Detailed Syllabus

Module
Unit Detailed Content Hrs
No. No.
Introduction and Number Theory
10
1.1 Security Goals, Services, Mechanisnms and attacks,
The OSI
security architecture, Network security model, Classical
Encryption techniques, Symmetric cipher model, mono-alphabetic
and poly - alphabetic substitution techniques : Vigenere cipher,
playfair cipher, Hill cipher, transposition techniques : keyed and
keyless transposition ciphers, steganography. (Refer Chapter 1)
1.2 Modular Arithmetic and Number Theory : Euclid's algorithm
-
Prime numbers Fermat's- and Euler's theorem - Testing for
primality - The Chinese remainder theorem, Discret logarithms.
(Refer Chapter 2)
2 Symmetric and Asymmetric key Cryptography and key Management 12
2.1 Block cipher principles, block cipher modes of operation, DES,
Double DES, Triple DES, Advanced Encryption Standard (AES),
Stream Ciphers : RCS algorithm. (Refer Chapter 3)
2.2 Public key cryptography : Principles of public key cryptosystems -
The RSA algorithm, The knapsack algorithm, ElGamal
Algorithm. (Refer Chapter 4)
2.3 Key management techniques : using symmetric and asymmetric
algorithms and trusted third party. Diffie Hellman Key exchange
algorithm. (Refer Chapter 5)
3 Hashes, Message Digests and Digital Certificates 06
3.1 Cryptographic hash functions, Properties of secure hash function,
MD5, SHA-1, MAC, HMAC, CMAC. (Refer Chapter 6)
3.2 Digital Certificate : X.509, PKI. (Refer Chapter 7)
4 Authentication Protocols & Digital signature schemes 08
4.1 User Authentication and Entity Authentication, One - way and
mutual authentication schemes, Needham Schroeder
Authentication protocol, Kerberos Authentication protocol.
(Refer Chapter 8)

Scanned by CamScanner
Module Unit Detailed Content Hrs.
No. No.
4.2 Digital Signature Schemes RSA, EIGamal and Schnorr signature
schemes. (Refer Chapter 9)
5 Network Security and Applications 10
5.1 Network security basics : TCP/IP vulnerabilities (Layer wise),
Packet Sniffing, ARP spoofing, port scanning, IP spoofing, TCP
syn flood, DNS Spoofing.
(Refer Chapter 10)
5.2 Denial of Service Classic DOS attacks, Source Address La
spoofing, ICMP flood, SYN flood, UDP flood, Distributed Denial
Le
of Service, Defenses against Denial of Service Attacks.
1.
(Refer Chapter 11)
5.3 Internet Security Protocols : SSL, IPSEC, Secure Email : PGP, 2

Firewalls, IDS and types, Honey pots. (Refer Chapter 12) 3.

6 System Security 06 4.

6.1 Software Vulnerabilities : Buffer Overflow, Format string, cross -

site scripting, SQL injection, Malware : Viruses, Worms, Trojans,
Logic Bomb, Bots, Rootkits. (Refer Chapter 13)
6

Scanned by CamScanner
 Lab Syllabus

Lab Code Lab Name Credit

CSL604 System Security Lab 01

Lab Outcome :

Learner will able to

1. To be able to apply the knowledge of symmetric cryptography to implement
simple
ciphers.
2. To be able to analyze and implement public key algorithms like RSA and
El Gamal.
3. To analyze and evaluate performance of hashing algorithms.
4. To explore the different network reconnaissance tools to gather information
about
networks.
5. To explore and use tools like sniffers, port scanners and other related tools for analysing
packets in a network.
6. To be able to set up firewalls and intrusion detection systems using open source
technologies and to explore email security.
7 To be able to explore various attacks like buffer -
overflow, and web - application
attacks.

Suggested Experiment List : (Any 10)

Sr. No. Description
1
Design and Implementation of a product cipher using Substitution and
Transposition ciphers.

2 Implementation and analysis of RSA Cryptosystem and Digital signature

scheme using RSA/EIGamal.
Implementation of Difie Hellman Key exchange algorithm.

4 For varying message sizes, test integrity of message using MD -5, SHA -1,
and analyse the performance of the two protocols. Use crypt APls.

Scanned by CamScanner
Sr. No.
Descriptlon
5 Study the use of
network reconnaissance
nslookup to gather tools like WHOIS, dig,
information about traceroute,
networks and domain
6 Study of packet registrars.
sniffer tools : wireshark,
:
1. Download and
instll wireshark and capture
promiscuous mode. icmp, tcp, and
htp packets in
2. Explore how
the packets can be traced based on different
7 filters.
Download and install nmap.
Use it with different
perform OS fingerprinting, options to scan open
ports,
do a ping scan, tcp port scan,
Scan etc. udp port scan, xmas

8 Detect ARP spoofing

using nmap and/or open source
wireshark. Use arping tool ARPWATCH
tool to generate gratuitous and
wireshark. arps and monitor
using
9 Simulate DOS attack
using Hping, hping3
and other tools.
10 Simulate buffer overflow
attack using Ollydbg, Splint,
11 a. Set up IPSEC Cppcheck etc.
under LINUX.
b. Set up Snort
and study the logs.
12 Setting up personal Firewall
using iptables.
13 Explore the GPG tool of
linux to implement email
security.
14 SQLinjection attack, Cross -
Cite Scripting attack simulation.

Scanned by CamScanner
 Crypt. & Sys. Security
(MU-Sem. 6-Comp)
oute,
Table of Contents

Module 1
s
Chapter1:Introduction to Cryptography
in
Syllabus : Security Goals,
Servicos, Mochanisms to
1-1 1-57
model, Classical Encryption and attacks, The OSI
techniques, Symmetric soCurity architocturo,
techniques : Vigenere cipher model, mono-alphabetic Network security
cipher, playfair clpher, and poly-alphabetic
Hill cipher, substitution
ts, ciphers, steganography. transposltion techniquos :
koyed and keyless
transposition
1.1 Introduction ...
Syllabus Topic : Security
Goals. 1-1
1.2 Security Goal (Dec.
15) 1-2
Syllabus Topic : Services...
1-2
1.3 Security Service (Dec. ....
16).... 1-4
Syllabus Topic : Mechanisms
and Attacks.. 1-4
1.4 Security Mechanisms (Dec.
15, May 16)... 1-8
1.4.1 Specific Security Mechanism/ 1-8
Attack Prevention.
1.4.2 Pervasive Security Mechanisms 1-8
/ Attack Detection,
1.4.3 Attack Avoidance 1-9
1.5 Security Attack (May 18). 1-9
1.5.1 Difference between Active 1-10
Attack and Passive Attack.
Syllabus Topic : The OSI Security 1-16
Architecture..
1.6 The OSI Security Architecture.. 1-16
Syllabus Topic : Network Security 1-16
Model.
1.7 Operational Model for 1-17
Network Security
1.8 Basic Terminology in Network 1-17
Security.
1.8.1 Cryptanalysis/ Cryptographic Attacks. 1-18

1.9
Syllabus Topic : Classical Encryption
Encryption Methods.
Techniques .. 1-20
1-23

Syllabus Topic : Symmetric Cipher .1-23

Model.
1-23
1.9.1 Symmetric Key Cryptography.
1-23
1.9.2 Asymmetric Key Cryptography...
.. 1-25
1.9.3 Difference between Symmetric and Asymmnetric
1.10 Block Cipher Principles ...... Key Cryptography....
1-28
1-29
1.10.1 Stream Cipher.....
1-29

Scanned by CamScanner
 Table of Contents
Crypt. & S
6-Comp) 2
Sys. Security(MU-Sem.
Coypt. & 1-31

Block Cipher..
.. 1-32 Syllabus
1.10.2 Euclic
Block Cipher (Dec. 16)..
Differentiate between Stream and 1-32
2.2
1.10.3 2.2.1
Confusion and Diffusion..
1.10.4 1-33
and Diffusion. Syllabus
1.10.4(A) Difference betwccen Confusion 1-34
Techniques. Chine
and Poly-alphabctic Substitution 2.3
Syllabus Topic : Mono-alphabetic 1-34 SyllabuS
Substitution Cipher Techniques (Dec. 15)... ... 1-35
1.11
2.4 Eule
1.11.1 Caesar Cipher...
.. 1-36 2.4.1
1.11.2 Monoalphabetic Cipher
1-37 Syllabus
1.11.3 Polyalphabetic Cipher (Dec. 15).. .
1-37 Disc
1.11.3(A) Procedure of Polyalphabetic Cipher. 2.5
1.11.3(B) Difference between Polyalphabetic and Monoalphabetic (Dec. 17)......... 139 2.6 Fern
1-39 Chapte
Syllabus Topic : Playfair Cipher..
1.11.4 Playfair Cipher... 1-39

1.11.5 One Time Pad (Vernam Cipher)... 1-46

...
Syllabus Topic : Hill Cipher 1-48 Chapter 3:
1.11.6 Hill Cipher. ...
1-48 : B
Syllabus
:
Syllabus Topic Transposition Techniques. 1-51 Encryption $t
1.12 Transposition Cipher Techniques (May 16). 1-51 Syllab
Syllabus Topic : Keyed Transposition Cipher...
1-52 3.1 Bl
1.12.1 Columnar Transposition Technique 1-52 Syllab
1.12.2 Keyless Transposition Techniques. 3.2 B1
1-54
Syllabus Topic : Steganography.
1-56 3.
1.13 Steganography Applications and Limitations....
1-56 3.
Chapter Ends....
..1-57 3.

Chapter 2: Modular Arithmetic and Number 3.

Theory 2-1 to 2-21
3
Syllabus :
Modular Arithmetic and Number Theory :
Euclid's algorithm - Prime numbers-Femat's
-
theorem Testing for primality The Chinese
- and Eulers 3
remainder theorem, Discrete logarithms.
Sylle
2.1 Modular Arithmetic
2-1 3.3
2.1.1 Mathematical Background...
2-1
Syllabus Topic : Prime Numbers..
2-2

2.1.1(A) Prime Numbers.

...22
2.1.1(B) What is GCD?.
..2

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
3
Table of Contents
:
Syllabus Topic Euclid's Theorem
Euclid's or Euclidean Algorithm. .2-4
2.2
2-4
2.2.1 Extended Euclidean Algorithm.
Syllabus Topic : The Chinese Remainder .2-8
Theorem...
2.3 Chinese Remainder Theorem.. 2-11

Syllabus Topic : Euler's Theorem. .2-11

2.4 Euler Totient Function o(n) .... .2-15
2.4.1 2-15
Euler's Theorem
Syllabus Topic : Discrete Logarithm. 2-16

2.5 Discrete Logarithm .2-17

2.6 Fermat Theorem.. ..2-17
Chapter Ends .2-19
..2-21
Module2
Chapter 3:Symmetric Key Cryptogra
3-1 to 3-28
Syllabus : Block cipher principles, block cipher
modes of operation, DES, Double DES, Triple DES,
Encryption Standard (AES), Stream Ciphers : Advanced
RC5 algorithm.
Syllabus Topic : Block Cipher Principles..
.3-1
3.1 Block Cipher Principles
3-1
Syllabus Topic : Block Cipher Modes of Operation
3-1
3.2 Block Cipher Modes of Operation.
3-1
3.2.1 Electronic Codebook (ECB) Mode (Dec. 16)
......... 3-2
3.2.2 Cipher Block Chaining (CBC) Mode (Dec. 16)...
*****... 3-3
3.2.3 Cipher Feedback (CFB) Mode.
.3-4
3.2,4 Output Feedback (OFB) Mode
3-6
3.2.5 Counter (CTR) Mode.
3-7
3.2.6 Algorithm Mode Details and Usage. 3-9
:
Syllabus Topic DES.
.3-9
3.3 Data Encryption Standard (DES) (Dec. 15, May 16, May 17, May 18) 3-9
3.3.1 Conceptual View of DES.. .3-10
3.3.2 Detail Steps of DES.
..3-11
3.3.3 Initial Permutation (IP)..... .3-12
3.3.4 Rounds. 3-12

Scanned by CamScanner
 cypt. & S
Table of Contents
6-Comp)
Socurity(MU-Sem. 4.3.1(e
Crypt. & Sys. .3-1s
4.3.1(
Final Permutation.. ..3-15
3.3.5
Strength of DES s*.3-16 4.3.1(
3.3.6
Weakness in DES .3-16 4.3.2
3.3.7
Syllabus Topic : Double DES. .3-16 Syllabus
3.3.8 Double DES 3-17 Knap=
DES.
4.4
V Syllabus Topic: Triple .3-17 4.4.1
3.3.9 Triple DES ****.3-18 4.4.2
Syllabus Topic : Advance Encryption
Standard (AES).
.3-18 4.4.3
Advance Encryption Standard (AES)....
3.4 3-18 Syllabus
3.4.1 Introduction to AES.
.. 3-18 4.5 EIGa
3.4.2 Silent Features of ABS.........*.
.3-19 4.5.1
3.4.3 AES Encryption and Decryption Process...
3-20 4.5.2
3.4.4 Detail Steps for AES Encryption.
.3-24 4.5.3
3.4.5 AES Decryption.
Advace 4.5.4
3.4.5(A) Difference between Data Encryption Standard (DES) and
3-24 4.5.5
Data Encryption Standard (AES).
.3-25 • Chapte
Syllabus Topic : RC5 Algorithm.
3.5 RCS Algorithm. 3-25 Chas
•
5.:
Chapter Ends .3-28
:
Syllabus Ke
Chapter 4: Public 4-30
Key Cryptography 41to Hellmari Key e

Syllabus : Public key cyptography :

Principles of public key cryptgsystems - The RSA algorithm, The knapsack 5.1 Key
algorithm, EIGamal Algorithm. 5.1.

4.1 Public Key Cryptosystem with Applications. 4-1 Syllabu

4.1.1 -
Applications for Public Key Cryptosystem... Algorit
4-2
Syllabus Topic : Requirements and Cryptanalysis .. 4-3 5.1
4.2 Public Key Requirements and Cryptanalysis... 4-3 5.1
4.2.1 Public Key Cryptanalysis .....
....44 5.1
Syllabus Topic The RSA Algorithm:
4-5 5.1

:
RSA Algorithm Working, Key Length, Security (May
4.3
17).. 4-5
5.
4.3.1 Computational Aspects.... .. 4-l
5.
4.3.1(A) Exponentiation in Modular Arithmetic....... 4

5.
4.3.1(B) Efficient Operation using the Public Key.. 4-5

Scanned by CamScanner
 Crypt. & Sys. Security(MU-Sem. 6-Comp)
6 Table of Contents

4.3.1(C) Efficient Operation using the

Private Key.... 4-9
4.3.1(D) Key Generation (May 16)
*..4-10
4.3.1(E) The Sccurity of RSA......
,4-11
4.3.2 Solved Examples on RSA Algorithm....
.4-11
Syllabus Topic : The Knapsack Algorithm.
.4-25
4.4 Knapsack Algorithm.
.4-25
4.4.1 Problem Statement.
4-26
4.4.2 Dynamic-Programming Approach....
.4-26
4.4.3 Analysis ...
s....4-27
Syllabus Topic : ElGamal Algorithm.
.4-27
4.5 EIGamal Algorithm.
.4-27
4.5.1 Generation of ElGamal Key Pair.
.4-28
4.5.2 Encryption and Decryption....
.4-29
4.5.3 EIGamal Encryption
.4-29
4.5.4 EIGamal Decryption.
4-29
4.5.5 EIGamal Analysis
.4-30
Chapter Ends ...
..4-30
Chapter 5: Key Management Techniques
5-1to 5-24
Syllabus: Key management techniques : using symmetric and asymmetric
algoithms and trusted third party. Difie
Hellman Key exchange algorithm.

5.1 Key Distribution and Management.

5-1
5.1.1 Management
.5-1
Syllabus Topic : Key Management Techniques - Using symmétric and
Asymmetric
Algorithms and Trusted Third Party
5-2
5.1.2 Symmetric Key Distribution using Symmetric and Asymmetric Encryptions .... 5-2
5.1.2(A) Symmetric Key Distribution using Symmetric Encryption.
5-2
5.1.2(B) Distribution of Symmetric Key (Secret Key) using Asymmetric
Encryption......5-8
5.1.3 Distribution of Public Keys.
.5-10
5.1.4 Key Generation, Distribution, Storage and Usage .... ....5-13
5.1.4(A) Key Generation. .5-13
5.1.4(B) Key Distribution. ..
5-13

Scanned by CamScanner
 2 Crypt. & Sys. Security (MU-Sem. 6-Comp) Tableof Conterte
6

5.1.4(C) Key Storage .5-13

5.14(D) Key Usage... ...
5-14
5.1.4(E) Key Validation. .. 5-45
S.1.4(F) Key Updation.
..5-15
5.1.5 Importance of Key Management. ..5-45
Syllabus Topic : Diffie Hellman Key Exchange Algorithm..
.5-15
5.2 Diffie Hellman Key Exchange (Dec. 15, May 17).
.5-15
• Chapter Ends
.5-24

Module3
Chapter 6:Cryptographic Hash Functions
6-1 to 6-25
Syllabus: Cryptographic hash functions, Properties
of secure hash function, MD5,
SHA-1, MAC, HMAC, CMAC.
6.1 Hash Functions.
6-1
Syllabus Topic : Cryptographic Hash
Functions.
6-1
6.1.1 Cryptographic Hash Functions
6-1
6.1.2 Applications of Cryptographic
Hash
6.2 Simple Hash Functions 6-2

Syllabus Topic : Properties 6-6

of Secure Hash Function.
6.2.1 Properties of Hash Function 6-8
(Dec. 17).
6.2.2 6-8
Characteristics of Simple
Hash Function
6.2.3 Simple Hash Function Requirement ....6-8
and Security (Dec. 17).
6-8
6.2,4Hash Functions Based on Cipher
BlockChaining...
6-0
Syllabus Topic : MD5...
6.3 6-10
MDS Message Digest Algorithm
.6-10
Syllabus Topic : SHA-1....
.6-13
6.4 Secure Hash Algorithm (SHA)
(May 17, May 18).
c... 6-13
6.4.1 Difference between SHA-1 and
MDS (Dec. 15, Dec. 16, May
18)......
.... 6-16
6.4.2 Applications of Cryptographic Hash
Functions .6-17

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. 6-Comp) 7 Table of Contents

Syllabus Topic : MAC. 6-18

6.5 Message Authentication Codes (May 18)
6-18
6.5.1 Significance of MAC.
.6-19
6.5.2 Message Authentication Code based on DES
6-19
Matheniatical Equation ...
6.5.3 ....
6-20
Syllabus Topic HMAC... :
6-20
6.5.4 HMAC (Hash based Message Authentication Code).
.6-20
6.5.4(A) Complete HMAC Operation...
6-21
6.5.5 Difference between Message Digest and Message Authentication
Code 6-22
Syllabus Topic : CMAC
6-23
6.6 CMAC (Cipher Based Message Authentication Code) ....
6-23
6.6.1 The CMAC Tag Generation Process..
...6-24
6.6.2 The Verification Process.. .. 6-24
• Chapter Ends. ..6-25

Chapter 7: Digital Certificate

T1 to7-07
Syllabus : DigitalCertificate : X.509, PKI.

Syllabus Topic : Digital Certificate X.509 .7-1

.1 X.509 Authentication Service/ Digital Certificate (Dec. 15, Dec. 17)..
.7-1
7.1.1 Importance of Digital Certificate. .7-3
Syllabus Topic : PKI. .....
7-4
2 Public Key Infrastructure (PKI).... 7-4
7.2.1 Components of PKI. 7-5
7.2.1(A)) Certification Authority (CA).
.7-5
7.2.1(B) Registration Authority (RA). .7-5
7.2.1(C) PKI Clients.... 7-6
7.2.1(D) Public Key Certificate/ Digital Certificate. 7-6
7.2.1(E) Certificate Distribution System (CDS) Repository 7-6
7.2.2 PKI Applications / Services. .7-7
Chapter Ends .7-7

Scanned by CamScanner
 Table of Contents Crypt. &

6-Comp)
Security(MU-Sem.
Crypt.& Sys.
Module 4
8-1 to &-11 Chapter 10

8:Authentlcation Protocols authentication schemes,

Neerh Syllabus : N
Chapter and mutual
Authenticatlon, One-way scanning, IP
Authentication and Entity
Dylabus : User Kerberos
Authentication protocol. .8-1 Syllabu
Authentication protocol,
Schroeder
Syllabus Topic : User
Authentication. 8-1
10.1 TC
. 8-2
User Authentication 10.
8. Authentication.
Means of User 8-2
8.1.1 10.
Authentication.
Syllabus Topic : Entity ..8-2 10.
8.2 Entity Authentication. .8-3
8.2.1 Physical and Legal Identities. .....
8-3
10.

Authentication Protocol ......8-5 10.

8.3
Why there is a Need of Mutual Authentication
Protocol ?....
8.3.1 .... 8-5 Syllab
Authentication Protocol
Syllabus Topic : Needham Schroeder 8-5
- 10.2 Pa
8.3.2 Needham Schroeder Protocol.
8-7
Syllabus Topic : Kerberos Authentication Protocol Syllal
..8-7
8.4 Kerberos Authentication Protocol (May 16, May 18) 10.3 A
Difference between Kerberos Version 4 and Version 5. 8-11
8.4.1
Chapter Ends ......
. .8-11
1

Chapter 9 : Digital Signature Schemes 1to 9-08 Sylla

10.4
| Syllabus : Digital Signature Schemes- RSA, EIGamal and Schnorr signature schemes.
9.1 Digital Signature (May 16, Dec. 16) 9-1

9.2 Digital Signature Goals... 9-2 Syll

Syllabus Topic:Digital Signature Schemes 10.5
.$....9-4
9.3 Digital Signature Algorithms/ Schemes (May 16, Dec. 16)... Syl
9-4
Syllabus Topic : RSA Signature Scheme. 9-4 10.6
9.3.1 RSA Signature Scheme..... 9-4
Syllabus Topic:EIGamal Signature Scheme.
...9-5 Sy
9.3.2 EIGamal Scheme .. 9
10.7
Syllabus Topic : Schnorr Signature Schemes.
c..9-1
9.3.3 Schnorr Digital Significance Scheme.
9
Chapter Ends
..9-8

Scanned by CamScanner
Contents
Table of Contents
Crypt. & Sys. Security (MU-Sem, 6-Comp)

to Module 5
&-11

aedham Chapter 10: Network Security Basics 10-1 to 10-13

-... Syllabus : Network security basics : TCPIP vulnerabilitles (Layor wiso), Packet Sniffing, ARP spoofing, port
8-1 scanning. IP spoofing. TCP syn flood, DNS Spoofing.
....8-1 Syllabus Topic : TCP/IP Vulnerabilitices (Layer wise).
-... 10-1
8-2 TCP/IP Vulnerabilities (Layer Wise)....
.. 8-2
10.1 10-1

. 8-2
10.1.1 Application Layer. 10-1
10.1.2 Transpot Layer ....
.&-3 10-3
10.1.3 Network Layer.
.&-3 10-4
10.1.4 Data Link Layer.
8-5 10-7
10.1.5 Physical Layer ...
8-5 10-8
Syllabus Topic : Packet Sniffing....
8-5 10-9
10.2 Packet Sniffing.
8-7
10-9
3-7 Syllabus Topic : ARP Spoofing....
10-9
10.3 ARP Spoofing
10-9
1 10.3.1 What Is ARP Spoofing?....
10.3.2 10-9
ARP Spoofing Attacks.
Syllabus Topic : Port Scanning.. 10-9

10.4 Port Scanning .. 10-10

10-10
10.4.1 Types of Port Scans ...
Syllabus Topic : IP Spoofing. 10-10

10.5 10-11
P Spoofing (Dec. 15)
Syllabus Topic : TCP SYN 10-11
Flood
10.6 TCP SYN Flood 10-11
10.6.1 Attack Description. 10-11
Syllabus Topic : DNS 10-12
Spoofing
10.7 DNS Spoofing.. 10-12
10.7.1 Methods for Executing a 10-12
DNS Spoofing
Atack
Chapter Ends 10-13

.10-13

Scanned by CamScanner
 Table of Contents

10 11-1 to 11-14 12.1.2

6-Comp)
(MU-Sem.
Security UDP flood, 12.1.
Crypt. & Sys. SYN flood,
Servico spoofing, ICMP
flood, Syllabus
of
Chapter 11: Denial
Address
attacks,
Source
11-1 IP Se
Classic DOS Sorvico
AftackS. 12.2
Service Denial of
Syllabus : Denial of Defonses against 12.2
11-1
Distributed Denial of
Service,
- Classic DOS AttackS...
12.2
: Denial of service
Syllabus Topic
17)
... 11-1
Attacks.. May 17, Dec. 12.2
DOS and DDOS 16, Dec. 16, 11-2
(Dec. 15, May
11.1
DOS Attacks
Syllabu
11.1.1 11-3
of Attacks....
Classification Fire
11.1.1(A)
17) 11-5 12.3
Types of DOS Attacks (May 12.5
11.1.1(B)
Spoofing. 11-5
Address
Syllabus Topic Source
: 12.3
11-6
Source Address Spoofing.. 12.
11.2
: ICMP Flood. 11-6
Syllabus Topic 12.
11-7
11.3 ICMP Flood.... 12.4 Int
Syllabus Topic SYN flood...
: 11-7 12

11.4 SYN Flood. 11-8 Syllat

Flood.
Syllabus Topic UDP :
11-8 12

11.5 UDP Flood. .11-9 1

Syllabus Topic : Distributed Denial of Service. 1

.... 11-9
11.6 Distributed Denial of Service Attacks
11-9
11.6.1 Distributed Denial of Service Attacks....
Attacks. 11-10
11.6.2 Characteristics of Distributed Denial of Service
11-12
11.6.3 Methods of Denial of Service Attacks..
Attacks... 11-14
Syllabus Topic : Defenses against Denial of Service
11-14
11.7 Defenses against Attacks
SyL
.11-14
Chapter Ends
12.5
12-1 to 12-48
Chapter 12: Internet Security Protocols
pots.
Syllabus: Internet Security Protocols SSL, IPSEC, Secure Email PGP, Firewalls, IDS and types, Honey
:
:

-
Syllabus Topic : Internet Security Protocols SSL, IPSEC. 12-1 S

12-1 12.6
12.1 Secure Socket Layer (SSL) (Dec. 15, Dec. 17)
Working of SSL. 12-3
12.1.1
.. 12-4
12.1.1(A) Handshake Protocol (May 16).....

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 1
Table of Contents

12.1.1(B) Alert Protocol

12-7
12.1.1(C) Record Protocol
Syllabus Topic : IPSEC .....12-8

12.2 IP Security Protocols (May 16) ... 12-11

12-11
12.2.1 Authentication Header.
12.2.2 Encapsulating Security Payload ... 12-11

12-14
12.2.3 Security Association Database
(Dec. 17) ....
Syllabus Topic : Firewalls 12-18

12.3 Firewall Introduction 12-19

(May 16, Dec.
16).... 12-19
12.3.1 Firewall Characteristics.
12-20
12.3.2 Limitations of Firewalls.
12.3.3 Firewall Architecture and Types 12-20
(Dec. 16, May 17)
12.3.4 Firewall Configurations. 12-22

12.4 Introduction to Intrusion Detection. 12-25

12-27
12.4.1 Intrusion Detection
Syllabus Topic : IDS and Types 12-28
12-29
12.4.2 Intrusion Detection System : Need,
Methods, Types of IDS (May
12.4.3 Intrusion Detection Methods/ Techniques..
16),....... 12-29

12-33
12.4.3(A) Signature Based Detection
12-33
12.4.3(B) Anomaly Based Detection.
... 12-34
12.4.3(C) Stateful Protocol Analysis .
12-36
12.4.4 Types of IDS.
12-36
12.4.4(A) Network based IDS (NIDS)
12-37
12.4.4(B) Host Based IDS (HIDS)
12-39
Syllabus Topic : Secure Email - PGP....
12-39
12.5 Electronic Mail Security : Pretty
Good Privacy (May 16)..
12-39
12.5.1 Working of Pretty Good Privacy (Dec.
15)..
12-41
12.5.2 Backdoors and Key Escrow in PGP.
12-45
Syllabus Topic : Honey Pots..
..
12-47
12.6 Honeypot..
12-47
Chapter Ends ....
.....12-48

Scanned by CamScanner
 Table of
Contents

12 CHAR
6-Conmp
(MU-Sem.
Crypt. & Sys. Security
42 Module6 13-1 to 13-21
injection, Malware
SQL
Vulnerabllltles scripting,
Software cross-site
Chapter 13 : Overflow,
Format string,
13-1
Vulnerabilities : Butfer
Syllabus: Software Bomb, Bots, Rootkits. 13-1
Trojans, Logic
| Viruses, Wons,
13-2
13.1
Program Security.
Secure Programs Errors (Dec.
15).. 13-4
13.1.1
Non-malicious Program Syllabus
13.1.2 13-4
- Bomb, Bots.
: Malware Logic Security
Syllabus Topic 13-6
13.1.3
Malicious Software. Network
13-6
Worms mono-al
Syllabus Topic: Viruses and
Worms (Dec. 15, Dec. 16). 13-7
cipher,
13.1.4 Vius and
13.1.4(A) Types of Virus
13-8 steganog
13.1.4(B) Types of Computer
Worms 13-9
and Worm.
13.1.4(C) Difference between Virus 13-10
- Rootkits.
Syllabus Topic Malware Trojans, Intr
:
13-10 1.1
13.1.5 Targeted Malicious Code.. 13-12
13.1.6 Controls against Program Threats
...,.. In toda
- 13-13
Syllabus Topic : Software Vulnerability Buffer Overflow. on infc
13-13
13.2 Buffer Overflow (Dec. 15)..... Sensiti
- 13-15
Syllabus Topic : Software Vulnerability Format String.
13-15 The th
13.3 Format String Attacks.
Syllabus Topic : Cross Site Scripting..
13-18 is a ne
13.4 Cross Site Scripting (Dec. 16, Dec. 17).... 13-18 internE
... 13-19
13.4.1 Stored and Reflected XSS Attacks The I
13.4.2 Stored XSS Attacks 13-19
When
13.4.3 Reflected XSS Attacks 13-19
on a C
13.4.4 Other Types of XSS Vulnerabilities. 13-19
13.4.5 XSS Attack Consequences
Amor
13-20
Syllabus Topic : SQL Injection . 13-20
of all

13.5 SQL Injection (Dec. 17). 13-20

don'
• Chapter Ends and
.....13-21
On
• Lab Manual to L-66
...1 trans
man

Scanned by CamScanner
 CHAPTER Module1

Introduction to Cryptography

Syllabus
Security Goals, Services, Mechanisms
and attacks, The OSI security architecture,
Network security model, Classical
Encryption techniques, Symmetric
mono-alphabetic and poly-alphabetic substitution cipher model,
techniques : Vigenere cipher, playfair
cipher, Hill cipher, transposition techniques :
keyed and keyless transposition ciphers,
steganography.

1.1 Introduction

In today's high technology world, organizations are

becoming more and more dependent
on information systems.
Computer data often .travel from one computer to
another.
Sensitive and confidential information must be protected.
The threat to information security from criminals and
terrorist are increasing. Hence, there
a
is need to protect the information that is being exchanged between
individuals through
internet.
The Internet is ever growing and we are truly pebbles in a vast ocean
of information.
When it comes to the Internet there are millions and millions of users
logging on and off
on a daily basis.

Among those millions upon millions look at where we are. The fact is that about 30- 40%
of all users are aware of the things happening on their computers. The other simply either
don't care or don't have the proper knowledge to recognize if their system is under attack
and or being used by unauthorized users.
On the Internet nothing is quite what it appears to be, because information is just
transferred from one computer to another in a heartbeat. The uninformed will get hurt in
many ways.

Scanned by CamScanner
 Introduction 10 Cryptography
6-Conmp) 1-2
Crypt. & Sys. Security (MU-Sem. Crypt. &
Sys
Goals
Syllabus Topic : Security
2. Integrit
Principle of
1.2 Security Goal (MU - Dec. 15) reaches to a

Dec. 15, 2 Marks In this case

(Ref. sec. 1.2) through aut
Q. 1.2.1 Define the goals of security.
or information which is bejng as sent by
information security to protect data
Main goal of the data.
confidentiality, integrity and availability of intersection
transmitted and achieve the
of
information security:
The two imp
Following are the main goal
Data in
Goals of information
security System
and free
1. Confidentiality

2.
Integrity
3. Availa
Principle of
3. Availability
the time a
4. Data Authentication available to
software an
Fig. 1.2.1 : Goal of information security
For example
1. Confidentiality
Informatiom
Confidentially is most common aspect of information security.
Confidentially is defined on email ac
as the contents of a message are accessed
only by intended person. Aim of confidentially time as on
is that only sender and his intended receiver should
be able to access the contents of a authorized
message.
There is o
For example
attack.
In military application information
from one higher authority is sending These th
authority. During this transmission process to another highet
when third unknown person objectives
this confidential information is trying to get
which is not desired. This type
because of interception third person. of information leakage caused
of Here sender and receiver are
contents of message
which causes
unable to access the
loss of message confidentially.
The attack threatening the confidentiality
is traffic analysis.
Because of interception
occurred between sender
confidentially.
of receiver, sender is losing messag

Scanned by CamScanner
hu

Crypt. & Sys.

Security (MU-Sem.
6-Comp)
1-3
2, Integrity Introduction to
Cryptography
Principle of integrity
states that contents
reaches to authorize of message should
persSon. not be modificd
In this case change until 1t
in the information
through authorized nced to be done
mechanisms only. only by authorized person
as sent by an Integrity gives assurance and
authorized entity. that data received
intersection etc.). (No alteration, no modification, exactly
The attack threatening no deletion
integrity is modification and no
The two important concepts and masquerade.
:
Data integrity : Assures
information is changed
only
in authorized manner.
System integrity : Assures
that the system performs
and free from unauthorized manipulation. its intended function
properly
> 3. Availability
Principle of availability states
that resources must be available to
the time as on when required. assures authorized users at all
It that system works correctly
available to authorized users. and service is
The term resources may refer as
software and hardware components. confidential information,

For example
Information
stored in bank, student's information stored
in universities information stored
on email accounts.
All these information need to be available to
all authorized users at any
time as on when required. Imagine the situation if all above
information is nöt available to
authorized users.
There is only one attack which threatening principle of availability called
denial of service
attack.
These three concepts are termed as CIA triad and represent fundamental security
objectives for data and information services as shown in Fig. 1.2.2.

Information
security

Availability

Fig. 1.2.2: CIA triad

Scanned by CamScanner
 GryYptography
Introduction to
1-4 Crypt.
(MU-Sem. 6-Comp) & Sys.
Crypt. & Sys. Security
4
Data Authentication X.800 define
4. networks.
many applications in
is important in was sent
Data authentication to check whether that data really
or receiver
allows the user
Data authentication
by the actual sender or not. symmetric
this mechanism is achieved through
- party communication
In the two
cryptography. Authentication Code
share a secret key to calculate a Message
The sender and receiver
(MAC) of all communication data.
message
exact or actual sender, if and only if
Receiver knows that the data is send by
arrives with a correct MAC.
a property that a data has not been modified when it will
Data origin authentication is
transmit, this means data integrity.

Data origin
authentication 1. AuthenL
Sign and verify
Application data It is asSurano

Client application Server application

Authenticati
password or
Fig. 1.2.3: Data Authentication
during trans
Syllabus Topic : Services It can be fur
(i) Peer er
1.3 Security Service networ
messa
Q. 1.3.1
> (MU -Dec. 16)
(ii) Data
Define authentication and non repudlation
and show with examples how each
one can be achieved. (Ref. sec. 1.3) receive
Dec. 16, 5 Marks
Q. 1.3.2 Write short note on security service.
(Ref. sec. 1.3) 2. Autha
X.800 is a service provided by a protocol
layer of communicating open systems, to ensure Authorizat
the enough security of the system/ organization or requested.
of the data transfer.
RRC 2828 defines security or privileg
service as a communication
service provided by a system0
give protection to the system resources. Authoriza
the user a=
for access

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-5 Introduction to Cryptography

X.800 defines security services into following

categories:
Categories of security services

1. Authentication

2. Authorization

3. Access Control

4. Non-Repudiation

5. Auditing

6. Data Integrity

7.Data Confidentiality

Fig. 1.3.1: Categories of securityservices

1. Authentication
It is assurance of parties that they are authentic user in the communication network.
Authentication helps to identify the claimed identity of an entity, such as username
password or any other important information such as encryption or decryption keys stolen
during transmission between sender and receiver.
It can be further classified as follows:
() Peer entity authentication : It checks that the entities connected in communication
network are authentic and do not perform any attack like masquerade and replay of
messages in network.
(ii) Data origin authentication : It checks that the data is authentic without any changes
received by the receiver.
> 2. Authorization

Authorization service helps for checking whether the entity has the right to perform action
requested. Authorization means providing authority or pernission of accessing the system
or privilege of accessing data, directories, files etc of the system.

Authorization is one of the most important security aspects. It provides identification of

the user as authorized user. It is a kind of perimission given by the network administrator
for accessing the network.

Scanned by CamScanner
 Introduction to Cryptograph

crypt.
1-6
Security (MU-Sem. 6-Comp)
Crypt. & Sys.
There
For example withdrawing
money and bio. helps
while
sever login, ATM pin jdentification. An authorization
princip
Password used for are valid user o D
employee 6.
an office for checking company employee
machine used in ATM card
user and

helps
server administrator,
whether To as

modificatic
not.
Access Control prevent (1) Conne
3.
the access to the host systems. It
control
ability to limit and resources i Conne
Access Control is the
to prevent unauthorized use of a
resource. The service used ocoe
unauthorized use of a resources, under what conditions access can attem

complete control
over who can access to
(ii) Check
methodology.
and what are different accessing
Comm

For example messa_

user
access resources which is to be made available only to legitimate
It controls the of t: (iiü) Selecti
is allowed
Secondly it looks to the conditions of accessing the resource or network and what
user d
be done to the resources. inserte
4. Non-Repudiation (iv) Conne
Principle of non-repudiation states that sender sends some information and later on k and fo
denied that he never sends that information called non-repudiation.
(v) Select
) Non-repudiation, Origin :Proof that the message was sent by the specified party.
single
(G1)
Non-repudiation, Destination: Proof that the message was received by the specifie netwo
party.
7. D

For example
It is protec
Ramesh sends a request to bank about money transfer into Suresh account but later o
Ramesh Denying the money transfer request to bank. Principle of non-repudiation does () Conn
allow such type of refuses of sender. Non-repudiation prevents either sender or proted
receiver fro
denying a transmitted message. (ii) Conn
5. Auditing (iiü) Selec
COnne
Auditing services helps to trace which üser accessed what ? when? and which way
(iv) Traf
In general auditing does not provide protection but can be the tool for analysis
data
problems.

Scanned by CamScanner
 There are different security mechanism arc uscd to provide security services and
also
helps to prevent all types of attacks.

6. Data Integrity
To assure that the message receIVed is as sent with no
duplications, insertions or
modifications, delays or replays. The destructions of messages
have also been recovered.
() Connection integrity with recOvery : It provides integrity
of the user data on a
connection and detects modifications, insertions, deletions or
replay if any with a recovery
attempted.
(ii) Checks Connection integrity wthout recovery : It checks the integrity of the data in
communication network and detects various attacks like modification,
deletion replay of
messages in network but without any recovery of same.

(iii) Selective-Field Connection recovery : lt provides integrity of selected fields within a

user data or a data block to determine whether any
of the selected fields are modified,
inserted, deleted or replayed.

(iv) Connectionless integrity : It determines and checks the modification of single data block
and for preserving its integrity in connectionless network.

(v) Selective-Field Connectionless recovery :

It determines and checks the modification of
single data block of selected fields and for preserving its integrity in connectionless
network.

7. Data Confidentiality

It is protection of data to be accessed by unauthorized user.

(0) Connection confidentiality In case of a TCP connection set up between two systems, to
protect user data that is transmitted over the connection.

(i) Connectionless confidentiality : To protect data in a single data block.

(ii) Selective-Field confidentiality. : To protect selective fields with a user data or a
connection or a single data block.

(iv) Traffic flow confidentiality : To protect data that might be derived from observing the
data flow.

Scanned by CamScanner
 Syllabus Topic : Mechanisms and Attacks

1.4 Security Mechanisms

(MU- Dec. 15, May 16)

Q. 1.4.1 Specify mechanisms to achieve each goal. (Ref. seo. 1.4) Dec. 15,3 Marks

Q. 1.4.2 List with examples the different mechanisms to achieve security.

(Ref. sec. 1.4): May 16, 5 Marks
Q. 1.4.3 What are eightsecurity mechanisms to implement security ? (Ref. sec. 1.4)

As discussed earlier ITU-T Recommendation X.s00, Security Architecture for 0ST

defines systematic way to Defining the requirements for security. Characterizing the

approaches to satisfying those requirements.

Following are the eight different security mechanisms.

1.4.1 Specific Security Mechanism / Attack Prevention

These mechanisms are incorporated into the appropriate protocol layer in order to provide
some OSI security service. It is the
security mechanism implemented to prevent against
various types of attack before they can actually reach and
affet the target systems.
1. Encipherment
To use mathematical algorithms to transform data into a
form that is not easily
understandable. The transformation and subsequent recovery
depends on the algorithm
and the number of keys used.
2. Digital Signature

The data is appended to, or a cryptographic transformation

of, a data unit that allows the
receiver of the message to prove the source and integrity
of data unit against forgery.
3. Access Control
Various mechanisms used to enforce access rights to
the resources or it is the proceSS O
limiting the access to the resources of the Information System.
Firewall is the best
example of limiting the access control.

4. Data integrity

Various mechanisms used to assure the integrity of the data. Content should not nou
before it reaches to intended person.

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. 6-Comp) 1-9 Introduction to Cryptography

5. Authentication Exchange
The mechanism used to ensure the identity of thc entity by information
exchange.
6. Traffic Padding
To insert bits into gaps in the data stream to frustrate
traffic analysis attempt.
7. Routing Control
To allow some selected routes in network for routing or can change
the route if any attack
is detected in the network.

1.4.2 Pervasive Security Mechanisms / Attack Detection

These mechanisms are not specific to any of the OSI security service or
protocol layer.
This technique also called attack detection which is implemented to prevent,
if attacker bypass
the installed security measures to access the desired target/information. Attack detection
technique notifies such incidents happens and takes the responsibility to report someone
that
something went wrong somewhere in the system. Such type of mechanisms used to
inform the
administrator or authorized user that something went wrong in the system now its
job of
administrator or authorized user to take action against detected attack.

1. Event detection
Detection of security related events. Intrusion Detection technique is
the best example of
event detection.

2. Security audit trail

Data collected and used to facilitate security audit.
3. Security recovery
It deals with the recovery action and management functions for data that is lost or
disrupted in the network during communication.

1.4.3 Attack Avoidance

In these techniques data is sent over an insecure channel such as Internet in encrypted
ormat and decrypted at receiver side using keys under assumptions that attacker may
have
ICcess to the transmitted data.

Scanned by CamScanner
P Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-10 Introduction to Crypiography
The
encryption and decryption is performed on sending data by using well
cryptographic mechanisms such as: kngwn

Private Key Cryptography.

Public Key Cryptography.
Hash Functions.
We will'discuss all these cryptographic mechanisms
in upcoming chapters.

1.5 Security Attack

Q.
1.5.1
List and explain various types
>
(MU - May 18)
of attacks on encrypted message.
(Ref. sec. 1.5)
Q. 1.5.2 May 18, 5 Marks
Categories the different attacks.
llustrate hoW passive attacks lead to bu
loss. (Ret, sec. 1.5) business

In computer and computer

networks an attack is any attempt to
or gain unauthorized access alter, disable and destroy
of confidential information.
The X.800 and RFC2828 (the
communication service provide
kind of security to system resources) by a system to give specifi
classify security attacks into
two types namely :
Securlty attacks

(a) Passive attack

(b) Active attack

Fig. 1.5.1: Security attacks

(a) Passive Attacks

The information is only monitored

during data transmission between two persons
doesn't involve any modification to and
the contents of original message
attack. Passive attacks are furthered is called passive
classified into two subcategories as shown
Fig. 1.5.2. in

A passive attack makes attempt to collect inforimation

from the system but does no
modify or alter the system data or resources. Eavesdropping or monitoring of informatiou
is example of passive attacks.
The goal of cryptanalyst is to gain the information that is being transmitted.

Scanned by CamScanner
Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-11 Introduction to Cryptography

The two types of

passive attacks are:

Passlve Attacks

1. Release of message contents

2. Traffic analysis

Fig. 1.5.2:Types of passive attacks

1. Release of message contents

Release of message contents attack is

quite simple to understand. When we send a
confidential email to our friend, our aim is
that only intended person should access
this mail. If this mail is accessed by unauthorized users
then contents of message are
released against somewhere else. Such type
of attack is called release of message
Contents.
There are different security mechanisms are available to prevent
such type of attacks.

Darth T Read contents of

message from Bob
1o Alice

FA
Intenet or
other comms taclity
Bob Allce

Fig, 1.5.3 : Release of message contents

For Example
Telephonic conversation between two people, an electronic mail and a file may
contents sensitive information sent/ transfer over insecure channel such as Internet.
We would like to prevent third person from modification of these type of transmission
as shown in Fig. 1.5.3.

The main goal is to prevent the cryptanalyst from learning sensitive and confidential
information through transmissions that take place through telephone calls or email
messages or files transferred on network.

Scanned by CamScanner
 Introduction to Gryptogrank
1-12
(MU-Sem. 6-Comp) Crypt. &
Sys. Securi
Crypt. & Sys. Security

2. Traffic analysis
message using encryption.
contents of the
Suppose we mask the able to capture
the contents of th.
called third person) ismessage.
The Opponent (here it is
information from the
message but not extract the or anv e

pattern messages to get the location,

observe a of
The opponent might
message.
regarding the origin of s.
not involve modification
of
1. Masquerade
to detect, because they. do
Passive attacks are difficult
A masquerade
information.
is in normal fashion and
neither sender nor receiver: generally done
The message sent and received
read message or observed
pattern of messages as shown i It is generally
a
aware that third party has
means of encryption. to a secure netv
Fig. 1.5.4. These attacks can be prevented by
Once attacker
of data or netw

Darth Capture message from

Bob to Alice; later
replay message to Alice

or
C
Internet
other commsfacility
Bob Alice

Fig. 1.5.4': Traffic analysis

The emphasis when dealing with passive attacks is on prevention

rather than
detection.
Such type of attac
(b) Active Attacks 2. Replay Attack (F
Active attacks involve modification of a data stream or It is a netwo
creation of a false stream
messages. Attacker aim in such type
of attack is to corrupt or destroy the data as well a added into va
network itself. Active attacks means information is modified or gets
altered durin: The newly g
transmission between sender and receiver. as replay atta
Active attacks are divided into four categories shown in Fig. 1.5.5. Replay attac
information

Scanned by CamScanner
 ? Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-13 Introduction to Cryptography

Active attacks

Masquerade Replay
Moditication Denlal of
servico (Dos)

Fig. 1.5.5 : Types of Active attacks

1. Masquerade

A masquerade takes place when an attacker

pretends to be an authentic user. It is
generally done to gain access to a system, or
steal important data from system.
It is generally done by stealing login id and password
of authentic user to gain access
to a secure network.
Once attacker gain access, they get full access to
the network for deletion or changing
or
of data network policies of organization as shown in Fig. 1.5.6.

Darth message from Darth

that appears to be
form Bob

or.
Internet
other comms facility
Bob Allce

Fig. 1.5.6: Masquerade attack

Such type of attack involves pretending the user from accessing authorized
information.
2. Replay Attack (Rewrite)

It is a network attack in which original data get modified and new malicious
code
added into valid data, during transmission.

The newly generated malicious code retransmitted again and again to receiver called
as replay attack (Reusing information).

Replay attack involves passive capturing of data and retransmission of subsequent

information in order to create unauthorized effect as shown in Fig. 1.5.7.

Scanned by CamScanner
 Introduction to Cryptography
1-14
(MU-Sem. 6-Comp) Crypt.
Crypt. &
Sys. Security &
Sy

The c

such ty
message from lost.
Darth tI Capture :

Bob to Alice; later

message to Allice Denial of S
roplay 4.

Denial
Internot or Commnu
other comms facilltly
Bob
Allce It is ger
making
Fig. 1.5.7 : Replay attack overloa
for userS
3. Modification of messages
In modification, the original data that has been sent by the authentic user is been
disrupt or modified by the attacker to make it non meaningful for the receiver.
Usually the content sequence is been changed.
Modification is also called replay attack. When contents of message
modified after
sender sends it but before it reaches to indented
recipients, such type of attack is
called modification of message as shown
in Fig. 1.5.8.

Due to in
Darth Darth modifies Because C
message from Bob
to Alice Suresh is
services am
Once Din
nternet or
Bob other comms tacility things :
Allce
Flood
Fig. 1.5.8: Modification overlo
of messages
For Example Block
author
If Bob wants to
transfe amount of Rs.1000/-
into Alice account, during syster
transmission process an this
attacker called Darth capture Differe
the actual amount Rs. the conversation and moditieo
of 1000/- and sends iust Rs.
100/- into Alice account. protec

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp)
1-15 Introduction to Cryptography

The case happed here contents

of message get altercd during transmission
such type of attack called modification, procesS
In this case Integrity of original message
lost. 1s

4. Denial of Service (DoS)

Denial of service attack means
making the nctwork unavailable
communicate securely. for the user to

It is generally done by interrupting in

the network connection between
making some services the users or
unavalable for user or disrupts
overloading with unwanted messages, so the entire network by
that network becomes slow and
for users shown in Fig. 1.5.9. unavailable

Intemet
Suresh

Server

Dinesh

Fig. 1.5,9 : Denial of service

Due to intentional action of Dinesh,

Suresh is unable to access the data from server.
Because of Dinesh intention he denied use or
services of sever to Suresh; even
Suresh is authorized user. DoS attack attempt if
to shut down the network, computer
services and deny the use of resources or
services to authorized users.
Once Dinesh got entire access of network or server
he can do the following
things :

Flood the entire network or server with traffic until

shutdown occurs because of
overload.
Block ongoing traffic which results in a loss of access to
network resources to the
authorized users. Different security policies like firewall, Intrusion
detection
system helps to protect such type of attacks.
Different security policies like firewall, Intrusion detection system
helps to
protect such type of attacks.

Scanned by CamScanner
 Introduction Coyptography

1-16
(MU-Sem. 6-Comp) Crypt.
Crypt. & Sys. Security Attack
2 and Passive
Active Attack
1.5.1 Difference between The O
Passive Attack
S
Active Attack
Sr. is
No. to observe the
Attacker merely needs S
physical control of or
1 Attacker needs to have communication in the media ho

the media or netwvork.

network. C

detected. en
It cannot be easily.
2. It can be casily detected. TI
It does not affect the system.
3. It affects the system.
monitoring of data. se
of data. It involves in
4. It involves in modification

Types of passive attack are Release of

:
Types of active attack are Masquerade,
:

5
replay, denial of service, distributed denial message, traffic analysis.
1.7 Op
of service.
Conside
It does not check for loopholes or It scans the ports and network in search
6

vulnerabilities.
another acro
for loopholes and vulnerabilities.
aspects of tE
7. It is difficult to prevent network from Passive attack can be prevented.
The teC
active attack.
The ori
Syllabus Topic :The 0SI Security Architecture that it i
An add
1.6 The OSI Security Architecture
the mes

ITU-T International Telecommunication The m

Union Telecommunication Standardization messag
Sector X.800 (It is a service
provided by a protocol layer key to
of communicating open systems,
to ensure the enough security
of the system/ organization or A trust
of the data transfer) securily
architecture for OSI(Open
Systems Interconnections) The tru
defines a systematic approach 1or
providing security at each the sen
layer or it is a standard which
provide systematic approach o
defining and providing security The mc
requirements.

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. 6-Comp)
1-17 Introduction to Cryptography

The OSI security architecture focuses

mainly on the following three concepts :
Security Attack : An action that may compromise
the security of the information that
is owned by an organization is called
security attack.
Security Techniques/ Mechanism : Security
mechanism is the process that designed
how to detect, prevent or recover
from a security attack.
Categories of Security Service : A processing or
communicating service that
enhances security of data processing and information
transfers of an organization.
The services are intended to counter security
attacks. The security service can use of
one or more security mechanisms
to provide security. AIl these features
of OSI
security architecture has been discussed
in detail in the following section.
Syllabus Topic : Network Security Model.

1.7 Operational Model for Network Security

Consider a message/ data is to be transferred

from sender to receiver or from one party to
another across internet. During this data
transmission process. it is necessary to protect
security
aspects of this information from an opponent or
attacker.
The technique used to provide security is as follows :
The original message is encrypted with the help a
of key, which scrambles the message so
that it is not readable to any third party.
An additional code can be attached to the encrypted data
which is based on the contents of
the message, which can be used to verify the identity of the sender.
The message is now, transmitting through an insecure channel such as Internet.
The
message when received at the receiver
side is unscrambled either using same or different
key to obtain the original message.

A trusted third party (such as Virtual Private Network) is required

for secure transmission.
The trusted third party is responsible to distribute the private key and secret information to
the sender and receiver while keeping it away from any opponent or
attacker.
The model for security is shown in Fig. 1.7.1.

Scanned by CamScanner
 Introduction to Gryptography
1-18
Crypt. & Sys. Security
(MU-Sem. 6-Comp) cypt. & Sy=

???
Basically
Attacker
text into pl=

3. Encryptiom
Recipient
Secure The proces
Sender Message encryption.
Secure nformation channel message
Message message
Internet Let, P be th
Key
Key we get Cas

Trusted third party (such as

a
VPN)
distribute private keys to principals

Fig. 1.7.1:The model for network seçurity

i.e.
1.8 Basic Terminology in Network Security 4. Decryption
The process
As we are living in information age we need to keep watch on our data or we must aware decryption
about every aspect of our lives. Information/Data of every individuals having same value as as decryptiom
like our personal assets. The main aim of encryption technique is to hide the information/data
from unauthorized users, protection from unauthorized change
Let, C be the
and data should available to Cit results
authorized users as an when required or needed. Before
studying this whole subject one need
to understand the following definitions as
called basic terminology in network security.
1. Plain text
Plaintext is ordinary readable text
before being encrypted into cipher text or
decrypted OR the original message after being i.e.
is known as plain text.
The process
Example of plain text
5. Cryptograp
The book we are writing uses
normal English language so The word
understood the meaning that everybody, should
and concept written in clear text
this book is in readable form. Means the text written In
form called as plaintext. information
2. Ciphertext
The many sc
Cipher text is the output
of encryption performs on plaintext 6. Cryptanaly
algorithms. When plaintext get using suitable techniques and
converted into non-readable The person
modified scheme the resulting form with the help of sou
text is called as message ca
message is known as
cipher text OR the coded or
cipher text. scrambie
message cal

Scanned by CamScanner
hy
Crypt. & Sys. Security
(MU-Sem. 6-Comp)
1-19 Introduction
Basically there are two process to Cryptography

text into plaintext, required to convert

called encryption plaintext into cipher text
and decryption. and cipher
3. Encryption
The process of converting
the plain text message
encryption. to cipher text message
is known as
Let, P be the plaintext,
E is encryption and C is
we get C as shown cipher text. It we perform
in Fig. 1.8.1. encryption on P

Plain text (P) Encryption

Cipher text (C)
E(P)
Fig. 1.8.1 : Encryption
iie. C = EP)
4. Decryption
The process of restoring
the plain text message from
decryption OR process the cipher text message
of converting cipher text message is known as
as decryption. into plaintext message is
called
Let, C be the cipher text,
D is decryption, and
Cit results original plain text P as shown in Fig.P plaintext. If we perform decryption on
is
1.8.2.
Decryption
Cipher text (C)
Plain text (P)
D(C)
Fig. 1.8.2: Decryption
ie. P= D(C)
The process of encryption and decryption are
controlled by cryptographic keys.
5. Cryptography
The word cryptography comes from
the Greek words KPVIIT (hidden or secret)
Y, o n
(writing). Cryptography is the art as and
well as science of secret writing of
information / message and makes
them non-readable.
The many schemes used for encryption constitute
the area of cryptography.
6. Cryptanalyst
The person who studies encryption and decryption methods and finds contents
of hidden
message called as cryptanalyst. The process
of studying methods of breaking ciphertext
message called as cryptanalysis.

Scanned by CamScanner
 Introductionto Gryptograph.
(MU-Sem. 6-Comp) 1-20
Crypt. & Sys. Security crypt. &
Sys. Se
use all possible keys, algorithms and
cryptanalyst attempt to message.
An attacker also called as Known Ple
ciphertext and obtain original plaintext 1.
techniques to break
In this type
7. Cryptology
as cryptology. text.
together is known
The area of
cryptography and cryptanalysis
He will finc
8. Key which type of atta
information or number used in encryption and decryption algorithm
It is the secret will discuss
is known only to the sender and receiver.
2. Ciphertext
1.8.1 Cryptanalysis/ Cryptographic Attacks In this type
algorithms: access to cor
Cryptographic attacks are designed to discover the loopholes in cryptographic
access to a only. Such ty;
these attacks are designed to decrypt data without prior permission and without
key. This is job of Cryptanalysis to find the weakness into the algorithm used for 3. Chosen Plai
encryption and decryption of data and then decipher the data. Before studying different
In this type
attacks against Data Encryption Standard we must know different types of cryptographic
later on find
attack nethods.
called choser
As mentioned above the process of trying to break any cipher text message to obtain the
corresponding plain text message is called cryptanalysis and the person
This attack h
who is attempting
cryptanalysis is called cryptanalyst. attacker to fi
used against
Cryptographic Attack Methods public key.
There are five cryptographic attack methods
that include plaintext-based as well as cipher 4, Chosen ciph
text based attacks.
In this type
Cryptographic Attack matching pla
Methods Such type of
may get the
1. Known Plaintext attack
5. Side channe
2. Cipher text attack
only
In this type
3. Chosen Plaintext attack designed cry
4. Chosen Cipher and keys use
text attack
Cryptanalys
5. Side Channel Attack
perform par
Fig. 1.8.3: Cryptographic channel atta
Attack Methods

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-21 Introduction to Cryptography

1. Known Plaintext attack

In this type of attack cryptanalyst try to access

plain text and its corresponding cipher
text.
He will find is there any correlation
between plain text and cipher text
type of attack is called produced; such
known plain text attack. Example
will discuss in mono-alphabetic of such type of attack we
cipher technique.
2. Ciphertext attack only
In this type of attack cryptanalyst has
only access to cipher text but
access to corrsponding doesn't have
plain text such type of attack is called as
Cipher text attack
only. Such type of attack we will discuss
in Caesar cipher technique.
-3. Chosen Plaintext attack
In this type of attack cryptanalyst can encrypt
plain text of his own choice (guess) and
later on find cipher text obtained from,
corresponding plain text such type
of attack is
called chosen plain text attack.
This attack helps cryptanalyst to find the encryption
key as well. This mapping helps
attacker to find which plain text is encrypted.
This is most ommon attack technique
used against- asymmetric key cryptography,
where a cryptanalyst has access to a
public key.
-> 4. Chosen cipher text attack

In this type of attack cryptanalyst chooses a cipher text

and attempts to find a
matching plaintext.
Such type of attack generally associates with decryption process
because cryptanalyst
may get the temporary access to process.
decryption
Side channel attack

In this type of attack cryptanalyst always try to find out. which technology used to
designed cryptographic algorithms and which are the different software or hardware
and keys used during encryption and decryption process.

Cryptanalyst may find the additional information like CPU usage, time taken to
perform particular task, voltage used and so on. Such type of attack 'is called side
channel attack.

Scanned by CamScanner
 Introductionto Cryptography
1-22
Security (MU-Sem.
6-Comp) Crypt. & Sys. SecL
Crypt. & Sys.
9
Vulnerability Itfocuses o
result in harm to
a
G Threats and may system
an incident that Privacy prog
potential cause
of
a
Threat is
such as log i
organization. or a goup Qf assets that ca,
of an asset (resource)
Vulnerability is a weakness (4) Principles of Sec
exploited by one or more threats. a
destruction of an asset as a result of The three co
damage, or
Risk is potential for loss, integrity of i
exploiting a vulnerability. defi
Privacy
Example: In
a
system that allows weak passwords,
information.
dictionary or exhaustive key attacks
Vulnerability : Password is vulnerable for security depe
to break into the system
Threat : An intruder can exploit the password weakness
prone for illegal access/ modify/ dama:
Risk : The resources within the system are
by the intruder.
1.9 Encryption
Threat agent-entities that would knowingly seek to manifest a threat.

F Difference between Security and Privacy Before discussing

types of cryptography
(1) Definition of Security and Privacy
and asymmetric key c
While both are interlinked terms that are often used
in conjunction with each oth
While one cannot exist without the other, they are
often misappropriated.
Security is the state of personal freedom or
being free from potential threats, where:
privacy refers to the state of being free from
unwanted attention.
(2) Objectives of Security and Privacy
The three main goals of security are
confidentiality, integrity
and availability.
Security means safeguarding your
information assets and
unauthorized access. confidential data fron
It affects both information
security and cyber security. 1.9.1 Symmetric
All security protocols
address at least one
hand, refers to the of the three goals. Privacy, on Symmetric key
rights of individual and the otid
organizations with respect
information. to perso In symmnetric ke
(3) Programs for Security As shown in Fig
and Privacy
cipher text is tra
A security program refers to a
set of protocols and side the cipher te
allthe confidential information regulations set in place to
assets and resources Pro Note that encry
OWns.
that an organization collecis
called as Data
E

Scanned by CamScanner
Cryptography

Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-23

Introduction to Cryptography
systemn
It focuses on the data and
information rather than personal information
of individuals.
Privacy program, on the other
at can be such as log in credentials,
hand, focuses on protecting only
personal information
passwords, etc.
(4) Principles of Security
f a threat and Privacy
The three core principles
of security include protecting
integrity of information assets, confidentiality, preserving
and promoting availability
Privacy defines the rights of data and information.
ks of individual and organizations
information. To some extent, with respect to personal.
cem privacy can be achieved with
security depends on privacy security initiatives and
of credentials and access to data.
damage
Syllabus Topic : Classical
Encryption Techniques
1.9 Encryption Methods

Before discussing concept

types of cryptography of encryption methods we must
? There are two types know which are the different
and asymmetric key cryptography as of cryptography i.e. symmetric key
shown in Fig. 1.9.1. cryptography
other.

Types of cryptography
ereas
1. Symmetric Key Cryptography

2. Asymmetric Key Cryptography

Fig. 1.9.1:Types of cryptograpby

Syllabus Topic : Symmetric

m Cipher Model
1.9.1 Symmetric Key Cryptography

Symmetric key cryptography

also called as secret
key cryptography.
In symmetric key cryptography
a single key is
used for encryption as well as
As shown in Fig. 1.9.2 decryption.
sender encrypt plain text
cipher text is transmitted using shared secret key
through communication and the resultant
side the cipher text is medium such as Internet,
decrypted using same at the receiver
decryption key to obtain
Note that encryption original plain text.
and decryption process uses
called as Data Encryption well known symmetric
Standard (DES). key algorithm

Scanned by CamScanner
 Introduction
Sys. Security (MU-Sem. 6-Comp)
1-24 to Cryptonr

Crypt. &
2 cypt. &

as P = D (K, E(P).
Mathematically it is represented
= plain text, D (K, E(P) = Decryption ofb o Disadva
Where P = Plain Text, E (P) Encryption of
text using shared key K. Once the
(DES), Adys to decryE
For Example Stream and block cipher, Data Encryption Standard
:

Encryption Standard (AES) and BLOFISH. In symm.

Seoret key receiver.
Secret key t
decrypt

1.9.2 Asyr

Transmitted Asymmet
ciphertext
In asym
decryptior
Plaintext
Plaintext
As mentic
Encryption algorithm Decryption algorithm
(e.g. DES) (Reverse of encryption algorithm) that may -
Other is pr
Fig. 1.9.2: Symmetric Cipher Model
messages,
Here the possibility is that if an
attacker/opponent got cipher text It is also
different permutations and combinations ?? He/she may ap:
to decrypt and obtain
the main aim of cryptography came the original plain text. H only its co
is into picture. Always sender message.
different encoding technique on has to think on apply
plain text message and convert
so that attacker cannot
read the actual plain text
it into cipher text mess The sende
easily. signatures,
Symmetric cipher model
convert the plain text message decryption
following techniques. into cipher text by us
cryptosyste
G Advantages of Symmetric Sender
key cryptography (Ramesh)
Symmetric key is A

faster than asymmetric

key cryptography.
Because of single
key data cannot decrypt
by attacker. easily at receiver
side even if it is interceps
As the same key is used
for encryption and decryption
he cannot decrypt receiver must have
it without sender permission. the senders k
Symmetric key achieve
the authentication
principle because Plaintext
DES and AES techniques
are implemented
it checks receivers identiy
using symmetric
System resources are key cryptographby.
less utilized in symmetric
key cryptography.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-25 Introduction to Cryptography

Disadvantages of Symmetric key cryptography

Once the key is stolen while transmitting data
between sender and receiver it is very casy
to decrypt the message as same
key is uscd for encryption and decryption.
In symmetric key cryptography, key is transmitted
first and then message is transfer to the
receiver. If attacker intercepts, the communication
between sender and receiver then he can
decrypt the message before it reaches to intended recipients.

1.9.2 Asymmetric Key Cryptography

Asymmetric key cryptography is also called as public

key cryptography.
In asymmetric key cryptography two keys are used, one
for encryption and other for
decryption.
As mentioned asymmetric key cryptography involves use
of two keys one is public key
that may know to everyone and can be used to encrypt messages,
and verify signatures.
Other is private key known only to the receiver of the message or
verifier, used to decrypt
messages, and sign (create) signatures.

It is also called as asymmetric key cryptography because one key

is used for encryption
only its corresponding key must be used for decryption. No
other key can decrypt the
message.
The sender and receiver can encrypt messages using encryption
key (public) or verify
signatures, he cannot decrypt messages or create signatures because
he- required
decryption key (private) which is known only to the receiver of the message. Public
key
cryptosystem /asymmetric key cryptography as shown in Fig. 1.9.3.
Sender
Receiver
(Ramesh)
(Suresh)

Encryption using
RSA algorithm Decryption algorithm

Intermet

Plaintext Ciphertext Ciphertext Plaintext

Encryption Decryption
using B's using B's
public key private key
Fig. 1.9.3: Asymmetric Key Cryptography

Scanned by CamScanner
 Introduction to Cnypiogrephy

6-Comp)
1-26
Crypt. & Sys. Security (MU-Sem. 4 Crypt. & S

as P = D(Kd, E
(Ke,P))
represented s
Mathematically it is Decryption, Ke Encrypi
= Encryption
of plain
text, D= Public ke
Text, E (P)
Where
P= Plain claimed
key, Kd = Decryption Key. Suresh then th
communicate withthe receiver informati
Ramesh wants to communi. sender an
For example, sender
and public key then and then
each one of this i.e. private key denying a
must have
will be successful. know
Ramesh and Suresh must Principles
possible pair of keys that
Table 1.9.1 shows the understan
communicating with each other. Hellman
Table 1.9.1 : Pair of private and
public keys
For Exar
Should know
Key Details Ramesh(A) should knowSuresh (B) algorithm.

Ramesh Private Key (A) Yes A must know Not known to B Advantage

Ramesh Public Key(A) Yes A must know Yes it is known to Suresh also In Asymm
both have
Suresh private key (B) Not known to Ramesh (A) Yes Suresh (B) must know
data over iL
Suresh public key (B) Yes known to Ramesh (A) Yes Suresh (B) also known it The main =

Following-are the possible cases of public key cryptography as per the table mention
for used er
above. cannot dec
RSA algor
Case 1
cryptograp
1 When Ramesh wants to send a message to Suresh. Ramesh can encrypt
the message us Easy to use
Suresh public key. This is possible because Ramesh and Suresh
knows the public key.
2 Ramesh can send this message to Suresh (Keep in mind this Disadvant=
it is encrypted using Surs
public key). Because of
3 Suresh can decrypt the Ramesh message transmissic
by using Suresh own private key. Because o
Suresh knows his private key Ramesh key crypto
is not aware about Suresh private
key.
4. It is important to note that the message of data).
only decrypted using Suresh private
nothing else. key Asymmetr
cryptograp
Case 2

If Suresh wants to send the message to Ramesh, then reverse

the above case 1. Suresu
encrypt the message only with Ramesh public
key. The reason only Ramesh can deu
the message to obtain its original plain text format
using his private key.

Scanned by CamScanner
| Crypt. & Sys. Security (MU-Sem. 6-Comp)
1-27 Introduction to Cryptography

Public key cryptography achieves authentication

(authentication helps to identify the
claimed identity of an entity, such as username
password or any other important
information such as encryption or
decryption keys stolen during transmission
sender and receiver) and non-repudiation between
(it prevents cither sender or
receiver from
denying a transmitted message).
Principles of public key cryptography
also include mathematical background to
understand the use of key pairs in
algorithms like Rivest Shamir Adlman
(RSA) and Diffie
Hellman Algorithm.
For Example : Rivest Shamir Adlman (RSA) and
Diffie Hellman key exchange
algorithm.

o Advantages of Asymmetric key cryptography

In Asymmetric key cryptography, key cannot be distribute among

sender and receiver as
both have their own key, so there is no problem
of key distribution while transmitting the
data over insecure channel.
The main advantage of asymmetric key cryptography is
that two separate keys are used
for used encryption and decryption; even if encryption key is
stolen by attacker he/ she
cannot decrypt the message as decryption key is only available
with receiver only.
RSA algorithm and Diffie Hellman key exchange are
implemented using asymmetric key
cryptography.
Easy to use for user and scalable does not require much administrative work.

Disadvantages of Asymmetric key cryptography

Because of different key used between sender and receiver require more
time to get the
transmission done as compare to symmetric key cryptography. (Slower that symmetric
key cryptography very few asymmetric encryption methods achieve the fast transmision
of data).
Asymmetric key cryptography utilizes more resource as compare to symmetric key
cryptography.

Scanned by CamScanner
 Securi
Sys.
Crypt. &
Introduction to Cyptograph Ciphe
1-28
Block
6-Comp 1.10
Crypt. & Sys. Socurity
(MU-Som. Gryptography cryptog
Asymmetrlc Key Basically an
Symmetric and cipher
Diference betwoen Asymmetric Key
Cryptography Stream
I.3.3 algorithm.
Cryptography
Sr
Symmetrle Key
Block
cipher pri
cryptography two
No. In asymmetric key and shown in
Fig. 1.1
cryptography single or one is tor encryption
1 In Symmetric key keys are used,
same key is used for encryption
and decryption.
other is for
decryption. is also
Asymmetric key cryptography
cryptography is also called cryptography or
2.
Symmetric key called as public key
as secret key cryptography
or private key system.
conventional cryptographic
cryptography. as
Mathematically it represented
3 Mathematically it is represented as
P= D(K, E (Ke,P)), 1.10.1 Stream CL
P=D (K, E(P). are encryption and
Where Ke and Kd
Where K is encryption and decryption In stream ciph
decryption key.
bit at a time,
key.
D = Decryption
P=plain text, accepting onl
E(Ke, P) = Encryption of plain text
D= Decryption One time pad
using private key Ke.
E(P) = Encryption of plain text XOR with ea
Because of two different key used on varying tin
4. Symmetric key is faster than asymmetric
key cryptography. asymmetric key is slower than
asymmetric key cryptography.

5 For encryption of large message In asymmetric key cryptography plain

symmetric key cryptography still play'an text and cipher text treated as integer
important role. numbers.

6 Symmetric key cryptography utilizes less Asymmetric key cryptography utilizes

resource as compare to asymmetric key more resource as compare to symmetric
cryptography. key cryptography.
There is
7. For Example : AES, DES and For Examnple RSA, Diffie Hellman
:
with a stre
BLOWFISH Key exchange algorithm. C1, C2,C3,

Scanned by CamScanner
 6-Comp) 1-29 Introduction to Cryptography
(MU-Sem.
Security
Crypt. & Sys.
Principles
Cipher
1.10
Block
is used for transformation of plaintext into cipheiext.
cryptographic algorithm
Basically cipher are main method of encrypting text using key and
and Block
Stream cipher
algorithm. explained on the basis of two different algorithm types
principles are
as

Block cipher
1.10.1.
shown in Fig.
Algorithm types

1. Stream Cipher

2. Block Cipher

Fig. 1.10.1:Algorithm types /Block Cipher

Principles

1.10.1 Stream Cipher

In stream cipher keys and algorithms are applied to each binary digit in a data stream, one
stream cipher operates on plaintext
bit at a time, rather than encrypting block of data (a
accepting only one bit at a time).
each bit of plaintext message
One time pad is the best example of stream cipher in which
XOR with each bit of key to obtain cipher text
message. It is a symmetric cipher operates
on varying time transformation individually on each bit. This is shown in
Fig. 1.10.2.
Decryption
Encryption
keystream
keystream generator k
generator

Fig. 1.10.2: Stream Cipher

a
keystream generator which outouts stream of bits k, k
:
KgK AOK
ere is a
stream of cipneret bis
C1, C2,C3,..
Wn a stream of plaintext bits, p,. Da, Da... D. to produce the
C, Broadly it can represented as shown below
...(1.10.1)
k
G=P,

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Introduction to Cyptography
1-30

During decryption, the cipher text bits are XOR with a same key stream to recover
the
plaintext bits. 1.1
P, = k,
..(1.10.2)
The stream cipher security depends on the simple XOR and one tme pad. lI the key
stream output is random that, it will take harder time for a cryptanalyst to break it
However if it will
keep on repeating same stream bits then it can result an attack on the
cryptosystem.
For example : Suppose we have plaintext as pay 100 in ASCII (i.e. text format). When it
is converted to binary values 1let us take that it is translating as
010111001 (hypothetically)
also applying XOR logic in encryption
algorithm. We can see effect as,
In text format In binary format
Pay 100 010111001 Plaintext
100101011 XOR operation with the key
ZTU91^%D 11010010 Cipher text
XOR Logic is shown in table below

Input 1
Input 2 Output

0
11
1

1
1
0
Rather than divide bit stream
into discrete blocks stream
into ciphertext message by encrypting one cipher convert plaintext messag:
bit at a time. At receiver side use same
XOR logic to extract plaintext message. key and
A known plaintext attack can
cipher because if two messages are succeed against a stream
encrypted with the same keystream,
ciphertexts will remove the XORing the tvo
keys and result in the XOR
of the plaintexts.
C1 C2 =
(p1 k) (p2 k)
= (pl p2) (k, k)
= pl p2) 00..0
C1 C2 = (p1p2)

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-31 Introduction to Cryptography

1.10.2 Block Cipher

Block Cipher break plain text message into fixed blocks

and encrypt cach block with corae
key size (fixed). Divide cach plaintext message
into block of 64, 128, 256 bits and apply
common key size 40, 56,
64, 80, 128, 168, 192 and 256 bits
which generate cipher text
message same as
size of plaintext block or as per size
of plaintext message.
Fig. 1.10.3 shows encryption
of 64-bit plaintext using block cipher with
56-bit key.

64- bits64- Plaintext

bits 64- bits 64-bits block of 64- bit
each

Common key size

40,56,84,1 28,256 bits Block cipher Key
56- bit

E
e -
54- bits bits 64 - bits 64- bits Ciphertext
block of 64 - bit
each
Fig. 1.10.3: Block cipher
Block cipher is main method of encrypting
text in which keys and algorithm are
block of data rather that individual applied to
bits like stream cipher. Data Encryption
(DES) is the best example of block Standard
cipher in which each block of 64-bit get
using 56-bit key and cipher text of 64-bit encrypted
get generated.
At receiver side decrypt message
with same key to generate plaintext.
Like in stream cipher, block cipher also uses
the concept of key generator. Block
are used in Chaining cipher
mode, this is because for repeating text pattern,
the same cipher
block will be generated which can give
clue to cryptanalyst regarding what is the original
plaintext hence chaining mode is used for
block ciphers. We will discuss concept of
chaining mode in block cipher modes
of operation.
As in chaining method, previous block is
mixed with current block to avoid repeats in
patterns. Block cipher is little time consuming
but secure than stream cipher so generally
used in computer based cryptographic algorithms. Stream
cipher is faster than block
cipher.

Scanned by CamScanner
 Introduction to Gryptography
6-Comp) 1-32
Grypt. & Sys. Security(MU-Sem.

Block Cipher
1.10.3 Differentiate between Stream and (MU - Dec. 16)

- stream ciphers. It
Q. 1.10.1 Compare and contrast Block and
Dec. 16, 5 Marks cha
(Ref. sec. 1.10.3) tex
Block Cipher a c.
Sr. No. Stream Cipher
method of
Block cipher is main
1. Instream cipher keys and and
algorithms are applied to each
encrypting text in which keys
binary digit in a data stream,
one bit algorithm are applied to block of data
stream Da
at a time, rather than encrypting rather that individual bits like
block of data. cipher. 2.

2
Stream cipher is less time Block cipher is more time consuming. Ea
consuming. do

3 Because of one bit encrypting at a As block of data is encrypting at a time

time, stream cipher is faster than block cipher is slower than stream
block cipher. cipher. For Ex
4
Stream Cipher doesn't used in Block is used in chaining modes of Su
chaining modes of operation. operation. cip

Hardware implementation is easy we

Software implementation is easy using
5

using stream cipher. block cipher. co

Of
6
One Time Pad the best example Data Encryption Standard (DES) is the
th
of stream cipher. best example of block cipher. Sin

1.10.4 Confusion and Diffusion 1.10.4

Claude Shannon introduced two properties of
operation of secure cipher. ST.

Properties of operation No.

of secure cipher
1.
1. Diffusion

2.
2. Confusion

Fig, 1.10.4 : Properties of operation of secure

cipher

Scanned by CamScanner
?Crypt. & Sys. Security (MU-Sem. 6-Comp)
1-33 Introduction to Cryptography

1. Diffusion

It means any of the character in plaintext is changed.

then simultaneously several
characters of the cipher text should also be changed.
Similarly if the character of cipher
text is changed then simultaneously several
characters of plaintext should be changed. It is
a classical transposition
cipher.
"Diffusion" = Transposition or Permutation
abcd dacb

Data Encryption Standard is the best example

of diffusion.
>2. Confusion

Each character of cipher text depends on different part

of the key. In confusion the key
does not directly related to cipher text. It is a classical
substitution cipher.
"Confusion'" = Substitution
a b Caesar cipher
For Example
Suppose we have a FHill cipher with an matrix n × n, and suppose we
have a plaintext
ciphertext pair of length n with which we are able to solve
for the encryption matrix. If
we change one character of the ciphertext, one
column of the matrix can change
completely.
Of course, it would be more desirable to have the entire key change. When a
situation like
that happens, the cryptanalyst would probably need to solve for
the entire key
simultaneously, rather than piece by piece.

1.10.4(A) Difference between Confusion and Diffusion

Sr. Confusion Diffusion

No.

1 Confusion obscures the relationship Diffusion spreads the plaintext statistics

between the plaintext and ciphertext. through the ciphertext.
2. A one-time pad relies entirely on A double transposition is the classic
confusion while a simple substitution example of a diffusion-only
cipher is another (weak) example of a cryptosystem.
confusion-only cryptosystem.

Scanned by CamScanner
 Introduction to GryYptography

(MU-Sem. 6-Comp) 1-34

Crypt. & Sys. Security
Diffusion
Confusion
Sr.
No. not enough
"enough". Diffusion alone is, perhaps,
Confusion alone is, apparently, small blocks,A
3
provably secure. at least using relatively version
sincethe one-time pad is stream cipher is simply a weaker
pad.
of a one-time
any
systems Well-designed block ciphers spread
The codebook aspects of such block, thus
local statistics throughout the
4
to though
provide confusion analogous
a simple employing the principle of diffusion. Fo
on a much grander scale
substitution.

Syllabus Topic Mono-alphabetic and Poly-alphabetic

: Substitution Techniques

1.11 Substitution Cipher Techniques alp

(MU - Dec. 15)

Q.1.11.:1 Define the following with example Substitution cipher.

(Ret. sec. 1.11) Dec. 15,2 Marks
A substitution is a technique in which each letter or bit
of the plaintext is substituted or
replaced by some other letter, number or symbol to produce ciphertext. Substitution mean
replacing an alphabet of plaintext with an alphabet of ciphertext. Substitution technique als
called confusion. The best example of substitution cipher is Caesar cipher invented by Julius
Caesar.
Substitution Cipher techniques are as follows :

Substitution Cipher
techniques

1. Caesar Cipher

2. Monoalphabetic Cipher

3. Polyalphabetic Cipher

4. Playfair Cipher

5. One Time Pad (Vernam Cipher)

6. Hill Cipher

Fig. 1.11.1: Substitution Cipher techniques

Scanned by CamScanner
1.11.1 Caesar Clpher

Julius Caesar introduced the easiest and the simplest use of substitution cipher.
In Caesar cipher technique cach letter is replaced by the letter /alphabet which is three
places next to that letter which is to be substituted. Or In Caesar cipher technique, each
alphabet of a plaintext is replaced with another alphabet but three places down the line as.
mentioned in table below.
For example

Plaintext: Sun rises in the East

Ciphertext: VXQULVHVLQWKHHDVW
Following is the list of possible combination showing the letters 3 places down of each
:
alphabet

Plaintext a bc de f gh i j k L
m n o pqr st u v w x
y z

CiphertextD E
FGH IJ KL MNOP QRSTU VWXY Z
AB C

:
The corresponding number equivalent to each alphabet is given below

a bc d e f g
hi j k 1
m
P 4 r s t 11 W X y z

l0 1
2,3 4 5
678 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Mathematically the Caesar cipher algorithm can be expressed as

C = E(3,P) = (P +3)mod 26

P= D(3,C) = (C--3)mod 26

Where C = Ciphertext/ or alphabet

P= Plaintext/ alphabet

E = Encryption
D = Decryption

Mod 26 because in English there are total 26 alphabets.

Scanned by CamScanner
 Introduction to Cryptograns.
(MU-Sem. 6-Comp) 1-36
Crypt. & Sys. Security crypt. &S
message with the heln..
It isvery easy to break ciphertext obtained from plaintext Plaintext
only 25 possible keys to decrypt
Bute-Force attack because the attacker will be having
Cipherte
ciphertext.
are: Ciphertex
Further some more characteristics which lead to casy brute force attacks
Caesar ci
1 The encryption and decryption algorithms are known.
For example,
2. Only 25 possible keys.
3. And plaintext language is easy to recognize with few repetition of alphabet having sarme A can be

ciphertext letter. B can be

Brute-Force-attack Such type

brute-force at
A brute - force - attack means trying every possible key on a piece of ciphertext until an
pattern.
intelligible translation into plaintext is obtained. We can create more complex cipher text from
given plaintext with the help of another substitution technique called monoalphabetic cipher to 1.11.3 Polya
prevent brute-force-attack.

Q. 1.11.2 D
1.11.2 Monoalphabetic Cipher

In Caesar cipher the attacker can easily guess the plaintext as it is easily recognizable. In

Monoalphabetic cipher substitutes one letter of the alphabet with any random letter
As in m
fro monoalphabet
the alphabet.
polyalphabetic
It is not necessary that if A is substituted with B then compulsorily B has to be substituted
systematically=
with C. It can be replaced with any other letter of the alphabet. The only weakness this
in
algorithm is that if more repetition occurs then attacker can easily guess 1.11.3(A) F
the plaintext.
This random substitution is just done to have
uniqueness. 1. Pick a ke
2
In this the substitution of characters are random permutation Write yo
of the 26 letters of ie
alphabet. times as L

For example
3
For each
would go
Following is the substitution that we are taking: below.

Plaintext nopq
la bc defgh r.st uv wX
m
i k I y Z

Cipher-texte o unafp q x dgksy I JD

vbm wlc zit

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
1-37 Introduction to Cryptography

Plaintext: East or West

Ciphertext : aesy xk taay
Ciphertext obtain with this technique
yields completely different text as compare
to
Caesar cipher. In this method, cach
letter provides multiple substitutes for a
single letter.
For example,

A can be replaced by : d, r, y
j,
B can be replaced by : h, u, m,
p etc.
Such type of large key space makes
this cipher technique extremely dífficult to
brute-force attack. But this can make break by
the cryptanalysis attacker straight
forward to guess the
pattern.

1.11.3 Polyalphabetic Cipher

> (MU - Dec. 15)

Q. 1.11.2 Define the foilowing with example Poly-alphabetic cipher.
(Ref. sec, 1.11.3)
Dec. 15, 2 Marks
As in monoalphabetic cipher we use
only one fixed alphabet, but draw
back in
monoalphabetic is these are fairly easy to
break. So to make it harder to break,
the concept of
polyalphabetic cipher arises which uses more
than one alphabet and switching between them
systematically.

1.11.3(A) Procedure of Polyalphabetic

Cipher
1. Picka keyword (for our example, the keyword will be "MEC" as
shown in Example 1).
2. Write your keyword across the top of the text you want to
encipher, repeating it as many
times as necessary.
3
For each plain text letter, look at the letter of the keyword above
it (if it was 'M, then you
Would go to the row that starts with an 'M"), and find that row
in the Vigenere table given
below.

Scanned by CamScanner
 Introduction to Cptograph
1-38 Crypt. & S
crypt. & Sys. Security (MU-Sem. 6-Comp)
y
U
V wX
ROW MNo JoP P a RST V
WX YZA 1.11.3(B) D
A B C
DE F G H K
KL MIN
L
QRS TU A B

B C D E F
GH M N o P Q R S
U V

W)X
WX
Y
YZ Z A B C

C D F G H
K T U V

EF H
K L
MIN
o P Q

RS W[X
Y

ZA JBC C D
Q. 1.11.3
G
| U V
F G H J K L
M Io
R

ST Z A B D B

P Q R B C D E F
T
UV WX Y
5
F G

H|LJKL M NO w X Y2 A U
V
J
KL MN
o P o R

ST A JB
C E F G D

9H
KLM
N O P o

RsT Tu Uv W (XWX ZJA V

BC DEFG
H H
|
8 |J K LM NO
P o R s
Y G H Sr. No.
T U V wX y Z A
B C D E
9 J KL
M

No P aR |S Hy Z A C D E F G Po
o X
W

10 KL
M N
P RSQ T U V G H
K 1.
A B
F
L M N O

P RS T U V wX YZ F G H

JKL ha
12
M N O P
a RSTU V
WIX
IYZA BC DE F G
H | KL M
13 NOPa RS T U V
wX Y Z
BC A D
M N

|o PQRSTU
V
WX YZ A
B C D
G H

KL M N O
2 M
15 JP T U V Q R S

Wx YZ A BC DE F G H |KL M N Su
KL
G H

IYZ JB BC DEF
T U V W X A
16
QRS
JR
S T U Vw X
YZ A c D EF G H JK LM JN O P Q
In
s T U
WX YZ A BC
V D E
F G H
K
L M N O P 0 R 3
T
EFG U V
WX Y Z JA B C D
H J K
LM N O P @
RS
20 UV wKYZ BCD EF A G H
KLMNo P Q R S T

fr
21 WX YZ B C DEF G H |
V A J K L
M N o P
Q RST U
22 w X Y Z A BC EF GHKL D
MNO PQ R s T U V e
ZA BCDEF G H
X
KL Y N P
QRS TUV w
M O
23
24 Y2 EF 9.KL A B C D G H

NOPRSUV
M
WX
c
4
Ir
Z B
FGHKL MNOP QRSTUVWxY
A D E
25

4. Then find the column of your plaintext letter (for example, 'w', so
the twenty-t
column).
5. P
5. Finally, trace down that column until you reach the row you found
before and write dr
the letter in the cell where they intersect (in this case, you
find an 'I there). Repeat t
same till you will convert
all plain text messages into ciphertext.
Example 1

Keyword 1.11.4 P.
MECMECMECMECMEGMECMECM
Plaintextt 1114
weneedmoresuppliesfast
Ciphertext It was i
IIPQIFYSTQWWBTNUIUREUF Playfai
Thus, the plain text message "We need more supplies m

fast!" comes out :

lt is
IIPQIFYSTQWWBTNUIUREUF of the
decryp
For ex

Scanned by CamScanner
ography
Crypt. & Sys. Security (MU-Sem. 6-Comp) Introduction to Cryptography
1-39

1.11.3(B) Difference between Polyalphabetic and Monoalphabetic

(MU - Dec. 17)
and
Q. 1.11.3 Withthe help of examples compare and contrast. mono-alphabetíc ciphers
Dec. 17, 5 Marks
poly-alphabetic ciphers? (Ref, seo. 111.3B))

Polyalphabetic Cipher Monoalphabetic Cipher

Sr. No.
1. Polyalphabetic cipher is more secure and Monoalphabetic cipher are not very
hard to be broken. secure and can be easily broken.

2 More than one alphabet is used for One fixed single alphabet is used for
substitution. substitution.

3 In a polyalphabetic cipher, the Inmonoalphabetic, the same

substitution rule changes continuously
from letter to letter according to the
elements of the encryption key.
4 In polyalphabetic for particular alphabet,
different substitution can be done using
Vignere table.
wenty-thid
5. Polyalphabetic cipher includes, Playfair
cipher, Vigenere, Hill cipher, one-time
vrite dow
pad etc.
Repeat th
substitution rule is used for each
substitution.
In monoalphabetic, for a particular
alphabet, only one substitution can be
used.
Monoalphabetic cipher includes
additive, multiplicative, and
monoalphabetic substitution cipher.

Syllabus Topic : Playfair Cipher

1.11.4 Playfalr Cipher

Q.1.11.4 Write a short note on Playfair cipher. (Ref. sec. 1.11.4)

It was invented by Charles Wheatstone in 1854
but known by name Playfair because Lord
Playfair made this technique popular. was
It used by Britisher in World War 1,
It is multiple letter encryption technique,
which uses5x5 Matrix table to store
of the phrase given for encryption the letters
which latter on becomes
decryption.
key for encryption and

For example : Keyword is FAIR EXAMPLE.

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem.
6-Comp) lotroduction Crypt. & S
1-40 to Cryptographu
In the first step all letters are to
are already been be filled in that matrix from
placed is not be placed again
left to right, the letters whick
For Example
in that matrix. C
After filling up of the given
letter. fillrest of the space 1.
For pair
letters alphabetically in the matrix with the remainin
no
with repetitions. The par C
The letters I and J will be considered row letter
as one letter. So
place J in rest the If Iis already placed then no need to
of matrix.
The letters which are already
written/ mentioned need not
matrix. to be placing that
letter in given
For in given example A and are
E already mentioned in matrix so
write that letter again it is not mandatory to
in the given matrix.
Table 1,11.1
So CY will
F A
R
< E Checking
2 f
X M column.
L B
C ao
D G H K
N
T
U W Y
Encryption using Table 1.11.1
keyword matrix
1. The plaintext received is to be broken
in pair of two letters.
2. For example CYBER can be BE will be e
broken into CY BE R(X).
3 Checking for
If both letters are same or only one letter is left then
put X with that alphabet.
4., If both pair alphabet appears in same row
replace the letter with the immediate right
alphabet (wrapping around to the left side
of the row if a letter the original pair was on
the right side of the row).
5. If both letters appear in same column replace it with alphabet immediate below to that
letter (wrapping around to the top side of the column if a letter
in the original pair was on
the bottom side of the column).
Thepair
6
none of the condition explained above meet, then replace them with the letters on the letter
RX
same row respectively but at the other pair of corners of the rectangle defined by the butopp
R(X)
willbe
original pair.

Scanned by CamScanner
 Cryptography
Introduction to
Crypt. &
Sys. Security (MU-Sem. 6-Comp) 1-41

can be encrypted as : CY BE R(X)

For Example: The plaintext CYBER
SO We
see step 6.

CY we
check that CY does not occur in same row or
column
For pair same
1.
pair forms
rectangle, pick
a

The pair forms a rectangle, replace it

CY with HU. If
corners.
row letter but opposite
A I R

X| M P B

|z D G K

S T

VW YZ
encrypt as HU.
So CY will immediate next in that
so replace it with
Checking for BE both are in same column
2.

column.
F|A I R

X| MP LB
H

D G

ST
VWYZ
to E is B).
BE willbe encrypted as KB (Below

Checking for R(X)

FA I RE
X M P L|B

D G H K

S T
NO Q
V wYZ
FL. If pair formsa rectange, pick same row
Ine pair RX forms a rectangle, replace it with
letter but opposite cormers.

R(X) will be encrypted as FL.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Introduction to Cryptography
1-42

Solved Examples on Play fair cipher

6
Ex. 1.11.1 MU - Dec. 15, 5 Marks
Encrypt "The key is hidden under the door using Playtair cipher with keyword "domestic'.
Soln. : 7.

Keyword- domestic
Keyword is domestic.
In the first step all letters are to be filled in 5x5 matrix from left to right, the letters which
are already been placed is not
be placed again in that matrix.
After filling up of the given letter, fill rest of the space in the matrix with
the remaining
letters alphabetically with no repetitions.
The letters I andJwill be considered as one letter. So If I is already placed
then no need to
place J in rest of the matrix.

es
t b

f h k 1

X y z
By using Playfair Cipher (Use following steps to. encrypt given word or message) we
want to encrypt the plain text message "The key is hidden under the door" using keyword
domestic.
1. The plaintext received is to be broken in pair of two letters, if duplicate letter put x
2. Th, ek, ey, is, hi, dx, de, nu, nd, er, th, ed, ox, or
Ex. 1.11
Is playfa
alphabet.
3. Ifboth letters are same or only one letter is left then put X with that "moonm
righ
alphabet appears in same row replace the letter with the immediate Soln, :
4. If both pair row a letter in the original pair wa
to left side of the if
alphabet (wrapping around the ls playte
on the right side of the row).
below to Play
appear same column replace it with alphabet immediate
5. If both letters in
the original
par text
column if a letter in
top side of the lette
letter (wrapping around to the
column).
on the bottom side of the

Scanned by CamScanner
Cypioraphy

Crypt. & Sys. Security

(MU-Sem. 6-Comp)
1-43
Introduction to Cryptography
6. If none of the condition cxplained
above meet. then replace
estic the same row respectively them with the letters ou
at
but the other pair of corners
the original pair. of the rectangle defined Dy
7 Refer above matrix for
the samne.
th Step 6 cf
tters which ek Step 5 ar
ey - Step 5 ae

remaining is Step 6 bo
hi Step 6 gc
no need to dx Step 6 my

de Step 4 os

nu Step 4 pn
nd Step 5 vt
er ay
Step5
th Step6 cf
ed Step 4 so

age) we
OX Step 6- mw
or
zeyword Step6 ep
The plain text message
"The key is hidden under
the door" encrypted as :
ut x cf, ar, ae, bo, gc, mnv, os, pn,
vt, ay, c, so, mw, ep.
Ex. 1.11.2
playfair cipher
monoalphabetic cipher
"moonmission" ? Justify. Construct a playfair matrix with
and encrypt the message the key
e
right "greet".
Soln.:
ir was
ls playfalr cipher
monoalphabetic
cipher
o that layfair cipher is not technically
mono-alphabetic. Monoalphabetic
ICxt
leer mapped with ciphertext means that
letter pairs letter and playfair is a each plain
to two letter digraph substitution - maps
pairs. it two

Scanned by CamScanner
 Crypt. &
Sys. Security
(MU-Sem.6-Comp)
1-44 Introduction
For
playfair, to Cryptogranhy
the order is unchanged,
looking digraph. we just
It is a substitution substitute common diagraphs
cipher. for randomiz,
It uses pre-arranged
key. So playfair Ex. 1

Construct a playfair is a private key

cryptosystem.
matrix with the Use
"greet'. kev 4moonmission'"
Soln.
Use 5
and encrypt the messags
X5 matrix

m
ni
a cd
f h |k

V W
Xy Z
The message is greet" Th
divide the latter's
into set of two characters.
Message greet : gr ex Me
et
Ciphertext is : hq, cz,
du
Ex. 1.11.3 Cip

Ex. 1.11.
Construct a playfair matrix
with the key "occurrence". Using pla
"tall tress". Generate the cipher text for
plain text
: Soln.:
Soln.
Draw
Draw matrix 5 x5

C Ie
h
df
i/i |kI
St

V wXyz
The mE
The message is "Tall trees" divide the latter's into the set of two character.
Massag
Massage Tall trees: Ta lx It es re

Ciphertext is pf, ijz, tz, eo, t Thecip

Scanned by CamScanner
ion
toCypiography
hsforrandomize
Crypt. & Sys. Security
(MU-Sem.
6-Comp)
Ex. 1.11.4 1-45
Introduction to Cryptography
ot the message Use playfair
algorithm with
:
key "monarchy"
Soln. and encrypt tho toxt
"jazz".
Draw matrix 5
x5

monar
hy d
f
g|ij| k
P9
The message wX
is "Jazz"divide
the latter's in
Message: Jazz thé set of two characters.

ja zx, zx
Ciphertext : sb, uz, uz
Ex. 1.11.5
Using playfair
plain text cipher encrypt the
plaintext "Why,
Soln. : don't you?". Use
the key "keyword".
Draw matrix
5x 5

d b C
f gh

p S

The message
is "why, don't, you
Massage :
Why, don't, you
?" divide the latter's
in to the set of
? two charactet.
Wh, yd,on,
Theciphertext 'ty, ou
: yij, ea, es,
vk, ez.

Scanned by CamScanner
 Crypt. & Sys. Security
(MU-Sem. 6-Comp) 1-46 Introduction to Cyptograply
crypt.
Ex. 1.11.6
a
Use Play
fair cipherto encrypt The
key APPLE. the following message This is a
columnar transposition.
1
:
Soln.
2.
The key used is APPLE so
put it into 5 x 5 matrix. 3
Draw matrix 5
x5 4.

A 5.
For I

C G H

IJ K M N
R T U

WX YZ
The plain text message is "This is a
columnar transposition" divide the
of
two.character. latter's in to the set
Message : This is a columnar
transposition'"
Now break the message "This is a
columnar transposition" into
each. So message will look pairs of two alphabets
like as given
So
THIS IS AC OL UM NART RANS PO SI TI ON
For ex
By using play fair cipher the cipher text obtained
is given below:
T
UG M M CI MB SO IE SUOP MT BK
QM QN A

1.11.5 One Time Pad (Vernam Cipher) in

tr
One time pad invented by Vernam called as Vernam cipher that improves re
the security
over substitution and transposition
techniques.
The one time pad technique uses a random key of the same length of the message (as long
as the message), so that the key is not repeated. The case happens here is sender is a

generating new key for every new message while sending the message to the receiver
called as one-time pad. The key is used to encrypt and decrypt a single message.

Each new message requires a new key of the same length as the new message. This
method is unbreakable. It produces random output with no relationship to the plaintext.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem, 6-Comp) Introduction to Cryptography
1-47

The algorithm used are as follows

:

1. Each alphabet will be treated as number following a = 0,

b= 1...and so on.
2, Do the same for the key used for cncrypting.
3. Add both the key numbers and plaintext numbers.

4 If the sum is greater than 26 (0 to 25), then subtract it from 26,

5 Then the result number is to be translated into alphabets again.

For Example plain text message is How Are You.

Plaintext H WA R Y

7 14 | 22 0 17 4 24| 14 20

Key C b a X

13 2 19 5
16 |0 1723

Total 20 16 23 1942| 20 24 31 43

Subtract 26 if >26 (0 to 25)-20 16| 23 | 19 16| 20 24 5 17

Ciphertext QXT Y F R

So the ciphertext obtained for the plain text how are you is uqxtquyfr

For example

The best example of one time pad is recharge voucher of any mobile company.
All recharge voucher having different key or code imprinted on it. Once that code entered
into mobile, customer will get talk time according to the voucher cost. If another customer
trying to use same code of voucher he/she get recharge failure message. The company is
new and
regenerating all keys or code in such a way that every recharge voucher having
unique code on it called one-time pad.

Another example of one time pad is license software or license copy of operating system
users ?
and antivirus having few keys available accordingg to license. If license key is of 50

Only 50 users can activate their software after 50 users the

new user has to buy the new

software along with new key. Once the key has been used nobody can use same key for

activation.

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem.
6-Comp)
1-48 Introduction to
Vernam Cipher yptograhy
has two disadvantages & S
1. Large : Crypt.
random key cannot
be created.
2 Key distribution Where,
and generation keys can
3. In terms
of be problematic.
of cryptography it is not
póssible to implement one C and P
because generating new timc pad commercially encryptio
key every time for sending
complete transmission a ncw message
process. took more time to
Ke
Syllabus Topic : HII Cipher
1.11.6 HillCipher Using the

Q.1.11.5 Write follow.

short note on: Hill
Cipher. (Ref. Sec.1.11.6)
We can work on multiple
letters at the same
time using hill cipher.
Hill cipher techniques were
developed by the mathematician
When we use encryption lester hill in 1929.
algorithm we take the m
substitutes them in m successive plaintext
letters and
cipher text latter.
Hillcipher is a polygraphic
substitution cipher based on
linear algebra.
Each letter is represented
by a number modulo
(A = 0, B= 1, C=2, 26. Often
....Z= 25) is used, but this is not an essential the simple scheme
To encrypt a plaintext message, feature of the cipher. For the
each block of m letters (considered as
vector) is multiplied by an an m-component
invertible m x m matrix, against When y
modulus 26.To decrypt
plaintext message, each block is the
multiplied by the inverse matrix
encryption. of the matrix used for
The technique can be described as Using t
following way:
Ciphert
Ci = (K, P + Kp Pp + K3 Pi,) mod 26
= (K, Plaintex
Ci2 P + Ky P + Ky3 P) mod 26
Cg = (K3j, Advant=
P, + Kg2 P + Kg3Ps) mod 26
This techniques uses column vectors and matrices: (1) In this
K
informa
K2 Ks P1
(2) Using
Ci2 K
Kgg Kz3
P2 mod 26 t
Kyj Ky K3JL Pg Disadv
This technique can be different way like, When
C; = KP, mod 26

Scanned by CamScanner
 Cypt. & Sys. Security (MU-Sem. 6-Comp) Introduction to Cryptography
1-49

Where,

C and P, are the column vector which is hold lcngth 3, K is used to representing tne
:
encryption key. Which is uscd 3 x3 matrix for Example
[2 5 4
12
Key (k) =9L3 7 17J

Using the vèctor we can represent the Key and first three letters of the plaintext HEL as

follow.

C = KP; mod 26
T2 5 4
9 12 mod 26
L3 717JL 11J
78
89 mod 26
236
0
=
ALC

is ALC.
For the given plaintext HEL, We get ciphertext

When we get the entire ciphertext it requires to o decryption using the inverse of the
matrix K.
is
Using the general terms in Hill cipher techniques

Ciphertext Ci= E, (K, P) = KP, mod 26

= P,
= = K KP,
Plaintext P= D,(K, P) K'Cmod 26
Advantages of Hill Cipher Techniques
cipher more frequency
(1) In this techniques, when we used the large matrix, in hill
a
information hiding is possible when we uses large matrix.
secrete single letter frequency.
(2) Using the hill cipher techniques completely

Disadvantage of Hill Cipher Techniques

broken.
When we know the plaintext attack, it is easily

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) lntroduction
1-50 to Cryptograph,

Ex, 1.11.7
Cr
Encrypt the message "Exam" using the Hill cipher with Ex. 1.1
the key s 7
Using
Soln.: :
Soln.
key (k) =

Plaintext (Pi) = "Exam"

Ci = KPi mod 26
mod 26

151 1677
mod 26
60 84

= VLIG
For the given plaintext, we get ciphertext
is VLIG.
Ex. 1.11.8

Use Hill cipher to encrypt the text DEF. 451

The key to be used is
92 1

3 8 7
Soln.:
Plain text (Pi) = DEF

Ci = KPi mod 26
2. 4 3
Key (K) = 9 2 1 4
mod 26
3 87
8

5
47 21 1.
40 mod 26= 14 = Voy
76
24
For the given plaintext, we get ciphertext
is voy.

Scanned by CamScanner
toCryptography

Introduction to CryptographyY
Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-51

Ex. 1.11.9
Jsing hill cipher encrypt plain text "COE"
use key "ANOTHERAZ!

Soln. :
= COE
Plain text (Pi)
By using Hill Cipher
Key = ANOTHERBZ
It is represented as
Ci = KPi mod 26
A N
T H E mod 26
RB Z.
0. 13 147 21
Cipher Text (Ci) = 19 7 4 14 mod 26
17 1. 25 4
238
= 152 mod 26

148
4
22
Mod 26
18

= EWS

For the given plaintext, we get ciphertext is Ews.

Syllabus Topic : Transposition Techniques

1.12 Transposition Cipher Techniques

(MU - May 16)

Q. 1.12.1 Explain with examples, keyed and keyless transposition ciphers.
(Ret. sec.112) May 16, 5 Marks
|Q. 1.12.2 Explain transposition cipher. (Ref. sec. 1.12)

Scanned by CamScanner
 2 Crypt. & Sys. Security (MU-Sem.
6-Comp) 1-52 Introduction to Cryptography
Q. 1.12.3 What is
keyless Transposition Cipher? Sys.
(Ret. sec. Give any example of rail Cypt. &

1.12) fence cipher.

Q. 1.12.4
the text
What transposition
is technigue? (Ref. sec. 1.12) (3) Read
In transposition cipher technique Combine all
plaintext message is hidden (4)
plain text letters without by rearranging the order of
altering the original resultant
In transposition cipher,
letter. (5) The
the letters are written in a row Example 1
column as per alphabetical under the key and then arrange
order. the
Selec
There are two types Step 1 3

of transposition ciphers: single

transposition ciphers. columnar and double columnar
In transposition technique,
there is no replacement
their positions are changed or of alphabets or numbers occurs instead
reordering of position
ciphertext. of plaintext is done to produce
Transposition cipher is a
kind of mapping achieved
permutation on the plaintext message. by performing some sort
Transposition of
performs permutations on cipher also called diffusion which Step 2 : Sele
plaintext.
Diffusion means permutation Step 3 : Read
of bit or byte positions.
There are two types Step 4: oiey:
of transposition techniques
:
Types of transposition
Step 5 Fina
techniques Ciphertext : oie

1.
The ciphertext c
Columnar transposition
techniques rounds of su
2. Keyless transposition more comple
techniques A

Fig. 1.12.1: Types of

and then rea
transposition techniques
The order o
Syllabus Topic : Keyed Transposition
Cipher Example 2
1.12.1 Columnar Transposition
Technique Plaintext :
Q. 1.12.5 Describe the columnar
transposition technique detail.(Ref. sec.
in 1.12.1)
Columnar transposition technique is very
simple to understand having following steps :
(1) Write plaintext message into a
rectangle of some predefined size (rows
and columns).
(2) Select the random key according to the size
of rectangle also called columns. (In this
technique order of the columns is the key).

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 1-53 Introduction to Cryptography

(3) Read the text present in cach selected random key columns.
present in each column as per selected
(4) Combine all text random key order.
(5) The
resultant text called ciphertext shown in Fig. 1.12.2.

1
G Example
Step 1 : Select any Plaintext :are you missing somebody,
1
2 3 4 5 6 + Column slze

m
Write plaintext
row - by - row

Fig. 1.12.2: Columnar transposition

technique
: Select randomkey (according to column size) 5 4 23 16
Step 2

Step 3: Read text present in each column according to key.

Step 4: oieysmrisdesoyamgounb
Step 5: Final ciphertext is

Ciphertext : oieysmrisdesoyamgounb
The ciphertext obtained in step 5 can be made more complicated
by performing multiple
rounds of such permutations.

A more complex way to encrypt the message would be to write it in a rectangle, row by row,
and then read off the message column by column, but to decide the order
of the columns.
The order of the column will be the key of the algorithm.

Example 2

Plaintext : the book is related to history.

12 3 5 67
h e b oK
a
e T

0h

|to r y

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp) Introduction to
1-54 Cryote
& Sy
Cypt.
Select the order of
columns (Key):4351267
Ciphertext : beoyertryolhtiethsdooaikts Preparing
1.
1.12.2 Keyless Transpositlon Technlques. in this key
Keyless transposition technique also called Rail fence anothe
technique.
Algorithm for keyless transposition technique is
given below :
14573
(1) Write plaintext message That is, th
into Zigzag order.
numbered
(2) Read plaintext message of step 1 in order row
of by row as shown in Fig. 1.12.3.
letter has
G For example
write. For
Plaintext message is :
be care full while chatting. hand side
row 1
hea ver
row
2-b 42 163
Fig. 1.12.3 : Zigzag order of plaintext 2. Prepari
Write plaintext obtained in row 1 and row 2. -numbere
The resultant ciphertext is
:
Ciphertext eaeulhlcatnberflwiehtig. the key.
This technique doesn't want any key. Rows are
also fixed (2) so that attacker may get clu: heave
to break the ciphertext obtained
using rail fence technique. 42163
Ex. 1.12.1
WEA
Use Transposition Cipher to encrypt the plain text
"WE ARE THE BEST use key "HEAVEN".
Soln. : HEBE
3. Encryp
Single Columnar Transposition
of the ke
Single columnar transposition cipher is the simple
cipher. Read the key, and numbered à
eehr
each letter of the key as per their appearance
in the alphabet. The total encryption process is
divided into three parts : 1234
1. Preparing the Key AEEL
2. Preparing the Plaintext BES
3. Encryption Then t
i.e.

ABEE

Scanned by CamScanner
 I Crypt. & Sys. Security (MU-Sem, 6-Comp) 1-55 Introduction to Cryptography

1
Preparing the Key : Suppose the key is another. We can assign the number to each letter
:
in this key as shown below

another
1457326
That is. the first letter a is numbered 1. There are no B's or C's, so the next letter to be
mheredis the e. So e is numbered 2, followed by h, and so on.
In the key. if the same
lotter has occurred more than one time, it should be numbered 1. 2. 3. etc. from left to
write. For example, the key is heaven. Here e is occurred two times. So first 'e'from left
band side is numbered as 2, whereas second e is numbered as 3.

heaven
421635
9 Prenaring the Plaintext : The letters from the message is written in rows under the
.numbered letters of the key. One letter from message is to be writen under each letter of
the key. Let us say that the message is - We are the best. We can write it as shown below :

heaven
'
421635
WEARET
HEBEST
3. Encryption : Now, arrange the above message written in rows under the numbered letters
of the key as per ascending order of the numbers at the top of the plaintext letters.

aeehny

123456
AEEWTR
BESHTE
Then the letters are copied down column wise from top to bottom. The result is ciphertext,

i.e.

ABEEESWHTTRE

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp) 1-56 Introduction
to Cryptogre
Crypt. & Sys
:
Syllabus Topic Steganography
1.13 SteganographyApplications Known car
3.
and Limitations original im.
Q. 1.13.1 compared to
What is
steganography ?
(Ref. sec. 1,13) Give its advantages and disadvantages. is compared
a.1.13.2 as file an or
What
is steganography?
"steganography? What are applications and limitations encoded me
(Ref. sec. 1.13) attacked ma
Steganography is a technique attacks help
of hiding the message, file and
Tile or image: Steganography image within other mess original mes
word is of Greek origin
"secret writing". that means "covered writing",
4
Reformat
In other words, it is the art as attacker cha
well as science of hiding
that know body aware the the commnunication in such w don't store c
existence of communication.
E
The goal of hiding messages, 5. Destroy
files and images is to fool
attacker to detect that there attacker and not even allo related info
is another message
hidden in original message. used to stor
The main aim of Steganography
is to achieve high security and
in any cover media like encode the sensitive datz 6. Known me
images, audio, video and send over
Internet. Even if there is it insecure channel such : and when t
small change in stenographic
meaning of the messages. image or data will change complele help agains

In Steganography the term 7. Multiple E

called as Steganalysis which
cryptography. Like cryptanalysis, is similar to cryptanalysis in different m
the goal of steganalysis
messages, files is to identify suspected informatior
and images, to determine whether any
available into those messages, hidden or encoded information is may try to
and also to try and gain access to
images. that messages, files and 8. Compressi
attack tries
Attacks on steganographic techniques are
very similar to attacks on is the use o
techniques/ algorithms and similar cryptographic
techniques apply. The strength a
algorithm depends on its ability to successfully of steganographic
withstand attacks.
Following are the possible attacks on
steganography.
1. Stego-only attack :
In this type of attack, only the medium
(files and images) containing
hidden data is available for analysis. This
attack also called as Visual attack.
2. File only attack : The attacker has access the file must
he determine if there is a messag'
hidden information inside that file.

Scanned by CamScanner
 Crvpt. & Sys. Security (MU-Sem. 6-Comp) 1-57 Introduction to Cryptography

2 Known carrier attack : In this typc of attack, the steganalyst has access to both ne
original image and the image containing the hidden information are available and
compared to assume the message. The stcgo object (that contains the hidden information)
is compared with the cover object and the differences arc detected. This attack also called
as file an original copy : It might happen that attacker have a copy of both the file i.c. the

encoded message and a copy of the original file. If the two files are different, then
attacked may guess that there must be some hidden information inside a file. Such type
attacks helps attacker to destroy the hidden information by simply replacing it with
original message.
A
Reformat Attack : Most popular attack on steganography is reformat attack, in this attack
attacker change the format of the filè (BMP, GIF, JPEG) because different file formats
don't store data in exactly same way.
E
Destrov Everything Attack : An attacker could simply destroy the message and
all
related information. This can works correctly because there are different file formats are
used to store data in different ways.

6. Known message attack : In this type of attack, the original message prior to embedding
and when transmitting over Internet is known to sender. This type of attack analysis can
help against attacks in the future.

7. Multiple Encoding of a Files : The attacker gets n different copies of the files with n
different messages. It might happen if some companies are inserting different tracking
information into each file. If the attacker tracks all the data during transmission then he
may try to replace the tracking information with its own available information.

8. Compression Attack : One of the simplest attacks is to compres the file. This type of
attack tries to remove the unrelated information from a file during compression then what
is the use of hiding the data if extraneous information is removed.

Chapter Ends...

Scanned by CamScanner
 CHAPTER

2 Modular
Module
19 Crypt. & S

Arithmetic For exa

and Number Z={...
Theory 2. Bin

In cryp
Syllabus three ba
Modular Arithmetic The co
Euler's theorem and Number Theory : Euclid's not clo
logarithms. Testing for primality- algorithm
Prime numbers-Fermat's
The Chinese remainder and
theorem, Discrete
2.1.1(A)
2.1 Modular Arithmetic A prir
a
by 1
2.1.1 Mathematical Background
Exam

In cryptography, there are certain The

mathematical backgrounds
data encryption methods and also to for understanding moden Relat
introduce certain application
Mostly certain areas of Number in cryptography area. have
theory and algebra techniques are
Cryptosystems. One of the examples cryptosystem used for designing Exar
of in DES'and AES algorithms. r

the
Basics of Number Theory and Modular Arithmetic gcd

2.1.1(B)
Basics of Number Theory
GCI
1. Integer Arithmetic positive
integers
2. Binary Operations
integers
Fig. 2.1.1: Basics of
Number Theory For

Integer Arithmetic
gco
1.

is used to create background for modular arithmetic. The set of integet gc

Integer arithmetic
number represented by single alphabet i.e. Z.

Scanned by CamScanner
 Crypt. & Sys. Secuity (MU-Sem. 6-Comp)
2-2 Modular Arithmetic & Number Theory

For example :

- 2, -
Z=(...-3, 1,0, 1, 2, 3,...) set of
integers.

2. Binary Operations
In cryptography different binary operations are
applied to set of integers. Among those
three basic operations are addition, subtraction
and multiplication.
The concept here is to provide two inputs and generate
only one output. Set of integers is
not closed under operation division,
i.e. quotient of two integers may not
be integer.
Syllabus Topic : Prime Numbers

2.1.1(A) Prime Numbers

A prime number is a positive integer which is greater than one and

which is divisible
by 1 and itself i.e. the only factors of prime number are 1 and itself.

Example:2, 3, 5,
7, 11 ctc.

The prime number concept is use by cryptographic algorithms heavily.

Relatively prime number : Two numbers are relatively prime to one another when they
have no common factors except 1.

Example : 21 and 44 are relatively prime numbers, since common factors between both
the number is one i.e. Greatest Common Divisor GCD of a and n is 1 it is written as
god (a, n) =1 hence they both are relatively prime.
2.1.1(B) What is GOD?

GCD stands for Great Common Divisor, also called as greatest common divisor of two
positive integer a and b: The GCD of two integers is the largest integer that can divide both
integers. Most needed concept of cryptography is GCD and prime number. Two positiv
integers may have common divisors but we are interested in largest divisor.

For example :
gcd(3,5) =l hence 3 and 5 are relatively prime numbers to each other.
gcd(12,60) = 12

Scanned by CamScanner
 P Crypt. &
Sys. Security
(MU-Sem.
6-Comp)
Explanation 2-0
Modular
Arithmetic &
Number
Factors The
of 12 = 1,
2,3,4, 6, 12 crypt.
Factors &
Sys
of 60 = 1, 2,
3, 5, 6, 12, 60
So looking to above Modular Arithr
between both example it is observed
that 12 is the greatest Modular art
the numbers so. and also common fact. division sins
gcd(12,60) = 12.
Let a, b, e
For example : Find
GCD (40, 20) : of natural n
Method 1 For examp
arithmetic.
Find prime factors
of given numbers, both leaves
40 = 22+ 2*5 If a, b, e Z
20 = 2*2*5 quotient and

Select common divisor from Most of the

. gcd (40, 20) = 2*2*5
above
=
20
arithmetic.
Modular
Ar
gcd (40, 20) = 20 1. ((a mod
Method 2 2. (a mo
40 = 2 * 20 3. ((a moc
20 = 1 *20
:.gcd (40, 20) = 20
1.
2.2 Eucli
R=amod b
2. If (R=0) then go to step4 else Q. 2.2.1 St
3. a= b, b=R go to step 2 It is a ba
Suppose we ha
4. GCD =b
Now divic
Example
GCD = (15, 12) Where q=
15 % 12 = 3 Suppose
obtain:
12 % 3 = 0

Hence r,
if =0
GCD (15, 12) = 3 the remainde

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 2-4 Modular Arithmetic & Number Theary

Modular Arithmetic

Modular arithmetic is a simple concept of using Remainder which is left after an integcr
division since MODULO is the remainder in mathematical terminology.

Let a, b, E Z and n
eN then aab (mod n) if (a-b/n) where Z is set of integers and N is set

of natural numbers.
(mod 11). Congruence calculus is often
called as Modular
For example : 23 = 1

11 mod (12) is equivalent. Because

arithmetic. Modular arithmetic considers that 23 and
both leaves same remainder when divided by 12.
q and r
Z be any integers, then a. r such that b= aq +r where 0 Sr cawhere
a,
If b, E
by a.
quotient and remainder respectively, when bis divided
concept of GCD, modular
cryptographic concepts and algorithms use the
Most of the
arithmetic.
:
Modular Arithmetic exhibits the following properties
n
1 [(a mod n) + (b mod n)] mod n= (a + b) mod
n = (a-b) modn
2. [(amod n) -(b mod n)] mod
n = (a * b) modn
3. [la mod n) * (b mod n)] mod

Syllabus Topic : Euclid's Theorem

2.2 Euclid's or Euclidean Algorithm

(Ref. sec. 2.2)
Q. 2.2.1 State Euclid's Algorithm with example.
or a method for calculation of GCD of two positively integer.
It is a basic technique
that d gcd (a, b) assuming a>b>0.
=
a,
Suppose we have two integers b such
Now dividing a by b
we can state that
...(2.2.1)
a = gjb+I; 0sr,<b
r remainder.
Where q implies quotient and implies
r, and apply division algorithm to
r, because b >r1, we can divide b by
Suppose that #0
obtain:
b= 92I +I;
if r, = 0 then d = r, and if r,#0 thend= gcd (T;, r). The division process continues till
the remainder is 0. The following equation describes the process.

Scanned by CamScanner
 Crypt. &
Sys. Security
(MU-Sem.
6-Comp)
a= 4, 2-5
b +r Modular
Arithmetic
b= q,I + 0<r<b & Number
Theony

2 0<r<I|
0<<Iy

I-2=gnIn-1tIn 0< I<h-1

In-1=9n+1 Ia
+0
d=gcd (a, b)
At each stage we =I,
common have
divisor of two d= gcd( I) finally =
division algorithm integers by repetitive can d gcd(rn, O) =
This is known as be calculated by In. Thus, the greatest
the Euclidean algorithm. repetitive application
Euclld's algorithm: of the
EUCLID
1
(, y)
XX, y
y
2. Ify=0, retun x= gcd (%,
y)
3. R=X mod y
4. xy
5. y-R
6. Go to 2.
Ex. 2.2.1

Find GCD (40, 20) using

Euclid's algorithm.
Soln. :
We know that,

ged (1, y) = gcd (y,x, mod y)

·gcd (40, 20) = gcd (20, 40 mod 20)= gcd (20, 0)

From step 2 of algorithm,

If y=0, return X= gcd (3, y)

.. gcd= 20

Scanned by CamScanner
mberieony

Crypt. &
Sys. Securiy (MU-Serm.
6-Comn
2-6
Ex. 2.2.2 Modular
Arithmetic
& Number
Solve /find gcd (36, 10). Theory
:
Soln.
We know that,

gcd (x, y) =
gcd(y,x
mod y)
gcd (36, 10) =
gcd (10,36 mod
10)
= gcd (10,
.. gcd (10, 6) =
6)
gcd (6, 10 mod 6)
= gcd (6, 4)
greatest
n of the gcd (6, 4) = gcd(4,2)
gcd (4, 2) = gcd (2, 0)
.gcd (36, 10) = 2

If gcd (x, y) = 1then x andy are relatively prime to each other.

e.g. gcd (8, 15) = 1

.8 and 15 are relatively prime.

Ex. 2.2.3

Using Euclidean algorithm calculate gcd(48,30) and gcd(105,80).

:
Soln.
() gcd(48,30)
= gcd(30,48 mod 30)
gcd(30,18)
= gcd(18,30 mod 18)

= gcd(18,12)
gcd(12,18 mod 12)
gcd(12,6)
gcd(6,12 mod 6)

= gcd(6,0)
.. ged(48,30) = 6

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem, 6-Comp) 2-7 Modular Arithmetic &
Number Theory
(1) gcd(105,80)

gcd(105,80)
= gcd(80,105 mod 80)

= gcd(80,25)

= gcd(25,80 mod 25)

gcd(25,5)
gcd(5,25 mod 5)

=.gcd(5,0).
gcd(105,80) = 5

Ex. 2.2.4

Using Euclidean algorithm calculate god(20,16)

and gcd(50,60).
:
Soln.
(0) gcd(20,16)
= ged(16,20 mod 16)

= gcd(16,4)

gcd(4,16 mod 4)

= gcd(4,0)

i. gcd(20,16) = 4

() gcd(50,60)
gcd(50,60 mod 50)

gcd(50,10)

gcd(10,50 mod 10)

= gcd(10,0)
= 10
gcd(50,60)

Scanned by CamScanner
 Crypt. & Sys.
Security (MU-Sem.
6-Comp) 2-8 Modular Arithmetic & Number Theory
2.2.1 Extended
Euclidean Algorithm
Q. 2.2.2 Write
Extended Euclidian algorithm.
As we
(Ref. sec. 2.2.1)
learn in school days,
when we divide integer
values by other nonzero integer
we

get an integer quotient (the

"answer") plus a remainder (generally
a rational numo
For instance,
13/5 = 2("the quoticnt'") +3/5 ("thc remainder").
We can rephrase this division, totally in terms of integers,
division operation :
without reference to ne

13 = 2(5) +3
Note that this expression is obtained from the one above it by multiplying througn
by u
divisor 5.

Ihe greatest common divisor of integers a and b, denoted by gcd(a, b), is the largest
integer that divides (without remainder) both a and b. So, for example :

gcd(15, 5) =5, gcd(7, 9) = 1,

=
gcd(12, S9) 3, gcd(81, 57)=3.
The ged of two integers can be found by repeated application of the division algorithm,
this is known as the Euclidean Algorithm. You repeatedly divide the divisor by the
remainder until the remainder is 0. The gcd is the last non-zero remainder in this
algorithm. The following example shows the algorithm.
Finding the gcd of 81 and 57 by the Euclidean Algorithm:
81 = 1(57) + 24

57 = 2(24) +9
24 = 2(9) + 6
9 = 1(6) +3
6 = 23) +0
It is well known that if the gcd(a, b) =r then there exist integersp and s so that :
p(a) + s(b) = r
By reversing the steps in the Euclidean Algorithm,
it is possible to find these integers p
and s. We shall do this with the above example:
Starting with the next to last line, we have: 3 =9-1(6)

Scanned by CamScanner
 Crypt. &
Sys.Security
(MU-Sem.
6-Comp)
From the 2-9
line before Modular Arithmetic
that, we see &
NumberThenn.
that 6 =24-
3 = 9- 1(24 2(9), so :
cypt.
From the -2(9) =3(9) -
line before that, we 1(24)
have 9=57-2(24), The e

3 = 3( 57 so :
algorit
-2(24) – 1(24)
= 3(57) The al

And, from the

-7(24)
line before that 24 =
81 - 1(57), giving
= us :
3 3(57) -7(81- 1(57))
= 10(57) -7(81)
So we have found
p=-7 and s = 10.
The procedure we have followed
above isa bit messy because
we have to make. of all the back substitutions
It is possible to reduce the amount
of computation involved in finding o
and s by doing some auxiliary computations as we
go forward in the Euclidean
(and no back substitutions will be necessary). algorith
This is known as the extended Euclidean
Algorithm.
Given two integers a andb, we after need to find other two integers S
and t such that
Sxa+txb = gcd (a, b)

The extended Euclidean algorithm can calculate the gcd (a, b) and at the same time

calculate the value of S and t. As show the Fig. 2.2.1.

a, =b

Ex. 2
Giver
Soln
t=t,
god(a, b) = I, S= S

Fig. 2.2.1

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) & Number Theory
2-10 Modular Arithmetic

The extended Euclidean

algorithm uses steps as the Euclidian
the same number of

algorithms.

The algorithm of extended Euclidean is as shown below :

IH- a
;
t-b;
S;t-1 ;
Sst-0; Initialization

t,-0; ht-1;
while (r;> 0)

updating r's
rti-qXI,i.
It-iIyt-r;

updating s's

updating t's
t+t,-qXthi
tt-,itt-t;

gcd (a, b) ¢;s S,;tt-t

Ex. 2.2.5
s t.
Given a = 161 and b=28 find god (a, b) and value of and
Soln. :

Scanned by CamScanner
 Crypt. &
Sys, Socurily (MU-Som. 6-Cornp) 2-11 Modular Arithrnotic &
Nurnber Thege,

B
S t t
5 161 28 21 -5
-
28 21 ) -5 6
3 21
-1 4 -5 -23
7 -l, 4 -23

s=-land t =6. The answer can

,
We get, gcd (161, 28) =7 be tested

(-1)x l61 +6x 28 = 7

Syllabus Topic The Chinese Remainder Theorem

:

2.3 Chinese Remainder Theorem

State the Chínese remainder theorem with example. (Ref.

sec. 2.3)
Q. 2.3.1

According to D. Wells, the following problem was poscd by Sun TsuSuanChing.

There
by 5
are certain number repeatedly divided by 3 and remainder is 2, repeatedly divided
and remainder is 3, repcatedly divided by 7 and remainder is 2.

What will be that number? The problem can be solved by well known theorem called
a range
Chinese remaindcr theorem. If that it is possible to reconstruct integers in certain
from their residue modulo a set of pair wise relatively prime modulo.
a, (mod m,)
X=
X = a, (mod m,)

X, = a, (mod m,)

Consider n positive integers which are relatively prime in pairs i.e. m, m,... m,. Then the
congrucnce of above equation have common solutions.

Two integers a and b are said to be congruent modulo n, if (a mod n) = (b mod n)

i.c. a b
(mod n)
where X
a(mod m) Xa(mod m) X= a(mod m).......X= a, (mod m,)

where M= m
xm, X M3

which is given by X# a,Miy +t a,Maya +

ayMsys +. .a,M,y- (modM),
where Mi =
M/m, and y= (M) mod(m;) for 1
<isr.

Scanned by CamScanner
&Number
Then

-5 Crypt. & Sys. Socurity

(MU-Sem. 6-Comp) 2-12 Modular Arithmetic & Number Theoy
6
Ex, 2.3.1
23
State CRT. Findx for the following equations,
X = 1 mod 2
X = 1
mod 3
X =3 mod 5
X = 1 mod 7
Soln. :
The general equation of Chinese remainder theorem is,
X = a, (mod m,)
X = a, (mod m)

aing. There Xn = a, (mod m)

wided by
5 Let, a, l, a, = 1, a, =3, a, =
1
and m= 2, m, =3, m3 =5 and m4 =7
M. = m* m,* My* m4
= 2
*3 *5*7
em called
tain range M = 210

For all set of elements

M1 = Mml == 105,

M2
=
M/m2 ==70,
M3 = Mim3
==42,
hen the M4 = M/m4 =
210-30
7

Find out inverse modulo.

Let y1, y2 y3 y, represented as inverse.
y = Inverse of (M/ml) mod m, = Inverse of 105 mod 2
mod 2 = 105 mod
2=1.
y = Inverse of (Mm2) mod m,= Inverse of 70 mod 3 =70 mod 3
= 70 mod 3 = 1

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. 6-Comp) Modular Arithmetic
&
Nurmber
2-13 The,

Y3 = Inverse of (M/m3) mod m, = Inverse of (42) mod 5=42" mods

= 42
mod 5 =3
Y4 = Inverse of (M/m4) mode m, = Inverse of 30 mod 7 = 30'-2 mod7
= 4
According CRT

a,Miyi + a,May2 + a,My;+... ..a,M,y, (modM),

X= +
(30) * 1 * 4] mod 2to
X
=
[(105) * 1 * 1+ (70) * 1
*1+ (42) *3 *3

= [105+70 +378 + 120l mod 210=673 mod 210

. X =
43

Ex. 2.3.2
A bag has certain number of pens. If you take.out 3 pen at a time, 2 pens are left, If you tete
pens at a time, pen is left and if you take out 5 pen at a time, 3 pens are left in the bao JL
1

is the smallest number of pens in the bag ?

Soln. :

X = 2mod 3, x=1mod4, x=3mod 5

The general equation of Chinese remainder theorem is,
X = a, (mod m)
x = a, (mod m,)

X = a (mod m,)
According to given equation al=2, a2 = 1 & a3 =3 and m=3, m, = 4 and m,
=5
M= m* M,* Im3* m4
= 3
*4*5
M = 60

For all set of elements

M1 = M/ml =60/3= 20,

M2 = M/m2 =60/4= 15,

M3 = M/m3 =60/5= 12,

Find out inverse modulo.

Let y, y, y3 . y, represented as inverse.

Scanned by CamScanner
 melic
&
Numb
5= 422
J=30-2 Crypt. & Sys. Security (MU-Sem.
6-Comp) 2-14 Modular Arithmetic & Number Theory
mod
Y = Inverse of (M/ml) mod m, = Inverse of 20 mod 3
= 20 mod 3 =
20 mod 3 =2
odM), Y2 = Inverse of (M/m2) mod m, = Inverse
of 15 mod 3 = 15 mod 4
1 *4]mod = 225 mod 4 =1
210 Y3 = Inverse of (M/m3) mod m, = Inverse of 12 mod 5 = 12 mod 5
= 12 mod 5 = 3
According CRT
X = a,Miy + a,My2+ aMayst...........a, M, y,
(modM),
X = 12 * 20 2
* + 1l * 15 * 1
+3 + 12 *3 ) mod 60
releft,
eft in f youtala = [80+ 15 + 108 mod 60 =203 mod 60
the bag. ..
X = 23

Ex. 2.3.3
to the simultaneous equations.
Define the Chinese remainder theorem tind the solution
2 mod 7. =

X=2 mod 3, x =3mod 5,

X

:
Soln.
remainder theorem is.
The general equation of Chinese
x = a, (mod m,)
X = a, (mod m,)

K = a, (mod m,)
d
m, =5 equations
According to given simultaneous
mod 7
x=2 mod 3, x=3 mod 5, x=2

Let, a,
= 2, a, =3, a, =2, and
m,
3,
m,
=5,m, =7
M = m,* M,* Mz* m
= 3*5 *7

M = 210

For all set of elements

= M/m, =105/3 = 35,
M

= 21,
M, = M/m, 105/5=
= 15,
M, = M/m, 105/7=

Scanned by CamScanner
 Modular. Arithmetic
&
Crypt. & Sys. Security (MU-Sem. 6-Comp) 2-15 Number
Th

Find out inverse modulo.

Let y,, y» y3
.. y, represented as inverse.
y = Inverse of (M/m,) mod m, = Inverse of 35 mod

= 1053-2 mod 3 = 35 mod 3 =2

5 = 215-2
mod mod5
=
Inverse of (M/m,) mod m, = Inverse of 21
= 21mnod 5 = 1

Y3 = Inverse of (M/m,) mod m,= Inverse

of (15) mod 7 = 15 mod7

= 15 mod 7= 1

According Chinese Remainder Theorem

..a,My. (modM),
X = ajMiy + a,May2
+
a,Mys +....
& 1
+2* 15*1 ] mod 105
X = (2*35 * 2 +3+21
105 = 233 mod 105
X = [140 + 63 + 30 mod
1

X = 23

Syllabus Topic : Euler's Theorem

2.4 Euler Totient Function o(n)

are betweet
Euler Totient function which states that how many numbers
òln) is called
land n -1 that
are relatively prime to n.
are relativelyprime to it.
All positive integers less thann
For example : if =4 find o(n) =?
n

is 1. (The number is said

1. on) (4) =land 3 are relatively prime to 4 because their gcd
=
to relatively prime if their gcd is always 1)
In this case 4 and 2 are not relatively prime, because gcd (4, 2) =2
.. o (4) * 2(i.e. 1
and 3)
(5) = ?
2
5) = 1, 2, 3, 4 are relatively prime to 5

o5) = 4
(7) = ?
3
o(7) = 1, 2, 3, 4, 5; 6 are relatively prime7

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 2-16 Modular Arithmetic & Numbar Theory

:.o(7) = 6

This implies that o(n) will be casy to calculate if n has cxactly two different
prime factors say p and g
.:. (n) = pX4
1.e. (n).= (p) * (q)

According to definition of Euler Totient function,

q are prime
(p*q) = (p-1)* (q- 1) ifp and

Hence proved.

2.4.1 Euler's Theorem

for every a and n that
are relatively prime:
Itstates that
aM= 1 (mod n)

Euler's theorem.
For example Prove using
:

a=3; n=10: o(n) = ?

=
Let, o (n) = (10) {1, 3, 7,
9} =4

According to Euler's theorem,

3* = 1(mod 10)
3 = 1
mod 10
(81 mod 10 = 1 & 1
mod 10 = 1)
81 = 1
mod 10
Hence proved.

Ex, 2.4.1
n = 11.
Solve using Euler's theorem:a=2and

Soln. :

Calculate on) = First

On) = (11)={1 to 10} = 10

According Buler's theorem
= 1
(mod n)

:20 = 1
(mod n)
11 = 1)
1024 = 1
mod 11 (1024 mod 11 =1 and 1024 mod
Hence próved.

Scanned by CamScanner
 P Crypt. &
Sys.Security
(MU-Sem.
6-Comp)
2-17
Modular Arithmnetic
Syllabus Toplc & Number
2.5 Discrete
: Discrete
Logarlthm
Thene

Logarithm 2 Crypt. &

Sys. Sec

1o understood There is no poin

discrete logarithm
Primitive we must noting that = 1 7

root know what

is primitive root positive a< 19.
7
A primitive root
integers from of a prime number p
1 is one whose power
top-1. of modulo p generates
Aa a
If a is a primitive root ai 1
1

are distinct of prime number p,

and consists the numbers a mod p,
of integers
from 1 to a mod p, ...amodn 2 4 8 16

For any integer p-1. 3

b of primitive root a 5
such that, of primne number p, we
can find.a unique exponert 4 16 7
i
5 6 17

The exponent i is b=a mod

p 6 17 7 4
referred as the discrete
logarithm of
This can be written as, b for base a mod p. 7 11 1
7

7 18 1

d log, p(b) 9
The equation d log,,
p(b) called as discrete
logarithm which is 10 5 12
cryptographic algorithms used in different
like diffie Hellman algorithm and 11
digital
signature algorithms. 1
For a fix prime mumber P.
Let a, b be non zero integers "12
such that a * = bmod p) (mod p). The problem 11 18
is called Discrete Logarithm of finding X
Problem. Suppose that n
integer such that a" = 1 (mod is the smallest 13 17 12
p), i.e., n = or d,(a). By
X=L(b), and call it the discrete log of b w.r.t. assuming 0 x <n, we denote 14 6 8
a (mod p).
Example :P= 11, a= 2, b=9, then x = =
15 16 12
L,(b) La(9) =6
To explain discrete Logarithm considers 16 9 1

the following example.

17
7' 7(mod 19) 4 11

18 1
7 = 49 = 2 x19 + 18
11= 11 (mod 19)
= 343 = 18 x In general te
7 19+ 1= 1 (mod 19) (mod n)
is (n).
7 = 2401 = 126x 19+7=7 (mod 19) If a number i
7 = 16807 = 884 × 19+ 11=11 (mod 19)

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Modular Arithmetic & Number Theory
2-18

There is no point in continuing because the scquence is repcating. This can be proven by
noting that 7° = 1 (mod 19), Table 2.5.1 shows all the powcrs of a, modulo 19 for all
positive a< 19,
Table 2.5.1
18 17
A 11 12 13
415. a

1 1 1 1 1 1 1 1 1 1 1
1

18 17 15 11 -1
2 4 16 13 4 3 6 12 5 10

6 18 16 10 11 14 4 12 17 13 1
3 9 8 5 15 7 2

4 16 7 9 17 11 6 5
1
4 16 7 9 17 11 6 5 1

16 4 1 11 17 9 7 16
5 6 11 17
16 1
16 1 6 17 7 4 5 11 9
6 17 4 5

11 1 7 11 1
11 1
7 11 |--|
7 11 1 11 7

7 18 11 12 1
8 7 18 11 12 1
8 7 18 11 12 1 8

1
4 17 1
9 5 6 16 11 4 17
7 6 6

10 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 --
1

1
1 11 1 11 7 1
7 1 11 7
11 7 1 11 7

11 18 7 8 1 12 11 18 7 8 1
18 7
1 12
12 11

1
6 2 7 15 5 8 9 3
17 12 4 14 11 10 16 18
13
1
18 5 13 11 2 12 16 15
14 6 8 17 10 7 4
1
4 3 7 10 17 8 6 14
15 16 12 9 2 11 13 5 18

17 6 1
1 16 9 11 5 4 7
16 9 11 5 4 7 17 o
1
11 16 6 5 9
17 4 11 16 6 7 5 9 17 4
1
1 18 1 18 1 18
18 1 18 18 1: 18 1 18
18 1

terms, that the highest possible exponent to whom a number can belong
In general
(mod n) is o(n).
n.
Ifa number is of this order, then it is called as primitive root of

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
2-19 Modular Arithmetic & Number Ther.

The importance of this notion is that if is a primitive root

of n then its powers 1S,
a, a ...a (n)
are distinct(mod n) and arc all
relatively prime to n. a
particular, for a prime number p, if is a
primitive root of p, then,
a, a On)
are distinct (mod n). For the prime number 19, its primitiy,
roots are 2, 3, 10, 13, 14, and 15.

2.6 Fermat Theorem

Q. 2.6.1 State and Prove Fermat's theorem. (Ref. sec. 2.6)

Fermat theorem plays an important role in public key cryptography. For this theorem t
understand one has to have knowledge of Prime number, Co-prime number, pring
factorization and GCD i.e. greatest common divisor that has already been explained in ti;
chapter.

Theorem
For any prime number p, a is the integer which is not divisible byp then
= 1(mod p)
al .2.6.1)

A variant of this theorem is

Ifp is a prime and a is a co prime to p (i.e gcd(a, p) = 1) then,

a = a(mod p) ..2.62)
Basically this theorem is useful in public key RSA and primarily testing.
Let us have a = 3 andp = 5 then as per the above theorem in Equation (2.6.1) we have
35-l
=3= 81 = 1(mod 5).

Since on dividing 81 with 5 will bave remainder 1.

Hence proof above theorem.
Considering another form of theorem in Equation (2.6.2).
Let us have a =3 and p = 5 then we have
aP = 35= 243.

Now we calculate 243 mod 5, we will have result 3.

a mod p=3 mod 5=3
Hence, 3=3 mod 5.

Scanned by CamScanner
er
TheoN

Crypt. & Sys.

Security (MU-Sem.
6-Comp)
2-20 Modular Arithrmetic a
to n. Fermat theorem Number Theory
In used to find mod
of large number for
Ex. 2.6.1 example:
oimitive
Solve 6
mod 11.
Soln, :

We know that Fermat

theorem.
aP-1 = l modp
Hence 6" = 1 mod 11 ..(1)
Leorem to
a = 6, p=11...put a and p
in equation (1)
t, prime i.e.
ed in this
6-=1 mod 11

60 = [(6 mod 11) x (6 mod 11)] mod 11

= [4 *3] mod 11 = 12 mod 11 =1

i.e, 6
mod 11 = 1

Ex. 2.6.2

..2.6.1) We can solve any large mod operation using this method. Solve 62
mod 11.
Soln. :

According to Fermat's little theorem mod p,

a=1 6
mod 11

...(2.6.2) Hence a =6, p= 11 if we put

these values in above equation then will get,
l21 mod 11 = 6
mod 11
[(6 mod 11) x (6 mod 11)] mod 11 = [4 x 7] mod 11
have
= 28 mod 11 =6
.:.6 mod 11 = 6

Ex. 2.6.3

Define Femat's little theorem find :

the result of
() 3mod 11 (ü)3 mod 11
Soln.:

Refer section 2.6 for definition

) 3 mod 11

According to Fermat's litle theorem a' p,

11
=l mod 3mod
Hence a =3 and p =l1, Put these values into above
equation,

Scanned by CamScanner
 P Crypt. &
Sys.Security
(MU-Sem.
312-1 6-Comp)
mod 11 = 2-21
Modular
mod 11 Arithmetic
3" mod 11 = & Number
Thee
[(3° mod
. 3* mod 11 =
mod 11 =
(25 mod
11) =3
11) x
(3 mod 11)]
mod 11 =
(5 × 5] mod
11
(ii) 310 3
mod 11 CH
According
to Fermat's
little theorem a
Hence
a=3 andp= 11, Put =1 mod p, 30
mod 11
3l01 these values
mod 11 = into above equation,
3 mod 11
3 mod 11 = [(3 mod 11) x (3* mod
3 11)] mod 11 = [1 x
mod 11 = (4 4] mod 11 Syllabus
mod 11) = 4
mod 11 = 4 Block c
Advanc

Chapter Erd.

3.1 BI

Basic:
Strear
algor
For n

3.2 E
Q.3.2.1

Q.3.2.

@. 3.2,

Scanned by CamScanner
ic &
NumberTh

CHAPTER Module 2

Symmetric Key
3 Cryptography

Syllabus
DIoCKCIpher principles, block cipher modes of operation, DES, Double DES, Tiple DES,
Advanced Encryption Standard (AES), Stream Ciphers : RC5 algorithm.
Chapter
Ends

Syllabus Topic : Block Cipher Principles

3.1 Block Cipher Principles

Basically cryptographic algorithm is used for transformation of plaintext into cipher text.
Stream cipher and Block cipher are main method of encrypting text using key and
algorithm.
For more details refer Section 1.10 of Chapter 1.

Syllabus Topic : Block Cipher Modes of Operation

3.2 Block Cipher Modes of Operation

Q. 3.2.1 Explain with examples the CBO andECB modes of block ciphers.
(Ref. secs. 3.2.2 and 3.2.1) Dec. 16,3 Marks
Q. 3.2.2 Describe the block cipher modes of operation. (ECB, CBC, CFB, OFB and CTR
mode) with the help of block diagram.(Ref. sec. 3.2)
Q. 3.2.3 What are block cipher algorithmic modes? Describe any two
modes.
(Ref. sec. 3.2)

Scanned by CamScanner
 Crypt. &
Sys. Security
(MU-Sem.
6-Comp)
The block 3-2
cipher
that encrypting is basic buildingblock Symmetric
Key Cryptography
one bit for providing
The Federal at a time, block data security.
Information of bits is encrypted In Block
cipherrather Crypt. &
Sys. Secur
block cipher Processing at one go.
that may Standard (FIPS) defincs
Cryptographic be used in a four modes The drawback of
algorithms wide variety of operation
and decrypted. (DES, AES of applications for
the input genera
etc). The modes like symnerie key
specify how attacker or crypta
The modes included data will be encrypted
in this standard are :
1
Electronic Codebook
(ECB) mode
2. Cipher Block Chaining Key
(CBC) mode
3. Cipher Feedback
(CFB) mode and
4
Output Feedback (OFB) Fig. 3.2.
mode
5. Counter (CTR) Mode Only small messE
repeating the sam
3.2.1 Electronic Codebook (ECB) Mode
3.2.2 Cipher Bloc
(MU- Dec. 16)
Q.3.2.4 Describe ECB. (Ref. sec, 3.2.1)
Q.3.2.5 Describe
In Electronic Codebook (ECB) mode the given plaintext message is divided into blocks of To overcome the
64 bits each and each 64-bits blocks get encrypted independently. The plaintext block plaintext the Ci
produces ciphertext of same size (64-bits each). mode, each bioc
encrypted.
The given plaintext is encrypted using same key and transfers the encrypted data
In CBC mode
(ciphertext) to receiver.
Initialization V

At the receiver end each block is decrypted independently using same key in order to
block 1. In ne
produce original plaintext message of same size i.e. blocks of 64-bits each. previous ciphe
process is shown n block 2. The p
The Electronic Codebook (ECB) mode encryption and decryption
Fig. 3.2.3.
Fig. 3.2.l and Fig. 3.2.2.
Initialization V
Plaintext Plaintext Plaintext
block 2 block N more complica
block 1
Different crite

Key
Encrypt Koy-Encrypt -- KeyEncyp: A good initial
plaintext bloc
Ciphertext
ciphertext bloe
Ciphertext Ciphertext
block 2
block N In case of
block 1 cip
process of CBC mode
Code Book (ECB) mode encryption
Fig. 3.2.1:The Electronic

Scanned by CamScanner
2Crypt. & Sys. Security (MU-Sem, 6-Comp)
3-3 Symmetric Key Cryptography

The drawback of ECB mode is that for the occurrence more

of than one plaintext block in
the input generates the same ciphertext block in the output,
which gives clue to the
attacker or cryptanalyst.
Ciphertext Clphertext Ciphertext
block 1 block 2 block N

Key Decrypt Key Decrypt-- Key Decrypt

Plaintext Plaintext Plaintext

block 1 block 2 block N
Fig. 3.2.2: The Electronic Code Book (ECB) mode decryption process

Only small messages can be encrypted using ECB mode of operation where the chances of
repeating the same plaintext message are quite less.

3.2.2 Cipher Block Chaining (CBC) Mode

(MU- Dec. 16)

Q. 3.2.5 Describe CBC. (Ret. sec. 3.2.2)

To overcome the problem of repetition and order independence in ECB even for repeated
plaintext the Cipher Block Chaining (CBC) mode is used. In the cipher-block chaining
mode, each block of plaintext is XORed with the previous ciphertext block before being
encrypted.

In CBC mode the first block of the message (plaintext block 1) is XORed with an
Initialization Vector (IV) which is then encrypted using key k and produces ciphertext
block 1. In next step each block of plaintext (plaintext block 2) is XORed with the
previous ciphertext block 1 before being encrypted and produces output ie. iphertext
block 2. The procedure is continuing till all plain text block gets encrypted as shown in
Fig. 3.2.3.

Initialization Vector doesn't have special.meaning it. is simply used to make input message
more complicated or unique.

Different criteria for IV are fixed-size input value it should be random or pseudorandom.
A good initialization vector should be unique and unpredictable. In all modes of operation
plaintext blocks are represented by using P1, P2, P3,....!n and corresponding
ciphertext blocks are represented by using C1, C2, C3,......n.
In case of cipher block chaining mode even if plaintext block repeats in the input, output
of CBC mode yields totally different ciphertext blocks as shown in Fig. 3.2.3.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Symmetric Key Cryptograchy
3-4

Plaintext Plaintext Plaintext

block 1 block 2 block N
P, P2 PN
Initiaization
av)
vector
Cy-1

KEncypt KEncrypt ...... KEncrypt

CN

Ciphertext Ciphertext
Ciphertext
block
1

block 2 block N
Fig. 3.2.3: Cipher Block Chaining (CBC) mode encryption process

CBC mode is applicable whenever large amounts of data need to be sent securely.
provided that all data is available in advance (e.g. email, FTP, web etc.).
In CBC decryption, cipher text blockl get decrypted using same key used earlier during
encryption process and the output of this step is then XOR with initialization vector (IV)
and produces plaintext block 1.
In next step the ciphertext block 2 is decrypted and its output is XOR with ciphertext
block 1which results plaintext block 2. Repeat the procešs for all ciphertext block in order
to produce original plaintext blocks as shown in Fig. 3.2.4.
Ciphertext Clphertext Ciphertext
block 1 block 2 block N
C

KDecypt KDeciypt *** K Decrypt

P
P PN
Plaintext Plaintext Plaintext
block 1 block 2 block N
Fig. 3.2.4:Cipher Block Chaining (CBC) mode decryption process

3.2.3 Cipher Feedback (CFB) Mode

Q326 Describe CFB. (Ref. sec. 3.2.3)

CFB mode uses block cipher as stream cipher meaning
is that data is encrypted in smaller
units of block say &-bits rather than predefined size
of 64 bits.

Scanned by CamScanner
Crypt. & Sys. Security (MU-Sem. 6-Comp) 3-5 Symmetric Kay Cryptography

CFB mode may be uscd as a stream cipher. In CFB encryption process 64 bits
initialization vector is used which is kept in 64 bits of shift register.

The IV (shift register) is then encrypted and produces 64-bits of ciphertext i.e. encrypted
IV. Now the lefmost S bits (size of 8 bits) of the encrypted IV are XORed with the first
Sbits (size of 8 bits) of plaintext P. to produce the first S bits of ciphertext Cy, which 1s

then transmitted to next step.

In next step contents of the 64 bit shift register are shifted left by S bits and Cqis placed in

the rightmost S bits of the shift register and which again undergoes to encryption procesS
as shown in Fig. 3.2.5.

encrypted. Here same key K 1S

Inis process continues until all plaintext units have been
used during encryption and decryption process.

Initialization vector (V)

S-bit shiting
4-S- bit shifting

64-bits shift fegister CN-1shift register

(shift register) 84-bits B4-bits

Encryption Eneryption
Encryption
Key Key
Key

Encrypted Encrypted Encrypted

64- bits 84- bits2 84 - bits
(select Sbits) (select S- bits) select Sbits)

Plaintext Plaintext Plaintext

P
P PN

Ciphertext O
Ciphertext C Ciphertext CN

Fig. 3.2.5: Cipher Feedback (CFB) mode encryption prOcess

Decryption of CBC mode reverse of CBC encryption, the same technique is used, except
that the output of encryption process is XOR with the received ciphertext block to produce
the original plaintext block as shown in Fig. 3.2.6.

Scanned by CamScanner
 P
Crypt.
& Sys.
Security
(MU-Sem.
6-Comp)
3-6
Syrnmetric
Key Cryptograch.

TV CN & Sys. Securty(MU-E

K 2Crypt.
Shift
niftre
register -
b-sbits sbits
Initlalization
Encrypt Shift
register
b-s bits| sbits
Enorypt
|Select Discard 84- bi

s bits b-s bits Encrypt shift regi

Select Discard
bits
b-s bits Select
Discard
s bits b-sbits Encryp
Kev

S bits
s bits Encrypt
bits (64- |
S bits S

PN select
S bits
Fig. 3.2.6: Cipher s bits
Feedback (CFB) Plaintext
mode Decryption Process
3.2.4 Output P

Feedback (OFB) Mode

Q. 3.2.7 Describe OFB. (Ref. sec. Ciphe
3.2.4)
In CFB encryption process Fig. 3.2
64 bits initialization vector
is used which is kept in 64 bits of
shift register then selected Dectyption process
the most significant s bits
from encrypted IV and XOR with
plain text P, to produce ciphertext
C.
Output of encryption process is placed
in least significant s bits of shift register (left shift)
of next stage and repeat the process until all units
encrypted.
In case of output feedback mode (OFB), difference
is that output of encryption process
O,instead of generating cipher text C is directly placed in next stage
of shift register
without XOR operation to avoid bit errors during transmission as shown in Fig. 3.2.7.

In OFB mode, if there is a small error in individual bits, it remains an eTor individual
Fig
bits. which do not corrupt the whole encrypted message (to avoid bit errors during
3.2.5 Counter
transmission) which is the biggest advantages of OFB mode over all other mode. (C
a.3.2.8 Compa
In this case Initialization Vector is extracted from a double length encryption key.
Q.3.2.9 Explain

Scanned by CamScanner
 Symmotric
Koy
CN-1 Cryptography

Crypt.&
Shiftraglster Sys. Socurity (MU-Som.
6-Comp)
b-s bito 3-7
Symmetric Key Cryptography
|,obits Initlallzation yoctor

Encrypt
-S-bit shiting 49-bit shifting
B4- bits
Seloct shift ragister shift register
bits DiDiscard
shitt roaister
84- bita
b-s bits 84-bits

Encryptlon
Encryption
Encryption
Kev
Key

s bltg Encrypted IV
PN (64- bits) Encrypted IV Encryptgd IV
64- bits 84- bits
s blts solect S bits |(select S-bits)
(select S- bits)
Output O, Output
eSs Plaintext O2
P, Plalntext Plaintext
P2 Pn

Clphartext C, Ciphertext C,
Ciphertext CN
Fig. 3.2.7: Output feedback (OFB)
mode encryption process
kept in 64 bits of
Decryption process of OFB is reverse of encryption process as shown
V and XOR with in Fig. 3.2.8.
Nonce

gister (left shif)

Encrypt Encrypt
Encrvpt

yption process
shift register
g. 3.2.7.
P;
PN

n individual Fig. 3.2.8:Output feedback (OFB)

mode decryption process
rors during
3.2.5 Counter (CTR) Mode

Q.3.2.8 Compare ECB and counter mode

of operation. (Ref. sec. 3.2.5)
0.3.2.9 Explain Counter mode
of operation, (Ref. sec. 3.2.5)

Scanned by CamScanner
 Crypt.
&Sys.
Security
(MU-Sem,
As mnode
uumoes is similar
6-Comp)
to OFR 3-8
which as inputto vith the Symmetric
willbe the difference
ofsame algorithm We nut KeyCYtograchy
u counter sizeas
that a
is
constant
that it uses
counters 2Cypt.
&
Sys. Security (MU
•Ihere mode, the counter of aplaintext value as or
value OfSeqe
1S no block. initial
chaining is encrynted cunte 3.2.6 Algorlthm Mode
pr0cess and
is doneas shown thenXOredwith
the plaintext
Counter 1
inFig.3.2.9 o ye
Counter2
Mode

CounterN Electronic code book

Encryp! (ECB)
Encrypt
Encryet Cipher Block Chaining
(CBC)
2

Cipher Feedback (CFB)

Fig, 3.2.9 : Counter

(CTR) Encryption
During decryption process Process Output Feedback (OFB)
same counter
XORed with ciphertext is used which was
to get the original encrypted earlier
plain text plaintext as and later
shown in Fig. 3.2.10.
Counter 1 Counter 2 Counter (CTR)
CounterN
k

Encrypt
Encrypt

3.3 Data Encrypt

a.3.3.1 Explain wOL

P. PN
(Ref. sec.E
Fig. 3.2.10 : Counter (CTR) Decryption Process Q. 3.3.2 Expiain wo
Q.3.3.3 Explain DE
The advantage of counter mode is that it can make execution
speed up which can help in Ret. sec.,=
multiprocesing system. a.3.34 What
is the
(Ret. sec.

Scanned by CamScanner
 Symmetric
Key Gryptogr
uses otography
counterS
as initial Or sequence l
Crypt. & Sys. Security (MU-Sem.
value 6-Comp)
of counter Symmetric Kay Cryptography
32.6 Algorlthm Mode
the plaintext Detalls and Usage
to ciphertext Table 3.2.1 : Summarization
of algorithm modes
Mode
Detalls
Counter Usage
N
Electronic code book
Same key is use to encrypt
(ECB) and A single value is transmitted
decrypt 64 bit at a time.
in secure fashion.
Encrypt Cipher Block Chaining
Ciphertext of previous
(CBC) step and It is used
plaintext in next for authentication
step are purpose.
XORed.
Cipher Feedback (CFB)
K number of random from
Encrypted stream of data is
ciphertext bits of previous step
transmitted for authentication
and k bit from.plaintext of the
next step are XOred.
Output Feedback (OFB) It is similar to CFB, only
For transmission of encrypted
difference is that
input to stream of data.
ed earlier and later encryption step is preceding
in Fig. 3.2.10. DES output.
Counter (CTR) Both counter and plaintext
It is used in the applications
nter N

block are encrypted together.

which need high speed of
transmission.
ypt Syllabus Topic: DES

3.3 Data Encryption Standard (DES)

(MU - Dec. 15, May 16,

May 17, May 18)
Q.3.3.1 Explain working of DES detailing
(Ref, sec. 3.3)
the Fiestel structure.
3.3.2
Dec. 15, 10 Marks
|Q. Explain working
DES. (Ref. sec. 3.3)
of
May 16,10 Marks
Q.3.3.3 Explain DES, detailing
the Fiestel structure and S-block design.
(Ref. sec. 3.3)
can help in 0.3.3.4 What is the purpose S-boxes May 17, 10 Marks
of inDES? Explain the avalanche effect?
(Ret. sec. 3.3)
May 18, 5 Marks

Scanned by CamScanner
 Crypt.
& Sys.
Security
DES (MU-Sem.
isblock 6-Comp)
DES was cipherpublished 3-10
customer originally by
request developed NationalInstitute Symmetric
for a method by an BM ofStandards KeyCyptogra
In 1973, team Cypt. &
Sys. Security (MU-Sem.
6

proposal NIST published to secure formed andTechnologY

fromBM, a request data. in early (NIST
1970 response At the decryption side, DES
DES Was a change for proposals in ,
published intheproject for a symmetric 56-bit key.
Processing in federal calledLucifer,
which Standard resgister key cryPogapry.
wasacceptea 3.3.2 Detall Steps of DES
could make (FIPS).This in 1975 as A
draft was a draft 2s
ciphertext reiected of the Federal The principle of DES is very
s

Läter On weaker because niormai

prevent lBM developer to many of small each, which is initial permutati
mentioned attacks. key lengn
cryptanalysis. that internal
(bo-bits,
After initial permutation on 6=
Finally NIST architecture called left plaintext and right p
published of DES was
unclassified DES in January designed
applications. 1971 and
defines DES
t The left plaintext and right pla
as the standard with 16 different keys for eac
Ihe day onwards for use ia
algorithm. DES has been proven ight plaintext gets combinec
most widely blocks.
used symmetric
3.3.1 key cryptographit
Conceptual Vlew The result of final permutatior
of DES
Data encryption standard
takes 64-bit plaintext
ie. it encrypts data in block as an input
and creates 64-bit Cipherten
of size 64-bits per block.
Divide plaintext message
into 64-bit block each.

OR
The given plaintext message
is divided into size
56-bit key at the initial level. 64-bits block each and encrypted
using
Fig. 3.3.1 shows conceptual
view of DES.
58- bit
Different1

key
64- bit
|64- bit
64-bit
plaintext plain text.
platn text

58-bit 56- bit

key DES DES 56 - bit
key key DES

64-bi 64- bit bit

phertext oiphertext
64-
ciphertext

Fig. 3.3.1 : Conceptual view of DES

Scanned by CamScanner
 Crypt. & Sys. Securty (MU-Sem. 6-Comp) 3-11 Symmetric Key Cryptography

At the decryption side, DES takes 64-bit ciphertext and creates 64-bit plaintext and
56-bit key.

3.3.2 Detall Steps of DES

The principle of DES is very simple. Divide plaintext message into block of size 64-bits
each, which is initial permutation.

After initial permutation on 64-bit block, the block is divided into two halves of 32-bit
called left plaintext and right plaintext.

The left plaintext and right plaintext goes through 16 rounds

of encryption proceSs along
with 16 different keys for each rounds. 16 rounds of encryption process left plaintext aId
on these combined
nght plaintext gets combined and final permutation is performed
blocks.
as
The result of final permutation produces 64-bit of ciphertext shown in Fig. 3.3.2.

84-bit plaintext

Initial pemutation

Left plain Alght plain

text (32-bit) text (32-bit)

K1
1
Round Round

16usod
56 - bit Ditereht

key keys
Encrypted data

Round 16 Round 16:

K16

Final permutaton

64- bit ciphertext

Fig. 3.3.2 : Detail Steps in DES

Scanned by CamScanner
 Crypt.&
Sys. Security
(MU-Sem.
3.3.3 Initlal 6-Comp)
Permutation 3-12
(IP) Symmetric
Q. 3.3.5 Koy Cryptograt.
Explain & Sys. Security
Initial permuutation 2Crypt.
Initial permutation steps in
block with any isthe process
DES, (Ref.
sec. Step 2 :
Expansion per
3.3.0)
other random of
rearranging or 3
For example bit of same shuffling cach bit of As shown in Fig.
block, : First bit of plaintext message original plainten,
Plaintext (LPT)
ane
the bitreplaces original bloCh
2" with 57
plaintext block replace
with 48"bit from 32-bits to
48

bit of original plaintext message of original plainten

Table 3.3.1 : shownin Table 3331.
Initial permutation
Plaintext block
(64 bits)
48 57 59 63 43 64
47 42 106 4 11 13 18
(T
fro
20s 16 | 19 32 1
25 27
3 23 29 30 31
347
This process called jugglery
of bit position of plaintext
original plaintext blocks block which is applied to al
in a sequence.
After initial permutation the
64-bit plaintext block get divided
(32-bit) and RPT (32-bit). into two halves LPT
:
Fig. 3.3.3 E
Now 16 rounds of encryption process were
completed on LPT and RPT. During this pr

3.3.4 Rounds Fig. 3.3.3.

Q. 3,3.6 Explain 16 Rounds of DES in details. From Fig. 3.3

(Ref. sec. 3.3.4) 48-bit key E
Q. 3.3.7 Explain permutation and substitution steps in
DES.(Ref. sec. 3.3.4) operation is
Before discussing about DES rounds let us
know about key discarding process.
Step 1 : Key discarding proces
Step 3 : S-box s
S-box subst
We know that 56-bit key is used during encryptjon process. 48-bit whic
Here 56-bit key 3
transformed into 48-bit key by discarding every
8bit of initial key ie. &", 16", 32 .. S-box perfe
From this 56-bit key a different 48-bit sub-key is generated during
each round the process The substi
called key transformation. input for E
then comt

Scanned by CamScanner
etric Key
Cryptogra
graphy
Crypt. & Sys.
Security (MU-Sem. 6-Comp)
3-13
Symmetric Key Cryptography
Step 2:Expansion permutation process
f original
plaintext As shown in Fig.
3.3.3 general steps
Plaintext (LPT) and of DES, we had two 32-bit plaintext
original 32-bit Right Plaintext (RPT). called as Left
nin plaintex from 32-bits to 48-bits In step 2 Right Plaintext
Table3.3.1. the process called as expansion is expanded
permutation.
LPT (32- bits)
RPT (32 -bits)

32- bit
Expansion pemutaton

46- bit key

generator 48- bit
K48-G (0,K58)
(The key for 'each - bit
|48
round is generated
from intial 58 -bit key) S-Box substitution
32- bit
P-Box permutation
32 - bit
plied to all
32- bit |32- bit
LPT RPT
alves LPT
Fig. 3.3.3 : Expansion Permutation (Details steps of Single
Round of DES Algorithm)
During this process bits are permuted hence called as expansion
permutation shown in
Fig. 3.3.3.
From Fig. 3.3.3 it is clear that 32-bits of RPT get expanded to
48-bit which is XORed
with
48-bit key generated during key discarding process. The
resulting output of XOR
operation is given to next step called as S-box substitution.

Step 3 : S-box substitution

S-box substitution is the process which accepts 48-bit key and expanded
right plaintext of
48-bit which get XORed and produces 32-bit output as shown Fig.
in 3.3.4.
y is
S-box performs just jugglery on each bit positions and produces compressed bits.

The substitution performed using 8 substitution boxes the reason called as

cess S-boxes. The
input for each S-box is 6-bit which produces output of 4-bit each.
The output of S-box is
then combined to form 32-bit block.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. Symmetric Key CrYptograpi,
6-Comp) 3-14

RPT (32 - bit)

Expansion 48 - bit key

XOR
RPT (48 -bit)

Ss S
S S S5
Sboxes S

Permutation

32-bits output
S box substitution
Fig. 3.3,4

Step 4 : P-box permutation so that on the next

eight S-boxes is then permuted,
We know that the 32-bit output from as possible.
round the output from each S-box
immediately affects as many others
forward
The output of S-box is input to P-box in
which 32-bits are permuted using straight
mechanism i.e. replacement of each bit with another bit in the specified table
permutation
called as P-box permutation.
Step 5: XOR and swapping
on 32-bit right plaintext only left plaintext
Till this step we have performed all operations
was not touched yet. Recall step 2 as given in Fig. 3.3.4 detail steps of each round, outpul
produced by P-box permutation get XOR with the left plaintext (32-bi) to produce the
new 32-bit right plaintext.

t is quite obvious that output of XOR operation becomes new right plaintext and the old
right plaintext becomes new left plaintext, the complete process is called
as XOR and
swapping operations.

Scanned by CamScanner
 Symmetric
Key
Grypiograph.

Cypt. & Sys.

Security (MU-Sem.
6-Comp) 3-15
3.3.5 Final Permutatlon Symmetric Key Cryptography

The last operation a

data cncryption standard
RPT produced from is a
XOR and swapping process. permutation of 32-bit LPT and
successful completion Final permutation was 32-bit
of 16 rounds. performed after
For example
:7" bit of the input bit takes
bit takes the position 4 the position of second
of output bit and so on. bit-and so on.
Table 3.3.2 shows 40" input
Table 3.3.2 : Final final permutation.
permutation
16 07 20 40 21 29 64 32 39 47
34 38 55 23 63 31
6 46 14 22 60 30 37 45 5 13
29 36 3 53 22 21
44 12 20 3
52 28 26
17 57 10 9 19
25 50 18 27
2 1
33 56
32 44 1653
Inverse of initial permutation 24 15 59
is also called final
encrypted block. In permutation. This
this way all the plaintext produces 64-bit
steps on it order get cncrypted
in to produced encrypted by performing broad level
ciphertext.
3.3.6 Strength of DES
Bo
that on the next 1.The DES encryption
technique ideally
possible. suited for implementation
lookups etc.). of hardware (bit
shifts,
g
straight forward 2. It makes Brute
force attack impractical
as DES uses
e specified table possible key combinátions 56-bit keys so
which make Brute that there are
3.
Force attack impractical. 2
Dedicated hardware
could run DES at
200 M byte/s.
4. Technique well
suited for voice,
y left plaintext video encryption.
5. DES uses S6-bit
keys so that there are
round, output equal to 7.2 x 10"° 2° possible key combinations
keys required to which is roughly
produce the break DES cipher.
0. A machine performing
one DES
thousand year encryption per microsecond
to break the cipher. would take more
and the old than a
7. Ifa small
s XOR and change in either
plaintext or the
key, the ciphertext
should change
markedly.

Scanned by CamScanner
 Crypt.
&Sys.
3.3.7 Security
Weakness (MU-Som,
6-Comp)
1. InDES
Trying 3-16
2 all possible
In an cxhaustivc combination Symmetric
after Key
3 2i.e.3.6029search known of2"possible Cpg
If youspend x 10 trials plaintext keys is not Crypt. &
Sys. Ser

onan
attack, that much
4. TWo $25Kyou average. the hardthese
chosen can cryptanalyst days,
5. input build will obtain
The to an DES password the
purpose S-boxcan solstir,
Triple DES
crackers 3.3.9
ofinitial create that will successes
andfinal thesame
permutation output. infew a. 3.3.10 Explair
isnotclear. a. 3.3.11 Write s
3.3.8 Syllabus
Topic : Double
Double Triple DES per
DES DES uses three keys
Q.3.3.8 Explain
Double First it perfor
Q. 3.3.9 DES.
(Ref.sec, 3,3.8)
Write short ciphertext agair
note
on:Multiple the second cip
Double performs DES. (Ref.
sec.3.3.8)
the same operation ciphertext Cp.
keys K1 and as DES
K2. only difference
is that double DES use Mathematically
First it perform txo
encryption on Pt»EK1Pt) =
ciphertext again plaintext which is encrypted
this ciphertext
into final ciphertext. is encrypted by
using another
using K1 obtains finst » Cp= EK3 (E
key called K2
Mathematically and convertet Where
Double DES is
represented as
Pt EKI(Pt)
TEMP =
EK1(P) EK2(E(K1(P))
Where Cp= EK2E(KI(P)
Pt = Plaintext
EK1(P) = Encrypted E
plaintext with Key
Ki Cp = EK3
.TEMP = EK1Pt) =Temporary
Variable to store results
EK2(E(K1(P)) = Encrypted Decryption of
Results of first step using
K2 The final ciph
Cp = Final Ciphertext. which results
Decryption of Double DES is reverse ciphertext,
of Encryption. Whatever the ciphertext obtained f
after double DES encryption process get plaintext Pt.
decrypted using K2 and obtain
ciphertext, the result of previous step the firs
(ciphertext) decrypted using K1 which To decrypt
yields the
original plaintext. To decrypt the cipher text th
Cp and obtain the plain text Pt Double DES operation.
need to perform the following operation.
Pt = DK2(DK1(Cp))

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 3-17 Symmetric Key Cryptography

Syllabus Toplc : Triple DES

3.3.9 Trlple DES

Q. 3.3.10Explain Triple DES.(Ref. sec. 3.3.9)

a.3.3.11 Write short note on:Multiple DES.(Ref. sec. 3.3.9)

Triple DES perforns the same operation as double DES only diference is that triple DES
uses three keys K1, K2 and K3 while
encrypting plaintext.

First it perform encryption on plaintext which is encrypted using K1 obtains first

ciphertext again this ciphertext is encrypted by using another key called K2 which obtains
the second ciphertext which is again encrypted using K3 and converted into final
ciphertext Cp.

Mathematically, Double DES is represented as,

=
Pt>EK1P) TEMP EK1(P) EK2E(K1(P) =EK3 (EK2(EK1(P)))

Cp= EK3 (EK2(EKI(P))

Where Pt = Plaintext

EKI(PI) = Encrypted plaintext with Key K1

TEMP = EK1(P) =Temporary Variable to store results

EK2E(KIP)) = Encrypted Results of first ciphertext using K2

EK3 (EK2(EK1(P)) = Encrypted Results of second step using K2
Cp = EK3 (EK2(EKI(Pt)) Final ciphertext encrypted using K1, K2 and K3

Decryption of Triple DES is reverse of Encryption,

The final ciphertext obtained after Triple DES encryption process

get decrypted using K3
which results seond ciphertext, second ciphertext decrypted
using K2 which results first
ciphertext, first ciphertext again decrypted
using KI which generate the original
plaintext Pt.

To decrypt the cipher text Cp and obtain

the plain text Pt, we need to perform
following
operation.

Pt = DK3(DK2 (DKI(Cp)

Scanned by CamScanner
 P Cypt.
&Sys.
Security
(MU-Serm.
6-Comp)
Sylabus 3-18
3.4 Toplc:
Advance Advance
Symnetric
Encryption Encryption
Kay
Q.3.4.1 Standard C

Writeworking Standard (AES)

3.4.2 (AES) Sys. Se

Draw ofAES algorithm Cypt. &

Q.3.4.3. AES block

How diagram indetal.
AES Encryption and ex0lain (Ref. sec. 3.4.3 AES Enc
thesolution. the steps 34) The plaintext
3.4.1 (Ret,sec.does not solve any
indetail.
(Ret,see
Introduction 3.4)E integrity
problem ?
Therefore, th
to AES if not what wil 4x4 matrix
The Advanced AES operate
Encryption shown in Fig
algorithm Standard
is 32 bits,
published (AES
December by National Institute Algorithm) is a Symmetric Fig. 3.4.1.
2001. key cryptograbic
for Standards
and Technology
The algorithm (NIST)
was proposed by i
algorithm.Advance Rijndael the reason Round ke
encryption standard also called
is a replacement Rijndael encrypta
3.4.2 Sllent of data encryption standard.
Features of AES
The AES algorithm
is a subset of the Rijndael Roundk
that it operates on an algorithm and a
input block of data is block cipher, meaning
of a known size and outputs
which is the same size. a block of data

An input key is also required as Round

inputo the AES algorithm. It allows the
text size) of 128, 192 and data length (plain
256 bits, and supporting three different
key lengths, 128, 192,
and 256 bits.
The AES algorithm is a symmetric key nu
algorithm which means the same key is used to
The
both encrypt and decrypt a message. mentic
Also, the cipher text produced by the AES algorithm key is
is the same size as the plain text
state
message.
for nu
AES consists of multiple rounds for processing different key bits like 10 rounds for
AES
processing 128 - bit keys, 12 rounds for processing 192 - bit keys, and 14 rounds far
array
-
processing 256 bit keys. Seve

wis

Scanned by CamScanner
 Coypt. & Sys. Securty (MU-Sem. 6-Comp) Symmetric Key Coyptography
3-19

3,4.3 AESEncryptlon and Decryptlon Process

The plaintext given is divided into 128-bit block as consisting of a 4 x4 matrix of bytes.
Therefore, the first four bytes of a 128-bit input block occupy the first column in the
4x4 matrix of bytes. The next four bytes occupy the second column, and so On.
ABS operates on a 4 x 4 column-major order matrix of bytes; called as state array
shown in Fig. 3.4.3. AES also has the notion of a word. A.
word consists of four bytes that
is 32 bits. The overall structure of AES encryption and decryption process is shown in
Fig. 3.4.1.

Plaintext(128-bit) Plaintext(128-bit)

Add round key Round Add round key Final Round

Round key Round key
InvsubBytes
InvshiftRows
SubBytes
ShiftRows Repeat
Nr-1
Mixcolumns Bound InvMixcolurmns
Add round key Add'round key Repeat
Round key Nr-1
InvsubBytes Bound
SubBytes InvShiftRows
Round key
ShiftRows Final round
Add round key Add round
Round key keyRound

Cipher text (128-bit) Cipher text (128-bit)

Fig. 3.4.1: AES Encryption and Decryption process

The numbers of rounds are 10, for the case when the encryption key is 128 bit long. (As
mentioned earlier, the numbers of rounds are 12 when the key is 192 bits
and 14 when the
key is 256.) Before any round-based processing for encryption can
begin each byte of the
state (plaintext) is combined with the round
ky using bitwise XOR operation. Nr stands
for number of rounds.

AES divide plaintext into 16 byte (128-bit)

blocks, and treats each block as a 4 x4 State
arays as shown in Fig. 3.4.3. It then performs four operations -in each
round consists of
Several processing steps
like substitution step, a row-wise permutation step,
wise mixing step, and the addition
a.column
of the round key. Except for the last round
in each case,

Scanned by CamScanner
C? Crypt. & Sys. Security (MU-Sem. 6-Comp) 3-20 Symmetric Key Gryptography

all other rounds are identical. Final Round doesn't have (MixColumns) it incilues ony
SubBytes, ShiftRows and AddRoundKey.
plaintext using same
The process of transforming the cipher text back into the original
process the set
decryption
encryption key is called as decryption process of AES, during

of rounds are reversed.

3.4.4 Detall Steps for AES Encryption

:
following four steps
For encryption, each round consists of the

(1) SubBytes

(2) ShiftRows

(3) MixColumns, and

(4) AddRoundKey

step/Substitute byte as
1. The SubByte fixed S-box lookup table
replacement of each byte using a
SubBytes) consists of state array (16 byte). It
into the 4 x4
to achieve non-linearity
shown in Fig. 3.4.2
same function as the S- BOX in DES.
performs roughly the the
performs a non-linear substitution in
on each byte in the state and
It operates
makes AES a non-linear cryptographic
Galios Filed GF (2) field,
which is what

system. apply
transformation using SubBytes techniques
and if
Fig. 3.4.3 shows the state
create original values.
reverse called as InvSubBytes transformation which will

every same two byte value the resulting transformation is also same. It also shows
For
one.
that the InvSubBytes transformation creates the original
values, their transformation also
same is the same:
Note that if the two bytes have the
The corresponding substitution step used during decryption is called InvSubBytes.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 3-21 Symmetric Key Cryptography

1
0 2 3 4 5 6 7 8 a
b C e
0 63 7c 77 7b F2 6b 6f C5 30 67 26 Fe D7| Ab76
1
ca 82 C9| 7d Fa 5947| FO Ad D4
A2|Af9c A4 72 CO
2 b7 Fd 93 26 36 3f F7 Cc ES F1 |71 D8 31 15
34|A5
4 C7 23 C3 18 96 5 9a 7 12 80 E2 Eb 27 B2|75
4
9 83 2c la 1b |6e 5a A052|3b D6 | B3| 29 E3 2f 84
5 53 DI0 Ed| 20 Fc B1 5b 6a Cb Be 39 4a 4c 58 Cf
6 DO Ef A8
Aa Fb |434d.33 85 45 F92 7f 50 3c 9f
7 51 A3
408f 929d38 Da 21 D2
X
F5 BcB6 10 Ff
8 Cd 0c 13 Ec 5f97 44 17 | C4| A7 7e 3d 64 5d 19 73
9 6081 4f Dc
222a 90 8846 Ee B8 Be Db
14 5e 0b
EO32 3a0a 49 6 24 5c C2| D3
Ac62 91 95 E4 79
b E7 C837 6d | 8b D5| 4e
A96c 56 | F4 Ea65 7a Ae 8
C Ba 78 25 2e lc A6 B4 C6 | E8| Dd 74 1f 4b Bd 8b 8a
d 70 3e B566483 F6 Oe 61 35 57 B9 86 ld 9e
C1

e E1 F8 98 11 69 D9 8e
94 9b le 87 B9 Ce 55 28 Df
f 8c A1| 89 Od bf B6 42 68 41 99 2d Of BO
54 | bb 16
Fig. 3.4.2:S-Box Lookup table for SubBytes

SubByte.

10 21 CO 81 CA FD BA 0C

05 07 01 25
State Array 60 byte(128-bit) 86B C5 7C 3F
27 12 19 21 blocks
8CC C9 D4 FD
15 27 30 35
59 CC o04 98
8,
IrvSubByte

Fig. 3.4.3 : SubByte transformation

Scanned by CamScanner
 Crypt.
&Sys.
Security
2. ShiftRows (MU-Sem.
6-Cor
Comp)
3-22
Lue output Symmetric
which of the SubByte Key Gyptograr
consists transformation
matrix of rotation Sys. Securit
(rotation is innut to Crypt. &

Each ofrowbyteofeachbyteof the ShiftRows

byte of positions the state array ranSiotmation From Fig. 3.4
Over one the first row aredone in the order a row
remains inthisstep). of ofdata column of sta
byte to
rotatedleft the left position.unchanged. Each same operati
by two and byte of the second
The threeposition Similarly the third row columns).
Corresponding as shown and fourth rows is totate.
row transformation transformation inFig.3.4.4. ate als The 4 bytes
t

(InvShiftRows). during decryption process transformed

is called Inverse in Rijndael's
shit
source of diff
ShiftRow
930 FF|64 4. AddRoundKey
FFE 6025 co30| FF 64
In the Addi
121517EE4 FE60 25
F2 schedule is
AAFE| 84 |D7 7E|E412| 15 state.
D7
AA|FE| 84 The round ke
invShitRow operations.
Fig. 3.4.4 : ShiftRows when each t
transformation
3. MixColumns text as show

MixColumns performs 04 E0
operation on the state array
by-column and each column obtained from ShiftRows
is multiplied with row a columa 66 CB
four bytes as an input and of fixed matrix. This step takes
produces outputs 81
output bytes). of four bytes (cach input byte 19
affects the
The four numbers state arrays ES 9A
of of first column are modulo multiplied
Galios Filed (GF) by a given in Rijandeal's
matrix as shown in Fig.
along with ShiftRows are 3.4.5. In AES MixColumn step
primary source for The same
cipher produced. providing complete diffusion to he
ShiftRows
0203 o101 D4| EOB81E Except fo
0102 0301 BF
04EO4828 doesn't ha
B44127 B8cBF8 00
|0101o203 5D 521198 Finally ar
o3o101 02
8119D326
30|AEF1|F5 reverse
E59A|7A|40 r
Predefined matrix InvMixcc
State array New state
same enc
Fig. 3.45:MixColumns transformation

Scanned by CamScanner
 Cypt. & Sys. Security (MU-Sem. 6-Comp) 3-23 Symmetric Key Cryptography

From Fig. 3.4.5 on the left hand side, the row of the leftmost matrix is multiply with
column of state array (XOR operations) which produces the new state. Perform the
same operation on all columns which provides diffusion (mixing data within
columns).

The 4 bytes of each column in the State are treated as a 4-byte number and
transformed to another 4-byte number via finite field mathematics (modulo multiplied
in Rijndael's Galois Filed by a given matrix) as shown. MixColumns step is primary
source of diffusion in AES.

4. AddRoundKey

In the AddRoundKey step, the Round key one generated using Rijndael's key
schedule is combined with the new state obtained from MixColumns transformation
state.

The round key is added by combining each byte of the state array using bitwise
XOR
operations. The actual 'encryption' is performed in the AddRoundKey)
function,
when each byte of state array is XORed with the round key to produce
final cipher
text as shown in Fig. 3.4.6.

04 EO 48 28 A0 | 88 23 2A A4 68 6B 02
66 CB F8 06XOR FA 54 A3 6C 9C 9F 5B6A
81 19 | D3 26 FE 2C| 39 76 7F35 EA 50
ES 9A |7A 4C 17 B1 | 39 05 F2 2B 43 49
Fig. 3.4.6 :AddRoundKey

The same process of AddRoundKey

is applied for nine rounds
ShiftRows, MixColumns step
i.e Repeat SubByte,
and XOR with Round key 9 more
times.
Except for the last round
in each case, all other rounds are
doesn't identical.. Final Round
have MixColumns step
it includes only SubBytes,
ShiftRows and RoundKey.
Finally an output cipher
text will obtain
reverse
after performing
detail steps
rounds are applied of AES. A set of
(i.e. InvShiftRows,
InvMixcolumns) to InvSubBytes, AddRoundKey
transform cipher
téxt back
and
same encryption into the original plaintext
key called Decryption process using the
of AES as shown in
Fig. 3.4.1.

Scanned by CamScanner
 Crypt. &
Sys. Security
(MU-Sem.
3.4.5 AES 6-Comp)
3-24
Decryptlon Symmetric Key
Cryptography
Crypt. & Sys.
Decryption occurs
InvShiftRows through
the function AddRoundKey
0,InvSubBytes Ex. 3.4.1
inverse function,
as it
(), InvMixColumns ). plus the inverse AES
function, AES encryption
c
once, and simply XORs ) and AddRoundKey ) does not
decrypts when the state with the require an Soln. :
applied again). subkey (XOR encrypts when
applied We aware
3.4.5(A) Difference
between Data Encrvpion combinations, sh
Encryption Standard Standard (DES)
(AES) and Advance Data key during encrg
Q. 3.4.4 Compare AES and into some temp
DES. (Ret. sec, 3.4.5A) permutation and
Sr. No.
DES what will be the
1. AES
Data encryption standard takes when sender se
64-bit It allows the data length
plaintext as a input and creates (plain text size)
64-bit of 128, 192 and 256 bits. cryptanalyst abl
Ciphertext i.e. it encrypts
data in block message get mor
of size 64-bits per block.
2 does not solve i
In DES plaintext message is divided AES divide plaintext into 16 byte
into size 64-bits block each and
(128-bit) blocks, and treats each block
encrypted using 56-bit key at the initial as a 4 X4
State array and supporting
level. three different key lengths, 128, 192, 3.5 RC5 A
and 256 bits.
3. The left plaintext and right plaintext The number of rounds are 10, is for the RCS is a sy
goes through 16 rounds case when the encryption
of encryption key is 128 bit
process along with 16 different notable for bei
keys for long. (As mentioned earlier, the number
each rounds. of rounds is 12 when the key is 192 bits XOR, shift, etc
and 14 when the key is 256.) Example
4. DES uses 56-bit keys so that there are AES
is stronger than DES because of
possible key combinations which is key size vary Key.:00 C
from round to round.
roughly equal to 7.2 x× 10° keys
required to break DES cipher. Plain Tex
5. Different versions of DES are double AES doesn't Cipher Te
have any future version.
DES and triple DES is added.
RCS is a
6. DES doesn't use Mix Column,
Shift AES uses Mix Column, Shift Rows text block
Rows method during encryption
and method
siz
during encryption and
each instance
decryption process. decryption process
7
DES, double DES and Triple DES (168- AES also are vulnerable to b=key size
bit key) are. vulnerable to brute force attacks.
brute foroo i
attacks.

Scanned by CamScanner
eyCryptography

lCrypt. & Sys. Security(MU-Sem. 6-Comp)

ABS 3-25
functions Ex. 3.4.1 Symmetric Key
Cryptography
notrequire AES encryption
an does not solve an integrity
when :
problem? What is the solution?
applied Soln.
We aware that
AES ehcrypt the
wance combinations, shift rows, plain text by applying
mixing columns, it plays different permutation
Data key during encryption process. jugglery with the input bits and uses
and
What if cryptanalyst stores 128 bit
into some temporary the results of every previous
variable and if he apply the same steps
permutation and combinations, technique used in AES i.e.
all possible
shifting rows and mixing
what will be the original message. columns cryptanalyst may clue that
So it violates the principle
when sender sending plaintext messages of integrity, meaning is that
in text size) to receiver and performing
cryptanalyst able to modify the contents the AES steps still
of original message, the get contents
message get modified before of original
it reaches to intended receipts then we say
that AES encryption
does not solve integrity problems. Only solution use
is that AES tool in efficient & secure way.
16 byte
each block Syllabus Topic : RC5 Algorithm
Bupporting
128, 192, 3.5 RC5 Algorithm

RCS is a symmetric key block encryption algorithm designed by Ron Rivest in 1994. It is
is for the
is 128'bit notable for being simple, fast (on account of using only primitive computer operations
like
number XOR, shift, etc.) and consumes less memory.
192 bits
Example
cause of Key.:00 00 00 00 00 00 00 00 000000 00 00 00 00 00
d.
Plain Text:00000000 00000000
Cipher Text:EBDBA521 6D8F4B15
jon. RCS is a block cipher and addresses two word blocks at a time. Depending on input plain
text block size, number of rounds and key size, various instances of RCS can be defined and
Rows
and cach instance is denoted as RCS- wrb where w= word size in bits, r = number of rounds and
b=key size in bytes.
force

Scanned by CamScanner
 Crypt. &
Sys. Security
(MU-Sem.
6-Comp)
Allowed 3-26
values are :
Symmetric
Key Cryptogr
Crypt. & Sys. Secur
Parameter
w
Possible Value For example, if
block/word
size (bits) u=328 = 4. c=
16, 32, 64
Number of Lis pre initialize
Rounds for i=b-1l to 0
0-255 Ljilu] (L[wi]<<<=
Key Size (bytes)
Nota: Since at a time, 0-255 Step-3: Initializing
RC5 uses 2 word blocks
theplain textblock Sub-key S of siz
Notation used size can be 32, 64 or 128 =
P
in the algorithm bits. s[oj
for i =I to 2(r+l)-1
| Symbol S) = S[i-1] + Q)
Operation Step 4 : Sub-key mi
x<<<y Cyclic left
shift of x
by y bits The RCS encry
the basis of user
Two's complement addition of words
where addition is modulo i=j=0
Bit wise Exclusive-OR A=B=0
do 3 max(t, c) times
Step 1 : Initialization of constants A= Si] = (S) +
P and Q.
RCS makes use of 2 magic constants B=Li] = (Li]
P and Q
whose value is defined by the word size w. i(+l) %1

Word Size (Bits) P (Hexadecimal)Q(Hexadecimal)

Step 5: Encryptio
16 b7e1 We divide the
9e37
32 b7e15163 9e3779b9
undergoing t
block.
64 b7e151628aed2a6b9e3779b97f4a7c15 RC5 Encryp
For any other word size, P and Q can be determined as : 1 One timne in
P Odd
(-2) respectively
Q0dd (0-2 2. XOR A anc
Here, Odd() is the odd integer nearest to x, e is the base of natural logarithms and is t 3. Cyclic left
golden ratio. 4. Add S2*i
Step 2: Converting secret key K from bytes to words. 5. XORB
wi
Secret key K of size b bytes is used to initialize array L consisting of c words wis
6. Cyclic
lef
ce bu, u= w/8 and w= word size used for that particular instance of RC5.

Scanned by CamScanner
Cryptography

Crypt. & Sys.

Security(MU-Sem.
6-Comp)
3-27
For example, we
if choose w = Symmotric
Key Cryptography
u= 32/8 = 4, c = 32 bits and Key
b/u =96/4 = 24. k is of size 96 bytes
then,
is pre initialized
L.

to 0 value before
fori=b-l to 0 adding secret
key K to it.
LEu] (LWi] <<<
8) + K1
Step -3 : Initializing
sub-key S.
Sub-key S of
size t= 2(r+1)
bits, is initialized using
sO) P
magic constants
for i = l to P and Q.
2(r+1)
S)= Si-] +0)
Step 4: Sub-key mixing.
The RC5 encryption algorithm uses
Sub key S. L is merely, a
the basis of user entered secret temporary array
key. Mix in user's secret formed on
i=j=0 key with S andL

=B0
A

do 3 max(t, e) times:
A= Sil= (Sil + A# B) <<<3
B= L1=(L] B)<<<(A+
+ A + B)

W.
i=i+1) %t
j=6+) %c
Step 5 : Encryption.
We divide the input plain text block into two registers A and B
each of size w bits. After
undergoing the encryption processes the result of A and B together forms the
cipher text
block.

RC5 Encryption Algorithm

1. One time initialization of plain text blocks A and B by adding S[0] and S[1] to A and B
respectively. These operations are mod
2. XORA and B. A = A ^B
3. Cyclic left shift new value of A by B bits.
4. Add S[2*;] to the output of previous step. This is the new value of A.
5. XOR with new value of A and store inB.
B

6. Cyclic left shift new value of B by A bits.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
3-28 Symmetric Key Cryptog

7. Add S[2*i + to the output of previous step. This is the new value,of B.
1]

8. Repeat entire procedure (except one time initiàlization) r times.

AA+S[0]
B=B.+S[1.
for i lto r do:

A=(A^ B) <<<B) + S2 *i]

B= (B^ A)<<<A) + S2*i+
return A,B

9. Alternatively, RCS Decryption can be defined as :

for i = down to l do:

B= (B-S2 *i+1) >>>A) ^ A

A= (A -s(2 *i]) >>>B) B

B= B-S]
A=A-S[O]
return A,B

Chapter Ed.

Scanned by CamScanner
 Symmetric

value_of
s. B.

CHAPTER
Module 2

4 Public Key Cryptography

Syllabus
Public key
cryptography :
The knapsack algorithm, Principles of public key cryptosystems
EIGamal Algorithm. The RSA algorithm,
Chapter
E
4.1 Public Key Cryptosystem
with Applications
Public key Cryptosystem also
called as asymmetric key Cryptography
or Public Key
Cryptography already discussed
in section 1.9.2. (Chapter
Two different keys are used during
encryption and decryption process
(one key for
encryption and second key used at
the time of decryption). RSA algorithm
is the best
example of asymmetric key cryptography as
shown in Fig. 4.1.1.
Private Key (only known
to owner).
Public Key(possibly known to
everyone).

Encryption
Plaintext Cipher text
public key e

Private key d
Cipher text
Decryption Plaintext

Fig. 4.1.1 : Asymmetric Key

Cryptography

Scanned by CamScanner
 Crypt.
& Sys.
Security
(MU-Sem.
6-Comp)
4-2
Public
-Publlc
key rtng
Sender

Alce public
2. Digital si
key ring
3. Key exch
PU
PUe Alice's prvata
key for conve
X
Transmítted PRa
cipher
Paln text txi
y= E(PUa,
Input X) xD(Pra, y)
X
Encryption algoithm Cipher Messagal
text Cipher sOurce
(e.g. RSA)
text Decryption algorithm Paln
Bob
tet
qutgut

Fig. 4.1.2(a) : Encryption Alice

It is easily configurable with Public Key

than secret key.

Sender

Bob's private Receiver

key Bob's public key
PRb

Transmitted
PUa
X 4.2
cipher text Publ
y= E(PRb, X) X= D(Pra, y).
Paln text
Cryptographic
input Encryptlon algorithm Cipher
Cipher
(e.g. RSA) text
text Decryption algorithm Pain text 1. It is com
Output
Bob (PR).
2

Alice It is com
(b) Encryption with generate
Fig. 4.1.2: Private Key
Public Key Cryptography
3. It is com
4.1.1 Applications for-
Public - Key Cryptosystem private k
Applications of public
key cryptosystem are
classified into three categories : 4.
1. Encryption/decryption : During It is co
this process the sender encrypts
receiver's public key. the message wiu determin
5.
It is coIE
plaintext

Scanned by CamScanner
blic Key
Cryplograph.

Crypt.
& Sys. Security
(MU-Sem.
6-Comp)
2. Digital signature 4-3
Receiver : During
this process Public
3. Key exchange the sender "signs" Cryptography Key

for conventional
: Both sender a message
and receiver cooperate with his private
encryption. to exchange a key.
Source A session key,
typically
Message Destinaton B
X Encrvpt
yption
sOurce Aloorit Encrvotion
gorithm
Pain text Algorithm Decryption
output Algorithm
Decryption X
|Algorithm Messane
desinatior

PUb
PRb

Key pai
SOurca

PU:
PRa

Key oar
sQurce

Receiver
Fig. 4.1,3
Syllabus Topic : Requirements
and Cryptanalysis

4.2 Public Key Requirements and Cryptanalysis

Cryptographic algorithm is based on two related

key one is diffie and second is Hell man.
1.
n
text
It is computationally easy for receiver B to generate a key pair
(public (PU) and private
tput. (PR).
2. It is computationally easy for sender A knowing PUb and the message
to be encrypted to
generate the corresponding ciphertext Cp = EnPUb (Pt).
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext
using his
private key (PRb) to recover the original message.

Pt = DrPRb (Cp)= DrPRb EnPUb (P)].

4. It is computationally infeasible for a .cryptanalyst, knowing the public key PUb, to
determine the private key PRb.
th the
5. It is computationally infeasible for a cryptanalyst, knowing PUb and Cp to recover the
plaintext message Pt.

Scanned by CamScanner
 Crypt,
&Sys.
Security
6 (MU-Sem.&-Comp)
h
thebn requirement
encryption that, 44
although
anddecryption useful. Public
is not necessary Key Cry
can Cyptogr
4.2.1 Pt = EnPUb be applied for all public-key
Publlc [DrPRb ineither
(PU]= order: pplictic,
Key Cryptanalysis DrPUb
[EnPRb
Public (P))
key encryption
encryption. method
is accessible 4.3
to the brute
rublc Key systems force attack
with symmetis
Because
depend on
the use
of that of mathematic Q. 4.3
attack cannot the key size is
equation or some
work on larger enough tunction.
practical thelarge:size key. to avoid brute
force
encryption Whenever key
attack i.e.
and decryption. brute Q. 4.3
size is small forc
When key that timeenough Q. 4.3
size is large fr
generating that time speed
for to make brute of encryption/decryption Ro
force attack are too Aldema
Public key encryption impractical. slow. This key is
plain te:
is bound to signature
Some other application
form of attack and management. The
some way is that if hacker
to calculate the has a public
private key using I. Sel
feasible for a key, but it that key hacker fnd
particular public is not conform 2
key algorithm. that this type Cor
Because it of attack is
is ñot mathematically 3. Cor
proven. any
SUspect. So given algorithm as
like RSA is work like 4. Sel
If problem is difficult 1<
from one angle can
at in an entirely multiple be found to S. Ca
ways.
This is the history
havea answer or solution
if lookd
There is some
style of attack
of cryptanalysis. 6. PuL
that is distinct
Suppose take one to public key system. 7. Co
example, a message
and attacker could has to be send C
encrypted possible that lie totally a
56 bit DES key of 56 bit DES key
encrypted key
by matching the using the public P
transmitted ciphertext. key and find the
In the public key scheme 8. Co
there is no matter
minimized to that the key length
brute force attack is how large, the attack P
on a 56 s
This attack can bit key.
be countered W
by fixing some
random bits to
such simple message. Be
encryp

Scanned by CamScanner
 Crypt. & Sys. Securty (MU-Sem. 6-Comp)
4-5 Public Kay Cryptography

Syllabus Toplc : The RSA Algorithm

4.3 RSA Algorlthm : Working, Key Length, Security

(MU - May 17)

Q.4.3.1 Briefly define idea behind RSA and also explain

(1) Give public key and private key,

(2) Describe security in this system. (Ref. sec. 4.3) May 17, 5 Marks
sec, 4.3)
Q. 4.3.2 Explain RSA Algorithm in Details along with suitable example. (Aef.

Q.4.33 Explain RSA algorithm used for public key cyptography. (Ref. sec. 4.)

Ron Rivest, Adi Shamir and Len Aldeman have developed this algorithm
(Rivest-Shamir
is a block-cipher which converts
Aldeman) in 1978. It is a public-key encryption algorithm. It
versa at receiver side.
plain text into cipher text at sender side and vice

The algorithm works as follows

a
Select two prime numbers a and b
1.
where #b.
the public and private keys)
Compute n = a *b (n is used the modulus for both
as
2.

3. Computeo(n) = (a-1) * (6- 1).

= I and
4
e
Select e (public key) such that, is
relatively prime to o(n) ie. gcd (e, on))

1<e<o(n).
5. Calculate d (private key) such that,d =emod o(n) or mod on) =1.
6. Public key = (e,n), private key = {d,n).

7. Computecipher textusing,

C=P°mod n where, P
<nwhere C= Ciphertext,

P=Plaintext, e = Encryption key

8. Compute Plaintext P using the given formula.

P=cd mod n.
Where, d = dècryption key.

Both sender and receiver know the value of n. In addition, the sender must know
encryption key 'e' and receiver must know decryption key'd'.

Scanned by CamScanner
2Crypt. & Sys. Security (MU-Sem. 6-Comp) 4-6
Public Key Gryptograh

T For example

1. Select two prime numbers a = 13, b=11.

2. n=a*b= 13 * 1l = 143.

3. on) = (13 - 1) * (11 - 1) = 12 * 10 = 120.

(n)) = 1 and|1<e<n) e;
4. Select e such
that, e is relatively prime to n)
i.e. gcd (e,
selected as 13, gcd (13, 120) = 1.

5. Finding d

e*d mod (n) = 1; 13 * d mod 120 = 1

procedure till you are not

geting
method. Do the following
d is calculated using following
a integer numbers
(Oo) *) +1
d = e
(120 +
d.= )_=9.30
13
(i= 1)

where,
i ='1to 100
240 + 1_24118.53
= (i=2)
13 13
+ 1
360 361
13
= 13=27.76 (i=3)
480 +1 481
d = = 13 =37
13

Hence. d = 37
= and
6. Hence public key (13, 143)
Private key = (37, 143)

7. Encryption
Plain text message (P) which is in binary format converted into integer.
Here P is
selected as 13 such that P <n
: (13< 143)

Now C = Pmod n = 13 mod 143

Here to find out 13 mod 143, use the following procedure

13 mod 143 = 13

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
4-7 Public Key Cryptography

13 mod l143 = 169 mod 143= 26

13* mod 143 = 26 mod 143 = 104

13 mod 143 = 104 mod 143 =91

i. C= [(13° mod 143) *(13° mod 143)*(13 mod 143)] mod 143

= [91 * 104 *13] mod 143 = 52

8. Decryption

To decrypt given plain text message we must know the C and d.

P = Cmod n= 52 mod 143

Again use above mentioned procedure to find out 52 mod 143. As

52 mod 143 = 52
52 mod 143 = 130

52* mod 143 = (130) mod 143 = 26

= (26)' mod 143 = 104

52 mod 143
52 mod 143 = (104)´ mod 143 =91
52 mod. 143 = (91)' mod 143 = 130

mod 143
Hence, P= 52

= [(52 mod 143) * (52 mod 143) * (52 mod 143)] mod 143

=[130 * 26 * 52] mod 143 = 13

4.3.1 Computational Aspects

Computational Aspects

There are two main issues arises in complexity of the computation we can see that one by
one. At the first we see the process of encryption and decryption.

4.3.1(A) Exponentiatlon in Modular Arlthmetlc

In RSA, both encryption and decryption method, integer can increased as power
and mod
n. Le. [(p mod n) x (q mod n)] mod n
=(p Xq) modn so the given equation say's that, we can
reduced the result using modulo n. This calculation we can
do practically.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Public Key Cryptograph,
4-8

Main consideration is the efficiency of that exponentiation. Because when we

an OA
algorithm at the time of large exponents that time efficiency might be increases.
We can take one example of exponentiation. Let's compute x15.
we required 14 multiplications as i
As per regular or straight forward approach
X

X = XXXXXXxX*XxX XxXxXxX
We can find same result using only four multiplication i.e. (*)(x) )*)
(*

In this method we can take square of each partial result. n.

x
and
x7 In
mod 1 for some integers
Another example is Suppose we want to calculate
We can compute that value is as follow :

mod n and then calculate

we n, (<) modn, (x)
In the above case calculate that (x) mod

n
[(x mod n) x (x´ mod n) x (x° mod n)] mod a
we want to find the
as a mathematical way as if their is
: value 'a'
So we can define that
power x i.e. a.
n
X = 2i=a mod
x0
4.3.1(B) Efficient Operation using
the Public Key
key, because
we can increases the speed of the operations using public
In RSA algorithn
a choice called as 'e'.
of that it create particular the choice is
common choices are used for the value of e' that is
Almost all
are the popular common choices.
65537 (216+ 1)and the choice 3 and 17
to
choices has only two 1
bits because of that it requires minimum multiplications
These
find the exponentiations
a
When we use very small public key like
e = 3. So RSA algorithm becomes accessible to
simple attack.
are uses the value e =3
Let's take one example having 3 different RSA users. That 3 users
in this RSA algorithm. But they have different value for 'n' cach have unique value called
as (N1, N2, N3). If user x sends the encrypted message M to all three users, then it creates
3 cipher texts that are as follows :
Ct1 = M3 mod N1

Scanned by CamScanner
 Public
Key
Cryptography
se when
we usse
ncreases. theRSA
Crypt.&
Sys. Security
(MU-Sem.6-Comp)
4-9
iplications C2 =
as : M3 mod n2 Public Key Cryptography
Ct3 = M3
mod N3
Where, N1,
N2, N3 are pair
Chinese Reminder wise relatively
prime.
Theorem (CRT) says
CRT. that, for computing
M3 mod (NI, N2,
ntegers X Using the Rules N3) we use
andn. represented as
of RSA algorithm:
Message M is
M3< N1, N2, N3. less that each
of the Ni, that is
Attacker can easily
find or decrypt the message
to find the cube root like in above example
of M3. So he can directly attacker only need
d then calculate In this attack, padding find or decrypt
that message easily.
is done that means adds a
every instance message it unique pseudo-random
of M. for the encryption. bit string. For
want to In RSA algorithm, when
find the a key generation process is
value ofe that becomes done that time user need to
relatively prime to selects the
(n)
If value of e is selected and then prime p
andq are generated.
We can find the gcd (o(n),e)
is # 1 then user can
generate a new p, q pair. discard the p, q values and
they can

4.3.1(C) Efflclent Operatlon

using the Private Key
c key, because At the time of operation we choose a
constant value called as
constant value d is small value, 'd'. When we use that
that does not give the efficient result.
he choice is When we choosea small value of d
that is accessible to a brute-force attack,
forms of cryptanalysis. and also other

So there is one way to speed up the computation

plications to that is use of CRT. CRT is Chinese
remainder theorem, in that if we want to
calculate the value M= cd mod n
intermediate result is as follows : it gives
essible to a X, = Cmod p
= C" mod a
X
walue e =3
Where, p and q are the relatively prime numbers.
elue called -
= Cmod p = cd mod (p
1)

creates X mod p
it
X, = C'mod q = Cmod (q- mod a

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 4-10 Public Key Cryptograçh,

So quantities of d mod (p - 1) and also d mod (q - 1) can be calculated

first when we
n directly.
check the end result that result is four time faster evaluates than M= Cmod

4.3.1(D) Key Generation

(MU - May15)

Q.4,3.4 Elaborae the stepsof key generation using ASA algoritin

May 16, 5 Marks
Ref. sec. 4.3.1D)
This procedure
a pair of keys.
In the public key cryptosystem each user need to create
:
involves the following tasks
q.
(1) Finding two prime numbers called p and

(2) Select the e ord for calculating the other.

prime numbers.
we want to select
p
and
q
where
p
and q are the relatively
First
sufficient large set means we

are might be
When we choose the prime numbers that
choose p and q as large numbers. number.
no any useful technique that finds the large prime
At the present there is is to pick the
random
large prime number
which we used for finding
So general procedure prime or not if that number is
whether that number is
an odd number and test that number
number until one is
found
next random number and check that
not prime then choose the
that tests are prime.
popular algorithm is used for finding the prime number
For example : One efficient and
Algorithm"
that is "Miller-Robin
given number is prime or not, if integer n is
In this algorithm, the procedure for testing the

prime to perform the calculation

we want to n and randomly chosen integera.
n
Ifn "Fails" the test that means is not prime.
or
Ifn passes" the test, then may be prime not prime.
n

But if n passes many tests with different randomly chosen values for a
Then we can say's that the value of n is exactly prime number.
In short,
(1) Cho0se an odd value orn at randomly.

(2) Choose an integer a <nat randomly.

Scanned by CamScanner
 2 Crypt. & Sys. Security (MU-Sem.
6-Comp) 4-11 Public Key Cryptography

(3) Perform the primary test using Miller-Rabin Algorithm. If n fails the test, then discard
the value of n and go to step 1

(4) Ifnhas passed the number of tests which are sufficient to decide the prime number
then accept n; otherwise go to the step 2.

When we find the prime numbers Le. p and q that tme process of key generation iS

completed by selecting a value of e and computing d or vice versa.

4.3.1(E) The Security of RSA

There are four possible attacks on RSA as follows':

1. Brute force atack: Hacker tries all possible private keys.

: Hackers attacks on n ie. tries to factorize the product of two
Z. Mathematical attacks
prime numbers.
3. Timing attacks : It totally depends on running time of decryption algorjthm.
on the properties of RSA algorithm.
4. Chosen Ciphertext attack: Hacker tries to attack

4.3.2 Solved Examples on RSA Algorlthm

Ex, 4.3.1
Prime number p = 3, q = 11, e=3, m = 00111011 (m-message) then calculate private key d
and cipher text C.

Soln. :

Use RSA Algorithm (Refer Section 4.3]

Step 1 : Prime numbers p=3, q=11

:
Step 2 n=p*q= 33
-
Step 3: n) = (p-1) * (q- 1)=(3-1) * (11 1)
= 2* 10= 20

Step 4: Select e such that it is relatively prime to (n) i.e. gcd(e, o (n)) = 1

god (e, 20) =

1

god (3, 20) = 1

e = 3 is given.
Step 5: Calculated such that
e
d= mod o (n)

Scanned by CamScanner
 pl Crypt. & Sys. Security
(MU-Sem. 6-Comp) Public Key Gryptogra
4-12

ed mod (n) = 1

3* d mod 20 = 1

(O(n) * ) +1
d =
e

Find d such that it is divisible by e.

Where i = 1to 9

d=
20x)+l_
3
0x)+1=7
3

d = 7

Step 6: Public key = {e, n} = (3, 33}

Private key = {d, n) = (7, 33}

text message for given plain text message.
Step 7: Calculate cipher
00111011 which can be written as 59
message given in binary
Plain text
conversion
Binary to decimal

0011101159 (P=59)
n
where P<n=59 mod 33
c = P mod

= (59mod 331 * (59 mod 33] mod 33

33
= 3481 mod 33 * [59 mod 33] mod
mod 33
c = [16 *26]
c = 20
Calculate plain text message.
Step 8:
P.= cmod n 20' mod 33
=

33] mod 33
P = (20* mod 33] * [20° mod
33] *
[20 mod 33] * [20 mod 33] * (20 mod
[20' mod 33] mod 33
*
= [400 mod 33] * [400 mod 33] * [400mod 33]
[20 mod 33] mod 33
= (4]* [4] * [4] * [20] mod 33 = 1280 mod 33

P= 26

Scanned by CamScanner
 2 Crypt. & Sys. Security (MU-Sem. 6-Comp) Public Kay CryptographyY
4-13

Ex. 4.3.2

Calculate cipher text using RSA algorithm glven data as follows: Prime numbers p, q as 7, 1

respectively and plain text message is to be send is 10.

Soln.: By using RSA Algorithm : [Refer Section 4.3 ]
Step 1: Prime numbers are 7 and 17 a=7, b= 17
Step 2: n=a*b=7*17=119.
Step 3: On) = (a-1) *(b-1) = (7-1)* (17-1)

=6* 16= 96
Step 4: Select e such that it is relatively prime to (n) i.c. ged(e, n))=1
If we select s then it is not relatively prime p 96 because
3,= 1*3
96 = 2* 2
*2*2*2 *3
gcd must be 1.

We selecte as 5 (gcd must be 1)

5 = 1*5'.
god (5,96) = 1

Step 5: Calculated such that

d = e
mod (n)

ed mod o (n) = 1

5 *d mod 96 = 1

Using RSA algorithm

d =

where i =1 to 9= -194.

d must be completely divisible by e'.

+ 1
(96 *2) =
38.66)+1
5• =57.8

d= 77

Scanned by CamScanner
 Crypt.
&Sys.
Security
Step (MU-Sem.
6: 6-Comp)
Public 4-14
key =
(c,n) = Public
Private (5, 119) KeyCryplo
Step
7: key= (d,
Calculate n) (77, 119)
cipher text
message
2Cypt. &
Sy
Plain text for given plain
denoted as text message m=
p = 10 10. Step 5: Ca
c = (m denoted as
Itcanbe represented p mod n =10 p)
mod 119
as
10 mod 119 =
[10 mod 119) *
[10 mod 119]
mod l19
[1000mod 119]
= 100000 * [100 mod 119]
mod 119
mod 119
C

Step 8: 40
Now calculate
plain text required
40 to the receiver P at the time
then receiver can of decryption. Once sender
calculate plain se
P = c mod n = 40" mod 119 textp.
Now represent 40
mod 119 as mention
Because decryption process above it will
results p as 10. Step
always yields 6: Pu
.:. original message
P 40 mod =
/plain text Privat
119 10
P= 10 Step 7: Ca
Ex. 4.3.3.
Calculate cipher text
using RSA algorithm
Prime numbers given data is as
follows :
P, as 13, 17 and
Q

the plain text to be

Soln. : send is 12. Assume public
key e as 19
Using RSA Algorithm
[Refer Section 4.3]
Step 1 :
P and Q denoted as a
and b in our Algorithm
a = 13,
b=17
Step
Step 2: n=a*b= 13 * 17=221. 8: S
Step 3 : On) = (a-1) *
(b- 1) = (13 - 1) *
te
(17-1)
= 12 * 16= 192
Step 4: Select e such that This yiel
it is relatively prime to
(n) e is given as 19.

Scanned by CamScanner
 Crypt. Cryptography
&
Sys. Security (MU-Sem. 6-Comp) Public Kay
4-15

Step 5: Calculate d such that,

d = e'mod (n) e mod (n) =1
(Oa) *i) +1
d = where i =1 to 9
(192* 2)
+1 =20.2
1)+10.1 = (192 *

19 19
(192 *3) +1 (192 *4) +1
19 =30.3 = 19
= 40.4
(192 * 5) +1 = 50.5 = (192* 6)t60.6
19 19

(192 *7) +
l (192 * 8) +
-80.8
=70.7=
19 19

(192 *9) +1
19 =91

d = 91

Step 6: Public key = {e, n) = {19, 221}

Private key = (d, n} = (91, 221)

message 12.
Step 7: Calculate cipher textc for given plain text
.. mod n
c= p

1219 mod 221

(120 mod 221] *[12 mod 221] * [12 mod 221]

221] *
(12' mod 221] * [12 mod 221] *[12 mod
[12" mod 221] mod 221

= [207]* [207] * 207] * [183] mod 221

c= 81
to obtain original plain
Step 8: Send c = 181 to receiver as if required for decryption

text p.

P= cmod n =181 mod 221

This yields value of original plain text message i.e. 12

12
P=

Scanned by CamScanner
 Public Key Gryptogra
2 Crypt. & Sys. Security (MU-Sem. 6-Comp) 4-16

Ex. 4.3.4
as = 17.
In public key cryptosystem given N =
187 and encryption key (E) Find
a,
corresponding private key (D).
:
Soln.
RSA Algorithm (Refer Section 4.3]
=
we select a 17 and
Step 1: Select two large random prime numbers
a
and b.
if b =1

which results n = 187.

a 11 = 187.
n =
*b=17 *
=
Step 2: Calculate n) (a-1) (b-1)
= (17-1) (11 - 1)
= 16 * 10 = 160
(n). But it is giye
to (n) and less than
Step 3: Select e such that it is relatively prime
e = 17.
in problem statement that
: Calculate d such that,
Step 4
d = e
mod (n)

emod (n) = 1

(Oo) *i) +1
d= e
where i
=l to 20
(160 * ")+1_9A- (160 *2) +1=
18.8
17 17
(160 *3) +1 = = (160
* 4)
+1 =37.70
17 28,2
17
(160 * 5)
+1= 47.11 = (160 *6) +1
17 17
=56.52
(160*7) +1_660- (160 * 8) +1 =75.35
17 17
(160 *9) +1
17 '= 84.76
(160 * 12)+1
= 113
17

d = 113

Scanned by CamScanner
 Public
icKey Cryp
key (E) as =
17 lCrypt. Sys.
&
Find Security
(MU-Sem.
Ex, 4.3.5 6-Comp)
4-17
Usingthe
RSA algorithm Public Key Cryptography
e encrypt
select ) p=3, q= 11, the following :
a =
17 (i)
e7, M= 12
and p7, q= 11, e= 17,
b= r) Find the
corresponding
M= 25

Soln. : ds for () and (ii)

and decrypt
the cipher texts.
Use RSA Algorithm
) Consider p as
a and q as b as per
our notations
Step 1: Prime numbers for prime numbers.
a=3, b= 11
n (n). But
Step 2:
n=a*b=33
it is gives Step 3 : n) = (a - 1) * 1)
(b-
= (3- 1)
* (11- 1)
= 2* 10-20
Step 4 : Select e such that
it is relatively prime
gcd (e, 20) = to (n) i.e. gcd(e,
1 (n)) = I
gcd (7, 20) = 1

e=7is given.
Step 5: Calculate d such that
d = e
mod (n)

ed mod o (n) = 1

7* d mod 20 = 1

(On) *)+1
d= where i =1 to 100
e
Find d such that
it is divisible by e.
Consider
i=l you can continue till d will get integer value, Qn) = 20 and
d =
e=7
(20 *1) +1)/7=21/7 =3
d= 3

Step
6: Public key = {e, n} = (7, 33}
Private key={d, n) = {3,33}

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp) 4-18
:
Step 7 Calculatc cipher text message for given plain text messagd.
Plain text message given is M= 12 we consider M as i.e. P= 12
C = p'mod n where p<n
= 12' mod 33

C = 12

Step 8: Calculate plain text message.

P = mod n=12 mod 33

P= 12
we convert
When
plain text message into cipher text the corresponding ciphertext
j:
the same plain text.

() p=7, q=11, e=17, M=25

By using RSA Algorithm : (Refer Section 4.3]
Step 1: Prime numbers are 7 and 11 as per our notations a = 7, b=11
Step 2: n=a*b=7*11=77.
Step 3: On) = (a- 1) * (b- 1)

=(7-1) * (11 -1)=6* 10 =

60
Step 4: Select e such that it is relatively prime to
(n) i.e. gcd(e, o(n)=1
e is given as 17
gcd (17,60)
=1 (gcd must be 1)
Step 5: Calculate d such that
d = e! mod (n)
ed mod o (n) = 1

17* d mod = 1

Using RSA algorithm

d= (o) *i)+1
where i
e =1to 100
((60*1) +1) 17)
= 3.58
d mustbe
completely divisible
by 'e'.

Scanned by CamScanner
 Cypt. & Sys. Security (MU-Sem.
6-Comp)
4-19 Public Key Cryptography

= Ater putting value of i= 15 into above formula we got value or

= (60*15)
+1)/ 17) = 53
d = 53
Step 6: Public key =
{e, n} ={17, 77}
Private key = {d, n) =(53, 77)
Step 7: Calculate cipher text message for given
plain text message M=2>.
Plain text denoted as P = 25 (m denoted as
p)
C = P mod n
= 25" mod 77

It can be represented as

C= 9

Step 8: Now calculate plain text P required at the time decrvption. Once sender sends
of

to the receiver then receiver can calculate plain text p.

P= C mod n
= 9
mod 77
P = 25

Decryption process always yields original plain text message

.. P = 25

(iüi) Find the corresponding ds for (i) and (i) and decrypt the cipher texts
(iü) is d= 53 which will decrypt
Decryption key for question (i) is d =3 and for question
the message successfully.

-
Ex.
4,3.6 MU Dec. 15, 10 Marks
In
Calcülate
system the public key fe, n) of user A is definedas(7119). calculate
an RSA and otn)

pivate keyd. What is the cipher text When you enciypt

message m=10, using the publickey?

Soln. :
By using RSA Algorithm: Refer Section 4.3]
problem statement Public key (e, n) = (7,119) is given, means we don't néed to
In the

sclect e & n. if we select following prime numbers which results n= 119 as shown below.

Step 1: Prime numbers are 7 and 17 a=7, b=17

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 4-20 public
Key
y
:
Step 2 n=a*b=7* 17 = 119.
Step 3 :
(n) = (a- 1), (b– 1)
=
(7-1) * (17- 1) Becau
=6* 16= 96
Step 4: Select e such that it is relatively prime to (n) i.e. ged(e, O(n) = 1

E=7as per problem statement. Ex. 4.3.7

Step 5: Calculate d such that Performe
d = e e(encrypti
mod (n) :

Soln.
ed mod o (n) = 1

Usin
7*d mod 96 = 1
p=?
Using RSA algorithm
Step 1 :

d = ((n) *i) +1)/7 where i= 1 to 100 Step 2

:

= (96*1 + 1)/7.=13.85 Step 3:

d must be completely divisible by
e'.
= (96*2) + 1)/7= 21.57 Step 4:
= (96*3) + 1)/7 =
48.28
= (96*4) + 1)/7 =
55
d = 5S Step 5:
Step 6: Public key= {e, n} =
{7, 119}
Private key = {d, e
n) {55, 119}
Step 7: Calculate 7
cipher text message
for given plain text message
Plain text denoted as
p = 10 (m m = 10.
denoted as p)
C = P mod n
Fir
= 10' mod where,
119
= 10000000
mod 119
C = 73
Step 8: Now calculate
text P requiredplain
40 to the receiver
then receiver can at the time of decryption. Once sender
send

calculate plain
P = C0 mod n
=3 mod 119
text p. Step €
Now represent
40 mod
119 as mention
above it will
results p as 10.

Scanned by CamScanner
Key
Crypt
NPiogra

Crypt. &
Sys. Security
(MU-Sem,
6-Comp)
Because decryption 4-21
process
always yiclds Public Koy Cryptography
P= 7355 original message
mod 119 =
10 I plain text
P
10
Ex, 4.3.7
Perform encryption
using the RSA
e(encryption
key) =7, M(plaintext algorithm p=3, q = 11(two
message) = random numbers).
Soln. : 5
Using RSA algorithm
p=3, q=11, e=7
and M=s
Step 1: Prime number
p =3,q=11
Step 2: n=p*q=3x11l=33
Step 3: (n) =
p-1) *(q-1) = (3-1) *(11 -1)"
(n) 2* 10=20
Step 4 : Select e such that it is relatively
prime to o(n) i.e. gcd
(e, () =l
gcd (e, 20) = 1;
gcd (7, 20)=1
e = 7 is given,
Step 5 : Calculate d such that
d = e mod (n)
ed mod o (n) = 1

7 *d mod 20 = 1

d=
(9(n) *i) +1

Find d such that is divisible by,e.

where, i= lto 100
(20 xi) +1 where
d = 7 i= 1;

nds d= 3
Step 6: Public key={e, n} = {7,33)

Private key = (d, n) = (3,33}

Scanned by CamScanner
 Public Key Cyptogrars
2Crypt. & Sys. Securty (MU-Sem. 6-Comp) 4-22

message plain text M=5,

Step
7: Calculate cipher text message for given plain text

C= M mod n
where M<n
= 5' mod 33

= (5 mod 33) * (5* mod 33) * mod 33

* (5* mod 33)
*mod 33
= mod 33) * (5* mod 33)
(S
*mod 33
33)* (25 mod 33) * (25 mod 33)
= (125 mod

= (26 *25* 25) * mod 33

= 16250 * mod 33

c = 14

Ex. 4.3.8
11 and 3 and ouht.
algorithm to be ušed is RSA. Given two prime numbers
Tne encryption is7
decryption key and Calculate the ciphertext if the given plaintext
Key (e) is 3. Calculate the

Soln.:
Using RSA algorithm

Given: a=11, b=3, e=3 and plain textP=7

=
Prime number
a
11, b=3
Step 1:

Step 2 : n=a*b=11 *3=33

Step 3: (n)= (a-1) * (b-1)
(11 - 1) * (3– 1)
=
10*2
= 20

Step 4: Select e such that it is relatively prime to (n) i.e. gcd (e, (n)) =1

gcd (e, 20) = 1

gcd (3, 20) = 1

e = 3 is given.

Step 5: Calculate d such that

d = e' mod (n)

ed mod (n) = 1

Scanned by CamScanner
 pl Crypt. & Sys. Cryptography
Security (MU-Sem.
6-Comp)
4-23
Public Koy

3 *d mod 20 =1

d=

Find d such that it is divisible

by e
Where i= lto 100
d =
20+where
3
i=1;

d = (20xi)+11
3

d = 7

Step 6: Public key= (e, n) = (3,33}

Private key = (d, n} = (7, 33)

Step 7: Calculate ciphèr text message for given plain text mesSsage.

Plain text message=7

mod n wher P<n
C= P

=
T mod 33
mod 33
[7 mod 33] * [7 mod 33]
*
=
= [49 mod 331 * [7 mod 33] * mod 33

= [16 * 7] mod 33

C= 13

So, cipher text = 3

Ex. 4.3.9 algorithm
19 find the value of 'e' and 'd' using RSA
parameters 'P'=3 and
For the given
Q'=
and encrypt message 'M'=
6.

Soln. :
as a =3, b= 19
numbers are P=3 and Q= 19 we are denoting P & O
Step 1: Prime

2: n=a*b=3* =57
Step 19

Step 3: n) = (a–1), (b- 1)

= (3-1) * (19- 1)

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Public Keyy Gryptograth
4-24.

On) = 2* 18=36
Step 4: Select e
such that it is relativcly prime to (n) i.c. gcd(C, 9(n))
=
11<e<on
selected as 5, gcd (5, 36) = 1.
is also relatively prime to o (ni
Here gcd(5,36) = One can sclect c as 7 because 7
1
e as 7
private key therefore we will select
It better if
you select large

gcd(7,36) = 1

Step 5: Calculate d such that

d = (n)
e
mod
= 1
ed modo (n)
= 1
7*d mod 36
Using RSA algorithm
d = ((0n) *i) + 1)/7 where i=1to 100
= (36*1l) + 1)/7= 5.28

d must be completely divisible by 'e'.

= (36*2) + 1)/7 = 10.42
= (36*3) + 1)/7 = 15.57

= (36*4) + 1)/7 = 20.71

(36*5) + 1)/7= 25.85

= (36*6) + 1)/7 =31
d = 31
Step 6: Public key = {e, n) = {7, 57}

Private key = {d, n) = {31, 57}

Step 7: Calculate cipher text message for given plain text messagem=6.
Plain text denoted as p =6 (m denoted as p)

C= P
mod n
=
6 mod 57
= 279936 mod 57

C= 9

Scanned by CamScanner
 6-Comp)
Security(MU--Sem. 4-25 Public Key Cryptography
Coypl. & Sys.

Once scnder scnds

calculate plain text
P. 9
to the recciver thcn rccciver can
Now
Step &: text p.
calculate plain
C mod n
P
mod 57 6

original message/ plain text i.e.

process always yields = 6
Deryption
.. mod 57=6
P= 9"
P 6

Syllabus Topic: The Knapsack Algorithm

44 Knapsack Algorithm

be broken means
Knapsack, items cannot
which the thief should take the item as a
n
-1
it. This is reason behind calling it as 0-1 Knapsack.
whole or should | leave

case of 0-1 Knapsack, the value of x can be either 0 or

1, where other
Hence, in
same.
constraints remain the

21 Knansack cannot be solved by Greedy approach. Greedy approach does not ensure an
ontimal solution. In many instances, Greedy approach may give
an optimal solution.

our statement.
The following examples will establish

Example 1

are as shown in
- Let us consider that the capacity of the knapsack is W= 25 and the items
the following table.

Item A BC
Profit 24 18 i8 10

Weight 24 10 10 7

Wihtout considering the proit per unit weight (p/wd, if we apply Greedy approach to

SOve this problem, first item A will be selected as it will contribute maxmum protit
among
all the elements.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. Public Key
6-Comp) 4-26

After A, no more item be sclectcd. Hence, for this given

selecting item will

.total profit is 24. Whereas, the optimal solution can be achieved by selecting
items,
C, where the total profit is 18 + 18=36. Ba

Example 2

Instead ofselecting the items based on the overall benefit, in this example
heitera
selected based on ratio p/w. Let us consider that the capacity of the knapsack is
and the items are as shown in the following table.

Item A B

Price 100 280 120

Weight 10 40 20

Ratio 10 7 6

Using the Greedy approach, first item A is selected. Then, the next item Bi &.
Hence, the total profit is 100 + 280 =380. However, the optimal solution of this inct
can be achieved by selecting items, B and
C, where the total profit is 280 + 120 = 40
Hence, it can be concluded that Greedy approach may not
give an optimal solution.
To solve 0-1 Knapsack, Dynamic Programming approach
is required.
4.4.1 Problem Statement

A thief is robbing a store and can carry a max;mal

weight of W into his knapsack. Tr
are n items and weight
of i" item is w; and the profit of selecting this item is p. What iems
should the thief take?

4.4.2 Dynamic-Programming Approach

Let ibe the highest-numbered

item in an optimal solutionS for W dollars. u
S=S-f) is an optimal solution for W- w; dollars
and the value to the solution S is Vi plusu
value of the sub-problem.
We can express this fact in
the following formula: define c[i; w]to be the
solution f
items 1,2, ... ,i and the max,mum weight w.

Scanned by CamScanner
 (MU-Sonm. 6-Comp) Public Key Cryptography
& Sys. Socurity 4-27
aCoypt.
inputs :
the following
The algorithm takes
max,mum weight W
The
number of items n
The
sequences v=:<V), V2,
.., V> and w
=<W|,
W2, ., W,>

Thetwo w, n, W)
Dynamic--1-knapsack (v,

to Wdo
forw =0

tondo
for i=efi,.
l =0
0]
W do
fiorwlto
w then
ily, S
cfi-1, w-w] then
iy +
c[i, w] =, t cl-l, w-w]
else cfl, w]
= c[-l, w]
else
the table, starting at
c[n, w]and tracing
can be deduced from
to take
of items
The set
optimal values came from.
backwards where the and we continue tracing
the solution,
= w], then item i is not part of we continue tracing with
fcfi. wl cfi-l, part of the solution, and
Otherwise, item i is
with cli-1, w].

cfi-1, w-W.

4.4.3 Analysls where each entry

(n+ 1).(w + 1) entries,
w) times as table c has
This algorithm takes (n,
requires time to compute.
(1)
: EIGamal Algorithm
Syllabus Topic

4.5 EIGamal Algorithm

are
Many of them
cryptosystems proposed.
Along with RSA, there are other public-key

based on different versions of the

Discrete Logarithm Problem.
based on the Discrete Logarithm
Variant, is
cryptosystem, called Elliptic Curve logarithms cannot
be
that the discrete
Problem. It derives the strength from the assumption

Scanned by CamScanner
 2Crypt,&
Sys. Security
(MU-Sem.
6-Comp)
found in practical 4-28
can time frame Public
be computed for a given
number,while
Key Cryplegtar
efficiently. 2 Crpt. & Sys. Secu
Let us go through the inverse
operation
case of a simple version of the pry
Thus thc private
elliptic curve of EIGamal
that works with
variants,
4.5.1 it is based on numbers modulop.
quite different 4.5.2 Encryptlon
Generation number systems. Int.
of EIGamal Key The generation
Each user Palr
of ElGamal process for RSA. Bus
cryptosystem
generates E
Choosing a large
prime p. Generally a
the key pair through as follows : 4.5.3 EIGamal
chosen. prime number
of 1024 to 2048
bits length
Suppose sende
Choosing a generator (p. g. y), then:
element g.
This number must Sender represe=
be between 1 and p 1, -
but cannot be any number. To encrypt the
It is a generator of the multiplicative group
every integer m of intgers modulo p. This means The encryptio
co-prime to p, there is an integer f,
k such that g= a mod n.
For example, 3 is generator group Randomly
of 5 (Zs= (1, 2, 3, 4}).
Compute
N 3n 3 mod 5.
3
Send the cipl
2 9 4
Referring to
3 27 2 encrypted as
Randon
4 81
Compu
Choosing the private key. The private key x is any number bigger than 1
and smala
than p-1.
Computing þart of the public key. The value y is computed from the parameters p, g u Send the ci
the private key x as follows :
4.5.4 EIGare
y= g'mod p

Obtaining Public key. The ElGamal public key consists of the thrce parameters (p. & )} To decryp
For example, suppose that p = 17 and that g = 6 (It can be confirmed that 6 is a genere Comp
of group Zi7). The private key x can be any number bigger than and smaller
1 than 71,9 to as
we choose x = 5. The value y is then computed as follows : Obt
y = 6 mod 17 =7

Scanned by CamScanner
 6-Comp)
a coypt. & Sys. Securiy(MU-Som. 4-29 Putillc Koy Cryptograpty

62
is and the public key is (17,
the private key
6, 7).
Thus

Encryptlon and Decryptlon

4.5.2
of an
EIGamal key pair is comparatively simpler than the equivalent
generation
The
RSA. But the encryption and decryption are slightly more complex than RSA.
process for.

EIGamalEncryption
A63
sender wishes to send
a
plaintext to someone whose EIGamal public key is

Suppose

Y), then : n.
(P,8, as a series of numnbers modulo
Sender represents the plaintext
p.
plaintext P, which is represented as number modulo
a
the first
To encrypt
ciphertext C is as follows :
process to obtain the
The encryption
Randomly generate a
number k;
C2, where
Compute two values C1 and
C1 = g mod p

C2 = (P'y) mod p
C2), sent together.
Send the ciphertext C, consisting of the two separate values (C1,
= 13 is
our generation example given above, the plaintext P
Referring to ElGamal key
:
encrypted as follows
k= say 10
Randomly generate a number,
where -
o Compute the two values Cland C2,
C1 = 6
mod 17
C2 = (137) mod 17 =9
Send the ciphertext C = (C1, C2) = (15, 9).

4.5.4 EIGamal Decryption

are taken :
To decrypt the ciphertext (C1, C2) úsing private keyx, the following two steps
p, which is (C1), generally referred
Compute the modular inverse of (C1) modulo
to as decrypion factor.
o Obtain the plaintext by using the following formula -

C2 x (C1)* modp = Plaintext

Scanned by CamScanner
 he
poH LOlCypt.
&Sys.
Security
Thus (MU-Sem.
theprivate 6-Comp)
A.5.2 key
Encryptlon is62and 4-29
thepublic
The generation andDecryptlon key
is(17,6,7). PublicKoy
process for Cryptograpn
RSA. of an EIGamal
But
4.5.3 EIGamal the encryption key pair is
ngth comnarativey
and decryption
Encryption
i Suppose areslightly simpler
than the
y, then:sender wishes to
more
P, &, complex cquie
than RSA.
send a plaintext
Sender represents to someone
theplaintext whose
To encrypt as aseries ElGamal
public
1s for the firstplaintext of numbers koy
The encryption P, which modulo p.
process isrepresented
Randomly to obtainthe asa number
generate ciphertext modulo p.
Compute a number C as
is follows:
twovalues k;
C1 and C2,
C1 = g where -
mod p
C2 = P'y)mod
p
Send the ciphertext
C, consisting
Referring to our of the two separate
values (C1, C2),
EIGamal key generation sent together.
encrypted as follows : example given above,
the plaintext P = 13
is
Randomly generate a
number, say k = 10
Compute the two values
Cl and C2, where -
C1 = 6
mod 17
C2 = (137) mod 17
=9
Send the ciphertext C= (C1, C2) =
(15,9).
4.5.4 EIGamal Decryption

To decrypt the ciphertext (C1, C2) sing private key x, the following two steps are taken :
Compute the modular inverse of (C1' modulo which is (Ci)", generaly referred
to as decryption factor.

Obtain the plaintext by using the following formula

-
= Plaintext
C2 x (C1)* mod p

Scanned by CamScanner
 Crypt.
& Sys.
Security
(MU-Sem.
In our example, 6-Comp)
the decryption to decrypt 4-30
factor is theciphertext Public
C= (C1, C2) = Key Cryptogaphy
15 mod (15, 9)
Extract 17 using private
plaintext =9 key x =s
4.5.5 EIGamal P=(9x9)
mod 17 =
13. CHAF
Analysis
In EIGamal system,
5
-
key prime each user
has a
modulus p, generator private keyx. and
EIGamal g, and has three components
is based on public Y
the difficulty of publiç
The secure of discrete logarithm =gmod p. The strength of
key size is generally problem. te
the processing > 1024 bits.
speed front, Today even
Elgamal is 2048 bits long
protocols. Due key are used. On
to higher processing quite slow, it is used mainly Syllabus
becoming increasingly efficiency, Elliptic for key authenticaticn
Key manag
popular. Curve variants
of ElGamal are third party. D

Chapter Ende

5.1 Key Di

Before discus
5.1.1
Manager
The main
store air
it.to pro
Key mnanage
maintenance
C
Thepurpose
various C
aspec
Key manager
Cryptographic
signatures.
It is
Scanned by CamScanner
 CHAPTER Module 2
Key Management
Techniques

Syllabus
Key management techniques : using symmetric and asymmetric algorthrns and trusted
third party. Diffie Hellman Key exchange algorithm.

5.1 Key Distribution and Management

Before discussing the key generation and usage let us first discuss what is Key.

5.1.1 Management
a
The main aim of Key management is to generate secret key between
two parties and
store it to prove the authenticity between communicating users.

Key management is the techniques which support key generation, storage and
maintenance of the key relationship between authorized
users.

The purpose of this unit is to give idea about the issues involved anda
broad survey of the
various aspects of key management and distribution of keys.
as the basis. for securing
Key management plays an important role in cryptography
cryptographic goals like confidentiality, authentication, data integrity,. and digital
signatures.
It is not the case where communicating parties are using same key for encryption and
decryption or whether two different keys are used for encryption and decryption the basic
purpose of key management is key generation, key distribution, controlling the use of
keys, updating, destruction of keys and storage, backúp/recovery.

Scanned by CamScanner
 Key management
5-2
Crypt. & Sys. Security (MU-Sem. 6-Comp) lech
& Sys. Se
Crypt.
symmetric as well as asymo
can generated by using well known
Shamir Adleman (RSA), Diffe .Snn
be
Key are Nh
cryptographic algorithms like Rivest If there
can be used later for encryption and decryption of data, When attacker
exchange algorithms and
opened.
Syllabus Toplc : Key Menagement
Techniques Using symmetric and Asymmetre
Trusted Third Party
Algorithms and Key
distributic
per need. Ever
5.1.2 Symmetric Key Distrlbutlon using
Symmetrlc and Asymmet:e
Using tempora
Encryptions called as sessic
Encrvption
5.1.2(A) Symmetric Key Distribution using Symmetric Session key is
connection, tr
Key distribution Scenario
End user use
1.

2. Hierarchical Key control distribution ce

3. Session key lifetime by Key Distri

4. A transparent key control scheme So KDC shar

5. Decentralized key control Each user has
some fashion
two parties share the same key that protected from access by others, that
When
kejt
,
nothing but symmetric key and the process between two parties that exchanges h
called as symmetric encryption.
If two person wants to communicates with each other via messages or exchange dn
without interference of other.
Two parties/personsX and Y achieved the key distribution in various ways:

1. X can select a key and physically handover to theY.

2. A third person can select key and handover to X and Y.

3. IfX and Y uses a key previously then any one person i.e. X or Y can send ne oo
with encryption to other person.
4. Xand hás its own encrypted connection to third person
Y candeliz
and that person
a key on the encrypted links to X and Y. 1. Key
distrlt
datacat k
Point (1) and (2) are device
the manual delivery of the key. In link encryption The sc
transferred between only two partners. This is end end encryption. distrib
tò
or dev
But
in distributed system one host can communicated with many others hosts Let us
so because of that each device needs many keys that supplied dynanmcany one
tir
In wide-area distributed system it is difficut to manage number o AY

Scanned by CamScanner
 (MU-Sem.
6-Core
5-3 Key management techniques
Sys. Secu
&
a cypt.
communicate cach other than ([N(N- 1)y2
hosts keys are requircd.
there
are N
If atlacker succeeds to gaining acccss to any one key then other related keys will be
When
opened.
responsible for distributing keys
distribution centre is the form of pairs of users as
Key user. shares a unique key with key distribution center.
Every
per nced. communication is encrypted between end users.
temporary key This temporary key
Using
session key.
called as some logical duration in between connection like, in
used for frame relay
Session key is connection etc. after that session key will be discarded.
connection,
transport
uses same networking facilities which have session key provided by key
user the form of encryption. Master key is also provided
End
center. Session key is in
istribution
(KDC).
Key Distribution Center
hy
that Master key
to end user or system.
So KDC shares

has one master key shares with key distribution center that can be distribution in
Each user

Some fashion.

Cryptographic
Data protection

Cryptographic
Session
protection
keys

No Cryptographic
Master
keys protection

Fig. 5.1.1l: The use of key Hierarchy

1. Key distributlon
Scenario

e scenario refers each user have its own unique key called master key with key
distribution center.

S
aSsume that user X wishes to create a connection with user Y, So he requres
One time
sssion key for protecting data.

Scanned by CamScanner
 Crypt. &
Sys. Security
(MU-Sem.
6-Comp)
So X
has Key management
mater key technin.
K,that is
has also known only 2 Cry
its own mater itself and the key distribution center,
key K, shares
with key distribution andy
center.
Key distribution
Key distritbution
steps
center

Sender Receiver

3. Ses
Authentication steps

Fig. 5.1.2: Key Distribution Scenario

So following steps are required :

1. X
sends request for session key to
the KiDC which protect the connectioa
betweenX and Y. The message includes the
identity of X
and Y

identifier, which is used for the transaction. a uniqe

2. KDC sends back the message to
sender X is in the form encryption
So only X can read the
of usine K
original message
The message includes
2 items for X:
1. One-time session key
2. Original request message
called as nonce. 4. At
In side Y it also includes 2 items.
1. One-time session
key
2. Identifier of X

X stores the session key

with Ky for next session and
forward that key to
Y. that is encrypte
2. Hierarchlcal key
control
In very large network area
difficult to handle key distribution center
in large area. So does not work properiy
it is not done in practically. :
Because of
that option of key distribution
or hierarchy center replace with contad
of Key Distribution Hierarchical key
Center (KDC).

Scanned by CamScanner
 1Crypt. & Sys. Security (MU-Som. 6-Comp)
5-5 Kay management tochniqus
Eor example :
Each local KDC is responsible for small area
like single building or
single LAN.
Jf two different domain wants to communicate or share some key that timc local KDc
connect or contact with global KDC.
The hierarchical approach having three layer or more layer.

It depends on the geographic scope nümber of the users.

This scheme minimises the effort used in master key distribution

3. Sesslon key lifetime

to rereiver
Session key is used for exchanging data over the network from sender
Ttprovides security because each cipher text with one session key is required. So if
message and network.
delay session key affects on
of
Because of that security manager must try to balance these competing connection
same life time or life period.
oriented protocol, it uses same session key, so each have
open.
Session key for the length of tme or Some amount of timne connection is
own hew life time so each
Tfconnection less protocol each new session key have its
each exchange.
session key has different life time or life period. For
or period only and
So better way is that given session key for a fixed amiount of time

only fixed number of transaction.

4. A transparent key control scheme
it provides end
This scheme is used in network or transport level. It is useful because
to end encryption.
example is TCP.
The schenme mostly used in connection oriented end to end protocol

Key distribution
center

(Applicatlon)
Application

Security Security
service service

Host 1 Host 2

Fig 5.1.3:Automatic key Distribution for Connection Oriented Protocol

1. Host send the packet request connection

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 5-6 Koy management S
Sys.
Crypt. &
2. Ask for KDC for session 42
use differ
3. KDC distributes session key to both hosts We
Data En
4. Buffered packct transmittcd. 1.
File Enc
In Fig. 5. 1.3, Host wants to cstablishcd connection with another 2 access
hostthen or
the request packet the KDC. hetends
Key distribution center provides the scssion key to 3.
PIN En
the host using electron
the cncrypion
key also provide to the another host. tua Basically m
KDC is encrypted with master key only with the host.
distribution c
5. Decentralized key control
Application
approach requires that each system can communicate
This
in secure manner There are
so
is need to use multiple master's keys for configuration. S0 thete
propos=
Full decentralization is not possible n This
practical for large area network
key.
So session key will be created as follows :
That eight
1. X
sends the request to Y
for session key including with followingp
original message
2. Y replay to' the X with M,
original encrypted message
using shared mater key. Control
replay attaçh with session key selected
of f(M,), another M. T vector
3. Using the new session key x returns
f(M,) to Y.
QID, || M, Hash
function
Sender
Receiver
X Y

EK,Ks|IDx|D,||F(M,)) Key in
F(M2)

E(K,|IF(M,)

Fig. 5.1.4: Decentralized Key

distribution
SO cach terminal contains at most
(n - 1) master key as multiple sessio Fig. 5.1.5=
required.

Because message transferred All the

using master key are difficulL Coupling ti
Controlling Key Usage and
Step
Using key hierarchy
and automated key distribution We can redücethe
number 1
length :
technique. of
of keys.

Scanned by CamScanner
 Crypt. &
Sys. Security(MU-Sem, 6-Comp)
5-7 Kay management techniques
We use different types of session key like:
1
Data Encryption : Usc for communication in the nctwork.
2. File Encryption key : Uscd for encrypting file which stored for publically
available
or accessible on the locations.
2 PIN Encryption key : PIN is personal Identification number. It is mostly used for
electronic transaction like banking or e-transactions.
Basically master key is physically secured using cryptographic hardware of key
distribution centre.
uses the session key which
Application program is encryptedi with the master key.
There are some limitation to use any key for that purpose of uses tag with session key.
This nroposed technique is used with, DES in that it used 8 extra bits in each 64 bit DES

key.
are used for
That eight bits are reserved ror parity checking from.the key tag. That bits
following purposes
:

Master Session
Control Control Master Encrypted
key key
vector vector key Session key

Hash Hash.
function
function

Key input Plain text input Ciphex text input

Key input

Encryption Decryption
function functlon

Encrypted session key

Vector.Decryption
Fig, 5.1.5: Control Vector Encryption Fig. 5.1.6: Control
with the key.
of key generation control vector is crVptographically coupled
e umne
Ouping and decoupling process can be given to Fig.
5.1.5.
Step
1: Control
vector is going through function that produces some value
the hash
length of that value
is equal to the encrypted
key.

Scanned by CamScanner
 Key managenment
Crypt. &
Sys. Security (MU-Sem. 6-Comp) 5-8 technie..

Step 2 : Hash function reduces or maps the value from large input range to the Smallinpu Crypt. &
Sys.
range.
E.g. the number of range is 1
to 100 that can be reduces by 10% so range is now 1, 2. Q gener.
approximately. to P.
Step 3 : After that Hash value is then XOR with the master key.to produe some ou 3. P decry
This output is used as for key input. know K
This key input is used for encrypting the session key thus, 4. P discar
Hash value = H=h(cv) At the end
-

Key input = M, H
from ceavesd
Cipher text = E ((M, H), S)
Where, the master key and Sis session key. For plain text we can recover
M, is
he
session key using following operation:
D([M;O ),E(M,O H],S))

Recovering session key we use both master key that user must share with KDCand
of
control vector. Because of that link between session key and its control w.. te
maintained.
There are two main advantages of control vector over the use of an 8 bit tag.
Fig
There is no restriction for control vector to its length. 2. Secret Key
2. It is available in clear form at all stages of operation.
1. Psends
5.1.2(B) Distribution of Symmetrlc Key none N

(Secret Key) using Asymmetric

Encryption 2. Q send
(1) Simple Secret Key Distribution nonceN
(2) Secrete Key Distribution with 3. PreturE
Confidential and Authentication
(3) Hybrid Schemes 4. Pselect=
5.
Q decry
1. 3. Hybrid
Simple Secret Key Distribution Sch
This technig
IfP wants to communicate with Q, following procedure is
used shown in Fig. ).1.. that shares
1. P
generates a
public key/private key pair and Q consists d
with the mas
a
transmits a message to
public key (PU) and identifier
P (D). Public
key is

Scanned by CamScanner
 Ro Crypt. &
Sys. Security (MU-Sem. 6-Comp)
5-9 Koy managernent techniques
9 O generates a session key K, and encrypted using P's public key
(PU) and transmis
to P.
P
decrypts the session key K, by using its own private kev. Now both P and
2
know K.
Pdiscards public/private key and
Q
4. discards P's public key.
communication both P
and The communication is sccure
Q
of discards K,.
At the end
cavesdropping. The communication becomes unsafe from man-in-middle attack.
from

Initator Responder
P

Keys using Public-key Cryptography

Distribution of Secret
Fig. 5.1.7:
Distribution with Confidentiality and Authentication
Secret Key
identifier of P (D») and
1
Psends encrypted
message using Qs public key consists of
none N,.
nonce N, and Q's
message using P's public key consists of P's
an
2 O sends encrypted
nonce N,.
public key to Q.
3. Preturns N,, encrypted using Q's
to Q.
Kg and send a message M =E (PUO, EPRp, K))
4. Pselects a secret key

Qdecrypts it to recover the secret

5.
key.

3. Hybrid Schemes
Distribution Center
use KDC (Key Distribution Center) key
Ihis technique retains the of
encrypted
a secret master key with each user and distributes secret session keys
hat shares
with the master key.

Public key is used to distribute the master key.

Scanned by CamScanner
 Key management techniqueg Cry

(MU-Sem. 6-Cormp) 5-10

Crypt. & Sys. Security

Public Keys
6.1.3 Distribution of :
public keys
techniques are used for the distribution of
Following
1. Public Announcement
2 Publicly Available Directory
3. Pul
3. Public Key Authority
-
4. Public key Certificates

1. Publlc Announcement
as RSA, any user can send his or her
In a public key cryptograpby, such 5.1.8.
the group as shown in Fig,
other user or broadcast it to
PU PU2

User 1 PU PU2User 2
PU PU,
Fig. 5.1.8: Public Announcement

biggest drawback. Any user can pretend tobe a se

This type of approach is having
a

P and send a public to another user or broadcast it.

Until user A has got this thing and alerts to other user, a pretender is able to rezd al
encrypted messages for user P.
2. Publicly Available Directory Steps
1. Ps
A dynamic publically available directory is used to achieve the security. Maintenan:
and distribution of public directory is controlled by a trusted entity. 2.

This technique is explained as follows and shown in Fig. 5.1.9. key

pu
(a) A trusted entity maintains a directory for each user as < name, public key >.
the
(b) Each user has to register a public 3
key with the directory. P
(c) A user can replace the existing key with a new one at any time for any enc
Pa
reason, ide
more secure
It is weaknesses. 4&5
than public announcement but still having Some
keshr
hacker can obtain
the private key of directory or tamper with the information
directory.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp) 5-11
Kay managoment techriua5

Publo koy
directory
PUp
PUo
P
Fig. 5.1.9 : Publicly Available Directory
3. Public Key Authority
It gives stronger sccurity. As shown in the Fig. 5.1.10, a central authority keeps a
dynamic directory of public keys of all users. Additional, cach user knows the public
key of authority.

Working of this techniques explained by following steps :

Public - key
authority

Initiator Responder

Fig. 5.1.10: Public Key Authority

Steps
to authority for public key of Q.
1. Psends a time stamped request
message. A message is encrypted using authority's private
A authority sends
an encrypted
public key. A message includes Q's
2.
by using authority's
key, so that P can be decrypt
it
by P with
can use by P for the encryption, the original request sends
public key which be
the time stamp. message to Q. An
for an encryption and send an encrypted
3. P uses Q's public key nonce (N), which is used to
Identity of A (Dp) and
encrypted message contains the
identify the transmission uniquely.
authority similarly like
1
and 2.Now P and Q start
485
Q
retrieves P's public key from the
the communication. Two additional steps may be requiring.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem, 6-Comp)
5-12 Key managementtechniaueg
6. O
sends an encrypted message
to P. A message
contains P's nonceN and encrypted using P's public key which
Q's nonce N,.
7. P eturn sent an encrypted message
in
using Q's public key which contains Q's nonce
to ensure Q that its correspondent N)
is P.
4. -
Publc Key Certificates
A public key authority has some
drawbacks in the system.
a user
If has to communicate with authority for a
public key for every other
Usertha
he wishes
to contact. This approach provides certificates to users for exchanging the
keys among them without contacting
to the authority.
The data and
public key maintained by authority itself may be vulnerable
tampering. tothe
The certificate
authority shown in Fig. 5.1.11 is a government agency or trusted
agency.

Certificate
authorty
1

2 5

Fig. 5.1.11: Public - Key Certificates

Steps
1. User 'P' sends its public key to
the ertificate authority tó get the certificate.
2. A certificate authority sends a
certificate in a encrypted
certificate consists timestamp, form using its private key. A
of identifier of P (D,) and
3&4. Qretrieves
public key of P.
its certificate from the
authority similarly explained
5. P publishes its certificate in 1 and 2.
Cp to anyone
6.
() needed P's public key.
Similarly Q also publishes
its certificate Co to anyone
(P).
Then the communication
between P and Q
is started.

Scanned by CamScanner
techniques

y which
Grypt. &
Sys. Security
once 5.1.4 Key Generatlon,
(MU-Sem.
6-Com
N2.,
6.1.4(A) Key Dlstrlbutlon, 5-13
Generatlon
Key Storago Koy
generation and Usnga nncorert tchninue
is the
cryptography. proccss
generating
The key can
ser be generated keys using
ehe functions
that using
of passwords $ymmeric or
random or
ngthe It is standard (ANSI and PINs. pseudo-tandom
asymmetric
key
X9.17) way key bit generator
to generate
5.1.4(B) Key Distrlbution pseudorandom
which uses
to the DES keys.
Key Distribution also
called as
securely distributed from Key
Transportation
usted use of it the location where is
the process by
then transmitted they are which keys are
using manual generated or stored
loaders), automated methods transmission to where there bec
combination of automated (e.g., key transport methods
(e-g., file transfer, key
and manual and/or key
methods. agreement protocols), or a
Secure key distribution is
the basic aim
cryptographic system. The to achieve
goal of any the integrity and trust
key distribution process in any
To ensure that the keys are distributed is :
to intended recipients
To ensure that the keys sent are the corect only.
keys and sent to correct
To ensure that the keys recipient.
achieving authentication
and protection of recipient.
To ensure.that it is not modified
during transmission.
To ensure that transmission
mechanism is secure and intact.

5.1.4(C) Key Storage

- After successful generation of key, it should not store on multi-user machine unless' they
are in encrypted or secured form (e.g., temper-resistant security module) (name of the
physical storage device).

important to define the key storage for data management of cryptographic key; the
It is

Proper use of. the function depends on the key type, protection
requirements and lifecycle
:
stage. There are different function provide by key storage
1. Operational Storage
2. Backup Storage
3. Archive Storage

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 5-14 Key management

1. Operatlonal Storage

Ifthe required for operational purpose that keys can be taken from operalit
key is

Storage when not present in active memory (the memory which 1s prescntly
that key
the key stored in operational storage is lost or corrupted, then mua
recovered from backup storage.
Certain key types such as PIN, master keys are always stored in physical hyardwa
uses a
and never on software system. The operational storage device koy,such
of a server which is directly connected
encryption key store on local hard disk
network.
Once the key is stored in a database, the database administrator should notaccesS%,
the keys in the clear text form. If database administrator stolen the key, he/she
must
not use it tothe encrypted data. Apart from this, storage media
reàd beprotete
as dual control and rigorous access
by strong physical and logical security such
logs.
2. Backup Storage

In case of hardware or software failure if keys are lost then there should be s.
back up mechanisrn required to recover the lost data or corruption of the operai
storage. The backup of only the important keys arë stored.
Finally, the backup determination depends on key usage whether the application ;
important to use the key.
3. Archive Storage

.A Key Archive is the term used to recover the large histórical encrypted data.
The data backup storage keeps the data of today whereas
archive storage addresse:
the data management of tomorrows or overcome the
future challenges of data storag:
management.

5.1.4(D) Key Usage

The important aspect of key management is

key usage. Whether authorized user using kej
securely or whether they are properly
maintaining the privacy and integrity
of the key.
Separate key should be used
for encryption or digital signature to prevent
gain the access of keys the attacker wO
and compromise the security.
Means whatever the key
used for encryption it should
otherwise it usage is not per
not use for any other purpos
the rules and regulations.

Scanned by CamScanner
 cypl. & Sys.
becuy(MU-Sem. 6.Ch

5.15
5.1.4(E) Key Valldatlon

Once key get generated. stored

performing and properly
which is the encryption
used, then
it time tn validats.
process on The appficatiot
data should
encryption is ableto recover validate
he key. whether the
production. the data prior
to placing particular application into
validation detects
The key the malfunction
data, of the encrypted
the encrypted The key validation
is
data and assures recovery of
uscd to encrypt
compare the results with originally
encrypted the data cncrypt the data sns
data.

- In-spite of this if attacker modifies or underlying

structure
encryption process. then it should retest the

Updation
s1.4F) Key
A function performed on a cryptographic
key in order compute new, but related key
to a

for the same purpose.

5.1.5
Importance of Key Management

-Decause of strong key management privacy of customers' personal and corpose

information is maintain (confidentiality):

Preventing data modification (data integrity):

Authentication of users was done prior to transaction over insecure channel

(authentication);

Replacing handwritten signatures with the electronic equivalent signature means

every
transaction gets signed.

Syllabus Topic : Diffie Hellman Key Exchange Algorithm

5.2 Diffie Hellman Key Exchange

May 17)
> (MU- Dec. 15,

Q.52.1 Explain how key is shared between two parties using playfair Diffie Hellman
a
key exchange algorithm.What is the drawback of this algorithm?
(Ref. sec. 5.2) Dec. 15, 10 Marks

5:2.2 Explain "Diffie-Hellmen key exchange algorithm with suitable example, Also
of MIM attack in it. (Ref sec. 5.2) May 17, 10Marks
explain the problem

Scanned by CamScanner
 managomont tochrine,
Crypt. & Sys. Security (MU-Sem. 6-Comp) Key
5-16
oxample,
with sultable
Q.5.2.3 lustrate Ditie Hellman key exchange
algorithm
(Ref. sec. 5.2) prone to man

Q. what way,
exchange
algorithm, in t
5.2.4 In the Diffile Hellman kay
middle attack. (Ref. se0. 5.2)
seG, 5.2)
Oxchange. (Ref.
Q.5.2.5 Brietly e explain Diffie Hellman key algoritho
as Key exchange
was widely known Hellman in 1976. Difs,
The Diffie Hellman algorithm
and Martin
Whitfield Diffie cryptographic
agreement algorithm developed by
(symmetric) private keya
same
Hellman algorithm is used to
generate transfer this key from sender y
no need to
so that there is
senderas aswell receiver end
greement not &
receiver. used only for
key
Hellman algorithm is communicate
that Diffie receiver want to
Kemember message. If sender and
decryption of Diffie Hellman Algorithm ateg
Cncryption or generated by
agree on the
same key
us start with the algorithm.
each other they first Let
encryption or decryption.
on they can use this key for
Hellman Algorithm agree on f
T. Steps of Diffie they must
communicate with Suresh
step is that if Ramesh wants to
1. The first
p and q. that
large prime numbers a, and calculate R such
number
selects another
secret large random integer
2. Ramesh
p
R= gmod
Ramesh sends this R to Suresh.
3.
integer number b, and calculate
independently selects another secret large random
4. Suresh
S such that.

S = mod p

5. Suresh sends the number S to Ramesh.

6. Now Ramesh is calculating his secret key by using
Ry = S' mod p
7. Suresh is calculating his secret key S by using
S = R
mod p
agree for future communication called as key
8. If Ry'= Sy then Ramesh and Suresh can

agreement algorithm.
9. We
have Ry = Sy= Khence proved. (K is called symmetric key).

Scanned by CamScanner
attech
echnique
Hol Crypt.
&
SyS. Securityy
(MU-Sem.
6-Comp)
aninthe For example
Damesh
5-17
1
and Suresh Key managoment
are agrec technique0
2. Ramesh selects on two
another secrct largc prime
numbers
m or R= q mod p largc random number 5 i.c, sayp= 17 and q = I.
16. key = =7 mod 17 =11 a=5and calculate
Diffe (7x7x7x7 R
Such that

ic key .Ramesh sends numnber x7) mod 17 =

11
R
to Suresh.
sende at 4. Suresh selects
another secret
to S- = large random
number 3.
mod p i.e.
=7 mod 17
=3 b=3and calculate s
such that
not = (7x7x7)
for Siuresh sends mod 17 =3
atewith 5
number S to Ramesh.
amlater 6 Ramesh now calculates
its secret keyRx as
= follows:
n. R S mod p
=s mod 17
Ry = 3* mod 17
=5
= (3X3
on two ×3x3 x3) mod 17 =5.
Suresh is calculating
his secret key Sy as follows :
Sg =
R modp = R° mod 17
hat
11' mod 17 =5
8 IfRy= Sy then Ramesh and Suresh can agree for future communication.
9. We
know that if Ry = Sg =K=5. Hence proved.

ulate Ex. 5.2.1

if p a
Solve =7 and q=17 using Diffie Hellman algorithm. Select =6, b=4.
:
Soln.
By using DIffie Helman algorithm
1. Ramesh and Suresh are agree on two large prime numbers sayp=7 andq=17.
2. Ramesh selects another secret large random number
6 i.e. a=6 and calculate R such that
R = qmod p = 17° mod7

= (17x 17x 17x 17x 17 X 17) mod7.

R =1
3. Ramesh sends R to Suresh.

Scanned by CamScanner
 Crypt. & Sys.
Security (MU-Sem.
6-Comp)
4. Suresh selects 5-18 Key management
another secret tech:
large number 4
i.c. b=4 and calculate Cypt. & Sys
S mod p = 17° mod p such that
= (17x 17% Suresh is ca
17x 17) mod 7 7
S = 4
5. Suresh sends
numberS to Ramesh
6. Ramesh now calculates =S
it's secret key Ry as follows : 8. If R
future.
Rx = S
mod p = S° mod p =4° mod 7
= Ex. 5.2.3
(4x4x4x4x4x4) mod 7
generator g
-
= If
R 1
Show tha
7. Suresh is calculating his secret (i)
Sg as follows :
(ü) HA has
SK = R° mod p
=1' mod 7 B
has
(ii) If
SK'= 1
Calculate
(iv)
O. T KK = Sx then Ramesh and Suresh can agree for future communication. Soln.
:

Ex. 5.2.2 ()) To sho

Solve p=353 and g =3, a =
97 and b=233. In gener
Soln. : Q(0).
By using Diffie Hellman algorithm Where
between 1
a
1
Ramesh and Suresh are agree on two large prime
numbers p =353 and =3. q
AccorG
2
Ramesh selects another secret large random
numbera=97 and calculate R such that
It state=
p =
R= mod 3
mod 353
If
R= 40
For ex
3 Ramesh sends R to Suresh (value of
R=40) As me
4. Suresh selects another secret large random number
b=233 and calculate S such that a=2
S= 'mod p =3*3 mod 353 Calcu
S = 248
Acco
5. Suresh sends value of S to Ramesh
6. Ramesh now calculates it's secret
key Ry as follows :

Ry = S mod p = 248 mod 353

R = l60 ie. 10

Scanned by CamScanner
Chnigu

LOl Crypt. &

Sys. Security
Suresh (MU-Sem.
7. 6-Comp)
is calculating
his secret 5-19
Sy = R° key S as Key management
mod follows
S = 160 p=40 mod : techniques
If Rx =
353
Sg then
Ramesh
future. and Suresh
can
agrce on
Ex. 5.2,.3 same
key and can
communicate
If generator g
2
and n or
in
p
11 using
Show that Diffie
2 is primitive root Hellman
algorithm
t fA has public of 11 solve
the following:
key 9 what
is A's private
) IfB has public key ?
key 3 what is
h) Calculate shared B's private kev ?
secret key.
Soln. :
To show that 2
is primitive root of 11
In general terms, the
highest possible exponent
Q(). to which a number can
belong (mod n) is
Where Qn) is called as
Euler totient function
betweenl and n which states that how many
-1 that are relatively prime to n. numbers are
According Euler's theorem
It states that for every a and n
that are relatively prime.
Tf = mod n
1

For example
As mention in (i)
a
=2 and n=11
Calculate on) i.e. o(11) = {1 to 10 }
=10
According to Euler's theorem

an= 1 mod n

2°= 1
mod 11

1024 = l mod 11

1024 mod 11 = 1 and

Scanned by CamScanner
 Key management
Crypt. & Sys. Security (MU-Sem. 6-Comp) 5-20

Imod 11 = 1

Hence 2 is primitive root of 11.

() If'A has public key 9 then private key is

1. Say A as Ramesh and B as Suresh.

g as a q (i.e.
Representing g=2 =q)
Using Diffie Hellman algorithm
2. Suresh now calculates R such that
mod p (Here q=2 andp =11]
R=
= 2' mod 11 [a is 9 public key]

R= 6

3. Ramesh now sends R to Suresh. such that

3 (it's random
number) Suresh calculates S
key
(uy suresh has public
=
S = 'mod p [g =2,
p= 11, b=3]
S = 'mod p = 2 mod 11

S = 8

Suresh now sending S to Ramesh.

calculating their secret keys individually.
(iv) Now Ramesh and Suresh
:
as follows
1. Ramesh calculates it's secret key Ry
Rg = S modp [S= 8, p= 11, a =9]
8
mod 11=7

as
:

2. Suresh calculates it's secrete key Sy follows

Sx = R' mod p
[R =6, b=3, p=11]
6 mod 11=7

are 7.
Shared secret keys of Ramesh and Suresh
=
Hence, R S=7
algon
our notations mentioned in Diffie Helliman
Note: Inabove example we have solved by using
B denotes Suresh, denotes
a a
and o is same as p. Students
So here A denotes Ramesh,

Use any notations.

Scanned by CamScanner
nttech
echniu

C
Crypt. & Sys.
Securityy
(MU-Sem,
6-Comp)
Ex. 5.2.4 5-21
Key management
A and B tochniques
decide to use
secret no. Diffie Hellman
and exchange key exchange
numbers 6 and where p = 13, g =
() What is common 11.
2, each chooSe
secret key? his om
) What are
their secret numbers
?.
H) Can intruder m
gain any knowledge
and 11. If yes, show from protocol run
how ? if he sees
Soln. : p, 9 of and two
keys o
According to Diffie
Hellman algorithm,
Let us say A as Ramesh
and B as Suresh
Also p = 13 and g=2
Here in our example we
are denoting g as q,
. p 13,
q'= 2
Secret numbers denoted as, a =
6 and b= 11 by using Diffie
1.
Hellman algorithm.
Ramesh and Suresh agree on two
large prime numbers p = 13 and q
=2.
2 Ramesh selects ariother secret no. a
=6 and calculate R such that
R =qmod p
[q = 2, a =6, p= 13]
= 2° mod 13

R= 12

3. Ramesh sends R to Suresh

4. Suresh selects another large random number b = 11 and calculate S such that

mod p [q=2, b= 11, p= 13]

= 2
mod 13
S = 7

5. Suresh sends S to Ramesh

6. Ramesh now calculates it's secret key Ry as follows :

= s modp (S =7, a=6, p = 13)

hm R
7° mod 13

Ry = 12

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Key management 1echria,
5-22

7. Suresh is calculating his secret key S as follows :

=
S R'modp[R = 12, b= l1, p= 13]

12! mod 13

= 12
S
() Shared secret key of Ramesh and Suresh is
= Sx = 12 [A and B = 12]
R
() Secret numbers of Ramesh and Suresh are
R= 12 and S =7
(ii) If intruder m knows P, g and a, b then what willhappen. [Here g = q
Case I : Value of p, q, a, b are known to m represented as,
Ramesh Suresh

p=13, q
=2 p=13, q
=2 p= 13, q =2
Use Diffie Hellman algorithm,
a
After selecting large prime numbers, it's time to select random numbers and b.
The secret random number selected by Ramesh and Suresh are,
Ramesh Suresh

a=6 a=8, b=6 b=11

Case 2 :

Consider m as intruder selected two random numbers say a =8 and b = 6 as his own secret
key, because he wants to calculate value as R and S, as he intercepted conversion between
Ramesh and Suresh

Ramesh Intruder m Suresh

R= mod p R= ¢mod p S= mod p

= 2° mod 13 = 2° mod 13 = 2
mod 13
= 12
R= 9 S= 7
mod 13
= 2' mod 13 = 12

Scanned by CamScanner
 & S/8.
Crypl.
MU-5M. B-Comp) 5-23 Kay managemei!

Case 3 : Following arc the valucs available with Ramesh, Suresth and intruder m

Ramesh intruder m Suresh S

R=9, S = 12
R= 12 S=7
Case 4:

Ramesh sending
his R= 12 to Suresh but intruder m
sending his ownR =9 to Suresh
= 12. Suresh sending his S = 7
to Ramesh, here. again intruder
m
sending his own
instead ofR
values
12 to Ramesh. In this case Ramesh and Suresh doesn't aware that which
value of S=
sending and receiving [Intruder m sending his own value Because his interception].
of

they are
new values with Ramesh, Sureshand intruder m.
Following arethe

Ramesh Intruder m Suresh

12 R= 12, S=7 S=7

R= 12, S=
R=9
m secret keys.
Based on above values Ramesh, Suresh and Intruder calculating
Case 5:

Ramesh Intruder m Suresh

S= 12, a=6, S=7,R= 12 R=9, b= 11

p= 13 a= 8,b=6,p= 13|p=13
Rg=S' mod p

11
= 12° mod 13| Rg= S mod p S =R'mod
=7 mod 13 mod 11
Ry=1
=3 Sç=3

Sy=R'mod p
= 12° mod 13

=1
1 and Suresh
thinking that value of his secret key
is
Ihink what is happening ? Ramesh is
also thinking that value of his secret key is 3.

But actual communication is intercepted by intrude m.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 5-24 Key managementtechnique
P
During real communication between Ramesh and Suresh intruder m
sending
secret keys to Ramesh and Suresh. If Ramesh sending his secret key RK = 1
to Suresh
because of man-in-the-middle attack. Intruder
sending his secret key RK=3 to Suresh
m

In return Suresh is sending his secret key

SK=3 to Ramesh, intruder m sending his sen
key SK =1to Ramesh.

Both Ramesh and Suresh

not aware that
communication intercepted by intruder m
such
type of attack is called as man-in-the-middle
attack.

Chapter Ends.

Scanned by CamScanner
 Ghique

his
Ao oWn
Suresh
Suresh
issecre
CHAPTER
msuch
6 Cryptographic Module 3
Ends..
FunctionsHash

Syllabus
Cryptographic
nash functions,
HMAC, CMAC. Properties of secure
hash function,
MD5, SHA-1,
MAC,

6.1 Hash Functions

Syllabus Topic :
Cryptographic
Hash Functions
6.1.1 Cryptographic Hash Functions
In hash function H accepts a
variable length block
Droduces the fixed of input data called as
size hash value can be represented as M
and

h = H (M)
A good has function provides a property
that hash function is applied on large amount
data input (M) and then produces of
it the fixed amount of output data.
If any bit or bits changes in the data, then whole hash function output
data will also
change.

When hash function provides security application this is called cryptographic hash
functions.

Cryptographic has function is one of the algorithm which is computationally infeasible.

nput is padded with some fixed out of length (For e.g. 1024 bits). It includes original
message in bits and padding bits.

Scanned by CamScanner
 Cryptographíc Hash Funciona
Crypt. & Sys. Security (MU-Sem. 6-Comp) 6-2
difficulty
length ficld produces forte.
Because of these securities will provided, the
withthe same hash valuc.
attacker to create alternative message
L bit

Messago / datablock (M)

Hash value h
H (fixed length)

CryptographicHash Function
Diagram of
Fig. 6.1.1:Block
implementing cryptographic Hash functir
mostly used for to
Cipher Block chaining is
cryptographic hash function.
whirlpool is another popular padding is done.
on original message when
applied
Cryptographic hash algorithm is
bits.
variable length input is added like 1024
ln padding fix value h.
algorithm is applied so it creates a Hash
After this hash function
Cryptographic Hash
6.1.2 Applications of
function. It is mosty
adaptable cryptographic algorithm is the cryptographic hash
Most
application.
used in Internet protocol and security :
are some application which are used in Cryptographic Hash Function
Following
1. Message Authentication
verify or checks the integrity
of

Message Authentication is a nothing but service that

that message.
Message Authentication checks that the data received from
sender which is exactiy
same as sent to receiver. (i.e. content of the data will be
same no modification wll
have done or insertion deletion or updation).
valid or
Some authentication provides a mechanism that checks identity of sender
not.
When Hash Function provides a value, which.is used for message authentea
purpose then that value is invoked as Message Digest (MD).

Scanned by CamScanner
 Crgptographic Hanth
Fiurctin
&
Sys. Security (MU-Som. 6-Comp) 6-3

in which a hash code cAn be helps

many approanches
describcs how
The Fig. 6.1.2(a), autlhcntication.
meSsage
to provide the Recoivar B
SenderA E(KIM|H(M)])
M

M
Compare
K
K Hash
H(M)
Message (Key for (Key for function
encryption) Decryption)
Hash function
Fig. 6.1.2(a)
symmetric encryption.
with hash code that
encrypted using
message is comc from
Message added key, A
secret
receiver shares the same
B or
(a) A and
hash code provides a security
Sender that
der A that must not
be changed. After
authentication.
structure to active ReceiverB
Sender A

Compare
K
E(K,H(M)

Fig. 6.1.2(b)
This minimizes the
symmetric key encryption.
Hash code is
encrypted using. any confidentiality.
6) required
applications that don't
load for those Receiver B
SenderA
M

>Compare

H(MIJS)

Fig. 6.1.2(c)
authentication only use hash function. In
message
encryption required for they communicate with
(C) No same secret key when
process two person shares the
tis
each other.
over adding the original message M and S
value
Sender A calculates the hash
and attach the result of hash value
to message M.

Scanned by CamScanner
 Crypt. & Sys. Cryptographic Hash Funcs
Security (MU-Sem.
6-Comp) 6-4

hash value tocheck

Because receiver can rccalculate the
B processes S and it i
Aeceiver B
Sender A

M M
-
+Compar

K
H(MI|S)
E(K(M|JH(M|jS))

Message Authentication
Fig. 6.1.2(d) : Simplified Examples of the use of a Hash Function for

process and process (c) is encrypted with entire

(a) Confidentiality is added to this
Inessage concatenate with hash code.
process (d) which encrypts the
Process more advantage Over process (a) and
(b) has
whole data or message.

Minimum calculation is required in process (D).

is achieved. Thi.
Using Message Authentication Code
(MAC) message authentication
is also called as a keyed hash function.
two persons for communication that shares the same secret
MAC are used between
two users.
key to authenticate information tránsfer between

A MAC function takes input

as data block and secret key and produce output as hash

value.
MAC function is applied to the original message and the produced result will
be

check or compare with stored MAC value.

2. Digital Signature

It is another important application this digital signature is similar to the message

authentication application.

Operation of the digital signature is same as that of the MAC.

In this approach message with hash value is encrypted with the user's private key. If
anyone wants to check the integrity
of the message with its digital signature when he
knows the users public key only.
For creating a one-way password file we use
the hash functions.
Hash Function password stored
is in the operating system so hacker
that àctual hash value, cannot access

Scanned by CamScanner
 6-Como)
cvpt. & Sys. SeCUrTlY (MU-Sem, 6-5 Cyptogrehin Pfs furetrs

When user cnters a password the hash value of the password is compaed with the
valve for verification purpose.
storcd hash
Hash function is. also uscd for intrusion detection as well
as virus detection.
H
system stores the (F) for cach file.
One
Sender A RecetverB
-

Compare

Digital Signatures
Fig. 6.1.3a) : Simplified Example of
ReceiverB
Sender A

M
PRa PUa
M Compare
K D
E(PRaH(M)
E(K[M|JE(PRa, H(M)

Digital Signatures
Fig. 6.1.3(b) Simplified Example of
:

or modify the message it is possible when he knows the

want to change
If attacker

users private key.

:
as follows
a digital signature is
Hash code is used to provide
sender's private key. This is
Hash code is encrypted with public key encryption the
as well as authentication. Because only sender
used to provide the digital signature
can create a hash value that was encrypted.

3. Other Applicatlon
Hash function. The password
To creating one way password file we commonly used
or
will stored on operating system because of that
hacker cannot access the data that
password file.
is used. Pseudo
the pseudo random function cryptographic hash function
To construct

Random Number (PRNG) is another example. A

common application is the PRF for

creating symmetric key.

Scanned by CamScanner
 Cypt. &
Sys.Security
6.2 (MU-Sem.
Simple 6-Comp
6-6 Cryptographic
Hash Functions HashF
The process
of
value h) transforming
is called as input message m
into a fixcd sizc string (calloa Whe
function hash function
applied on and is denoted by H. Here h is the
it
output
type
input message
m. ofha To
Hash function h = H(m) the
message, protects the integrity of The
then the.contents the message. If attacker tries to modify
applying Hashing of
original message may changed the 1.
algorithm. The most oij:
it can be denáfiea
Here, there popular hashing algorithms are
MD5 and 2
are two SHA
principle. simple hash function, all hash functions are operate
using
(1) The message s
file is like a
simnple input
a sequence of
(2) When it open n-bit blocks.
input is processed
only one block at the
generate an n-bit given time in iterative
hash function.
The simple hash function
is the bit-by-bit XORing
done of every block.
This can be shows
the following ways :
CH = B, B, .....>Bim
Where,

CH, = is i" bit of hashcode, 1

sisn
m = m is the number
of n-bit block in the input
B = .th bit in j"th block
i
= XORing operation
When this operation is perform
it produces a simple parity for
process is known as a each bit location ti
longitudinal redundancy check.
In simple hash function each n-bit hash function
value is equally possible. Thus, t:
probability of that data error will result should
be in unchanged hash value 2 -nincludng
the more predictably formatted data, and this function are
less effective.
We give the input as a simple or normal text files or message,
the higher order bit of a0
octet is constantly zero.

Scanned by CamScanner
 Coypl & Sys. Security (MU-Sem..6-Comp)
6-7 Gyotograhic Hash Functions

When 128-bit hash value is uscd, rather effectiveness of 2 -

128 the hash functin on thi
ypes offiles or message has an cffectiveness of 2 - 112.

To
improve the malter performancc, Use simple ways i.c. one-bit circular shift, and also
valuc after the every block is processed.
rotationon hash
the.
as
steps are summarized by follows
The
zero.
n-bit hash value initially
1.
Set the
every successive n-bit block of data is as follows :
Process the each and
2.
value is rotate to the left by onc bit.
The current hash

Perform the XOR operation in between block and hash value.

any regularities are overcome
of "randomizing" the more completely input and
The effect
appear in the input.
that or rotated XOR.
it is insufficient for simple XOR
L.

hash code is encrypted,

Ifthe Bureau of standards. They used the simple
are proposed by the National
These techniques message and then encrypted with entire
applied to 64 -bit block of the
XOR function and
chaining i.e. (CBC) mode.
message used the cipher block

design are as follows :

We can define the
are consist a sequence of 64-bit blocks A, A, As.... Ay
message M

The
(1)
XOR of every block and attach the
Define hash code h= H(M) as block-by-block
()
hash code as the
final blockS.

h= A+1
= A,
A,..... 0AN
Next, encrypted
message plus hash' code to produce the
Using CBC mode
encrypt the whole
BN+
message B,
B, B3....
we get
cipher block chaining,
For example, the definition of

A, = B-,D (K, B)

AN+1 = B, D (K, BN+)

But, Here AN.is the hash code:
......
A+1 = A, A,
A (K, BN)
= D(K, B,) > B,D (K, B) + .0 BN-D

Scanned by CamScanner
 Crypt. & Sys. Security(MU-Sem. 6-Comp) Cryptagraphi,t
6-8 Hah

Syllabus Toplc: Properties of Secure Hash Functlorn

6.2.1 Propertles of Hash Functlon

hash functions? (Ref. sec. 6.2.1)

Dec,
|Q.6.2.1 What are the propertles of

There are four main properties of has function :

I. It is quick to compute the hash value for any given message.

2. It is
infeasible message from its has value except by trying
to generate a

messages.
3. A
small change to a message should change the hash value so extensively that
hee
bash value appears uncorrelated with the old hash value.
. It is infeasible to find two different message with the same has value.

6.2.2 Characteristlcs of Simple Hash Function

Characteristics are needed in a secure has furiction are as follows

:

1. Hcan be applied to a block of dataof any size.

2. H produces a fixed length output.
3. H («) is relatively easy to compute for any given x, making
both hardware and sof
implementations practical.

4. For any given value h, it is computationally infeasible to find x such

that H (x) =h. Thit:
sometime referred to in the literature as the one-way
property.
5. For any given block x, it is computationally infeasible to
find y #x with H (y) =H(a).
6. It is computationally infeasible to find any pair (x, y), such
that H (x) = H ().
6.2.3 Simple Hash Function Requirement
and Security

(MU - Dec. 17
Q.6.2.2 What is the role of a hash fünction
in security ?
(Ref. sec. 6.2.3)
Dec. 17, 3 Marks
Requirement and Security
Before taking any action, we
need to define the two points.
For a hash value
h=H (m), we can say that m is the pre-image
block whose hash function, of the h. That is m
dala
using function H, is h.

Scanned by CamScanner
ash
Funct

cpt. &
Sys. Securty(MU-Sem,
6-Cormp)
Here, the collision occurs
For we
if A y
region, use and H
Cyptercki Hanh
bere hash (A)= H
undesirable. function (3) efon
NMarks the data,
Assume, suppose the integrity
length and also the
the block of length of
of bits with hash code isn bit,
collitions are
clearly
Here, the b>n. and function
total number of possible H use as inpt
Total number of hash messages messages
values is is 2b. or
Ssible 2.
6.2.4 HashFunctlons Based on
Clpher Block
Without using he sccret Chalning
key. the number
unction based on a cipher block chaining.
of proposal
have been
The Rabin is
made for
proposed first techniques the hash
message M
are divide
that techniques are
The
into working
the fixed size blocks the following ways.
M,... My use
method like. DES to calculate i.e. M,,
hash code following
manner : encryption
HF, = Initial value
HF, = En (M, HF,_)
C= HFN
It is same like a
CBC techniques but in
this particular condition
secret key not used.
the any hash code, that design is likely to
Using is
encryption algorithm is the birthday attack,
and if used
DES. It produced only 64-bit hash the code then the desien is the
accessible.
Ae well.
the birthday attack used the another version
and if the candidate access only one
message
and also used it's correct signature and not attain a multiple signings.,
- Here used the outline:
Individually, assume that the candidate prevents a message
with a signature in the form of
the encrypted hash code and then an encrypted message is m bit long.
1. To calculate the unencrypted
hash, code C used algorithm which is defined at
beginning of the subsection.
2. To design any desired messages in the form of P,, P, P, ....PN-2

3. Count
HE = E, P, HF-) for i s (N-2)

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 6-10 Cryptographic Hash Fu.e

Accomplish 2 any random blocks ; for any block A, compute E, (A, HFE,

accomplish the additional 2m2 any random blocks; for any block
(B, C) whcre the D, is the decryption function like to En
B,
Compute
,
A
probability there will be
5. Place on the birthday paradigm, along high and
E,(A, HFN-2)=D,(B, C).
6. Fromthe message Mi, Mz, M3, ... MN-2, A, B,
this message has the hash

and used the prevent encrypted signature.

This mode of attack is called as meet-in-the- middle-attack.
researcher are proposed insight intended to strength then
the
The number of basic
bloa
chaining approach.
Using example of Davies and price are describe change.
HF = E, (M, HF_) HF,_1
another change proposed the
HF; = E, (HF-, M) M;.

These systems shown to be unsafe variety of attack.

Many of these attacks have also been shown to have weaknesses.

Syllabus Topic : MD5

6.3 MD5 Message Digest Algorithm

It was developed by Ron Rivest. This algorithm takes an input of arbitrary length at
-
128- bit message digest is produced. The input message is produced in 512 bit blocks.
Message
Padding bits
(1 to 512) (n mode 2)
=
L'512 bits N*32 bits

n bits

Message 100.0
512 bits 512 bits + 512 bits 512 bits

Mo
M, M,

128 bits 128 bits 128 bits

t s12A

IV-MDS MD5 MD5 MD5 128 bits

massage
CV,
128
bits digest
Fig. 6.3.1 : Detail steps of Message Digest 5 Algorithmn

Scanned by CamScanner
 Cypt. &
Sys. Security (MU-Sem. 6-Comp) 6-11 Coptograpttr, Manh Frrtinns

a
6.3.1 shows processing of message to produce message digest. Following steps
Fig.
of MDS.
cxplains the procedure
Steps MDS Message Digest
Algorithm

(1) Append Padding Bits

(2) Append Length

(3) Initialize MD Buffer

(4) Process Message in 512-bit

(16 word of 32 bit) Blocks

(5) Output

Digest Algorithm
Fig. 6.3.2: Steps MD5 Message

Bits
(1)
Append Padding
4 message is padded to
make the length of
message
is 448 mod 512, The length of
The an integer multiple of 512.
message 64 bits less thn
the padded
is
a single 1-bitt followed by 0 bits. The length of padding
message consists
The padding
between 1 to 512,
bits is in

(2) Append Length

mnessage is appended to the result of above
step 1. It is appended
64 bits of original
byte.
such that least significant
bytes to most significant
bits.
step yields a message of integer multiple of 512
The output of 2

- ... M, ... ML-. The total length of expanded message is L * 512 bits.
As Mo M,

(3) Initialize MD Buffer

intermediate as well as final result. A buffer is
A 128
- bit buffer is used to store the
as P, Q, R, S.
represented as four 32-bit registers

P= 67452301

Q= EFCDA1389
98BADCFE
R=
S= 10325476.

Scanned by CamScanner
 crypk &
Sys. Security (MU-Sem. Cryptographic Hash
6-Comp) 6-12

t used a little-endian methods, Hence initial values (IV) are represented as,
P =01 23 45 67

Q= 89 AB CD EF

R =FE DC BA 98

S = 76 54 32 10

7 (4) Process Message in 512-bit (16 word of 32 bit) BIoCsS

It consists of four rounds of shown in Fig. 6.3.3. These fourrous

processing
as

have similar structure but differ in primitive logical function referred as A, B, C,D.
and produces 128
Each round takes input:512-bit block, processed it bit output.
T
output of
fourth round is added to the first round C, to produce
addition modulo 2

Ma
}128

16. steps

BTi7.32
16..steps

CT33..48
16.,.steps

P
Q

R.s.
16., steps

|128

Fig.6.3.3 : Four rounds

of MID5 algorithm

Scanned by CamScanner
undion
Grypt. &
Sys. Security
(MU-Som.
6-Comp)
(5) Output 6-13
After processing Cyptographic
Hash Functinns
all L 512-bit
Theentire MD5 process blockS, the
can 128 message
be summnarized bit digest is produced
CVO =IV ns follows as a ontput.
:
CVq+l Sum32(CVq. RFd [ Mq.RFe
( Mq.,RFb
MDSSum = CVI, | Mq, RFa Mq.
[ CVq
11)
.
nds Where,

IV=the initial value of the PQRS buffer, mentioned

in step 3
he Ma = the qth 512-bit block of the messnee
ng CVq = the chaining variable processed with
the q-th block of
message
ar-the round function using primitive logical function a,
b, c. d.
uD5Sum= the final hash result or message digest

Sum32 = addition modulo 232

Syllabus Topic : SHA-1

6.4 Secure Hash Algorithm (SHA)

(MU - May 17, May

18)
Q.6.4.1 Write note on SHA-1 (Ref. sec. .4)
May 17, 5 Marks
Q. 6.4.2 What characteristics are needed in secure hash fünction? Explain
the operation
of secure hash algorithm on 512 bit block. (Ref.
sec.6.4)May 18, 10 Marks
The SHA was developed by NIST in 1993. It is referred as Secure Hash Algorithm-l.
SHA - takes an input message of a maximum length less than 2 bits and produced an
1

output of l60 bit message digest. The overall processing of SHA-1 is much similar to MDS.
The processing is explained as follows.

(1) Append Padding Bits

Padding means addition of bits to the original message. To make length of original
message is padded to make
massage to a value 64 bits less than multiple of 512. The
the length of message 448 mod 512.

Scanned by CamScanner
 Cryptographic Hash Furer
2 Crypt. & Sys. Security (MU-Sem.
6-Comp) 6-14
of
an integcr multiple S12.The,
The length of
the padded message is 64 bits Jess than
many 0 bits as required.
padding message consists of single 1-bit,
a followed by T,
length of padding bits is in between to 512.
1

(2) Append Length

message is appendek
bits of original
block of 64-bit is appended to
A a message. 64
Padding).
message - +
to the result of above step 1 (Original byte.
most significant
bytes to
It is appended such that least significant
(3) Initialize MD5 Buffer result. The bufferis
as well as final
intermediate
160-bit buffer is used to store the
A

as Q, R, S, T, as.
represented as five 32-bit registers P,
P = 67452301
EFCDAB89
Q =
98BADCFE
R=
S = 10325476
T =C3D2E1FO
registen
are same as MD3. These five
method. First four registers
It uses a big-endian
as,
P, Q, R, S, T are represented
23 01
P= 67 45
Q = EF CD AB 89
98 BA DC FE
R=
S = 10 32 54 76
C3 D2 E1 FO
T=
word) Block
(4) Process Message in 512-bits (32 bit 16
as shown in Fig. 6.4.1. These rounds
It consists of four rounds of 20-step each
structure. These rounds used different
referred as F1, F2, F3, F4 have similar
primitive logical function.
bit output. The
Each round takes input 512-bit block processed it and produced l60
output of fourthround is added to the first round CV, to produce CVq+1

Each round also uses an additive constant k, where 0 +s79.

K, = 5A 827999

Scanned by CamScanner
 Cryptographlc Hash Furction
Crypt. & Sys. Security (MU-Sem. 6-Comp) 6-15

K, 6E D9 BB A1

K, = 8F IB BC DC

K4 = CA 62 C1 D6

Output
(5) messagc digest is produced as
After
processing allL 512 bit blocks, the 160 bit

output.
compression function uses
a
feed forward operation where the chaining
The SHA output obtained (last step) after
input of the first round is added to the
variable CVq as shown in
steps to produce the next chaining variable CVg+1
80
execution of

Fig. 6.4.1. CVa

Mg
512 160

Tt32
P Q! R! sl
FK,W[..19]
20 steps

FKGW(20..39
20 steps

Fgk,W[40.,59
20 steps

P
FK,w (60..79)
20 steps

160

CVg+1

Secure Hash Algorithm

Fig. 6.4.1:Four rounds of

can be summarized as follows

The entire SHAlprocess
CVO = IV
KO...191
CVq+l= Sum32 (CVq, F4 [M0..79, F3 M40...59, F2 M20...39, Fl [MO...19,CVq,
l=
K20...39) K40..59), K60...79)
SHAr = CVL

Scanned by CamScanner
 Cryptographic Hash Funcir
Crypt. & Sys. Security (MU-Sem. 6-Comp) 6-16

where.
. a chaining mode
first. block ín
IV= initial yalue of the PQRST buffer, used to deal with the

Mq the qth 512-bit block ofthe message

of nessage
with the q-th block
uYg =the chaining variable processed
output of the first round consisting of 20 steps
F1_]=
output of the second round.
F2]=
output of the third round
F3L]=
P4L]= output of
the fourth round
Sum32 addition modulo 232
message digest
SHAr = the final hash result or
MD5
6.4.1 Difference between SHA-1 and (MU - Dec. 15, Dec. 16,
May ta

Differentiate between
MD-5 and SHA Dec..15, Dec. 16,
May 18, 5 Marke
Q. 6.4.2
(Ref. sec. 6.4.1) fromn each other in desig
differs
MD4. Both are quite similar. They
Both are derived from
goals.
MD5
SHA-1
Sr.
No. message digest. Hence i
uses a 128 bit
message digest. Hence it| It Brute - force
1. It uses a 160-bit SHA1 against
weaker than
is stronger against
Brute - force attacks is
attacks.
than MD5.
against cryptanalysis
SHA-1 is not vulnerable against| MDS is vulnerable
2.
cryptanalysis.

SHA-1 is slower than MDS. MD5 is faster than SHA-1.

3.
to represu
4. It uses big endian method to represent
- thelIt uses a little endian method
message. the message.

5. SHA has 20 rounds. MD5 has 64 rounds.

- are the|In
6. Bit rotation counts for SHA 1
MD5 each round has its 0w

same for all rounds.

|rotation counts.

Scanned by CamScanner
a Crypt. &
Sys. Security(MU-Sem. 6-Cormo)
6-17 Coyptographic Mash Ftens
Applicatlons of Cryptographic Hash Functions
6.4.2
Appllcatlons of Gryptographte Hanh Funetiond

1. Data Authentication

2. Digital Signatures

3. Password Storage

4. Key Generation

5. Intrusion Detection and virus Detection Technique

CryptographicHash Functions
Fig. 6.4.2: Applications of

Authentication
1. Data
identities and ensure that the origin of an electronic message is
of
Usedto
establish proof or
a message has been modified not.
coITectly
identified and to checkif

Signatures
+ 2. Digital
private key and lidentify the proof of message.
message digest using
Encrypt

Storage
3. Password
get
password is compared
with that in the storage: hackers cannot
Message digest of

password from storage.

4. Key Generation
can be made computationally expensive
Key can be generated from digest of pass-phrase;
to prevent brute-force attacks.

5. Intrusion Detection and virus Detection Technique

Keep and check hash of files on system.

Scanned by CamScanner
 Cryptographic Hash Furrir
Crypt. & Sys. Security (MU-Sem. 6-Comp) 6-18

:
Syllabus Topic MAC

6.5 Message Authentication Codes

(MU- May
18,
techniques
authentication ? List various
Q. 6.5.1
What is the need for message
sec. 6.5) May 18,110 Marks
any one. (Ref.
message authentlcation. Explain
a good solution for messa
does not provide
As studied earlier
encryption mechanism the legitimate plain ta
receiver to identify
authentication because it is difficult for the error detection codeinto he
method of
To tackle such type of problem, we can apply the error detection.
can pass the
message so that only legitimate plaintext communication for data
network
are used in the communication channel.
Such type of error detection codes during Te
errors introduced
of data that
integrity verification against the bit fixed-size block is generated
a small
Message Authentication Code (MAC) is K as follows. MAC is als
using secret key
based on a message of variable length
M

called cryptographic checksum.

MAC = C(K,M)
the F
message to receiver B v1a MAC, then
sender A wants to send the secret
lI
condition is to share a secret key K.
message M.
the MAC by applying K to the
1 Sender A calculates
message M and the MAC Hashl
to B
2
A sends the original
uses to calculate its own MAC Hash2 over
receives the
message, B also K
3. When B
message M.
matching is correct then B assures that

4. B now compares Hashl with

Hash2. If
case if Hashl and

has not been changed or alters during transmission. In

Message M message was

Hash2 doesn't match then B

can reject the message, realizing that

changed during transmit as shown in Fig. 6.5.1.

C, = E(k, P)
CG = E(k, [P,C,J }

G= E(k,
P,C,]}

C, = E(k, P, C,-1}}

Scanned by CamScanner
 Fiunctiont
(MU-9om 6-Comp) Coyptograchic Hast
Cypt. & Sys. Security 6-19

Step
1

Step Step 3

Mossngo Messnge Mossage

tn
Sender
A
MAC Sending
MAC

MAC MAC MAC

Hash1 Hashi Hash2

Cormpare

Step 4
Secret key Secret key

Eig. 6.5.1 : Message Authentication code (MAC)

MAC
Slgnlficance of
65.1
MAC ensures that only receiver can identify the original message.
mentioned earlier
modifies the original message he cannot modify the MAC Hashl, in
As M
1.
attacker
Even if modification, receiver's calculations of MAC Hash2 will differ from it.
case of
Hash l used to calculate the MAC is
is not modifying the MAC? Because key
attacker
receiver of the message. The attacker don't know the key used
Why
to sender and
knówn only reason he attacker cannot modify the MAC.
transmission, the
uring not from any third person
assures that message
A

B
is coming from
case receiver
In this only to
2.
key K used at the time of encryption and decryption is known
secret
because the message.
and receiver of the
sender authentication.
confidentiality and
3 MAC provides data
on DES
Code based
652 Message Authentication
Authentication Algorithm.
MACS 1S referred to as the Data
One of the most widely used operation of
Cipher Block Chaining (CBC) mode of
The algorithm is designed
using the
6.5.2.
DES, as shown in Fig, blocks
mode the given plaintext message is divided into
(CBC)
In Cipher Block Chaining plaintext block
each-64-bits blocks get encrypted independently. The
of 64 bits each and
same size (64-bits each).
produces ciphertext of
same key and transfers the
encrypted (DES encryption) using
The given plaintext is
encrypted data (ciphertext) to
receiver.
of
as using the Cipher Block Chaining (CBC) mode
The algorithm
can be defined

DES wth initialization vector

(IV).
operation of

Scanned by CamScanner
 Cryptographic Hash Functita
Crypt. & Sys. Security (MU-Sem, 6-Comp) 6-20

Message M= P,Pz...Pn
Pn
P
P-t
P

K DES
DES oncryption
DES
K DES K encryption
encryption encryption

Ch= MAC|
Cn-1.

operation
CBC mode of
Fig. 6.5.2: MAC design using DES in
Authentication Code (DAC)
Data
Using DES encryption algorithm, E and secret key Ka
also called MAC is calculated as follows.

6.5.3 Mathematical Equation

generation)
(Data Authentication code
Message Authentication code C, or the, leftmost
m
bits of the
of either theentire final block
The MAC code consists
block with 16 <=
m
<=64.
: HMAC
Syllabus Topic

Authentlcation Code)
6.5.4 HMAC (Hash based Message
XOR
Secret key
Transmiting Key ipod

FMessage m

Message digest algorthm

XOR
|Transmitting Key Hash (H)

OS2 Hash (+-)

Message digest algorithm

HMAC

Fig. 6.5.3 : HMAC Operation

Scanned by CamScanner
 Som. 6-Comp)
& Sys. 5ecuTIY (MU 6-21 Cyptograptic Hash Furetiens
Ct
Complete HMAC Operatlon
6.5.44)
Digest, Algorithm: The message digest algorithm used
Message (MDS, SHA-I etc.)
) message whose MAC is to be calculated.
m

M- The input
(D Thesharcd|
secret key used in HMAC

The string
OX36 byte repcated 64 times
ipad d- times
string OX5C byte repcated 64

opad- The

(Two.fixed
and different 64 byte strings ipad and opad)
step 1
OSI = Output of

OS2 = Output of
step 2
must be equal to length of key, i.e. length of
message m

The length
of
key (K) must
Step I: be equal
to number of
bits iin the original message block. For example in original 7
key is 170 bits and message length (i) 512 bits then odd 342 bits into
initial length of
key length and
make it equal size

Secret key
now transmitting and XOR with ipad to produce OS1 (output of stage 2

Step 2: variable).
(OSI is a
step message
to output of
2
Append message
m
i.e. original m
i) added with output
Step 3: of step2 which will produce message digest (OS1 + m)
applied on the output of step 3. This will produce output
The MDS and SHA -1 is
Step 4:
Hash (H).
key
K
with opad to produce output variable called OS2(output of
XOR the secret
Step 5:
step 1)
Hash H OS2Here the message digest calculated in step
with
4 taken into
Step 6: Add
output of step 5.
consideration (Hash H) and appended with
generate
on output of step 6 (0S, + Hash H) to
Step 7: Message digest algorithm is applied
final output called as MAC.
form as,
We can also write above steps in mathematical

HMAC = H(KOopad, H(k ipad, message m))

Where,

HMAC = Final output

k = secret Kay

Scanned by CamScanner
 Cryptographic Hash f,
Crypt. & Sys. Security (MU-Sem.
6-Comp) 6-22

= X OR opcration

M = input message m times.

repcated 64
opad and ipad =
fixcd and different 64 byte strings k and
make length 64
byte (i.e. key
Step 1: Append zeros to the end of key to
must be cqual)
1 with ipad.
Step 2: byte string computed in step
XOR 64 –
2.
from step
Step 3: Appendthe message n m
with 64 byte string resulting
output of step 3.
Step 4: Apply message digest algorithm on
step with opad.
Step 5: XOR the 64 byte string computed in step 5.
byte string generated from
Step step 4 with 64
6: Append hash H output of
step (6)
on output of to geners
Step 7: Apply message digest algorithm (MD5,SHA-)
final output i.e. HMAC.
Code
Message Digest and Message Authentication
O..5 Difference between
Message Authentication Code
Sr. Message Digest Algorithm
No.
algorthe
Authentication Code
1. A message digest algorithm
takes aA Message one 1s a message and anott
takes two inputs
single input like message
.
and
a MAC
digest" is secret key which will produces
produces a "message
as helps us to which allow us to verify and check te
(called hash) which
authentication of the
verify and check the integrity of the integrity and the
message.
message.

Any change to in message the secret k

or
2 Any change to input message
produces different result i.e. different will result in different MAC being
hash being generated. generated.

3. Once the hashis generated which will Without secret key it is not. possible ta
not give any clue to the attacker about attacker to identifies and validate the cored
original content of the message. MAC.

4. Most popular message digest Most popular MAC are MAC using DES

algorithms are MDS and SHA-I CBC mode and HMAC

Scanned by CamScanner
 Sys. Security (MU-Som. 6-Cofnp)
Gypt. &
6-23 Gryptographic Hash Functirno

Syllabus Toplc : CMAC

CMAC(Cipher Based Message Authentlcation Code)

6.6
message authentication
Cipher-bascd codes(or CMACS) are a tool for calculating
authentication codes with a block cipher coupled with a
message secret key. You can use a

prove both the integrity and authenticity of a message.

CMAC to
(Cipher-bascd Message Authentication Code) is a block cipher-based message
CMAC
authentication code
algorithm. It may be used to provide guarantee of
the authenticity and,
integrity of binary data. This mode of operation fixes security deficiencies
hence, the secure only for fixed-length
CBC-MAC(CBC-MAC is messages).
of a
is
the CMAC algorithm
deviation of CBC-MACthat Black and Rogaway
core of
The
underthe name XCBC and submitted to NIST.
proposed. and analyzed
efficiently addresses the safety deficiencies of CBC-MAC, but
XCBC algorithm
The
keys.
requires three
an
Kurosawa planned improvement of XCBC and named the resulting
Iwata and
CBC-MAC ( OMAC) in their papers. They later submitted OMAC1, a
algorithm One-Key
OMAC, and addedI security
analysis.
refinement of
reduces the amount of key material necessary for XCBC. CMAC is
The OMAC algorithm
equivalent to
OMAC1.

00..0

kE Derive Tweak

E
E k-b

Output

Fig. 6.6.1:CMAC

Scanned by CamScanner
 Crypt. &
Sys. Securty (MU-Sem. 6-Comp) 6-24 Cryptographia
Hash

To generate an (-bit CMAC tag (0) of a message (m) using a b-bit block cipher
sccret kcy (k), one first gcncrates two b-bit ky) using the
sub-keys (ky and
algorithm (this is equivalent to multiplication by r and & in a finite field GF(2'),

Let <
denote the standard left-shift operator indicate bit-wise exclusive
and
1. Calculate a temporary value ko =
E(0).
2. a
If msb(ko)
=0,then k = ko <1, else k, =
(ko <K1)
1
definite
C; where Cis
caN
that depends only on b.
(Specifically, Cis the non-leading coefficients

lexicographically first irreducible with

degree-b binary polynomial the minima
number of ones: 256-bit blocks.)
Ox1B for 64-bit, Ox87 for 128-bit, and Ox425 for
3. f msb(k) =0, then k, = k 1, else k= (k <1)
4. Return keys (k, ka) for the MAC generation proceSS.
= =
As a and ko E{0) 01012
small example, suppose b= 4, C= 00112, Tte,

k = 1010, and k, =
0100 0011 = 011l2.

6.6.1 The CMAC Tag Generation Process

... ..,
Divide message into b-bit blocks m = m, | | m- l where m, ny- are comp
M
1.

blocks. (The empty message is treated as one incomplete block.)

2. If m,is a complete block then m,'=k m, else m,'=k, (m, I| 10..0,).

3. Let co = 00...0,.

4. For i=1, .., n -1, calculate c =

Exlc-1 m).
5. Gn=ECn-1 m,)
6. Output t = msbCn).

6.6.2 The Verlfication Process

1. Use the above algorithm to generate the tag.

2. Check that the generated tag is equal to

the received tag.
2.1. Apply the MAC generation process
to M to produce T.

Scanned by CamScanner
 6-Comnl
Security(MU-Sem. 6-25 Cryptographic Hash Functions
a cvpt. & Sys.
return VALID; else, return INVALID.
2.2. If T= 1,
widely used in Govt and industry.
CMACis
message size limitation
Rut it has
paddino
T can be overcome using Z keys and
Cipher-based Message Authentication
Thus forming the
Code (CMAC).

Chapter Ends...

Scanned by CamScanner
 Module3
CHAPTER

Digital Certificate

Syllabus
Digital Certificate : X.509, PKI.

Syllabus Topic : Digital Certificate X.509

7.1 X.509 Authentication Service/ Digital Certificate

> (MU - Dec. 15, Dec. 17)

Q. 7.1.1 Give the format of X.509 digital certificate and explain the use of a digital
signature in it. (Ref. sec. 7.1) Dec. 15,5 Marks

Q. 7.1.2 What is a digital certificate? How does it help to validate the authenticity of a
user? Explain the X.509 certificate format. (Ref. sec. 7.1).Dec. 17, 10 Marks
Digital certificate is an electronic file that is used to identify people and resources over
insecure channel or a networks called Internet. Digital certificate also enable secure.
confidential communication between sender and receiver using encryption.
For example when we travel to another country, our passport provides a way to establisi
in the
Our identity and gain entry. Digital certificate provide similar identification

electronic world.
authorized digta
The role of Certification Authority (CA) is to issue certificates with
to validate
signature. Much like the role of the passport office, the role of the CA is
so that it cannot be tamperco
certificate owner's identity and to sign":the certificate
unauthorized user.

Scanned by CamScanner
 Security(MU-Sem. 6-Comp)
& Sys. 7-2 Digital Certificate

CA has signed
a
certificate, the owner can present web
Once a their certificate to people,
network resources to
provc their identity
for communications over
confidential
sies andchannel.
insecure
standard called as X.509 defines Structure of digital certificate. The International
Telecommunication
A Union (ITU) permittcd this standard in 1998.
of K.509 digital certificate.
71.1.shows structure
Fg.
Digital Certificate contents
Certificate version number

Certificate serial number

Algorithm for signature identifier

Certificate Issuer name

Validity Details

Name of the certificate owner

Public key of certificate owner

Issuer unique identifier

Owner unique identifier

Extensions to certificate

Certification Authority (CA) Digital Signature

Fig. 7.1.1:Structure of X.509 Digital certificate

to
A standard typically includes a variety of information pertaining its
digital certificate
ateT nd lo the Certification Authority (a trusted
agency that can issue digital certificate)

L Cerificate yersion number

Ienifies X.509 v3.
a particular version of.the X.509. Current version is
2 Certfcate
serial number
Uniqpe
inte ger
number generated by certification authority.
Algortbn
for signature identifier
Identfies
Salgorithm used by the certification certificate.
authority tto sign the

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. 6-Comp) 7-3 Digital Certificate

4. Certificate Issuer name

The name of the Certification Authority that issued the certificate.
5. Validity Details
The validity period (or lifetime) of the certificate (a start and an end date).
6. Name of the certificate owner

The name of the owner and other identification information required

for identifying the
owner such as email id and contact details.
7. Public key of certificate owner
Certificate owner's public key, which is used to encrypt confidential information of tha
certificate owner.
8. Issuer unique identifier
Indentify the CA uniquely i.e. whether single CA signed it or is any CA using sare
details.
9. Owner unique identifier
Indentify the owner uniquely if two or more owner has used the same name over a time.
10. Extensions to certificate

This is an optional field which allows a CA to add additional private information to

certificate. These additional fields are called as extensions of version 2 or 3, respectivel.
11. Certification Authority (CA) Digital Signature

In creating the certificate, this information is digitally signed by the issuing CA. The CA
signature on the certificate is like a tamper-detection seal on packaging any tampen
with the contents is easily detected.

7.1.1 Importance of Digital Certiflcate

Digital certificates are based on public-key cryptography, which uses a pair,of kj*
encryption and decryption. A digital certificate can securely attach your identily
verified by a trusted third party, with your public key.
As defined carlier digital certificate is a mechanism for users to obtain assurance abe

identity and authenticity of a web site.

Scanned by CamScanner
 & Sys. Security
Coypt. (MU-Sem. 6-Comp)
iicale 7-4 Digital Certificate
By inspecting the digital certificate on a
web site, users
can help prevent identity theft and
fraud.

For example; a phishing site set up by

attacker which
an online banking web shows itself as a legitimate web site
(such as site) can be identified
certificate. by using invalid i or absent of digital
are implemented
certificates
Digital as part of a set of security
Secure Socket Layer (SSL). mechanisms provided by
the
SSL encrypts all data sent between a sender computer
and a remote computer (server) to
prevent data from reading during transmission
process from a
Wee will
study SSL in unit IV. sender computer to the
server computer.
f the can create their
online digital certificate;
A
general user
lot of third party agencies
companies providing facility of creating users own digital
certificates.
Syllabus Topic : PKI
Same

19 Public Key Infrastructure (PKI)

ie.
lo721 What is PKI ? Explain the different PKi Architectures. (Ret. sec. 72)
0722 Explain Public key infrastructure X.509 with the help ofarchitectural block
diagram. (Rèf. sec: 72)
to a
ely. 0.723 Does a public key infrastrücture use symmetric or
asymmetric encryption?
Explain your answer. (Ref. sec.
se
7.2)
CA'S Pabli:Key Infrastructure (PKI) is cryptographic technique used to secure electronic
ering Dlornation with the help of certain techniques such as digital certificates and digital
SIgnature and transmission of this infomation securely over internet.
PKl consists
of certain security policies, software's and techniques that are required for
Eey generation, key management, secure storage of generated keys and distribution
s for FEnerated
keys.
y, as A
public key and
infrastructure a number of services
toshnologies.,
is created by combining
the
To complete this technology, there are various components
of PKI are
t Tequired.

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem.6-Comp) 7-5 Digital Certificate

7.2.1 Components of PKI

For this framework to be functional, we need various components of PKI,

Following are the different components of PKI :

1. Certification Authority (CA)

2. Registration Authority (RA)
3. PKI clients
4. Public key certificate/ digital certificate
5. Certificate Distribution System (CDS) Repository

7.2.1(A) Certification Authority (CA)

Q.72.1 List the certifying authorities inindía and worldwide Also list the steps to acquire
the digital certificate. (Ref. sec. 7.2.1(A)
As mentioned in previous section Certification Authority (CA) is a trusted
unit that helps
to issue certificates.
A CA takes the certificate request from owner, verifies the
requested information
according to the terms and conditions of the CA, and yses its private key to
apply digital
signature to the certificate.
Responsibility of the CA is to identify the correct identity of the person
who asks for a
certificate to be issued, and make sure that the information contained within the certificate
is legal and later digitally sign on certificate.
The CA may generate a public key and a private key (a key pair) or the person applyng
for a certificate may have to generate their own key pair and send a signed request
containing their public key to the CA for validation.
After the verification from CA it sends certificate for final verification to registration
authority (RA).

7.2.1(B) Reglstration Authority (RA)

Registration Authority (RA) acts as an intermediate entity between the Ceru

accepting
Authority (CA) and the certificate owner responsible for to user
registration and
requests for certificates.

Scanned by CamScanner
 & Sys. Security (MU-Sem.
Cpt.
ificate 6-Comp)
7-6 Digital Certificate

User registration is the process

of collecting user
which is then used to register a user information and verifies user identity,
according
lo policies of CA and RA.
CA and RA mutually
Both authenticate
user's identity and
completion offregistration process. then issuc certificates upon

121(C) PKI
Cllents

The users which request CAs or RAs

to issue certificates
arc
dioital certificate called to as PKI Clients. To
from a CA, a PKI
client necds to perform
three steps:
the below
Banda request to generate a
1. publiC and private key
pair. The key pair contains
details of the client. the
AThen sends request to the CA Tor the CA certificate
through RA.
ar Verification from
uire CA and RA client can use certificate prove
to itself authorized
user and certificate owner.
helps Bory communication between a
client and the CA is secure because client
is responsible
for ensuring the security
of its private key. If the private key is lost or stolen,
then the
ation encrypted message cannot be decrypted or any unauthorized person can uses
ligital
this private
key ta decrypt the messages.

721(0) Public Key Certificate/ Digital Certificate

for a
ficate Refer section 7.1 for digital certificate.
121() Certficate Distribution System (CDS) Repository
lying
quest
Ine Certificate Distribution System '(CDS) distributes certificates to users and
gduzations. Certificates have a specified life time,
ation but CA Scan reduce this life time by
he process known as
certificate revocation.
The
CA publishes
Certificate Revocation which mentions serial number so
Carificates
List (CRL)
which are no
longer usable, reasons for certificate cancelation, and date when
icate Opply for new
certificate.
pting Cerificate
can distributed
Sevice to the users directly or distributed with the help of a directory
sevet. CDS
distributes certificates with the directory service server.
in support

Scanned by CamScanner
 Crypt. & Sys. Security(MU-Sem. 6-Comp) 7-7 Digital Certificate
2
The role certifiçate distribution system is to perform following tasks:
Generate public and private key pairs. Certify the validity by signing with public key.
o Revocation of expired or lost keys.
Distribute or publish the certificate along with the public keys in the directory service
server.

7.2.2 PKIApplications /Services

Different services increase the importance of PKI like : e-mail, secure file transfer.
document management services, remote access, e-commerce and Web-based transaction
services etc.
E-Mail and Messaging

Secure e-mail and messaging use key pairs for encryption of messages and files, and for
digital signatures. The most common secure c-mail / messaging protocol is Secure
Multipurpose Internet Mail Extensions (S/MIME), which extends the Multipúrpose Intemet
Mail Extensions (MIME) standard.
Web Access
Browsers and We observers use encryption for authentication and confidentiality and for
applictions like online bank in and online shopping. Typically, using Secure Sockets Layer
(SSL), servers authenticate themselves to clients. SSL also encrypts traffic.

Chapter Ends..

Scanned by CamScanner
tificate

CHAPTER
key.
Module3
service 8 Authentication
Protocols

ransfer,
saction
Syllabus

User
Authentication
and Entity Authentication,
One-way and mutual
Needham Schroeder Authentication authentication
and for schemes,
protocol, Kerberos Authentication
Secure protocol.

Internet

Syllabus Topic: User Authentication

y
and for 81 User Authentication
ets Layer
is a process that allows a device to verify the identity of someone who
I'ser authentication

Coanects to a network resource.

Dter Ends..
There are many technologies currently available to a network administrator to authenticate

Firebox authenticates user

User enters name User connects to

and password network resources

Fig. 8.1.1: User Authentication

Scanned by CamScanner
 Cypt. &
Sys. Security (MU-Sem. 6-Comp) 8-2 Authentication
Protocols

Authentication is very important when you usc dynamic IP addressing (DHCP)

computers on the trusted or optional network.

It is also important if you must identify your users betore you let them connect to
resources on the cxternal network.

To get access to services such as HTTP or FTP the user types a

domain along with their
login name and password.
For the duration of authentication, the user name
is associated with connections comin2
from the IP address from which the user
authenticated.
This makes it possible to monitor not
only the computers from which connections
originate, but also the users who start
the connection.
While the user is authenticated, all the connections
that the user starts from the IP address
include the session name.

8.1.1 Means of User Authentication

Four means of authenticating user's

identity based on something of
the individual
1. knows - e.g. password, PIN
2. possesses - e.g. key, token,
smartcard
3. is (static biometrics) - e.g. fingerprint,
retina
4. does (dynamic biometrics) - e.g.
voice, sign
Can use alone or combined.
All can provide user authentication and all
have issues.
Syllabus Topic : Entity Authentication

8.2 Entity Authentication

pk
(sk, pk) 4 Gen
B1
at-Ps(B -)

ls it Chatie?

Fig. 8.2.1: Entity Authentication

Scanned by CamScanner
 (MU-Sem. 6-Comp) Authentkcation Protocols
Security
Copt. & Sys. 8-3

Thecommunication betwcen
the prover and verificr must be authentic.
must generate (p,, s,) Gen and convinces others
establish electronic identity, Charlie
To
public information p, represents him as show in Fig. 8.2.1.
that the
i or her opponent
authentication protocol must convince the verificr that his
cnntity
The
possesses the secret S:
authentication protocol is ifunctional if an honcst verificr Vk
entity
An

Always
accepts an honest provider P-
Physical and Legal
ldentities
821 network with
set up a
authentication is possible only if all participants have
Entity
communication links.
authenticated
1.1.11.3 1.1.11.5

1.1.10.2

1.1,10.3
1.1.10.1
Identities
Fig. 8,2.2: Physical and legal
to establish a convincing
bound between
- A role of a entity
authentication protocol is
identities.
tysical network address and legal
locations and move from one physical node to
Agne legalidentity can be in måny
physical
zncber node.

B3 Authentication Protocol

Authentlcatlon Protocol

1. One Way Authentication

2. Mutual Authentication

Fig. 8.3.1: Authentication Protocol

Scanned by CamScanner
 K Crypt. & Sys. Security (MU-Sem. 6-Comp)
8-4 Authentication Protocols

1. One Way Authentication The m

client
As defined earlier authentication mechanisms
help to prove the identity of the sender of
the message. data ser
Authentication mechanisms ensure that who sends WNh
the message i.c. origin of an electronjc 8.3.1
message is correctly identified.
One-way authentication refers to the authentication In orde
of only one end of communication protoco
users. For example, One-way
authentication follows the flow : If there are two users, user
A and B wants to communicate with each channel.
other user B authenticates user A, but user A
cannot authenticate user B. This process called one-way To achie
authentication. Finally the
integrity and originality of message is confirmed. Key Dist
There are different factors of authentication mechanisms
used to give -strength for If sender
authentication. First method is known as one-factor
authentication. Password is the for sessic
example of one-factor authentication because it is
something that we know. people w=
Any operating system firSt ask for a user name and then
for a password. It then lookS up group me
the name in a password table and sees if the passwords
match. This is known as a capable t
reusable password since the same password is used for each login.
requested
Second method of authentication is known as two-factor
authentication. Withdrawing
cash from an ATM machine is an example of two-factor Authentica
authentication. For authentication
present the ATM card (something we have) and enter key of eac
PIN (something we know) or use of
one-time passwords - a new password must be used for each login. The secret
securely
2. Mutual Authentication tra
There are
Mutual authentication also called as two-factor authentication.
Mutual Authentication is a
protocol
security mechanism used to authenticate sender with the receiver.
Sender must prove its
ca
identity to a receiver, and the receiver must prove its identity to the sender,
before any
unwanted threat sent between the sender and receiver. S
83.2
For example : If sender wants to communicate with the receiver over networks they must Needt
first mutually authenticate each other. The
first m
Meaning is that when sender A sends confidential mesage which is intended to receiver approach
B. IfB can decrypt the message using A's public key, then B has verified tht the message generation w
originated from A. Necihanm a?

Both communicating users (sender and receiver) are verifying each other i.e. mu an
authenticatio
Communicati
authentication mechanisns helps to verify identity of the sender.

Scanned by CamScanner
Authentication
(hMU-Sem. 6-Comp)
Protocols & Sys. Security 8-5
Authentication Protocols

most important application of mutual authentication

tity of The is that communication betwèen
the sender machine and server machine over a network must be sccure
client before performing any
of sending and receiving process.
cigin data s
of an electronic is
a
Need of Mutual Authentlcatlon Protocol
Why there ?

d of communication order to achieve authentication there must

mutual
be certain provision of somne
In
e are two protocols which suppose to verify identity of the sender over an
s user
users, user insecure communication
A, but user channel.
ication. Finally A the protocols depends on an authentication server
achieve this goal most of
the To
also called
(KDC).
Key Distribution Center
o
give -strength A establish secure Communication with receiver B,
wants to a

n. Password for If sender then can request A

the session key from Key Distribution Center for communicating with B.
now. for If group of
people
wants to securely communicate with Key Distribution Center
Drd. It then providing every
then looks up group member
a
single key called
a
master key or secret
key. Authentication servers are
This is
known as a capable to delivers good quality session keys and distribute
securely to client who
requested it.
ation. Withdrawing bentication server also maintains a table containing a name and a master
. key or secret
For authentication key of each client.
we know) or use of
The cecret key isused to authenticate client to the authentication server and
then for
securely transmission
of data between client and the authentication server.
There are different protocols are used to perform this task but among this the well known
a protocol called as Needham-Schroeder Protocol.
Authentication is
nder must prove its
any Syllabus Topic : Needham Schroeder Authentication Protocol
sender, before
8.3.2 Needham - Schroeder Protocol
must
networks they
e tist mutual
Ppioachwas
protocol was published in 1978 by Needham and Schroeder. This
receiver proposed for various purposes that includes secret-key and
ntended to 3enration and distribution
public key
message of those keys between sender and receiver.
edthat the Necdham
and Schroeder protocol uses a an
authentication
secret key known to the sender and also to
mutul server.
Sender and receiver share
other i.e. communication
a secret key and use it for secure
with authentication server.

Scanned by CamScanner
 Cypt. & Ss
Authentication
Protocols
Now
6-Comp) 8-6
& Sys.
Security
(MU-Sem.
Slep 6: sess
4Cypt. Needham-Schroeder Secret-key Protocol
main
Detall steps of server for communication
rcquests for session key to authentication
a The
authenticatie
Sender
A

8.3.2. The message sent

by A
to authentication
as shown in Fig.
:
Step 1 B
possible
with receiver network address Na, B's network. address
secret key Ka, A's
server includes A's not
a nonce.
nonce is basically a random number used to demonstrate the
A
wes
Nb and sa Another
request sent by A to authentication
freshness of request denoted by N. The
a

format denoted by, ticket to Bi

which is in encrypted steps.
E (Ka, [Na, Nb, N]) last3
a key Kah
: Authentication server returns a message, containing newly generated
Step 2 nonce N to matrk
(used to encrypt communication between sender and receiver),
the response received from authentication
server with the request sent), ticke

(contains the same shared secret key Kab, as well as the name of the sender
A

encrypted with B's secret key Kb and whole these

message encrypted with sender
can read it. The message
private key or secret key Ka to ensure that no one else
that authentication server sends back to A can be expressed as :
E (Kab, N, {A, Kab} Kb, B,Ka

After receiving replay from authentication server, sender decrypt the ticket
and
Step 3:
sends the ticket {A, Kab) to the receivet B. A sends the ticket to B which is not u
encrypted format because it was previously encrypted by authentication sen
using B's secret key Kb.

(A, Kab) Kb
Step 4: B decrypts the ticket received from A using the secret key Kb and compar
sender identity. B is again encrypting the ticket using shared secret kèy Kab and

8.4
generates nonce N1 and sends it back to receiver. This can be represented as Kerber
E (N1) Kab
In this step B got the session key (Kab) for communicating securely with A. .8.4.1
Q.B42 Exp
Step 5: Sender is decrypting the nonce N1; using the shared secret key Kab this proveu
Exp
senders identity. The sender sends response N1+1 encrypted using ne (Re
secret key Kab. Keberos

EN1+ 1) Kab. confirm is

tick

Scanned by CamScanner
 Security(MU-Sem. 6-Comp)
entication SYs. 8-7
cpt. & Authentication Protocols
Protore
Ocols scnder
A
and receiver B
can
Now securcly communicate with cach other using
or session key gencratcd.
communication
to authenticaion weakness of this protocol is that for large networks it is not
The
main possible for single
s network suthentication server to gencrate and distributc number of session key which is
practically
address
o demonstrate possible.
not
hentication the weakness is that if session key bctwcen sender A and recciver B
server Another is stolen, and the
attacker can casily copy
B is recorded, the contents of a
ticketto
sender by performing A

steps.
Jast 3
enerated 3. Authentlcatlon request
key Kh
nonce
N (to match
quest
sent), ticket
of the sender 1. Request
A)
pted with sender
it. Themessage
Sender A
2. Replay Receiver B
Authentication server

wpt
the ticket and 4. Authentication response
B which is not in
5. Sender responds to receiver
mentication server

Fig. 8.3.2: Needham - Schroeder Secret-key Protocol

Syllabus Topic : Kerberos Authentication Protocol

Kb
and compara
cret kèy Kab and 84 Kerberos Authentication Protocol
resented as
(MU - May 16, May 18)

A. 841 Explain working ofKerberos.(Ref. sec, 8.4) May 16, 10 Marks

ely with
proved t
2 Explain Kerberos protocol, that supports authentication
in distributed system.
ab this (Ref, sec. 8.4) May 18, 10 Marks
shas
using the Keberos is
also as we a
called authentication protocol. Like when to start in journey need
confirn
ticket then only we can do our journey safely.

Scanned by CamScanner
 8-8 Authentication
Crypt. & Sys. Security (MU-Sem. 6-Comp) Protocols

prove thc identity 2.

K
the tickét as token -to
a
of the
Kerberos uses the concept
of user.
Windows 2000 server as
a
default authentication
Microsoft introduced Kerberos in

protocol.
as a token that proves thc identity of a user.
Kerberos uses the concept of a tickct
tickets
.
Tickets are digital documents that store session keys. Instead of password,
any Kerberos services.
issued during login session and then can be used in
:
For client authentication phase requires two tickets
Ticket Granting Ticket (TGT), which act a identifier for user and session key
A service ticket to authenticate user to gain access to user for particular service.

Th same. concept of ticket is used likewise we use railway tickets it has time duration
expiration dates after that ticket become invalid.
In Kerberos these ticket includes different contents like time stamps to indicate an, stat

and expiration time, after time expiration the ticket become invalid.
The timestamp is the timeset by Kerberos administrator depending upo how much time
service is required to the client.
1. Kerberos Servers
To accomplish the task of secure authentication, Kerberos uses a trusted third partyi
called a Key Distribution Center (KDC).

The KeyDistribution Center uses two techniques for authentication :

Authentication Server (AS), which performs user authentication.

Ticket- Granting Server (TGS), which permits/ grants tickets to users.

The role of an Authentication server is to store a.database like secret key of the Use
and its services.

The secret key of a user is generated using one-way hash of user provide passworo
netwo
The-main aim of the Kerberos is provide centralize authentication of entire 3,
-than storing the sensitive information at each user. machine, the
Ses
rather
information will be maintained at particular secure location only.

Scanned by CamScanner
 Security (MU-Som. 6-Comp) 8-9 Authentication Protocols

Authentication
Kerberos
Authenfication
server
Cleartext servico request
Client
Clent-TGs session key

Ticket-Granting ticket

Ticket-Granting
|Ticket-Granting ticket Server

Authenticator 1
Client

Clear-to-server ticket

Clear-server session keyo

Service
Clear-to-server ticket

Client
2
Authenticator

Authenticator 2 response

Fig. 8.4.1: Kerberos athentication process

This phase is called as Authentication phase because during this phase only
authentication can be done bétween authentication server, ticket-granting server and
srice provider.
As shown in Fig. 84.1, first client and authentication server authenticate themselves
to each other.

Chent and Ticket granting server authenticate themselves. Finally client and
Tequestedservice provider authenticate themselves to each other regarding which
nformation/ service
. Authentlcatlon
client wants.
Details
Daing authentication
phase user username and password on the client
Tmachine
which
has to provide
cryptographically hashed to create a secret key for the client.

Scanned by CamScanner
Cypt. & Sys. Security (MU-Sem. 6-Comp) 8-10 Authentication
Protocols

After client verification done with authentication server, AS will replies the following
details to client as shown in 8.4.1.
The client Ticket Granting Sever (TGS) session key Kt, cncrypted using che..
secrets key Ke (which now storcd in authentication server).
The Ticket Granting Ticket (TGT) encrypted using the secret key of the Tieh.
granting server. The ticket granting ticket includes the client ticket granting se
session key Kt and its validity period.
The client now decrypt the Ticket Granting Server session key Kt using his secret ke
Kc. To request as service client sends following two message to Ticket Grantin
Server (TGS).
The Ticket Granting Ticket and the name of the service Sr that client wants t
request.
Authentication token which includes client ID and time stamp, encrypted using

client ticket granting server session key Kt.

Upon receiving all the details from client Ticket Granting Server decrypts the Ticke
Granting Ticket using Kt, thus retrieving the client Ticket granting server session key
stand the validity of the ticket granting ticket. If it is valid then Ticket granting Serve
sends following messages to the çlient.
New client server session key Ksc, encrypted using TGS session key Kt.
Client to server ticket, encrypted using specific services key Ks, known to Ticke
Granting Server only. (Client to server ticket contains the client D, netwi
address, validity period and the client server session key Ksc).
Upon receiving all the details from Ticket Granting server client decrypt the cien
server session key Ksc, and authenticate him to service Sr by sending following

messages.

The client server ticket sent by the ticket granting server in previous step.
The client ID and the time stamp encrypted suing client server session key hs.
The service provider decrypts the client to server ticket using secret key NS
server sessiot
obtains the client server session key Ksc. With the help of client
stamp information. To proveu
Ksc, service provider decrypt the client ID and time o back #
it
stamp by l and send
final identity service providers increment the time

client.

Scanned by CamScanner
 & Sys. Security ((MU-Sem. 6-Comp)
8-11
Authentication Protocols
The client decrypts and verifies this
responsc using
Once this verification get succccd, client to server
now client - session key Ksc.
server can
Kerberos protocol was specially start.
design to check
the authentication of
insccure network. the client over
Two types Kerberos versions are exits
i.e. Kerberos 4
and 5.
DIference between Kerberos Verslon 4 and Verslon 5

Kerberos version 4
Kerberos version 5
Na.
Kerberos v4 was released prior to
the The version 5 was
1.
version 5 in the late 1980's. published 1993, years
after the appearance versionin
of 5.
Ticket support is Satisfactory in this Ticket support is well
2.
version
extended. Facilitates
forwarding, renewing
and postdating
tickets.
nses the "receiver-makes-right"
| It uses the. ASN.1 coding system.
encoding system.

Since the same key is used repeatedly In V5 this is avoided by requiring a sub
to gain a service from particular
session key which is used only for one
server, there is a risk that an attacker connection.
replay messages from an old
.

can
session to the client or server.

s.Kerberos V4 uses DES encryption In Kerberos V5 the cipher text is tagged

tochniques with an encryption type identifier hence
any type of encryption can be used.

6. Kerberos uses IP addressing Kerberos V5 can use any address since the
address is now: tagged with type and
length.
1.
|In V4the ticket lifetime has to be In V5 ticket lifetime one can specify an
specified in units of 5 minutes. explicit start and finish times allowing
arbitrary lifetimes.
can contain now
O
only a few IP addresses Kerberos V5 tickets
contains
and other addresses for types multiple IP addresses and addresses for
of

protocols.
network protocols. different types of networking
Chapter Ends...

Scanned by CamScanner
 value
Hash on
signature
signa
Digital te
Module 4 9 algorithms
CHAPTER First
1. corresp
Digital Signature Schemes Next s
2. genera
Third
3.

messa
Syllabus
-
Digital Signature Schemes RSA, EIGamal and Schnorr signature schemes.

9.1 Digital Signature

(MU- May 16, Dec. 16)

Q. 9.1.1 What is a digital signature? (Ref, sec. 9.1) May 16, Dec. 16, 4/2 Marks

Digital, signatures are essential in today's modern world to verify the sender of a
document's and his identity. As ment
A digital signature is represented in a computer as a string, of binary digits and computer is key, wh

using a set of rules and regulations (algorithm) to identify the person signing the document
as well as the originality of the data can be verified.
Public k
Every
A digital signature is defined the signature generated electronically from the digital
signatu
computer to ensure the identity of the sender and contents of the message cannot be
modified during transmission process. 9.2 Dig

Digital sighature techniques achieve the authenticity, integrity and non-repudiation of the
data over Internet.
to
Concept of digital signature is that sender of å message uses a signing key (Private Key)
sign the message and send that message and its digital signature to a receiver ove
insecure communication channel.
The receiver uses a verification key (Public Key) of the sender only to verify the origna
the message and make sure that it has not been tampered with while in transit as shoWu
Fig. 9.1.1.

Scanned by CamScanner
 CrYpt. &
Sys. Security (MU-Som.
6-Comp)
9-2
Digital Signature Schernes
Hash value of a
meSsage when
encrypted with
Signature on that e-Document. the private key of a person is, his digital
pigital signature is an cxample of
asymmetric
algorithms to complcte the proccss. key cryptography
which uses three different
1. First step is key generation
algorithm which
corresponding public key. generates private key and a

2. step signing algorithm

Next
which sclects
generated in step 1, to produce a sending message
signature. and a private key
3.
Third step is signature verifying
algorithm which
message and public key. verifies the
authenticity of sending

Sonder
Rocoivor

Confidontial
dooument Sgnatura Insecurg
or massage Soommunication
chahnel Vatication

Sender ptvate.
H koy (signing key) Sender publio
key (vertfication key)

Fig. 9.1.1: Digital Signature block diagram

- AS mentioned above the signature is generated with the
help of private key. The private
key, which is never shared, is used
in signature generation, known to sender only.
Public keys, which are known by everyone, can
be used to verify the signature a sender.
of
Every sender and receiver having a private and public key pair, the reason digital
signature called public-key cryptography.

9.2 Digital Signature Goals

Digltal Slgnature Goals

1. Message authentication

2. Message integrity

3. Non-repudiation
Fig. 9.2.1 : Digital Signature Goals

Scanned by CamScanner
 Crypt. &
Sys. Socurity(MU-Som. 6-Comp) Digital Signaluro
9-3 Schorns

1. Message authenticatlon

A digital signature technique can provide message authentication. Digital signature is used
to establish proof of identities and cnsure that the origin of an clectronic message :.

correctly identificd.

2. Message integrity

Digital signatures are used to detect unauthorizcd modifications to data which assures tho
the contents of massage are not changed after sender sends but before it reaches t
intended receiver.

3. Non-repudiation

There are situation where a user sends a message and later on refuses that he had sent that
message. This is known as non-repudiation because the person who signed the documezt
cannot repudiate the signature at a later time as shown in Table 9.2.1.

Table 9.2.1l : Ditferences between Paper Signatures and Digital Signatures

Sr. Security goals Paper signature? Digital Signature

No.

1. Message Paper signature may be forged. Digital signature cannot be

Authentication copied.

2. Message Integrity Independent to the contents of Depends on the contents of the

the document. document.

3. Non-repudiation Paper signature required| Any computer user can

in
handwriting expert to achieve achieve non-repudiation
non-repudiation. Digital Signature.

areas
Now-a-day's digital signature techniques is used in many application
like sends

connpa
all software
confidential e-mails, during secure payment transfer and possibly or
to achieve authentication and integrity D
universities, educational institutions those want
confidential information.

Scanned by CamScanner
ure
Schemes Copl. & Sys. Security (MU-Sem. 6-Comp)
9-4 Digital Signature Schemes
Syllabus Topic : Dlgltal
SIgnature Schemes
ture
is used olrital Signature Algorithms/ Schemos
message
is
> (MU - May 16, Dec. 16)
9.3.1 Explain any digital signature algorithm
la.
(Ref. sec. 9.3) In detail.
e
May 16, Dec. 16, 6/3 Marks
Ssures Following are the widely uscd digital signature
that schemes to generate the digital signatures.
eaches to Dlgital Slgnature Algorlthms/
Schemes

1. RSA signature scheme

2. Digital Signature Standard

sent that (DSS))

document 3. EIGamal scheme

Fig. 9.3.1 : Digital signature schemes

Syllabus Topic : RSA Signature Scheme

e 93.1 RSA Signature Scheme

Ron Rivest, Adi Shamir and Len Aldeman have developed this algorithm
(Rivest-Shamir
not be Aldeman)
It is a public-key encryption algorithm. It is a block-cipher which converts
in 1978.
slain text into cipher text at
sender side and vice versa at receiver side.

of the o The algorithm works as follows :

1. Select two prime numbers a and b where a # b.

can 2. Calculate n =
a*b
n in 3. Calculate (n) =
(a-1) * (b-1).
* Select e such that, e
is relatively prime to o(n) i.e. gcd (e, o(n)) =1and1<e <o(n).
5, Calculate of such
ending that d = e
mod o(n)
or ed
anies, mod o(n) = 1.

their Public key= fe,n), private key = {d,n).

Signature Generation
Use private
key = {d,n)

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Digital Signature
9-5 Schemes

Compute signature S= Pmod n where, P <nand

=
Where S= Generated Signature, P = Plaintext, c Encryption key andn= Block size

8. Signature Verification
Use signer's Public Key (e,n) and Compute Vm
n
Vm S
m°modn
mod

Verify if V,(Verified Message) =m (Original Message)

Both sender and receiver know the value of n. In addition, the sender nust knre.
encryption key 'e' and receiver must know decryption key 'd'.

Syllabus Topic : ElGamal Signature Scheme

9.3.2 EIGamal Scheme

The word cryptography is incomplete without mathematics. Cryptography is based oa

specific areas of mathematics like finding greatest common divisor using Euclide
algorithms. Finally most important concept called prime numbers used in differeg
cryptography algorithms.
1 This scheme is variant of digital signature algorithm.
2. This scheme is based on computing assumption of discrete logarithms over finite field

with a large prime factor.

3. It is computationally infeasible to compute q, and s.
EIGamal scheme is based on difficulty of computing discrete logarithms. This sckece

assures that the authenticity of message m sent by sender/ signer to verifier.

System parameters
Let H be the hash function.
Let a be the prime number.
Let g<abe a randomly chosen generator.

Key generation

Chose rándomly a secret key x with 1 <x<p-1.

Computey =g mod a.

The public key (a, g, y)

Scanned by CamScanner
 & Sys..Security(MU-Sem. 6-Comp) 9-6 Digital Signature Schemes
4Cypt.
documents.
Aese steps arc performed by signer of
generation
Signature
r message m, signer needssto perform following steps.
Tosigna

Chose random intcgerisuch that

i:a-1)=l; l<i<a-1
g g'mod(a)

Compute

$- (H(m)
- xgr ) k"mod (a – 1)
step.
Ifs=0 then repeat above
is called as Digital
- The pair (qr, s) signature of message m.
The signer has to repeat all
these steps during every signature generation.

Verification
o
Digital signature (gr, S) of message m was verified as follows.

0<q,<a and
0
<s<a-1
gm) = yq mod a.

Iig = y*q, mod a is

equal then verifier accept the signature otherwise he reject it.

Where,

H(m) =
a
xq,+ Si mod -1
According to format s little theorem
is

qr S
(s)x(e)
We know that y = q mod a
Above equation can be rewrite as follows,
H(m) mod a
8= (y) x(gr)
Hence proved.

Here, H(m) = SHA-1(m) is 160- bít string output produced by secure Hash Algorithm.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
9-7 Digital Signature Schemes

Syllabus Topic : Schnorr Signature Schemes

9.3.3 Schnorr Digital Slgnlficance Scheme

Schnorr digital signature scheme is mainly based on discrete logarithm. Using this sche
we generate a digital signature.
It minimizes the message-dependent amount of calculation required
for gencratino
digital signature.
The main aim of signature generation is it does not depend on the actual message.
This is done, when the processor is in the idle mode.
At the time of signature generation message dependent part
requires multiplying a 2n-hi
integer with n-bit integer.
This method is mainly based on prime modulus m with m - 1having a prime factor n of
appropriate size som-1= (mod n)
We use n = 20
m=2and
P is a 1024 bit number and n is 160 bit number.
In the first part.this approach is the
generation of public/private key.
For this purpose we use following steps:
1. Choose two prime m and n such a way that n is a
prime factor of m -1.
2. cho0se one integer called as a such that o<"
=1 mod m. The value a, m and n comprise
a global public key. That key is common to group users.
of
3. After the 2d step choose any random integer
called as 'P that may consist of
we
0<P<n. this is called users private key.
4
After all of above we generate public key by calculatingU=
nothing but user's public key.
a mod m this value s

To generate a digital signature we use a users private key

'p' and the public key "U'.
For generating digital signature following steps are uses that are as
following:
1. Select any random integer A with 0<A <n and calculate x= a mod m.
1D

calculation is a preprocessing step independent of the message M to be signed.

2. The Add/concatenated that message M with 'x and hash value then that resul
calculate the value e:
e = H (Ml x)

Scanned by CamScanner
 Digital Signature
Schemes
y = + Pe)
Calculate (A mod n.
The signature contains
4
the pair (e, y)
can findthe signature using following way
Any other user :
Calculate x
=a'u'mod m
1.
=
Check that e H
(MIIx)
Then see that the verification work is same as
like:
Kaau'a' aaa a=x(mod m)
hence,

HMIIx) = H (Mlx)

Chapter Ends..

Scanned by CamScanner
 Rortes
Module5
CHAPTER
Infe
Network Security Basics S0L
SOL
10.
layer
Fiitere
not ste
ARP It is c
Syllabus
vulnerabilitios (Layor wiso), Packot Sniffing, time
: TCP/IP
Network security basics syn flood, DNS Spoofing.
port scanning, IP spoofing, TCP Take
spoofing,
blend
forur
(Layer wise) Whe
Syllabus Toplc TCP/P Vulnerabltles
:
detai
If ve
10.1 TCPAP Vulnerabilities (Layer Wise)
logir
as to
10.1.1 Applicatlon Layer
is gr
largely by programs for network
Description :The application layer is used
program in an application-specific format, and Thr
communication. Data is passed from the
the
later encapsulated into a transport layer protocol.
transport layers, the application Thi:
Since the IP stack has no layers among the application and
presentation and session layer sent
layer must contain any protocols that act like the OSI's
me
protocols. This is typically done through libraries.
is encapsulated into The
Data sent over the network is send into the application layer where it
AS
down into the lower layer
the application layer protocol. From there, the data is send
atta
protocol of the transport layer.
tab
are TCP and UDP. Common servers hav
The twO most common end-to-end protocols
while cliens A
particular ports assigned to them (HTTP has port 80; Telnet has port 23; etc.)
may set u
use ephemeral ports. Some protocols, such as File Transfer Protocol and Telnet A
a session via a well-known port, but then forward the actual user session
to ephemerd
Ce
de
ports.

Scanned by CamScanner
 &
Sys. SecuTY (MU-Sem. 6-Comp)
10-2
Network Security
Basics
Routers and Switches do not make use of
this layer but bandwidth
Resource Reservation Protocol (RSVP). throttling applications
do, as with the

An example of
an attack
injection
sQL
igjection is a
technique that exploits a security
SQL weakness happening
an application. The weakness in the database
layer of is prescnt when user input is cither
escape characters embcdded incorrectly
filtered for string literal in SQL statements or user
not strongly typed land thereby unexpectedly cxecuted.
input is

an occuTence of a more general class

It is in fact of vulnerabilities that can occur
or
programming scripting language is embeddedinside at any
time one another.
login page
a
Take a simple where legitimate
user would enter
his username
and password
Alend to eater a secure area to view his personal particulars or
upload his comments a
forum.
in
s the
legitimate user submits his prticulars, an
SQL query is generated from these
details and submited to the database for verification.

f alid. the user is given access. In other words, the web application that controls the
Iosin bage will communicate with the database through a series of planned commands so
as to verify the usemame and password combination. On verification, the user legitimate
is granted suitable access.
- Through SQL Injection, the hacker may input exclusively crafted SQL commands with
the target of bypassing the login form barrier and seeing what lies behind it.

This is only doable if the inputs are not properly sanitised (i.e., made invulnerable) and
sent direcidy with the SQL query to the database. SQL. Injection vulnerabilities provide the
means for a hacker to communicate directly to the database.

Thetechnologies vulnerable to this attack are dynamic script languages including ASP,
ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking

atsck is a web browser, knowledge of SQL queries and creative guess work to important
table and field names. The utter simplicity of SQL Injection has fuelled its popularity.

A way to defense

A Detwork-based intrusion detection (DS) tool such as Snort can be set up to detect
certain types of SQL injection and XSS attacks as they take place. Snort actually has a

Cerault rule set that contains signatures for detecting these intrusions.

Scanned by CamScanner
 Crypt. & Sys. Security
(MU-Som. 6-Comp) 10-3 Notwork
Socurity Bati
However, they can be casily bypassed
by an attacker, mainly by converting
input string into its hex-cncoded the malie.
value.
10.1.2 Transport Layer

Description
:The transport layer's responsibilities contain end-to-end message
capabilities independent the core
of
flow control. End to end message
network, along with error control,
transte
ragmentation
transmission or connecting applications at
.
layer can be categorized as he transpA
cither :

1
connection-oriented e.g.
TCP
2. connectionless e.g. UDP
The transport layer can be thought
of accurately as a transport
whose responsibility is to mechanism C.g. a vehi
make sure that its contents
destination safely and completely, (passengers/goods) reach :
delivery.
unless a higher or lower
layer is responsible for .
The transport layer provides
this service of connecting
the use of ports. Since IP provides applications collectively
only a top effort delivery, thro
layer of the TCP/IP stack to the transport layer is thef
offer dependability. Note can
data link protocol such as that IP run over a dependa,
the High-Level Data Link
transport, such as RPC, Control (HDLC). Protocols ara
also can present reliability.
An example of an attack

Port Scan Attack

A Port Scan is one
of the most popular reconnaissance
determine services they can techniques attackers use 1

crack into. All machines

services that use TCP or associated to a network run lost
ÜDP ports. A port scan helps the attacker
available. locate which ports
Essentially, a port scan
consists of sending a message
of response received indicates to each port, one at a time. The
whether the port is used
further for flaws. and can consequently be ps

A way to defense

Placing a NIDS on the outside

of the external firewall will give an
early
advantage, as should allow the administrator
to detect the port Scans that ty

indicate the start of hacker activity.

Scanned by CamScanner
 Security (MU-Sem. 6-Comp) 10-4 Network Security Basics
Sys.
Copt&

all scans will be followed by an actual attack, as the hacker may determine
HOwever, not no weaknesses that they can take advantage of. This could
network currently has
that the number of alerts that do not require attention.
large
Jeadtoi cffect of this that the staff may lose faith in the IDS and
is

common yet hazardous

One External firewall can be used to provide alerts for the traffic that it
ignoring alerts.
start
denied.
has the DMZ (De-Militarized Zone, a part of
NIDS inside the network that is
placing N
By corporate entity) the advantage that could be taken is
"inside" nor "outside'" the
neither
attack signature database can be done to consider only those
tailoring of NIDS
that the the systems in the DMZ; at the same time the firewall will
are appropriate to
attacks that
traffic.
have blocked
all other

10.1.3
Network Layer
of receiving packets across a single
Description : Network layer solves the problem
are X.25, and the ARPANET's HostIMP Protocol.
network. Examples such protocols
of
was
added to
the adyent of the concept of internetworking, additional functionality
nd source network to the destination network. This
namely receiving data from the
this layer,
across a network of networks, known as an
neIually involves routing the packet
internet.
internetwork or (lower-case)
from
performs the basic task of receiving packets of data
In the Internet protocol suite, IP
a number of different upper layer protocols;
source to destination. IP can carry data for are
a unique protocol number: ICMP and IGMP
these protocols are each recognized
by
protocols 1
and 2, respectively.
such as ICMP (used to send out diagnostic
Some of the protocols carried by IP,
data) are
transmission) and IGMP (used to, handle IP Multicast
information about IP an
perform internetwork layer functions, illustrating
layered on top of IP but
stack and OSI model.
Incompatibility between the Internet and the IP
What
as OSPF, and RIP are also part of the network layer.
routing protocols, such their payload is totally alarmed with
the network layer is that
nakes them part of
particular encapsulation of that payload is
ainagement of the network layer. The
imelevant for layering purposes.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
Network Security
10-5 Basits

An example of an attack

Denial of Service attack - SYN Flooding

The basis of the SYN looding attack is in the design of the 3-way handshake that beggnsa
TCP connection. In this handshake, the third packet verifies the initiator's abilit.
receive packets at the IP address it used as the source in its first request, or its retun
reachability.
Fig. 10.1.1 shows the sequence of packets exchanged at the beginning of a normal To
connection.

Initiator Listener
Connect() Listen()
SYN

SYN-ACK TCB initialized to

SYN-Received state
Success code
returned by
connect() ACK

TCB transitions to
Established state
(Data packets exchanged)

Fig. 10.1.1: DOS Attack

The Transmission Control Block
(TCB) is a transport protocol
of structures data structure (in fact as
in many operations systems)
that holds all the information abou
connection.
The memnory footprint of a
single TCB depends on what
an accomplishment TCP options and other feat
provides and has enabled
for a connection.
Usually, each TCB exceeds
at least 280 bytes, and some
takes more than 1300 in operating systems at ple
bytes.
The TCP SYN-RECEIVED state
is used to point out that the
and that the legitimacy connection is only hal
of the request is still
in question.
The important aspect to note
is that the TCB is allocated
packet before based on reception ol u
the connection is fully recognized or
been verified. the initiator's return reachabili

Scanned by CamScanner
 .
Sys. Security (MU-Sem. 6-Comp)
Cypt. & 10-6
Network Security
Basics
situation leads to a
clear potential DoS
This attack where incoming
allocation of so many TCBs that a host's
kerncl memory is
SYNS basis
the
cxhausted.
to avojd this
memory
exhaustion, operating
In order systems gencrally
"backlog" parameter with
a listening socket associate a
that scts a cap on
the number of TCBs
concurrentlyin the SYN-RECEIVED state.

Although this action protects a host's available memory resource

from attack, the backlog
represents another (minor) resource vulnerable to attack.
jself
With no room left in the backlog, it is not possible
to service new
TCBs can
connection requests
until some
be reaped or otherwise removed from
the SYN-RECEIVED state.
Depleting the backlog is
the goal of the TCP SYN flooding
attack, which attempts
adequate SYN segments to fill the entire backlog. to send

The. attacker uses sourceaddresses in the SYNs

IP
that are not likely to start any response
e
that would free the TCBs from the SYN-RECEIVED state.

ouse TCP
attempts to be dependable, the target host
keeps its TCBs stuck in SYN
prCEIVED for a relatively long time before
giving up on the half connection and reaping
them.

In the
meantime, service is denied to the application process on the listener for rightful
new TCP connection
initiation requests. Fig. 10.1.1 shows a simplification of the sequence
of events involved in a TCP SYN flooding attack.
A way to defense
- Both end-host and network-based solutions to the SYN flooding attack have merits. Both
types of defense are frequently employed, and they usually do not interfere when used in

combination.

Because SYN flooding targets end hosts rather than attempting to tire out the network
capacity, it seems logical that all end hosts should implement defenses, and that network
bascd techniques are an elective second line of defense that a site can employ.

are there in current versions of most common operating systems.

Lnd-host nmechanisms
Some implement SYN caches, others use SYN COokies after a threshold of backlog usage
IS crossed, and still others acclimatize the SYN-RECEIVED timer and number of
Tetransmission attempts for SYN-ACKs.
techniques are known to be futile (increasing backlogs and reducing the
Secause some

OIN-RECEIVED timer), these techniques should efinitely not be relied upon, Based on

Scanned by CamScanner
 cypt. &S
Crypt. & Sys. Security (MU-Sem. 6-Comp) 10-7 Network Security
Basics

experimentation and analysis, SYN caches seem like the best end-host mechaniem
hand. Access
Media
This choice is motivated by the facts that they are capable of withstanding profo, MAC Spo
attacks, they are free from the negative effects of SYN cookies, and they do not necd a attempt te
heuristics for threshold setting as in a lot of hybrid approaches. networka
Among network-based solutions, there does not seem to be any tough argument fo sendi
SYN-ACK spoofing firewall/proxies. By
attacker a
Because these spoofing proxies rip the TCP conncction, they may disable som tc
the host
high-performance or other TCP options, and there seems to be little advantage to thi.
Until the
approach over ACK-spoofing firewall/proxies.
CAM tab
Active monitors should be used when a firewall/proxy solution is administrative,y
impossible or too costly to deploy. A
way to
Ingress and egress filtering is frequently done today (but not ubiquitous), and is1 The best
Commonly acknowledged practice as part of being a good neighbor on the Internet. automatic
attaching
Because filtering does not cope with distributed networks of drones that use straijht
attacks, it needs to be supplemented with other mechanisms, and must not be relied upcn Detection
by an end host. Occurrenc
known Ot
10.1.4 Data Link Layer
Once det
Description : The link layer, which is the method used to move packets from the netwt
connectin
layer on two different hosts, is not actually part of the Internet protocol suite, becaus:?
10.1.5 Phys
can run over a range of different link layers.

The processes of transmitting packets on a certain link layer and receiving packets
fron!
Deseriptie
network cad
given link layer can be controlled both in the software device driver for the networkce
as well as on firmware or expert chipsets. These will perform data link functions
suchs

transmit the tra

It operates
adding a packet header to prepare it for transmission, and then in fact sending
over a physical medium. (S
Ethernet,
are typically transmitted usingr
For Internet access over a dial-up modem, IP packets devices
access such as ADSL or cable modems, PPPoE is often used. tha
For broadband Internet ThePhysi
is usually used, and on local wireless netwoTKS,
a
On local wired network, Ethernet design
or
either PPP over T-carrier
E

wide-area networks, issL

802.11 is usually used. For
usea.
or packet over SONET/SDH (POS) are frequently
lines, Frame relay, ATM,

Scanned by CamScanner
 (MU-Som. 6-Comp) 10-8 Notwork Sacurity Basics

ottack
of an
Control
(MAC))Addressspoofing :

attacks involve the use of a known MAC nddress of another host to

spoofing
MAC
make the
target switch forward frames intended for the remote host to the
stemptto
attacker.
nctwork with the other host's source Ethernct address,
single frame the network
sending n
CAM table entry so that the switch forwards packets intended for
By Overwrites the
attacker
network attacker.
host tothe
the
sends traffic it will not get any traffic. When the host sends out traffic, the
host
Untilthe. rewritten once again so that it moves back to the original port.
entry is
CAM.f table
defense
wayto
r A
best
way to
protect against MAC spoofing is for an intelligent WLAN system to
from
The and probibit offending machines
MAC spoofing attacks
automatically detect
WLAN. This is done in several ways:
gtachingtothe any
- One way to avoid MAC spoofing attacks is to flag
Containment
Detection and
name of a detected WLAN adapter differs from the
which the. manufacturer
cCuTence in equipment.
Unique Identifier) for that
known OUI (Organizationally
from
system can avoid the known attacker
intelligent WLAN
On:e detected, an
entire WLAN.
any APs or any APs located throughout the
connecting to nearby

1015 Physlcal Layer

data on
responsible for encoding and transmission of
- Description : The Physical layer is

network communications media.

the
structure bits that are sent from the Physical layer of
of
t operates with data in the destination device.
received at the Physical layer of the
Snding (source) device and
are standard network
hubs, repeaters, cables and connectors
Pemet, Token Ring, SCSI,
derices that function at the Physical layer.
numerous hardware-related network
The Physical considered the domain of
layer also
and wireless technology.
ign issues, such as LAN and WAN topology

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 10-9
Network Security
Basics

An example of an attack

There is not a lot to be said about the attack on this layer.

Someone can physically carry away your network card or unplug your internet cable.

Syllabus Toplc Packet Snlffing

:

10.2 Packet Sniffing

When any data has to be transmitted over the computer network, it is broken down i
smaller units at the sender's node called data packets and reassembled at receiver's no
in original format. It is the smallest unit of communication over a computer network.
Ir:
also called a block, a segment, a datagram or a cell.
The act of capturing data packet across the computer network
is called packet sniffing.l
similar to as wire tapping to a telephone network. is mostly
hackers to collect information illegally about network.
It used by crackers a
Syllabus Topic: ARP Spoofing

10.3 ARP Spoofing

10.3.1 What Is ARP Spoofing?

ARP spoofing is a type of attack in which a

malicious actor sends falsified ARP (Addis
Resolution Protocol) messages over a
local area network. This results in the linking ofz
attacker's MAC address with the IP
address of a legitimate computer or server on te
network.
Once the attacker's MAC address is
connected to an authentic IP address, the attacker si
begin receiving any data that is intended
for that IP address. ARP spoofing can end?
malicious parties to intercept, modify or even
stop data in-transit. ARP spoofing att
can only occur on local area
networks that utilize the Address Resolution Protocol.
10.3.2 ARP Spoofing Attacks

The effects of ARP spoofing attacks can have

serious implications for enterprises.
most basic application, ARP spoofing attacks are In
used to steal sensitive information.

Scanned by CamScanner
 Network Security
Basics
Beyondthis,
ARP spoofing attacks are often used to facilitate
other attackssuch as :
ponlal-of-service attacks

leverage ARP spoofing

DoS
attacks often to link multiple IP addresses with a
- address. single
(arget's MAC
traffic that is intended for many different IP
As a resul, addresses will beredirected to the
MAC address, overloading the target with traffic.
target's

Syllabus Topic : Port Scanning

Pot. Scanning
104

act of systematically scanning a computer's ports. Since a port is a

The
place where
information goes into and out of a computer, port scanning
identifies open doors
Computer.
a to
nonning has legitimate uses
in managing networks, but port scanning
also can be
malicious in someone
nature if is looking for a weakened access
point to break into your
computer.

10.4.1,Types of Port Scans

1
Vanilla: The scanner attempts tö connect to all 65,535 ports.

Strobe:A more focused scan looking only for

known services to exploit fragmented
packets :
The scanner sends packet fragments- that get through simple packet filters
in
firewall.
a

3. UDP:The scanner looks for open ÜDP ports.

"4. Sweep: The scanner connects to the same port on more than one machine FTP bounce :

the scanner goes through an FTP server

in order to disguise the source of the scan.
5. Stealth scan : The scanner blocks the scanned computer from
recording the port scan
activities.

Port scanning in and of itself is not a crime. There is no way to. stop someone from port
ng your computer
while you are on the Internet because accessing an Internet server
"ens a port, which opens a door to your computer. There are, however, software products that
stop a port scanner
from doing any damage to your system.

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp) 10-11 Network Security
Basics

Syllabus Toplc : IP Spoofing

Ir poofing
(MU - Dec. 15)
Q. 10.5.1 Wite in brief about: 1P spoofing. (Ref. sec. 10.5) Dec. 15, 5 Marks

In this attack, attacker establishes a large number of "half-open" connections using Ip

spoofing.

The attacker first sends SYN packets with the spoofed (faked) IP address to the victim in
order to establish a connection.

The victim creates a record in a data structure and responds with SYNIACK message to
the spoofed IP address, but it never receives the final acknowledgment message for ACK
establishing the connection, since the spoofed IP addresses are
unreachable or unable to

respond to the SYN/ACK messages.

Although the record from the data structure is

freed after a time out period, the attacker
attempts to generáte sufficiently large number
of "half-open'" connections to overflow he
data structure that may lead to a segmentation fault or
locking up the computer.
In session hijacking, the hacker takes over the
control over the TCP session between two
machines whereas in spoofing the attacker
pretends to be the authenticate user and gain
access to other machine.

Syllabus Topic:TCP SYN Flood

10.6 TCP SYN Flood

TCP SYN flood (a.k.a. SYN flood) is a type of Distributed Denial of Service (DDo!
attack that exploits part of the normal TCP three-way
handshake to consume resources n
the targeted server and render it unresponsive.

Essentially, with SYN flood DDoS, the offender sends TCP

connection requests ta
than the targeted machine can process them, causing network
saturation.

Scanned by CamScanner
 coypt. & Sys. Security(MU-Sem,
.6--Comp)
10-12
Notwork Security Basics

106.1 Atack Descriptlon

When a client and- server establish

a
normal TCP "ihrce-way
handshake",
Jooks like this: the cxchange

1. Client requests coonnection by sending SYN(synchronize)

mcssage
acknowledges to the server.
2.
Server by sending SYN-ACK
(synchronize-acknowledge)
back to the client. hessage

Client responds with an ACK (acknowledge)

3. message,
.established. and the connection is

In a SYN flood attack, the attacker sends repeated

SYN packets to every port on the
a
targeted server, often using fake IP address.

e server, unaware
of the attack, receives multiple, apparently
legitimate requests to
etahlish communication: It responds to
each attempt with a SYN-ACK packet
from each
open port.

The malicious client either does not send the expected ACK, or if the IP
address is
sDoofed never receives the SYN-ACK in the first place.

Fither way, the server under attack will wait for acknowledgement
of its SYN-ACK
packet for some time.

Syllabus Topic : DNS Spoofing

10.7 DNS.Spoofing

Domain Name Server (DNS) spoofing (a.k.a. DNS cache poisoning) is an attack in which
altered' DNS records are üsed to"redirect online traffic to a fraudulent website that
resembles its intended destination.

Once there, users are prompted to login into (what they believe to be) their account, giving
types of sensitive
Lne perpetrator
the opportunity to steal their access credentials and other
information.

worms or viruses on a user's

rurhermore, the malicious website is often used to install
COmputer, giving the perpetrator long-ternm access to it and the data,it stores,

Scanned by CamScanner
 Grypt. & Sys. Security (MU-Sem. 6-Comp)
10-13 Network Security Basics

10.7.1 Methods for Executing a DNS Spooflng

Attack
Man in the middle (MITM)
The interception of communications between users and a DNS server
users to a different/malicious IP address.
in order to rot
DNS server compromise
The direct hijacking of a DNS server, which is
configured to return a malicious T
address.

Chapter Ends...

Scanned by CamScanner
 CHAPTER
Module 5

11 Denial of Service

Syllabus
Denial of Service: Classic DOS attacks,
Source Address
Distributed Denial spoofing, ICMP flood, SYN
flood, UDP flood, of Service, Defenses against
Denial of Service
Attacks.

Syllabus Topic : Denial of srvice - Classic DOS

Attacks

11.1 DOS and DDOS Attacks

Denial of service and distributed denial of services is a type of attack that causes
legitimate users unable to use services or the resource, or services become unavailable to the

Jegitimate users.

11.1.1 DOS Attacks

(MU- Dec. 15, May 16, Dec. 16, May 17, Dec. 17)
are the different ways in which an
o.11.1,1 What is a Denial of service attack? What
attacker can mount a DOS attack ona system?
Dec. 15, May 17, 10/3 Marks
(Ref. sec. 11.1.1)
Q.11.1.2 Write in brief about Denial of service attacks,
May 16, 5 Marks
(Ref. sec. 11,1.1)
attacks occurs.
of service
Q.11.1.3 Explain briefly with example, How the following Denial
Dec. 16, Dec. 17,5 Marks
(Ref. sec. 11.1.1)
overflow
on sending or makes the network or bandwidth
. In this attack, the attacker
keeps
access services.
Qr spam mail by depriving the victim to
0y e-mails
unable to use any internet service or
attackers to make victim
T is a continuous effort of
resources.

Scanned by CamScanner
 2 Crypt. &
Sys. Security (MU-Sem. 6-Comp) 11-2 Denial of
Servica

attacker's main target for websites or services which include financial site bank site or
Unt
The (49
creditcard gateway systems.
The targeted network which are root for DOS are mobile phone network or
So
credit card 11.1.1(B
gateway network.
What an
Buffer overflow technique is used to make denial service attack.
attackers does
is
a
it takes packet (where is unit of data) divide into small chunks, the attacker chel
the IP addres of the particular network in that packet and floods the network of Q.11.1
with repeated request. As IP is a fake, from attacker's machine.
This acts consumes bandwidth which let other service to fail or
unavailable forother
user.
(1) Floo
A DOS attack does following actions Attac
1. Flood whole network with unnecessary traffic. packe
v
2 Damage connection between two systems so that communication cannot Occur. It is
3. Disrupt services to legitimate users. (2) Ping
4. Prevents individuals to access network services.
Sendi:
11.1.1(A) Classiflcation of Attacks indica

(1) Bandwidth attack syster

Every website is given particular amount

(3) SYNe
any websites takes
of bandwidth to host (e.g. 50 GB) loadine nf
certain amount of time to display It
whole webpage.
If more visitors load particular websites page or consumes ne
than particular websites can whole 50 GB bandwjdi
be ban. an
The attacker does the same Ar
by opening 100 pages of site and
refreshing, consuming all bandwidths keeps on loading and
to make the site out in
of services.
(2) Loglc attack
Th
Attack on the network software ser
to make it vulnerable.
.Forexample : in TCP/IP stack. Du
for
(3) Protocol attacks
1.
This attack, consumes more
amount of resources 2.

particular features of some in victims system. It is an ata

protocol that are been installed
in the victims systemS. 3.

Scanned by CamScanner
 Sys..Security (MU-Sem. 6-Comp) Denial of Service
Cypl.& 11-3

Unlntentlonal Dos attack

Sometimes hecause of huge popularity among users the particular wets suddenly end up.

tt.1.1/B) Types of DOS Attacks

(MU - May 17)

>
Explain any three types of DOS attacks in detail.
11.1.4
la. (Ref. sec. 11.1.1(B) May 17, 7 Marks

attack
4)Flood
on flooding or overloading victim's system
Attacker keeps
with
'n' numbers of ping
packets which result into huge traffic which the victim itself cannot handle.
but difficult handle.
very simple to launch
It is
attack
(2) Ping of Death

Sending huge
ICMP packet (These packets are used in IP layer or network layer for
indicating.error message). The attacker sends this huge oversize
packet to the victim's
or freeze resulting in DOs.
system which causes victim's system to crash

(3) SYN attack

,

attack. In TCP handshaking of

It is a TCP SYN flooding attack, a denial of service
receiver through synchronous (SYN)
network connection is done between sender and
messages.
and acknowledgement (ACK)
a connection, with server with a SYN message. The server
An attacker initiates TCP
an acknowledgement
-
message. (SYN ACK) mesage.
in reply sends
back with acknowledgement which causes
does not respond
The client (attacker)
server to wait.
space
to connect with other client. This fills up the buffer
Due to which it is unable
for SYN message preventing other
for communicate.
packet to server.
1. Clients sends synchronize (SYN)

2. Servers send syn-ack

(SYN – ACK) to client.
connect is established client as
and
3. Clients responds
back with ACK packet
shown in Fig. 11.1.1.

Scanned by CamScanner
 SYN

SYN-ACK

ACK

way handshake
Fig, 11.1.1:3
SYN

SYN-ACK

Connection are all full

SYN

Legitimate connection
s refused

Fig. 11.1.2 : Chaotic handshake

1. Client sends multiple SYN packets to all with bad address.

2. Server send SYN:ACK packets to in correct address.
3. Legitimate user is denied because server cannot Connection
accept additional
shown in Fig. 11.1.2.

Scanned by CamScanner
 (M-Sem. 6-Comp) Denial of Service
Sys. Security 11-5
Copt &
with cach other
l Teardrop attack: It is an attack whenpackets are overlappecd
are
receiver is not able to reassemble them, usualy corrupted packets
and the
attacker to hang or freeze the system.
send by
which slow
an attack of sending invalid ICMP packet to the target
Nuke : It is
5.
computer till it is completely stop.
downthe affected
Smurf
A

address broad casting is donc.

Smurf: attack It is attack in which IP
: an
6. a which seems lo
program is used to make network inoperable. It builds packet
another address. This packet contains ICMP ping. The echo
originate from
back to victim. Maximum ping and echo make network
responses are sent
unusable.
or
Jol2, Nemesy, Targa etc.
tools used for DOS attack
The various

Syllabus Topic Source Address Spoofing

:

Spoofing
11.2 Source Address
using IP
establishes a large number of "half-open" connections
In this attack, attacker

spoofing.

packets .with the spoofed (faked) IP address to the victim in

The attacker first sends SYN

order to establish a connection.

message to
a data structure and responds with SYN/ACK
The victim creates a record in
never receives the fina acknowledgment message ACK for
the spoofed IP address, but it
or unable to
establishing the connection, since the spoofed
IP addresses are unreachable

respond to the SYN/ACK messages.

record from the data structure is freed

after a timne out period, the attacker
Alhough the
to oyerflowthe
Mcmpts to generate sufficiently large number
of half-open" connections
a
Ca structure that may lead to segmentation
fault or locking up the computer.
over the TCP session between two
beSSiOn hijacking, the hacker takes over the control
nes whereas in spoofing the attacker pretends
to be the authenticate user and gain
aCcess to
other machine.

Scanned by CamScanner
 S
& Sys.

Sys. Security(MU-Sem.
6-Comp) 11-6
Denial
of Servic
1Cpt.
are a nu
Crypt. &
2 There comma
Syllabus Toplc ICMP Flood
:

The-ncomma
11.3 ICMP Flood The -I
comma
O. 11.3.1 Explain ICMP flood
attack. (Ref, seo.11.3) The-t
a
Ping flood, also known
as ICMP flood, is a common Denial of Service (DoS) Note that in
access to extra
attack
which an attacker
takes down a victim's computer by overpowering it with ICMP in
et, particularly ag
requests, also known as pings.
victim's network with request packets, knowing
Theattack involves flooding the thatte
reply packets,
network will react with an equal number of
a
tatget with ICMP requests include the Floc
Additional methods for bringing down
as scapy. uecf 114 SYN
convention tools or code, such hping and
Write
This strains both the incoming and outgoing channels of the network, consuring a.11.4.1
considerable bandwidth and resulting in a denial of service.
It is a TCP S
Attack Description network connee
acknowledgem
Normally, ping requests are used to test the connectivity of two computers by meaens
An attacker in
the round-trip time from when an ICMP echo request is sent to when an ICMP eche
reply sends an a
is established. During an attack, howevér, they are used to overload a target networt
w

The client (atta

data packets.
wait.
Executing a ping flood is reliant on attackers knowing the IP address of their targ
Due to which i
Attacks can therefore be divided into three categories, based on the target and how is2
SYN message
address is resolved.
targeted local disclosed ping flood targets a sole computer on a local network.
A

attacker needs to have physical access to the computer in order to discover out i
address. A successful attack would result in the target computer being taken down.
communications bëtv
A router disclosed ping flood targets routers In order to interrupt
Computers on a network. It is dependent on the attacker knowing the internal P
a0are

to uio
a local router. A successful attack would result in all computers connected

being taken down. address /

disclose the IP
A
blind ping flood involves using an external program to
target computer or router before executing an attack.

Scanned by CamScanner
 Security (MU-Sem. 6-Comp)
11-7
Denial of Service
are a number of ping commands
There that can be used
command which is used to aid an attack, including
-n to specify :
The the number of times a request
command, which is uscd to is sent.
The--l specifytheamount of
data sent with
conmmand, which is used each packet.
The -t
to continue pinging until
order for a ping
the host times out.
Note that in
flood to be sustaincd, the attacking
extra bandwidth than the victim. This computer must have
acceSsto limits the ability to carry
a out a DoS attack,
prticularly against large network.

Syllabus Topic : SYN flood

114 SYN Flood

on Syn flood..(Ref sec. 11.4)
Write brief note
at14.1
SYN flooding attack, a denial of service attack.
a TCP
Itis connection is done between sender and In TCP handshaking of

ietwork receiver through synchronous (SYN) and

s:knowledgement (ACK) messages."

An attacker initiates
a
TCP connection with server with a
SYN message. The server in

replysends
an acknowledgement message. (SYN - ACK) message.
causes server to
The client (attacker) does not respond back with acknowledgement which
wait.
up the buffer space for
Dne to whichit is unable to connect with other client. This fills
SYN message preventing other for communicate.

SYN

SYN-ACK

ACK

way handshake
Fig. 11.4.1:3

Scanned by CamScanner
 &S
Copt
Crypt. & Sys. Security (MU-Sem. 6-Comp) 11-8 Denial of 4
2 Servios
However
1. Clients sends synchronize (SYN) packet to server. randon
Servers send syn-ack (SYN- ACK) to clicnt. to
2
resu
3 back
Clients responds with ACK packet and connect is established As a
11.4.1. client Verif
shown in Fig. a, 1.
SYN Seetl
2.
Repls
3.
Thus, for
sending m
SYN-ACK
The attack
unnecessar
location(s)
Connection are all full
Most opera
SYN responseS

Legitimate connection
is refused

11.6 Distrit

Fig. 11.4.2 : Chaotic handshake 0.11.6.1 Exp

A Distribu
1. Client sends multiple SYN packets to all with bad addres.
compromised co
2. Sérver send SYN : ACK packets to in correct address. teSOurce,
and c
3. Legitimate user is denied because server cannot accept additional connecion! incoming messag
slow
shown in Fig. 11.4.2. down or e
systems.
Syllabus Topic : UDP Flood
11.6.1
Distrib
11.5 UDP Flood Distributed
another d
çomp
A UDP is a Denial-of-Service (DoS) attack using the
lood attack User
Dat Ittakes advar
Protocol (UDP), a connectionless computer networking protocol.
to send
Using
Transmission C Vulne
UDP for denial-of-service attacks is not as easy as with the Thesystems
Protocol (TCP). Various
tools

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
CYpt& 11-9
Denial of Service
UDp flood attack can
However, a be initiated
by sending a huge number of UDP packets
random ports on remote
a
host.
to :
resul, the distant host will
Asa
Verify. for the application listening at that port;
1
no application is listening at
that port;
Sce that
2
with an ICMP Destination Unreachable packet.
Reply
3
for alarge number of UDP packets, the ill-treated system will be forced into
Thus,
many ICMP packets, eventually leading it to be unreachable by other clients.
sending
attaacker(s) may also spoof the IP
address of the UDP packets, ensuring that the
The
unnecessary ICMP return packets do not reach them, and anonymizing their network

location(s).
ease this part
operating systems
of the attack- by limiting the rate at which ICMP
Most

sent.
responseS are

Syllabus Topic : Distributed Denial of Service

us Dstributed Denial of Service Attacks

of Service Attack in detail. (Ref. sec. 11.6)
a11.6.1 Explain Distributed Denial
multiple
A
Distributed Denial-of-Service (DDoS) attack is an attack in which
other or network
omromised computer systems attack
a target, such as a server, website
for users of the targeted resource. The flood of
EUce, and cause a denial of service to
requests or malformed packets to the target system forces it
iming messages,.connection users or
down, thereby denying service to legitimate
do down or even crash and shut
spstems.

11.6:1 Distributed Denial of Service Attacks

on
an attacker uses your own computer to attack
DISnbuted denial of service, it is where
ancher çomputer.
computer
vulnerability to takè control on for
Sadvantage of loopholes and
security
computers.
OSend vulnerability spam or send huge data to other
as Zombie systems.
computer are called
used for attacking victim
Thesystems
which are
etc.
Various attack are Trinoo, Tribe flood, shaft
tools to launch DDOS

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 11-10 Denial
of Senvca

Measures to protect from DOS/DDOS attack arc

:

Implementing filters on fouters.

Disable unused network seryices.
Examine the physical security routinely.
Maintain regular backup schedules and policies.
Maintain password policies.
Using fault tolerant network configuration.
Toolsfor detecting DOS/DDOS attacks Zombie Zapper,
find- DDOS, remote
detector (RID). intnisica

11.6.2 Characteristics of Distributed Denial of Service Attacks

A denial of service attack is characterized
by an explicit attempt by an attacta.
prevent legitimate users of a service from using
the desired resources. Exarmples
denial of service attacks include: f
o. Attempts to "flood" a
network, thereby preventing legitimate network traffic
Attempts to disrupt connections between two
machines, thereby prevenie
access to a service.
Attempts to prevent a particular individual from accessing a service.
Attempts to disrupt service to a specific system or person.
The distributed format adds .the "many
tó one" dimension that makes these arai
more difficult to prevent. A distributed
denial of service attack is composed of tiv
elements, as shown in Fig. 11.6.1. First, it involves a victim,
i.e., the target hostB
has been chosen to receive the brunt of the attack. Second, involves the prese
it
of the attack daemon agents.
These are agent programs that actually conduct the attack on the trge
Attack daemons are usually deployed in host computers. These daemons a
the target and the host computers.
acces
The task deploying these attack daemons requires the attacker to gain se
of
denial of
infiltrate the host computers. The third component of a distributed
attack is the control master program. Its task is to coordinate the attaCk.

Scanned by CamScanner
Denial Security (MU-Sem., 6-Comp)
of Serve 11-11 Denial of Service
is the real attacker,
Finally, there the mastermind behind
control
program, the real attacker can the attack. By using
a

master stay bchind

steps takc place during a distributed the scenes of the attack. The
following attack
The real
attacker sends an "cxccute" message
1. to the control mastcr program.
control master program reccives
2. The the "execute'" message and
command to the attack daemons under propagateS the
its control.
Upon receiving the attack command, the attack daemons begin
3.
victim:
the attack on the
ote intrusion Master Daemon

Daemòn Daemon

attacker Daemon
to
Bxamples Daemon
of
Victim Real attacker
-

traffic.
Fig. 11.6.1: Chaotic handshake
preventing
Although it seems that the real attacker has little to do but sends out the "execute"
onminand, he/she actually has to plan the execution of a successful distributed denial

of service attack.
The attacker must infiltrate all the host computers and networks where the daemon
se attacks -attackers are to be deployed.
d of four and
The attacker must study the target's network topology and search for bottlenecks
host that vulnerabilities that can be exploited during the attack.
presence master prograns, the real attacker is
Because of the use of attack daemon's and control
not directly involved during the attack, which makes it
difficult to trace who spawned
t victim. the attack.

ect both some well-known attack methods (Smurf,

n
following subsections, we review
the
distributed
(UDP) Flood) ånd the current
DIN Flood, and User Datagram Protocol
Tribe Flood Network,
Stacheldraht, Shaft, and
Cess and denlal of service methods (Trinoo,
service TEN2K).
can be employed by networks.
We describe defense mechanisms that

Scanned by CamScanner
 nenial
2 Crypt. & Sys. Security (MU-Sem. 6-Comp) 11-12
i Sevvea

11.6.3 Methods of Denial of Service Attacks

We described below some widely known basic

denial of service attack methods
are employed by the attack dacmons. ha
Smurf attack involves an attacker sending
a
large amount of Internet
Control
(ICMP) ccho traffic to a set of Internet Protocol
Message Protocol (IP) broadcas
are with a source
addresses. The ICMP echo packets specified address of
the targe
victim (spoofed address).
requests and reply
Most hosts on an IP network will accept ICMP echo to them wilh
case, the target victim, This multiplies
an echo reply to the source address, in this the
hosts. On a broadcast network.
traffic bythe number of responding there could
packet.
potentially be hundreds of machines to reply to each ICMP
network to elicit many responses to single packet has beea
a
The process of using
a

are hurt by this type

labeled as an amplifier". There are two parties who of attack.
the intermedtate broadcast devices (amplifiers) and the spoofed source address taro

(the victim). The victim is the target of large amount of traffic that the amplifiers
a

generate. This attack has the potential to overload an entire network.

SYN Flood attack is also known as the Transmission Control Protocol (TCP)
SyN

attack, and is based on exploiting the standard TCP three-way handshake.

The TCP three-way handshake requires a three paçket exchange to be performei
an initial SYN.
before a client can officially use the service. A server, upon receiving
(synchronize/start) request from a client, sends back a SYNNACK (synchronize
acknowledge) packet and waits for the client to send the final ACK (acknowledge).
th:
However, it is possible to send a barrage of initial SYN's without sending
corresponding ACK's,, essentially leaving the server waiting for the
non-existent

ACK's. Considering that the server only has a

limited buffer queue for nr
connections, SYN Flood results in the server being unable to process other incomuis
connections as the queue gets overloaded..
UDP Flood attack is based on UDP echo and character generator services provCu
most computers on a network. The attacker uses forged UDP packets to conne
another
on
echo service on one machine to the character generator (chargen) service
machine.

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
Copt & 11-13 Denial of Service

is that the two services consume

The result as all available network bandwidth between
machines they exchange characters
the betwecn themselves. A
variation of this
called ICMP Flood, floods a
attack machine ith ICMP
packets instead of UDP
packets.
techniques are listed in chronological
The order. It can
distributed techniques be observed that as time has
passed, the (Trinoo, TFN, Stacheldraht,
Shaft, and TFN2K)
become technically more advanced
have and, hence, more difficult to detect.
Trinoo
uses TCP to communicate between the attacker
master program communicates
and the control master
program. The
with the attack dacmons using
UDP
packets
Trinoo's attack daemons implement UDP Flood attacks
against the target victim.
Tribe Flood Network (TFN) uses a command line interface
to communicate between
the attacCker and the control master program. Communication
between the control
master and attack daemons is
done via ICMP echo reply packets.
TFN's attack
mosimplement Smurt, SYN Ho0d, UDP Flood,
and ICMP Flood attacks.
- Stacheldraht (German term for barbed wire'") is based on
the TFN attack. However,
-:be TEN, Stacheldraht uses an encrypted TCP connection for communication
batween the attacker and master control program. Communication between the master
control program and attack dacmons is conducted using TCP and ICMP, and involves
an automatic update techniqu for the attack daemons. The attack daemons for
Stacheldraht implemnent Smurf, SYNFlood, UDP Flood, and ICMP Flood attacks.

Shaft is modeled after Trinoo. Communication between the control master program
and attack daemons is achieved using UDP packets. The control master program and
the attacker communicate via a simple TCP telnet connection. A distinctive feature of
Shaft is the ability to switch control master servers and ports in real time, hence
making detection by intrusion detection tools difficult.
TFN2K uses TCP, UDP, ICMP, or all three to communicate between the control
naster program and the attack daemons. Communication between
the real attacker

and control master is encrypted using a key-based

CAST-256 algorithm. In addition,
from intrusion detection systems.
IFN2K conducts covert exercises to hide itself
UDP, and ICMP Flood attacks.
rNZK attack daemons implement Smurf, SYN,

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem, 6-Comp) 11-14 Denial
of ServicA

Syllabus Topic : Defenses against Denlal of Service Attacks

11.7 Defenses against Attacks

Manyobservers have stated that there are currently no successful defenses

against
fully distributed denial of service attack. This may be true.
Nevertheless, there a
numerous safety measures that a host or network can
performn to make the network
neighboring networks more secure. These measures include : and

Filtering Routers : Filtering all packets entering

and leaving he network protects th
network from attacks conducted
network itself from being an unaware
from neighboring networks, and prevents
attacker. This measure requires installi.
.
ingress and egress packet tilters on all routers.
Disabling IP Broadcasts : By disabling
IP broadcasts, host computers can no longe.
be used as amplifiers in ICMP Flood and
Smurf attacks. However, to defend agaie.
this attack, all neighbouring networks
need to disable IP broadcasts.
Applying Security Patches : To guard
against denial of service attacks, host
computers must be updated
with the latest security patches and techniques, For
example, in the case of the SYN
Flood attack, there are three steps that the host 12
computers can take to guard
themselves from attacks : increase
connection queue, decrease the the size of the
time-out waiting for the three-way handshake, and
employ vendor software patches to
detect and circumvent the problem.
Disabling Unused Services :
If UDP echo or charge-n-services are not required,
disabling them will help to
defend against the attack.
are unneeded or In general, if network services
unused, the services should
attacks.
be disabled to prevent tampering and
Performing Intrusion Detection :
By performing intrusion
computer and network are detection, a host
guarded against being a source
being a victim of an
attack. Network monitoring
for an attack, as while 3
guarding against denial is a very good pre-emptive way
of service attacks.
By monitoring traffic patterns, a
can take the network can determine
required steps to defend when it is under attack,
prevent it from itself. By inspecting host systems, a
hosting an attack on another host can
network.

ChapterEnd

Scanned by CamScanner
Denial
ofSevica
ks
CHAPTER Module 5
enses 12 Internet Security Protocols
ess, against a
there
e
network are
and
k protects
prevents the Syllabus
res instaling
the Intemet Security Protocols : SSL, IPSEC, Secure
Email: PGP, Firewalls, IDS and
types, Honey pots.
can no
longer
efend against
Svllabus Topic: Internet Security Protocols -
SSL, IPSEC
attacks, host
aniques. For
12.1 Secure Socket Layer (SSL)
hat the host
size of the > (MU - Dec. 15, Dec. 17)
dshake, and o 121.1 List
the functions of the diferent protocols of SSL Explain
the handshake
protocol. (Ref. secs. 12.1 and 12.1.1(A) Dec. 15,5 Marks
ot required, 121.2 What are the different protocols in SSL? How do the client and sever establish
an SSL connection? (Ref. sec. 12.1) Dec. 17, 5 Marks
ork services
apering and Secure Socket layer invented by Netscape communications in 1994. Secure Socket layer is
an internet protocol used for securely exchanging the information between client's web

browser and the web server.

n, a host
as while as - Secure socket layer ensure the authentication, data integrity and data confidentiality
a secure tunnel between client and
ive way of between web browser and web server i.e, it creates
server. The main role of SSL is to provide the security to web traffic all the way.
is shown
attack, and lhe current version of SSL is 3.0. The
position of SSL in TCP/ IP protocol suite
st can also in Fig. 12.1.1.
application layer and transport layer the reason SSL is also
DSL is Works in between
pter Ens. called as Transport ILayer Security (TLS).

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-2 Internet Security
Protocos

Transport Layer Security (TLS) protocol is used to ensure security betwecn

communicating applications and their users on the Internet.
Main function of transport layer protocol is protect attacker when a server and
client
communicate, it ensures that attacker or third party should not modify or
tamper with
message.
TLS is the successor to the Secure Sockets Layer (SSIL).

Cllent machine Servor maching9

(web browser) (wob browsor)

Application layor Application layor

SSL SSL
iionSsL layer protoco
postion positlon ssL layor protoco
Transport layer Transport layer,

IP
Secunity Intemet layer IP Intemet layer
security

Data link layer Data linklayer

Physical layor
WPhysical layer
SSL encrypted data

Fig. 12.1.1 : Position of SSL in TCP/IP protocol suite

The data will not be passed directly to

transport layer instead
socket layer.
will passed to secure

Secure Socket Layer will perform

encryption to the data received
by application layer and
add its own encryption information
header called SSH i.e. Secure Socket Layer Header. It
the receiver's end SSL
will remove the SSH header
and then pass data to applicato
layer. ba

The Fig. 12.1.1 shows position SS

of SSL protocol in TCP/ IP protocol
uses digital certificate suite. SSL protuu
and digital signature for securely
communication between c
machine and server machine. C
SSL encrypt the data
received from application 12.1.
layer of client machine and add
header (SSL Header) into 1b
the encrypted data and send
encrypted data to the server su W

Scanned by CamScanner
 Sys. Security (MUJ-Sem. 6-Comp)
&
fCt 12-3
Internet Security Protocols
receiving encrypted
(fpon data, server removes
decrypted data to application the SSL hcader
sendsthe layer. and decrypts the data and
composed of four protocols
SL is
in two layers,
12.1.2. which support
Fig. SSL as shown in
four, the two most important
Out of the
protocols
Handshake
Protocol and the
SSL Record that are atthe
hcart of SSL arc
Protocol, the SSL
Cipher Specification the other two
Change and the SSL Alert protocols such as SSL
protocols,. Protocol
play a minor
previous twO role relatively
to
these higher-level protocols
The roleof is the connection
cipher techniques for data encryption establishment, use
of
and alert (warning, requirea
error
starting actual data transmission process if any) generation before
between client
and server.
sSL architecture
/ SSL internal protocol structure
Authentlcation,
Support for encryption, algorithms
and alert massagey
SSL session SSL hand
connectlon
SSL change
shake SSL Application
establishment dpher alert
protocol specfication protocol
protocol (HTTP, FTP)
SSL record protocol SSL protocol
layer
Message authentication,
confidentiality
and integrity
TCP
Transport and
IP layer internet

Fig, 12.1.2: SSL protocols internal

architecture
The SSL Record Protocol is responsible for
encrypted data transmission and encapsulation
of the data sent by the higher layer protocols (handshake,
alert, HTTP) also to provide
basic security services to higher layer protocols.
SSL was designed to make use
of TCP protocol to provide a reliable secure process-to
rOcess delivery of entire message/packets. We
will discuss how client machine securely
Communicate with the server machine by using underlying network architecture.
121.1
Working of SSL

We will discuss SSL Handshake Protocol and the SSL Record Protocol in details.

Scanned by CamScanner
 12-4 Internet Security Protocls
Crypt. & Sys. Security (MU-Sem. 6-Comp)

12.1.1(A) Handshake Protocol

(MU -
May 16)
handshako protocol.
Q. 12.1.3 Write in briof about SSL May 16, 5
(Ref. sec. 12.1.1(A)) Marks
we mcct to our friend/colleagucs. we
have habit
As the name suggests when
shake-hands with each other before starting our t0 say
actual communication.
hi/hello and do the
SSL handshake protocol uses somewhat
same ideology but in terms of client and
server.

The first sub-protocol of SSL called handshake protocol used for Secure communication
between client and the server using an SSL enabled connections.

In this protocol authentication to the server is more important that

client
server
authentication because server has different options available for client authentication.
Tha

details steps of SSL handshake protocol are shown in Fig. 12.1.3.

Client
Server
machine machine
(web browser) (web browser)

Clilent hello
The
Step
Server hello
()
Servar oetiflcate (i)
cllent certificate request
server key exchange Step 2

Server hello done

(i)

Client certificate
(iv)
Clent key exchange
certificate verification
change cipher specitication
client handshake finíshed
Step 3 ()

Change dpher spedification

server handshake )
finished >Step 4

Fig. 12.1.3: SSL (i)

handshake protocol

(i)

Scanned by CamScanner
 Grypt. & Sys. Security (MU-Sem. 6-Comp)
12-5
Internet Security Protocols
1.
Iis used by client and server to start communication
using SSL enabled connection.
2. The bandshaking is done 4 phases:
Phasos of handshaking

(a) Phase 1: Establishing

security Connection/
Capablitles
(b) Phase
2: Sorver Authentication
and koy exchange
(c) Phase
3: Client authenticatlon
and Key exchange
(d) Phase 4 : Finalizing
and Finishing

Fig. 12.1.4: Phases of

handshaking

a) Phase 1: Establishing Security Connection/Capabilities

le this phase logical connections is established

between client and server and establish
cacurity capabilities associated with
that connections. It consists of two messages, the
client hello and the server hello.

G Client hello

The client hello message contains the following parameters.

) The highest SSL version number which the client can support.

(i) A 32-bit timestamp and a 28-byte randomn field that together serve as nonce during key
exchange to prevent re- play attacks.
(Gi) A session id that defines the session (a variable length session identifier).
(ov) There is a cipher suite parameter that contains the entire list of cryptographic algorithms

which supports client's system.

() A list of compression methods that can be supported by client.

Server
client and server, will
) version number. the highest among both SSL number of
The SSL
be supported by client and other will be supported by server.
this
used for master secret generation, however
M)A 32 byte random number that will be
Tandom number is totally independent from the
random number of client.

(n) A session id that defines the session.

Scanned by CamScanner
2 Crypt. & Sys. Security (MU-Som. 6-Comp) 12-6 Internet Security Protocole

(iv) A cipher suite contains the list of all cryptographic algorithms hat is sent by the cli.
from which the server will sclcct the algorithm.
(v) list of compression methods sent by the server
A
the client from which will sclect
the
method.

(b) Phase 2 : Server Authentication and Key Exchange

In this phase, the server authenticates itself if it is nccded. The server sends its certificate,
its public key, and also request certificate (digital certificate) from the client.

Certificate : The server sends a certificate message to authenticate itself to the che.
If the key exchange algorithm is Diffie Hellman than no need of authentication
Server key Exchange : This is optional. It is used only if the server doesn't sende ix
digital certificate to client.
Certificate Request : The server can request for the digital certificate of client T.
client's authentication is optional.
Server Hello done : The server message hello done is the last message in phase )
This indicates to the client that the client can now verify all
the certificates received
by the server. After this hello message done, the server waits
for the client's side
response in phase 3.

(c) Phase 3:Client Authentication and Key Exchange

In this phase, the client authenticates itself it is
if needed. The client sends its certificate.
client key exchange and certificate verify to the server.
Certificate :Client certificate is optional, it is only
required if the server had
requested for the client's digital certificate.
If client doesn't have client's digital
certificate it can send no certificate message or an
Alert message to the server. Then it
is upto server's decision whether to
continue with the session or to abort the session.
Client key Exchange : The client sends a
client key exchange, the contentsin this
message are based on
key exchange algorithms between both
the parties.
Certificate verify : It is necessary only if the server had asked for clien
authentication. The client has already sent
its certificate to the server. But additionau)
if server wants then the client has to prove that is
it authorized holder of the pva
key .The server can verify the message
with its public key which was already Seu
ensure that the certificate
belongs to client.

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
Cypt.& 12-7
Internet Security Protocols
: Finish
d) Phase 4
server send messages
The client and to finish the handshaking
The Grst two messages are protocol. It contains 4
steps. irom the client i.c. change cipher specs, finished.
responds back with change cipher spec The
server and finished.
Change cipher spec
: It is a client
side messagc
protocols telling about the current status of
cipher and parameters which has bcen made
active from pending state.
Finished: This message announces the finish of
the handshaking protocol from client
side.
Cipher spec ::This message is sent by server
Change to showthat it
the has made all
pending state cipher protocols and parameters to active state.
of

Finished : This message announces the finish of the handshaking

protocol from
server and finally handshaking is totally completed.

12.1.1(B) Alert Protocol

sSt, uses the Alert protocol for reporting eror that is detected by client or server, the

party which detects

error sends an alert message to other party. If error is seriouús then both
parties terminate the session.

Tahle 12.1.1shows the types of alert messages. SSL alert protocol is the last protocol of
sSL used transmit alerts (warnings, errors, fatal etc.) if any via SSL record protocol to the

client or Server.

The SSL alert protocol format is shown in Fig. 12.1.5. Alert protocol uses two bytes to

byte indicates two values either or 2. "1" value indicate warning

1
generate alert. First 1

and "g" value indicate a fatal error (if fatal error terminate the session/ connection).

or client detects
Whereas second byte indicates predefined error code either the server
1

error
any error
it sends an alert containing the error (error occurred during handshaking,
0ccurred during data processing at server or client side, certificate defeats, etc.)

Level Alert
Fatal/waming Error code

1 byte 1 byte

Fig. 12.1.5 : SSL Alert protocol

Scanned by CamScanner
 Secur
Sys.
&
data
Crypt. & Sys. Security Applcatlon
(MU-Sem. 6-Comp)
12-8 Internet Security
Protocol distributlor
Table 12.1.1:Types of alert messages fragmentation
Data
Alert Code Alert Message
Descriptlon
close_notify compress
No more message from sender
10 unexpected_message Data
An incorrect message reccived
20 bad_record_mac add
A wrong MAC received MAC
30 decompression_failure Unable
to decompress.
40 handshake failure encry
Unable to finalize handshake by the sender. Data
42 bad certificate
Receiveda corruptedcertificate. Appending SS
42 header(
Nocertificate Client has no.certificate to send to server. record

42 Certificate expired Certificate has expired.

12.1.1(0C) Record Protocol stage
. At this
After completion of successful SSL handshaking "beween clier
the keen role of SSL record protocol
starts now. record
protoc

SSL record protocol is second sub-protocol SSL

of also called lower level' protocol.
As defined earlier the SSL Record Protocol is responsible
for encrypted data transmission
and encapsulation of the data sent by the higher layer protocols (handshake, alert,
HTTP)
also to provide basic security services to higher layer protocols.

SSL record protocol is basics for data transfer and specially used to build a data path
between client and server and encrypt the data path before communication.

SSL record protocol provides different service like data authentication; data

confidentiality though encryption algorithms and data integrity through message

authentication (MAC) to SSL enabled connections.
as shown
The details steps involved in SSL record protocol and SSL record header format
in Fig. 12.1.6.

Scanned by CamScanner
 Security( MU-Sem. 6-Comp)
ity Protocols &. Sys.
CIPt& 12-9
Internet Security
Protocols
Application data Massage / data

distribution.
Data
fragmentation Data 1 Data 2 Data 3

SSL record header

compression Content
Data Major Miner Compre990d
type verslon VOrsion length
MAC addition uondkpua

der. Plaintext (compressed)

Data
encryption

Appending SSL MAC (0,16,20 bytes)

(H)
record header
H SSL record

Fig. 12.1,6 : Record protocol and record header

this stage all necessary authentication

and
A
cryptographic parameters are exchanged
between client and
server now it's time of secure SSL data transmission through SSL
orotocol
record protocol.
over
cs. record protocol takes application data i.e. actual data that client wants to send
not exceed
or
Divide this data into the different blocks for each length should
nission 16384 process
bytes this as distribution or data fragmentation.
is called data
HTTP) techniques; compression size of
Next step is Data compression using lossless compression
data should not exceed 1024 bytes.
compression step the MAC (Message Authentication
Aftr the data fragmentation and
a
path
compressed data (the
over data and MAC is then appended to the
Code) is computed the
payload.
data is now encapsulated) to
form a new encrypted data /
data process. SSL record
again goes through data encryption
Ihe compressed data and
MAC AES, and
ssage techniques like DES, triple DES,
protocol uses symmetric
key cryptographic on block cipher.
are specially designed to operate
techniques obtained from
DEA because these encrypted blocks
pretended onto each
Finally SSL record header is
record.
encryption process. to as an SSL
Protocol is referred
produced by the SSL Record
a Output block
Ihe length of a record is not to exceed 32, 767
bytes.

Scanned by CamScanner
 Sys
Crypt. & Sys. Security &
(MU-Sem. 6-Comp) copt
12-10 Internet Security E
SSL
Prctocis Preper
record header refer Fig cncryp
12.1.6 consist 8-bit content type to whichideentify
of
of the message whether any
application data or connection termination or nature C
message. any
crtor
M
Next field is Major Version which is 8-bit field used to indicate latest version of S
SSL.
Use
(e.g., 3). Minor Version which is 8-bit ficld indicates the lowest version
of SSL M
use (e.g., 0).
S
Plaintext (compressed) compressed length which is 16-bit field indicates
/ the lengh
the plaintext being compressed. of

Finally sends SSL layer encrypted data to TCP and IP (Transport and Internet
layer)fox
necessary transmission over network
At the receiver end, the encrypted blocks are decrypted and then checked
authentication, data confidentiality and data integrity, reassemble
for data
these data into 12.2 IP Sec
singe
unit, and delivered to the application-layer protocol.
W
The Record Protocol provides two services in SSL connection : o. 12.2.1
(F
a) Confidentiality : This can be achieved by using secret
key, which is already defi
Encryptior
by handshake protocol.
avail this two f
b) Integrity : The handshake protocol defines a
shared secret key that is used to assura
themessage integrity.
Following are the operations
performed in Record protocol
after connection is established
and authentication is done
of both client and server.
1. Fragmentation : The original message
that is to be sent is broken
size of each block is less into blocks. The
than or equal to 2 (16384)bytes.
2. Compression : The
fragmented blocks are 12.2.1
noted that the compression process
compressed which is optional.
It should be
Aut
must not result
into loss of original data. It is desig
3 Addition of MAC :The
Message authentication
used to authenticate a message code (a short piece information first prote
of
for integrity and assurance data auth
is to be calculated of message) for each bloch
using shared secret
key. transit) a
4. Encryption :The
overall steps including message access
but the encryption is encrypted
using symmetrie s th
should not increase datal
the overall block size. IP p
The
mai
datato
rE

Scanned by CamScanner
 Security (MU-Sem. 6-Comp) 12-11 Internet Security Protocols
Sys.
Copt&
Header : After all the above operations, header is prepended
Prepend in the
encrypted.block which contains following ficlds :
A

Content typc (8 bits))specifies which protocol is uscd for processing.

Major Version (8 bits) specifies the major version of SSL used, for example if
3.
ssL. version 3.1 is in use than this field contains

Minor Version (8 bits) specifics the minor version of SSL uscd, for example if
contains 0
sSL version 3.0 is in use than this ficld
Compresscd length (16 bit) specifies the length in bytes of the original plain text

block.

Syllabus Topic : IPSEC

Protocols
a9 P Security
> (MU- May 16)
12.2.1
Write in brief about IPSec protocols for security.
l. (Ref. sec. 12.2): May 16, 5 Marks

Encryption of data and its authenticity is prime concern for secure communication, to
t his two features, IPSec provides two protocols at network layer:

IP Securlty Protocols

1. Authentication Header

2. Encapsulating Security Payload

Fig, 12.2.1:IP Security Protocols

12.2.1 Authentication Header

tis designed for authentication, integrity of payload which is carried in P Packet. It is

first protocol of IPSec called Authentication Header (AH) protocol designed to provide
data authentication (to identify source host), data integrity (if data get modified while in

transit)and non-repudiation but doesn't provide data confidentiality (if attacker able to
access the contents of a message) because Authentication Header does not encrypt the
data/ IP packet.

The main functionality of this protocol is protection against replay attacks (sending same
Gata to receiver again and again) and protection against tampering of ata over a network.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem, 6-Comp) Internet Security
12-12 Protocole

Authentication Header is also used to protect the upper-layer or the cntire IP packet. u.
the help of message authentication code (MAC - used to generate fixed length value fro
message and secret key to provide authentication) using well known hashing algorithms

like MDS or SHA1.

By using Hash function and symmetric key algorithm, message digest is calculated and
of this
inserted in authentication data as shown in Fig.12.2.2 because AH protocol
or privacy.
provides data authentication and data integrity, but not confidentiality
The internal fields of authentication hcader format are shown in Fig. 12.2.2.
or mesox
This protocol uses cryptographic checksum which is similar to hash function
digest, the checksum is inserted in authentication header and placed in location depend,
on which mode it is using (tunnel mode or transport mode).

8- bits 8- bits 16- bits 31- bit

Application layer
Next header Payload lengthReserved

Security parameter index (SPI)

Transport layer (32 - bits)

IPSec Sequence number (32- bits)

(AH)
layerAuthenticatlon header
Authentication data (digest)
(variable in length)
IP header Network layer

Fig. 12.2.2: Authentication Header

T A
brief description of each field

Next header (8 bits)

The next header is an 8- bit filed which is uscd to identify the type of payload/ data
carried by IP packet.
Identifies the type of header immediately following this header.

Payload length (8 bits)

The payload header is also an 8- bit filed which defines length of the authenticain
header.
Length of the AH in 32-bit words minus 2.

Reserved (16 bits)

AH contains 16- bit field which is reserved for

future use and always set to zero.

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
&
Protocols COYDt

12-13
Parameter Index (SPI) (32 bits) Internet Security Protocols
ket,with Shrurtoy

luefrom SPI is
a 32-bit field used in
combination
gorithms security protocol to uniqucly with sourcc
AH IP
and
packet t belongs, we will identify a security address, destination IP address
which IP discuss association
SA it next (SA) for the traffic to
ated ficld also defining which bit.
and This different security
orotocol calculate the Message Authentication Code algorithms
(MAC). and keys werc
uscd to
Sequence
number (32 bits)

32 bit field. It prevents the retransmission

essage Itis alsoa of
Replay attack. datagram which
is also known as
epends
A
monotonically increasing counter value.

Authentication Data

yariable length -field whose length

This is
depends upon
Authentication data field of AH encryption algorithm
protocol the output of used.
is hashing algorithm or message
digest algorithm.

AH protocol performs the integrity check

value (ICV) on packet
anuted over the complete IP packet including the outer IP header to header
or MAC
is
ensure that the data
has not been changed during transmission process.

Ae mentioned earlier AH doesn't encrypt the data the reason

it doesn't provide
confidentiality during transmission.

o Modes of Operation

AH can work in two modes :

ta
Modes of Operation of AH

() AH Transport Mode
(ü) AH Tunnel Mode

Fig.12.2.3 :
Modes of Operation of AH

) AH Transport Mode
is placed between original Header and
Iransport mode the authentication header
In
original TOCP header as shown in Fig. 12.2.4.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp) 12-14 Internet Security
Protoccs

IP TCP Original dala

heador header
(a) Before applying AH

IP AH Original data
TCP
header header.
(b) After applying AH

Fig. 12.2.4 : AH transport mode

(ii) AH Tunnel Mode

In Tunnel Mode the AH is inserted between

the new IP hedder and original IP heade.
The inner IP address contain
Source and destination address of sender and receiver
out IP address contain the address and
te
of security gateway or firewall as
shownin Fig. 12.25.

IP TCP. Original data

header header
(a) Before applying AH

IP AH Original IP TCP Original data

header header header
(b) After applying AH

Fig. 12.2.5 : AH tunnel mode

12.2.2 Encapsulating Security Payload

One of the most important feature
that Authentication Header was unable to provit
called data confidentiality (if attacker
able to access the contents of a message).
An Encapsulating Security Payload is primarily
designed to provide encryp
authentication and confidentiality
for the data or payload that is being transferred in a
network
Asdefined earlier ESP is used encrypt reast
to the entire payload of an IPSec packet the
ESP alone can provide da
data authentication, protection against replay attacks and
integrity by adding ESP header,
ESP trailer and MAC to the packet.

Scanned by CamScanner
 Cypt.& Sys. Security (MU-Sem.
6-Comp)
12-15
same Internot Security Protocols
ESP has the fields as defincd
instead of having just a header, in AH, but itintegrates
it divides these ficlds in a different way
header, ESP (railer and ESP authentication these ficlds into
thrce components: An ESP
designed for confidentiality
block asshown
Itis and integrity
in Fig. 12.2.6.
of
combination of AH.ESP adds a messages,
headcr ESP can be used alone or with
adding ESP header and trailer to
a
for and trailer. the payload. Following are
the steps
In the initial step, ESP trailer
Step1 : is addedto IP
Payload payload.
Step 2:
and trailer or encrypted
After the
encryption ESP header
Step3: is added to
ESP header, payload the cncrypted packet.
Step4: and ESP trailer
arc used to create
This authentication authenticated data.
Step 5: data is added at the End
of Trailer.
Step 6: Lastly the IP header is added.

e main functionality
bem. Encryption
of ESP 1s to provide the
confidentiality to
algorithms (1riple DES, IP packet by encrypting
nin the packet with a
key and transform
Blowfish, and IDEA
an
etc.) used to combines
the
ncket now it into encrypted form. The encrypted
then transmitted to the
destination, and decrypts
The detail description
it using the same algorithm.
of Encapsulating Security Payload
(ESP) fields is given below :
ESP Header

This contains two fields, Security Parameter

Index (SPI) of 32 bits and Sequence
of 32 bits, as defined in AH Number
protocol SPI is a 32-bit field used
in combination with source
IP address, destination IP address and ESP
security protocol to identify a
security
association (SA) for the
traffic to which IP packet belongs.
Sequence number

also a 32 bit field, It prevents the retransmission

It is
of data gram which is also known as
Replay attack as defined earlier. This field is not
encrypted but it's authenticated to
perform anti-replay checking
before decryption.
Encrypted
data

Iis variable length filed contains transport layer segment or IP packet which is
is
protected by performing ESP
encryption.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-16 Internet Security Protocols

ESP Traller

ESP trailer field contains padding (0-255 bytes), pad length 8-bits and next heade
8- bits.
Padding (0-255 bytes)
Padding filed used to expand plain text message to required size or to align the encryptei
data by adding padding bits to the actual data which provides confidentiality to traffe
flow.
lf an encryption. algorithm requires the plaintext to be a multiple of some number of bytes
(c.g., the multiple of a single block for a block cipher), the Padding field is used to expand
the plaintext (consisting of the Payload Data, Padding, Pad Length, and Next Header
fields) to the required length.

.Pad Length (8 bits)

This is mandatory field in ESP protocol which used to indicate the number of pad
(protection) bytes added into the packet.
Indicates the number of pad bytes immediately preceding this field.

Next Header (8 bits)

The same bit length as of pad length used to identifies the type of encrypted data in the
Payload Data field.
Identifies the type of data contained in the Payload Data field (an upper-layer protocol
TCP, UDP, or an IPv6 extension header).

ESP Authentication Data

0 bits 16 bits 24 bits 31 bits
Application layer
Security parameter Index (SPI) ESP
Sequence number header
Transport layer Authentication
Confidentiality

Encrypted data (payload) ESP

encryption

IPSec 8- bits 8 -bits

layer ESP header Padding ESP
Pad length Next header trailer

IP header Network layer ESP authentication data (optional)

(variable length)

Fig. 12.2.6 : ESP header, trailer and encryption

Scanned by CamScanner
 &
Sys. Security (MU-Sem, 6-Comp)
ity Protocols M Cpt 12-17 Internet Security Protocols
variable length ficld whosc
This is length depends upon
variable-length ficld (must encryption algorithm used.
A be an integral number of
Integrity
Check Value computed over 32-bit words) that contains the
ext header thc ESP packet minus
mentioned earlier ESP cncrypts the Authentication Data field.
As transmission. thc data the rcason it provide data confidentiality
during
of Operation
Modes
encrypted
work in both modes namely :
to traffic ESP can
Modes of Operatlon of
ESP
er of
bytes
to expand (0)
ESP Transport Mode
xt Header
(i) ESP Tunnel Mode
Fig, 12.2.7 : Modes of Operation

er Transport mode
of pad ) ESP
In this
case ESP header is added before the transport layer header (like
TCP,UDP) and
Hoe is added after the IP Packet whereas if authentication is required then authentication
data is added after the ESP trailer.

Fig. 12.2.8 shows transport mode in ESP.

ta in the

otocol - IP TCP Original data

header header
(a) Before applying ESP
Authenticated
Encrypted

der
Original ESP TCP Original data ESP ESP
IP. header header trailer auth
vption header
(b) After applying ESP

Fig. 12.2.8 : Transport mode in ESP

() ESP tunnel mode

In this case ESP header is added before original IP header and ESP trailer after the
original data.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Intornet Security
12-18 Pratocols,

IP TCP Original data

header header
(a) Before applying ESP

Authenticated
Encrypted

New IP ESP Original TCP Original data ESP ESP

header header IP header trailer auth
header
(b) After applying ESP
Fig. 12.2.9 : Tunnel mode in ESP
It is an important aspect of IPSec, Security
ASsociation (SA) is a contract between the
communication parties about factors
like IPSec protocol version,
(tunnel or transport), cryptographic mode of operation
algorithm, key etc. Security Association creates
secure
a

channel between two communicating

partiès.
If both AH and ESP are used SA for actual
operation then they will need two sets SA
one for AH and one of
for ESP.
For communication each party needs two
set of SA one for incoming
for outgoing transmission because SA is transmission and ore
simplex unidirectional.
The whole packet is encrypted. As
whole packet is encrypted so New
added, which will contain
information for routing from on P header will te
Security Association network to so thy another,

12.2.3 Security Association

Database
(MU - Dec. 17
Q. 12.2.2 What are security associations
? (Ref. sec.12.2.3) Dec. 17, 4 Marks
Security Association can
be very complex.
Each participating parties need to have inbound
and outbound SAs to allow bidirectiocd
communication. It is a two directional table.
Each row in table defines Security Association
which is collectively called as Secu
Association Database. Each requires party
requires maintaining its own database.
For one way communication (called unidirectional)
single SA is required whereas for
way communication (bidirectional)
two security association are required.

Scanned by CamScanner
 Copt. & Sys. Security (MU-Sem.
Ols i 6-Comp)
12-19
SA Uses
different parameters Ainternet Security Protocols
parameter index to perform data
security (SPI). handling bctween sender and receiver
TP address of the host (usually like
destination
protocol format (AH or ESP); IP address of
and security end user);
we protocol cncryption algorithms;
parameters have discussed identifier
in pervious bit still (SPI). Almost all
these
parameters. let us have small
look out on these
Security Parameter Index
(SPI) : A 32-bit
particular security association number used
between any connected to uniquely identify a
AH or ESP packet for linking the each secure devices. The SPI is placed
packet to the security in
octination IP Address : association.
Destination IP address a
involved in communication or of host. router or firewall
the address of who
he devices for which
are established. security associations
On
Security Protocol Identifier
(SPI) :To identify which protocol
for security associations. (AH or ESP) is used
lf both are used then they have separate
security associations
A
Syllabus Topic: Firewalls

12.3 Firewall Introduction

(MU - May 16, Dec. 16)

e
o.12.3.1 What is a firewall ? What are the firewall design principles?
t
(Ref sec. 12.3) May 16, 5 Marks
0.12.3.2 What are firewals ? (Ref sec. 12.3) Dec. 16, 3 Marks

Firewall is called as barrier place between inside and outside network to protect
organization from inside and outside hackers. It also filters all traffic between intranet and
extranet which runs through it.

outside the protected environment.

Ine main purpose of the firewall is to keep attackers
is allowed and what is not allowed.
ur nat policies are set in the firewall to decide what
users, allowed sites, can provide
Moreover we can decide the allowed places, allowed

aterent access rights to different category of the users.

college
am which only educational sites are allowed through
:
Dple Cyber through
firewall.
twitter can be blocked using
non-educational sites like facebook.,
net and

Scanned by CamScanner
 Cypt&S

Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-20 Internet Security Protocols

12.3.1 Firewall Characteristics

C.
12.3.3 What are the various characteristics of firowall ? (Ref sec. 12.3.1)

Following lists the characteristics as well as design goals fora firewall

:

I: All inside and outside traffic must pass through the firewall. This is possible only
because of physically blocking of all access to the local network except via the
firewall.
2 The traffic defined by the local security policy will only allowed to pass through the
network. Different types of firewall are used to define the policies as per the norms
decided.
3. The firewall itself is immune to penetration. Different techniques are used to control
access and enforce the site's security
policy.
Service control: This policy helps to determine which type of internet services that can

be accessed inbound and outbound, Firewall can filter traffic on the basis of 1P address
and TCP port number. It also act as proxy server that receives and interprets each service Following are th

request before passing it on. 1.

Viruses
:
Direction control Direction control determines the direction in which particular service Not all firew
requests may be initiated and allowed to flow through the firewall. encoding tec
User control : This technique is used to controls access to a service according to which
2. Attacks
user is attempting to access it.
A firewall
Behaviour control : Controls how particular services are used. For example, the firewall ca
internal
netwc
may filter e-mail to eliminate spam.
3, Architect
12.3.2 Limitations of Firewalls Firewall
sec. 12.3.2) arch
mechanism
disadvantages firewalls (Ref
of ?

Q. 12.3.4 What are the theloop ha

securing your organize and is planned
a pivotal component of falls
A firewall may be (through stateful pack
verification 4. f
information integrity or activity up Configure
address the issues of
(through NAT). Your network picks tho
and secrecy of your inner network activity through the
frewall. Y Firewall
inspection) transmitted through trined doesn
by accepting all activity
firewall
benefits from a by receiving all transmitted profess
from a firewall
up these benefits
network picks
firewall.
the

Scanned by CamScanner
 Security (MU-Sem. 6-Comp) Protocols
& Sys. 12-21 Internet Security

Llmltatlons of
Flrewall

1. Viruses

2. Attacks

3. Architecture

4. Configuration

5. Monitoring

6. Encryption

7. Masquerading

8. Vulnerabilities

Fig. 12.3.1:Limitations of Firewall

.

Folowing are the

limitations of firewall

4 1. Viruses
because virùs uses different
Not allfirewalls have full protection against computer viruses
encoding techniques to encode files and
transfer them over Internet.

+ 2 Attacks
entering in to or out of the
A firewall cannot prevent users or attackers with modems from
internal network, thus bypassing the firewall and its
protection completely.

4 3. Architecture
security
architecture depends upon single security mechanism failure. If that
iTewall opens
failure. affects on entire firewall programs which
nechanism has a single point of
the loop falls for intruders.

4 Configuration
administrator about incorrect configuration. Only
Piewall doesn't have mechanism to tell
can configure firewall properly.
professionals in the field of network security
ned

Scanned by CamScanner
 Soc
Sys.
&
Crypt. &
Sys. Security (MU-Sem. 6-Comp) Cypt
12-22 Intemot Security Protocols
Following
arethe
5. Monitoring
Firewall doesn't give notification
about hacking. It will notify
OCcurrences. The reason is, organization only about threat
demands additional hardwarc, softwarc
and
different networking tools as per there requirement
hence there is no control on it.
6. Encryption
Firewall and Virtual Private Networks (VPNs)
don't encrypt confidential documents and
E-mail messages sent within the organization or to outsiders.
Dignificd procedures and
tools are needed to provide protection against confidential
documents.
7. Masquerading
Firewalls cn't stop hacker those who steal login id
and password of authentic user to gain
access to a secure network. Once
attacker gains full access of the entire network, attácker Packet FilterF
can delete or change the
4L
network policies of organization. simp
Itis the most
Vulnerabilities Packet filtering is c

some
Firewall can't tell other venerability that might allow a protocol type
hacker access to your internal
network. I the firewall is pla
In the Fig.
12.3.3 Firewall Architecture and Types 12.3.3
network 1
and allo
(MU - Dec. 16, May 17) Also the
traffic usi
Q. 12.3.5 Explain the different types of firewalls and mention of the packet
the layer in which they rather =
operate. (Ref sec. 12,3.3) Thebiggest
Dec. 16, 7 Marks disadva
Q. 12.3.6 What are the types of firewalls ? loset policies.

(Ref sec. 12.3.3) May 17, 5 Marks

Eample

A firewall is a kind of reference monitor. All network traffic passes through firewall.
That's why it is always in invoked condition.
A firewall is kept isolated and cannot be modified by anybody other than administator.

Generally it is implemented on a separate computer through which intranet and extranes

are connected.

Local
(Pro
Flg,12.2

Scanned by CamScanner
 Sys. Security (MU-Sem, 6-Comp)
cypt & 12-23
Internet Security Protocols
f
Following are
the Common architectural
implementations of fircwalls :
Implementations
of firewalls

1. Packet filtering
gateways or screoning routers
2. Stateful inspection firewalls

3. Application proxies

4. Guards

5. Personal firewalls

Fig. 12.3.2: Implementations of firewalls

AL Packet Filtering Gateway

tis the most simple and easy to implement firewall.

Dacket filtering is done on the basis Of packets source or destination address or based on
some protocol type like HTTP or HTTPS.

.fthe firewall is placed just behind the router then the traffic can be analyzed easily.
h the Fig. 12.3.3 it is shown that how packet filtering gateway can block traffic from
Detwork 1 and allow traffic from network 2.

Also the
traffic using telnet protocol is blocked. Packet filters do not analyze the contents
dthe packet rather they just check IP address of the packets as shown in Fig. 12.3.3.

Te biggest disadvantage of the packet filtering gateway is that it requires lot of detailing
toset policies.

Eample

Packet Remote
filtering (Blocked)
network 1
gateway

HTTP
Telnet Remote
(Accepted)
Local (Protected) Network
network 2

Fig. 12.3.3: Packet Filter Blocking Addresses and Protocols

Scanned by CamScanner
 Grypt. & Sys. Security
(MU-Sem. 6-Comp)
12-24 Internet Security
Protocols
lIf port 80
is blocked. If some applications
essentially nced use of port 80
we have to provide all then in this cate
the details of those applications for
which port 80 is nccded. A
2. Stateful Inspection Firewall
that
Packet filtering is done one packet at time.
their attack. Attacker can split the
Sometimes attacker may use this technique
script of attack into different packets so that fL Itc
complete script of attack cannot be identified by etc.
packet filtering firewall.
To avoid this stateful inspection firewall
kecps record of states of the packets from Erample
packet to another. Thus scquence of packets and
conditions within the packets can
identified easily.
In 0
3. Application Proxy stude
Packet filters cannot see inside
addresses for filtering.
the packets. From the packet headers
they just get In A stu

Application proxy is also known as a

bastion host. Fig. 12.3.4 shows
firewall proxies 12.3.
www.Access
la.
Logging
For a
costly.

ap
An

It can S

Syman
can be
Rermote
access
12.3.4 FiL
Remote
file fetches
Q.12.3.8
Fig. 12.3.4: Firewall Proxies
Example

A college wants to publish a

list of selected students.
that list. No student can Then they just want students to rtau
change that list. Moreover
the list. students cannot access more
data
Application proxy
helps us in this regard.
on the screen Here it helps us
and not more than to check only list is
displaycd
that. That list should not
Proxies on the firewall have any modified conle
can be customized
as per the requirements.

Scanned by CamScanner
 & Sys. Security(MU-Sem.
COYpt 6-Comp)
12-25
Internet Security Protocols
Guard

guard is kind of complex firewall. It works similar

A
can decide what to to proxy firewall. Only difference is
do on
that guard behalf of the user
by using available knowledge.
use knowledge of outside users identity, can refer
It can previous interactions, blocked list
clc.

Erample

In
order to increase the speed of the internet a
school can set download limit for
the
students.

A
student can download only 20mb data per day etc.

Personal Firewalls
4 5.
a. 12.3.7 What is personal firewalls? 2 (Ref sec.. 12.3.3(5)

For a perSonal
use to keep separate firewall on a separate machine is
quite difficult and

personal users need firewall capability

a at
lower cost.
costly. So
a can solve this problem.
An application program which can have capabilities of firewall

It can screen incoming and outgoing taffic on a single host.

firewalls. Personal firewalls
Symantec, McAfee, Zone alarm are the examples of personal
can be combined with antivirus systems.

123.4 FIrewall Conflgurations

How firewalls are configured and

managed? (Ref sec. 12.3.4)
0.12,3.8

Flrewall Conflguratlons

1. Firewall with screening router

LAN
2. Firewall on Separate
Router
3. Firewall with
Proxy and Screening

Configurations
Fig. 12.3.5: Firewall

Scanned by CamScanner
 Sy8.
Coypt &
2 Crypt. & Sys. Security(MU-Sem.
6-Comp)
12-26 Internet Security Protocols Firewal
1, Firewall with screening router

AN

Outside network
nrk

Screoning router
Fig. 12.3.6
The screening router is placed in between intranet
and extranet. Another name fre
screening router firewall is network level or packet-filter screening
firewall. Protocol attributes are If
used for performing the screening of p
incoming packets. address to
The attributes like source or destination address, type LAN is not e
of protocol, source or destination
port, or some other protocol-specific attributes
plays a vital role. A screening router Introdu
performs packet-filtering and is utilized as a 124
firewall. In a few cases a screening router
may be utilized as perimneter assurance
for the internal network or as the whole firewall With the rap
solution.
issue for com
2. Firewall on Separate LAN
As e
defined
Unauthorized internet users from accessing private i
networks connected to the internet are (data/secret
prevented by firewall, especially intranets. All messages
entering or leaving the intranet others, becat
(i.e., the local network to which you are connected)
must pass through the firewall, which their
examines each mnessage and blocks those that do not meet secrits
the specified security constraint. these valuab
To overcome the problem of the exposure of LAN, a proxy
firewall can be installed on is As these orga
Own LAN.
their vision a
Many
efforts
Outside network anti-virus
so
LAN in operating =

Proxy gateway
But still
dete
network
scar
inthefield
o
Fig. 12.3.7

Scanned by CamScanner
 Protocols
Security (MU-Sem. 6-Comp) 12-27
Internet Security
Sys.
&

PrOxy and Screening Router

Firewall with

LAN

Proxy firowall
Outside
/netvork

Screoning router

Fig. 12.3.8
ensures the correct
installed behind the proxy fircwall, then it
router is
screening
firewall. In other words it
a double is
guard protection. If anyone fails
f proxy
sddressto
exposed.
LANiS not
Detection
Introduction to Intrusion
124
years, security has becomes an essential
expansion of Internet during recent
With the rapid
comnputer systems.
. computer networks and
issue for most valuable assets
of a security system
is to protect the
defined earlier the
main aim many
As
like banks, companies, universities and
an organizations
Ätalsecret information) of secret information in
some form, and
or
organizations have data
thers, because these availability of
protecting the privacy, integrity, and
their security policies
are keen for
information or data.
these valuable depending on
security policies and requirements
As these organizations
will have different

their vision and missions.

this task are security policies, firewalls,
to accomplish
- Many efforts bave been carried out t services
Systemis (DSs) to configure different
Detection
ati-virus software even Intrusion
inoperating systems and
computer networks.
death,
denial service attacks, IP spoofing, ping of
But still detecting different
attacks (like
is becoming a crucial problem to solve
computer networks
ework scanning etc.) against
nthe field of cryptography and network
security.

Scanned by CamScanner
 Crypt.
8 Sys.Security
(MU-Sem.
1oovercome 6-Comp)
existing allabove 12-28
on but different problems
bS solution researcher
detectionlet us understand called in
\nterne
Security
the field
andthen some IntrusionDetection of computer Protocols
12.4.1 what key
Intruslon isintrusion noints like System seCurnly
(IDS). came
detection what Before with
Q. 12.4.1 Detectlon system? is intrusion? discussing
Whatare hat is intrusion
the strengths
Q. 12.4.2 (Ref.sec. 12.4.1) andlimitations
What intruder oflntrusion
Before is Detection
efining andintrusion System?
Intrusion detection
An Intruder Detection system?
firstunderstand (Ref. sec.
integrity. is a person whatis an
12.4.1)
Intruder's who intercepts Intruder?
Intruder may gains unauthorized system availability,
damage access
When an thatsystem
or to a system confidentiality and
attacker or disturbs with criminal data
illegal action intruder attempts data.
intensions.
many such as denial to break
request of service into an information
that is called for connection setup attacks,
scanning
a
system or
pertorms
as an using fake networks, an
intrusion. IP address, ping scan,
Intrusion etc. which sending
detection is legally
-identifies is an important not allowed
network intrusions technology
access such as abnormal that monitors network
and malicious
attacksto computer network behaviours, traffic, events and
The general systemns. unauthorized
example netwotk
asking doctor of intrusion
what happen detection
to me. is when we
sample to laboratory Doctor suggests suffer from some
disease and
for detection. for blood checking
The blood report and sends blod
given by pathologies
count, WBC, is just detection
RBC, hemoglobin, of disease (number
doctor suggests etc.) then after of plateles
medicine to cure checking the
entire history
the disease. of blood repat
Here blood report
is intrusion detection
checking blood report where as medicine
is called intrusion detection given by the doctor
aic
relief depends upon the system. Finaly
doctor's education, experience how fast patient god

move towards technical and knowledge, joke apat

laus
definition of IDS.

Scanned by CamScanner
 & Sys. Security (MU-Sem. 6-Comp)
12-29
Internet Security Protocols
Syllabus Toplc :
IDS and Types

Intruslon Deetectlon System : Need,

Methods, Types of IDS

(MU- May 16)

Explain the significance of an
Intrusion Dotection Systern
a 24.3 for securing a network.
(Ref. sec. 12.4.2)
May 16,6 Marks
What is IDS? Differentiate statistical Anomaly dotoction
1244 and rule baso intrusion
a detection. (Ref. sec. 12.4.2)
detection system? Enlist
What is intrusion and oxplain ditferent types of
IDS.
(Ret. sec. 12.4.2)
What are the challenges of-intrusion detection?
a1246 (Ref. sec. 12.4.2)
Intrusion Detection system has some policies or mechanisms to protect computer
systems
many attacks. As the use of data transmission and receiving over the internet
from
incTeases the need to
protect the data of these connected systems also increases. Many

scientists have different definition of IDS but as per our point of

view IDS can be defined
as below point.

Intrusion Detection System software that monitors the events occur in a computer
is
to find out
ststems or networks, analyzing what happens during an execution and tries
to achieve confidentiality,
indications that the computer has been misused in order

integrity and availability of a

resource or data".
generate the
. The IDS willcontinuously run on our system in the background, and only
alert when it detects something suspicious
as per its own rules and regulation or attack

signature present into it and taking

some immediate action to prevent damage.

? Intrusion detection
on the
or network activity to find possible attacks
System examines or monitors system
system security policies, standard security
system or network. Signs of violation of
practices are analyzed.
them from
Prevention is the process of detecting intruders and preventing
rusion
intrusive effort to system.

Challenges of Intrusion Detection

intrusion detection systems, it is important to realize that

order to better understand According to the
source of
a number of forms.
atsto networked computer systems come in

Scanned by CamScanner
KT Crypt. & Sys, Security (MU-Sem, 6-Comp) 12-30 ntefnol lecuity Protocola

threats, potential intruders can be roughly classified into two categories

:

1. Outside Intruders The attack is launched by an nauthorized computer user,

:

attacker will stole or broken pašswords, using systemn vulnernbilitiex or impone

configurations, human cngincering techniques, to gain access to computers.

2. Inside Intruders : Internal intruders, who have permission to access the system win
some restrictions, In this case, the intruder already has legitimate access to a compater
system, but utilizes any of the previously mentioned techniques to gain addition
are more harn
privileges and misuse the computer system, Sometimes inside intruders
than outside intruders. It is observed that 80% of intrusions and attacks come from wit.
organizations.

Following are the possible type of attacks that intrusion detection needs to face :

Type of attacks

1. Denial of Service (DoS) attacks

2. Ping scan

Fig. 12.4.1 : Type of attacks

1. Denial of Service (DoS) attacks

These attacks attempt to "shut dowm a network, computer, or process; or

otherwise deny
the use of resources or services to authorized users".
There are two types of DoS attacks:

).Operating system attacks, which target bugs in specific operating systems and cante
fixed with patches;

(ii) Networking attacks, which exploit inherent

limitations of networking protocols
infrastructures.
An example of operating system attack is teardrop,
in which an attacker explols
vulnerability of the TCP/IP fragmentation re-assembly
code that do not properly n
overlapping IP fragments by sending a series of overlapping
packets that are fragmen
Typical example of networking DoS attack is a "SYN flood" attack, which
advantage of three-way handshake for establishing a connection. In
this attack, a
first
a
establishes large number of "half-open" The
attacke
connections using IP spoofing.

Scanned by CamScanner
 Sys..Secunty (MU-Sem,
CYpt & 6-Comp)
12-31
SYNIpackets with the Intemet Security Protocols
sends spoofed
(faked)IP
Connection. address
tothe victim in order to establish a

victim creates record

a
The in a data structure
spoofed IP address, and responds with
the but it never
reccives SYNIACK meSsage
establishing the connection, the final acknowledgment to
sincc the message ACK for
spoofed IP
respondto the SYN/ACK messages. addresses are
unreachable or
unable to
Although the
record from the data
structure
generate sufficiently is frecd after a
attempts lo large number
of
time out period, the attacker
structure that may lead to a segmentation "half-open"
data connections to
fault or locking up overflow the

Ping scan thecomputer.

2.

Thesimplest form of scan, an attacker

sends an ICMP
is
candidate machine (which the same way echo request packet
the pingtool works). to every
Any addresses that respond are noted as
active.
TCP Connect ) scan : Another Simple scan, an attacker
) attempts to opena
connection to a
typical port on the candidate standardTCP
machine (such as
Lne 1vhere such a connection the HTTP port 80). Any
succeeds is noted as active.
Since many systems
pnnnection attempts,
this type of scan log any
easy
is relatively to recognize from standard
audit
data.

1DP scans : This scan consists of

sending UDP packets to likely ports on candidate
machines at worst, scanning
for any open UDP ports. Since UDP is connectionless, such
attempts are harder to
control using filtering firewalls, and may be capable of finding
unprotected services and hosts. Many variations on these
scanning techniques exists
including scans using fragmented packets, and scans spread across a
long period or a
number of source machines. In practice, completely blocking scans is probably infeasible -
but may give an administrator early warning of an impending attack.

O Rlogin : The RLOGIN attack is characterized by a high rate of connections from one node
toanother, often within a small period of time. In this attack, the intruder is attempting to
gain access to
the system.
Need of IDS

uusion Detection has its primary goal the detection of abuses of computer systems also
t performs a variety of functions like:
Monitoring and analyzing user and system activity.

Scanned by CamScanner
 Crypt. &
Sys.Security (MU-Sem.
6-Comp)
12-32 Internet Security Protocols
2 Auditing system configurations
and vulnerabilities. 124.3 In
3. Assessing the integrity of critical system
and data files.
124.7
4. Recognition
of activity patterns reflecting known la.
attacks. The ca
5. Statistical analysis
for abnormal activity patterns. stateful
pro
6. Operating-system audit-trail management, free.
with recognition of uscr activity reflccting erTor
policy violations.
IDS should offer reports of attacks in 124.3(A)
real time, ideally as the intrusion
allowing security personnel to take is in progress
corrective action. It is a
IDS should cooperate with other security mechanisms, observe
increasing the overall security of
systems. Ideally, IDS should be capable
of detecting failures or attacks on other security network
mechanisms, forming a second level defence.
of
Signatu
IDS should be capable of responding to intrusive behaviour:
by increasing its monitoring packet
in the relevant sections, or by excluding or restricting intrusive
behaviour.
1fan at
IDS should protect itself against attacks, ensuring that
the integrity of the greater system, patterme
and audit information up to the point of compromise remains intact,
and ensuring that a
compromised or hostile component cannot adversely affect the functioning the system Signatu
of
as a whole. docume
Other than monitoring network intruder and policy violations, the IDS can be useful in are pres

many other ways : Signatur

events a
To identify problem based on security policies.
- It also u
To maintain the logs of all the threat those are detected by IDS.
known a
As users are monitored continuously in network, making them analyze so that kss
For exar
violations cannot be committed. header) a
occur like terminating th:
Using Some preventive measures so that violation cannot be Signatur
or accounts that ar
network connections, user session or block access to the targets the techniqu
likely to be violated. match is
System) can acts like proxy, which
heips

The IDPS (Intrusion Detection and Prevention to invalidate

Signature
request and remove header. This helps
un-packaging the payload of the it require
intruder attacks. ThemOS
to prevent it from attaCKS.
can sometimes change the security environment forattack
The IDPS

Scanned by CamScanner
 & Sys. Security (MU-Sem. 6-Comp)
8
coypt.
rotoco! 12-33
Internet Security Protocols
Detectlon
1243 Intrusion Methods/
Technlques
Explain methods
fa124.7 for intrusion detection
system
categorization of
Detection methodologies (|DS).(Ret. seC. 12.4.3)
analysis. Most of arc : Signature
caeful protocol the IDPS uses Bascd, anomaly
these techniques based,
lecting rorfree. to reduce or make network
124.34) Slgnature Based Detectlon
ogress
IIis a procesS of comparing the signatures of known
threat with the events
rity of ohserved. Here the current packet is been matched that are been
with log entry
network. of the signatures in the
2curity
as
Signature is defined the pattern (structure) that
we
search inside a data packet.
contain Source address, destination The data
toring packet may address, protocol, port
number etc.
f an attacker adds any
malicious code into these
data packet he
is generating attack
wstem, pattern or signature.
that anature based IDS create databases of such attack pattern
for detecting the known or
ystem
aumented attacks. Single signature is used to detect one or more types
of attacks which
are present in
different parts ofa data packet.
ful in
Signature based IDS used to monitor the events occurred in the network and match those
events against a database of attack signatures to detect intrusions.

- It also uses a rule set to identify intrusions by watching for patterns of events specific to
known and documented attacks.
less For example, we may get signatures in the IP header, transport layer header (TCP or UDP
beader) and application layer header or payload.
the SIgnature based intrusion detection system sometimes also called misuse detection
ar lechniques. It checks for the attack pattern with the existing stored database pattern and if

natch is found then generates the alert.

s in gnature based IDSs are unable to detect unknown and newly generated
attacks because
the database.
requires manual updating of each new type of attacks into to the existing
-
based IDS is SNORT IDS freely available
u nost well known example of signature
tor atack detection
and study purpose.

Scanned by CamScanner
 Cypt.

Crypt. & Sys. Secunty (MU-Sem. 6-Comp) 12-34 Internet Security Protocols rescarc
over a
r Advantages
Anom
An atvantage of misusc-detcction IDS is that it is not only useful to detcct intrusions. h..
it will also detect intrusion attempts. order t
anomal
Elective at detccting known attack without too many false alerts as comparc to anomal.
detection technique. This ca
Most of the current network intrusion detection system uses misuse detection techni
for finding the attack pattern and detcct them according to the rules and regulation
...
Frthermore, the misuse detection IDS could detect port - scans and other events a

possibly precede an intrusion.

r Disadvantages
Detecting only known attacks therefore it cannot identify new attacks efficiently
If there is single variation into attack signature it invalidates the attack signature or nnakl.
1. Th
to detect it.
Thresho
Constant updating of attack pattern is required.
compar
12.4.3(B) Anomaly Based Detection
2. Pro
Q. 12.4.8 Explain Anomaly-based Instruction Detection System. (Ref sec. 12.4.3(B)
Profiles
It is the process of comparing activities which are supposed to be normal against observed checkin
events to identify deviation. Advanta
An DPS uses Anomaly based detection techniques, which has profiles that represet
An ano
normal activities of user, host, connections or applications.
observes any
For example inform and
a
Web activities are a normal activity done in a network. Anomaly based IDS works on tie Disadva
notation that "attack behavior" enough differ from "normal behavior" (IDS developer ma
Anomal
define normal behavior).
unpredic
Normal or acceptable behaviors of the system (e.g. CPU usage, job execution ime e
It also
the system behavior looks abnormal i.e. increasing CPU speed, to0 many job execution
a hasd
characte
time then it is assumed that the systems is out of activity. Anomaly
normal
detection is based on the abnormal behavior a In additie
of host or network. user's
Database for such type of network, ani be
IDSis the events generated by user, host and difficult
"normal" behavior collected fron
of the systems. These events (historical data) are

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
copt. & 12-35 Intornot Security Protocols

laboratorics which continuously

research work on normal and
time abnormal bchavior systems
over a period of
based 1DS checks ongoing
Anomaly traffic, host activities, transactions and behavior in
identify intrusions by detecting anomalics,
order to Host- bascd 1DS generally uses
anomaly based techniques,

can be done in two ways :

Thiss
Anomaly Based
Detectlon

1.Threshold detection

2. Profile Based detection

Fig. 12.4.2 : Anomaly based detection

Threshold detection
A L
all users for all groups and frequency of all events is measured
Thresholdis defined for
threshold.
comparing with

Based detection
4 2 Profile
are matched against the collected statistics for
Drofilesof individuals are created and they
checking the irregular patterns.

T Advantages
network. If it
system observes and checks the deviation of normal
An anomaly detection it will immediately
or suspicious in the network from normal deviations
cbserves any changes

alert about the unknown

attack.
informand

Disadvantages
due to the
generate large number of false alarms
Anomaly detection techniques
unpredictable behaviors of
users and networks.
to
events, records in order
"training data set" of system
lI also requires
extensive
characterize normal behavior patterns. a
changes over time (for example,
normal behavior usually very
n addition, because a user's moves from one host to another host),- it is
USer's behavior
may change when he behavior.
historical data of normal and abnormal
diticult to collect the

Scanned by CamScanner
 2 Crypt. & Sys. Security(MU-Sem. 6-Comp) 12-36 Internet Security
Protocols
3. N
12.4.3(C) Stateful Protocol Analysls
These
Unlike anomaly based
detection which uses host and network specific profiles DDOS
stateful protocol analysis relies on Vendor developed
universal profiles. The stateful
analvsis means the IDPS is able of checking protocol
pre defined in them. It can
the network, applications, and protocols that 4. H
identify unexpected sequence of threats in form of commande
These
Dlsadvantage of stateful protocol analysis
AmonE
Stateful protocol analysis are extensively resource demanding.
the net
These methods don't capture threats or
attacks that don't hamper the general
protocol in network. ac. 124.4(A)
12.4.4 Types of IDS As the
a. 12.4.9 networ
Explain types of Intrusion detection systems
(|DS). (Ret. sec. 12.4.4)
o. 12.4.10 Describe the different types of IDS
and their limitations. (Ref. sec. 12.44)
The types of IDS are differentiated
mainly by the types of event they monitor
scrutinize.
There are four types of IDS.

Types of IDS
Technologles

1. Network based Out

2. Wireless

3. Network Behavior Analyse

4. Host Based

Fig. 12.4.3: Types of IDS

1. Network based

The IDS monitors network traffic. It analyzes

the network activities and protocol activite
to identify suspicious activity the These n
of network.
to detec
2. Wireless
NIDS
The IDS
d
monitors the wireless
network traffic. activities and
and trie
It analyzes the network
protocol activities of wireless network. present

Scanned by CamScanner
 Sys. Security (MU-Sem,
COpt & .6-Comp)
Intemet 12-37
Security
Protocols Network Behavionr Analyse Internet
Security Protocols
nctwork behavior
These analyze
specific pDOS(Distributed Denial identify
profiles., of Servicc) the trcats that
S. attacks, create
The stateful the unusual traffic overflow,
Host Based
malwares,
and protocolsprotoco 4.
and policy
violations.
m of commands. that are monitors the
These IDS host andthe cvcnt occurs
Among above four types of IDS within that
two are important host.
hosts.
be networks and and most commonly
used to monitor
the general 124.4(A) Network based IDS (NIDs)
accepted
usage and popularity of
Internet is increasing
As
the
:
network are increasing for example TCP
hijacking, DOS,
tremendously,
the atacks to
IP Spoofing etc. the
2.4.4)
9c. 12.4.4)
t
they monitor or Target Host
Normal User

Network HUB

attacker
Outside Attack Patterns

Network IDS

Normal Pattems Abnomal Patterns

Inside atacker

How to
detect
Unknown
Attack?

Fig. 12.4.4 NIDS architecture

:

IDS It need Network based DS

tocol activities Ihese network attacks cannot be detected by host based
lo detect the attack and resolve it. General architecture
of NIDS is shown in Fig. 12.4,4.

analyzing packets or network traffic

DSdetects attacks by monitoring, capturing and
misused. It detects malicious data
u ues to give indication that computer has been
nctivities and Present into packets by monitoring network traffic.

Scanned by CamScanner
 COYpt&
Sys. s
1 Host
< Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-38 Internet Security Protocols
(244E)
NIDS continually monitors nctwork traffic and discovcrs that if hacker/ intrucder me uSually
attempting to brcak into a system. HIDS
audit
trail is
When NIDS installed on main server which consist of multiple hosts in a singlc networl. use
soplication, or
i detects attacks present in the multiple hosts by checking incoming packets that looks An
unordinary.
gencrally in
HIDS
NIDS uses raw network packets as the training dataset for offline detcction collected f
Foaturesof H
well known research laboratory such

(DARPA).
as Defence Advance Research
Project Agency
s HIDS focus m
As defined carlier it can be installed on servers, workstations, personal computers continuous]
machines dedicated to monitor incoming network packets from switches, routers and It that
to check
probes for intrusions.
It
generally lo
Advantages of NIDs c
-
A well placed network Based IDS can monitor a large network. r Advantages
As defined ea
NIDS just listen to the network; it does not interfere in the network.
horse or other
NIDS can be made very secure against attack and made invisible to many attackers.
HIDS analyz
Network-based IDS use live network traffic for real time attack detection and also decrypted by
operating system independent.
It is able to m
G Disadvantages of NIDS
Disadvantage
It becomes difficult for NIDS to recognize the attack in large or busy network due to high
- Host-based
traffic is there in network. It will be difficult for NIDS to analyze. I
host. Monitor
NIDS cannot analyze the network if communication is in encrypted format.
and log gener
Difficult to detect the whole process of attack, usually detect only the initial level of
When host-be
attack. data can
be in
We have seen a different type of IDS but we must know how these IDS detect whether -
Host based
given packet is malicious and the system behaviour is abnormal. There are two main types I
attacks
becau=
of detection techniques for analyzing events generation, system logs, audit trails, ad
malicious packet activities namely : anomaly detection and misuse detection also called
signature based IDS. 12.5
Electror
(NIDS) usually consists of a network sensor with a Network Interface Card (NIC) or LA
card operating in casual mode. The IDS is placed along a network segment or bounuey
and it monitors all traffic on that network segnent. Q.12.5.1.
Write

Scanned by CamScanner
 Intornet Security
Protocols
Security (MU-Sem. 6-Comp) 12-39
s.

Based IDS (HIDS)

Host
collectg information from the operating system audit trails, and system logs.
usually
HIDS
a series of records of computer events, about an operating system, a
trail is
activities generated by an auditing system that monitors system activity).
or user
ition, installed on individual host which is connected to the internct.
Lenerally
MIDS
HIDS
Fosturesof are installed on.
r monitoring and analyzing the computer system they
HIDS.focus content of RAM and the file systern
monitors the state of system. It check
continuously
content do not look suspicious.
tcheckthat
o
their
tinme malicious, suspicious activity of system log-
looks for the real
generally
It
HIDS
Advantagesof
Host-based IDS operate on OS audit trails;
they can help detect Trojan
f defined earlier
As creates the software integrity violation.
other attacks that
horse or encrypted or
encrypted network traffic, which usually
most of the
HIDS
analyze
receiver.
sender and/or
r

decrypted by the not possible for Network IDS.

attack, which is sometimes
to monitor and detect
tis able
Disadvantages of HIDS
installed on individual
manage, because they generally
Host-based IDS are difficult
to configuration
because of different system
nst. Monitoring to individual
host is difficult

and log
generation. source the amount of
system logs as an information
When host-based IDS
use operating
system.
requiring additional local storage on the
data can be increase, scan
network denial of service and network
Host - based IDS are not
suitable for detecting
those packets received by individual host.
ztacks because it only
checks only
Secure Email- PGP
Syllabus Topic:

S Electronic Mail Security:Pretty Good Privacy

(MU- May 16)

May 16, 5 Marks

sec. 12.5)
Write in brief about Email security. (Ret.
Q12.5:1

Scanned by CamScanner
Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-40 Internet Security Protocols

We all are aware that most popular use of Internet is to send the cmail and chatting with

the triend's, partner cte. But have you cver think that if we are sending mail to intende
person is going in his inbox only?

Security concerns have estimated that only about one in every 100 meSsages is secured
against interception and modification attacks. Are we awarc that sending an email
business partner or friends in clear text message is going through thousands of machin
(between sender and receiver before it reaches to intended recipients?)these machine.
might read and saved the contents of email for future use?
Many people think that name given in sender of the mail identifies
who actually sends it
When you send a message through email, we cannot guarantee
that it will be deliver to
correct destination or received exactly what you sent.
And even there 1s a n0 Way of
knowing that the message is received read and
forwarded by attacker.
Because of wide spared problem email
of modifications, sending it to wrong destination
by intermediate parties, email spoofing, we
need a competing solution to overcome and
address the issues of authentication,
integrity and reliability
sender and receiver. of the messages between
The public key cryptography play an
important role because of two
intended sender can decrypt the message keys used, onl
using his public key as message encrypted using
private key of the sender.
The solution is called as Pretty Good
Privacy (PGP) program/ software
secrecy and non-repudiation which provide the
of data sent over Internet especially by email.
Pretty Good Privacy (PGP) is a
popular open-source freely available
software packagd
techniques used to encrypt and decrypt
email messages over the Internet.
PGP is an e-mail security program
written by Phil Zimmermann in 1991,
PGP progam
become a de facto standard for
e-mail security used to store
can benon-readable the encrypted files so thet
by other users or intruders.
This program also be used to send an encrypted
digital signature, let the receiver veril
sender's identity and know that the message was
not changed or modified wr
transmission.
Once the file is encrypted using PGP program
only the intended recipient can ec
Once message content digitally singed by sender,
the sender guarantee to the reciy
that message or file comes from valid sender and not by attacker.

Scanned by CamScanner
 & Sys. Security (MU-Sem. 6-Comp)
12-41
signature functionality Intornot Security Protocols
pigital of PGP guarantees
.and not from an intruder. that the messagc
sender or file come
from the
Worklng of Pretty Good Privacy

How does PGP achleva

confidentlality (MU - Dec. 15)
sec. 12.5) and authentication
(Ret. in emails?
mentioned carlier PGP uses the concept Dec, 15.5 Marks
As of public key cryptography,
message using PGP.
plaintext it first compress if user encrypts
the thc plaintext message.
uses data compression techniquc to cncrypt
BGP the plain text message
transmission time and disk space and more which saves
important it strengthen the
compression PGP generate the security.
Afler data the session key. Table 12.5.1
in order shows how PGP
encrypt the meSsage to achieve the confidentiality,
non-repudiation. integrity
and
Table 12.5.1 : Encryption
and Decryption of Pretty Good Privacy

Parameter Algorithm
Description

Digital SHA or RSA A hash code of a message is created

using
signature SHA-1. This message digest encrypted
is using
RSA with the sender's private key and added
with the message.

Message IDEA or Triple A message is encrypted using IDEA or 3DES

cncryption DES with Diffie- with a one-time session key generated by the
Hellman or RSA sender. The session key is encrypted using
Diffie-Hellman or RSA with the recipient's
public key and Rdded with the message.
saves the
3. Compression ZIP A message is compressed, which
transmission time and disk space.
transparency, an
4.
Email Radix 64 For email applications
to an ASCII
|compatibility conversion encrypted message converted
conversion.
string using Radix 64
before
Segmentation To resemble the segments
decryption process.

Scanned by CamScanner
 Crypt, &
Sys, Becunity (MU-Bem, 8-Comp) Internet Socurity
12-42 Protoccln

Following are the detail encryption and decryption steps of PGP:

Encryptlon and decryptlon

atops of PaP

1.POP Authontlcatlon

2,PQP Contidentially

3.PAP Authentlcation and Conlidentialty

4. PGP Compronalon

5.PGP E-Mall Compatibility

6.PGP Sogmontation

Fig. 12.5.1 :Encryptlon and decryption steps of PGP

1. PGP Authentlcatlon
1.
Ramesh has (private/public) key pair (Rd/Re) and he wants to send a digitally
sizned
message m to Suresh.
2. Ramesh hashes the message using SHA-1 to obtain SHA(m).
3. Ramesh encrypts the hash using his private key Rd to obtain ciphertext c given by

c= encryptae(SHA(m)
4. Ramesh sends the pair (m,c)to Suresh
5. Suresh receives (m,c) and decrypts c using Ramesh's public key Re to
obtain signature S
S = decryplre(c)

6. He computes the hash of m using SHA-1 and if this hash

value is equal to S then
message is authenticated.

Suresh is sure that the message is correct and that came from Ramesh. Furtherrm:
Ramesh cannot later deny sending the message since only Ramesh has access tO
private key Rd which works with respective
public key Rd.
2. PGP Confidentiality
1, Ramesh wishes to send Suresh a confidential message m.
2. Ramesh generates a random session key k
for a symmetric cryptosystem.
3. Ramesh encrypts k using Suresh's public
key Be to get.

Scanned by CamScanner
 Protocols
Security(MU-Sem. 6-Comp) 12-43 Internet Security
Srs.
CSpt&
= encryptpe(k)
k'
message m with the session key k to get ciphertext c
encrypts the
Ramcesh
c,= encrypt(m)
4 the values (kc)
sends Suresh
Ramesh
receives the
values (k',c) and decrypts k' using is private key B,to obtain k.

Suresh
decryptB(k'")
k =
session key k to decrypt the ciphertext c
and recover the message m

uses the.
Suresh
decryptk(c)
m=
symmetric key cryptosystems are combined in this way to provide security for
Public and efficiency for encryption. The session key k is used only to
exchange and then
key
message m and is
nott stored for any length of time.
encryptm
Authentication and Confidentiality
PGP
+3. can becombined so that Ramesh can
authentication and confidentiality
schemes for
Thc
message which is encrypted before transmission. The steps required are as
n confidential

follows :
signature c for
his message as in the Authentication scheme
m

generates a
1 Ramesh
cncryptra(SHA(m))
C= c
message and the signature
m

generates random session key k and encrypts the

a
Ramesh

using a symmetric
cryptosystem to obtain ciphertext C
C = encrypt(m,c)
public key
3 He encrypts the session key k using Suresh
k' = encryptpe(k)

4. Ramesh sends Suresh the values (k',C)

decrypts k' using his private key Bd to obtain the session
S. Suresh receives k' and C and
key k

k = decryptpa(k')
to obtain m and c
Sresh decrypts the ciphertextC using the session key k

(m, c) = decrypta(C)
1.
it he uses Ramesh public key
Re
now has the message m. In order to authenticate
Suresh

Odecrypt the signature c and hashes the message m using SHA-l.

Scanned by CamScanner
 Sys.
&
46Cypt
Crypt. & Sys. Security (MU-Sem. 6-Comp) 12-44 Internet Security
Protoccs
Each24
If SHA(m) = decryptRe(c) 2 6
Each
Then the messuge is authcnticated.
3 This val
4
PGP Compression 4.
PGP can also compress the messagc if desired. The compression
algorithm is
PGPSes
ZAP
decompression algorithm is UNZIP. andthe cons
Another
1. The original message m is signed as before to obtain automat
c= PGP
cncryptr(SHA(m) receipt, th
On
Now the original message m is compressed to obtain
Following are
2

M= ZIP(m) Authenti
a 1.
3. Ramesh generates session key k
and encrypts the compressed message
and the signature Non-repL
using the session key 3.
C = encrypt;(M,c) 5.
CompreS
4. The session key is encrypted using 7. Segment
Suresh's public key as before.
5. Ramesh sends Suresh
the encrypted session key and ciphertext
C. 12.5.2 Backdc
6. Suresh decrypts
the session key using his private
key and then uses the session key ts we
decrypt the ciphertext C to obtain M and c Suppose,

(M,c) = decrypt(C)
can get unau
a Backdoor i
7 Suresh decompresses the message to
M obtain the original messagem
A Backdoor
m = UNZIP(M)
provide unaut
8
Now Suresh has the original message m
and signature c. He verifies the signature usina A backdoor i
SHA-1 and Ramesh's public key as before.
encryption al
5. PGP E-Mail Compatibility
A Backdoor
r
Many electronic mail systems can only transmit even
blocks of ASCII text. This creates be imple
problem when sending encrypted data which is
in cipher text formn might not coespod Just to
give ar
to ASCIIcharacters that can be transmitted.
statement
PGP overcomes this problem by using Radix-64
for
gave
conversion. unauthc
Suppose the text to be encrypted has been converted into binary using Networks
ASCl coding
encrypted to give a ciphertext stream of binary. Radix-64 conversion maps. aro decrypts ha
VPN
binary into printable characters. There
are
1. The binary input is split into blocks of 24 bits (3 Backdoors. t
bytes).

Scanned by CamScanner
 Security (MU-Sem. 6-Comp)
12-45
Internet Security Protocols
block is then split into four sets
each of 6-bits.
wilt then
haveavalue between
6-bitset 0 and
, Fach
value is
encoded into a printable
character.
2-1(=63).
Segmentation
PGP
constraint of e-mail is that there
is usually a maximum
Another message
oautomatically hlocks an cncryplca messago length.
into segments of an
must be) re-assembled appropriate length.
P
receip,
the. segments before the
decryption process.
are the service offered by the PGP:
On
Allowing
Authentication 2. Confidentiality

Non-repudiation 4
Integrity

Compression 6. E-mail compatibility

Segmentation

Backdoors and Key Escrow In PGP

Suppose, have saved your password in laptop. So, anyone who has access
wWe
the laptop,
unauthorized access to your account. And tht is a
can get simple way of saying what
Backdoor is.
a method for bypassing normal authentication a
A Backdooris in system and thus,
ovide unauthorized remote access to the system to malicious users.

A backdoor is a "feature" in the software of. PGP like an utility functions but not
in the
ccotion algorithm that allows an outside party to decrypt which is encrypted by PGP.
A Backdoor may be implemented as a hidden part of a program or a separate program or
even be implemented by hardware.
conditional a
Just to give anexample, in 2003 a Backdoor was planted in Linux Kernel. In
was replaced with '=. As a result, it
for checking root access permission, '=
=
staterment

gave unauthorizd access to malicious callers. Even very recently, in 2015, Juniper
that automatically
Networks have warned about a malicious Backdoor in their firewalls
decrypts VPN traffic.
Backdoors and Asymmetric
re two types of Backdoors -Object Code
Backdoors.

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. Clis
6-Comp) 12-46 Internet Security Protocols The
chpset
In Object Code Backdoors, software source code remains
fe
keyto
unchanged, but the object code
gets modified maliciously. As the object code is designed to
was def
be machine readable, i
Decomes much more difficult to detect. These types are inserted in the on
of Backdoors encryptic
disk object code or inserted at some point during compilation, linking or loading.
Recompiling the software source code may get rid of the Backdoors. So, malicious user: escA
Key
Sometimes change the compiler source code in such a way that, whenever
it compiles needed t
links and loads the source code. the Backdoor is inserted. These Backdoors can autho
be fire
by recompiling the compiler and removing the Backdoor inserting codes. an
Normally, Backdoors are symmetric. Anyone who finds the Backdoor, can in turn use
But, Asymmetric Backdoors can be exxploited only by the attacker who
i
plants it, even i
the Backdoor implementation becomes public. This type of attacks are termed ae 12.6
Hon
Kleptography and they can be carried out in software, hardware or in combination of
both. The theory of Asymmetric Backdoors is a part
of a larger field named A honey
Cryptovirology.
or new
Counter measures hackersE
Once Backdoors are detected, rebuild a clean system and transfer Multiple
data.
Another method is to use Diverse Double Compiling or DDC. There ar
It requires a different
compiler and the source code of the compiler to be tested.
That source code, while employe
compiled with two different compilers, would result in two different stage-1 complers
informat=
showing same behaviour.
hackers'
Thus, the same source code compiled in two different stage-1
compilers, must result in
two identical stage-2 compilers. This method was Honeypo
applied to verify that C compiler of
GCC Suite contained no Trojan, using the icc as the other compiler. as
Normally, Operating
firew
Systems vendors implement these type of methods to make sure they are not distributing a addition,
compromised system. systems.

G Key Escrow There are

method :
Key escrow is a cryptographic key exchange process in which a key is held in escrow, of
stored, by a third party. A key that lost or compromised by its original user(s) may be o Proe
used to decrypt encrypted material, allowing restoration of the original material to rese
unencrypted state. attac
Key escrow systems provide a backup source for cryptographic keys. Escrow systems o Rese
somewhat risky because a third party is involved. for
for

Scanned by CamScanner
 CYpL &
S/s. Security (MU-Sem.
6-Comp)
12-47
Internet Security Protocols
Clipper Chip was a U.S. government
The
promoted as an encryption encryption
chipset was chipset introduced in 1993. The
device with a
facilitate encryption gOvernment-held (escrow) master
key to in
the face of sccurity
by 1996, threats. The controversial
was defunct
but the concept Clipper Chip
evolved into
encryption tool, which is used worldwide. the Pretty Good Privacy (PGP)
escrow (also known as a "fair
Key cryplosystem)
decrypt encrypted data are held
is an arrangement
neededto escrow so in which the keys
in that, under certain
authorized third party may
gain access to those keys. circurnstances,
n
Syllabus Topic : Honey
Pots

Honeypot
126

honeypot is a decoy computer system for trapping

-A aw hacking methods. Honeypots are
hackers or tracking unconventional
designed to purposely engage and
deceive
hackers and identify malicious : activities performed over the Internet.
s

- Multiple
l honeypots can be set on a network to
form a honeynet.
There are many advantages to honeypots. "The main one is the case with which they are
mploved. Another advantage 1s
that although honeypots seek small amounts of hacker
information, the information is considered highly valuable for studying
and uncovering
hackers' motivations.

Honeypot systems are not perfect, however. They contain the usual technology risks such
s firewall penetration, broken encryption methods and failure to detect attacks. In
addition, honeypots are unable to detect attacks against systems that are not honeypot
systems.

There are two different kinds of honeypots. They are classified based on their deployment
method :

:
Used by companies and corporations for the purpose of
o
Production Honeypot
researching the motives of hackers as well as diverting and mitigating the risk of
attacks on the overall network.

Kesearch Honeypot Used by nonprofit organizations and educational institutions

:

the hacker community

Or tne sole purpose of researching the motives and tactics of
for targeting different networks.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Internet Security Protocols
12-48
CH
Honeypots are not always designed to identify hackers.
Honeypot developers are often more interested in getting into the minds of hackers, which
as well as to educate other professionale
then permits them to design more secure systems,
about the lessons learned through their efforts.
Overall, honeypots are considered an effective method to track hacker bchavior
and

heighten the effectiveness of computer security tools.

Chapter Ends... Syllab

Sof
inje

13.1 E

13.1.1

Q.13.1
A se

But

Exa

1.

2.
3.
4.
Th?
1.

Scanned by CamScanner
 Module 6
CHAPTER

13 Software Vulnerabilities

Syllabus
Vulnerabilities : Buffer Overflow,Format string, cross-site scripting, SQL
Software
Malware:Viruses, Worms, Trojans, Logic Bomb, Bots, Rootkits.
injection,

13.1 Program Security

131.1 Secure Programs

securee proaram ?.(Ref. sec. 13.11)
o. 13.1.1 What is
integrity.
or enforces availability, confidentiality and
A secure program is which provides
security requirements and needs.
may have different
- But different people

Examples
or her work is good enough.
1. Naive user : Fit for his
tests while programming.
2. Programmer :Passes all his / her
specifications are covered.
3. Manager : All requirements and
testing.
implementation, functioning and
4. Developer :Correct

This security can following ways,

be judged by
1. By fixing software faults can be
fix method new faults
While fixing software faults
especially by quick effects of

work
pressure, deadlines, side
by
introduced. Mainly these faults are caused
requirements etc.
Ihe fault fixing, system performance

d By testing program behavior

program. In requirement
cause faults / failures in the
While coding typing errors may

Scanned by CamScanner
 Software Vulnerabilities
13-2
6-Comp)
Socurity (MU-Som.
Crypt. & Sys. understood then again it may cause
not clearly.
requirements are differcnt
components in the program have
analysis phase if implementation. Again intentional or accidental flaws in
and may producc
Wrong coding which
cach other attackers to cxploit vulnerability.
communicate with are used by
to
program. Accidental
faults such faults.
thoroughly to avoid
the nust be done can check that what
Therefore testing testing also. Testing
limitations for this program should not do. Again progam
are sonme what
But there check structures as well as changing
It cannot
program should do. data
complex coding, complex
complexity i.e.
challenges for testing.
technologies are the
program analysis software security. Care should be taken
3. By judging
approaches for
one of the best deployment stage. While developing program,
It is
requirement analysis to considering all the scenarios.
right from be performed carefully by
debugging should and techniques can be
testing and
specialized security methods
on the analysis
Based
implemented.

13.1.2 Non-mallcious Program Errors

(MU -Dec. 15)
errors.
exanmples explain non malicious programming
With the help of
Q. 13.1.2 Dec. 15, 5 Marks
(Ref. sec. 13.1.2)
program errors ? (Ref. sec. 13.1.2)
Q. 13.1.3 What is non malicious
errors are not
Most of these
a programmer can make mistakes/errors.
While programming, Program
Many such kind of errors do
not have huge impact on security.
intentionally done.
non-malicious.
may produce wrong or incorrect results but it is

Following are the three types of non-malicious

program errors,

1. Buffer overflows
Q. 13.1.4. What is buffer oveflow in software security ? (Ref, sec. 13.1.2(1)
overtlow Spact
Attacker can insert malicious data values / instruction codes into
be
limits cannot
Array bound checking is not performed by C compiler, pointer

defined ás well.
Example : int B[15];
Here the aray bound is (0 to 14). i.e. B[O]J...B(14].

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
oftware Vulnerabilities fcYpt. & 13-3
Software Vulnerabilities
inserted after that bound
again If anything thenthe adjacent
it may
n the programcause Attacker can overwrite users data,
changes users
data is overwritten.

accidental have changes OS instructions. Thus can get instruction, overwrite OS data,
flaws in complete control of a
ploit vulnerability,. also known as aliasing. program or OS. This is

Running normal
n check After attack
that what
o. Again program Program
Instructions Program
well as changing Instructions

Data
Data

HEAP
should be taken Dynamic Memory HEAP
Mallcious codel
eloping program,
all the scenarios. Procedue Call Prooedure Call
hniques can be Frame Frame
Buffer Bufferoverflow
Modified Returm
Retum address
Address!

(MU- Dec. 15) Fig. 13.1,1 : Buffer overflow attack

Tors. As shown in Fig. 13.1.1 attacker changes the return address and thus can transfer the
.
15, 5 Marks control of the program.

|2 Incomplete mediation
e errors are not
0.13.1.5 What
is incomplete mediation in software security ?
urity. Program
(Ref. sec. 13.1.2(2)
as sensitive
Due to incomplete mediation serious
security threats can be introduced
condition.
data may get exposed and can result in uncontrolled
=
htp://www.onlinestore.com/purchase/total 935.
Example : URL:
server,
request to the
W space. can edit the total
User cost and resubmit the
be URL: http://www.onlinestore.com/purchase/total =035.
ts cannot
Such kinds of vulnerabilities are very dangerous.
permissions
vulnerabilities. Such editing
such
Proper care
should be taken to avoid
Should not available to the user.

Scanned by CamScanner
2 Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-4 Software Vulnerabilitles

3. Time-of-check to tlme-of-use errors (TOCTOU)

This is one of the best examples of RACB condition.

RACE condition is very vulnerable to attack.

Example :
If two thrends are sharing their root and current directories then, Let
Thread X's current working directory is /college.

Thread X calls open("shadow"):

Y calls chdir(department")

system monitor pernits botlh the calls

open("shadow") executes with /department as working directory

X's call now opens /department/shadow"

be.
Proper locking mechanism can prevent this kind of attack. Time lags should
considered. After checking values it must be locked using digital signatures and
certificates. Thus after check data cannot be modified.

Syllabus Topic : Malware - Logic Bomb, Bots

13.1.3 Mallclous Software

Q. 13.1.6 What are different types of malicious code ? (Ref, seo. 13.1.3)
Q. 13.1.7 What is malicious code ? (Ref.,. sec. 13.1.3)
Q.13.1.8 What are the different types of
malicious software's ? (Ref. sec. 13.1.3)

Malicious software is software where an attacker can get partial or full control of the
program. Thus attacker is free to do anything that he / she want to do.

Fig. 13.1.2 shows different types of malicious software's.

Malware is currently the major source of attacks and fraudulent activities on the Internet
Malware is used to infect computers. Malware, short form is malicious software or also called
as malicious software.

Scanned by CamScanner
 Vulnerabilities
MU-Sem 6-Comp)
Software
Securiy 13-5

Malicious Software
Tpes of Tados
r Trojan Horses

Bacteria

Logie borbs Worms Viruses

malicious software's
Fiz 13.1.2: Different types of

Botnet
) computers under control of an attacker.
Batnet is a network of zombies, 1.e. compromised
connected to the
Bot is a program loaded
on ZOmbie computer (a zombie is a computer
a
Internet that has been compromised by hacker)
that provides remote control mechanisms
an attacker. Bot - a small program to remotely
control a computer.

Bot is characterized by Remote control and

communication (C&C) channels to ommand
commands and information between the bot
avictim (Means
of receiving and sending
master and the zombies) as shown in Fig 13.1.3. For
example, perform denial-of service

attack, send spam. Attacker

(Botmaster)

Zombies

Fig 13.1.3: Botmet

Scanned by CamScanner
 2 Crypt. & Sys. Security (MU-Sem.
6-Comp) 13-6 Software Vulnerabilities

(2) Trojan horse

It is a computer program. Along with some useful code or function, some hidder
malicious code or function is there which may hamper performance of security
mechanisms. Useful information can be stolen by attackers.
(3) Bacterium

Bacterium is pecial kind of virus. Virus is getting attached with different files byt
bacterium does not get attached to a specific file.

(4) Logic bomb

Logic bomb is generally used in DoS (Denial of Service) attacks. When specified
conditions are met it activates malicious program logic. It may damage system resources
greatly.

(5) Time bomb

This gets activated when specified time occurs.

(6) Rabbit

It is a kind of virus / worms that replicates itself without any limits. The intension is to
exhaust resources.

(7) Trapdoor / backdoor

An intruder can enter into the system by bypassing

all security services or mechanisms.
Thus intruder knows the flaws or loopholes in the system
and can get these loopholes to
gain access to the computer.

Syllabus Topic : Viruses and Worms

13.1.4 Virus and Worms

(MU - Dec. 15, Dec. 16)

Q. 13.1.9 Write a brief on - Viruses and.their types. (Ref. sec.
13.1.4) Dec.
15,5 Marks
Q. 13.1.10 What are the different types of viruses and woms? How do they propagate?
(Ref. sec. 13.1.4)
Dec. 16, 10 Marks
Virus and worms are the classes of malicious software which are capable
of replicate itsel
or copy the contents many times or even can
modifies the system settings or data.

Scanned by CamScanner
 Sya..Socurlty (MU-Som. 6-Comp) 13-7 Softwarg Vutnerabilitiss
cYp.&
worm and virus are, virus necds a host prograrmme to
basic differences betwecn
The sprcad itself whercas worm does not need host it propagates independently
propagate or
slowly.
but
spreads or infects system without priory informing the user the actívities like
Virus
deletion of ile,
halting of system ctc. virus can affect system mildly, effecting the
can cause severe like denial of service.
system'ss data or

Almost all
viruses come with some of the eXCcutable files, Whereas worm are standalone
. cnter system by finding loop hole in the system andtake advantage of file
software they
transport fcatures of system.

13.1.4(A) TYpes of Virus

Types of virus

(1) Boot sector viruses

(2) Program Virus

(3) Multipartite vírus

(4) Stealth Virus

(5) Polymorphic Virus

(6) Macro Virus

(7) Active X and Java control

Fig. 13.1.4 : Types of virus

(1) Boot sector iruses

drives. AIl disks or bard serves
like dislects and hard
t nTects the storage media
contain sector and the first
sector is. called as Boot Sector.
load operating
which is used to read and
This boot carries Master Boot Record

system. other
Boot sector also spreads
system
The itself sector while rebooting
virus infect
system.
Computers if same disk is shared to other

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-8 Software Vulnerabilities

(2) Program Virus

A program virüs gets active when program containing these vius gets opened
program.
(.bin, .exe, .ove), once if gets open it starts copying itsclf and infect other

(3) Multipartite virus

It is combination/hybrid of boot sector and program virus.

It infects the program files. When this virus is active it will affect boot sector also
after booting or starting up it will affect other computer also.

(4) Stealth Virus

"Dubbed Brain" the first computer virus was a stealth virus it tries to disguise itself
so that antivirus software may not able to recognize it.

It alters the file size, concealing file's memory and so on.

(5) Polymorphic Virus

acts like a
It keeps on changing it patterns or. signature to get undetected. Usually it
system.
'chamleon'. These are not actual virus, it is a vius which hides actual virus of the

(6) Macro Virus

macro supportive language. These virus
Applications such as MS word, excel sheets has
systems.
infects victim every documents once it get into victims

(7) Active X and Java control

Allweb browser need java control active X enable to function properly.
browser to check for
Awareness is needed about managing and controlling settings of
sounds, since these can invite
enabling or disabling popups, downloading files and
software.
virus which can affect computer by downloading unwanted

13.1.4(B) Types of Computer Worms

1
E-mail worms
message of any infected websites.
It spreads through infected email

2. Instant messaging worms

to contact list of instant messaging application.
It spreads by sending link

Scanned by CamScanner
 Vulnerabilities
Security (MU-Sem. 6-Comp) Softwarg
13-9
Ss.
opt &
worm
Internet
vulnerable, it
network resources which are available and system. If it found
4 scans al access.
advantage and gain
will
take
Chat) worms
(Unternet Relay
IRC
copy of itself through link in infected
k
websites.
places a
I
Network Worms
sharing
copy of itself in a: folder which is sharable and spread via P2P network.
places a
It
Virus and Worm
1814(C)
pifference between
difference between Virus and Worm ? (Ref. sec. 13.1.4(C)
13.1.11 What is the
a
Virus Worms
Feature
Sr
INo.

Stealth virus polymorphic, Email worm, IRC worm, file

1.Types sharing worm etc.
metamorphic etc.
It does not need host it spreads by
2. Mode of Need host program to spread.
itself.
spreading

program that can It is self-replicating spreads

3.What it is ? It is a software
copy itself and infect the data or through a network.

information without the

knowledge.
shock,
4 'Creeper virus first known virus The name originated by the
Inception
wave rider a novel of science
spread through ARPANET in name
fiction in 1975 from where
1970.
is adopted.

as
5. | Prevalence Worm existence is moderate
More than 100, 000 known
compare to virus.
computer virus have been there
through only few have attacked
system.
etc.
Famous melissa, conficker
vius and worm are ILOVE YOUvirus Morris worm,

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-10 Software Vulnerabilities

Syllabus Topic : Malware - Trojans, Rootkits

13.1.5 Targeted Mallclous Code

Q. 13.1.12 Explain different targeted maliclous code. (Ref. sec. 13.1.5)
Q. 13.1.13 Write a short note on targeted malicious code. (Ret. sec. 13.1.5)

This is a computer code which is written to attack a particular system, a particular

application and for a particular purpose.

Example
(1)' Trapdoor / backdoor

An intruder can enter into the system by bypassing all security

services or mechanisms.
Thus intruder knows the flaws or loopholes in the systèm
and can get these loopholes to
gain access to the computer.
Trapdoors are the entry points which are notdocumented
but still inserted during code
development for testing purpose, for future or
extensions for an emergency access if
software fails. These loopsholes are purposely
kept in the system with good intension.
Major sources of Trapdoors / Backdoors
During testing of the systemstubs, drivers are
created. These are temporary functions
which then further replaced by actual functions.
Sometimes some malicious code is
intentionally injected into the system
for testing purpose.
Poor error checking conditions.
Undefined opcodes in hardware processors.
(2) Salami Attack

(MU - Dec. 15, Dec. 16)

Q. 13.1.14 Define the following with
example- Salami Attack.
(Ref. sec. 13.1.5(2)
Dec. 15, 2 Marks
Q.13.1.15 Explain briefly with example,
how the following attacks occur- Salami
(Ref. sec. 13.1.5(2)) Attack.
Dec. 16, 2 Marks
It is series of small attacks which
results in large attack. It works on
roundoff° trick. It is a fraudulent practice "collect and
of stealing money repeatedly. It takes advantage
of rounding operation in financial transactions.
It always rounds down and thus ne
fractions of amount remaiaed will
be transfered into some another account.
transaction will go undetected. Such type Thus he
of attacks can be casily automated.

Scanned by CamScanner
 &Sys, Securlty(MU-Som. 6-Comp)
ftware &
Vutnerabilit OP 13-11
Software Vulnerabilities

Wrlte a short noto on covert

channel.
(Ret.sec.
channel the processCs 13.1.5(3)
Whieh are
not allowed
ialirnation security nolicy can
by
to communicate
comnmunicate and transfer
of attacks are and transfer
tem, vjects. Such types
virtually no data using current the
a particular 13.1,5 shows channel crention.
detectable
by system or
system
ig. administrators.
Protoctod
data --(6orvioo Pgm) Logitimato
[w/Trojan.h.] Usor
|convort channol
or mechanisms. Spy
se loopholes Fig. 13.1.5 : Covert
to channel creation
Trolan
ed during
code
cency access Write a on trojan. (Ref. sec.
if a13.1.17 short note 13.1.5(4)
intension.
bis a computer program. AlOng with SOme
uscful code or function some hidden malicious
sNde or
function is there which may hamper performance
rary functions of security mechanisms. Useful
icious code is information can be stolen by attackers.

) Rootkits

A rootkit is a computer malware program installed by an intruder. Intruder installs it by

avoidingdetection. The purpose is to gain control of the computer system. Basically it is a

kind of Trojan horse malwares. System scan cannot detect it. If system is infected with a
15, Dec. 16)
rotkit, then it becomes very hard to trust infected operating system. The best solution is

some CD-ROM, Pendrive and

,
O Shut down the infected system and boot that system by
2 Marks
clean it.
Attack.
,2 Marks Following are the types of rootkits :
collect and 1. User
Mode activated
advantage are automatically
User privileges. They
1 thus
the mode rootkits can get administrator
can easily removed.
Thus the at system are detectable rootkits and be
startup. These

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-12 Software Vulnerabilities

2. Kernel Mode
Kernel mode rootkits are installed like an OS hence can corrupt the functionality of
complete Os. These Rootkits are very hard to detect. It can be detected only after
Some event,or crash.

3. Firmware
At svstem
Firmware's are dangerous amongst all. Malcode is created insidea firware.
startup this malware will be reinstalled. It is very hard to remove.

(6) Man in the middle attack (MITMMIMA)

two parties without
Attacker relays and sometimes alters the communication between
knowing to communicating parties.
Attacker

:
It is explained as follows
Attacker:
1. Xsends a message to Y, which is intercepted by
your account. Please send account number".
X "Iwant to deposit money in
message to Y; cannot tell it is not really from X.
Y

2. Attacker relays this

it with account number.
3. Yreceives a message from X and responds
012345"".
Y “My account number is
with his
intercepts a message from Y replaces Y's account number
4. Attacker again
and relays this to X, claiming that it is Y's message.
own account nümber

Attacker "My account number is 067891":

gets the account number of Y. Thus X believes that it
1. Xreceives message from Y and
money in that account.
account number and deposits
is Y's
a secure communication.
2. X and Y both think that it is

13.1.6 Controls against Program Threats

sec. 13.1.6)
control measures against proaram threats. (Ref.
Q. 13.1.18Wite different threat. Ca
ways which may give rise to a security
many different
Program can fail by program itself.
during the development of the
must be taken

Scanned by CamScanner
 Secunity (MU-Sem. 6-Comp)
&Ss.
13-13
ot controlling techniques :
Softwaro Vulnorabilities

arethe
fundamental principles of programming
Use of like encapsulation,
modularity and
hiding.
information
most effective. Reviews,
reviews are Walkthrough and
inspection techniques
controlI program threats. can be
Seddto

HAzard
analysis gives systematic approach to identify
potential threats.
can be performed to minimize the
Testing flaws in the system.
It ensures correct
implementation and working of the program.

Good design
makes it easy for development and
Itesting.
Risk prediction :and mangement ensures easy risk management.

Static. analysis examines design and code before release to identify

flaws.
,Configuration management ensures system controling,
modifications during development
and maintenance.

Syllabus Topic : Software Vulnerability - Buffer Overflow

13.2
Buffer Overflow

(MU- Dec. 15)

Q.13.2.1 Wite in brief about: Buffer overflow attack.
(Ref. sec. 13.2) Dec. 15,5 Marks

It is also known as buffer overun. It deviates from a standard, where the process stores

an buffer overruns the buffer's boundary and overwrites adjacent memory locations.

uet overflow can be triggered by inputs that are designed to execute code or alter the way
Pgram operates. Bound check can prevent buffer overflow.
The languages are : C
and C++,
as it
which are commonly associated with buffer overflow
Ovides memory.
no built in protection against accessing or overwriting data in any part of
ffer overflow was intended to hold.
occur when a process tries to store data in buffer then it

Scanned by CamScanner
 Software Vulnerabilities
13-14
? Crypt. & Sys. Security (MU-Sem. 6-Comp)

Types of buffer overflow

1. Stack based buffer overflow

:
When program writes in memory adaress, on program's
occurs. The condition
call stack outside the intended data structure, then stack overflow
on the stack (i.c., is a local variable or a
where Buffer being overwritten is allocatcd
parameter to a function).

2. NOP (No Operation) : It is an assembly language instruction command that effectively

does nothing at all. NOP enables developer to force memory alignment to act as a place
holder to be replaced by active instruction later on in program development. NOP opcode
can be used to form an NOP slide, which allows code to execute when exact value of

instruction pointer is indeterminate. Fig. 13.2.1 shows NOP operation.

Shellcode

nop nop op nop

nop nop nop nop

nopnoprolative ump

Retüm address guess

nopnop nog hop

NOP-Sled
nononEN
nop relative jump

Fig. 13.2.1: NOP operation

3.. Heap buffer overflow : In Buffer overflow, the overflow occurs when an applicadon
copies more data into buffer then the buffer was designed to contain.
The heap space 1S
dynamically allocated by new), malloc), calloc() dynamically allocated
in runtime.

Scanned by CamScanner
 Security (MU--Sem. 6-Comp)
&Sys.
fCYpl 13-15
Software Vulnerabilities
Svllabus Topic :
SoftwareVulnerability
Format String
Format String Attacks
133
ntroductlon

The
format string attacks occur when the submitted
data of an input string
command by particular application. is evaluatcd as
a

. format string attacks attacker execute the code,

In read the stack, or cause a
which segmentation
fault in the running application, compromise the security
breaches of
programs,
system or the

understand this attack it very important to

To understand the following definitions.
omat function is an ANSI C
conversion function, like printf,
fprintf, sprint,
intf etc which converts a primitive variable
of the programming language into a
human-readable string representation.

Table 13.3.1 shows the different format functions.

Table 13.3.1: Format functions

Format function Description

|fprint Writes the printf to a file

printf Displays output of a formatted string

|sprintf Prints data into a string

length
snprintf Prints data into astring and checking its the
and is an ASCI Z string which
tormat string is the argument of the Format Function
Lne
example printf ("This is my roll
contains text and format parameters, for

number : %dn", 0007).

content of its
text This is
my roll number and
Otput on screen the
The example display

Tormat parameters i.e. 0007.

used in a format string attack.
Table
13.3.2 shows list of common parameters

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Software Vulnerabilities
13-16

Table 13.3.2 : Common parameters used in a format string attack

Parameters Output Passed as

%d Decimal number Value

%c. Character

%u Unsigned decimal number Value

Hexadecimal number Value

%s String or words Reference

on Writes the number of characters into a pointer Reference

%% % character (literal) Reference

%p External representation of a pointer to void Reference

The format string parameter, like %d %x %s %c %p

defines the type of conversion of
the format function.
We have demonstrated the following examples on Linux environment by using Linur
cross compiler (gcc) which results how the application can behave when the format
function does not receive the necessary values for validation in the input of format string.
First example shows the application operating with normal behaviour and normal inputs,
then, we will discuss the application operating when the attacker inputs the format string
and the resulting behaviour.

Example 1

#include <stdio.h

void main

int i = 77:
a
char 'a';

printf("The value of int i & char a is : od odn", i. a);

printf("The value of int i & char a is : %c %cln", i, a);

Scanned by CamScanner
 Security (MU-Sem. 6-Comp)
Cypt.&
Ss. 13-17 Software Vulnerabilities

program as example.c and compile

above and run it using
Save
santosh]# gec examplel.c
fplocalhost
santosh]#./a.out
oot@localhost

() the writes value of the

first printf which display
The
integer variable i and of the character variable
(using $d), its ASCII value. On the other hand, the
second print£()
ss int integer variable i to the corresponding ASCII character code.
the

Erample 2 an
programmer passes attacker-controlled buffer as
the argument to a
print£()
Tf the
attacker can perform and writes to arbitrary memory addresses. The following program
an error:
the
antains such
#include <stdio.h>

yoid mainint argc, char** argv)

char buf[100]:
strncpy(buf, argv[1], 100):

printf(bu);

use the format string to determine

AS has a variable number of arguments, it must
pÉint£
he number of arguments. In the
case above, the attacker can pass the string "tp tp tp tp tp
about it has 12
tp ip tp p tp tp" and try to fool the printf statement to think
tp
rguments ?
as shown in
addresses on the stack, thinking they are its arguments
It will print the next 12
tbe output statement.
(root@localhost santosh]# gcc example2.c
%p op op op %p"
@localhost santosh]#/a.out "%p %p %p %p %p %p %p
(oot
(nil) Oxfiifdcc4
Uxfffecee Ox64 Oxf7ec145 Oxfffdbdf Oxffffdbde memory
show program the
strings, making the
The
attacker can pass a sequence of
format possibility that the
attacker increases the
diress where a lot of other data are stored, then, the non-availability.
program and causing its
program will
read an illegal address, crashing the
os %sTos%s");
printf ("%s%sosos%sos%Tos

Scanned by CamScanner
 P Cypt., & Sys, Securlty (MU-Som. 0-Comp)
13-18 Software
Vulnerates
If attacker pass %s into the printf) function which will fetch a number from the stort
Ireat this number as an address, and prints the memory contents pointed
by this addresa .
slring, until a NULL charncter (.e., number 0) is encountered.
In this cse whatever number fetched by the printf
function might not be the address. the
memory displayed by this numbcr might not exist because of such illegal
fetching of mernory
address the program willerash such type of attack is called as formát string attacks

Syllabus Toplc : Cross Sito Scripting

13.4 Cross Slte Scripting

(MU - Dec.
16, Dec. 17)
0. 13.4.1 Explain briefly with exampla, how the Cross-Site scripting attack.
(Ref, sec. 13.4) Dec. 16, Dec. 17,3 Marks
Cross-Site Scripting (XSS) attacks are a type
of injcction, in which malicious scripts are
injected into otherwise benign and trusted websites.
XSS attacks occur when an attacker uses a
web application to send malicious code.
generally in the form of a browser side script, to a different
end user.
Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web
application uses input fromn a user within the output generates
it without validating or
encoding it.
An attacker can use XSS to send a malicious
script to an unsuspecting user The end
user's browser has no way to know that the script should not
be trusted, and will execute
the script.
Because it thinks the script came from a
trusted source, the malicious script can access any
cookies, session tokens, or other sensitive information
retained by the browser and used
with that site. These scripts can even rewrite
the content of the HTML page.
Cross-Site Scripting (XSS) attacks occur
when:
1. Data enters a Web application through an
untrusted source, most frequently a web
request.
2. The data is included in dynamnic content
that is sent to a web user without being
yalidated for malicious content.

The malicious content sent to the web browser

often takes the form of a segment 01
JavaScript, but may also include HTML, Flash, or any
other type of code that the browScl
may execute.

Scanned by CamScanner
 Security (MU-Sem..6-Comp) 13-19 Software Vulnerabilities
cypt.&Ss.
attacks based on XSS is almost limitless, but they commonly
include
variety of
The private data, like cookies or other session information, to the attacker,
transmitting
victim to. web content controlled by the attacker, or performing other
redirecting the
on the user's machine under the guise of
malicious
operations the vulnerable site.
Reflected XSS Attacks
Storedand
1341
generally be categorized into two categories : stored and reflected. There
attacks can
XSS
much less well-known
type of XSS attack called DOM Based XSS.
third,
ša Attacks
Stored XSS
1342
attacks are those where the injected script is permanently stored on the target
Stored
a database, in a message forum, visitor log, comment field, etc.
servers, sSuch as in

retrieves the malicious script from the server when

it requests the stored
victim then
The
is also sometimes referred to
as
Persistent or Type-I XSS.
information. Stored XSS

34.3 Reflected XSS Attacks

server, such as
are where the injected script is reflected off the web
Peflected attacks those
or any other response that includes some or all of the
in an error message, search result,
input sent to the
server as part of the request.
message,
to victims via another route, such as in an e-mail
Reflected attacks are delivered
or on somne other website.
on a malicious link, submitting a specially crafted
-
When a user is tricked into clicking to the vulnerable
to a malicious site, the injected code travels
form, or even just browsing
web site, which reflects the attack
back to the user's browser.
server. Reflected
because it came from a "trusted"
The browser then executes the
code
sometimes referred to as Non-Persistent or Type-II XSS.
XSS is also

134,4 Other Types of XSS Vulnerabilities

was
type of XSS, DOM Based XSS
Reflected XSS. another
addition to Stored and
identified by Amit Klein in 2005.
OWASP Article Types
:

categorization as described in the

OWASP recommends the XSS organizing them into
a matrix

XSS terms,
of Cross-Site Scripting, which covers all these is a
vs. Client XSS, where DOM Based XSS
Dlored vs. Reflected XSS
and Server
subset of Client XSS.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) 13-20 Software Vulnerabilities

13.4.5 XSS Attack Consequences

same regardless of whether it is stored
Ine consequence of an XSS attack is the
at the server
reflected (or DOM Based), The difference is in how the payload arrives
a or "brochure ware" site is not vulnerakl
Do not be fooled into thinking that "read-only"
cause a variety of problecms for the end user thos
to serious reflected XSS attacks. XSS can
account compromise.
range in severity from an annoyance to complete
allowing
most severe XSS attacks involve disclosure of the user's session cookie,
The
over the account.
attacker to hijack the user's session and take
end user files, installation of Troian
Other damaging attacks include the disclosure of
user to some other page or site, or modify presentation
of
horse programs, redirect the

content.
news item could
an attacker to modify a press release or
An XSS vulnerability allowing
consumer confidence.
a company's stock price or lessen
affect
dosage
site could allow an attacker to modify
An XSS vulnerability on pharmaceutical
a

information resulting in an overdose.

Syllabus Topic
: SOQL Injection

13.5 SQL Injection

(MU- Dec. 17)

injection attack
Q. 13.5.1 Explain briefly with example, how the SQL
Dec. 17,3 Marks
(Ref. sec. 13.5)
are inserted into
a source code injection technique in which malicious SOL statements
It is
content.
entry field of database to dump data base
where confidential data is stored.
Attacker targets the database organization
the database server stored in database table by
information from
Its main focus is to get
query.
malicious query since database can be accessible by
sending
the attacker sends is
user enters an additional database via web form,
When legitimate alwajs
same form field. The attackers before proceeding
own command through web
database has any loop is it vulnerable or not.
checks whether organization's

Scanned by CamScanner
 cYpt. & Sys. Socurily (MU-Sem. 6-Comn)
13-21
Software Vulnerabilities
r Steps for SQL Injection
attacker
looks for login pages
The
() HTML commands like POST or
scarch pages or
feedback pages or
GET, pages that display
Atacker checks the source
(2) code of the web page
source. by right click on
web page and view
checks term <form> tag
(3) It everything
vulnerabilities, insides <form> tag
getting </form >have potential of

puts single quote

The attacker
under the text which accepts username
response is an error message
such as "a" =
'a' (something like) then and password.
If.
uses SQL command
Attacker than website is vulnerable.
(5)
such as SELECT to
t0 add information to database. retrieve data or INSERT
command

r Benefits for attacker using

SQL injection
) Obtain basic information about
website or organization.
(2) May gain access to
database by dbtaining username,
FROM command where password from SELECT
command. ommand
3) Can add new data to the database
by executing INSERT command.
(4) Can modify
data in the database by UPDATE command.

Prevention from SQL Injection

SQL injection attacks happen because poor
of website coding and poor administration
website of

Step which can prevent SQL injection

(1) Replace all single quotes to two single quotes.
(2) Check the user input of any character and string
that should not be malicious.
(3) Numeric value should also be checked.
(4) If there is SQL error it should be modified immediately but not be displayed to outsiders.
(5) SQL server 2000 which is a default server should never be used.
(6) Both database server and web server be reside in different machine.

Chapter End..

Scanned by CamScanner
Lab Manual

Scanned by CamScanner
 List of Experiments Experim
Imple
: RSAL
Alm

Experiment 1 : Implementation and analysis of RSA cryptosystem 0bjective

and Digital signature scheme using RSA/EGamal
..L-1 The ob
A Experiment 2: Implementation of Diffie Hellman key exchange algorithm..L6 programmin

A Experiment 3: For varying message sizes, test integrity of message using encryption

MD-5, SHA-1, and analyse the performance of the two Solution:

protocols. Use crypt APls. L-9
algori
The
Experiment 3(a): Write program in Java to implement MD5 algorithm
Select
for key generation and cipher verification. .L-9 L
Calcu
Experiment 3(b) : Write a programn in Java to implement SHA-1 algorithm 2
using Libraries (API). .L-22 3. Calc
:
-
Study of packet sniffer tools wireshark.
....L-25 4. Selec
Experiment 4
tcp,
Experiment 4(a) : Download and install wireshark and capture icmp, 5. Calc
.L-25
and http packets in promiscuous mode. 6. Pub
on
Experinent 4(b): Explore how the packets can be traced based 1. Fin
..L-33
different filters. C
options
Experiment 5 : Download and install nmap. Use it with different C:
a ping
toscan open ports, perform OS fingerprinting, do 8. P:
.L40
scan, xmasS Scan etC..
Scan, tcp port scan, udp port W

hping3 andother tools..L41

Experiment 6 :. Simulate DOS attack using Hping, .L-47 B
Experiment 6(a) : DoS using hping3. encry
detection using Intrusion Detection System...U
Experiment 6(b) : DoS attack .L-53 Use

using iptables..
Experiment 7: Setting up personal Firewall ..L-60

Experiment 8: Set up Snort and study the logs...

Scanned by CamScanner
 using Java along know

scheme
in keys <o(n).
must
or
private
C++
signature
<e sender

in and and programs

algorithm
size. the
Digital public
=l Block formula.
addition,

Experiments
o(n))

generate
and RSA 1. java
= d'.
cryptosystem
(e, =
n given
gcd o(n)
and
In key the
mplement
can n.
decryption running
i.e. mod key the
we a#b. of
n) Encryption using
value
agorinm ed
RSA

is
where
to or n). obtain and
prime o(n)
know
of assignment {d, formula,
the
of b
compilation

analysis
KSA (b-1).
mod = = know
List and relatively
key e be must
P<nand
follows
a Plaintext, can
Using d=e the
key. numbeS private

this. *
PlaintextP key. receiver receiver

and using
decryption 1)
is
mplementation
Gamal.
language. as (a- e
that
where,
decryption
for
of workS
*b that,
n), ciphertext = version
1 prime such P and
= and
Experiment abiective
a (e, C=Ciphertext,

RSA/El = (n) such n n.

=
aming
and
algorithm
two n
Calculate
of
Calculate key
C=Pmod mod
=
sender 'e' java.math.";

Calculate
key latest
objective
ypion
e out d java.io.*;
:
Solution
Select
Select Public Where,
jg: Find
P=C
DOth
ption
JDK
The
1
1 3 4 aiport Rport
5 !
1.
5.
algorithm...L-6

L-22
L-25
L-25 L-33
... L40 L47 .L-47
L50 .L53 .L-60
using **... ........

'stem isage
twO

thm
orithm

ions
..
Dols.
mal the tcp, ing
ge

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Som.,6-Comp)
L-2
public class Sample LabManual
{

public static long p, q, n, phi, m, d, e, enc, dec;

enc=x%
public static long GCD(Qong phi) ene
retum
{
}
public sta
long a, c, b;

longy,
ter
for(long i=4; i<phi; it+) Biglntege
{

a=i; b=phi; c=b;

while(b!=0) ty
{
{
for{long i
c=b;
b=a%b;
i(Ge)
a=c;

if(a==1)
{

e=i;
i=phi; Biglntege
Biglntege=

retum e;

public static long Encryption(long n,

long phi, long m)

catch(Exx
long x=m, y=m;

Syetem.0
e=GCD(phi);
Teturn
ob
lor(long a=0;a<e-l;a+).

Scanned by CamScanner
 (MU-Sem. 6-Compl
cMot. & Sys. Security L-3
A Lab Manui

x=x*y:

ene=x on;
return
enc;

Biglnteger Decryption(long e, long enc,

public statie long n, long phi)

Jong y,
temp=phi+l,x;
Biglnteger object2=null;

for(long i=l;i<phi; i+ +)

e)%phi) ==l)

d=i;
i=phi;
}

liglnteger objectl=new Biglnteger(Long,toString(enc));

iglnteger object3=new Biginteger(Long.toString(n):

objectl =objectl.pow(int)d);
object2=objectl.mod(object3):

steh(Exceptiòn exception)

Fstem.out.print("n Exception In DEC:"+ exception):

tum object2;

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) L-4 Lab Manua

public static void main(String args)

try.
{

DatalnputStream in=new DatalnputStream(System.in);

:
System.out.print("n Enter First Prime No ":
p=Integer.parselnt(in.readLine):
System.out.print("n Enter Second Prime No::
q=Integer.parselnt(in.readLine);

System,out,print("n Please Enter Message Between (0 to 32):;

m=Integer:parselnt(in.readLine)):
n=p*g
phi=(p-l)*(g-l);

ene=Encryption(n,phi,m):
System.out.print("n Enerypt. :"+e);
KEY

System.out.print("n Encrypted DTA :"+ enc);

Biglnteger Result=new Biglnteger("123");

Result=Decryption(e,ene, n,phi);

System.out.print("n Decrypt. KEY:M d);

System.out.print(n Decrypted DATA

"+ Result.toštring0};

catch(Exception exception)

System.out.print("n Exception In Main: " + exception);

}

name should be sau

Save above program with program name as RSA,java (In java class

iprogram name).

Scanned by CamScanner
 6-Comp)
Sys. Secury (MO-Sem. L-5
A cot.
&
Lab Manui

Output
Files (x86)Vavaljdk1.7.0 25\bin>javac RSA
C:Program

display note but students

can run it
ill
(x86)Vavaljdk] 17.0 25\bin> Java RSA
CPogram Files

13
Enter First Prime No:

Enter Second Prime

No : 11

Dlease Enter Message Between (0 to 32):13

Encrypt. KEY: 7
: 117
Encrypled DATA

Decrypt. KEY:103
Decrypted DATA: 13

Try out another example:

Clprogramfiles\jdkl.6\bin >java RSA

Enter First Prime

No:3
Enter Second Prime No :7

Please Enter Message Between

(0 to 32):ll

Enerypt. KEY:5
Encrypted DATA:2
Decrypt. KEY
:5
Decrypted DATA : 11

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem.
6-Comp) L-6
LabManual

Experiment 2 : Implementation of Diffie Hellman key exchange algorith

Aim: Our aimn is program
write a
in Java to implement Diffie Hellman key
exchange
algorithm.
Objective
Diffie Hellman algorithm is used to generate same (symmetric) private cryptographic key
at sender as well as receiver end so that there is no need to transter this key from sender ,.
receiver. Remember that Diffie Hellman algorithm is used only for key agreement not f.
encryption or decryption of message. If sender and receiver want to communicate with t
other they first agree on the same key generated by Diffie Hellman Algorithm later on thes
use this key for encryption or decryption.
Solution:
Following the important steps of Diffie Hellman algorithm : CASH MEN
1. The first step is that if Rameshwants to communicate with Suresh they must agree on two
large prime numbers p andq.
Aw
Deobai
2
Ramesh selects another secret large random integer number a, and calculateR such that N
Market,
q

R= md P No.
3 Ramesh sends this R to suresh. Ms.

4. Suresh independently selects another secret large random integer numberb, and calculate Qty.

S such that.

S =
a
mod P
5, Suresh sends the number S to Ramesh.
6. Now Ramesh is calculating his secret key by using R=s mod P

Suresh is calculating his secret key by using

S
7.

Sx = R° mod P
as
= Ramesh and Suresh can agree for future communication
called k
8. If Rr Sy then
agreement algorithm.
proved. (K is called symmetric key).
9. We have Ry = Sx =Khence
Th
import java.util.*; Goods
onc
TIming:
java.math.Biglnteger; 1C
import
{
public class DiffieHellman
one new Biglnteger("1);
final static Biglnteger

Scanned by CamScanner
 Security (MU-Sem. 6-Comp) L-7 Lab Manu
Sys.
WCopt.&
main(String arg•|) {
static voidI
publie
= new
Scanner stdin
Seanner(System.in);

Biglnteger P:

System.out.pprintln("Enterr
the first prime nunber p of your choice");

Sring ans= stdin.next):

getNextPrime(ans);
p=
System.out.println("Enter. another prime
number q):
Biglnteger g = new Biglnteger(stdin.next():
System.out.println( "Ramesh: select your secret
number a."):
Biglnteger a = new Bignteger(stdin.next);
Biglntegerresulta =g.modPow(a,p);
Svstem.out.println("Ramèsh can sends the value of to
R Suresh "+resulta +"":
System.out.println('Suresh select your your secret number
b;
Biglnteger b = new Biglnteger(stdin.next);
Bigintegerresultb = g.modPow(h,p):
System.out.println('Suresh now sends value of S to Ramesh "+resultb+""):
# Now caleulate secret key of Ranesh & Suresh Rk&Sk
BiglntegerKeyACalculates = resultb.modPow(a,p):

BigintegerKeyBCalculates = resulta.modPow(b,p);

System.out.println("Ramesh takes "+resultb+" raise to mod

p"+a+" mod "+p);
Systen.out,println ("The Secret key Rk Ramesh calculates is "+KeyACalculates
+"):.
System.out.println("Suresh takes "+resulta +" raises to mod
p"+b+" mod "+p);
System.out.println ("The secret Key Sk Suresh calculates is "+KeyBCalculates+".");

publie státic BigintegergetNextPrime(String ans)

Biginteger test = new Biglnteger(ans);

while (ltest.isProbablePrime(99))

test = test.add(one):
retum test;

Scanned by CamScanner
 Cypt
J

Crypt. & Sys. Security (MU-Sem. 6-Comp) EXpe

L-8 Lab Manual

Save above program by using DiffieHellman.java in JDK bin directory or set path before
Compilation. Now compile the program using javac DiffieHellman.java and run using java
DiffieHellman Expe

Output
CAProgram Files (a86)\Javaljdkl:7.0 25\bin>java DiffielHellman
Aim:Q
Enter the first prime number pof yourchoicel7 Objecti
Enter another prime number inq7
It
Ramesh: select your secrt number a.5 128- b
Ramesh can sends the value of R to Suresh 11, algorith
messag
Suresh select youryour secret mumber b3
Soluti
Suresh now sends value of S to Ramesh 3.

Ramesh takes 3 raise to the power 5 mòd 17 R

Follo
The Secret key Rk Ramesh calculates is 5.
impom
Suresh takes 1l raises to the power 3 mod 17
impo
The secret Key Sk Suresh calculates is 5.
impo

imp

C:\Program Files (*86)Uavaljdk1.7.0_25\bin>java DiffieHellman

Enter the first prime number p of your choicel7 im

im
Enter another prime number in qll
Ramesh: select your secret number a.5

Ramesh can sends the value of R to Suresh 10.

Suresh select youryour secret number b3

Suresh now sends value of S to Ramesh 5.

Ramesh takes 5 raise to the power 5 mod 17

is 14.
The Secret key Rk Ramesh calculates
power 3 mod 17
Suresh takes 10 raises to the
calculates is 14.
The secret Key Sk Suresh

Scanned by CamScanner
 Secuiy
(MU-Sem, 6-o, L-9 Lab Manual
covpt. & SYs.

Experiment 3 :
For varying message sizes, test integrity of message using
MD-5, SHA-1, and analyse the performance of the two
protocols. Use crypt APIs.
program in Java to implement MD5 algorithmfor key
Experiment 3(a) : Write
generation and cipher verification,
program to implement MD5 algorithm for key generation and
Our aim
is to write java
Aim : cipher verification.

0bjective
Ron This algorithm takes an input of arbitrary length and
Rivest.
was developed by - bit
produced. The input message is producéd in 512
It blocks. This
- message digest is
128- bit - message digest is produced. The input
an input of arbitrary length and 128 bit
algorithm takes
-
512 - bit blocks. Following steps explains the procedure of MD5.
messagee is produced in
i
Solution :
algorithm.
Refer Chapter 6 for complete steps of MD5
Following Program Demonstrate the MD5 algorithm in details
import
java.io.ByteArraylnputStream;

import java.io.File;

inport java.io.FilelnputStream;

import java.io.IOException;

import java.io.InputStream;
import java.io.PrintStream;

impont java.io.UnsupportedEncodingException;

public class Md5

private static final int BUFFER SIZE = 4096;

private static final int Sll =7;

private static final int S12 = 12;
private static final int S13 = 17:
private static final int S14 = 22;.
private static final int $21 = 5;
Phvate static final int S22 =9;

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) L-10 Lab Manual
private static final int S23= 14;
for
private static final int S24 = 20;
private statie final int S3] = 4;
private static final int $32= ll: int

private static final int S33 = 16: in

private static final int S34 = 23;
ab
private static final int S41 = 6;
sb
private statie final int S42 = l0;
private static final int S43 = 15;
private static final int S44 = 21; re

private static byte padding

I(byte) Ox80, (byte) 0, (byte) 0, (byte) 0, (byte) O, (byte) 0,

(byte) 0, (byte) 0, (byte) 0. (byte) 0, (byte) 0, (byte) O,
(byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0,
(byte) 0, (byte) 0,
0, (byte) 0, (bytej 0, (byle)
(byte) O,

(byte) 0, (byte) 0, (byte) 0, (bytej 0, (byte) O, (byte) 0,

(byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0,
(byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte0,
(bytej 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0,
(byte) O, (byte) 0, (byte) O, (byte) 0, (byte) 0, (byie) 0,
(byte) 0, (byte) 0, (byte) 0, (byte) 0,(byte) 0,
(bye) 0,
(byte) 0. (byte) 0, (byte) 0, (byte) 0 }

private InputStream in = null;

private booleanstringp = false;
private int state] null;
private long count 0:
private byte buffer] = null;
private byte digest[] = null;

private static String stringify(byte bufl])

StringBuffersb = new StringBuffer(2 *buflength):

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp) L-11
Cypt. & Lab Manual
LabManual i
<buf.length: i-++)
or(int i
= 0; i
Oxt0) >>4:
(bul[i] &
h (bulJ &
OxOn:
intl=

sh.ppend(new Character((char) ((h

> 9) ?
'a +h- 10:'0 +
h)):
sb.append(new Character((char) (l >9)?'- +1-10:'0+ 1)):

sb.toString0:
retum

x, int y, int z)
nivate final int F(int

retum ((x & y) | (-x) & )):

x, int y, int z)
private final int G(int

return (x & z) | (y & ();

y, z)
private final int H(int x, int int

reburn
(x^y ^z);

private final int I(int x, int

y. int z)

retuin (y ^ (x| (~));

x, int n)
private final introtate left(int

Scanned by CamScanner
 Cypt: & Sys. Secuity (MU-Sem. 6-Comp) L-12 Lab Manua

returin (x <<n) (x>>> (32 - n);

private final int FF(int a, int b, int c, int d, int

x, int s, int ac)

a += (F(b, c, d) + x + ac);

a= rotate left(a, s);

a t= b:
a
retum

private final int GG(int a,

int b, int c, int d, int x, int s,
int ac)

a t= (G(b, c, d) + * t ac);
a=rotate left(a, s);
a
t= b;

retuim a;

private final int HH(int a, int b, int c, int d, int x, int s, int ac)

at (Hb, c, d) + x +ac);
a= rotate left(a, s);

a t= b;
return a;

private final int II(int a, int b, int c, int d, int x, int s, int ac)

a t= (Ib, c, d) + x + ac);
a= otate left(a,
le s):
a t= b;

retum a;

Scanned by CamScanner
LabManual A cypt. &
SYS.
Seouy(MU-Sem. 6-Comn) L-13
Lab Manual

void decode(int output[],1 byte inputl),

private final
int off, intlen)

inti=0:
= 0:
t
er (6j <len; it+.j += )

tputi] (int) (input[oft + j] & Oxf)

I((int) (input[off + j + 1] & Oxín)

<<8)
|((int) (input [off + j+ 2]& Oxff) << 16)
I(int) (input[off +j+ 3] & 0xfn) << 24);

privste final void transform(byte block], int offset)

int a = state[0}:
int b = state[l];
int c = state[2|;
int d = state(3]:
int x] = new ini[16};

decode(x, block, offset, 64);

Roundi */

0xd76aa478); /% 1 */
a=FF(a, b, c, d, x[O], S11,
2
d= FFd, a, b, e, x[1], S12, Oxe&c7b756);/*
Ox242070db);/* 3 */
C= FFe, d, a, b, x[ S13,
2],

Oxclbdceee): /*4 */
b= FF(b, c, d, a, x[3], S14,
x[ 4),S11, Oxf57c0faf); /* 5 */
a FF(a, b, e, d,
Ox4787c62a),;/"6*/
FF(d, a, b, c, x[ 5], S12,
d=
a, S13, Oxa8304613);/*7 /
C= FF(e, d, b, x[6],
S14,
Oxfd469501); /"8
c,
d, a, x{ 7],
lb=FF(b,

Scanned by CamScanner
 Crypt. & Sys.
Security (MU-Sem.
6-Comp)
L-14
a= FF(a, b,c, d, x{
81, SI1, 0x698098d8); LabManual
d= FF(d, a, b, c, x[9], S12, /*9 */
0x8b4417af):
c= FF(c, d, a, b, / 10 */
x[l0], S13, Oxffff5bbl);
/* 11*/
b= FF(b, c, d, a, x[l1], S14,
Ox895c7be); /*
a= FF(a, b, c, d, x[12], 12 */
S1l, Ox6lb901122); /*
13 */
d= FF(d, a, b, c, x[13], S12, Oxfd987193):
c= FF(c. d, a, b, x[14], S13, /* 14 */
Oxa679438e); /*
b= FF(b, c, d, a,x[15], S14, Ox49b40821): 15 */
/* 16 */

* Round 2 */
a = GG(a, b, c, d. x{
1], S21, 0xf6le2562);
/* 17 */
d= GG(d, a, b, c, x 6], S22, 0xe040b340);
/* 18 */
e= GG(c, d, a, b, x{ll], S23, Ox265e5a51); /* 19
b= GG(b, c, d, a, x[ O], S24,0xe9b6cTaa);
GG(a, b, c, d, x{ 5],
/* 20*/
$21, 0xd62f105d); /* 21
d=GG(d, a, b, e, x{10], S22, 0x2441453);
c= GG{c, a, /* 22 /
d, b, x{15], S23, Oxd8ale681);
/* 23 *
b= GG(b, c, d, a, x[ 4], S24, Oxe7d3fbc8);/ 24
a= GG(a, b, c, d, x{ 91, S21, 0x21elcde6); */
/*25*/
d= GG(d, a, b, c, x{14], S22, Oxc33707d6);
c= GG{e, /* 26 */
d, a, b, x{ 3], S23, Oxf4d50d87);
27 )
b= GG(b, c, d, a, x[81, S24, Ox455al4ed);
a= GG(a, b, c, d,x{13], S21, Oxa9e3e905); /*28*
*/ /* 29
d= GG(d, a, b, c, x[ 21, S22, Oxfcefa3f8);
30 *
c= GG(c, d, a, b, x[ 7],
$23, Ox676f02d9); 31 *7
b= GG(b, c, d, a, x[12], S24, Ox8d2a4c8a);
/* 32*

8 Round3*)
a = HH{a, b, c, d,
x[ 5], S31, 0xffa3942): /%
33 */
d= HH(d, a, b, c, x{ 8], S32, 0Ox8771f681l);
/*34 */
c= HH(c, d, a, b, x[l1], S33, Oxód9d6122):
/* 35 *|
b= HH(b, c, d, a, x[14|, S34, 0xfde5380c); /* 36
*/
a= HH(a, b, e, d, x{ 1), S31, Oxatbeea44);
/* 37 *)
d= HH(d, a, b, c, x{ 41, S32, Ox4bdecfa9); /* 38 *)

Scanned by CamScanner
LabManual & Sys. Security (MU-Sem. 6-Comp)
fcypt. L-15
HH(c, d, a, b, x( 7], S33,,Oxfbb4b60): Lab Manual
HH , c, d. a,
/*39
xl0), S34, Oxbebfbc70): /* 40 )
. HH(a, b, c, d, x|13|. S81, Ox289b7ec6);
/* 41 /
a, c,
-HHd, b, x[ 0J, $32, Oxeaal27fa); /* 42 */
HHC, d, a, b, x[ 3], S33, Oxd4ef3085):
/*43 */
c, a,
b= HH(b, d, x6J, S34, 0x4881d05); /* 44 */
,= HH(4. b, c, d, x[ 9), S31, Oxd9d4d039): /* 45 %/
d= HH(d., a, b, c, x[12), S32, 0xe6db99e5): /* 46 *|
e= HH(e, d, a, b, x|15]. S33, Oxlfa27cf8): /* 47
/
þ= HHb, c, d, a, x[ 2, S34, Oxc4ac5665); /* 48 */

Round 4
*/
a= II(a, b, c, d, x[ O], S41, Oxf4292244); /%
49 */
d= Id, a, b, c, x[ 7], S42, Ox432aff97);
/* 50 /
C= Ic, d, a, b, x[14), S43, Oxab9423a7); /* 51 */
b= II(b, c, d, a, x[ 5], S44, Oxfe93a039); /* 52*/
a= II{a, b, c, d, x[12], S41, Ox655b59c3);
/* 53 */
d= II(d, a, b, c, x[ 3], S42, Ox8fOccc92); /*
54*/
c= IIe, d, a, b, x[10], S43, Oxffeff47d);
/* 55 */
b= I(b, c, d, a, x{ 1), S44, Ox85845ddl); /* */
56
a= II(a, b, c, d, x[ 81, S41, Oxófa87e4):/*
57 */
d=IIfd, a, b, c, x[15], S42, Oxfe2cebe0);
/* 58 */
c= II(c, d, a, b, xf6], $43, Oxa3014314); /* 59 */
b= II(b, c, d, a, x{13], S44, Ox4e081lal);
a= IIa, b, c, d, x[ 4], S41, Oxf7537e82); /*60/
/%61*/
a,
d= II(d, b, x[l I], S42, Oxbd3af235);/* 62 */
c,
e= II(c, d, a, b, x 21, S43, Ox2ad7d2bb); T
63 */
b= II(b, c, d, a, x{ 9), S44, Oxeb86d391); /* 64 */

state(0] + = aj
slate[1] += b;
state[2 += c;
slate|3] += d;

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
L-16
LabManual

private final void update(byte upda

nput[], intlen)
{ retur

int index= (int) count > > }

3)) & 0x3f;

count +
(len<< 3);
int partLen = 64- index;
int i = 0; prik

if (len>= partLen) byt

{ int
System.arraycopy(input, 0, buffer, index,
partLen); int
transform(buffer, 0);
for (i = partLen; i + 63 <len;i fo:
t= 64)
transforn (input, i);
index = 0;

else

i=0;

System.arraycopy(input, i, buffer, index, len

-i);

private byte] end)

{

byte bits[l= new byte[8];

for (int i= 0;i < 8; i++)

bits[i] (byte) ((count >>> (i * 8) &
Oxf):

int index = (int) (count >>3)) & Ox3f;

intpadlen= (index < 56) ? (56- index) : (120 - index):

update(padding, padlen);

Scanned by CamScanner
 & Sys. Security (MU-Sem. 6-Comp)
LabManual Cypt. L-17
Lab Manual
bdate(bits, 8):
encode(state, l6):
eturn

Encode the content.state array into l6

bytes array
/

rivate bytel encode(int input), intlen)

byte output=nèw byte[len):

int
i=0;
intj = 0;

it+,j +=
4)
for
(5j <len;

& 0xff):
outputj] (yte) (input[])
wutputlj + 1]= (byte) (input[i] >>8) &
Ox);
outputi + 21 = (byte) (inputfi] >> 16) & 0xf):
atputj +.3] = (byte) (input[i] >> 24) & Oxff);

retun output;

*Get the digest for our input strèami

This method constructs the input stream diges, and return it, as a
a String, following the MD5 (fe1321) algorithm,.

@return An instance of String, giving the message digest.

was unable to read the
@exception IOException Thrown if the digestifier

input stream.

public bytel getDigest().

hrowsIOException

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp)
L-18
gages Lab Man
byte bufferl] = new byte[BUFFER_SIZEJ:
int got =
-l;

if (digest != null)
return digest;
while ((got = in.read(buffer)) > 0)
update(buffer, got);
this.digest end):
return digest;

* Get the digest, for this string digestifier.

*This method doesn't throw any IOException,
since it knows that the
*underlying stream ws
built from a String.

public byte] processString)

if (stringp)
throw new RuntimeException
(this.get Class()-getName)
+ "processString]"
+ " not a string.");
try

returmgetDigest);
}catch ([OException ex)
f

throw new RuntimeException

(this.getClass)-getName)
+ "processString]"
+": implementation error.");

Scanned by CamScanner
 Security(MU-Sem. 6-Comp) L-19 Lab Manual
fCoypt. &. Sys.

as a proper string.
Get the digest,
*

getStringDigest)
publie.String

= null)
if(digest
w new RuntimeExceplion (this.getClass()-getName(0
+ "IgetStringDigest"
+": called before processing."):
stringify(diges);
return

* Construct a digestifier for the given string.

*@param input The string to be digestified.

* @param encoding the encoding name used (such as UTF8)

public Md5 (String input, String ene)

{

byte
bytes[=null;

try

bytes = input.getBytes(enc);
} catch (UnsupportedEncodingException
e)

throw new RuntimeException("no" + enc

+" encoding!!!");

this.stringp = true;

this.in = new ByteArraylnputStream (bytes);

this.state= new int(4]:
this.buffet = new byte[64]:
this,count =0;

Scanned by CamScanner
 Cypt. &
Sys. Security (MU-Sem. 6-Comp)
L-20
Lab Manual
state[(0] = 0x67452301;
state[1] = Oxefcdab89;
state[2] = Ox98badcfe:
state[3] = Ox10325476;

*Construct a digestifier for the given string.

*@param input The string to be digestified.

public Md5 (String input)

{

this(input, "UTF8");

/**
* Construct a digestifier for
the given input stream.
* @param in The
input stream to be digestified.

public Mds (InputStream in)

{

this.stringp = false;
this.in = in;
this.state = new int[4];
this. buffer new byte[64]:
this.count = 0;
state[0] = Ox67452301;
state(1] = Oxefedab89;
state[2] = Ox98badcfe;
state[3] = Ox10325476;

Scanned by CamScanner
 Sys. Security (MU-Sem.
(
6-Comp) L-21
rCOpt &
Lab Manual roidimain(String args) Lab Manual

gsOEeeption

Alengthh != 1)

ast.out.println"Md5 <file>):

isteexi(l);

new Md5 (new FilelnputStream(new File{args[O));

Md5 md5

se H] = md5.getDigest (0:

Seem.out.println(stringify(b):

Core above program with program name

Md5.java into the JDK bin directory and compile
it usingjavac Md5.java and execute using java Mds bl.txt.
To get correct output please create one
text file (Give any name to that text file here we
have created one text file
bl.txt) as an input to MDS algorithm.
Output

lo get correct output please create one text file (Give any name
to that text file here I have created one text
ile bl.txi text provide in bl.txt is Cryptography as an input to MD5
& System Security)
algorithm .

C:Pngram Files (x86)Uavaljdkl:7.0-25\bin>javaç Mä5,java

Cngram Files (x86) Javaljdkl.7.0_25\bin>javaMds bl.txt

036302dea5126270864653563f66198a

&
System Security
&
produce the digest as
the text Cryptography
encrypt

(36302dca512627086453563f66198a

alrogram Files (x86) Javajdkl.7.0 25\bin>

Scanned by CamScanner
 Crypt. & Sys. Security
(MU-Sem. 6-Comp) L-22
Experiment 3(b): tHanual Lab
Write program
a
in Java to implement SHA-1
using Libraries (API). algorithm
b
Objective
Aim of this assignment
is to implement Secure
Refer Chapter 6 for theory
Hash Algorithm - 1
using Librarie (ADr
of SHA-I
Solution:
import javax.crypto.*;
import javà.io.*:
import java.security.*;
public-class SHA

public static String Getdata)

String Message=null;
try

DatalnputStream in=new DatalnputStream(System.in);

System.out.print("n Please Enter One
Message:):
Message=in.readLine);

catch(Exception exception)

return Message;
}

public static String Compute(String

Message,Key key)

bytel] digest=new byte[512}:

String store=null;
try

MessageDigest digestl=MessageDigest.getinstance("'SHA-1"):

digestl.update(Message.getBytes0);

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
Cp. & L-23
Lab Manual
Lab Manual i valuedigest1.digest0;
biell
A-1 Mac mac=Mac.getlnstance("HmacMD5"):
algorithm
escinil(key);
pac.update(value):

ibrarie (nac.ddoFinal):
(API).
SringBuller
- buffer=new StringBuffer():
+ +)
siat i=0;í<digest.length;i

Oxff:
int valuel
=digest[i] &

ialuel< 1l6)
{

buffer.append(0);

buller.append([nteger.toHexString(valuel);

store =buffer.toString);

catch(Exception exception)

+.
System.out.print("n Exception :" exception);

retum stores
}

public static void main(String args)

String Message,holderl,holder2;

try

generator=KeyGenerator.getinstance('AES");
KeyGenerator

generator.init(128);
SecretKey
key=generator.generateKey0;
Message=Getdata):
=Compute(Message,key);
bolderl +"1);:
Digestl : [" holderl
System.out.print(n Message

Scanned by CamScanner
 | Crypt. & Sys. Security
(MU-Sem. 6-Comp)
L-24 Lab Manual
Message = Getdata0:
holder2=Compute(Message,key}:
System.out.print("n Message Digest2 :

if(holderl.equals(holder2)
"+ holder2 +
"J:
{

System.out.print(n Message Is Same .."):

else

System.out.print("n Message Is Not Same ."):

catch(Exception exception)
{

System.out.print("n Exception In Main:"+ exception);

Save above program with the program name SHA.java,

Compile it using javac SHAjava
and run it using java SHA

Output
C:Program Files (x86)UavaljdkI.7.0 25\bin>javac
SHA.java
It will two note but students can run
it

C:Program Files (x86)Javaljdkl.7.0_25\bin>java

SHA

Please Enter One Message : Cyber Crime & Security

Message Digestl : felb06lca3fcó017ob18799dalffb006fn

Please Enter One Message : Cyber Crime and Security

Message Digest2: b346499838f2ad69e5473d507ae90a721

Scanned by CamScanner
 (MU-Sem. 6-Comp)
Sys. Security L-25
Lab Manual
Ferzt &
Same..
Not
Lab Manual
els
same message
Runit again
with

gle & i
(x86)Uavajdkl.7.0
I _25bin> javac SHA.java
Aaram
Flles

Files
(x86)Javaljdkl.7.0_ _25\bin>java SHA
fgram

Message : Cyber Crime

&
Security
Enter One
Fsse

Digestl : elbO6lca3fc6017ob18799dallfMb0061]
fsge

Enter One Message : Cyber Crime &

Security
Pese

Jessage
Digest2 : felb06lca3fc6017obl8799dalbO06)

Msge Is Same.
Keen in mind that for every old/new
message SHA-1 always generates new message

gest
c SHA.java -
Study of packet sniffer tools wireshark
:

4
Experiment
wireshark and capture icmp, tep, and
Experiment 4(a) : Download and install
mode.
http packets in promiscuous sure that packet
a packet analyzer & capture the network traffic. Make
Aim : To install networks, it cannot detect
captures the live packets from different
analyzer only was done by using intrusion
malicious or not. This detection
whether the packet is Students can
IDS in experiment number 9. The
discuss
detection system (IDS), will Wireshark as it is freely
available
have selected
Select any packet analyzer tool hereI
on Internet.

Oljective capture
analyzer will try to
analyzer. A network packet think of
Wreshark is a network
packet
detailed as possible. You could
data as on inside a
tries to display that packet examine what's going
A packets and
measuring device used to what's going
on inside
anetwork as a examine
packet analyzer an electrician to
Atwork voltmeter is used by
cable, Just likea

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Lab Manual
L-26

an electrIC cable (but at a higher level, of coursc). In the past, such tools were cither very

expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.
:
Solution
A brief history of WIreshark
In late 1997, Gerald Combs needed a tool for tracking down
networking problems and
former name of
wanted to learn more about networking, so he started writing Ethercal (the
the Wireshark project) as a way to solve both problems.
Ethereal was initially released, after several
pauses in development, in July 1998 as

version .2.0.Within days, patches, bug reports, and words of

encouragement started

ariving, so Ethereal was on its way to success.

a
Not long after that, Gilbert Ramirez saw its potential and contributed low-level dissector
to it.
In October, 1998, Guy Haris of Network Appliance was looking for something better
than tcp view, so he started applying patches and contributing dissectors to Ethereal.

In late 1998, Richard Sharpe, who was giving TCPIP courses, saw its potential on such
courses, and started looking at it to see if it supported the protocòls he needed. While it
didn't at that point, new protocols could be easily added. So he started contributing
dissectors and contributing patches.

The list of people who have contributed to the project has become very long since then,
and almost all of them started with a protocol that they needed that Wireshark or Ethereal
did not already handle. So they copied an existing dissector and contributed the code back
to the team.

In 2006 the project moved house and re-emerged under a new name: Wireshark.

In 2008, after ten years of development, Wireshark finally arrived at version 1.0. This
release was the first deemed complete, with the minimum features implemented. Its
release coincided with the first Wireshark Developer and User Conference, called
SharkFest.

Some intended purposes of Wireshark

Network administrators use it to troubleshoot network problems.

Network security engineers use it to examine security problems,

Developers use it to debug protocol implementations.

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
L-27
fCypt. &
Lab Manual
useittto learn network protocol internals.
Lab Manual People
Beside these
examples, Wireshark can be
ols were helpful in many
either very other situations
too.
all that has
changed. Fastures
today.
are, some of the many features Wireshark
following provides
e :
Available UNIX and Windows,

Capture live packet data from a

network interface.
ing problems
e former nameand
of
Display
packets with very detailed protocol information.

Open and|Save packet data captured.

inJuly 1998 as and Export packet data from and to
Importt a
lot of other capture programs.
agement started
Eilter packets on many criteria.

-level dissector Search for packets on many criteria.

Colorize packet display based on filters.

nething better Create various statistics.
hereal.
Wireshark Main Window
ntial on such 1.8)1
Wareshark 1,6
1
(SVN Rev 39096 frem runk
B e
Weshrk tetwork Analyzer
Ced.
While it
contributing Expreon.. i

Thhe
World's Most Popular Network Protocol Analyze
WRESHARK
since then,
Fiks
or Ethereal Webslte
rls be used farcaghngh Pa Open
Op dealy pun
the curent conlyuatinn.
ttvth
code back SeCaçhun Heb balbe for detos. Opon Racent:
Users Gulde

Sample Captures a
Searity

.0. This Ctluroch

ted. Its How to Capture

called Nehwork Medla

Scanned by CamScanner
 9Crypt. & Sys. Security (MU-Sem. 6-Comp) L-28 Lab Manual
fo
Wireshark Maln Window
Capture option dialog box
The
Wireshark: Capture Options

Capkure
Irtarfoce: Loca v b57naz Droadzonm icttrene Gigobt Ethermct Drver:'Devicci

Padtess: 10,120.83.75
Link-layer header type: Ethernet v
Cate packets n proriscuous made Re
tue packets in prap-ng fuTnat (experinental)
Buffer size:
1

mesabrtes)
D
init ceh psket to bytes
Captura Fltor: Ccnpis EFF
Capture Hla(+) DEplay optlons
Fia: Browsa..
Updake lst of packets in re tns
D
Use ndtipe fies
M Automahc scroling in live capture

Hde capture info dalbg

Natne REScutlon
¢rteis)
Enabie MAC nameresokten
Stop Capbure.
.. aftber

.. afbar v Enabe ngtwark name resoLban

imagaby tcs)

D. aftar v Enabe ransport name resalton

Hep 4,
Start Cance

Capturing Live Network Data

Capturing live network data is one of the major fcatures of Wireshark. The Wireshark
:
capture engine provides the following features

Capture from different kinds of network hardware (Ethernet, Token Ring, ATM, ..).
Stop the capture on different triggers like: amount of captured data, captured time,
captured number of packets.
Smultaneously show decoded packets while Wireshark keeps on capturing.
Filter packets, reducing the amount of data to be captured.

Scanned by CamScanner
 (MU-Sem. 6-Comp)
Security ( L-29 Lab Manual
Sys. S
&

Frt multiple files while doing a long term capture, and in addition the option to
Lab Manual (turinginto
bufter these files, keeping only the last x files, useful for a "very long term"
Arna ring
une.
pture engine still
lacks the following features
Simultancous capturing
from multiple network interfaces (however, you can start multiple
merge capture files later).
of Wireshark and
instances
DNer: (Device\\F capturing (or doing some other action), depending on the captured data.
Sop
Interface
Capture
10te
Options
Awireshark: Capture

Cazture
-Ccmpio EPF adapter 'Intel 8255x-based Integrated Fest Etherr
harfare: 192.166.21.102 vNetwork
192.163.21.102
Paddress:
Remote Settings
packets n real tme
Buffer stze: }1 megabyte{s)
promiscuous mode
ling in live capture JCapture packets in
pcap-ng format (experimental)
DCapture packets in
fo
dalog D Limt each packet to bytes

Cepture Fiter:
Display Options
eresolton Capture Fies) real tine
Browse.. DUbdate list of packets in
ame resoLban Fle:
scrolingin Ive capture
OUsa mut'ple fies D Automatic
ante resokbon
capture info dalog
D Hde
Sance
Name Resolution
name resolution
VEnable MAC
... nameresouticn
The Wireshark Stop Capture Enable retwork
resolution
D.. after
transport name
...). .. after
vEnable

..
TM,
Cancel
fter
ptured time, Qart

Help

Scanned by CamScanner
 CYPt
Crypt. & Sys. Security
(MU-Sem. 6-Comp)
L-30 Lab Manual So
Live capture from many Open
different network medla Wire
Wireshark can capture traffic from many differcnt Publ
network media types - and despite its
name -including wireless LAN as
well. Which media types are supported,
things like the operating systcm you depends on many like,
are using. free
Import files from many other capture programs
Bec
Wireshark can opcn packets captured from a large number of other capturc programs.
For plu
a list of input formats.
Develc
Export files for many other capture programs
W
Wireshark can save packets captured in a large number of formats of other capture m
programs. For a list of output formats. W

Capturing Packets
t
est.cap
Ce tdt en Go Cepture Anayze
2ists Tdephony Ioob temas teb

vEspresson
N Scurce Destinstion Proocol Ldth Lnto
o.c00000 192.168, o.3 Br padcast ARP 42 Gratu1tous ARP tor 192.163.0.2 (FE
2 0.29g39 192.63.0. 192.168. 0.2 NBNS 92 Nare query NBSTAT 00000c
4 1.025659 192.13.0.2 224.0, 0. 22
IGMP S4 v3 Menbers hip Report Jo1n qra
31.04A366 192.169.0.2 192.168.0.1 110 Standard query SRv_idap.tcp.r
61.048552 192.168. 0.2 239.255.255.250 SSUP 175 N-SEARCH HTTPAI.1
71.050784 192.168.0.2 192.168.0.1 DNS 86 5tandard query sOR nbl0061d, O4
S1.055053 192.1E3,0.1 192.168.0.2 550P 337 HTTP/2.1 200 Ox
91.c32028 192.168,0.2 192.168. 0.255 NBNS 110 Regi:trati on NB NE1306<0>
101,111945 192.168.0.2 192.168.0.1 DNS 87 standard query A graxyccnf..
111.22€156 L921258.0.2 192.1638.0,1 62
ncu-2 http (5YNI StN524
12 1, 227252 L92.288.0.1 192.168.0.2 TCS 60 hrtp > ncu-2 SVN, ACK] Scg-0 ck

Fraze 11: 62 byes on wire (496 bits), 62 bytes cagtured (496 bits)
Ethernet II, Src: 192.168. D. 2 (00:03:5d:20:cd:02), Dst: Netgesr_2d:75:91 (0):09:5b:2d:75:9a)
Internet Protocol, Src: 192.168. 0. 2 (192.168.0.2), DSt 192.168. 0.1 (192.163. 0.1)
Trrsiss1on cotral Prot oco1, Sre Porti ncu-2 (3L96), DStPort: http (S0),SQ ,Leni
SGurc port: ncu-2 (3196)
DEStira:f on port: hrp (80)
eara
fSTr 1rdes: 5]
Seguerce rutber: 0 (relat iue sequence nunher)
Header lergth: 28 bytes
=Flags X02 (5YD
windon size value: 64240
c

0000 00 09 5b 2d 75 3d 00 Db Sd 20
9a oD 02 OB 00 45 00 E.
020 G0 o
be Te o 50 3c 36 95 F8 03 DO 00 00 70 02
o030 Fa f 27 e0 00 00 02 04 05 bå oi 1 04 02

Hle Cest.cao" 1418 O:0: D2

Padts:120 DSplayedt 120 Natad Olosd tla: 0:00.000
Profe: Delaut

Wireshark captures packets and allows you to examine their content.

Scanned by CamScanner
 .Security (MU-Sem. 6-Comp) L-31
Lab Manual
LabManual Software
Source
source software projcct,
#reshark is an open and is relcascd under the GNU General
and despite License (GPL). You can frccly use Wireshark on any
its number of computers you
-ends on worrying about liccnse keys or fees or such. In addition, all source
many ie without code is
available under the GPL
ntr
Bause of that, it is very casy for people to add new protocols to Wireshark, cither as
or buitt into the source, and they often do.
rograms. phgins,
For
elopment. and malntenance of Wireshark
was
Wireshark initially developed by Gerald Combs. Ongoing development and
paintenance of Wireshark is handled by
the Wireshark team, a loose group of individuals
ber capture
bugs and provide new functionality.
sho fix
Tre have also been a arge number of people who have contributed protocol dissectors
n Wireshark, and it is expected that this will continue.
Vou can find a list of the people who have contributed code to Wireshark by checking the
hout dialog box of Wireshark, or at the authors page on the Wireshark web site.
Wireshark is an open source software project, and is released under the GNU General
are
Public License (GPL). All source code is freely available under the GPL. You
you
grauc selcome to modify Wireshark to suit your own deeds, and it would be appreciated if
contribute your improvements back to the Wireshark team.
P.
nb
to community:
You gain three benefits by contributing your improvements back the
04:
5424 Other people who find your contributions useful will
appreciate them, and you will know
ACk
that you have helped people in the
same way that the developers of Wireshark have helped
people.
your changes even more, as there's always
- The developers of Wireshark might improve your
may implement some advanced things on top of
room for improvement. Or they
code, which can be useful for yourself
too.
fixing it
Wireshark will maintain your code as well,
The maintainers and developers of with what
are made, and generally keeping it in tune
When API changes
or other changes done often). you
can
updated (which is
Wireshark. So if Wireshark is included
IS happening with
website and your changes will already be
get a new Wireshark
version from the
without any effort for
you.

Related command lineTools

Terminal-based Wireshark.
Tshark :

Scanned by CamScanner
 Crypt. & Sys. Security
(MU-Sem. 6-Comp)
L-32 Lab Manual

Tepdump: Capturing with tepdump for viewing with Wireshark. E

Dumpcap : Capturing with dumpcap for viewing with Wireshark.
Aim
Capinfos : Print information about capture files.
Rawshark: Dump and analyze network traffic.
Editcap : Edit capture files. Solu
Ness
Mergecap : Merging multiple capture files into one.
Text2pcap : Converting ASCI hexdumps to network captures.
free
Keyboard Navigation
vulr
Accelerator Description
Fo
Tab, Shift + Tab Move between screen elements, e.g. from the toolbars to the packet
list to the packet detail.

Down Move to the next packet or detail item.

Up Move to the previous packet or detail item.

Ctrl + Down, F8 Move to the next packet, even if the packet list isn't focused.

Crl + Up, F7 Move to the previous packet, even if the packet list isn't focused.
Ctrl+. Move to the next packet of the conversation (TCP, UDP or IP)
Ctrl+, Move to the previous packet of the conversation (TCP, UDP or P)
Left In the packet detail, closes the selected tree item. If it's already closed,
jumps to the parent node.

Right In the packet detail, opens the selected tree item.

Shift + Right In the packet detail, opens the selected tree item and all of its subtrees.
Ctrl + Right In the packet detail, opens all tree items.

Ctrl + Left In the packet detail, closes all tree items.

Backspace In the packet detail, jumps to the parent node.

Return, Enter In the packet detail, toggles the selected tree item.

Conclusion
Thus we have studied a network packet analyzer i.e the Wireshark.

Scanned by CamScanner
 Lab Manual
Sys. Security(MU-Sem. 6-Comp) L-33
cOpt &
can be traced based on
Experiment 4(b): Explore how the packets different
filters.
to download
&
install freely available vulnerability tool
Aim of this experiment is
any vulnerability in the network or not.
scanthe entire network and find
to
$olutlon:

Nessus
computer, Nessus is a proprietary comprehensive vulnerability scanning program. It is
In

charge for personal

use in a non-enterprise environment. Its goal is to detect potential
freeof

vulher
abilities on the tested systems.

For example

Vnerabilities that allow a remote cracker to control or access sensitive data on a system.

Misconfiguration (e.g. open mail relay, missing patches, etc).

Default passwords, a few common passwords, and blank/absent passwords on some

system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary
attack.

Denials of service against the TCP/P stack by using mangled packets

UNIX(including Mac OS X), it consists of nessusd, the Nessus daemon, which does
On
the scanning, and nessus,
the client, which controls scans and presents the vulnerability results
to the user.

According to surveys done by sectools.org, Nessus

is the world's most popular
vulnerability scanner, taking first place in the 2000, 2003, and 2006 security
tools survey.
Tenable estimates that it is used
by over 75,000 organizations worldwide.
Nessus ls also :

A "Free, Powerful,up-to-date, easy to use, remote security scanner".

Open-Source, free to use, modify, etc.

Vulnerability definitions, called plugins, are free as well.

Easy is a matter of perspective.

Scanned by CamScanner
 Securit
Cypt. & Sys.
Crypt. & Sys. Security (MU-Sem.
6-Comp) L-34
Lab Manual eng
3
Operation of Nessus The Nessus
scanner for the ab
In typical operation, Nessus begins by doing a port scan configuration stanc
with one of its four intcrnal ne
Scanners (or it can optionally use AmaporNmap) to patch
detcrmine which ports arc open on the checks and
target and then tries various exploits on the open ports. Nessus to
perform
The vulnerability tests, available a
subscriptions, are written in NASL (Nessus Attack Scripting
Language), a scripting and many other ty
language optimized for custom network interaction. of2008, T
In July
Tenable Network Security produces several dozen new vulnerability checks access
(called users full
plugins) each week, usually on a daily basis. These checks are available for free to the eng
The Nessus 2
general public; commercial customers are not allowed to use this Home Feed any more source projects ba
The Professional Feed (which is not free) also give access to support and additional scripts
Tenable Networ
(audit and compliance tests...).
several times sin
Optionally, the results of the scan can be reported in various formats, such as plain text.
and Windows s
XML, HTML and LaTeX. The results can also be saved in a knowledge base for
need for an ager
debugging. On UNIX, Scanning can be automated through the use of a command-line
Nessus 4.0.0.
client. There exist many different commercial, free and open source tools for both UNX
and Windows to manage individual or distributed Nessus scanners. If the user chooses to lemble eus Vatncrahy Sce
do so (by disabling the option 'safe checks), some of Nessus's vulnerability tests may try
NESSUS)
to cause vulnerable services or. operating systems to crash. This lets a user test the NoseS Watco
resistance of a device before putting it in production. Nessus provides additional welcoma
Start Scan Task
B Yau can
ve Reports
functionality byond testing for known network vulnerabilities. This sg
other ptions
t adaess Book
For instance, it can use Windows credentials to examine patch levels on computers
running the Windows operating system, and can perform password auditing using
pdate Fugns

See Also
dictionary and brute force methods. Nessus 3 and later çan also audit systems to make sure Heto

Abst Nessus

they have been configured per a specific policy, such as the NSA's guide for hardening
WindowS servers.

Brief History of Nessus

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Interne
community a free remote security scanner. On October 5, 2005, Tenable Netwrk
3 to a proprietary
Security, the company Renaud Deraison co-founded, changed Nessus
(closed source) license.

Scanned by CamScanner
 (MU-Sem.
6-core
L-35 Lab Manual
Secuny
&SYS.
#ogt.
of charge, though Tenable charges $100/month per
engine is still free
3
Nessus
configuration audits for PCI, CIS, FDCC and other
The
the ability to perform
scanner for vulnerability audits, the latest network
sstandards, technical support, SCADA
contiguration
audit anti-virus configurations and the ability for
patch audits, the ability to
checks and data searches to look for credit card, social security number
perform sensitive
Nessus to corporate data.
ypes of
and many other

of2008, Tenable sent out

a
revision of the feed license which will allow home
use.
lo July acccess to plugin feeds. professional license is available for commercial
A

Usersfull are still GPL, leading to forked open

a minority of the plugins
Nessus 2 engine and
Nessus like OpenVAS and Porz-Wahn.
The
on
sOurce
projects based
updated it
Security has still maintained the Nessus 2 cngine and has
onhle Network many different UNIX
Nessus 3.Nessus 3 is available for
ceveral times since the release of
without the
offers patch auditing of UNIX and Windows hosts
and Windows systems, released
times faster than Nessus 2.On April 9, 2009, Tenable
need for an agent and is 2-5

Nessus 4.0.0.

Seanne
ad tes Vidahsy
hessus
NESSUS
ry Sstorner a
vunersbkles, ide varletyof
Welkore t tiettus Vuinerabil dhecbs fot thoutands of themost commonly updated
Aiesa s (easdte ntau use
a whh nhules hgh peed
atetve regntna
W

Me Reparte".
sarng tens, pn rto rde yo can open thern again by slecting
selectng art Scan Task", Al ecan rests wd be automatixaly saved, and
You tan tart a new BLan by
Mease congider regiterng
A swepts The arver has nct been tordasede phagns updates
Dtber outun

vew eptts

See Aho
ep
Netfut

Main Window
Fig. 1 : Nessus

Scanned by CamScanner
 Cryp. & Sys. Security (MU-Sem.
6-Comp) L-36 Lab Manual

NISSUS
Manase Poltctes
Weerty used poleleg an be mnpoed here. You ean eatet e
redetoed poe when starting new s

kepote ell
Ad a new pecv X
Delete seletted polev(0)
oher optone
AsPaok

pe seroya
Segt Penpt

Fig. 2: Updating and adding a

policy
Nessus Features
Plugins :Use its own scripting
language(NASL) to define
how it tests for vulnerabilities. .
Client/Server architecture :
Client and server can be
anywhere on the network
Protocol aware : i.e.
It will detect FITP running on port
31337
Application Aware : Tests
web servers running on
the same port
Intelligent scanning : Anonymous
FTP Reports provide vulnerability
number of resolutions. listings and a good
Client/Server uses SSL
to protect report results
Much better about not
crashing targets.
Nessus Architecture : Nessus
Cllent and target systems
Native Unix GTK Client
(Linux, Solaris, and others).
Windows Client (NessusWX).
Windows Client is preferred, more report
options, better interface.

Scanned by CamScanner
 Security (MU-Sem. 6-Comp) L-37
& Sys.
Lab Manu
Lab Mnual

SSL

Nessus Client
Nessus Server

Target Systems
Fig. 3: Nessus Architecture

Nessus Client on Windows

sLonsisle
vulnerabilities.
twork DGX

Sccool

Vuheaie Ist perciin

ngs Thé holkla te Sllns Sevoo Phuk9Estaloian

anda good pocblen ha not boon acpit
vneabky lossmkiususe, vto pi the
ha
Hclet |The
petaosrn(l33c igi ta log n Fehcet lcealy. iage adiai
rethe n|13eo n tha has
nethins ssn(13tep
conhechnetlsscahubuleth/maloCES ap
nefosIn[l3Ag pr/Lmctastft
1acdo:
Re Medn
Nessus Cortt -Ielbioscn(13<p
icceks versto netho133ogt
%545 piugir Wamng:

Scen
stsrted2tnon
Conmecon
koal

utorid
55 pluginsloe
dsprelerencer
suppertedt
Scon trished

Konatss Nessus Client

Fig. 4 :

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) L-38 Lab Manual

Nessus Server
Runs on most Unixflavors (Unix, Linux, *BSD).
Ifind it uns best on Linux, your mileage
may vary.
to
Performs all scanning functions, sends results back client.
Includes a plugin update facility.

Nessus Reports
Numerous different formats.

Problem - How to get the reports to the user securely.

Answers include.
Commercial Products.

Write your own Perl or PHP application.

Scanning Methodologies
Someone scans your system(s) and makes the report available to you.
The end user requests a scan directly from the server, the machine is scanned, and report is
sent automatically.
When the user connects to the network the system is scanned automatically (Popular with
wireless and VPN).
Servers are scanned on a regular basis (maybe weekly) and results are compared.
Network Perimeter is scanned on a regular basis.
Which ones should Ido.

Challenges- False Positives

Must verify to some degree the vulnerabilities Nessus has found.
This is time consuming and sometimes quite dificult.
Nessus is getting better, but still a ways to go.

Challenges-Crash and Burn

Nessus will crash systems, routers, firewalls, and any other devices on
the network!
Happens no matter how careful you are Monitor your configuration closely, test-new
plugins first.

Scanned by CamScanner
 6-Compl
Wnt & Sys. Secui (MO-Sem. L-39
Lab Manual
worst
Preparefor
the
Lab Manual
challenges What about
the appllcatlon
some application level vulnerability assessment.
Nessus does
SPI Dynamics, EEye, and ISS are better.
Tools from

sure youhave at least one other tool to test the application!

Make
? When ?
phallenges--Scan What

permission to scan
is

Getting
half the battle.
it will not
guaranteethat crash the system.
i no
Theree is

you know, pegple don't like it

when you find things wrong with their systems.
As

2
challenges- How long will it take
Depends.

Number of hosts.

Number of open ports.

.

scanned, and report is Number of services running on those ports.

What kind of host (Windows, Unix, Mac).
atically (Popular with How many hosts have firewalls.

Speed of the network.

compared.
Other network traffic.
- How many vulnerabilities are found.
last.
II the host crashes after the first plugin or just before the
?
Challenges -How long does it usually take
One host = A morning or afternoon.

More than one host = 1

Day.

Entire Class C subnet

=
2-3 Days.

Entire Class B = Weeks.

network!
Conclusion Security.
osely, test -new too like Nessus for
network
yulnerability
4uUs we have
studied the

Scanned by CamScanner
9 Cypt. & Sys. Security (MU-Sem. 6-Comp) L-40 Lab Marual

Experiment 5: Download and install nmap. Use it with different options to

scan open ports, perform OS fingerprinting, do a pingg scan.
tcp port scan, udp port scan, xmas scan etc.
: Aim of this experiment is to download & install port scanning tool to identify the
Aim
number of computers on a network & to find the port open on one or more target
computers.
:
Solution

What Is NMAP?

Nmap: "Network Mapper" It was developed by Fyodor.

An open source tool for network exploration and security auditing.
N-map uses raw IP packets in novel ways for information gathering

N-MAP features
Ping Sweeping : ldentifying computers on a network.
Port Scanning: Enumerating the open Ports on one or more
target computers.
OS Detection : Remotely determining the operating system and some hardware
characteristics of network devices.

Ping Sweeping

Ping Sweeping allows the hackers to

automatically map out the entire target
network and
Pinpoint all alive systems within a
particular range of IP addresses.
Operations on PING Sweeping
When Host is not Alive

If the station isn't available on

the network or a packet
from passing, there will filter is preventing ICMP packets
no
be response to the echo frame.

ICMP Echo Request

Source
192.168.0.8 Destination
192.168.0.10

Scanned by CamScanner
 Security (MU-Sem. 6-Comp)
L41
Allve ?
Hostis Lab Manual
t NsPOnse from an active host will return
A an ICMP
ANavailatble on the network or echoreply, unless
1CMP is filtered. the IP address is

CMP Echo Request

ICMP Echo Reply

Souroe
192.163.0.8 Destinaton
192.1880.10
Port Scanning is the process of connecting
to TCP and UDP port
Ending which services for the purpose of
and applications are open on the
Target Machine.
establishes a connection
P
by using what is called a Three way
header contains one byte field handshake. The TCP
for the flags.
These flags include the following:
ACK:The receiver will send an Ack to acknowledge
data.
o SYN :Setup to begin communication on
initial sequence number.
o FIN: Inform the other host that the sender has no more
data to send.
o RST: Abort operation.
o PSH :Force data delivery without waiting for buffers to fill.
o URG : Indicate priority data.
The port numbers are unique only within a computer system.
Port numbers are 16-bit
unsigned numbers. The port numbers are divided into three ranges: the Well Known Ports
(0-1023), the Registered Ports (1024-49151), and the Dynamic and/or Private Ports
(49152-65535).

All the operating systems now honor the tradition of permitting only the super-user open
the ports numbered 0 to 1023.

Some are listed below:

echo 7/tcp Echo
ftp-data 20rudp File Transfer [Default Data]
ftp 21/tcp File Transfer [Control]

Scanned by CamScanner
 Cryp

Crypt. &
Sys. Security (MU-Sem.
6-Comp) L-42 Lab Manual
NMAP s
ssh 22/tcp SSH Remote Login Protocol
sanaal
telnet 23/tcp Telnet [sudo]
domain 53/udp Domain Namc Server Readin
BUildi
www-http 80/tcp World Wide Web HTTP Readi
Nmap ("Network Mapper") is a free and open source utility for network exploration or The fC
libe
security auditing. Sugge
The FIVE port states recognized by Nmap such as : lib
The f
1. Closed 2 Filtered 3
UnFiltered lib
4. Open-Filtered 5. Closed-Filter O upc
Need
1. Download Nmap from www.nmap.org and install the Nmap Software with WinPcan Afte
Driver utility.
2 Execute the Nmap-Zenmap GU tool from Program Menu or Desktop Icon.
3. Type the Target Machine IP Address(i.e. Guest OS or any website Address) SCan

4. Perform the profiles shown in the utility. Target

Comm
Scan Type Switch Description
TCP connect() -sT Opens a connection to every potentially interesting port on
Scan the target machine.
TCP SYN scan -sS This is a "half-open" scan.
TCP FIN -sF This scan attempts to pass through packet filters by sending a
TCP FIN packet.
Xmas Tree -sX Sends a packet with FIN, URG and push flags set.

Null -sN Sends a packet without any flags turned on.

Scan Type Switch Description

ACK scan -SA An ACK packet with random acknowledgment and sequence
numbers is sent.

UDP scan -sU This sends 0 byte UDP packets to each port on the target
machine(s).

Simply lists targets to scan.

List scan -sL

Scanned by CamScanner
 Sys. Security (MU-Sem. 6-Comp)
fCrypt. & L-43

with Lab Manual

Lab Manual MLAP)installation steps along output in Linux
environment are
listed below
4anaQlinux:-$ sudo apt tnstall nnap
password for sana:
evdo] Done
ltsts.
ea ding Paanendency
Auilding tree
Reading state informatton.. Done
lowing addtttional packages will be tnstalled:
The fol)
oration or liblinear3
ibblas3packages:
sUggested
linear -tools liblinear-dev ndiff
NEW
elowing nmap will
packages be installed:
libblas3 liblinear3
o
3 newly
upgraded, 3 installed, 0 to remove and 3 not upgraded.
5,,353 kB of archives.
Need to get
After this operation, 24.5 MB of additional disk Space will be used.
WinPcap

Zenmap

Tools Profle Helo

Sa
Care
ww.securitytrails.com Profte. Quick scan Scan
|Trget

Conmand nmap -14 -F www.securityralis.com

Nmap Output Ports Hosts Topdlogy Host Detals Scans

Hosts Services
Detats
nmap -T4-F W.securitytrals.com
on Ht
Ywww.seco tytrals com 151 339,243.5)
Nnap 7.60 https:i/omap.org ) at 2018-05-12 21:082
Startíng
-03 (151.139.243.5)
Nmap scan report tor w. securitytrails.coa
Hóst is up (e.a.064s latency).
Not shoMN 98 filtered ports
PORT STATE SERVIC
ga 80/tcp open http
443/tep open https
up) scanned in 5.83 Seconds
Neiap doper 1 IP address (1 host

Flter Hosts

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem, 6-Comp) Lab Manual
L-44

Scan Tools Profile Help

Target: Profile: ScanCancot
Command: nmap -T4 -sV -PS -PE -il random-hosts

Hosts Services Nmap Output Ports / Hosts Topology Host Details Scans

Port Protocol State ServiceVersion

OS Host
SXky foa ub 21 tep open ftp vsttpd 2.0.1
scnqxez-84 22 tcp open Ssh OpensSH 3.9p1 (
25 tcp open Smtp SendmailI 8.13.1/6
80 tcp open http Apache httpd 2.0
110 tcp closed pop3
Filter Hosts
Z/9 hosts shown Host Filter: pache

Students can also compile and execute the below program

TITLE: C Progran of PORT-SCANNING compile & run

by using cross compiler of Linux environment
$****:
*****k********4*****
#inchude <stdio.h>
#include <stdlib.h>
#inchude <unistd.h>
#include <netdb.h>>
#include <netinetin.h>
#include <sys/socket.h>

FILE *ps;

int mainfintarge, char *argvl)

{

int sock, port,;

structhostent *h;
time tcurtime;

Scanned by CamScanner
 Sys. S Security
(MU-Sem..6-Comp) L-45
&

Lab Manual
loctime
struct tm
Lab Manual
char "t;

fopen("ete/bbb/portscan.txt", "w"):
Scan (NULL):
Cancel time
tine = localtimei(&eutimo):
Details asctime
(loctime):
Scans|
ersion fprintfps,"
sttpd 2.0.1 fprintfips,"MnPort Scan Results : %s",):
pensSH forintf(ps,"nFollowing ports are open:n"):
3.9p1 (
ndmail 8.13.1/E
ache httpd 2.0 = NULL)
i=gethostbyname(argv[1))

pratf(Gethostbynameká error!!"):

exit(1);

for(port=0; port<=65000; port++)

environment

structsockaddr inaddr;

if(s0ck = socket(AF_INET, SOCK_STREAM, 0)

=)

printf("Socket ka error!!");

exit(1);
}

addr.sin family = AF INET; l host byte order

addr.sin port = htons(port); //short, network byte order
addr.sin addr = *((structin_addr *)h->h_addr);
addr.sin_ zerof0]=\0';

i=0;
while(1)

addr.sin zeroli]=0;

Scanned by CamScanner
 Lab Manue
Grypt. &
Sys. Security (MU-Sem. 6-Comp). L-46

if(i>8)
break;
}
*)
&addr, sizeof(structsockaddr)) = -1)
if (connect(sock, (structsockaddr

printf("%d closedn", port);

close(sock):

else

printf("%d open n",port);

fprintf(ps,"nfod "port);
close(sock);

}
fprintf(ps,"n**************** ***********n):
fclose(ps);

Output

root@localhost]# cc port_scan.c
[root@localhost]# Ja.outlocalhost

22 open

25 open
11l open
631 open
5335 open

32769 open

[root@localhos! #

Scanned by CamScanner
 .
Sys. Security (MU-Sem. 6-Comp) L-47
rCoSL&
Lab Manual
Lab Manual Simulate DOS attack
xperiment 6 : using Hping, hping3
This can be done In and other toois.
two ways one Is
another using IDS tool, using hping3 tool and

Experiment 6(a): DoS using hping3

stion: means
Denial service attack
of making the network unavailable for
the user
ommunicate securcly.
to

generally done by interrupting

in the network connection
tis unavailable for user or disrupts
between the users or making
SOme services the entire network by overloading with
unwanted messages, so that network becomes slow and unavailable.

attack attempt to shut down the network, computer services and deny the use of
sources or services to authorized users.

Once attacker got entire access of network or server he can do the following
things :
Hood the entire network or server with traffic until shutdown occurs because
of
overload.
o Block ongoing traffic which results in a loss of access to network resources to the
authorized users. Different security policies like firewall, Intrusion detection system
helps to protect such type of attacks.
o Different security policies like firewall, Intrusion detection system helps to protect
such type of attacks.

What is hping3 ?
protocol. Hping is one of the
hping3 is a free packet generator and analyzer for the TCP/IP
and networks, and was used
to
de-facto tools for security auditing and testing of firewalls
now implemented in the Nmap port scanner.
exploit the Idle Scan scanning technique
implements an
The new version of hping, hping3, is
scriptable using the Tcl language and
so that the
human readable description of TCP/P packets,
engine for string based, manipulation and
related to low level TCP/IP packet
Prögrammer can write scripts
analysis in a very short time.

iping3 also used to ... standard

blocks attempts using the
a firewall that
Iraceroute/ping/probe hosts behind
utilities.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) L-48 Lab Manual

Perform the idle scan (now implemented in nmap with an casy user interface).

Test firewalling rules.

Test IDSes.
Exploit known vulnerabilties of TCP/IP stacks.
Networking research.
Learn TCP/IP (hping was used in networking courses AFAIK).
Write real applications related to TCP/P testing and security.

Automated firewalling tests.

Proof of concept exploits.
Networking and security research when there is the need to emulate çomplex TCPIP
behaviour.
Prototype IDS systems.
Simple to use networking utilities with Tk interface.

DoS using hping3 with random source IP

you installed Kali Linux to learn how to DoS. You only
need to un a single line
as
command shown below:
santoshdarade:#hping3 -c 10000 -d 120-S -w 64-p 21-floodrand-source www.hping3testsite.com
HPING www.bping3testsite.com (lo 127.0.0.1): S set, 40 headers + 120 data bytes
hping in flood mode, no repies will be shown C

www.hpingtestsite.com hping statistic --

1189112 packets transmítted, O packets received, 100% packet loss

round-trip min/avg/max =0.0/0.0/0.0 ms

santoshdarade:#
1. hping3 = Name of the application binary.
2. -c 100000 = Number
of packets to send.
3. -d 120 = Size of each packet that was sent to target machine.
4. -S=Iam sending SYN packets only.
5 -w 64 = TCP window size.
6. -p 21 = Destination port (21 being FTP
port). You can use any port
here.
7. =
--flood Sending packets as fast as possible, without taking care to show incoming
replies. Flood mode.

Scanned by CamScanner
 &
Sys. Security (MU-Sem. 6-Comp) L-49
oo
Lab Manual rand-source :
Using Random Source
= Lab Manual
er interface). IP Addresses.
You can also
hostnames. See MAN page below. use
hide -a or -spoof
gww.hping3testsite.com =
to
Destination IP address or
website name target machines
use a here. In my case resolves IP address. You can
lso to 127.0.0.1
(as cntered
in letchosts file)
command to DoS using hping3 and nping
ple
–
Simple. SYN flood DoS using HPING3

dlbshdarade: hping3 -S -lood-V www.hping3testaite.com

nglo,
addr: 127.0.0.l, MTU: 65536
www.hping3testsite.com do 127.0.0.1): S set, 40 headers + 0 data bytes
flood mode, no replies will
tbe shownC
ce
çomplex TCP/IP
oing in -.
w.hping3testsite,com hping statistic

6021 packets transmitted,

0
packets received, 100% packet loss
end-trip min/avg/max = 0.0/0.0/0.0 ms
gnloshdarade:#

Simple SYN flood with spoofed IP-DoS using HPING3

in a single line nshdarade:-# hping3 -S -P -U--flood-V --rand-source www.hping3testsite.com
Bing Jo, addr 127.0.0.1, MTU: 65536
ng3testsite.com Www.hping3testsite.com (lo 127.0.0.1): SPUset, 40 headers
HPING
+0 data bytes
hping in flood mode, no replies will be shown ^C
-www.hpingtestsite.com hping statistic ---
$54220 packets transmitted, O packets received, 100% packet loss
ound-trip min/avg/max =0.0/0.0/0.0 ms
santashdarade:~#

TCP connect flood- DoS using NPING

www.hping3testsite.com
Santoshdarade:~# nping -top-conec -rate90000 -c 900000 -q
0.6.46 ( http:/nmap.org/nping) at
2014-08-21 16:20 EST
Starting Nping

CMart: 7.220ms ·Min rtt: 0.00Ams | Avgrt: 1.684ms

16343 (74.69%)
Successful connections: 5537 | Failed:
r Connection attempts: 21880

ping done: 1
IP address pinged in 3.09 seconds
Santoshdarade:# attack using
hping3.
DOS
to simulate
Conclusion: Hence we have studied how
ncoming

Scanned by CamScanner
 Cypt
Crypt. & Sys.
Security(MU-Sem.
6-Comp) win
L-50 Main
Experiment 6(b): DoS Lab Manual
attack
Aim : To install intrusion systenm detection using Intrusion Detection System.
and detect whether any Delecom
by capturing the live network malicious activitics detected or
packets, JDS detect IP Spoofing not
of service attacks. (fake IP address), Denial
Objective
"An Intrusion Detection System jis
systems or networks, analyzing software that monitors the events OCcur in a computer
what happens during an execution
indications that the computer has and tries to find out
been misused- in order to achieve
integrity and availability confidentiality, nte

ofa resource or data".

The IDS will continuously run on our system
in the background and only generate
alert when it detects something the
suspicious as per its own rules
signature present into it and taking some and regulation or attack
immediate action to prevent damage.
An Intrusion detection : System examines or
monitors system or network activity to
find possible attacks on the system or network.
Signs of violation of system security
policies, standard security practices are analyzed.
Intrusion Prevention is the process of
detecting intruders and preventing them from intrusive
effort to system.
Solution:
Refer Chapter 12- section 12.5 for detail on IDS
For demonstration you can download any freely available IDS
tool here we have
downloaded Sax2 (Evaluation) IDS tool and tested it. We got
following results.
ebiverk or Detecton System- S2Evetueson)
DetectonToo ex
ep

ACoer General Start Neburk Rpose Databee Anahyer Pot

Mar
adePl Eoert
Cep
Gheme Debecton
rtt hosedgebee
des Eplorerax rd LEYent Coversations Logs
Analysls Event Overview
P
Enddoolnt Sumary
Intranet
Intermet 0nemlan(0)
ncemet
000 Waninou)
oUO% Criealo Pollcy

Top 10 Events of Intranet

ES

Top 10 Evenits of Internet

Event Curve (Samprg Prequenicy)

Trafflc ourve

stan

Scanned by CamScanner
 (MU-sem. 6-Comp)
L-51
Cvpt. & Sys. Security Lab Manual

window of Sax2 IDS tool

Maln

Toos Vew

Resperse Datsse Anayer Pdty

3Mrs Uodare Pokcy
Epet
iete
eStat|
After
$Cene
Opturs
Cachrg

DaSettg
odes bplerer Ana GGener Adater
NIC ("rod's Pshe Stedter)
Restek 10/100/1000 Dhernet

tanet
Local

9teme
op 10 Everks f
rtreet

oo 10 Everts of Irteet
Ever

Trafl

w
the tete of Sez.
Ready

start ued- Fa.

Scanned by CamScanner
 Lab Manua
Crypt. & Sys. Security (MU-Sem. 6-Comp) L-52

nctwork interface card (Adaptor)

Start the detection by selecting

Dete:tion Tocla Vie

Adepter Gereral $is Stg ieod Resporee batasese Aaher

sohee

Cplre

Nodes Esplorer CiWINDOWSstem 37\cmd.exe 2

o11 09:4137
Setting P&)ping 192.168.J0.22
P Endpoint C:ADocunentt and C0:00:46
8A Inranet 32 byte of data.
Pinying 192.168.35.22 with
ü Local bytes -32 tine1ns ITLe128
Intermet e
ly Emn 192.168.39.22: tíneslfns TTL128
Reply fron IY1b8 32 tinin ITL=128 ts of Intranet
Reply fron 7A.228 bytes s% tine<ls ITL:128
Rely froa 192.1
Piny for 192.168.38.22:
statistics Received 4. lost
B (B
loss).
Sent 4,
ts of Internet
tacke trin tines in nilliseconds:
Bns
Mini Bos, Nax inuri Dns, Averaye

C:\DocuREnts and Set tingsT&

Traffic Curve
10.582 KB/s
11:3

S569 Traic (Eytesh)

c Sav2.
Votheste
ReBdy

Jstarn

Scanned by CamScanner
 Sys. SSecurity (MU-Sem. 6-Comp) L-53
CYpt &

command to check destination Lab Manual

Lab Manual Ping host is reachable
le of or
Nayok ttnislenDetecbon
not.
Sytern SaQIEVu3un)
Yet

Netors Resoonse Databese Anyer Polry Srl Updae Pcy

ardeee, it Deteco
Seart nelesgbee
/Dashboard Everty Corversations Looy

A1.9-.t*
IP1 Parti
Pndoht
rranet 192 168.31.99 49296.0.0.2
fort2 rekocrius Erents Pacdets
A

49307 224.0.0.2S2
STA LStD bts
192.168.90.153 5355 UDP ESTABLISHED
S355 LOP ESTABLISHED 12a
5355UD ESTAELISD
192.168,98,159 5355:UDE 12A P
ESTABISED
192.168.96. 153 SO00922400
S355LDP ESTAB,ISED
192.168.62.171 49937224.0,.0.752
SE5:LDP
192.168.51.59 S0067 22.0.0.52
ESTABLIS-ED
0
STABLISHED O
192.168.98.140 55878 239.255.255.250 STAR 129

192.168.98.192
SO429 224.0.0.252 ISD 0
3 2.045 K
STAELISED0 1281
192.168.51.1 s0377 224.0.0.25
STASLISHED 0 2

192.168.96.192 SO613224.0.0.252 1321

5651De BISHED 0
SO607 224.0.0.252 128
192.168.5I.1
192.168.5i.59 SO793-22.0.0.252 36
192.168.9o.174 S1131:224.0.0.292 2
TABLISHED 10
Events Deta Sream

Severty iprotocol Event

ARP
Waming 09:42:36 ARP Rest storm
Warning
3
ARPARP San
Warning D9:42:9 10PL frt Fan

ade
$pg-Psrt RCwNCNSsyt.

Detection of different attacks

iptables.
>
Experiment 7: Setting up personal Firewall using
Aim: Setting Firewall Using iptables on Ubuntu 14.04
Solution :
modern any operating
up a firewall is an essential step to take in securing can use to
Setting good different firewall tools that we
ship witha few
system. Most Linux distributions firewall.
wel.be covering the iptables
firewalls. In this guide,
configure our distributions by default (a
modern
most Linux .

standard firewall included in to the kernel-level

ptables is a
it). It is actually a front end
replace each
called nftables will begin to stack. It works by matching
Variant Linux network decide what to do.
that can manipulate the set rules to
netilter hooks interface against a of
crosses the networking
packet that

Scanned by CamScanner
 Lab Manual
Grypt. & Sys. Security (MU-Sem. 6-Comp) L-54
In
rules work to block unwanted traffic.
we learncd how iptables
n ne previous guide, to demonstrate how to create a basic rule
move on to a practical cxample HTTP traffic.
nis guide, we'll resulting firewall will allow SSH and
Set for an Ubuntu
14.04 server. The

Baslc iptables Commands

iptables commands must be run with root privileges.
First, you should be awarc that
current rules that are configurcd for iptables.
A good starting point
is to list the

$sudoiptables-- L

Output
Chain INPUT (policy ACCEPT)
targetptot opt source destination

Chain FORWARD (Policy ACCEPT)

targetprot opt source destination

Chain OUTPUT (policy ACCEPT)

targetprot opt source. destination

$sudoiptables S

Output
-PINPUT ACCEPT
-PFORWARD ACCEPT
POUTPUT ACCEFT
Once again, the default policy is important here, because, while all of the rules are deleted
from your chains, the default policy will not change with this command. That means that
if you are connected remotely, you should ensure that
the default policy on your INPUT
and OUTPUT chains are set to ACCEPT prior to flushing your rules.
S sudoiptables -F
$ sudoiptables -P INPUT ACCEPT
sudoiptables -P OUTPUT ACCEPT
$ sudoiptables -F

Scanned by CamScanner
 Gypt. & Sys. Security (MU-Sem. 6-Comp) L-55 Lab Manual

Rule
Make your First

1We'regoing to start to build our firewall policies. As we said above,

we're going to be
sworking with the INPUT chain since
that is the funnel that incoming trafficwill be sent
through. We are going to start with the rule that we've talked about a
bit above : the rule
that explicitly accepts your current SSH connection.

The full rule we need is this :

8 sudoiptables ~A INPUT -m conntrack --ctstate ESTABLISHED,RELATED

-j ACCEPT
This may look incredibly complicated, but most
of it will make sense when we go over the
:
components

-A INPUT:The -A flag appends a

rule to the end of a chain. This is the portion
of
the command that tells iptables that we wish to add a new rule, that we want
that rule
added to the end of the chain, and that the chain we want to operate on
is the INPUT
chain.
•m conntrack : iptables has a set
of core functionality, but also has a set of
extensions or modules that provide extra capabilities.
In this portion of the command, we're stating that we wish to have access to
the
functionality provided by the conntrack module. This module
gives access to
commands that can be used to make decisions based on the
packet's relationship to
previous connections.
ctstate : This is
one of the commands made available
by calling the conntrack
module. This command allows us to match packets based on
how they are related to
packets we've seen before.
We pass it the value of ESTABLISHED to allow packets that are part of an
existing
connection. We pass it the value of RELATED to allow packets that are associated
with an established connection. This is the portion of the rule that matches our current
SSH session.
jACCEPT:This specifies the target of matching packets. Here, we tell iptables that
packets that match the preceding criteria should be accepted and allowed through.
We put this rule at the beginning because we want to make sure the connections we are
already using are matched, accepted, and pulled out of the chain before reaching any
DROP ules.
sudoiptables -L

Scanned by CamScanner
 Lab Manual
Crypt. &
Sys. Security (MU-Sem. 6-Comp) L-56

Output
Chain INPUT (policy ACCEPT)
targetprot opt soureedestination
ACCEPT all -- anywhere anywherectstate RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)

targetprot opt source destination

Chain OUTPUT (policy ACCÉPT)

targelprol opt source destination

Accept Other Necessary Connections

open and to allow
We have told iptables to keep open any connections that are already
new connections related to those connections. However, we need to create some rules to
establish when we want to accept new connections that don't meet those criteria.
We want to keep two ports open specifically. We want to keep our SSH port open (we're
going to assume in this guide that this is the default 22. If you've changed this in your SSH
configuration, modify your value here). We are also going to assume that this computer is
running a web server on the default port 80. If this s not the case for you, you don't have
to add that rule.

The two lines were going to use to add these rules are :
Ssudoiptables -A INPUT -p tep -dport 22 j ACCEPT
p
Šeudoiptables -A INPUT tep-dport 80-j ACCEPT
The new options are :

P tep This option matches packets if the protocol being used is TCP. This is a
:

connection-based protocol that will be used by most applications because it allows for
reliable communication.
--dport : This option is available
if the -p tep flag is given. It gives a further
requirement of matching the destination port for the matching packet. The first rule
matches for TCP packets destined for port 22, while the second rule matches TCP
traffic pointed towards port 80.
There is one more accept rule that we need to ensure that our server can function
correctly. Often, services on the computer communicate with each other by sènding

Scanned by CamScanner
 Cypt. & Sys. .Security (MU-Som. 6-Comp) L-57
Lab Manual

network packets to cach other. They do this by utilizing a pseudo

network interface called
the loopback device, which directs traffic back to itself rather than
to
other computers.

So if one service wants to communicate with another service that

is listening for
it can
connections on port 4555, send a packet to port 4555 of the loopback device. We
to be allowed, becausc
want this type of behavior it is cssential for thc correct operation of

many programs.

$ sudoiptables -I INPUTl-i lo-j ACCEPT

.IINPUT1: The -I flag tells iptables to insert a rule. This is different than the -A flag
which appends a rule to the end. The - flag takes a chain and the rule position where you
want to insert the new rule.

In this case, we're adding thus rule as the very first rule of the NPUT chain. This witl
bump the rest of the rules down. We want this at the top because it is fundamental and
should not be affected by subsequent rules.
: This component of the rule matches if the interface that the packet is using is the
i lo means that
"lo" interface. The "lo" interface is another name for the loopback device. This
any packet using that interface to communicate (packets generated on
our server., for our

server) should be accepted.

the -L flag doesn't
To see our current rules, we should use the -S flag. This is because
a an important
include some information, like the interface that rule is tied to, which is
part of the rule
we
just added:

sudoiptables-$
$

Output
-P INPUT ACCEPT

P FORWARD ACCEPT
-POUTPUT ACCEPT
-A INPUT-i lo j ACCEPT
RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate
ACCEPT
-A INPUT-p tep -m tep --dport 22 -j
-A INPUT-p tcp -m tcp --dport 80-j
ACCEPT

Implementing a Drop Rule

on certain crnte.
accept packets based
separate rules that explicitly
We now have four
not blocking anything.
However, our firewall currently is

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. Lab Manual
6-Comp) L-58

T a packet enters the INPUT chain and doesn't match one of the four rules that we made,
IS Dein8 passed to our default policy, which is to accept the packet anyways. We need to

change this.
There are two different ways that we can do this, with some pretty important differences.
can
The first way we could do this is to modify the default policy of our INPUT chain. We
do this by typing :
$ sudoiptables -P INPUT DROP

This will catch any packets that fall through our INPUT chain, and drop them. This is
what we call a default drop policy. One of the implications of this type of a design is that
it falls back on dropping packets if the rules are flushed.
This may be more secure, but also can haye serious consequences if you don't have
another way of accessing your server. With DigitalOcean, you can log in through our web
Console to get access to your server if this happens. The web console acts as a virtual local
connection, so iptables rules will not affect it.

You may like your server to automatically drop all connections in the event that the rules
are dumped. This would prevent your server from being
left wide open. This also means
that you can casily append rules to the bottom of the chain easily while still dropping
packets as you'd like.
The alternative approach is to keep the default policy for the chain as accept and add a
rule that drops every remaining packet to the bottom of the chain itself.
If you changed the default policy for the INPUT chain above, you can set it back to follow
along by typing:
$sudoiptalbles
-P INPUT ACCEPT
Now, you can add a rule to the bottom of the chain that will
drop any remaining
:
packets
S sudoiptables -A INPUT -¡ DROP
The result under normal operating conditions is exactly the same as a
default drop policy.
This rule works by matching every remaining packet that reaches it.
This prevents a
packet from ever dropping all of the way through the chain to reach
the default policy.
Basically, this is used to keep the default policy to accept traffic.
That way, if there are
any problems and the rules are flushed, you will
still be able to access the machine over
the network. This is a way of implementing a default action without altering the policy
that will be applied to an empty chain.

Scanned by CamScanner
 6-Comp)
Cvot. & Sys. Security (MU-Sem. ·L-59 Lab Manual

Of
course, this also means
that any rule that any additional rule that you wish to add to the
end of the chain will have to be added before the drop rule. You can do this either by

temporarily removing the drop rule:

DROP
teudoiptables -D INPUT-j
here
$eudoiptables -A INPUT new_rule

$ sudoiptables -A INPUT-j DROP

Or, you can insert rules that you necd at the end of the chain (but prior to the drop) by
specifying the line number. To insert a rule at line number 4, you could type :
$sudoiptables -I INPUT 4 new_rule_here,
$sudoiptables -L line-numbers

Output
Chain INPUT (policy DROP)

nüm targetprot opt source destination

1 ACCEPT all - anywhere anywhere

2 ACCEPT all -- anywhere anywherectstate RELATED,ESTABLISHED

3 ACCEPT tep - anywhere anywheretepdpt:ash

4 ACCEPT tcp - anywhere anywheretepdpt:http

Chain FORWARD (policy ACCEPT)

num targetprot opt source destination

Chain OUTPUT (policy ACCEPT)

num targetprot opt source destination

Saving your Iptables Configuratlon

Ssudo apt-get update
Ssudo apt-get install iptables-persistent

Conclusion
Hence we have studied how to configure the firewall using iptables.

Scanned by CamScanner
 Crypt. & Sys. Security (MU-Sem. 6-Comp) Lab Manual
L-60

Experiment 8: Set up Snort and study the logs.

Alm : Intrusion detection has become an extremely important feature of the defense-in-depth
strategy. Snort is free network intrusion detection software. It
can perform protocol
can be uscd detect a variety of attacks and
analysis, content searching/matching, and
scans, CGl attacks, SMB probes, 0S
probes, such as buffer overflow, stealth port
experiment is to
fingerprinting attempts, and much more. The main aim of the
implement snort on windows or Linux platform.

Objective
To Study what is snort, Implementation of snort.
:
Solution

Theory
Snort is an open source network intrusion prevention and detection system (DS/IPS)
developed by source fire. Vombining the benefits of signature, protocol, and anomaly-based
inspection, snort is the most widely deployed IDS/IPS technology worldwide.

Hardware and software requirements

Hardware requirements for this system are dependent upon the size of your network and
volume of traffic. The minimum hardware required is 1 GB RAM, a core procesSor and at
least 2 GB free space on the hard drive. Snort can be implemented on any Linux platform
or on the latest windows systems.
There are three main modes in which Snort can be configured: sniffer, packet logger, and
network intrusion detection system.
Sniffer mode simply reads the packets off of the network and displays them for you in a
continuous stream on the console. Packet logger mode logs the packets to
the disk.
Network intrusion detection mode is the most complex
and configurable configuration,
allowing Snort to analyze network traffic for matches against a user
defined rule set and
performs several actions based upon what it sees.
Snort's open source network-based intrusion detection system
(NIDS) has the ability to
perform real-time traffic analysis and packet logging on
Internet Protocol (P) networks.
Snort performs protocol analysis, content searching,
and content matching. The program
can also be used to detect probes or
attacks, including, but not limited to, operating system
fingerprinting attempts, common gateway interface,
buffer overflows, server messag°
block probes, and stealth port scans.

Scanned by CamScanner
 Cypt. & Sys. Security (MU-Sem. 6-Comp) L-61
Lab Manual

Implementation on windows platform

Installing the base Snort system requires two components :

The WinPcap packet capture
library, and the Snort IDS program itsclf. In the following sections we configure and install
hoth WinPcap and Snort.

WinPcap

WinPcap (Windows Packet Capture Library) a

is packet-capture driver. Functionally,
means that WinPcap this
grabs packets from the network wire and pitches
them to Snort. WinPcap
is a Windows version
of libpcap, which is used for running Snort with Linux.
Functions

The WinPcap driver performs these functions for

Snort:
1. Obtains a list of operational network adapters and retrieves
information about the
adapters.
2. Sniffs packets using one of the adapters that you select.
3. Saves packets to the hard drive (or more importantly for us,
pitches them to Snort).
Installation
The installation and configuration of WinPcap is explained as below :

1. Download the latest installation file from htp://winpcap.polito.i/install/default.btm

The installation file is generally called something like WinPcap_3_0.exe.
2. Double-click the executable installation file and follow the prompts.
WinPcap installs itself where it belongs.
Snort calls WinPcap directly. on any of the functions to grab and analyze network packets.
If the driver did not install properly, Snort does not function

snort.org distributes a convenient install package for Windows available at its Web site:

http://www.snort.org/dlbinaries/win32/
Download this package (generally called snort-2_1_0.exe) and perform the following
Steps to install Snort
1, Double-click the executable installation file. The GNU Public License appears.
appears.
2. Click the I Agree button. Installation Options window

Scanned by CamScanner
 Lab Manual
L-62
P Crypt. & Sys. Security (MU-Sem.6-Comp)
from among
select
appropriate boxes to
3. In the Installation Options dialog box, click the

these options
:

one of the databases listed

I am planning
to log to
I do not plan database, or
to log to a
or you are using MySQL
a database if
are not using
above. Choose this Option if you
or ODBC databases.
our example, we chose this
databases, and for
Snort has built-in Support for these

option. this radio button

ie
Server. Only click
1 need support for
logging to Microsoft SOL you plan
installed on this computer, and
software
you already have SL Server client
database.
to use MSSQL as your logging
option if you have the Oracle
Only choose this
logging to oracle.
I need support for you plan to use Oracle as 'your logging
on
client software installed computer,
this and

database server.
window appears.
4. Click the Next button. The choose components
you want to Install and then
5
In the choose components window,
select the components
appears.
click the Next button. The install location window

6. Choose a directory to install to.

7. Click the Install button.
window
8 When the installation is complete, click the Close button. An information
appears.

9. Click the OK button.

A new Snort installation requires a few configuration points. Conveniently, one file has all

the configuration settings required.

Snortpath/etc/snort.conf

When you're ready to configure Snort, open snort.conf in a text editor.

The following configuration options in the snort.conf file are essential to a properly
Functionìng Snort installation
1. Network settings 2. Rules settings

3. Output settings 4. Include settings

Scanned by CamScanner
 Crypt. &
Sys. Security (MU-Sem. 6-Comp) L-63 Lab Manual

Whedead
e
t

2.0.0 Rule0t SOrt

Ceatact: snare-A3st.a9rceterge,uet
tdt gscEt.confv l 124 2009/05/16 c2452 :42
aEx Bxp

1) Sct the DetTOrk varableg tor our nCRDOCK

2) Co1gure
3) Centigure rrOCtII0ta
tut plugana

3eep #2: 9t she neeck vaciab leat

# You st cbange the falloviag veriables bo
variable is cutEentigreLect
#your lacal netuock. Toe
# Lor RTL RFC
1916 addee wpace.
Tou cAn 9peo1£y 14 explicit
6S1
#var E
KET
10.L.1.C!24

Implementing snort on a Linux platform

Download and Extract Snort
1, Download the latest snort free
version from snort website. Extract
code to the /usr/src directory as the snort source
shown below:
#cd /usr/src

#wget -0 enort-2.8.6.l.tar-gz http:l/www.snort.org/downloads/116

#tar xvzí snort-2.8.6.1.tar.gz
2. Install Snort
Before installing snort, make sure you
have deV packages of libpcap and libpcre.
#apt-cache policy libpcap0.8-dev
libpeap0.8-dev:

Installed: 1.0.0-2ubuntul

Candidate: 1.0.0-2ubuntul

Scanned by CamScanner
 LabManA

(MU-Som. 6-Comp) L-64

Cypt. & Sys. Socurily

# apl-cache policy libpere3-dev

libpere3-dev:

Installed: 7.8-3
Candidate: 7.8-3

# cd snort-2.8.6.1
# Jeonfigure
# make
# make install
Installation
3. Verlfy the Snort
:
as shown below
Verify the installation

# snort --version
-*> Snort!<*
o" )- Version 2.8.6.1 (Build 39) hitp:/lwww.snort.org/snort/snort-team
The Snort Team:
By Martin Roeschand
Sourcefire, Inc., etal.
Copyright (C) 1998-2010

Using PCRE version: 7.8

2008-09-05

4. Create the required files and directory

file and the log directory.
You have to create the configuration file, rule

Create the following directories

# mkdir etc'snort
# mkdir letc/snort/rules
# mkdir /varlog/snort
Create the following snort.conf and icmp.rulesfiles

# cat /etc/nort/snort.conf
include /etc/snort/rules/icmp.rules
#cat /etc/snort/rules/icmp.rules

alerticmp any any -> any any (msg:"ICMP Packet'; sid:477; rev:3;)

The above basic rule does alerting when there is an ICMP

packet (ping).
Following is the structure of the alert:
<Rule Actions> <Protocol> <Source IP Address> <Source Port> <Directiod
Opert
<Destination IP Address> <Destination>
(ule options).

Scanned by CamScanner
 LabO Manuat coypt & SYS. Security(MU-Sem. 6-Comnl L-65
Lab Manual
Table 1: Rule structure
and example

Structure
Example
Rule Actions
Alert
Protocol
Icmp
Source IP Address
Any
Source Port
Any
Direction Operator

Destination IP Address
Any
Destination Port
Any
(rule options) (msg:"ICMP Packet"; sid:477;
rev:3:)
5. Execute snort
Execute snort from command line, as mentioned
below
:

# snort -c letc/snort/snort.conf -l/ar/log/snort

Try pinging some IP from your
machine, to check our ping rule.
of a snort alert for this ICMP rule. Following is the example

# head /varilog/snortalert
11:477:3] ICMP Paiket [**)
Priority: 0)
07/27-20:41:57.230345 > len: 0
/1 type: 0x200 0:0:0:0:0:0
pkt type:0x4 proto: Ox800 len:0x64
209.85.231.102 -> 209.85.231.104
ICMP TTL64 TOS:0x0
ID:0IpLen:20DgmLen:84 DF
Type:8 Code:0 ID:24905
Seq:1 ECHO
Alert Explanatlon

A couple of lines are added for cach alert, which includes

the following :

Message is printed in the first line.

Source IP
etor>
Destination IP

Scanned by CamScanner
 Crypt. &
Sys. SSecurity
(MU-Sem. 6-Comp)
L-66
Type of packet, LabManJal
and header information.
If you have a different interface
example my network for thbe network connection,
interface is ppp0. then use -dev -i option.
snort -dev-i Ink:
# ppp0-c /etc/snort/snort.conf
-l/var/log/snort/
Execute snort as
Daemon.
Add -D option to run
snort as a daemon.
#snort -D -c letc/snort/snort.conf
-l/var/log/snort

Lab Ends...

Scanned by CamScanner