Notwork S Introduction 1-2 ——, ERM Basics of Cryptography . security. The history of informati n security begins with computer sctions and contents, Network security, ants, conne to protect networking, compone mts, COI 1 ailabilit : ily, integrity and availability 4 Information security. to protect the confidentiality, integrity : ; ing or tranemission. information assets, whether in storage, processing, oF tran! Phys onsure that physical access cal security consists of all mechanisms used to ante ae to 5 : orize users. the computer systems and ttetworks is restricted to only aul Data ecting data fro security is the science and study of methods of protecting om Unauthorized disclosure and modification, i ile managing fi Data and information security is about enabling collaboration while SiNg risk with an approach that balances availability versus the confidentiality of data, Security is required because the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and administrative means, Network security measures are needed to protect data during their transmission, Following are the examples of security violations. 1. User A transmits a sensitive information file to user B. The unauthorized ‘user C is able to monitor the transmission and capture a copy of the file during its transmission, 2. A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message, 3. While transmitting the message between two intercepts the message, alters its contents to a forwards the message to destiriation user, users, the unauthorised user dd or delete entries and then ERED Basic Terminologies in Security Basic terminology used for security purposes a. Cryptography : The art or science encom transforming an plaintext message into one that ig retransforming that message b: are as follows ; ack to its original form, b. Plaintext : The original message, c. Ciphertext : ‘The tra nsformed message produced as o a8 output, Tt d the plaintext and key. lepends on TECHNICAL PUBLICATIONSNetwork Security 1-3 Introduction d. e. BR h, Cipher : An algorithm for transforming, plaintext message into one that is unintelligible by transposition and /or substitution methods. Key and receiver. : Some critical information used by the cipher, known only to the sender Eneipher (encode) + The process of converting plaintext to ciphertext using a cipher and a key. Decipher (decode) : The proce using a cipher and a k of converting ciphertext back into plaintext and methods of transforming an Cryptanaly The study of principles unintelligible message back into an intelligible message without knowledge of the key. Also called code-breaking, Cryptanalysis is to break an encryption Cryptanalyst can do any or all of the three different things : Attempt to break a single message. Attempt to recognize patterns in encrypted messages, in order to be able to break subsequent ones by applying a strainghtforward decryption algorithm. 3. Attempt to find general weakness in an encryption algorithm, without necessarily having intercepted any messages. Cryptology : Both cryptography and cryptanalysis. Code : An algorithm for transforming an plaintext message into an unintelligible one using a code-book. ERE Categories Various categories of computer security are : 1. Cryptography 2. Data security 3. Computer security 4. Network security Network security is protection of data on the network during trans Cryptography is data encryption and decryption. Data security is ensuring safe data from modification and corruption. Computer security is formal description of security policies. It includes protection, preventation and detection of unauthorized use of computer. jon or sharing. TECHNICAL PUBLICATIONS® - an up-imust for knowledgeIntroduction 4 Techniques : + as follows : ‘ : * Commonly used security techniques are as foll and data, It is cryptography 1, Encryption ; Used to protect information see used for providing security. techniques, Different types of encryption are use ee fae Sela . bas regulates who or what mechani rie wh rh anization. n S control : Access to data or compute! Te ism. Access control is a security technique am can view or use resources in a computing ae es concept in security that minimizes risk to the ch Pe Sol cna Data backup : Data backup refers to saving a is ea eee separate physical or virtual locations from aa fil 7 renee your data, recovery could be slow, costly or impossil a you secure, store and backup your data on a regular basis. o if i incoming ai 4. Firewall : Firewall is a network security device that monitors i " i outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Antivirus software : Many antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks. 6. Intrusion detection systems : IDS can offer protection from extemal users and internal attackers. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack. Series of confidence : It ensure that all software use has been authentic, Elements of Information Security 7. * Security goals are as follows : 1, Confidentially 2. Integrity 3, Availability 1. Confidentiality * Confidentiality refers to limitin, + Underpinning the goal of confidential and passwords that uniquely identi methods that limit each ide: lity are auth Adentify a data syst ntified user's access { entication met fem's users ay 0 the data g thods like user-IDs nd supporting control 'ystem's resources, ‘CHNICAL PUBLICATION: TECHNICAL PUBLIcaT; 80 Up-thrust for knowledg 1°Network Security 1-6 Introduction Confidentiality is not only applied to storage of data but also applies to the transmi information. Confidentiality ion of Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. Ny) ‘Availability Fig. 1.1.1 Relationship between Fig. 1.1.1 Relationship between Confidentiality Integrity and Availability. 2. Integrity confidentiality integrity Integrity refers to the trustworthiness of information resources. Integrity should not be altered without detection. It includes the concept of "data integrity” namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes “origin” or "source integrity" that is, that the data actually came from the person or entity you think it did, rather than an imposter. Integrity ensures ‘that information is not changed or altered in transit. Under certain attack models, an adversary may not have to power to impersonate an authenticated party or understand a confidential communication, but may have the ability to change the information being transmitted. On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong. 5 3. Availability Availability refers, to the availability of information resources. An information system that is not available when you need it is at least as bad as none at all. Availability means that people who are authorized to use information are not prevented from doing so. It may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure. Almost all modern organizations are highly dependent on functioning information systems. Many literally could not operate without them. Availability, like other aspects of security, may be affected by purely technical issues (e.g. a malfunctioning part of a computer or communications device), natural phenomena (e.g. wind or water) or human causes (accidental or deliberate), TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNotwork Security Introduction tt For example, an object or serview is thought to be available if i Wis present in a usable form, i, It has capacity enough to meet the services needs. iii. The service is completed an acceptable period of time. + By combining these goals, we can construct the availability. The data item, service or system is available i i. There is a timely response to our request. ii, The service and system can be used easily. iii, Concurrency is controlled. iv. It follows the fault tolerance. v. Resources are allocated fairly. ERE Threats and Vulnerability Threat * The term "threat" refers to the source and means of a particular type of attack. * A threat assessment is performed to determine the best approaches to securing a system against a particular threat or class of threat. * Penetration testing exercises are substantially focused on assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of one’s resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker's resources. * Analyzing threats can help one develop specific security policies to implement in line with policy priorities and understand the specific implementation needs for securing one's resources. Vulnerability * The term "vulnerability" refers to the security flaws in a system that allows an attack to be successful. + Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities and helps to provide data used to identify unexpected dangers to security that need to be addressed. + Such vulnerabilities are not particular to technology ~ they can also apply to social factors such as individual authentication and authorization policies. «Testing, for vulnerabilities is people responsible for the dangers as they ari eful for maintaining ongoing security, allowing the vecurily of one's resources to respond effectively to new It is also invaluable for policy and technology development TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security Introduction and as part of a technology selection process; selecting the right technology early ‘on can ensure significant savings down the line, n time, money and other business costs further Understanding the proper use of such terms is important not only to sound like you know what you're talking about, nor even just to facilitate communication. It also helps develop and employ good policies. The specificity of technical jargon reflects the way experts have identified clear distinctions between practical realities of their fields of expertise and can help clarify even for oneself how one should address the challenges that arise. Other examples of vulnerability include these : 1. A weakness in a firewall that lets hackers get into a computer network. 2. Unlocked doors at businesses. 3. Lack of security cameras. ERE cryptography . Cryptography is the science of writing in secret code and is an ancient art. Cryptography is not only protects data from theft or alteration, but can also be used for user authentication. The term is derived from the Greek word kryptos, which means hidden. In cryptography, we start with the unencrypted data, referred to as plaintext. Plaintext is encrypted into ciphertext, which will in turn (usually) be decrypted back into usable plaintext. Fig 1.1.2 shows cryptography. Sender Receiver Cypher-text Plain text Ercryption yp Decryption Plain text Attacker Fig. 1.1.2 Cryptography Cryptography provides secure communication in the presence of malicious third parties, TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-8 Introduction * Encryption is the process of encoding a plain text message into non-readable form, of transferring an encrypted message back into its normal Decryption is a proc form. * Algorithms are considered secure if an attacker cannot determine any properties of the plaintext or key, given the ciphertext. * An attacker should not be able to determine anything about a key given a large number of plaintext/ciphertext combinations which used the key. Advantages of cryptography 1. It provides security to on line network communication. 2. It provides security to email, credit/debit card information etc. 3. Cryptography hides the contents of a secret message from a malicious people. 4. . Cryptography can also provide authentication for verifying the identity of someone or something. 1. Discuss examples from real life, where the following security objectives are needed : ') Confidentiality ii) Integrity iti) Non-repudiation Suggest suitable security mechanisms to achieve them. OED ESSUR EEE SES EE A Model for Network Security « A message is to be transferred from source to destination across some sort of internet. Both the sides must cooperate for the exchange of the data. + A logical information channel is established by defining a route through the internet from source to destination. + Alll the techniques for providing security have two components : 1. A security related transformation on the information to be sent. 2. Some secrét information shared by the two principles, the opponent. * Fig, 1.2.1 shows the network security model. it is hoped, unknown (0 « A trusted third party is needed to achieve secure transmission. TECHNICAL PUBLICATIONS® ~ an up-thrust for knowledgeNetwork Security 11-9 Introduction Trusted third parly sender Receiver Transformation Transformation Message Secret | —{] Information (}—+| Secret Message message message Secret Opponent Secret information information Fig. 1:2.1 Network security model * Basic tasks in designing a particular security service. 1. Design an algorithm for performing the security related transformation. 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information. 4. Specify a protocol to be used by the two principles that makes use of the security algorithm and the secret information to achieve a particular security service. Review Question 1. Explain the network security model and its important parameters with a neat block diagram. Conventional Cryptography + A symmetric encryption model has five ingredients. 1. Plaintext 2. Encryption algorithm 3. Secret key 4. Ciphertext 5. Decryption algorithm * Fig. 13.1 shows the conventional encryption model. Plaintext is the original message or data that is fed into the algorithm as input. Encryption algorithm performs various substitutions and transformations on the plaintext. Secret key is a’value independent of the plaintext and of the algorithm. The exact substitutions and transformations performed by the algorithm depend on the key. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security aeotaeon Secrot key shared by ~ 2-Sender and recipients. “Js Piaintext Encryption Decryption Plaintoxt input algorithm algorithm output Fig. 1.3.1 Conventional encryption model ‘© Ciphertext is the scrambled message produced as output. It depends on the plaintext and the secret key. * Decryption algorithm takes the ciphertext and the secret key and produces the original plaintext. + The original intelligible message, referred to as plaintext is converted into random nonsense, referred to as ciphertext. The science and art of manipulating message to make them secure is called cryptography. + An original message to be transformed is called the plaintext and the resulting message after the transformation is called the ciphertext. + The process of converting the plaintext into ciphertext is called encryption. The reverse process is called decryption. The encryption process consists of an algorithm and a key. The key controls the algorithm. * The objective is to design an encryption technique so that it would be very difficult or impossible for an unauthorized party to understand the contents of the ciphertext. A user can recover the original message only by decrypting the ciphertext using the secret key. Depending upon the secret key used, the algorithm will produce a different output. If the secret key changes, the output of the algorithm also changes. Advantages of Symmetric Ciphers 1. High rates of data throughput, 2. Keys for symmetric-key ciphers are relatively short. 3. Symmetric-key ciphers can be used as cryptographic mechanisms (ie. pscudora primitives to construct various indom number generators), TECHNICAL PUBLICATIONS® - an up-hrust for knowledgeNetwork Security 1-14 Introduction 4, Symmetric-key ciphers can be composed to produce stronger ciphers. 5. Symmetric-key encryption is perceived to have an extensive history. EEE Disadvantages of Symmetric Ciphers . Key must remain secret at both ends. . In large networks, there are many keys pairs to be managed . Sound cryptographic practices dictates that the key be changed frequently 4. Digital signature mechanisms arising from symmetric-key encryption typically require either large keys or the use of third trusted parties. EEG Public-key Cryptography LOE Diffie and Hellman proposed a new type of cryptography that distinguished between encryption and decryption keys. One of the keys would be publicly known; the other would be kept private by its owner. + These algorithms have the following important characteristic. 1. It must be computationally easy to encipher or decipher a message given the appropriate key. 2. It must be computationally infeasible to derive the private key from the public key. 3. Tt must be computationally infeasible to determine the private key from a chosen plaintext attack. * A public key encryption scheme has six ingredients. Fig. 1.4.1 shows public key cryptography. 1. Plaintext : It is input to algorithm and in a readable message or data. 2. Encryption algorithm : It performs various transformations on the plaintext. 3. Public and private keys : One key is used for encryption and other is used for decryption. |. Ciphertext : This is the scrambled message produced as output. It depends on the plaintext and the key. . Decryption algorithm : This algorithm accepts the ciphertext and the matching key and produces the original plaintext. * The essential steps are the following : 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. : » Each user places one of the two keys in a public register. This is the public key. The companion key is kept private. TECHNICAL PUBLICATIONS® - an upcthrust for knowledgeIntroduction Network Security Public key ring Suresh tomy Alice Alice private Alice public be koy Plaintext Decryption Plante Eom algorithm output input (a) Encryption Transmitted ciphertext Public key ring Bob fe 7 Bob's }ob's ublic private key key Piaintext Encryption Decryption Plaintext input algorithm algorithm output (b) Authentication Fig. 1.4.1 Public key cryptography 3. If Bob wishes to send a confidential message using Alice's public key, 4, Alice decrypts the message to Alice, Bob encrypts the message using her private key, ¢ The public key is accessed to all Participants and private key is generated locally by each participant. TECHNICAL PUBLICATIONS® an upthrust for knowledge1-13 Introduction em controls its. pri ate_key. At any time, a system can change its private ey. Fig. 14.2 shows the process of public key algorithm Cryptanalyst Message | Source side X. : Key-pair Destination side Y, source Fig. 1.4.2 Public key cryptosystem secrecy + A message from source which is in a plaintext, X= (X1,X2,...Xm) The message is intended for destination which generates a related pair of keys a public key KUp, and a private key KRp. « Private key is secret key and known only to Y;. With the message X and encryption key KU, as input, X forms the ciphertext. Y = (Vp Y2/¥3 Ya) Y = Exy, 0) « The intended receiver, in possession of the matching private key is able to invert the transformation. X = Deg, + An opponent, observing Y and having access to public key (KUy), but not having " access to private key (KR,), must attempt to recover X. It is assumed that the opponent does have knowledge of the encryption (E) and decryption algorithms (D). * Public key cryptography requires each user to have two keys : A public key used by anyone for encrypting messages to be sent to that user and a private key, which the user needs for decrypting messages. Requirements for public key cryptography 1. It is computationally easy for a party B to generate a pair. TECHNICAL PUBLICATIONS® - an up.thrust for knowledgeIntrod Network Security 1.14 Introduction 2. It is computationally easy for a sender A, to generate the corresponding ciphertext : C = E(PU, M) 3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message : M = D(PR, ©) = DIPR,, E(PU,, M)] 4. It is computationally infeasible for an adversary, knowing the public key (PU; ) to determine the private key PRy. 5. It is computationally infeasible for an adversary, knowing the public key (PU,) and a ciphertext (C) to recover the original message (M). Advantages and Disadvantages + Advantages of public key algorithm 1. Only the private key must be kept secret. The administration of keys on a network requires the presence of only a functional trusted TTP as opposed to an unconditionally trusted TTP. » . A private/public key pair remains unchanged for considerable long periods of time. - There are many relatively efficient digital signature mechanisms as a result of asymmetric-key schemes. eo » Ina large network the number of keys necessary may be considerably smaller than in the symmetric-key scenario, Disadvantages of public key algorithm 1. Slower throughput rates than the best known symmetric-key schemes. 2. Large key size, 3. No asymmetric key scheme has been proven to be secure. 4. Lack of extensive history. EPA comparison between Public Key and Privat ite Key Algorithm Sr.No. Symmetric key cryptography Asymmetric key cryptography Ae ‘ . | = ey is used for encryption and One key for encryption and other key tion, for decryption, | | 2 Very fast. eae Slower. — Se = Slower TECHNICAL PUBLICATIONS® - an Up-thrust for knowledgeNotwork Security nee 1-15 ___tntrotution oF Key exchange is big problem, Key exchange in not a proble | 4 __ Also called secret key encryption, Alo called public key encryption | 5. The key must be kept secret, One of the two keys must be kept secret. 6 The sender and receiver must share the ‘The sender and receiver must each have algorithm and the key. one of the matched pair of keys Size of the resulting encrypted text is Size of the resulting, enerypted text is usnally same as or less than the original more than the original clear text size. clear text size Cannot be used for digital signatures, Can be used for digital 8 Review Question 1. Explain public key eryplography and when it is preferred ? FURS CAE EEA security Attacks An attempt to gain unauthorized access to information resource or services, or to —[ Passive attacks cause harm or damage to information [~ Securiy systems. allacks U_.[Aative attacks Security attacks are of two types : Passive attack and active attack Fig. 1.5.1 EEEEH Passive Attack Passive attacks are those, wherein the attacker indulges in eavesdropping on, or monitoring of data transmission. A passive attack attempts to learn or make use of information from the system but does not affect system resourc The attacker aims to obtain information that is in trans indicates that the attacker does not attempt to perform any modifications to the data. The term passive Passive attacks are of two types : 1, Release of message contents 2. Traffic analysi Release of message content is shown in Fig, 1.5.2. A telephone conversation, an electronic mail message and a transferred file may contain sensitive or confidential information we would like to prevent an opponent from learning the content of these transmissions. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeIntroductic Network Security 1-16 call Opponent Read content of message from sender Receiver Fig. 1.5.2 Release of message contents * Traffic analysis : Mask the contents of message so that opponents could not extract the information from the message. Encryption is used for masking Fig, 1.53 shows the traffic analysis. Passive attacks are very difficult to detect because they do not involve any alternation of data. It is feasible to prevent the success of attack, usually by means of encryption. Opponent Observe pattern of messages from sender a to receiver Fig. 1.5.3 Traffic analysis Receiver EPA Active Attack * Active attacks involve some modific ‘ation of the data stream i false stream. These attacks can not be prevented easily. the eaten of @ Active attacks can be subdivi i vided into four t : 1. Masquerade | 2. Replay 3. Modification of message 4. Denial of service 1. Masquerade masquerade, TECHNICAL PuBt ication: 'N up-thrust for knowledgeNetwork Security aia Introduction bi a, tobe from sender Sender Receiver Fig. 1.5.4 Masquerade + For example sathentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. + Interruption attacks are called as masquerade attacks. 2. Replay + It involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. + Fig. 1.5.5 shows replay attack. Capture message from Opponent sender to receiver, later replay message to receiver oO o Sender Receiver Fig. 1.5.5 Replay 3. Modification of message * It involves some change to the original message. It produces an unauthorized effect. Fig. 1.5.6 shows the modification of message. * For example, a message meaning "Allow Rupali Dhotre to read confidential file accounts " is modified to mean "Allow Mahesh Awati to read confidential file accounts”. TECHNICAL PUBLICATION: > an up-thrust for knowledgeNetwork Security inodicton Receiver Sender Fig. 1.5.6 Modification of message 4. Denial of service * Fabrication causes Denial Of Service (DOS) attacks. * DOS prevents the normal use or management of communications facilities. ‘Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance. 57 shows denial of service attack. + Fig. Disrupts service provided by server Fig. 1.5.7 Denial of service * It is difficult to prevent active attack because of the wide variety of potential physical, software and network vulnerabilities. * The first type of DOS attacks were single source attacks, meaning that a single system was used to attack another system and cause something on that system to fail. SYN flood is the most widely used DOS attack. Fig. 1.5.8 shows the SYN flood DOS attack. * Source system sends a large number of TCP SYN packets to the target system. The SYN packets are used to begin a new TCP connection. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security Introduction system — | Target system Logitimate connection attempt TEP SYN packet TCP SYNACK packet TCP ACK packet Syn flood DOS attack TOP SYN packet TCP SYNAGK packet The final TCP ACK packet is never sent Fig. 1.5.8 SYN flood DOS attack * When the target receives a SYN packet, it replies with TCP SYN ACK packet, which acknowledges the SYN packet and sends connection setup information back to the source of the SYN. * The target also places the new connection information into a pending connection buffer. * For a real TCP connection, the source would send a final TCP ACK packet when it receives the SYN ACK. * However, for this attack, the source ignores the SYN ACK and continues to send SYN packets. Eventually, the target's pending connection buffer fills up and it can no longer respond to new connection requests. Difference between Passive and Active Attack Sr. Passive attacks Active attacks No. : 1. Passive attacks are in the nature of Active attacks involve some modification of | ‘eavesdropping on, or monitoring of, the data stream or the creation of a false transmissions, stream, | 2 Types : Release of message contents and ‘Types : Masquerade, replay, modification | traffic analysi ‘of message and denial of service. | Re iy to detect. ag It to detect. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-20 Introduction detection. I 4, The emphasis in dealing with passive It is quite difficult to prevent active attacks | | | attacks is on prevention rather than absolutely. | It affects the system, | 5._|_ It does not affect the BEER] Man-in-the-Middle Attack + In cryptography, a Man-In-The-Middle (MITM) attack is an attack in which an attacker is able to read, insert and modify at will, meassages between two parties without either, party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. The MITM attack can work against public-key cryptography and is also particularly applicable to the original Diffie-Hellman key exchange protocol, when used without authentication. + The MITM attack may include one or more of ' 1. Eavesdropping, including traffic analysis and possibly a known-plaintext attack. 2. Chosen ciphertext attack, depending on what the receiver does with a message that it decrypts. 3. Substitution attack 4. Replay attacks 5. Denial of service attack. The attacker may for instance jam all communications before attacking one of the parties. The defense is for both parties to periodically send authenticated status messages and to treat their disappearance with paranoia. + MITM is typically used to refer to active manipulation of the meassages, rather than passively eavesdropping. Example of a successful MITM attack against public-key encryption * Suppose Alice wishes to communicate with Bob and that Mallory wishes to eavesdrop on the conversation, or possibly deliver a false message to Bob. To get Started. Alice must ask Bob for his public key. If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. * Mallory can simply send Alice a public key for which she has the private, matching, key. Alice, believing this public key to be Bob's, then encrypts her message with Mallory’s key and sends the enciphered message back to Bob, * Mallory again intercepts, deciphers the message, keeps a copy, using the public key Bob originally sent to Alice, When Bob enciphered message, he will believe it came from Alice. and reenciphers it receives the newly TECHNICAL PUBLICATIONS® - an up-thnust for knowledgeNetwork Security 1-21 Introduction + This example shows the need for Alice and Bob to have some way to ensure that they are truly using the correct public keys of each other. Otherwise, such attacks are generally possible in principle, against any message sent using public-key technology. Defenses against the attack « The possibility of a man-in-the-middle attack remains a serious security problem even for many public-key based cryptosystems. Various defenses against MITM attacks use authentication techniques that are based on : 1, Public keys Stronger mutual authentication Secret keys (high information entropy secrets) Passwords (low information entropy secrets) fF en Other criteria, such as voice recognition or other biometrics + The integrity of public keys must generally be assured in some manner, but need not be secret, whereas passwords and shared secret keys have the additional secrecy requirement, Public keys can be verified by a Certificate Authority, whose public key is distributed through a secure channel. DT me UES 1. What are the different types of attacks ? Explain. TURD ESSER) vices in detail. (AU): Dec.-19; Marks 13 Hash Function + Definition : A hash function is a computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length, called hash-values. * The data to be encoded is often called the "message", and the hash value is sometimes called the message digest or simply digest. * The most common cryptographic uses of hash functions are with digital signatures and for data integrity. + When hash functions are used to detect whether the message input has been altered, they are called Modification Detection Codes (MDC). * There is another category of hash functions that involve a secret key and provide data origin authentication, as well as data integrity; these are called Message Authentication Codes (MACS). » TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Secunty 4-22 Introduction One - way Hash Function * A oneaway hash function, also known as a message digest, fingerprint or compression function, is a mathematical function which takes a variable-length input string and converts it into a fixed-length binary sequence. Furthermore, a one-way hash function is: designed in such a way that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way.) A good hash function also makes it hard to find two strings that would produce the same hash value, All modern hash algorithms produce hash values of 128 bits Even a slight change in an input string should cause the hash value to change drastically. Even if 1 bit is flipped in the input string, at least half of the bits in the hash value will flip as a result. This is called an avalanche effect. © A common way for one-way hash functions to deal with the variable length input problem is called a compression function. Compression functions work by viewing the data being hashed as a sequence of n fixed-length blocks. To compute the hash value of a given block, the algorithm needs two things : the data in the block and an input seed. The input seed is set to some constant value, c, and the algorithm computes the hash value hy of the first block. Next, the hash value of the first block, hy is used as the seed for the second block. The function proceeds to compute the hash value of the second block based on the data in the second block and the hash value of the first block, h;. So, the hash value for block n is related to the data in block n and the hash value hy-1 (for n>1). The hash value of the entire input stream is the hash value of the last block. Hash Function * Avhash value h is generated by a function H of the form. h = H(M) where M = Variable - Length message H(M) = Fixed - Length hash value. Requirements of Hash Functions * The purpose of a hash function is to produce a fingerprint of a file, message 0° other block of data. : TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security Introduction Properties . H can be applied to a block of data of any size. v H produces a fixed length output. H(Q) is relatively easy software implementations practical. to compute for any given x, making both hardware and . For any given value h, it is computationally infeasible to find x such that H(x) = h. This is called one-way property. . For any given block x, it is computationally infeasible to find y # x such that H(y) = H@Q). This is called as weak collision resistance. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This is called as strong collision resistance. 2 Simple hash functions + For a hash function, the input is viewed as a sequence of n-bit blocks. The input is processed one block at a time in an iterative fashion to produce an r-bit hash function. + One of the simplest hash functions is the bit-by-bit exclusive-OR of every block. This can be expressed as follows CG, = by Obj Obi3®.. where C= i bit of the hash code, 15 i n K" = K padded with z left so that the result is b bits in ; ‘ith zeros on the left so that the its ipad = 0011011 i ‘adecima ated b/8 times 110110 (36 in hexadecimal) repeated b/8 ti opad = i pi 01011100 (5C in hexadecimal) repeated b/8 times. TECHNICAL PUBLICATIONS® - an for knowledge /BLICATIC Ip-thrust tNotwork Security 1-29 Introduetion K* inna bbits |b bits phils 3 nits : Hash K opad | nits @ H(silIM) Pad to b bits Ls bits v +] Hash HMAC (KM) Fig. 1.6.2 HMAC structure Then HMAC can be expressed as follows : HMAC (K, M) = H [(K* @ opad) || H[(K* © ipad) || M] 1. Append zeros to the left end of K to create a b-bit string K*. 2. XOR K* with ipad to produce the b-bit block S;. 3. Append M to S;. 4. Apply H to the stream generated in step 3. 5. XOR K* with opad to produce the b-bit block S,, 6. Append the hash result from step 4 to S,. 7. Apply H to the stream generated in step 6 and output the result. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeIntroduet Network Security 1-30 ton * A more efficient implementation is possible, as shown in Fig, 163. Two quantities are precomputed : f(IV, (K* ® ipad)) f(IV, (K* ® opad)) Where {(CV, block) is the compression function for the hash function. Precomputed ' Computed per message ! K ipad ! bi y ! boils bbits b 7 ! ———- 1 Yo | % ca. Yur s] } bbits i i ; nbs Ton 1 ! nbits K ‘opad i eS, t1M) ! | pad to b bits 1 1 85 | 1 I bits wv {1} "+ I nbits ! HMAC,(M) Fig. 1.6.3 Efficient implementation of HMAC HMAC security ¢ Know that the security of HMAC relates to that of the underlying hash algorithm. Attacking HMAC requires either : a) Brute-force attack on key used. This in order of 2n where n is the chaining variable bit-width, b) Birthday attack (but since keyed would need to observe a very large number of messages). Like MD5 this is in order of 2n/2 for a hash length of n. * Choose hash function used based on speed versus security constraints. Note that HMAC is more secure than'MD5 for birthday attack. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-31 Introduction a) In MDS the attacker can choose any set of messages to find a collision (ie. H(M) = H(M). b) In HMAC since the attacker docs not know K, he cannot generate messages offline, For a hash code of 128 bits, this requires 264 observed blocks (ic. 264 © 29 = 273 bits) generated using the same key. On a 1 Gbps line, this requires monitoring stream of messages with no change of the key for 250,000 years (quite infeasible !!). KGa cmac Cipher-based Message Authentication Code (CMAC) is a block cipher-based message authentication code algorithm. CMAC mode of operation is used with AES and triple DES. The CMAC on a message is constructed by splitting it into blocks of size equal to the block size of the underlying cipher, for instance, 128 bits in the case of the AES, Cipher Block Chaining (CBC)-encrypting the message and retaining the result of the last block encryption as the computed MAC value. To avoid certain classes of attack, the last block is subjected, before ciphering, to an exclusive disjunction (XORing) with one of two possible "subkey" values, usually denoted as K1 or K2. The choice of which subkey to use is determined by whether the last message block contains padding or not. The subkey values can only be computed by parties knowing the cipher key in use. Fig. 1.6.4 shows calculation of CMAC. Message (M,) ‘Message (Mz) Message (Mg) D-—«K. kK— +} Encryption k—+| Encryption K— >| Encryption MSB (Tien) |-—>T Fig. 1.6.4 Message length is integer multiple of block size Cy = EK, M,) CG = E(K[M,®C\) TECHNICAL PUBLICATIONS® - an up-hrust for knowiedgeIntroduction _— Cy = HIM, @ CQ) Cy = ERIM OCn yOKD T= MSByealCy) wher Ts o authentication code Ten = bit length of T MSBs (AX) = the s left most bits of the bit string X EXGSY secure Hash Algorithm * The Secure Hash Algorithm gy (NIST). It is based on t [A includes algorithms such as SHA-1, SHA |A) was developed by National Institute of the MD4 algorithm. Based on + Unlike encryption, given a variable length meassge x, a secure hash algorithm computes a function h(Q) which has a fixed and often smaller number of bits. When a message of any length is less than 2 bits is input, the SHA-L produces a i0-bit output called message digest. + SHA+1 called secure bacause it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. + There are a number of attacks on SHA1, all relating to what is known as collision resistance. For examples, if you are using SHA-1 for the storage of passwards, there are no passoword recovery attacks as at December 2011 that make use of the collision attacks on SHA-1. * The most commonly used hash function from the SHA family is SHA-1. It is used in many applications and protocols that require secure and authenticated communications, SHA-1 is used in SSL/TLS, PGP, SSH, S/MIME, and IPSec. Features of SHA-1 = 1, The SHA-1 is used to compute a message digest for a message or data file that is provided as input. 2. The message or data file should be considered to be a bit string, 3. The length of the message is the number of bits in the message (the empty message has length 0), TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-33 Introduction 4. If the number of bits in a message is a multiple of 8, for compactness we can represent the message in hex. The purpose of message padding is to make the total length of a padded message a multiple of 512. The SHA-1 sequentially processes blocks of 512 bits when computing the message digest. x . The 64-bit integer is 1, the length of the original message. . The padded message is then processed by the SHA-1 as n 512-bit block. + SHA-1 was cracked in the year 2005 by two different research groups. In one of these two demonstrations, Xiaoyun Wang, Yigun Lisa Yin, and Hongbo Yu demonstrated that it was possible to come up with a collosion for SHA-1 within a space of size only 2, which was far fewer that the security level of 2°° that is associated with this hash function. « New hash function SHA-512 is introduced to overcome problem of SHA-1. EGE) secure Hash Algorithm (SHA-512) + The Secure Hash Algorithm (SHA) was developed by the National Institute of Standards and Technology (NIST). SHA-1 produces a hash value of 160 bits. * In 2002, NIST produced a revised version of the standard, FIPS 180-2, that defined three new version of SHA, with hash value lengths of 256,384 and 512 bits, known as SHA-256, SHA-384 and SHA-512. * Comparison of SHA parameters Sr. Parameters SHA-1 SHA-256 SHA-384 SHA-512 | No. | 1. Message digest size 160 ae 384 512 2. Message size < ae < 218 <28 | 3. Block size 512 512 1024 1024 | | 4 Word size 2 32 64 64 | 5. Number of steps 80 64 80 80 | [_& Security 80 256 | TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-34 Introduction ting the message to a unique 2 bits in length, without loss ‘as follows : Append a 1 to «For both SHA-1 and SHA-256, one begins by conven representation of the message that is « multiple of 51 of information about its exact original length in bits, the message. «Thon add as many zeroes Dole length that is 6i-bits less thy append the original leny target length, which is the next necessary to reach the ; 12 bits. Finally, as a ‘an a whole multiple of 5 ith of the message in bits, pos 64-bit binary number, Description of SHA-1 «Expand each block of 512, wh eubkeys as follows : The first 16 subkeys are subkeys are generated as follows : Subkey N is the N-S, Neld and N-16, subjected to a circular left shift the 160-bit block value (in hexadecimal). 67452301 EFCDABS9 98BADCFE 10325476 C3D2E1F0 Jlock of the modified message, en it is time to use it, into a source of 80 32-bit the block itself. All remaining exclusive OR of subkeys N-3, of one place. Starting from [As input for the processing of the first 512-bit b for each message block, do the following + Encipher the starting value using the 80 sub keys for the cw ‘Add each of the 32-bit pieces of the cipher text result to the starting value, modulo 2432, of course and use that result as the starting value for handling the next rent message block message block. + The starting value created at the end of handling the last block is the hash value, which is 160 bits long. The SHA “block cipher" component * The main calculation in SHA enciphers a 160-bit block using 80 32-bit subkeys in 80 rounds. This calculation is somewhat similar to a series of Feistel rounds, except that instead of dividing the block into two halves, it is divided into five Pieces. + An F-function is calculated from four of the five pieces, although it is really the 208 e a i of three of the pieces and a circular left shift of a fourth, and ed with one piece, which is also modified by bei i : round’s subkey and a constant. ae « The same constant is used over each group of 20 rounds. One of the other block! is also altered by undergoing a ci . aa rgoing a circular left shift, and then the (160-bit) blocks até + The F-function, as well as the constant, i The F- , tant, is changed every 2 i five pieces of the 160-bit block being eayplet a, b, pees ee ‘a the SHA "block cipher" component proceed as follows a TECHNICAL PUBLICATIONS® - an up-thrust for ‘knowledgeNetwork Security 1-35 Introduction ‘+ Change a by adding the current constant to it. The constants are, in hexadecimal © For rounds 1 to 20 : 5827999 © For rounds 21 to 40 : 6ED9EBA1 © For rounds 41 to 60 : 8FIBBCDC © For rounds 61 to 80 : CA62C1D6 * Change a by adding the appropriate subkey for this round to it. © Change a by adding e, circular left-shifted 5 places to it. * Change a by adding the main f-function of b, ¢ and d to it, calculated as follows : © For rounds 1 to 20, it is (b AND c) OR (NOT b) AND (d). © For rounds 21 to 40, it is b XOR c XOR d. © For rounds 41 to 60, it is (b AND c) OR (b AND d) OR (c AND d). © For rounds 61 to 80, it is again b XOR c XOR d. * Change d by giving it a circular right shift of 2 positions (or, for consistency, a circular left shift of 30 places.) * Then swap pieces, by moving each piece to the next earlier one, except that the old a value is moved to e. * There are various types in SHA such as SHA-256, SHA-384, and SHA-512. SHA-512 logic « Fig. 1.6.5 shows message digest generation using SHA-512. N x 1024 bits Loits 128 bits ‘Message 100.0] L {1024 bits | 1024 bits | My My 1024 1024 Fig. 1.6.5 Message digest using SHA-512 TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-36 miescton is 1 © The algorithm takes as input a message with a maximum length of less than 2128 age digets. The input is processed in bits and produces as output a 512- 1024-bit blocks, Steps 1. Append padding bits : The message is padded so that its length is congruent to $9 modulo 1024. Padding cor of a single 1-bit followed by the necessary number of 0-bits. : - Append length : A block of 128 bits is appended to the message. This block is treated as an unsigned 128-bit integer that contains the length of the original message (before the padding). Initialize has buffer : A 512-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as eight 64-bit registers (a,b, cd, e, f, g, h). These registers are initialised to the following 64-bit integers (hexadecimal values) yp » Sr. No. Register Values pe a : 6A09E667F3BCC908 p b BB67AES584CAA73B (es ¢ — SCOEFSTOFEOUFEB | Wa 4 ASAFFSSASFID36FL | 5. e ‘S10E527FADE682D1 | 6 f 9B05688C2B3E6C1E | {O57 8 ‘1F83D9ABFB41BD6B h SBEOCDIS137E2179 4. Process message in 1024-bit blocks : It consist of 80 rounds. Each round takes a8 input the 512-bit buffer value abcdefgh and updates the contents of the buffer. Each round t makes use of a 64-bit value W,. The output of the last round is added to the input to the first round (Hj. ,) to produce Hi, * Fig. 1.6.6 shows the processing of a single 1024 - bit block, TECHNICAL PUBLICATIONS® - an up-thist for knowledgeNetwork Security Introduction Message schedule, Wo Hi Fig, 1.6.6 SHA-512 processing of a single 1024-bit block 5. Output : The output from the N'* stage is the 512-bit message digest. * The behaviour of SHA-512 is as-follows Hy = IV H, = SUMg, (Hj _ 1, abcdefghj) MD = Hy where IV = Initial value of the abcdefgh buffer. abcdefgh, = The output of the last round of processing of the it” message block. The number of blocks in the message. SUM,, = Addition modulo 2 performed separately on each word of the pair of inputs. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeIntroduction Network Security as MD = Final message digest SHA - 512 round function Each round is defined by the following se 4 (dy"e)4 Wr tk, tof equati Maj(a, b, ©) bea cab dec e=d+Ty fee gef h=g —— 512bits ——_____. Fig, 1.6.7 Single round operation TECHNICAL PUBLICATIONS® - an up-thrust for knowiodgeNetwork Security 1-39 Introduction Compare the performance of RIPEMD ~- 160 algorithm and SHA - 1 algorithm. ORT 1G solution + RIPEMD-160 vers « Brute force attack harder (160 like SHA-1 vs 128 bits for MD5) + Not vulnerable to known attacks, like SHA-1 though stronger + RIPEMD-160 is slower than SHA-1 + RIPEMD-160 is more secure than SHA-1 all designed as simple and compact « SHA-1 optimised for big endian CPU's vs RIPEMD-160 optimised for little endian CPU's Liha soc 1. How Hash function algorithm is designed ? Explain their features and properties. ORO etme 2. List the design objectives of HMAC and explain the algorithm in detail. Fd Authentication Authentication « Authentication techniques are used to verify identity. The authentication of authorized users prevents unauthorized users from gaining access to corporate information systems. * Authentication method is of validating the identity of user, service or application. The use of authentication mechanisms can also prevent authorized users from accessing ifformation that they are not authorized to view. + Data authentication means providing data integrity as well as that the data have been received from the individual who claimed to supply this information. In authentication : a. A Brute force attack is an automated process of trial and error used to guess a person's user name, password, credit-card number of cryptographic key. b. Insufficient authentication occurs when a website permits an attacker to access sensitive content or functionality without having to properly authenticate. ©. Weak password recovery validation is when a website permits an attacker to illegally obtain, change or recover another user's password. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeIntroducti Network Security tO attr Authorization © Authorization is a procedure of controlling the acc system resources. An authorization system provides rights granted to them by the adm ess of authenticated users to the ach user with exactly those inistrator, ts to files, directories, printers ete, ay oges, such as local access to th, * Besides providing users with access r iser_priv authorization system might control user p ; server, setting the system time, creating backup copies of the data and server shutdown In authorization : a _ , a. Credential/session prediction is a method of hijacking or impersonating a website user. ; . Insufficient authorization is when a website permits access to sensitive content of functionality that should require increased access control restrictions. &. Insufficient session expiration is when a website permits an attacker to reuse old session credentials or session IDs for authorization. Authentication Requirements * Attacks can be identified as follows : 1. Disclosure : Release of message contents to any person or process not possessing the appropriate cryptographic key. 2. Traffic analysis : Discovery of the pattern of traffic between parties. 3. Masquerade : Insertion of messages into the network from a fraudulent source, 4. Sequence modification : Any modification to a sequence of messages between parties, including insertion, deletion and reordering. 5. Content modification : Changes to the contents of a message, including insertion, deletion, transposition and modification. 6 Timing modification : Delay or replay of messages, 7. Source repudiation : Denial of transmission of message by source. 8. Destination repudiation : Denial of rece ipt of message by destination, * Message authentication is a procedure to verify that received messages come form the alleged source and have not been altered. + Digital signature is an authentication techni ique that also includes measures to counter repudiation by the source, TECHNICAL PUBLICATIONS® - an up.tiust for knowledgoNetwork Security teat Introduction BEES Authentication Function + Functions are at two levels in message authentication. At the lower level, function that produces an authenticator. These value is used to authenticate a message. The lower level function is used in the higher level authentication protocol. The higher lovel authentication protocol enables a receiver to verify the authenticity of message. + Following are the some types of functions that may be used to produce an authenticator. They may be grouped into three classes. 1. Message encryption. 2. Message Authentication Code (MAC) 3. Hash function. 4) Message encryption « Ciphertext of the entire message serves as its authenticator. Message encryption by itself can provide a measure of authentication. Symmetric encryption «Fig. 1.7.1 shows the uses of message encryption in symmetric encryption. «f-——€) ©) i ie (KM) te —— SourceA ——> —— Destination B > Fig. 1.7.1 Symmetric encryption (confidentiality and authentication) + A message M transmitted from source A to destination B is encrypted using a secret key K shared by A and B. If no other party knows the key, then confidentiality is provided. * Destination B is assured that the message was generated by A. Because of secret key used by both party, it provides authentication as well as confidentiality. * Given a decryption function D and a secret key K, the destination will accept any input X and produce output Y = D(K, X). * If X is the ciphertext of a legitimate message M produced by the corresponding encryption function, then Y is some plaintext message M. Otherwise, Y will likely be a meaningless sequence of bits. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeIntroduction Network Security 1-42 lage message using a © For example, suppose that we are transmitting English language ™ wo A sends the following legitimate ciphertext ; caesar cipher with a shift of t nbsftfbupbutbocepftfbupbutboemjuumfmbnet B decrypt to produce the following plaintext : Izqdrdzsnzstzmecmdrdzsnzsrzmekhsskdkzlar © Ifan opponent generates the following random sequences of letters : zuvrsoevgqxlzwigamdvnmbpmecxiuureosfbeeb This decrypts to : Which does not fit the profile of ordinary English. Public key encryption _ * Public key encryption provides confidentiality but not authentication. Fig. 1.72 shows public key encryption with confidentiality in message encryption. —=— SourceA ——> —— Destination 8 —> | ©) ©) : PU, eee PR, Fig. 1.7.2 Public key encryption (Confidentiality) * Source A, uses the public key PU, of the destination B to encrypt message M. Because only B has the corresponding private key PR,, only B can decrypt the message. * This method provides no authentication because any opponent could also use B's public key to encrypt a message, claiming to be A. * Fig. 17.3 shows the thessage encryption in public key encryption with authentication and signature, © A ©) " E(PR,, M) Pu PR, —— Sourcea —_+ ~+— _ DestinationB = —> Fig. 1.7.3 Public key encryption (Authentication) TECHNICAL PUBLICATIONS® - an up-hrust for knowledgenetwork Security 1-43 Introduction + A uses its private key to encrypt the message, and B uses A’s public key to decrypt. the « It provides authentication. The message must have come from A because A only party that possesses PR, « It also provides digital signature. Only A could have constructed the ciphertext because only A possesses PR. Not even B, the recipient could have constructed the ciphertext, + To provide both confidentiality and authentication, A can encrypt M first using, its private key, which provides the digital signature and then using B's public key, which provides confidentiality. ig. 1.74 shows confidentiality, authentication and signature for public key encryption. E (PU,, E (PR,.M)) E(PR,.M) E(PR,M) PU, PR, PU, PR, Fig. 1.7.4 Public key encryption + It provides confidentiality because of PU,. + Provides authentication and signature because of PR,. 2) Message Authentication Code (MAC) * MAC is an alternative technique which uses secret key. This technique assumes that two communicating parties, share a common secret key K. + When A has a message to send to B, it calculates the MAC. MAC = C(K, M) where M = Input message C = MAC function K = Shared secret key MAC * Calculated MAC and message are transmitted to the receiver. The receiver performs the same calculation on the received message. * Received MAC is compared with the calculated MAC. If both are matches, then 1. The receiver is assured that the message has not been altered. 0 Message authentication code 2. The receiver is assured that the mi gc is from the alleged sender. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgecut Introduction elwork Si Lee 3. a5 essage inchides a s¢ : en the receiver can be assumed per, then the rece Cae a wanus un tins cannot successfully alter the . If the mess cause an attacker f the proper sequence because a o 8. izshh : he message authentication. 01 messag © Fig. 17 . ‘onfidentiality can be entiality. Confiden 5 ides authentication but not confidenti Ate or before the MAC * Fig. 1.7.5 provides a : yption eithes ided by performing message encryption provided — Source A Destination B : Source ( Compare K . ni C(K.M) Fig. 1.7.5 Message authentication 6 shows encryption after the MAC. 7 E D M M T iH] | : kg FMC A) K, oa 4 c Source A Destination B Fig. 1.7.6 Message authentication and Confidentiality * Two separate keys are needed, ¢ receiver. Here MAC is calculated to the message. The entire * Fig. 1.7.7 shows the message authentication * Here also two separate ke MAC is calculated usin, ciphertext to form the ‘ach of which is shared by the sender and the with the message input and is then concatenated block is then encrypted, and confidentiality with e YS are needed, The me & the resultin, transmitted block. ‘neryption. is encrypted first. Then the and is concatenated to the ssage % ciphertext