SYLLABUS Network Security - [ccs354] INTRODUCTION UNIT key eryptography, hash functions, AUTHENTICATION Key Distribution, Distribution of Public Remote User KEY MANAGEMENT AND uNITIL Distribution + Symi Kerberos Systems, Remote User Authentication Using Asymmetric Encryption. (Chapter - 2) ACCESS CONTROL AND SECURITY Access Control: Network Access Control, Extensible Authen! + Internet Key Ex s, Secure Sockets Layer, Transport ion. (Chapter =3) UNIT IL Network 802.1X Port-Based Network Access’ Control - IP Seca Transpor-Level Sceurity : Wed Secutty Conse Layer Security, HTTPS standard, Secure Sell (SSH) app UNITIV APPLICATION LAYER SECURITY Electronic Mail Security : Pretty Good Privacy, S/MIME, Domain Keys Identified Mail Wireless Network Security : Mobile Device Security. (Chapter - 4) UNITV SECURITY PRACTICES ion Systems : Intrusion Detection Password Management, Eg Z : Characteristics Types of Firewalls, Firewall Basing, Firewall Location and oud Sccurity and ToT security. (Chapter - 5) TABLE OF CONTENTS AUER: Chapter -1 Introduction (1-1) to (- 60) 1.1. Basics of Cryptography 1-2 1.1.1. Basie Terminologies in Secur 1-2 1-3 1.1.2 Categories, 4.1.3 Techniques... 1.1.4. Elements of information Security, 1.1.5 Threats and Vuinerabil 1.1.6 Cryptography. 1.2. AModel for Network Security. 1.3. Conventional Cryptography 1.3.1. Advantages of Symmetric Ciphers... 1.3.2 Disadvantages of Symmetric Ciphers 1.4 Public-key Cryptography .... 1.4.1 Advantages and Disadvantages... 1.4.2. Comparison between Public Key and Private Key Algorithm. 1S. Security Attacks... 15.1. Passive Attack 15.2 Active Attack. 1.52.1 ifference between Passive and Active Attack a-19 1.5.3. Man-in-the-Middle Attack.. 1-20 1.6 Hash Function. 1-21 1.6.1. Requirements of Hash Functions. 1-22 1.6.2 Applications of Hash Function... eel 1.6.3 Birthday Attack 3-28 1-26 1.6.5 Secure of Hash Function and HMAC. 01.6.6 HMAC. 1-31 11.6.7 CMAC. Ma 41.68 Secure Hash Algorithm ; 1-33 169. Secure Hash Algorithm (SHA-S12).. 1.7 Authentication. 1.721 Authentication Requirements 1.72. Authentication Function. 1-41 173 MAC: 1-46 18 1-50 1.8: Arbitrated Digital Signatures, 4-51 1.82 Direct Digital Signature, 1-51 1.8.3 Digital Signature Standards . poems LSD 1.84 Digital Signature Algorithm. a a 1-53 1 .9 Two Marks Questions with Answers UNE Chapt 2 (er-2 Key Management and Authentication (2 - 1) to (2 - 40) 1 Key Management and Distribution . 22-2 25.1 Mutual Authentication 25.2 One Way Authentication 252.1. Password based Authentieation 2.6 Remote User-Authentication using Symmetric Encryption, 2.7 Remote User-Authent jon Using Asymmetric Encryption... 2.8 Kerberos Systems 2.8.1 Kerberos Terminology 2.8.2 Kerberos Version 4 2.82.1. Simple Authentication Dialogue 2-30 2.8.2.2 Secure Authentication Dialogue nnn ee 2.82.3. Kerberos Realms 2-32 2.8.3 Kerberos Version.» 2-33 2.83.1 Version Authentication Dialogue. 2-33 2.8.4 Comparison between Kerberos Versions 4 and 5. 2-34 2.85. Strengths of Kerberos. 2.8.6 Weakness of Kerberos. 2.8.7 Difference between Kerberos and SSL... 2.9 Two Marks Questions with Answers .. 2.1.1 Distribution of Public Keys... 2.2 Saisie E 2.1.2 Distribution of Secret Keys using Public Key Cryptography 2-5 — ae 2.1.3 Key Distribution and Certification 2-7 Chapter-3 Access Control and Security (8 - 1) to (3 - 34) 2.14 Key Distribution A y Distrib 2-1 3.1. Network Access Contral.. 22 enti X.509 Certificates... 2-15 3.1.1. Extensible Authentication Protocol 23 ormat of Certificate 24 X09 Format of Certiticat 2-15 3.1.2. Advantages Network Access Control 222 Obtaining User's Certfeat ne 2-16 3.2. IEEE 802.1X Port - based Network Access Contral.... ae 2.23 Revocation of Certificates. a 2-7 2.2.8 Authentication Procedures, 2-17 eee pe me 3.3.1 IP Security Architecture 2-18 3.3.2. IPSec Document. 2.4 User Authentication a 2-23 3.33 IPSec Services... 5 Remote User Authentication Pri entiation Principles Saen 3.3.4 Security Association. ry io3.38 SA Parameters 43.36: Transport Mode. 33.7 Tunnel Mode, 3.38 Application of PSeC-~ 339 Benefits of IPSEC 3.4. Authentication Header 34. AH Transport Mode. 3442. AH Tunnel Mode 35 ESP. 35.1 ESP Formato 3.5.2 Encryption and Authentication Al 353 Padding 4154 Comparison between AH and ESP 36 Internet Key Exchange (IKE) 3.7 Web Security Considerations 3.21. Web Securty ive 372 Transport tayer Security. 3.8- Secure Sockets Layer. - 3.8.1 SSL Architecture, 382 SSL Record Protocol 383. Handshake Protocol. 3.8.4 Comparison between IPSec and SSL 3.85 Comparison of SSL and TLS. 3.9 Transport Layer Security 3.10 HTTPS Standard... 3.41 Secure Shell (SSH) Applicatio 3.12 Two Marks Questions with Answers 3-19 3-1 3-1 63-12 3-2 3-13 3-14 3-14 315 3-15 3-16 nd 16 ae thar a Allain Chapter -4 Application Layer Security 4a 42 43 4a 45 46 (@-1) to @- 38) Electronic Mail Security... 42 4.1.1 Pretty Good Privacy. rere 2 41.11 PGP Operation. eee aera 44.1.2 Cryptographic Keys and Key Rings vol B 4.1.13 Message Format ee eee tenet 4-10 4.1.14 PGP Mossage Generation an 4.15 PGP Message Reception sentinels BS 41.16 Concept of Trust . aa 41.1.7 Trust Processing Operation. 14 ‘S/MIME. 4-16 4.2.1 Multipurpose internet Mail Extensions 4-16 4.2.2. Message Headers... 4.2.3. S/MIME Functionality... 4.2.4 Cryptographic Algorithms in S/MIME. 4.25. S/MIME Messages. 4.2.6 S/MIME Certificate Processing .. PEM. Domain Keys Identified Mai Wireless Network Security 4.5.1 Background. 45.2 Authentication, 4.5.3. Authentication in WEI 4.5.4 Authentication and Key Argument in 802.111. Mobile Device Security ‘i wwee 6-1) to G-a9y Thapter-5 Security Practices 1.12 Signature based Detection «L3 Comparison between Signature-based and Anomaly Detection 5.1.13 Comparison betw 5.214 Network Based 54.15 Hostbosed IDSs 5.1.16 Differences between HDSand NDS. n Detection Techniques 5. Password Management 5.2.1. Password Prot ion. 5.2.2 Password Selection St 53. Firewalls... 5.3.1 Types of Firewal SLL Packet F 1g Router. 5.3.1.2 Application Level Gateways -oecun 5.4 Blockchain 5.4.1 Blockeh: 5. 5 8. 5.4.2 Types of Blockchain Platforms, a sm 5.43 The Challenges for Adoption of Blockehai. 5-33 5.4.4 Advantages and Disadvantages of Blackchain 5-33 Cloud SeCUTitY enone sn 5-34 5.5.1 Cloud Security Challenges and Risks. 5-35 55.2 General ues Securing the Cloud oT Security. 5.6.1 lot Sect ty Challenges... ‘Twio Marks Questions with Answer oo)(unr) Introduction conventional and public-key eryptography, hash functions, authentication, Contents . 1.1 Basies of Cryptography .... 42 13 1.4 Publi-key Cryptography ... 1.5 Secunty Attacks 16 47 1.8 Digital Signatures 1.9 Two Marks Questions with Answers Dec.-20, May-19, Dec.-22, + Marks 8 Marks 15 Marks 13, Marks § Marks 13 Marks 16 Marks 15 i odeT i tography EEE Basics of Cryptog! seth computer scot in security begi components, connections and coritents iy, Integety and availability. gp or transmission. ns used to ensure that physical access gy ted to worize users, the computer systems and networks is re mnce and study of methods of protecting data from, ion while managing ris mation secur ty of daa sus the confide an approach that balances availability vei es coer curity is required because the widespread use of data pt eal ion, + Fatoming are the exampl 1 User A tania sentve information file to wer B Cis able to monitor the transmission and capture a copy of the fi transmission. he unauthorized user during its from a customer t0 a stockbroker with instructions for pees Efe fees lf cake the ‘customer denies sending the message. While trans the message between two users, the unauthorised user intercepts the message, alters its contents to add or delete entries and then forwards the message to destination user. various transactions, Subsequen EGER Basic Terminologies in Security ‘+ Basic terminology used for security purposes are as follows 3. Cryptography ; The art or science encompassing the principles and methods of transforming an plaintext message into one that is uni retransforming that message back to its original form. b, Plaintext : The original message. & Ciphertext: The transformed message produced as output, It depends on the Plaintext and key. ipher : An algorithm for ‘unintelligible by transpos fe Key : Some ot and receiver. transforming fest ESHOBS Into one hat ion and /or subs = a methods, Yormation used by the cipher, known only tothe sender Encipher (encodle) : ‘The proces of converting plaintet cipher and a key. ® pl using a Decipher (decode) : The process of ing, ciph "8 of converting ciphertext back into plainte rand a key. * pases he Stay of principles and methods of transforming. an He message back into an intelligible message without knowledge of the Key. Also called code-breaking. Crypt to break an encryption, Cryptanalyst can do any or all ofthe three different things 1. Attempt to break a single message. 2 Attempt fo recognize patterns in encrypted messages, in order to be able to break subsequent ones by applying a strainghtforward decryption algorthn Attempt ithm, without find general weakness in an encryption alg necessarily having intercepted any messages. Cryptology : Both cryptography and cryptanalysis, Code An algorithm for transforming an plaintext message into an ible one using a code-book. Categories Various categories of computer security are 1. Cryptography 3. Computer security 4, Network security Cryptography is data encryption and decryption. Dat ‘security is ensuring safe data from modification and corruption. Computer security is formal description of security polices. Preventation and detection of unauthorized use of computer Network security is prot sharing, includes protection, of data on network during transmission oF TECHNICAL PUBLICATIONS? «on wpstust for knowledge TECHNICAL PUBLICATIONS® - an up-tst for snoniedyeled by using some is or computer is ss to dat tes who oF what ty technique ig envionment Acces is a fundamental a compt imizes risk to the business oF organization. jonal copies of your data in to saving ad ‘a network security devict ‘and decides whether to allow or block specific trafic based on a defined set of secu Js software : Man 5. Ant detection and rote happen, as well as system scans that monitor device and system fi fection from external users and internet to search for any of the latest threats which could result in a future attack. 7, Series of confidence: It ensure that all software use has been authentic. Elements of Information Security + Security goals are as follows 1. Confidentally 2. Integrity 3, Availability 1. Confidentiality + Contd ly refers to limiting information access and disclosure to authorized ‘users and preventing acces by or disclosure to unauthorized ones, * Sensitive information should be kept secret from. in authorized to see the information, + Underpinning the goal of confi and passwords that unigu ‘methods that limit each identified ‘duals who are not lity are authentication methods like user-IDs Hy a data systems users and supporting control ‘ser access to the data system's resources. + 09 Up-husfor knowledge ty is not only applied to storage of data but also applies to informal compute? or while network W ‘+ Fig. 1.11 Relationship between Confidentiality ty and Availability. 2. Integrity ‘+ Integrity ‘refers to the trustworthiness of information resources. + Integrity should not be ‘+ It includes the concept of “data integri that data have not been changed malign activity, yr "source integri yy you thinl that is, that the data actually came than an imposter. from the person or er Integrity ensures that information is not changed or altered in transit, Under certain attack models, an adversary may not have to power to impersonate an ted. party or understand a confident ability to change the information being trans ‘communication, but may have the ted, (On a more restrictive view, however, tegrity of an information system includes only preservation without corruption of whatever was transmitted ot entered into formation resources. An info at least as bad as none at Availability means that people who are authorized to use information are not Prevented from doing so. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure, + Almost all modem organizations are highly dependent on functioning information systems. Many literally could not operate without them. 'Y, may be affected by purely technical § a malfunctioning part of a computer or communications device) natural phenomena (eg. wind or water) or human causes (accidental oF deliberate). a TECHNICAL PUBLICATIONS® - an upthust for howeeo Sey jensen gt aa t Z ‘usable form. 2 pr net he eves eh ted an acceplable period of venatruct the availabilty. The data item, serviog co system is i. There is a timely response to out si, The service and system can be used easily request Concurrency is controlled. follows the fault tolerance. -v. Resources are allocated EEE threats and Vulnera Threat ‘The term "Uhecat" refers to the source and means of a particular type of attack + A threat assessment is performed to determine the best approaches to securing a system against a particular threat or class of threat. + Penetration testing exercises are substantially focused on assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of one's resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker's resources. securing one's resources, Vulnerability ‘+ The term “vulnerability” refers to the security flaws in a system that allows an attack to-be successful testing should be performed on an ongoing basis by the parties identify unexpected dangers to security that need to be addressed. Such vulnerabilities are not particular to technology - they ca factors such as individual authentication and authorization po + Testing for vulnerabilities is useful for mainta People responsible forthe security of one's resources to respond effectively to new langers as they arise. It is also invaluable for policy and technology development, See TECHNICAL PUBLICATIONS? «an yp for inouiedge Iso apply to social es. ining ongoing security, allowing. the for resolving such vulnerabilities and helps to provide data used #0 ° Network Secunty re) and as part of a technology selection process; selecting the right technolo, on can enaut significant stvings in tine, money and oher Lenina coe down the line. * Understanding the proper use of such terms is ant you know what you'e talking about, nor even just to facil also helps develop and employ good policies. nly to sound like te communication. It ‘+ The specificity of technical jargon reflects the way experts have identified clear distinctions between practical r of their fields of expertise and can help clarify even for oneself how one should address the challenges that arise. Other examples of vulnerability include these + 1. A weakness in a firewall that lets hackers get into a computer network. 2. Unlocked doors at businesses, 3. Lack of security cameras. (Cryptography Cryptography is the science of writing in secret code and is an ancient art. Cryptography is not only protects data from theft or alteration, but can also be used for user authentication, ‘The term is derived from the Greek word kryp In cryptography, we start with the unencrypt PPlaintext is encrypted into ciphertext, which back into usable plaintext. ,, which means hidden. lata, referred to as plaintext. turn (usually) be decrypted Fig 1.1.2 shows cryptography. Sender i Cypherton Frain test FErcrypion POMEL Gearypion | attacker Fig. 1.1.2 Cryptography ious tind ‘+ Cryptography provides secure communication in the presence of malicious patties. em TECHNICAL PUBLICATIONS® - an uptivst fr kotafe ee) a en nancendatg 2 Network Security : som i. Introduction tno Sey ang pin wt Hg NORTE oy + Encryption ithe proces of TET an eneypeed message back Ito 8S normgy Decryption is a pce of auotdetemnine any properties if an attacker ave considered secure = ciphertext, seve - Tow or key, give the 6 is ‘ combinations which used the Key. “Transformation ‘number of plaintext/ciphertext ntessage | — Secret | {J pes ‘Advantages of cryptography 1 on line network communication. Tiemann mossage| “chan message om a malicious pe seat Opponent Secret les the contents of a secret message fre People. information information ako provide authentication for verifying the identity of Fig. 42:4 Network security model Basic tasks in d lar security service. |. Design an algorithm for performing the security related transformation, a par Generate the secret information to be used with the algorithm. Develop methods for the distribution and sharing of the secret information, je, where the following security objectives are needed Specify a protocol to be used by the two principles that makes use of security algorithm and the secret information to achieve a particular security ty mechanisms to ac «a eat block igre EEA A Model for Network Security network security modet +A message is to be transferred from source to di internet, Both the sides must cooperate for the exchange of [EM Conventional Cryptography mation channel is established by defining a route through the * A symmetric encryption model has five ingredients. 1, Plaintext 2. Eneryption algorithm 3. Secret key 4, Ciphertext 5, Decryption algorithm for providing security have two components : 1. A security elated transformation on the information to be sent *+ Big. 1.1 shows the conventional encryption model 2 Some secret information shared by the two principles, itis hoped, unknown to + Plaintext isthe original message or data that is fed into the algorithm as input. the opponent. on the + Encryption algorithm performs various substitutions and transformations © Fig. 1.21 shows the network security model, . , plaintext, * A trusted third party is needed to achieve secure transmission Secret kay i vats ndeprdent ofthe plist an of he gti. The ot substitutions and transformations performed by the algorithm depend on te 2 inowiode —— : 4 TECHNICAL PUBLICATIONS® - an uptrst fr PUBLICATIONS? - an upstnst for krowtedgeeter Secu ‘Decryption Praintoxt ‘algorthi ‘npat Fig, 1.34 Gonventional encryption modal Ciphertext is the scrambled message produced plaintext and the secret key. thm takes the ciphertext ai 1s output. It depends on the snd the secret Key and produces the ext is converted into random manipulating message to ‘The original intelligible message, referred to as Pl referred to as ciphertext. The science ard a sm secure is called cryptography. 1e transformed is called the plaintext and the resulting. led the ciphertext. + An original message to bi message after the t reverse process is called decryption. The encryption process consi algorithm and a key. The key controls the algorithm. nique so that it would be very ciphertext ‘A user can recover the original message only by decrypting the ciphertext using, the secret key. Depending upon the secret key used, the algorithm will produce @ the secret key changes, the output of the algorithm also changes. EEEH Advantages of Symmetric Ciphers 1 rates of data throughput, 2. Keys for symmetric-key ciphers are relatively shor. 3. Symmetrickey ciphers can be used as primitives to construct’ various ‘cryptographic mechanisms (i.e, pseudorandom number gerierators). network Secunty tei ; tron 4. Symmetric-key ciphers can be composed to produce stronger ciphers. 5. Symmelrickey encryption is perceived to havé an extensive history. [EEA Disadvantages of Symmetric Ciphers 1. Key must remain secret at both ends 2 there are many keys pairs to be managed 3, Sound cryptographic practices dictates that the key be changed frequently 4 Digital signature mechanisms a ther large keys or the use In large network: ing from symmetrickey encryption typically third trusted parties. -key Cryptography an proposed a new type of cryptography that distinguished between on and decryption keys. One of the keys would be publicly known; the other kept private by its owner. se algorithms have the following important characteristic. rust be computationally easy to encipher or decipher a message given the appropriate key. 2. It must be computationally infeasible to derive the private key from the public infeasible to determine the private key from a * A public key encryption scheme has six ingredients. Fig. 1.4.1 shows public key cryptography. Plaintext algorithm and in a readable message or dat 2. Encrypt performs various transformations on the plaintext. 3. Public and private keys : One key is used for encryption and other is used for decryption, 4. Ciphertext : This is the scrambled message produced as output. It depends on the plaintext and the key. Decryption alge algorithm accepts the ciphertext and the matching, key and produces the original plaintext. + The essential steps are the following : a 1. Each” user generates a pair of keys to be used for ‘the eneryption ant decryption of messages. isis the public 2. Each user places one of the two keys in a public register. Ths Ps key. The companion key is kept private TECHNICAL PUBLICATIONS? . an upthst for knowledoe 8. snow TECHNICAL PUBLIGATIONS® - an upthrstee li fer Decryption ‘agortne Eneyton ‘gone (a) Encryption (petting i ¢t b's public Bob's pevate key Transmitted ‘pherixt Paantext, input Encryption ‘algortim (b) Authentication Fig. 14.4 Public hey cryptography 3. If Bob wishes to send a confidential message to Alice, Bob ‘encrypts the message using Alice's public key 4. Alice decrypts the message using her private key + The public key i accessed to al by each participant, Participants and private key is generated locally TECHNICAL PUBLCATIONS® «an wpa moe Network Security Inreauction network Seow ttn + System controls its private key. At any key. Fig. 1.42 shows the process of public key »,a system can change its private }_-& Cryptanalyst 1 1 ky, |e, Message nae fo] /KRe Key-pair ‘source Source side X, Destination side Y, Fig, 1.4.2 Public key cryptosystom secrecy ‘arse Xyq) The message is intended for destination which generates a related pair of keys a public key KU, and a private key KR, + Pe enceyption key KU, as input, X; forms the cipher Ya ¥3 Yq) + A message from source which is in a plaintext, X= ( te Key is secret key and known only to Yy. With transformation. X = Dy + An opponent, obser a) access to pri opponent does TECHNICAL PUBLICATIONS® - an ypstws! for knowedaea Network Seoutty ‘A, to generate the SOM sponding a sender computationally ewsy for @ * text C= EPUy M) he receiver B to decrypt the resulting cipher the original message computationally easy f° t key t0 recover ng the pr +) = DIPR,, E(PU, D1 M = DIPR, C)= DPR the public key compitationally infeasible for an adversary, knowing 'N® P ¥(PUs to termine the private key PRy. infeasible for an adversary, kn recover the original message (M) the public key (py, Ei] Advantages and Disadvantages rithm + Advantages of public key algort 1. Only the private key must be kept secret. i a network requires the presence of only 2 The admin of keys on a net farctional trusted TTP as opposed to an unconditionally trusted TTP. 3. A private/public key pair remains unchanged for considerable long periods of time, 4. There are many relatively efficient digital signature mechanisms as a result of asymmetric-key schemes. work the number of keys necessary may be considerably small Slower throughput rates than the best known symmetric-key schemes. 2. Large key size 3. No asymmetric-key scheme has been proven to be secure. 4. Lack of extensive history. FEE] Comparison between Public Key and Private Key Algorithm ——— Sr. No. ‘Symmetric key cryptography Network Security 4.18 3.__Key exchange is big problem, ‘Ao cll public Key encryption, | Also called seeret key encryption. 5. The key must be kept secret One of we to heys must be hopt secret ere 6 The sender and receiver must share the algorithm and the key, ignatures, _Can be used for digital signature, 1. Explain public hey cryptography and elena EG] security Attacks + An attempt to gain unauthorized access to information resource or services, or to REDESEE Pe Passive atacke | cause harm or damage to information [~Secuny systems, attacks : L prermee + Security attacks are of two types Passive attack and active attack EERE Passive Attack Passive attacks are those, wherein the monitoring of dat Fig. 1.5.4 pts to leam or make use system resources, icker aims to obtain inform indicates that the attacker does not data, isin transit. The term passive tempt to perform any modifications to the + Passive attacks are of two types : 1, Release of message contents. 2. Tr se of message content is shown in electronic mail message and a transferred fi content of information we would like to prevent an opponent from learning the cont these transmissions. nla cones, a a re or confidential ay contain se | Asymmetric key cryptography 1. Same kay is use fr r 7 eel encryption and One key for encryption and other ke ____teerption aoe ies hes Typ! other key 2 Vey ot a aan oo TECHNICAL PusucaTions® 89 upthust fr krowiedge TECHNICAL PUBLICATIONS® - an upetrst fr knowin?so that opponents could no} yption is used for masking ecause they do not involve any success of attack, usually by means Receiver Fig. 153 Traffic analysis EEP Active Attack ve attacks involve some modification of the data stream or the creation of a stream. These attacks can not be prevented easily. * Active attacks can be subdivided into four types : 1. Masquerade 2 3. Modification of message 4, Denial of service 4. Masquerade cee Pisce when one entity pretends to be a diferent entity, Fig, 1.5.4 shows masquerade TECHNICAL PUBUCATIONS® +89 UPtnsst for knowledge Network Secury tar Introsucton Message rm opponent {Ret appear be om sender Fig. 1.5.4 Masquerade sequences can be captured and replayed. ker thus enabling an authorized yes by impersonating an entity that ha: Fig. 1.55 Replay 3. Modification of message ‘es some change to’ the original message. It produces an unauthorized ig: 156 shows the modification of message. For example, a message meaning “Allow Rupali Dhotre to read confides accounts " is modified to mean "Allow Mahesh Awati to read confide accounts", TECHNICAL PUBLICATIONS® - an up-trust for knowieoreNetwork Secunty h Opponent ‘sender ‘Anoths performance. Big. 157 shows deni form of service deni disabling the network or by overloading Fig, 15 Modification ial of service 4-18 ch opponent madiios mossage om sender Receiver cof message mn causes Denial Of Service (DOS) attacks. rents the normal use ther by so as to degrade Disrupts sovce provided by server Fig. 18.7 Denial of service Prevent active attack beca re and network vulnerabilities, Big. 1.58 shows the SYN flood DOS attack Source system sends a lar SYN packets are used to begin a new TCP BE Number of TCP use of the wide variety of potential lely used DOS attack. — SYN packets to the target system. The connection, Te CHNICAL PusLicaTioNs® €9-Up-thust for knowlnanw Network Security 1-19 Introduction Target sam TOP SYNACK packet TOP RGR packet Syn food 00S attack TOP SYN packet r TOP SYN ACK packet “he nal TCP ACK packets never sent Fig. 1.5.8 SYN flood DOS attack When the target receives a SYN packet, it replies with TCP SYN ACK packet, which acknowledges the SYN packet and sends connection setup information back to the source of the SYN. ‘The target also places the new connection information into a pending connection buffer. ‘or a real TCP connection, the source would send a final TCP ACK packet when it receives the SYN ACK. However, for this attack, the source ignores the SYN ACK and continues to send SYN packets, Eventually, the target's pencling connection buffer fills up and it can no longer respond to new connection requests. EIEEED itference between Passive and Active Attack es : Release of message contents and Types : Mas of message and Rasy todetect ee TECHNICAL PUBLICATIONS® - an upstnst for knowinEXER] Man-in-the-middle Attack ‘+ In cryptography, a Man-In-The-Middle (MITM) (0 read, insert and modi Ak is an attack in which ay at meassages between to pany x party knowing that the link between them has been compromised, + The ‘two victims. The MITM also particu tacker must be able to observe and cept messages going between the tack can work against public-key cryptography and ix in key exchange protocol | applicable to the original Diffie-Hi when used without authentication. The MITM attack may a ide one or more of Envesdropping, including traffic analysis and possibly a known-plantet attac 2, Chosen ciphertext attack, depending on what that it decrypts, we receiver does with a message Of service attack. The attack j i fer may for instance jam all communica attacking one of the ve ti Parties. The defense is for both parties ated status messages and to treat the ‘+ MITM is typical to active mani than passively eavesdropping, tion of the meassages, rathet Example of @ successful MITM attack agains * Suppose Alice ee Public-key eneryption Bob and that Mallory wishes ® Wer a false message to Bob. To § Bob sends his public key ® Which she has the private be Bob's, then encrypts he Mi message back to Bob. “PS a copy, and reenciphe When Bol 5 the nev! me from alge BOP receives the ne * Key and sends the enciphere intercepts, deciphers the using the public key Bob mee the message, k cenciphered message, he will b Network Secunty 4:21 lotoution + This example shows the need for Alice and Bob to have some way to ensure that hnology. Defenses against the attack The possibility of a man-in-the-middle attack remains a serious securit systems. Various defenses against MITM jon techniques that are based on Public keys ‘Stronger mutual authentication Secret keys (high information entropy secrets) uch as voice recognition or other biometrics ‘The integrity of public keys must generally be assured in some manner, but need not be secret, whereas passwords and shared secret Keys have the additional secrecy requirement. Public keys can be verified by a Certifi public key is distributed through a secure channel. te Authority, whose are the diferent types of attacks ? Explain. 4 note on different types of security attacks and services in hash-values. * The data to be encoded is often the "message", and the hash value is imply digest. sometimes called the message digest ‘The most common cryptographic uses of hash functions are nes and for data integrity ‘When hash functions are used to detect whether the message input has been altered, they are called Modif sn Codes (MDC). wolve a s these are call ecret key and provide ‘© There is another ca Se MessaH data origin authent or krowed? TECHNICAL PUBLICATIONS® - an uprthrstProperties 1, Hcan be applied to a block of data of any size. 2, H produces a fixed length output, sy easy to compute for any given x, making both hardware and digest, & rn as a message digest, fingerprin, function which takes a variable, °| a) ength binary sequence. i signed in such a way th ash function is desig * arin that hashes (02 VEN Value (henge Cone - way Hash Funct nay +8 oneway hash fone neat a one-way reverse the process, that er 4. For any given value b, it is computationally infeasible to find x such that H(x) = hard to find two strings that would p; ‘+A good hash function also makes a For any vn ue bt aetna function oder hash algorithms produce hash values of 125 ny Property. and higher. ven a slight change in an input string should <2 ‘Even if 1 bit is flipped in the input string 5. For any given block H{y) = Ho9. This is wise the hash value to chang See at least half of the bits is called as strong collision resistance. ras ‘he hash calue will flip as a result This is elled an avalanche effect. imple hash functions « A-common way for one-way hash functions to deal with the variable length in ‘Simple has " «For a hash function, the input is viewed as a sequence-of n-bit blocks, The inp a compression function, Compression functions work ky Jength blocks .e in an iterative fashion to produce an n-bit has! problem is rowing the daa bing hated a sequence off processed one block a a . “ function. + To compute the hash value of a given block, the algorithm needs two thi i e nee + One of the simplest hash funetions is the bit-by-bit exclusive-OR of every block. This can be expressed as foll CG = by @bjz O33... Obim hash value hy st block. Next, the hash value of the first block, hy is usl ih as the seed for the second block. where C= il" bit of the hash code, 1S ism +The function proceeds to compute the hash value of the second block based on th m. = number of rrbit blocks in the input data in the second block and the hash value of the first block, hy. So, the hash by = i bit in j block value for block n is related to the data in block n and the hash vali elebxor nea fhy-1 (for n>1). The hash value o i aoa or m1), The hash value ofthe entire input stream the hash value of te Reels tor ro last bloc + A simple way to improve ma cis or rota eee aa hash value ai re he procedure is as, A ash ae nis generated by a function H of the form. = HM) where M = Vache Length 2, Process each successive n-bit block of data as follows. = Variable - Length message HIM) = Fieed - L en neste a. Rotate the current hash value to the left by one bit. ength hash value. b. XOR the block into the hash value. EERE Requirements of Hash Functions Fig. 1.6.1 shows two types of hash functi + The purpose of a hash & sh function is to other block of data, nis f produce a fingerprint of a file, messe8° © raNS® = an upetst fr row? TECHNICAL PUBLICA A eeNetwork Socuniy XOR of every 16-bit block’ Fig. 18.4 Two simple hash functions [EEA] Applications of Hash Function use of a cryptographic hash woul, poses a tough math problem himself, but Dluling, Teo, Ale wre woe computes is hash and tells Bob the hash a value. Th id be as follows « '9 Bob, and claims she has solved i 89 uld yet lke to be sure that Alice i" 1 appends a random 1% is way, when Bob come TECHNICAL FUBLCATIONS® network Secu 4-25 Inostion If a few days later, Alice can prove that she had the ling the nonce to Bob, 8 a 5 a j z g Determining whether any changes have been made to a message, for example, bbe accomplished by comparing message digests calculated before, and Mercurial and Monotone, use the shalsum of various types of content, directory trees, ancestry information, etc) to uniquely ides 3. A related application is password verification. Passwords are usu in clear text, for obvious reasons, but instead in digest form. To auther user, the password presented by the user is hashed and compared with the stored hash. This is sometimes referred to as one-way encryption. Hash functions can also be used in the generation of pseudorandom bits. Hashes are used to identify files on peer-to-peer file sharing networks. For MD4-variant hash is combi th the-file size, mation for locating file sources, downloading the file hashes ional [A birthday attack refers to a class of brute-force attacks. ‘The attack is named after the statistical property of birthday duplication - you only need 23 people to have a larger than 50 % chance that they are bom on the same day of the year. ‘each time you adding one person to the set of people you are looking for duplicates against al you are people already in the set ‘The same technique can be tsed to look for conflicts in one-way functions. Instead of taking one ouput of the one-way function, you create or acquire a set of values have a some property and then create another set of other lues that have different prope is b) and try to find any valne that is in both a and b. This is a much smaller problem that finding # value that rateh a particular value in a Po TECHNICAL PUBLICATIONS® - an up-ast fr hoowed?for instance be innocent message and b contains one of a less the messages at a later date. aacker wants to get an account on, tacker knows the passwords for. chosen large enough 50 infeasible tack is why the Unix password hashes use a salt. Resistance against this ision Resistance is hard to find x’ x such that h(x) = h(x). + Weak collision resistance : for any x, + Strong collision resistance : i is hard to find any x, x’ for which h(x) = h(x’). + Ws easier to find collisions. Ther ig collision resistance is a stronger assumption A + Real world hash functions: MDS, SHA-1, SHA-256. ‘+ The weak collision property refers guarantees that an alternative message yielding. the same code cannot be found. This prevents forgery when an encrypted hash code is use The strong collision property refers to how resistant the hash function is to a class of attacks known asthe birthday attack. Brute - force attacks 41. Hash functions The strength of a hash function ag Jength ofthe hash code produced inst brute-force attacks depends solely on the by the algorithm. 2 E TECHNICAL PUBLICATIONS. an upthst for knwtedgo network Security 1-27 Introduction Ne trio + Desirable properties 1. One way : For any given code h, it is computationally infeasible to find x such that H(x) = h. Weak infeasi y) such that H(x) = H(y). + For a hash code of length n, the level of effort required, as we have seen is proportional to the following : + Given one or more text MAC pair [x, C(K, x) compute any text MAC pair [x, C(K, ‘The attacker would like to come up is computationally infeasible t | for any new input x # x; ith the valid MAC code for a given messag There are two lines of attack possible. Attack the key space and attack the MAC value, If an attacker can determine the MAC key then it is possi MAC value for any input x, le to generate a valic An attacker can also work on the MAC value without attempting to recover the key. Here, the objective is to generate a valid MAC value for a given message or to find a message that matches a given MAC value, The level of effort for brute-force attack on a MAC algorithm can be expressed as min 24, 2°, Cryptanalysis, Hash functions * The hash algorithm involves repeated use of a compression functi that takes ‘two inputs and produces an n-bit output. * Cryptanalysis of hash functions focuses on the internal stracture off and is based tempts to find efficient techniques for producing collisions for a single execution of f. TECHNICAL PUBLICATIONS® - an ups or krowiedroIntroduction 1-28 eto Secunty fon scheme uses a scheme called Hashed Message AC), which is an encrypted message digest described in RFC 1024 1s HMAC uses a shared secret key between two pa thods for message auther s rather than public key 1. To us 2. To allow for easy replaceability of the embedded hash function in case faster or more secure hash functions are found or required. 3, To use and handle keys in a simple way. serve the original performance of the hash function without incurring a ant degradation, 5. To have a well understood cryptographic analysis of the strength of the ‘mechanism based on reasonable assumptions about the embedded HMAC algorithm + Fig. 162 shows HMAC structure. ‘+ Define the following terms H = Embedded hash fun IV = Initial value input to hash function = Message input to HMAC block of M, 0-< is (L-1) = Number of blocks in M cok = = Number of bits in a block Length of hash code produced by embedded hash function, Secret key recommended length is > n Koya Padded with zeros on the left so thatthe result sb bits in lengt n ‘pad = O0110110 36 in hexadecimal) repeated b/8 times ‘pad = 01011100 (SC in hexadecimal) repeated b/8 times TECHNICAL FUBLICATIONS® «an up thus frknomtedgn ‘Network Security 1:29 Ietroduction Ke ibaa Lr Padtobbits bits HMAC (KM) Fig. 1.6.2 HMAC structure Then HMAC can be expressed as follows : HMAC (K, M) = 1 [(K* © opad) || HI(K* © ipad) || M] | Append zeros to XOR K* with ipad to produce the b-bit block 5, Append M to S,. left end of K to create a b- string K*, Apply H to the stream generated in step 3, XOR K" with opad to produce the b-bit block §,. Append the hash 1 2 3. 4 5 6. from step 4 t0 8, 7. Apply H to the stream generated in step 6 and output the 1 TECHNICAL PUBLICATIONS® - on uptast fr knowledpe“" 1-20 is po Introduction it ossible, as shown in Fig. 163. Tw racy Fig. 1.6.3 Efficient implementation of HMAC. HMAC sect + Know t Security of HMAC relates to that ofthe underlying hash algo ‘+ Attacking HMAC requites ether a) Brute-force attack on key used, This variable bit-width, of messages) tack (but since keyed would need to ike MDS this is in order of 2n/2 f * Choose hash function used based on speed verses in order of 2n where n is the chaini observe a very large numbet for a hash length of n. security constraints, + Note that HIMAC is more secure than MDS for bin Tec NICAL PUBLICATIONS® thday attack. 99 Upto er knowiedge Network Socunty feat 5 Introduction a) In MDS the attacker can choose any set of messages to find a HOM) = HOw), b) In HMAC since the attacker does not know K, he cannot ener is requires 264 observed blocks xe same key. On a 1 Gbps line, this of messages with no change of the key for 250,000 vyears (quit HGH cwac + Cipher-based Message Authe nn Code (CMAC) lock cipher-based xm. CMAC mode of operation is used with message authent AES and triple Dk ‘The CMAC on a message is constructed by 5} the block si ig it into blocks of size equal to the underlying cipher, for instance, 128 (CBC)-encrypting the message he last block encryption as the computed MAC value. in the case of the and retaining the block is subjected, before ciphering, to ive disjunction (XORing) with one of two possible “subkey” values, denoted as K1 ot K2. he choice of which stbkey to use is determined by whether the last message block contains padding or not, The subkey values can only be computed by Parties knowing the cipher key in use. Fig. 1.6.4 shows cale on of CMAC. Message (M;) Message (a) Message (ts) kf Enerption so (rien) JT 1.64 Message length is integer m = BKM) © = EKIM2®Cy) TECHNICAL PUBLICATIONS® - an up-trust or know1-32 tntedcen [M3@CaD OC OK) T = MSByex(Cy) where T = message authent ‘Tien = bit length of T MSBs (X) = the s left most bits of the bi [ESE] Secure Hash Algorithm ‘The Secure Hash Algorithm (SHA) was dev Standards and Technology (NIST). It is based on the MD4 algorithm. Based on rent digest lengths, SHA includes algorithms such as SHA-1, SHA-25% SHA384, and SHA-5I2. Unlike encryption, given a variable length meassge x, a secure hash algorithm computes a function A(x) which has a fixed and oft ‘When a message of any length is less than 2° bits is input, the SHA-1 produces # 160-bit output called message digest SHAAL called secure bacause it is comps which correspon which produce i to find a message or to find two different message to a given message dige same message digest There are a number of attacks on SHA, all relating to what is known as collisat resistance. For examples, if you are using SHA for the storage of passwards there are no passoword recovery attacks as at December 2011 that make use of collision attacks on SHA-1. ‘The most commonly used hash function from the SHA family is SHAG. Its 8! in many applications and protocols that require secure and authentica ‘communications. SHA-1 is used in SSL/TLS, PGP, SSH, S/MIME, and IPSe- Features of SHA-t : a 2 ‘The SHA-L is used to compute a messa € digest for a a provided es input 8 digest for a message or data filet! The message or datafile should be considered to be The length of the message is the uy ‘message has length 0), a bit string, rer of bits in the message (the © TECHNICAL Prin manos c® _ ae smaller number of bits | Network Secunly 1-33 ate‘ inttation sr. Parameters 4. If the number of bits in a message is a multiple of 8, for compactness we can represent the message in hex. 5. The purpose of message padding is to make the tot a multiple of 512. length of a padded message ‘The SHA-1 sequentially processes blocks of 512 bits when computing the message digest. ‘The 64-bit integer is 1, the length of the original message. ‘The padded message is then processed by the SHAC1 as n 512-bit block. SHA-1 was cracked in the year 2005 by two different research groups. In one of se two demonstrations, Xiaoyun Wang, Yigun Lisa Yin, and Hongbo Yu trated SHA-L within a space of size only 2°, which was far fewer t associated with this hash function. New hash function SHA-512 is introduced to overcome problem of SHA-1. Secure Hash Algorithm (SHA-512) ‘+ The Secure Hash Algorithm (GHA) was developed by the National Institute of Standards and Technology (NIST). SHA-1 produces a hash value of 160 bits. {In 2002, NIST produced a revised version of the standard, FIPS 180-2, that defined three new version of SHA, with hash value lengths of 256,384 and 512 bits, known as SHA-256, SHA-384 and SHA-512. ‘Comparison of SHA parameters 1. Message digest size 160 mC er ee ee Sacre ee 5 Number fates 6 «0 Ce Security LT enna |y to reach the target length, which is as nee a whole multiple of 512 bits. Fing Description of SHA- + Expand each subkeys are ge 1 and N-16, subjected to a crewlar 60-bit block value (in hexadecimal). (67432301 EFCDABS9 98BADCFE 10525476 C3D2E1FO ‘© Encipher the starting Add each of the 3 2432, of course and the starting value, modu ¢ that result as the starting value for handling the ne message block. farting value created at the end of handling the last block is the hash valu| which is 160 bts Jong, 3 ed from four of the five pieces, although it is really t ree of the pieces and a circular left shift of a fourth a XORed with one piece, which is also modified ke round's subkey and a constant, set Hg XORed with te a rotated, * The Function, 35 well as the conta five pieces of the 160-bit back bein: the SHA “block cipher" componene fe b S changed every 20 rounds. Caling | na JPted a,b, ¢, d and e, the rounds | OCeed a5 follows TECHNICAL Pleura? 9. nm “P-trus for knowledge eee 0 Network Security 1-35 Introduction Change a.by adding the current constant to it. The constants are, in hexadecimal © For rounds 1 to 20 : 5A827999 © For rounds 21 to 40 : 6ED9EBAL © For rounds 41 to 60 : SEIBECDC or rounds 61 to 80 : CA62C1D6 inge a by adding the appropriate subkey for this round to it + Change a by adding e, circular left-shifted 5 places to ‘+ Change a by adding the main function of b, ¢ and d to © For rounds 1 to 20, it is (b AND ¢) OR (NOT b) AND (4) © For rounds 21 to 40, itis b XOR ¢ XOR d © For rounds 41 to 60, it is ( AND ¢) OR (o AND d) OR (c AND @), © For rounds 61 to 80, itis again b XOR © XOR d. 8 ular right shift of 2 positions (or, for consistency, a f 30 places.) + Then swap pieces, by moving each old a value is moved to. * There are various types in SHA such as SHA-256, SHA-384, and SHA-S12. SHAS12 logic * Fig. 165 shows message digcat generation using SHA-S12. No 1024 bits ea = 10a 1s SEE 128 bits soo] Piece to the next earlier one, except that the Fig. 1.6.5 Message digest using SHA-S12, TECHNICAL PUBLICATIONS® - an up-trast fr inowedgeKo tt focton = : ne a nt ter ety tear inttcton sown : of less than 2"78 i ‘Message schedule MW Sr.No. Register Values ei] 5 TFRDOABFBHBDSE 4 4 Fig. 1.6.6 SHA-512 processing of a single 1024-bit block A surocpista7e2179 + The output from the N" stage is the 512-bit message digest, 4 Poco mesg in KO lds ot 80 ond Ech und ees + The belo of SHASI2 afallows input the 512i balfer value abedefgh and updates the contents of the bata, o- Each round t makes use of a 644 i H, = SUMg (Hi_,, abcdefgh)) W,. The output of the last round is Pane to produce Hi, = Hy 656 shows the processing of a single 1024 - bit bloc where W =k the abcdefgh buffer. eee ae bcdefghy = The output of the last round of processing ofthe i® message Blok = The number of blocks in the message —_ SUMg, = Addition modulo 2 performed separately on exch wort o! of input. = added to the inp + Fig. the first round ( TECHNICAL PuBLICATIONS® - an up fr knontodge : TECHNICAL PUBLICATIONS® - an uptiestfr howe1-38 Introduction Network Security MD = Final message digest value ‘SHA - 512 round function Fach round is defined by the following set of equations. he hichofght(Z7e)+We 4K, ty = (SS) +Majl.b,2 a=T+h bea e=b daze e=d+t, fre arf teh Fig. 167 shows single ound operation elelele 1? etd We ‘Network Security 1:90 Introdueton Gnas Compare the performance of RIPEMD - 160 algorithm and SHA - 1 algorithm. Tn Solution : RIPEMD-160 verses SHA-1 : «Brute force attack harder (160 like + RIPEMD-160 is moge secure than SHA-1 all designed as simple and compact + SHAAl optimised for big endian CPU's vs RIPEMD-160 optimised for litte endian EEA Authentication Authentication + Authentication techniques are used to verify identity. The authentication of authorized users prevents unauthorized users from gaining access to corporate information systems. ‘Authentication method is of validating the identity of user, service or application. The use of authentication mechanisms can also prevent authorized users from. accessing information that they are not authorized to view. ‘+ Data authentication means providing data integrity as well as that the data have been received from the individual who claimed to supply this information. tn authentication : a. A Brute force attack is an automated process of trial and error used to guess a person's user name, password, credit-card number of cryptographic key. b. Insufficient authentication occurs when a website sensitive content or functionality without having to pr ©. Weak password recovery validation is when a wet illegally obtain, change or recover another user's password. TECHNICAL PUBLICATIONS® - an upthrust for knowledge{Introduction cess of authent provides each user wi In authorization : ‘a, Credential/session prediction is a method of hijacking or impersonating a website is when a website permits access to set require increased access control r ation Requirements as follows 1. Disclosure = Release fe contents to any person or process not raphic key. affie between parties. 3. Masquerade : Insertion of messages into the network from a fraudulent source. 4. Sequence modi : Any modification to a sequence of messages between including insertion, deletion and reorderin of receipt of message by destination, verify that received messages come form red Sh allege source and havent bee a + Digi ptr an athe coor epuion by he sue ion technique that als. ‘hnique that also includes measures 10 Introduction Network Security network Security [EZ] Authentication Function ‘+ Functions are at two levels in message authen that produces an authenticator. These value is used to auth lower level func x level authentication protoct level. authenti message. jon. At the lower lev cate a message. The ‘The higher of mn is used in the hi Wn protocol enables a receiver to verify the a may be used to produce an « Following are the some types of functions authenticator. They may be grouped into three classes. 1. Message encryption. 2. Message Authentication Code (MAC) 3, Hash function. 1) Message encryption + Ciphertext of the entire message serves as its auther stor. Message encryption by = Destination 8 —= ation B is encrypted using key, then —— source Fig. 1.7.4 Symmetric encryption (confidentiality and aut =A message M transmitted from source A to dest secret key K shared by A and B. If no other party know: confidentiality is provided * Destination B is assured that the message was generated by A. Because of secret key used by both party, it provides authenti + Given a decryption function D and a input X and produce output Y = D{K, X). + If X is the ciphertext of a legitimate message M produced by the corresponding encryption function, then Y _Y will likely bbe a meaningless sequence of TECHNICAL PUBLICATIONS® 89 opts! fr knonedge TECHNICAL PUBLICATIONS® - an up-to or knowl?{imate ciphertext fandom sequences of reosfbceb zuvrsoevgqxlawvigamdvamhpm ‘This decrypts to Which does n it the profile of ordinary English Public key encry — Destinations —= PR, 17.2 Public key encryption (Confidentiality) Fi Source A uses the public key PU, of the destination B to encrypt message M. — only B has the corresponding private key PR, only B can decrypt the + Thi pul "use any opponent could also use B's ey to encrypt a message, claiming to be A. “eee Fig. 173 shows the message encrypti authenaton nd sane 88 SE¥PHEN In public Key encryption wih > Swan — o Fi c 17.3 Public key encryption (Authentica Qn) TECHOICAL Fuel © CATIONS? a wt fr owage BE MESSARE Using 1-43 Inetsetion It also provides digital signature. Only A could have constructed the ciphertext because only A postesses PR, Not even B, the recipient could have constructed the ciphertext ide both confiden ication, A can encrypt M first using its private key, which provides the digital signature and then using B's public key, ‘which provides confidentiality lity, authentication and signature for public key Fig, 1.74 shows confident encryption. E (PUp. EPR, vie iriure PR, Pus PR, Puy o = 41.7.4 Public key encryption It provides confidenti y because of PUs, + Provides authentication and signature because of 2) Message Authentication Code (MAC) + MAC is an alternative technique which uses secret key. This technique assumes is, share a common secret key K ‘+ When A has a message to send to B, it calculates the MAC. MAC = C(K,M) where M_ = Input message = MAC function K = Shared secret key MAC = Message authe: + Calculated MAC and performs the same calcul ion code age are transmitted to the receiver. The receiver yn on the received message th the calculated MAC. If both are matches, then assured that the message has not been altered. + Received MAC is compared 1. The rece 2. The receiver is assured that the message is from the alleged sender TECHNICAL PUBLICATIONS® - an up-tust for knowlegeIntroduction, 1244 Network Secury ence number then the rcever can be assumed he message in une an altacker cannot succesfully aller the of the proper sequence J munber Fig 175 shows the message athe 1 Hg. 175 provides st Pe fied by perfoming messge ene} Spon. y. Confider her after or be ity can be MAC Source A Destination B re a ee «Compare cKM) Fig, 1.7.5 Message authentication «Fig, 17.6 shows encryption after the MAC. Wl Tore Ky Compare Source A Destination B \n and contider lity ‘+ Two separate keys are needed, each of which is shared by the sender and the receiver. Here MAC is cale the message input and is then concatenated to the message. The entire block is then encrypted. ; Fa. 178 Message auto * Fig. 177 shows the message authentication and confidentiality with éncryption. * Here also two separate keys are needed. The message is encrypted first, Then the MAC ‘is calculated using the resulting ciphertext and is concatenated to th | Ciphertext to form the transmitted block. ee Network Security 4-48 Introduction eK, E01) a “~ ation of confidentiality wo ipberent Fig. 1.7.7 Message authe (authentieat Applications of MAC + Following are the situations in which MAC used. 1. Application in which the same message is broadcast to a number of destinations. ‘Authentication of a computer program in plaintext is an attractive service. Another scenario is an exchange in which one side has a heavy load and cannot afford the time to decrypt all incoming, messages, 3) Hash function * A hash function takes an input m, and computes a fixed size string known as a hash, Unlike a MAC, a hash code does not use key but is a function only of the input message, Hash code is also referred to as a message digest or hash value. + A change to any bit or bits in the message results in a change to the hash code. ig. 1.7.8 (a) shows the basic uses of hash function. EKA | oT Encrypt message plus hash code Fig. 1.7Network Scurty 148 Inteducton 4. Encrypt message plus hash code ‘+ Provide confidentiality : Only A and B share K, Provides authent jon : H(M) is cryptographically protected. 2. Encrypt hash code - shared secret key ‘Only the hash code is encrypted, using symmetric encryption ™ Et kK Fig, 1.7.8 (b) Encrypt hash code - shared secret key * Reduces the processing burden for those applications that do not require confidentiality. -e Fig. 1.78 (c) Encrypt hash code - sender ish code - sender's private key Encrypt hash code - sender's private key. * Provides authentication and digital signature TERY tac + Message authent mt is a mechanism or service Meas aan iMeBtY guarantees thatthe Used to verity the integrity of a ted, and outputs @ ity as well as it the message content. ins, network Security teat Insosetion tri Properties of Message Authentication Codes 1. Cryptographic checksum : A MAC generates a cryptographically secure authentication tag for a given message. 2, Symmetric : MACs are based on secret symmetric keys. The signing and verifying patties must share a secret key. Arbitrary message size: MACs accept messages of arbitrary length, Fixed output length : MACs generate fixed-size auther Message integrity : MACs provide message integrity: Any manipulations of a message during transit will be detected by the receiver. tags. 6. Message auth on The receiving party is assured of the origin of the message. 7. No non-repudiation : Since MACs are based on symmetric principles, they do not provide non-repudiation, * MACs provide two security services, message integrity and message authentication, using symmetric ciphers. MACs are widely used in protocols. Both of these services are also provided by digital signatures, but MACs are much faster MACs do not provide non-repudiation. In practice, MACs are either based on block ciphers or on hash functions. ‘+ HMAC is a popular MAC used in many practical protocols such as Transport Layer Security (TLS) indicated by a small lock in the browser. tions of MAC Following are the tuations in which MAC used. 1. Application in which the same message is broadcast to a number of ‘Authentication of a computer program in plaintext is an attractive service. Another scenario is an exchange in which one side has a heavy load and cannot afford the time to decrypt all incoming messages. Message Authentication Codes (MAC) also known as a cryptographic check. The MAC is generated by a function C. MAC = C{K,M) Where M_ = Variable length message K = Secret key shared only by sender and receiver. C(K, M) = Fixed length authe48 f Network Securiy Z Meducton ite + Security ofthe MAC generally depends on the bit length of the key. Weakness the algorithm i te brute fore attack. + Fora opto ~ only atc, the opponent given ciphertext C, Would pecony possible key values Ky until a P, was produced that matchey orm of acceptable plaintext Suppose the keysize is greater than the MAC size : + Round 1 Given: Mj, MAC, = C(K, My) Compute MAC, = C(K, M,) for all 2* keys ‘Number of matches = 2*-") + Round 2 Given: My MAC) = C(K, My) Compate MAC, = C(K, My) for all 2*-") keys resulting from Round 1 Number of matches = 2*~?*#) + On average, rounds will be needed if K = xn For example : If the key size is 60-bit and MAC is 32 bits Jong, then the frst rouné roduce about 2 possible keys. Key length is less than or equal fo MAC length * Fist round will produce a single match Possible that more than one key will produce such a match, in which ease the (FFenent would need to perfomn the same test on anew (message, MAC) pai following MAC algorithm. s Xall ---|IXq) bea message that is treated as a concatenation of blocks X,, Then define 8M) = X,0X;0X,6.....0x, IK, M) = EK, acm) Where @ is the exclusv «codebook mode, + Key length = 56 bits MAC length = 64 bits ot an Opponent cbserves (M |] C(K, M)), a bi Pees MO), a brute req ast 2 encryptions, ‘OR (XOR) and the encryption algorithm is DES in electronic force attempt to determine. K wi eS | ee Network Security 149 Introduction + Assume that an opponent knows the MAC function C but does not know K, Then the MAC function should satisfy the following requirements : 1. If an opponent observes M and: C(K, M), it shoul infeasible for the opponent to construct O message M’ suc OK, M1) = C¢K, M) 2. C{K, M) should be messages, M and M’, the probs the number of bits in the MAC. 3. Let M’ be equal to some knoven transformation on M. That is, M’ = (Ml) for randomly chosen ‘Vis 2°, where n is ‘Message authont ? years. The algorithm can be cipher block chaining mode of operation of DES with an + Fig. 1.79 shows the data aut on algorithm, Times Tine=2 Tine =N D On «(08 DES (05 BEDa enexpt Eneypt Exanpt 2, a at O a ow mer Fig. 1.7.9 Data authentication algorithm + The algorithm can be defined as usin operation of DES. The data to be aut 64-bit Blocks : Dy, Dy, Dy, » Dy *+ Using the DES encryption algorithm (E) and a secret key (K), a data authentication code (DAC) is calculated as follows = the cipher block chaining mode of ied are grouped into contiguous TECHNICAL PUBLIcATONS®. a NOS? an op i rst fo knowlege TECHNICAL PUBLICATIONS - an upthvst for owes05 = E(K, [D3 @ O2)) Oy = EK, [Dy © On -1 ‘The DAC consists of either the entire block Oy, or the leftmost M bits of the block, ith 16 < M < 64. Review Question _ Compre a ws of MAC od ik tion, Rerest owing pro gran DEES CURD ESSUETET +A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. The signature is formed by of the message and encrypting the message with the creator's vate key. Requirements ‘+ Message authentication protects two parties who exchange messages from any ind party. However, it does not protect the two parties against each other. ms where there is not complete trust between sender and receiver, ore than authentication is needed. The most attractive solution to this problem is the digital signature. The digital signature is analogous to the handwritten signature, ‘+ Itmust have the following properties 1. It must verify the author and the date and time of the signature. ible by third parties, to resolve disputes, ‘signature function includes the authentication function. On the basis of these properties, we can formul Pee ties in formulate the following requirements for a digital “Must be a bit pattern depending on the messa Signature must use some informat aes tion unique to the sender to prevent forgery and ie being signed. Computationally easy to produce a signature Computatio Peistonlly easy to recognize and verify the signature. ‘+ Computationally infeasible to forge a digital signature. a) either by constructing a new message for an existing digital signature. b) or by constructing a fraudulent di + Practical to retain a copy of the di signature for given message. jignature in storage Two general schemes for digital signatures 4) Direct 2) Arbitrated [EERE Arbitrated Digital Signatures Every signed message from A to B gods to an arbiter BB (Big Brother) that everybody trusts + BB checks the signature and the timestamp, origin, content, etc + BB dates the message and sends it to B with an indication that it has been verifie and itis legitimate. eg. Every user shares a secret key with the arbiter +A sends to BB in an’ encrypted form the plaintext P together with B's id, timestamp and a random number RA. ‘+ BB decrypts the message and thus makes sure it comes from A; it also checks th timestamp to protect against replays. ‘+ BB then sends B the message P, A’s id, the timestamp and the random numbe RA; he also sends a message. encrypted it nobod knows) containing A’s id, timestamp t and the plaintext P (or a hash). ith his own private key + B cannot check the signature but trusts it because it comes from BB-he knows tha because the entire communication was encrypted with KB. ‘+ B will not accept the messages or messages containing the same RA to protect against replay. In case of produced spute, B will show the signature he got from BB (only, B may have ind BB will decrypt it. [EZ birect Digital Signature * This involves only the communicating parties and it is based on public keys. * The sender knows the public key of the receiver. + Di ignature : Encrypt the entire message (or just a hash code of the message) the sender's private key. is required : Apply the receiver's public key or encrypt using # shared secret key. TECHNICAL PUBLicaTIONS® bh +n uptrust for knowledge TECHNICAL PUBLICATIONS® - an up-thst for krowiedse1-82 ne Newark Seomiy ceiver B will produce the plaintext P and the signatay apply KUA and decrypt P and check the match oy | 7 have produced the signature himself. + In case of a di E(KRA, P) - the judge does not know KRA and cannot ; Weaknesses Pe ‘works as long as KRA remains secret is disclosed (oy 4 hen the argument of the judge does not hold : anybody cay produce the signature. To deny the signature right after signing, simply claim that the privay ie If A changes her publicprivate keys (she can do that often) the judge will apply the wrong public Key to check the signature. . + Alla : To deny the signature change your public-private key pair-this should not ‘work ifa PKI is used because they may Keep trace of old public keys. hould protect her private key even after she changes the key. Altack : Eve could get hold of an old private key and sign a document old timestamp. TEER] Digital Signature Standard * ihe Digital Signature Standard (DSS) makes use of the Secure Hash Algorithm SHA) and presents a new digi GSA) and present digital signature technique, the Digital Signature for encryption or key exchange. Fig, 1.81 Fig. 1.8.1 DSS approach * Buses a hash funet function. The hash code along with a random code ig ae to a signature ction 1on also depends on the s © 8 §t0UP of communicat ture consistin, $n of 0 concent, sender's private key (PRA) and a set of ing principles, Network Security te EEEED digi 53 Introduction |At the receiving end, the hash code of the incoming message is generated. This plus the signature is input to a verification function. Fig. 1.82 shows the RSA approach. In the RSA approach, the message to be signed is input to a hash function that producs a secure hash code of fixed length. This hash code is then encrypted using the sender's private key to form the signature, Both the message and the signature are then transmitted. ' TL? 7 ‘Compare Fig. 1.8.2 RSA approach ‘The recipient takes the message and produces a hash code, The recipient alsc decrypts the signature using the sender's public key. If the calculated hash code matches the decrypted signature, the signature is accepted as valid. al Signature Algorithm There are’ three parameters that are public and can be common to a group of users. Prime number q_is chosen and it is 160-bit. A prime number p is selected with a length between 512 and 1024 bits such that q divides (P ~ 1). & is chosen to be of the form h” ~!/9 mod p where h is an integer between 1 and @-9). th these number, user selects a private key and generate a public key. The private key x must be a number from 1 to (q ~ 1) and should be chosen randomly ‘or pseudorandomly. ‘The public key is calculated from the private key as y = g* mod p. To create a signature, a user calculates two quantities, rands, that are functions of Public key components (P, 4,6) User's private key (x) ii ash code of the message i(M) ‘An additional integer (K)sender's public key and the ry matches the r components of 5000 and service | Digalsgnat | non-repudition and confi server side to accommodate the upto 2000, we simply require a message digest to obtain Here we use SSL to avoid message but also encrypt it. This is a combination of authorization services and cryptography services. | required ——_— — 120 Message digest | | 2001-5000 | Digital signature | sooo and above | Dig signature and ene | | ald i let ed eit cme ei | CE | ing end sigue eatin | TECHNICAL PUBEICATIONS® - an up-trust for knowiedzenetwork Socuty [EB Two Marks Questions with Answers ssive attack with example. active attacks cE faa inguish active and pas ‘ans. : Difference between passiv I se Passive attacks: Active attacks the nature of, monitoring of, ‘Types: Release of message contents and i analysis 5 Redoes not affect the system. | 92 What are the key principle of security ‘ans: Key principle of security is Confidentiality, integrity, and availabilty | Confidentiality means protecting. information from nofficial broadcasting and | wruthorsed access to people, Data integrity aims to maintain the informa | consistency, accuracy, and authenticity. Availabilty is to provide data, technological | nfastructure, and applications when the organisation needs them. " 103° What is meant by denial 02 Wat ig meant by denial of service attack 7 It Active Attack or Passive ‘Ans. : Fabrication causes Denial of se | of service attacks, DOS prev us | management of communion faites Ie is ative atk MOA | a4 Define an attack, ‘a system security that derives | SSH Policy of aytem as LUst some examples of security attacks, 2 Gi aout aces notin )Diallow espontbilty or hay — nlp chester’ etimate 4) Prevent the function of software, 5) Cause others to violate a protocol by means of introducing, incorrect information, .6 What is a passive attack ? ve attacks are in the nature of eavesdropping on, or monitoring passive attacks are release of message contents and tr What is an active attack ? | ‘ans. : An active attack involves some modification of the data stream or the creation | of a false | Ce | sdivided into four types | 1. Masquerade 2, Replay 3. Modification of message 4. Denial of service | 8 Categorize passive and fans, : Active attacks can be Passive attacks are of two types : 1. Release of message contents 2, Traffic analysis | 9 What are the aspects of information security ? ‘Ans. : There are three aspects of the information security. ie. security attack, secut | mechanism, security service. Q.10 What is a threat ? List their types. is a possible danger that might expl 11 What is encipherment 7 of mathematical algorithms to transform data into a form that is not le. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. 12 Define symmetric encryption. es ‘Ans, + In symmetric encryption, sender and receiver use same key for encryption and | decryption. | ingradients of a symmetric cipher ? | ents + Plaintext, Encryption | .13_ What are the essenti “Ans. :'A_ symmetric encryption scheme has five ingra | algorithm, Secret key, Ciphertext, Decryption algorithm. ae“Ans. : Asymmetric encryption li block modes don't get used wit blocks with an asymmetric scheme would be really slow. Introuction Network Security F caus” what are the two basic functions used in the encryption algorithm ? | aaa rat are the neryption algorithms are based on two general principles | Anse: All the eneayP lo" eh each element in the plaintext is mapped into another In which elements in the plaintext are rearranged. The is that no information be lost xe required for two people to communicate ler and receiver use the same Key, the system is referred as y, seciet-key or conventional encryption. If both sender and ferent key, the system is referred as asymmetric, two-key or public cipher 2 | as) Hoi many Keys at | receiver use a | ey encryption. | q.16 Why is asymmetric cryptography bad for huge data ? Specify the reason. the maximum size of the plaintext. In practic, Jrnmetric eneryplion, because encrypting many 2.17 What are the two general approaches to attacking a cipher ? Ans. : The two general approaches for attacking a cipher. 1. Cryptanalysis : Cryptanalytic attacks rely on the nature of the algorithm plus pethaps some knowledge of the general characteristics of the plaintext or even some samples plaintext-cipher text pairs. 2, Brute-force attack : The atlacker tries every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained. 0.18 isti Ans. : + ‘The main difference between threat and tentional cr unintentional where as an tack is int * Threat is a circumstance that has potential to cause loss or damage whereas attack. is attempted to cause damage. * Threat to the information system doesn't mean information was altered or damaged but attack on the information system means there might be chance to alter, damage, or obtain information when attack was successful ‘+ A security threat is the expressed potential for the occurrence of an network Security 1-59 Intosution “quid Difleenate MAC and Hash uncton, = fins: The major ifeence between hash and MAC is that MAC utes eee ee during the compression, Unlike a MAC, a hash code does not use a key but only of the input message. | MAC ? Mention the requirement of MAC. Pausinec20 ff Ans: ion technique involves the use of a small fixed size | block of data, known as a cryptographic checksum or MAC that is appended to the | = | 21 What is a Hash in cryptography 7 a | when employed in cryptography the hash additional properties. 22 What ‘Ans. : An alternative authentication technique involves the use of a sm block of data, known as a eryptographic checksum or MAC that is appended to mesiage. ‘a message authentication code 7 | Q.23 What is the difference between a message authentication code and a one-way hash function ? ‘Ans. : The difference between a MAC and a one-way h MAC, a hash code does not use a key but is a funct Q.24 Is it necessary to recover the secret key ii order to attack a MAC algorithm ? Ans. : A number of keys will produce the correct MAC and the oppo of knowing which the correct key is, On an average 2 Therefore attacks do not require the discovery of the Key. Q.25 What is the function of a compression function in a hash function 7 tion involves repeated use of 26 What is the use of digital signature 7 ‘Ans. : Data appended to, or a data unit that allows ar Prove the source and integrity of the data unit and protect against forgery. | ee 0.27 What is a birthday attack ? | ‘Ans. A birthday attack is a name used to refer to class of brute-force attacks It gets of the data us | its name from the surprising result that the probability that two or more people in a7 Introduction tie Network Security 1 — = ater than 4 such a result is called a & one-way function, | cig vray hash fonction the two approaches of digital signature 7 32 How is the security of MAC fur wns. Security of MAC functions : ‘The security of any HMAC function based on the cryptographic strength of the ying hash function of a MAC function expressed in terms of the probability of successful forgery with a given amount of time spent by the forger and a given number of ‘message-MAC pairs created with the same Key. goa UNIT Key Management and Authentication Contents 21 22 23 24 25 26 27 28 29 Key Management and Distribution X.509 Certificates Public-Key infrastructure User Authentication Remote User Authentication Principles Remote User-Authentic May-18,19, Dec.-21, 9 using Symmetric Encryption Remote User-Authentication Using Asymmetric Encryption Kerberos Systems Two Marks Questions with Answers May-14,15,18,19, Dec.-21, Marks 6 Marks 16 TECHNICAL PUBLICATIONS? - an upstmst {for knowledgeNetwork Secunty 2.2 Netwonsecuny eBoy Management ond Authrtatn [Ed Key Management and Distribution + The purpose of public key cryptography is, The disteibution of public keys. use of public key encryption to distribute secret keys. EREA bistribution of Public Keys ic key algorithm, any participant can send his or her public key 0 any participant or broadcast the key to the community at large, “a N~N my Pu Puy Puy ~ _ Puy Pu, Fig. 2.1.1 Public key distribution * Because of the growing popularity of PGP, which makes use of RSA, many PGP ies have adopted the practice of appending their public key to messages that [ney fend to public forums, such as USENET newgroups and Intemet mailing * The disadvantage is that, anyone can forge such some user could pretend to be user A artcipant or broadcast such a public key. 2. Public a 4 public announcement. That is, and send a public key to another YY maintaining a publicly availabl ince and distribution of the publi ‘© Be the responsibility of some trusted entity. oF dynamic directory of public keys. Maintena TECHNICAL PUBLICATIONS® « an up-thust for tnruiarin network Securly 2-3 ‘Key Management and Autentcston «Fig. 21.2 shows public key publication, Pubic key droctary Fig. 2.1.2 Public key publication ‘+ Such a scheme would include the following elements 1, The authority maintains a directory with a (name, public key} entry for each participant a public key with the directory authority. sn would have to be in person or by some form of secure authenticated communication. 3. A participant may replace the existing key with a new one at any time, 4. Participants could also access the directory electronically. 3. Public key authority ‘+ Fig. 2.1.3 shows public key distribution scenario, Public key ‘authority @ Request [| Tenoy Responder 2 Qe, ee) EIU, No) Fig. 2.1.3 Public key distribution scenariotimestamp, ic hey and also uses it to encrypt a Message to B cong A which is used to entity es A’ public Key from the authority in the same manner a5 retrieved B's public key Public keys have been securely delivered to A and B and they may begin th protected exchange. B sends a message to A encrypted with PU, and containing. A’s nonce (N, well as a new nonce generated by B(N3) A retums N,, encrypted using B's public key, to assure B that iy correspondent is A. Drawback Public Key authority could be somewhat of a bottleneck in the system. The directory ‘of name and public keys maintained by the authority is vulnerable to tampering. 4, Public key certificates * Certificates can be used by participants to exchange keys without contacting a ate consists of a public key plus an identifier of the the whole block signed by a trusted third party. public key authority. C key owner, a certificate authority, such as government agency or a finan trusted by the user community. . A user can pres or her public ey to the authority in a secure manner, and obtain a certificat | y “ere ‘The user can then publish the certificate, + Requirements on this scheme 1. Any participant can read a cer the certificate's owner, fe to.determine the name and public key of 2. Any patticipant can verify that the cent authority and is not counterfeit, ate originated from the certificate ow {he cetifcate authority can create and update cettificates. " Patcpant can verify the currency ofthe certificate : key Management and Authentication notnork Secu 25 oy ‘A certificate scheme is illustrated in Fig. 21.4. Each participant applies to the Fig. 2.1.4 Exchange of public key certificates the authority provides a certificate of the form where PRay is the private key used by the authority and T is a timestamp. [ERE] Distribution of Secret Keys using Public Key Cryptography ic key encryption provides for the distribution of secret key to be used for conventional encryption. Simple secret key distribution If user A wishes to communicate with user B, the following procedure is employed + a message 10 1, User A generates a public/private key pair (PU,, PR,| and transmits a message lentifier of A, IDp, ‘user B consisting of PU, and an identi . i" smits it to user A, encrypted with A’ 2. User B generates a secret key (K,) and trans nied ey. Because only A can Dae pte DPR Uy Ko sete see ey s the identity of K, decrypt the message, only user A and user B know the identity of Ky iscards PU, 4. User A discards PU, and PR, and user B discards P 5, Fig. 2:15 shows use of public key encryption. eee an maT? on pte(ey Management a i AD fey nese a peter sec) \ @ PUalltOn [BEDI Key Distribution and certiieation ED «+ Management and handling of the pices of secret information is generally referred @ ePULH) to as key management, nonwork Securiyy ar ‘oy Management and Authentication 218 Use of public key encryption ange songs fs ‘e . cuveitiinal revocation, changing, expiration and transmission of the key. «ae Aan B can ne sry commune wg omveNTON ein] ey managent i the set of proces and mesh which Suppo ey the session key K,, At the completion of the exchange, nd B disc establishment and maintenance of ongoing keying relationship between partes, A inclading replacing older hey with new hee The protocol discussed above is insecure against an adversary w#hO ca ints + Two major mneseages and then either relay the intercepted message or substitute angi ves in hey management are 1. Key life time 2. Key exposure vas a man in middle attack. message, Such an tack ™ Key life time - of use which can be measured as a duration of time. i uthontication Secret key distribution with confidentiality and authentica * «Fig, 2.16 shows the public key distribution of secret keys. Issue related to hey : 1. Users must be able to obtain securely a key pair suited to their efficiency and security needs, 2. Keys need to be valid only until a specified expiration date. | _3, The expiration date must be chosen properly and publicized securely. 4, User must be able to store their private keys securely. tes must be unforgettable, obtainable in a secure manner, Key Infrastructure + Public Key Infrastructure (PKI) is a well-known technology that can be used to jentities, encrypt information and digitally sign documents. Fig. 2.6 Public key distribution of secret keys + It provides protection against both passive and active attacks. . 1. A uses B's public key to encrypt a message to B containing an identifier ofA] (Dg) and a nonce ich is used to identify this transaction uniquel 2. B sends a message to A encrypted with PU, and cont: a with PU, and containing A’s nonce (Nj) exchange and Virtual Private Networks (VPN) and intranets and is also used to well as a new nonce generated by B(N) : sa ss and manages relationships of : tronic exchange, * PKI also uses unique Di 3.4 returns Ny encrypted using D's public key, to’ assure Bhat | . ;cle management of public correspondent is A, ee ei backup, 4 A selects a secret key K, and sends M = E(PU,, E(PR, 5. B computes D(PU,, )) to B. recover the secret key. . recovery, updating and revocation to the PKI. All users of PKI must have a registered identity, which is stored in ¢ certificates ea Remote users and sites using public private Keys and public key er authenticate each other with a high degree of confidence. _ ites ach aoerin ene da __—— TECHNIGAL PUBLICATIONS® - an up-stfor Anowedl®,F stolen or copied from the owner. 2. The certificate must be issued to the owner in accord with the stated policy of verify identity Benefits of PKI 1, Confidential communication : Only intended recipients can read files. 2, Data 3. Authentication : Ensures that parties involved are who they claim to be. 4. Non-repudiation : Prevents individuals from denying Limitation of PKI The problems encountered deploying a PKI can be categorized as follows 1. Public key infrastructure is new 2. Lack of standards 3. Shortage of trained personnel 4, Public key infrastructure is mostly about policies. es are digital documents that are used for secure authentication of ‘communicating parties. + A cetfificate binds identit iod. information about an entity to the entity's public key signed by a Trusted Third Party (TTP) who has verified 1 key pair actually belongs to the entity, * Catcats canbe though of as analogous to passports that guarante thei of their bearers. ted. party who issues certificates to the identified end entities a Certification Authority (CA). * Certification authorities can be thought of as bein, issuing passports for their citizens. * A cettifcation authority can be mana Provider or the CA can belong to the s: 18 analogous to governments iged by an extemal certification service same organization as the end entities, TECHNICAL PuBLICATIONS® ......, ‘ey Management and Authentication ave a private key that’ has not been ‘oy Management and Athenteaton nore Seu _2-9_key Management and Auhenteaton, 1+ CAs can also issue certificates to other (sub) CAs. This leads to a treetike certification hierarchy. qThe highest trusted CA in the tree is called a root CA. lelegate the responsibilty for number of certificates required may be too large for a single CA ferent organizational units may have different policy requirements; or it may be important for a CA to be physically located in the same geographic trea as the people to whom it is issuing certificates. «The X09 standard includes a model for setting up a hierarchy of the certification authority. Fig. 21.7 shows the hierarchy of certificate authorities. Root CA $ Aaah = USCA orirate | —«“Sibartnae «=a iB cA cA cA Tarkan Engine=ina) Sales CA Ca cA Suborainate ‘Subordinate as cA cA eas contifeate SS Jicsicsty S_Jenginceting ca 1 Hicrarchy of CA at the top of the hierarchy : That is, the cestifiate is In the Fig. 2.17, the root CA certificate is a self-signed certificate the same entity. ‘The CAs, that are directly subordinate to the root CA ate CAS root CA. CAs under the subordinat aera y the higher level subordinate CAS of flexibility in terms of the way have CA extificates sine the hierarchy have theit certificates signed b ey st up tit Organizations have a great deal CA hierarchies. monet SUBLICATIONS® = an upetnnust fOra ion data using © corresponding tp ing enlity can verify the signature with the public key of the sender te, entity must verify the cer wecking, the validity and the signature of the CA in the certfica Tce enty must also vey the sgnatanes the root CA. . a and the receiving enti tras the rot CA, the fi ited successful 7 key of an end entity is romeo the sight to athena sate is lost before are ta rata exinton dat the CA at ro PKI users abou * * ties should check the latest ees L whenever they are verifying a . Key length and encryption strength + The strength of encrypt tion depends on m pends on both the cipher used and the length of the Beeston ona ie ollen described in terms of the size of the keys used to 'e encryption : In general, longer keys provide stron, Key length is measured in bi ee . For example, 128-bit ke = ; ‘ys for use with the RCL ih, GBher supported by SSL provide significantly beter eryptopraphi eS an 40-bit keys for use with the same cipher, ed wughly speaking, 128-bit i : opr RC4 encryption is 3%10% times stronger than 40-bit TECHNICAL PuBLIcATIONS® = an up-thrust for knowledge network SO Key Management and Authentication «Different ciphers may require different key lengths to achieve the same level of encryption strength «The RSA cipher used for public-key encryption, for example, can use only a subset of all possible values for a key of a given length, due to the nature of the mathematical problem on wi Other ciphers, such as those used for symmetric key encryption, can use all possible values for a key. of a given length, rather than a subset of those values, ‘Thus a 128-bit key for use with a symmetric key encryption cipher would provide stronger encryption than a 128-bit key for use with the RSA public-key encryption cipher. EEA Key Distribution + For symmetric encryption to work, the two parties to an exchange must share the ime key, and that key must be protected from access by others. Key distribut refers to the means of delivering a key to two parties who wish to exchange data, ithout allowing others to see the key. For two parties A and B, key distribution can be achieved in a number of ways, as follows. 1. User A can select a key and physically deliver it to user B 2. A third party can select the key and physically deliver it to user A and user B. . If user A and user B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key. If user A and user B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to user A and user B. «For manual delivery of key, options 1 and 2 are used. These options are suitable for link encryption. + Option 3 is suitable for link encryption or end-to-end encryption. For end-to-end encryption, some variation on option 4 has been widely adopted ‘The use of a key distribution center is based on the use of a hierarchy of he Minimum two levels of Keys are used. Fig. 21.8 shows the use of a key hierarchy + Communication between end systems is encrypted using a temporary Key. O81 7 a session session key is used for the duration of @ referred to as a session key. The ay Bed te ind then connection, such as a frame relay connection, discarded. noni? TECHNIGAL PUBLICATIONS? - an up-tust FOCryptographic protection Session hoys H Non-eryptographic protection Mastor keys Fig, 24.8 Use of a key hierarchy ted in encrypted form, using a master key that is. shared ‘center and an end system or user. For each end user, there {9 unique master key that "A wishes to establish a logical connection wi key to prot master key (K,), known onl user B and requires a one connection. User A has @ That KEG The fling sp sour "HS a request to the KDC fora sess ae fe ra cesion key to protect a logical connection % Mentity of A and B and a unique identifet Key Management sed Authertexton tse in the upcoming session and forward to B the ated at the KDC for B tore SOU 249 1K 10,0) BECK ta) Fig, 2.1.9 Key distribution scenario ‘+ Steps 1, 2 are used for key distribution and steps 3, 4, 5 for authentication. Session key I 1, For connection-oriented protocol ‘+ Use the same session key for the length of time that the connection is open. Use new session key for each new session. ime, change the session key periodically. explicit connection initiation or termination. Transparent key control scheme + Fig. 21.10 shows automatic key distribution for connection - oriented protocol * Assume that communication make use of a ‘connection-oriented end-to-end protocol, such as TCP. 2 KDC resp Ponds with a message encrypted using K. Techese usu carions® * 80 uptnst for krowiedge TECHNICAL PUBLICATIONS® - an up-hnst for knowl14 Key Management and Aut Network Secuiy z entiation Host Host Fig, 2.140 Automatic key distribution for connection-oriented protocol + Following steps occurs 1. Host sends packet requesting connection. 2. Session Security Module (SSM) saves that packet and applies to the KDC for permission to establish the connection, KDC distributes session ey to both hosts. The requesting SSM lease the connection request packet, and a connection is set up between the two end systems. Decentralized key control + Decentralized approach requi secure manner with all pot distribution *+ A session key may be established with the following sequence of steps. 1. A issues a request to B for a session key and includes a none, Ny. 2. Brresponds with a message that is encryped using the shared master key. that each end system be able to communicate in a arter end systems for purposes of session key 43. Using the new session key, A returns f (Np) to B. @o,In, TECHNICAL PUBLICATIONS® . an up-trst for knowiedye 2.16 Key Management and Authentication a X.509 Certificates + X509 is part of X500 recommandations for directory service i. set of servers which maintains a database of information about users and other attributes, structure and authentication protocols base on use te format is emplied in S/MIME, IP defines al ‘The X.509 cert X.509 standard uses RSA algorithm and hash function for digital signature, ig: 2.2.1 shows generation of public key certificate. Hash cod user nackey | Ys sia, | Va’ cerete| nce Wl jcate format version 3 Fig. 2.2.2 X.509 Digital co ©. TECHNICAL PUBLICATIONS® - an up-hrst for know2.18 Key Management and Authentcay Network Sunt 1 of certificate form 1L Version : Identifies successive versions of cert 1 contains an unique integer number, which at the default is version cate serial number generated by Ce in Authority 3. Signature alg: x: Identifies the algorithm used by the CA to ig, certificate Issuer name : Identifies the distingu! shed name of the CA that created and signgy 5, Period of which the certificate is val specifies the name of the user to whom this ce It contains public key of 6, Subject name W’s public key information sted to that key. It is an optional field which helps to identify a cq uniquely if two or more CAs have used the same Issuer Name. Id which helps to identify a subject an optional (One or more fields used in version 3. These extensions convey information about the subject and issuer keys. contains hash code of the fields, encrypted with the CA’s includes the signature algorithm identifier, private key, Standard notations for defining a certificate CAccA>> = CAIV, SN, AL CA, aA, Aph where, CAccA>> indicates the ce CAIV nce Ap) indicates signing of V. Obtaining User's Certificate ieate are ~ key of CA can verify user public key. + The characteristics of user cert 1. Any user who can access put 2. Only e # All user cert ates are placed ino directory for access of other users. The public Key provided by CA is absolutely secure (wr ¥y and authenticity). , + If user A has obtained a certificate from CA X, te from nd user B has obtained a

You might also like

• The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  

  From Everand

  The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life

  Mark Manson

  4/5 (6185)
• Principles: Life and Work

  

  From Everand

  Principles: Life and Work

  Ray Dalio

  4/5 (629)
• The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  

  From Everand

  The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are

  Brené Brown

  4/5 (1150)
• Never Split the Difference: Negotiating As If Your Life Depended On It

  

  From Everand

  Never Split the Difference: Negotiating As If Your Life Depended On It

  Chris Voss

  4.5/5 (944)
• The Glass Castle: A Memoir

  

  From Everand

  The Glass Castle: A Memoir

  Jeannette Walls

  4/5 (8234)
• Grit: The Power of Passion and Perseverance

  

  From Everand

  Grit: The Power of Passion and Perseverance

  Angela Duckworth

  4/5 (633)
• Sing, Unburied, Sing: A Novel

  

  From Everand

  Sing, Unburied, Sing: A Novel

  Jesmyn Ward

  4/5 (1254)
• Shoe Dog: A Memoir by the Creator of Nike

  

  From Everand

  Shoe Dog: A Memoir by the Creator of Nike

  Phil Knight

  4.5/5 (877)
• The Perks of Being a Wallflower

  

  From Everand

  The Perks of Being a Wallflower

  Stephen Chbosky

  4/5 (8550)
• Her Body and Other Parties: Stories

  

  From Everand

  Her Body and Other Parties: Stories

  Carmen Maria Machado

  4/5 (879)
• The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  

  From Everand

  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers

  Ben Horowitz

  4.5/5 (361)
• Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  

  From Everand

  Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race

  Margot Lee Shetterly

  4/5 (969)
• Steve Jobs

  

  From Everand

  Steve Jobs

  Walter Isaacson

  4/5 (2955)
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  

  From Everand

  Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future

  Ashlee Vance

  4.5/5 (506)
• The Emperor of All Maladies: A Biography of Cancer

  

  From Everand

  The Emperor of All Maladies: A Biography of Cancer

  Siddhartha Mukherjee

  4.5/5 (282)
• A Man Called Ove: A Novel

  

  From Everand

  A Man Called Ove: A Novel

  Fredrik Backman

  4.5/5 (5010)
• Angela's Ashes: A Memoir

  

  From Everand

  Angela's Ashes: A Memoir

  Frank McCourt

  4.5/5 (503)
• The Art of Racing in the Rain: A Novel

  

  From Everand

  The Art of Racing in the Rain: A Novel

  Garth Stein

  4/5 (4294)
• The Yellow House: A Memoir (2019 National Book Award Winner)

  

  From Everand

  The Yellow House: A Memoir (2019 National Book Award Winner)

  Sarah M. Broom

  4/5 (100)
• The Little Book of Hygge: Danish Secrets to Happy Living

  

  From Everand

  The Little Book of Hygge: Danish Secrets to Happy Living

  Meik Wiking

  3.5/5 (450)
• Brooklyn: A Novel

  

  From Everand

  Brooklyn: A Novel

  Colm Tóibín

  3.5/5 (2067)
• Yes Please

  

  From Everand

  Yes Please

  Amy Poehler

  4/5 (1989)
• Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  

  From Everand

  Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America

  Gilbert King

  4.5/5 (278)
• The World Is Flat 3.0: A Brief History of the Twenty-first Century

  

  From Everand

  The World Is Flat 3.0: A Brief History of the Twenty-first Century

  Thomas L. Friedman

  3.5/5 (2283)
• Bad Feminist: Essays

  

  From Everand

  Bad Feminist: Essays

  Roxane Gay

  4/5 (1071)
• The Woman in Cabin 10

  

  From Everand

  The Woman in Cabin 10

  Ruth Ware

  3.5/5 (2670)
• A Tree Grows in Brooklyn

  

  From Everand

  A Tree Grows in Brooklyn

  Betty Smith

  4.5/5 (1957)
• The Outsider: A Novel

  

  From Everand

  The Outsider: A Novel

  Stephen King

  4/5 (2176)
• The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  

  From Everand

  The Sympathizer: A Novel (Pulitzer Prize for Fiction)

  Viet Thanh Nguyen

  4.5/5 (132)
• Team of Rivals: The Political Genius of Abraham Lincoln

  

  From Everand

  Team of Rivals: The Political Genius of Abraham Lincoln

  Doris Kearns Goodwin

  4.5/5 (1912)
• A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  

  From Everand

  A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True Story

  Dave Eggers

  3.5/5 (692)
• Wolf Hall: A Novel

  

  From Everand

  Wolf Hall: A Novel

  Hilary Mantel

  4/5 (4081)
• On Fire: The (Burning) Case for a Green New Deal

  

  From Everand

  On Fire: The (Burning) Case for a Green New Deal

  Naomi Klein

  4/5 (76)
• Fear: Trump in the White House

  

  From Everand

  Fear: Trump in the White House

  Bob Woodward

  3.5/5 (830)
• Manhattan Beach: A Novel

  

  From Everand

  Manhattan Beach: A Novel

  Jennifer Egan

  3.5/5 (902)
• Rise of ISIS: A Threat We Can't Ignore

  

  From Everand

  Rise of ISIS: A Threat We Can't Ignore

  Jay Sekulow

  3.5/5 (143)
• John Adams

  

  From Everand

  John Adams

  David McCullough

  4.5/5 (2544)
• The Light Between Oceans: A Novel

  

  From Everand

  The Light Between Oceans: A Novel

  M L Stedman

  4.5/5 (795)
• The Unwinding: An Inner History of the New America

  

  From Everand

  The Unwinding: An Inner History of the New America

  George Packer

  4/5 (45)
• Little Women

  

  From Everand

  Little Women

  Louisa May Alcott

  4.5/5 (369)
• The Constant Gardener: A Novel

  

  From Everand

  The Constant Gardener: A Novel

  John le Carre

  3.5/5 (125)