets or a
complex multi-computer, multi-router solution that performs filtering of
packets along with application-level proxy services. A firewall is
essentially a router or a group of routers and computers to enforce access
control between two networks.
A firewall can be through of as a pair of mechanisms: allow, which
permits traffic and deny, which blocks traffic. There are some firewalls
which emphasize on blocking traffic, while others emphasize on
permitting traffic.
Apart from the danger of the insider information leaking out, there is a
great danger of the outside elements like viruses and worms entering a
corporate network to create havoc.
Firewalls are the first line of defence between the internal network and
untrusted networks like the Internet. A firewall is a combination of
software and hardware used to maintain security of a private network by
applying security policies at two or more network boundaries. Firewalls
are incorporated into a wide variety of networked devices to filter traffic
and lower the risk that malicious packets travelling over the public internet
can impact the security of private network. First introduced conceptually
in the late 1980s in a whitepaper from Digital Equipment Corporation,
“firewalls” provided a then new and important function to the rapidly
growing networks of the day.
The design goals include
All traffic from inside to outside a network must be pass through a
firewall.
Only authorized traffic will be allowed to pass from a firewall.
The firewall itself must be strong enough, so as to render attacks on it
useless.
169
Information Security
• Service Control
• Direction Control
• User Control
• Behaviour Control
● Service Control: Determines the types of Internet services that can
be accessed by the network user. The inbound or outbound traffic
may be filtered based on the basis of IP address and TCP port
number. It can be implemented by proxy software or host on the
server software.
● Direction control: Determines the direction such as inbound or
outbound in which particular service requests are allowed to flow
through the Firewall.
● User control: Controls access to a service according to the user.
Each user will have a ACLs indicates their level of access. Based on
ACL the user traffic may allowed or denied. This feature is typically
applied to users inside the private network to control outbound
traffic. It may also be applied to incoming traffic from external
users, but it needs authentication technique
170
170
● Behavior control: It makes use of statistical data to control the Firewall
traffic. Controls how particular services are used (e.g. filter e-mail to
eliminate spam), or it may enable external access to only a portion of
the information on a local Web server.
172
172
Disadvantages: Firewall
174
174
10.4 ATTACKS OF PACKET FILTER Firewall
IP address spoofing: The intruder transmits packets from the outside with
a source IP address field containing an address of an internal host. The
attacker hopes that the use of a spoofed address will allow penetration of
systems that employ simple source address security, in which packets
from specific trusted internal hosts are accepted. The countermeasure is to
discard packets with an inside source address if the packet arrives on an
external interface.
Source routing attacks: The source station specifies the route that a
packet should take as it crosses the Internet, in the hopes that this will
bypass security measures that do not analyze the source routing
information. The countermeasure is to discard all packets that use this
option.
Tiny fragment attacks: The intruder uses the IP fragmentation option to
create extremely small fragments and force the TCP header information
into a separate packet fragment. This attack is designed to circumvent
filtering rules that depend on TCP header information. Typically, a packet
filter will make a filtering decision on the first fragment of a packet.
All subsequent fragments of that packet are filtered out solely on the basis
that they are part of the packet whose first fragment was rejected. The
attacker hopes that the filtering router examines only the first fragment
and that the remaining fragments are passed through.
A tiny fragment attack can be defeated by enforcing a rule that the first
fragment of a packet must contain a predefined minimum amount of the
transport header. If the first fragment is rejected, the filter can remember
the packet and discard all subsequent fragments.
Firewall
Configurations
176
176
Screened Host Firewall, Single Homed Bastion: Firewall
177
Information Security
178
178
10.7 LIMITATIONS OF FIREWALL Firewall
10.8 SUMMARY
10.9 BIBLIOGRAPHY
179
Information Security 10.10 EXERCISES
180
180
11
INTRUSION
Unit Structure
11.1 Objective
11.2 Introduction
11.3 What is Intrusion,
11.4 Intruders,
11.5 Intrusion Detection,
11.6 Behavior of Authorized user and Intruder,
11.7 Approaches for Intrusion Detection: Statistical Anomaly Detection
and Rule based Detection.
11.8 Audit Record and Audit Record Analysis.
11.9 Summary
11.10 Reference for further reading
11.11 Unit End Exercises
11.1 OBJECTIVE
11.2 INTRODUCTION
11.4 INTRUDERS:
• Intruders are the person who has unauthorized access to the network.
• This is one of the two most publicized threats to security is the
intruder & the other is viruses, frequently referred to as a hacker or
cracker.
• There are different type of intruders:
1. Masquerader: An individual person who is not authorized to
use the computer and who penetrates a system’s access
controls to exploit a legitimate user’s account. Generally it is
an outsider.
182
182
2. Misfeasor: A allowable user who accesses data, programs, or Intrusion
resources for which such access is not authorized, or who is
authorized for such types of access but misuses his or her
privileges.
3. Clandestine user: It refers to the user who seizes supervisory
control of the system and uses this control to evade auditing
and access controls or to suppress audit collection. It may be
an insider or outsider.
● The masquerader is mostly from an outsider; the misfeasor generally
is an insider; and the clandestine user can be either an outsider or an
insider. Intruder attacks range from the warm hearted to the serious.
At the benign end of the scale, there are many people who simply
wish to explore the internet and see what is out there. At the serious
end are individuals or a person who are intercepting to read special
rights data, perform unauthorized modifications to data, or disrupt
the system. lists the following examples of intrusion:
1. Performing a remote root compromise of an e-mail server
2. Defacing a Web server
3. Guessing and cracking passwords.
4. Copying a database containing credit card numbers.
5. Viewing sensitive data, including payroll records and medical
information, without authorization or login.
6. Running a packet sniffer application on a workstation to
capture usernames and passwords.
7. Using a permission error on an anonymous FTP server to give
out pirated software and music files Dialing into an unsecured
modem and gaining internal network access.
8. Present as an executive, calling the help desk, resetting the
executive’s email password, and learning the new password.
9. Using an unattended, logged-in workstation without
permission.
184
184
Intrusion
• Fault tolerance:
• Timeliness:
185
Information Security • This implies more than the measure of performance
because it not only encompasses the intrinsic processing
speed of the intrusion-detection system, but also the time
required to propagate the information and react to it.
186
186
Intrusion
187
Information Security
• Limitations
• Example:
A good example of detection-specific audit records is one developed
by Dorothy Denning. Each audit record contains the following
fields:
• Subject: Initiators of actions. A subject is typically a terminal
user but might also be a process acting on behalf of users or
groups of users.All activity arises through commands issued
by subjects. Subjects may be grouped into different access
classes, and these classes may overlap.
• Action: Operation performed by the subject on or with an
object; for example, login, read, perform I/O, execute.
• Object: Receptors of actions. Examples include files,
programs, messages, records, terminals, printers, and user- or
program-created structures. When a subject is the recipient of
an action, such as electronic mail, then that subject is
considered an object. Objects may be grouped by type. Object
granularity may vary by object type and by environment. For
example, database actions may be audited for the database as a
whole or at the record level.
• Exception-Condition: Denotes which, if any, exception
condition is raised on return.
• Resource-Usage: A list of quantitative elements in which each
element gives the amount used of some resource (e.g., number
of lines printed or displayed, number of records read or
written, processor time, I/O units used, session elapsed time).
• Time-Stamp: Unique time-and-date stamp identifying when
the action took place. Most user operations are made up of a
number of elementary actions.
For example, a file copy involves the execution of the user command,
which includes doing access validation and setting up the copy, plus the
read from one file, plus the write to another file. Consider the command
189
Information Security COPY GAME.EXE TO <Libray>GAME.EXE
issued by Smith to copy an executable file GAME from the current
directory to the directory. The following audit records may be generated:
In this case, the copy is aborted because Smith does not have write
permission to .
191
12
Information Security
DATABASE AND OS
SECURITY
Unit Structure
12.0 Objectives
12.1 Introduction to Database and OS
12.2 What is Database Security?
12.2.1 Security requirements of database
12.2.2 Sensitive data
12.2.3 Threats to Databases
12.3 Control Measures
12.3.1 Database access control
12.3.2 Inference control
12.3.3 Flow control
12.3.4 Encryption
12.4 Security in operating systems
12.4.1 Operating System Structure
12.4.2 Security Features of Ordinary Operating Systems
12.4.3 Operating System Tools to Implement Security Functions
12.5 Rootkit
12.5.1 Phone Rootkit
12.5.2 Sony XCP Rootkit
12.5.3 TDSS Rootkits
12.6 Let us Sum Up
12.7 List of References
12.8 Unit End Exercises
Self learning topics:
Cryptographic Toolkits, Denial of Service attack
• Database is a collection of data and set of rules that organize the data
by specifying certain relationships among data.
• Through these rules, the user describes a logical format for the data.
• The user interacts with the data base through a program called a
database manager or database management system (DBMS)
informally known as a front end.
Advantages of Using Databases
193
Information Security 12.2 WHAT IS DATABASE SECURITY?
197
Information Security
198
198
• Inference detection at query time: This approach seeks to Database and
OS security
eliminate an inference channel violation during a query or series of
queries. If an inference channel is detected, the query is denied or
altered.
12.3.3 FLOW CONTROL
Distributed systems encompass a lot of data flow from one site to another
and also within a site. Flow control prevents data from being transferred in
such a way that it can be accessed by unauthorized agents. A flow policy
lists out the channels through which information can flow. It also defines
security classes for data as well as transactions. Prevents information from
flowing in such a way that it reaches unauthorized users. Suitable for
database over multiuser system or network.
Flow control checks that information contained in some data objects does
not flow (explicitly or implicitly) into less protected objects.
199
Information Security In this chapter a brief overview of operating system designs. We continue
by examining aspects of operating system design that enhance security.
Finally, we consider rootkits, the most serious compromise of an operating
system; with such an exploit the attacker undermines the entire operating
system and thus all the security protections it is expected to provide.
The operating system is the fundamental controller of all system
resources—which makes it a primary target of attack, as well.
When the operating system initializes at system boot time, it initiates tasks
in an orderly sequence, such as, first, primitive functions and device
drivers, then process controllers, followed by file and memory
management routines and finally, the user interface. To establish security,
early tasks establish a firm defense to constrain later tasks. Primitive
operating system functions, such as interprocess communication and basic
input and output, must precede more complex structures such as files,
directories, and memory segments, in part because these primitive
functions are necessary to implement the latter constructs, and also
because basic communication is necessary so that different operating
system functions can communicate with each other. Antivirus applications
are usually initiated late because they are add-ons to the operating system;
still, antivirus code must be in control before the operating system allows
access to new objects that might contain viruses. Clearly, prevention
software can protect only if it is active before the malicious code.
But what if the malware embeds itself in the operating system, such that it
is active before operating system components that might detect or block
it? Or what if the malware can circumvent or take over other parts of the
operating system? This sequencing leads to an important vulnerability:
Gaining control before the protector means that the protector’s power is
limited. In that case, the attacker has near-complete control of the system:
The malicious code is undetectable and unstoppable. Because the malware
operates with the privileges of the root of the operating system, it is called
a rootkit. Although embedding a rootkit within the operating system is
difficult, a successful effort is certainly worth it. We examine rootkits later
in this chapter. Before we can study that class of malware, we must first
consider the components from which operating systems are composed.
12.4.1 OPERATING SYSTEM STRUCTURE
Every operating system has its own internal structure in terms of file
arrangement, memory management, storage management, etc., and the
entire performance of the system depends on its structure. The internal
structure of operating system provides an idea of how the components of
the operating system are interconnected and blended into kernel. This
section discusses various system structures that have evolved with time.
Some approaches of Operating System are:
1. Simple Structure
2. Monolithic Systems
200
200 3. Layered Systems
4. Microkernels Database and
OS security
5. Client-Server Model
6. Virtual Machines
7. Exokernels
1. Simple Structure:
OS started as small, simple, and limited systems and then grew beyond
their original scope. MS- DOS is an example of such a system. Early
operating systems were developed with an elementary approach without
much concern about the structure. In this approach, the structure of the
operating systems was not well-defined. The operating systems were
monolithic, written as a collection of procedures where each procedure is
free to call any other procedure. An example of operating systems
designed with this approach is MS-DOS. Initially, MS-DOS was designed
as a small-size and simple system, and with limited scope, but grew
beyond its scope with time. It was designed with the idea of providing
more functionality within less space; therefore, it was not carefully
divided into modules. Figure shows the structure of the MS-DOS system.
202
202
Database and
OS security
203
Information Security Disadvantage: Performance decrease due to increased system function
overhead.
206
206
Database and
OS security
• Guaranteed fair service. All users expect CPU usage and other
service to be provided so that no user is indefinitely starved from
receiving service. Hardware clocks combine with scheduling
disciplines to provide fairness. Hardware facilities and data tables
combine to provide control. 207
Information Security • Interface to hardware. All users access hardware functionality. Fair
access and controlled sharing are hallmarks of multitask operating
systems (those running more than one task concurrently), but a more
elementary need is that users require access to devices,
communications lines, hardware clocks, and processors. Few users
access these hardware resources directly, but all users employ such
things through programs and utility functions. Hardware interface
used to be more tightly bound into an operating system’s design;
now, however, operating systems are designed to run on a range of
hardware platforms, both to maximize the size of the potential
market and to position the operating system for hardware design
enhancements.
• File and I/O device access control. The operating system must
protect user and system files from access by unauthorized users.
Similarly, I/O device use must be protected. Data protection is
usually achieved by table lookup, as with an access control matrix.
208
208
12.4.3 OPERATING SYSTEM TOOLS TO IMPLEMENT Database and
OS security
SECURITY FUNCTIONS
In this section we consider how an operating system actually implements
the security functions for general objects of unspecified types, such as
files, devices, or lists, memory objects, databases, or sharable tables.
Operating systems implement both the underlying tables supporting access
control and the mechanisms that check for acceptable uses.
Important operating system function related to the access control function
is audit: a log of which subject accessed which object when and in what
manner. Auditing is a tool for reacting after a security breach, not for
preventing one. If critical information is leaked, an audit log may help to
determine exactly what information has been compromised and perhaps
by whom and when. Such knowledge can help limit the damage of the
breach and also help prevent future incidents by illuminating what went
wrong this time.
Audit logs show what happened in an incident; analysis of logs can
guide prevention of future successful strikes.
An operating system cannot log every action because of the volume of
such data. This is too much data impedes timely and critical analysis.
Virtualization
Another important operating system security technique is virtualization,
providing the appearance of one set of resources by using different
resources. If you present a plate of cookies to a group of children, the
cookies will likely all disappear. If you hide the cookies and put them out
a few at a time you limit the children’s access. Operating systems can do
the same thing.
Virtual Machine
Suppose one set of users, call it the A set, is to be allowed to access only
A data, and different users, the B set, can access only B data. We can
implement this separation easily and reliably with two unconnected
machines. But for performance, economic, or efficiency reasons, that
approach may not be desirable. If the A and B sets overlap, strict
separation is impossible.
Another approach is virtualization, in which the operating system
presents each user with just the resources that class of user should see. To
an A user, the machine, called a virtual machine, contains only the A
resources. It could seem to the A user as if there is a disk drive, for
example, with only the A data. The A user is unable to get to or even
know of the existence of B resources, because the A user has no way to
formulate a command that would expose those resources, just as if they
were on a separate machine.
209
Information Security Virtualization: presenting a user the appearance of a system with only
the resources the user is entitled to use.
Virtualization has advantages other than for security. With virtual
machines, an operating system can simulate the effect of one device by
using another. So, for example, if an installation decides to replace local
disk devices with cloud-based storage, neither the users nor their programs
need make any change; the operating system virtualizes the disk drives by
covertly modifying each disk access command so the new commands
retrieve and pass along the right data.
Hypervisor
A hypervisor, or virtual machine monitor, is the software that
implements a virtual machine. It receives all user access requests, directly
passes along those that apply to real resources the user is allowed to
access, and redirects other requests to the virtualized resources.
Virtualization can apply to operating systems as well as to other resources.
Thus, for example, one virtual machine could run the operating system of
an earlier, outdated machine. Instead of maintaining compatibility with old
operating systems, developers would like people to transition to a new
system. However, installations with a large investment in the old system
might prefer to make the transition gradually; to be sure the new system
works, system managers may choose to run both old and new systems in
parallel, so that if the new system fails for any reason, the old system
provides uninterrupted use. In fact, for a large enough investment, some
installations might prefer to never switch. With a hypervisor to run the old
system, all legacy applications and systems work properly on the new
system.
A hypervisor can also support two or more operating systems
simultaneously. Suppose you are developing an operating system for a
new hardware platform; the hardware will not be ready for some time, but
when it is available, at the same time you want to have an operating
system that can run on it. Alas, you have no machine on which to develop
and test your new system. The solution is a virtual machine monitor that
simulates the entire effect of the new hardware. It receives system calls
from your new operating system and responds just as would the real
hardware. Your operating system cannot detect that it is running in a
software-controlled environment.
This controlled environment has obvious security advantages: Consider a
law firm working on both defense and prosecution of the same case. To
install two separate computing networks and computing systems for the
two teams is infeasible, especially considering that the teams could
legitimately share common resources (access to a library or use of
common billing and scheduling functions, for example). Two virtual
machines with both separation and overlap support these two sides
effectively and securely.
210
210
Sandbox Database and
OS security
A concept similar to virtualization is the notion of a sandbox. As its name
implies, a sandbox is a protected environment in which a program can run
and not endanger anything else on the system.
Sandbox: an environment from which a process can have only limited,
controlled impact on outside resources
The original design of the Java system was based on the sandbox concept,
skillfully led by Li Gong. The designers of Java intended the system to run
code, called applets, downloaded from untrusted sources such as the
Internet. Java trusts locally derived code with full access to sensitive
system resources (such as files). It does not, however, trust downloaded
remote code; for that code Java provides a sandbox, limited resources that
cannot cause negative effects outside the sandbox. The idea behind this
design was that web sites could have code execute remotely (on local
machines) to display complex content on web browsers.
Java compilers and a tool called a byte code verifier ensure that the system
executes only well-formed Java commands. A class loader utility is part of
the virtual machine monitor to constrain untrusted applets to the safe
sandbox space. Finally, the Java Virtual Machine serves as a reference
monitor to mediate all access requests. The Java runtime environment is a
kind of virtual machine that presents untrusted applets with an
unescapable bounded subset of system resources.
Unfortunately, the original Java design proved too restrictive; people
wanted applets to be able to access some resource outside the sandbox.
Opening the sandbox became a weak spot, as you can well appreciate. A
subsequent release of the Java system allowed signed applets to have
access to most other system resources, which became potential and soon
actual security vulnerability. Still, the original concept showed the security
strength of a sandbox as a virtual machine.
Honeypot
A final example of a virtual machine for security is the honeypot. A
honeypot is a faux environment intended to lure an attacker. Usually
employed in a network, a honeypot shows a limited (safe) set of resources
for the attacker; meanwhile, administrators monitor the attacker’s
activities in real time to learn more about the attacker’s objectives, tools,
techniques, and weaknesses, and then use this knowledge to defend
systems effectively.
Honeypot: system to lure an attacker into an environment that can be
both controlled and monitored
Cliff Stoll and Bill Cheswick both employed this form of honeypot to
engage with their separate attackers. The attackers were interested in
sensitive data, especially to identify vulnerabilities (presumably to exploit
211
Information Security later). In these cases, the researchers engaged with the attacker, supplying
real or false results in real time.
12.5 ROOTKIT
In the UNIX operating system root is the identity of the most powerful
user, owning sensitive system resources such as memory and performing
powerful actions such as creating users and killing processes. The identity
root is not normally a user with login credentials; instead it is the name of
the entity (subject) established to own and run all primitive system tasks
(and these tasks create the remaining user identities such as admin and
ordinary users). Thus, compromising becoming a task with root privilege
is a hacker’s ultimate goal because from that position the hacker has
complete and unrestricted system control.
Root: most privileged subject (in a UNIX system)
As you have seen, there are two types of attackers: those who craft new
attacks and those who merely execute someone else’s brainchild. The
latter far outnumber the former, but the new attacks are especially
troublesome because they are new, and therefore unknown to protection
tools and response teams. People who execute attack code from someone
else are sometimes pejoratively called “script kiddies” because they
simply execute someone else’s attack script or package. An attack package
that attains root status is called a rootkit. In this section we look at rootkits
to see how the power of root can be used to cause serious and hard-to-
eradicate harm.
Rootkit: Tool or script that obtains privileges of root
12.5 .1 Phone Rootkit
Researchers at Rutgers University demonstrated an ability to load a rootkit
onto a mobile phone. The operating system of a mobile phone is rather
simple, although Smartphone with their rich functionality demand a more
complex operating system to support a graphical user interface,
downloadable applications, and files of associated data. The complexity of
the operating system led to more opportunities for attack and, ultimately, a
rootkit. Rootkits can exist on any operating system; the Rutgers
researchers chose to investigate this platform because it is relatively
simple and many users forget or are unaware it is an operating system that
can be compromised. The points in this research apply equally to
operating systems for more traditional computers.
212
212
In one test, the researchers demonstrated a rootkit that could turn on a Database and
OS security
phone’s microphone without the owner’s knowing it happened. In such a
case, the attacker would send an invisible text message to the infected
phone, telling it to place a call and turn on the microphone; imagine the
impact of such an attack when the phone’s owner is in a meeting on which
the attacker wants to eavesdrop.
In another demonstration, these same researchers displayed a rootkit that
responds to a text query by relaying the phone’s location as furnished by
its GPS receiver. This would enable an attacker to track the owner’s
whereabouts.
In a third test, the researchers showed a rootkit that could turn on power-
hungry capabilities such as the Bluetooth radio and GPS receiver to
quickly drain the battery. People depend on cell phones for emergencies.
Imagine a scenario in which the attacker wants to prevent the victim from
calling for help, for example, when the attacker is chasing the victim in a
car. If the phone’s battery is dead, the cell phone cannot summon help.
The worst part of these three attacks is that they are effectively
undetectable: The cell phone’s interface seems no different to the user
who is unaware of danger. The rootkit can thus perform actions normally
reserved for the operating system but does so without the user’s
knowledge. A rootkit is a variation on the virus theme. A rootkit is a piece
of malicious code that goes to great lengths not to be discovered or, if
discovered and removed, to reestablish itself whenever possible. The name
rootkit refers to the code’s attempt to operate as root, the ultra-privileged
user of a Unix system, so-named because the most critical and
fundamental parts of the Unix operating system are called root functions.
Put yourself in the mind of an attacker. If you want persistency, you want
an attack that is really difficult to detect so your victim cannot find and try
to eradicate your code.
Two conditions can help you remain undiscovered: your code executing
before other programs that might block your execution and you’re not
being detected as a file or process. You can achieve these two goals
together. Being in control early in the system boot cycle would allow you
to control the other system defenses instead of their controlling you. If
your code is introduced early enough, it can override other normal system
functions that would detect its presence.
12.5.2 SONY XCP ROOTKIT
A computer security expert named Mark Russinovich developed a rootkit
revealer, which he ran on one of his systems. Instead of using a high-level
utility program like the file manager to inventory all files, Russinovich
wrote code that called the NTQueryDirectoryObject function directly.
Summing the file sizes in his program, he compared the directory size
against what the file manager reported; a discrepancy led him to look
further. He was surprised to find a rootkit. On further investigation he
determined the rootkit had been installed when he loaded and played a
Sony music CD on his computer. 213
Information Security Princeton University researchers Edward Felten and Alex Halderman
extensively examined this rootkit, named XCP (short for extended copy
protection).
What XCP Does
The XCP rootkit was installed (automatically and without the user’s
knowledge) from the Sony music CD to prevent a user from copying the
tunes, while allowing the CD to be played as audio. To do this, it includes
its own special music player that is allowed to play the CD. But XCP
interferes with any other access to the protected music CD by garbling the
result any other process would obtain in trying to read from the CD. The
rootkit scrambled the result so that it was meaningless as music and passed
that uninterruptable result to the calling application.
The rootkit has to install itself when the CD is first inserted in the PC’s
drive. To do this, XCP depends on a “helpful” feature of Windows: With
the “autorun” feature, Windows looks on each newly inserted CD for a file
with a specific name, and if it finds that, it opens and executes the file
without the user’s involvement. (The file name can be configured in
Windows, although it is autorun.exe by default.) You can disable the
autorun feature. XCP has to hide from the user so that the user cannot just
remove or disable it. So the rootkit does as we just described: It blocks
display of any program whose name begins with $sys$ (which is how it is
named). Unfortunately for Sony, this feature concealed not just XCP but
any program beginning with $sys$ from any source, malicious or not. So
any virus writer could conceal a virus just by naming it $sys$virus-1, for
example.
Sony did two things wrong: First, as we just observed, it distributed code
that inadvertently opens an unsuspecting user’s system to possible
infection by other writers of malicious code. Second, Sony installs that
code without the user’s knowledge, much less consent, and it employs
strategies to prevent the code’s removal.
Patching the Penetration
Why “penetrate and patch” was abandoned as a security strategy? Among
other reasons, the pressure for a quick repair sometimes leads to
shortsighted solutions that address the immediate situation and not the
underlying cause: Fixing one fault often causes a failure somewhere else.
Sony’s uninstaller itself opened serious security holes. It was presented as
a web page that downloaded and executed the uninstaller. But the
programmers did not check what code they were executing, and so the
web page would run any code from any source, not just the intended
uninstaller. And worse, the code to perform downloads and installations
remained on the system even after XCP was uninstalled, meaning that the
vulnerability persisted. (In fact, Sony used two different rootkits from two
different sources and, remarkably, the uninstallers for both rootkits had
this same vulnerability.) How many computers were infected by this
rootkit? Nobody knows for sure.
214
214
Security researcher Dan Kaminsky found 500,000 references in DNS Database and
OS security
tables to the site the rootkit contacts, but some of those DNS entries could
support accesses by hundreds or thousands of computers. How many users
of computers on which the rootkit was installed are aware of it? Again
nobody knows, nor does anybody know how many of those installations
might not yet have been removed. An interesting analysis of this situation,
examining how digital rights management (copy protection for digital
media such as music CDs) leads to requirements similar to those for a
malicious code developer. The full potential range of rootkit behavior as a
way of determining how to defend against them. Automatic software
updates, antivirus tools, spyware, even applications all do things without
the user’s express permission or even knowledge. They also sometimes
conspire against the user: Sony worked with major antivirus vendors so its
rootkit would not be detected, because keeping the user uninformed was
better for all of them, or so Sony and the vendors thought.
First, it installed filter code in the stack of drivers associated with access to
each disk device. These filters drop all references to files whose names
begin with “tdl,” the file name prefix TDL uses for all its files. With these
filters, TDL-1 can install as many files as it requires, anywhere on any
disk volume. Furthermore, the filters block direct access to any disk
volume, and other filters limit access to network ports, all by installation
of malicious drivers, the operating system routines that handle
communication with devices. The Windows registry, the database of
critical system information, is loaded with entries to cause these malicious
drivers to reload on every system startup.
The TDL-1 rootkit hides these registry values by modifying the system
function NTEnumerateKey, used to list data items (keys) in the registry.
The modification replaces the first few bytes of the system function with a
jump instruction to transfer to the rootkit function, which skips over any
rootkit keys before returning control to the normal system function.
Modifying code by inserting a jump to an extension is called splicing, and
a driver infected this way is said to have been hooked. Splicing: a
technique allowing third-party code to be invoked to service interrupts and
device driver calls.
215
Information Security In early 2009, the second version, TDL-2 appeared. Functionality and
operation were similar to those of TDL-1, the principal difference being
that the code itself was obscured by scrambling, encrypted, and padded
with nonsense data such as words from Hamlet. Later that year, the TDSS
developers unleashed TDL-3. Becoming even more sophisticated, TDL-3
implemented its own file system so that it could be completely
independent of the regular Windows functions for managing files using
FAT (file allocation table) or NTFS (NT file system) technology
[DRW09]. The rootkit hooked to a convenient driver, typically atapi.sys,
the driver for IDE hard disk drives, although it could also hook to the
kernel, according to Microsoft’s Johnson. At this point, TDSS developers
introduced command-and-control servers with which the rootkit
communicates to receive work assignments and to return data collected or
other results.
217
Information Security 10. Write short notes on the following:
(a) Exokernel
(b) Virtual machines
(c) Layered Structure
11. Explain Security Features of Ordinary Operating Systems.
12. Explain any two Operating System Tools to Implement Security
Functions.
13. What is Rootkit? Give Example.
14. Write short notes on the following:
a. Phone Rootkit
b. Sony XCP Rootkit
c. TDSS Rootkits
218
218