* suBJeCT CODE: CCS354 Strictly as per Revised Syllabus of __ANNA UNIVERSITY Choice Based Credit System (CBCS) sites? Vertical - 4 (Cyber Security and Data Privacy) (CSE/IT/Al&DS) NETWORK SECURITY Vilas $. Bagad MLE. (E&TC), Microwaves M.M.S. (Information systems) Faculty, Institute of Telecommunication Management Ex-Faculty, Sinhgad Collage of Engineering, Pune. Iresh A. Dhotre ME. (Informetion Technology) Ex Faculty; Sinhgad College of Engineering, Pune TECHNICAL PUBLICATIONS a . P. RAJA gpecnun Pt FOR sears Officer na RECOMMENDRTION Mob: + 91 89994 29215 E-mail: [email protected] ae ® ==" TECHNICAL Z PUBLICATIONS SINCE 1993 An Up-Thrust for KnowledgeTABLE OF CONTENTS Chapter-1 Introduction (1 - 1) to (1 - 60) 1.1 Basics of Cryptography... 1.1.1 Basic Terminologies in Security 1.1.2 Categories 1.1.3. Techniques... 1.1.4 Elements of Information Security. 1.1.5 Threats and Vulnerability . 1.1.6° Cryptography... 1.2 A Model for Network Security. 1.3. Conventional Cryptography 1.3.1 Advantages of Symmetric Ciphers....... 1.3.2. Disadvantages of Symmetric Ciphers.... 1.4 Public-key Cryptography .... 1.4.1 Advantages and Disadvantages... 1.4.2. Comparison between Public Key and Private Key Algorithm 1.5 Security Attacks... 1.5.1 Passive Attack... 1.5.2 Active Attack. 1.5.2.1 Difference between Passive and Active Attack... 1.5.3. Man-in-the-Middle Attack... 1.6 Hash Function 1.6.1. Requirements of Hash Functions..... 1.6.2 Applications of Hash Function. 1.6.3 Birthday Attacl 1.6.4 Attack on Collision Resistance... "1.65. Secure of Hash Function and HMAC.... w1.6.6 HMAC.. 1.6.7 CMAC.. 1.6.8 Secure Hash Algorithm .... 1.6.9. Secure Hash Algorithm (SHA-512)... + 1.7 Authentication.. 1.7.1 Authentication Requirements .. 1.7.2 Authentication Function. 1.7.3 MAC. 1.8 Digital Signatures.. 1.8.1 Arbitrated Digital Signatures .... 1.8.2 Direct Digital Signature... 1.8.3 Digital Signature Standard. 1.8.4. Digital Signature Algorithm, 1.9 Two Marks Questions with Answers Chapter-2 Key Management and Authentication (2 - 1) to (2 - 40) 2.1. Key Management and Distribution . 2.1.1 Distribution of Public Keys. ~~ 21.2. Distribution of Secret ‘Keys using Public Key Cryptography... 2.1.3 Key Distribution and Certification ... 2.14 Key Distribution 2.2 X.509 Certificates. 2.2.1 X.509 Format of Certificate ., 2.2.2 Obtaining User's Certificate... 2.2.3 Revocation of Certificates... 2.2.4 Authentication Procedures... 2.3 Public-Key Infrastructure... 2.4 User Authentication .. 2.5 “Remote User Authentication Principles2.5.1 Mutual Authentication ..... 2.5.2 One Way Authentication 2.5.2.1 Password based Authentication 2.6 Remote User-Authentication using Symmetric Encryption . 2.7" Remote User-Authentication Using Asymmetric Encryption... 2.8 Kerberos Systems. 2.8.1 Kerberos Terminology 2.8.2 Kerberos Version 4 2.8.2.1, Simple Authentication Dialogue... 2.8.2.2 Secure Authentication Dialogue 2.8.2.3 Kerberos Realms .. 2.8.3. Kerberos Version 5........ 2.8.3.1, Version 5 Authentication Dialogue 2.8.4 Comparison between Kerberos Versions 4 and 5. 2.8.5 Strengths of Kerberos 2.8.6 Weakness of Kerberos... 2.8.7 Difference between Kerberos and SSL..... 2.9 Two Marks Questions with Answers .. sepium tes Chapier-3 Access Control and Security (3-1) to (3 - 34) 3.1 Network Access Control 3.1.1 Extensible Authentication Protocol... 3.1.2 Advantages Network Access Control....... 3.2 IEEE 802.1X Port - based Network Access Control. 3.3 IP Security. 3,3.1 IP Security Architecture 3.3.2 IPSec Document. 3.3.3. IPSec Services. 3.3.4 Security Association. i)3.3.5 SA Parameters .... 3.3.6 Transport Mode.. 3.3.7 Tunnel Mode 3.3.8 Application of IPSe 3.3.9 Benefits of IPSec... 3.4 Authentication Header... 3.4.1 AH Transport Mode.. 3.4.2. AH Tunnel Mode... 3.5 ESP 3.5.1 ESP Format... 3.5.2. Encryption and Authentication Algorithms... 3.5.3 Padding 3.5.4 Comparison between AH and ESP....... 3.6 Internet Key Exchange (IKE)... 3.7. Web Security Considerations .. 3.7.1 Web Security Issue... 3.7.2. Transport Layer Security. 3:8 Secure Sockets Layer... 3.8.1 SSL Architecture... 3.8.2 SSL Record Protocol. 3.8.3 Handshake Protocol. 3.8.4 Comparison between IPSec and SSL. 3.8.5 Comparison of SSL and TLS 3.9 Transport Layer Security ..., 3.10 HTTPS Standard... wae 37 26 3-27 3.11 Secure Shell (SSH) Application... 1 3229 3.12 Two Marks Questions with Answers ...Chapter-4 Application Layer Security (4 - 1) to (4 - 38) 4.1 Electronic Mail Security. 4.1.1 Pretty Good Privacy... 4.1.1.1 PGP Operation... 4.1.1.2 Cryptographic Keys and Key Rings 4.1.1.3 Message Format ........ 4.1.1.4 PGP Message Generation...... 4.1.1.5 PGP Message Reception 4.1.1.6 Concept of Trust ... 4.1.1.7 Trust Processing Operation... 4.2 S/MIME.. 4.2.1 Multipurpose Internet Mail Extensions. 4.2.2. Message Headers... 4.2.3. S/MIME Functionality 4.2.4 Cryptographic Algorithms in S/MIME..... 4.2.5 S/MIME Messages .. 4.2.6 S/MIME Certificate Processing .... “4.3. PEM. 4.4 Domain Keys Identified Mail 4.5. Wireless Network Security .... 4.5.1 Background... 4.5.2 Authentication. 4.5.3. Authentication in WEP... 4.5.4 Authentication and Key Argument in 802.11i. 4.6 Mobile Device Security... 4.7 Two Marks Questions with AnswersChapter - 5 5.1 Intrusion Detection. 5.2 5.3 5.4 (5 - 1) to (5 - 40) Security Practices 5.1.1. Types of Intrusion Detection System. 5.1.1.1 Anomaly Detection 5.1.1.2. Signature-based Detection ... 5.1.13 Comparison between Signature-based and Anomaly Detection 5.1.1.4 Network Based System .. 5.1.15 Host-based IDSs (HIDS)... 5.1.L6 - Differences between HIDS and NIDS 5.1.2 Intrusion Detection Techniques .. 5.1.3 Tools for Intrusion Detection... 5.14 Distributed IDS.. 5.1.5 Strengths of IDS....... 5.1.6 Limitations of IDS. 5.1.7 Differences between IDS and IPS....... 5.1.8 Intrusion Prevention System (IPS) Password Management... 5.2.1 Password Protection... 5.22 Password Selection Strategies. Firewalls .... 5.3.1 Types of Firewal 5.3.1.1 Packet Filtering Router... 5.3.1.2 Application Level Gateways... 5.3.1.3 Circuit Level Gateways... 5.3.1.4 Comparison between Packet Filter and Proxies . 5.3.2 Firewall Location.. 5.3.3 Firewall Configuration Blockchain 5.4.1 Blockchain Technology Layers5.4.2 Types of Blockchain Plathocm 5.4.3 The Challenges for Adoption of Blockchain. 5.4.4 Advantages and Dlssdvantages of Blockchair 5.5 Cloud Security. 5-34 5.5.1 Cloud Security Challenges and Risks.... 5.5.2, General Issues Securing the Cloud .. 15.6 loT Security 5.6.1 loT Security Challenges.. 5.7. Two Marks Questions with Answers ... i)UNIT I Introduction Syllabus Basics of cryptography, conventional and, public-key cryptography, hash functions, authentication, and digital signatures. Contents 1.1 Basics of Cryptography .................. Dec-20, 1.2 A Model for Network Security. ... 1.3. Conventional Cryptography 1.4 Publio-key Cryptography : Marks 5 1.5. . Security Attacks I emtmn ancients sun os DOCRIBID. + 9 Marks 13 1.6 Hash Function : a May-17,18, Dec.-19, Marks 16 1.7 Authentication si s+. . Dee-19, Marks 8 Marks 15 May-19, Dec.-22, »------- Marks 13 1.8 Digital Signatures soe axed Dec.-19,20,22, ---- +++ +++ Marks 15 1.9 Two Marks Questions with Answers a-?Introductic Network Security Basics of Cryptography The history of information security be; «Network security, to protect networking components, tent ‘® Information security to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. ‘* Physical security consists of all mechanisms used to ensure fiat physical access to the computer systems and networks is restricted to only authorize users. Data security is the science and study of methods of protecting data from unauthorized disclosure and modification. «Data and information security is about enabling collaboration while managing risk with an approach that balances availability versus the confidentiality of data. gins with computer security. ; connections and contents. «Security is required because the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and administrative means. . Network security measures are needed to protect data during their transmission. Following are the examples of security violations. 1. User A transmits a sensitive information file to user B. The unauthorized user C is able to monitor the transmission and capture a copy of the file during its transmission. “2. A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message. 3. While transmitting the message between two users, intercepts the message, alters: its contents to forwards the message to destination user, the unauthorised user add or delete entries and then EKER Basic Terminologies in Security b. Plaintext : The original message, ©. Ciphertext : The transformed m e585 pate aia key, age produced as output, It depends on the || Introduction Network Security 1-3 4. Cipher An algorithm for transforming plaintext message into one that is unintelligible by transposition and/or substitution methods. e, Key = Somie critical information used by the cipher, known only to the sender and receiver. £ Encipher (encode) ; The process of converting plaintext to ciphertext using a cipher and a key. ' ; Decipher (decode) : The process of converting ciphertext back into plaintext using a cipher and a key. h. Cryptanalysis : The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. .Also called’ code-breaking. Cryptanalysis is to break an encryption. Cryptanalyst can do.any or all of the three different things : 1. Attempt to break a single message. 2. Attempt to recognize patterns in encrypted messages, in order to be able to break subsequent ones by applying a strainghtforward decryption algorithm. 3. Attempt to find general weakness in an encryption. algorithm, without necessarily having intercepted any messages. i. Cryptology : Both cryptography and cryptanalysis, j. Code : An algorithm for transforming an’ plaintext “message into an unintelligible one using a code-book. Categories Various categories of computer security are : + 1. Cryptography 2. Data security 3. Computer security 4. Network security Cryptography is data encryption and decryption. Data security is ensuring safe data from modification and corruption. Computer security is formal description of security policies. It includes protection, * preventation and detection of unauthorized use of computer. Network security is protection of data on the network during transmission or sharing.—————————— Introduction ‘Network Security Techniques i i lows : security techniques are as fol ; : Sat Teed to protect information and data. & is cryptography : echo Different types of encryption are used for providing security. 2. Access control : Access to data or computer is controlled by wae pone mechanism. Access control is a security technique that regulates who or what can view or use resources in a computing environment, It is a fandamental concept in security that minimizes risk to the business or organization. 3. Data backup : Data backup refers to saving additional copies of your data in separate physical or virtual locations from data files in’ storage. If you lose your data, recovery could be slow, costly or impossible. It is important that you secure, store and backup your data on a regular basis. 4, Firewall : Firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. 5. Antivirus software : Many antivirus software programs include real-time threat ) detection and protection’ to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks. 6. Intrusion detection systems : IDS can offer protection from external users and internal attackers. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack, 7. Series of confidence : It ensure that all software use has been authentic. Elements of Information Security * Security goals are as follows : 1. Confidentially 2. Integrity 3. Availability 1. Confidentiality be ao authorized “to see the information kept ‘secret from. individuals. who ate not * Underpinning the goal of confidentialit and passwords that uniquely identify ss : : methods that limit each identified user’. ts and supporting control‘Network Security : _ 9-5 Introduction Confidentiality is not only applied to storage of data but also applies to the transmission of information. Confidentiality Confidentiality means that people cannot read sensitive information, either while it is ona computer or while it is traveling across a network, Fig. 1.1.1 Relationship between Confidentiality Integrity and Availability. Fig. 1.1.1 Relationship between 2. Integrity confidentiality integrity Integrity refers to the trustworthiness of information resources. Integrity should not be altered without detection. Tt includes the concept of “data integrity” namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity. It also includes “origin” or "source integrity" that is, that the data actually came from the person or entity you think it did, rather than an imposter. Integrity ensures that information is not changed or altered in transit. Under certain attack models, an adversary may not have to power ‘to impersonate an _ ‘authenticated party or understand a confidential communication, but may have the ability to change the information being transmitted. On a more restrictive view, however, integrity of ar’ information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong. 3. Availability Availability refers, to the availability of information resources. An information system that is not available when you need it is at least as bad as none at all. Availability means that people who are authorized to use information ‘are not prevented from doing so. it may be much worse, depending on how reliant the organization has become on a functioning computer and communications infrastructure. Almost all modern organizations are highly dependent on functioning information systems. Many literally could not operate without them. Availability, like. other aspects of security, may be affected by purely technical issues (e.g. a malfunctioning part of a’ computer or communications device), natural phenomena (e.g. wind or water) or human causes (accidental or deliberate). TECHNICAL PUBLICATIONS® - an up-thrust for knowledge1 fue Introd ‘Network Security For example, an object or service is thought to be available if « Fore , ‘ i, It is present in a usable form. : d ii, It has capacity enough to meet the services nee a is completed an acceptable period of time. ec we can construct the availability. The data item, servicy * By combining these goals, or system is available if i. There is a timely response to our request. ii, The service and system can be used easily. iii, Concurrency is controlled. . iv, It follows the fault tolerance. v. Resources are allocated fairly. Threats and Vulnérability Threat ‘The term "threat" refers.to the source and means of a particular type of attack. + A threat assessment is performed to determine the best approaches to securing’a system against a particular threat or class of threat. * Penetration testing exercises are substantially focused on assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of one's resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker's resources, * Analyzing threats can help one develop specific security policies to implement in line with policy priorities and understand the specific implementation ‘needs for securing one's resources, Vulnerability ° The term “vulnerability” refers to the securi o attack to be successful. security flaws in a system that allows Such vulnerabilities are not factors such as individual | Testing for vulnerabilities ] + People responsible for the dangers as they arise. It is Particular to technology - they can also apply to sociél authentication and authorization policies. 's useful for maintaining ongoing security, allowing the Security of one’s resources to respond effectively to ne also invaluable for policy and technology development. | jecinicanat ee1a Network Security 1-7 Introduction and as part of a technology selection process; selecting the right technology early on can ensure significant savings in time, money and other business costs further down the line. * Understanding the proper use of such terms is important not only to sound like you know what you're talking about, nor even just to facilitate communication. It also helps develop and employ good policies. * The specificity of technical jargon reflects the way experts have identified clear distinctions between practical realities of their fields of expertise and can help clarify even for oneself how one should address the challenges that arise. * Other examples of vulnerability include these : 1. A weakness in a firewall that lets hackers get into a computer network. 2. Unlocked doors at businesses. 3. Lack of security cameras. EES cryptography © Cryptography is the science of writing in secret code and is an ancient art. Cryptography is not only protects data from theft or alteration, but can also be used for user authentication. * The term is derived from the Greek word kryptos, which means hidden. * In cryptography, we start with the unencrypted data, referred to as plaintext. Plaintext is encrypted into ciphertext, which will in turn (usually) be decrypted back into usable plaintext. © Fig 1.1.2 shows cryptography. Sender Receiver Plain text [ean] Cypher-text Plain text Encryption Decryption. Attacker Fig. 1.1.2 Cryptography © Cryptography provides secure communication in the presence of malicious third parties. : "TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeii in Network Security . i t message into non-readable for, . coding a plain tex reas mh, + Encryption is the Pe alec an encrypted message back into its norma Decryption is a process form. . ds © Algorithms are consideret : : a key, given the ciphertext. : Senseo be able to deterthine anything about a key given a large eee inations which used the key. ecure if an attacker cannot determine any properties o « An attacker number of plaintext ciphertext comb! Advantages of cryptography ii 1, It provides security to on line network communication. ¥ 2. It provides security to email, credit/debit card information ete. 3. Cryptography hides the contents of a secret message from a malicious people, 4. Cryptography ¢an also provide authentication for’ verifying the identity of someone or something. RCAC 1. Discuss examples from real life, where the following security objectives are needed : \ i) Confidentiality r ii) Integrity iii) Non-repudiation ; Suggest suitable security mechanisms to achieve them. EDU S Is ‘A Model for Network Security [ AU : May-19, Dec.22] * A message is to be transferred i ; from source, to destination across some sort of internet. Both the sides must cooperate for the exchange of the data. A logical information channel is internet from source to destination, All the techni 1. A security established by defining a route through the tues for providing security Kave two components : 5 telated transformation on the information to be sent. hme secret information shared by the two principles, it is hoped, unknown ! opponent. : ‘ Fi | 18- 1.2.1 shows the network security model, A trusted thi i third party is needed to achieve secure transmission. | a ee 4S‘x Network Security 1-9 Introduction Trusted third party Sender Receiver ‘Transformation Transformation Message message| Secret Opponent Secret information information Fig. 1.2.1 Network security model © Basic tasks in designing a particular security service. 1. Design an algorithm for performing the security related transformation. 2. Generate the secret information to be used with the algorithm. 3. Develop methods for the distribution and sharing of the secret information. 4, |. Specify a protocol to be used by the two principles that makes use of the security algorithm and the secret information to achieve a particular security service. Oona Cee ~1_ Explain the network security model and its important parameters with a neat block diagram. i x | CEE} EEA Conventional Cryptography A symmetric encryption model has five ingredients. 1. Plaintext 2, Encryption algorithm 3. Secret key 4. Ciphertext 5. Decryption algorithm © Fig. 1.3.1 shows the conventional encryption model. * Plaintext is the original message or data that is fed into the algorithm as input. * Encryption algorithm performs various substitutions and transformations on the plaintext. * Secret key is a value independent of the plaintext and of the algorithin. The exact substitutions and transformiations performed by the algorithm depend on the key. TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security Plaintext Encryption 4240 Introduction | Secret key shared by 7 1 a-Condet and rection | | > Decryption Plaintext input algorithm algorithm output Fig. 1.3.1 Conventional encryption model Ciphertext is the scrambled message produced as output. It depends on the plaintext and the secret key. Decryption algorithm takes the ciphertext and the secret key and produces the original plaintext. The original intelligible message, referred to as plaintext is converted into random nonsense, referred to as ciphertext. The science and art of manipulating message to inake them secure is called cryptography. An original message to be transformed is called the plaintext and the resulting message after the transformation is called the ciphertext. The process of converting the plaintext into ciphertext is called encryption. The Hverse Process ‘is called decryption. The encryption process consists of an algorithm-and a key. The key controls the algorithm. . The objective is to design an encryption technique so that it would be very difficult or impossible for an unauthorized Party to understand the contents of the ciphertext. i Advantages of Symmetric Ciphers as High rates of data throughput. 2. Keys for symmetric-key ciphers are relatively short. 3. Symmetric-key ciphers can be used as primitives to construct various cryptographic mechanisms (i.e.-_pseudorandom number generators). rat a eM Nn‘Network Security 1-11 Introduction 4. Symmetric key ciphers can be composed to produce stronger ciphers. 5. Symmetric-key encryption is perceived to have an extensive history, EEE Disadvantages of Symmetric Ciphers 1. Key must remain secret at both ends. 2. In large networks, there are many keys pairs to be managed 3. Sound cryptographic practices dictates that the key be changed frequently 4. Digital ‘signature mechanisms arising from symmetric-key encryption typically Tequire either large keys or the use of third trusted parties. Public-key Cryptography [AU : May-19 | Diffie and Hellman proposed a new type of cryptography that distinguished between encryption and decryption keys. One of the keys would be publicly known; the other would be kept private by its owner. * These algorithms have the following important characteristic. 1, It must be computationally easy to encipher or decipher a message given the appropriate key. | 2. It must be computationally infeasible to derive the private key from the public key. : 3. It must be computationally infeasible to determine the private key from a chosen plaintext attack. * A public key encryption scheme has six ingredients. Fig. 1.41 shows public key cryptography. 2 1. Plaintext : It is input to algorithm and in a readable message or data 2. Encryption algorithm : It performs various transformations on the plaintext. 3. Public and private keys : One key is used for encryption and other is used for decryption. © 4. Ciphertext : This is the scrambled message produced as output. It depends on the plaintext and the key. 5. Decryption algorithm : This algorithm accepts the ciphertext and the matching key and produces the original plaintext. * The essential steps are the following : 1. Fach user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register. This is the public key. The companion key is kept private, ®1: - Introd Network Security 1:12 ction Public key ring Decryption Plaintext i n a ae algorithm output ‘input algorithm (a) Encryption 4 Public key ring : L Bob Bob's Bob's public private key me Plaintext Encryptic Tyption input algorithm ee: ee (b) Authentication Fig. 1.4.1 Public ke , yc Qh 3. If Bob wishes to send a coy eee message using Alice's public ects message to Alice, Bob encrypts ey.Network Security 1-13 Introduction « System controls its private key. At any time, a system can change its private key. Fig. 1.4.2 shows the ‘process of public key algorithm. Source side X, Destination side Y, Key-pair source Fig. 1.4.2 Public key cryptosystem secrecy © A message from source which is in a plaintext, X= (X;,X2,... Xm} The message is intended for destination which generates a related pair of keys a public key KUp, and a private key KR: * Private key is secret key and known only to Y;.” With the message X and eneryption key KUp a input, X, forms the ciphertext. Y = (Wy ¥2,¥o Xn) Y = Exu, © es © The intended receiver, in possession of the matching private key is able to invert the transformation. X = Dex, An opponent, observing Y and having access to public key (KU},), but not having access to private key (KR,,), must attempt to recover X. It is assumed that the opponent does have knowledge of the encryption (B) and decryption algorithms (D). Public key cryptography requires each user to have two keys,: A public key used by anyone for encrypting messages to be sent to that user and a private key, which the user needs for decrypting messages. Requirements for public key cryptography 1. It is computationally easy for a party B to generate a pair.iia Introducti, ‘Network Security 2. It is computationally easy for a sender A, fo generate the corresponding ciphertext : C = E(PU, M) 3. It is computationally easy for the receiver B’to decrypt the resulting ciphertey, using the private key to recover the original message : M = D(PR, C) = DIPR, E(PU,, M)] 4. It is computationally infeasible for an adversary, knowing the public key (PU,,) to determine the private key PRy. 5. It is computationally infeasible for an adversary, knowing the public key (PU,) and a ciphertext (C) to recover the original message (M). Advantages and Disadvantages * Advantages of public key algorithm 1. Only the private key must be kept secret, 2 The administration of keys on a network requires the presence of only a functional trusted TTP as opposed to an unconditionally trusted TIP. 3. A private/public key pair remains unchanged for considerable long periods of time. There are many relatively efficient di; asymmetric-key schemes, 5. Ina large network the number of keys necessary may be considerably smallet ects than in the symmetric-key: scenario, * Disadvantages of public key algorithm _ 1. Slower throughput rates than the 2. Large key size, gital signature mechanisms as a result of best known symmetric-key schemes. 3. i No. asymmetric-key scheme has been Proven to be secure, 4. Lack of extensive history. Ry Com ; Parison between Public Key and Private Key Algor Symm aimee key cryptography "Asymmetric key eed for decryption. 4 | One key for encryption and other key | Slower,Network Security 1-15 Introduction | 3. Key exchange is big problem. Key exchange is not a problem. | 4. Also called secret key encryption. Also called public key encryption. . | 5 The key must be kept secret. One of the two keys must be kept secret b 2 E | 6 The sender and receiver must share the The sender and receiver must each have algorithm and the key. one of the matched pair of keys. | 7. Size of the resulting encrypted text is __Size of the resulting encrypted text is | usually same as or less than the original more than the original clear text size. | clear text size. | 8 Can be used for digital signature. | Came MSc) Cannot be used for digital signatures. 1. Explain public key cryptography and when it is preferred ? Security Attacks * An attempt to gain unauthorized access to information resource or services, UE aca CORE TSSERC) or to —+[ Passive attacks cause harm or damage to information [~ Security systems attacks __.T"Retive attacks © Security attacks are of two types : Passive attack and active attack Fig. 1.54 Passive Attack * Passive attacks are those, wherein the attacker indulges in eavesdropping on, or monitoring of data transmission. A passive attack attempts to learn or make use of information from the system but does not affect system resources. The attacker aims to obtain information that is in transit. The term passive indicates that the attacker does not attempt to perform any modifications to the data. Passive attacks are of two types : 1. Release of message contents 2. Release of message content is shown in Fig. 1.5.2. A telephone conversation, an electronic, mail message and a transferred file may contain sensitive or confidential _ information we would like to prevent an opponent from learning the content-of ‘these transmissions. Traffic analysis TECHNICAL PUBLICATIONS® - an up:thrust for knowledae7-16 i Read content of Opponent message from sender to receiver Network Security Receiver ase of message contents | Fig. 1.5.2 R - Mask the contents of message 59 that opponents could not he message. Encryption is used for masking * Traffic analysis : extract the information from Fig. 1.5.3 shows the traffic analysis. a © Passive attacks are veTy difficult to detect because they do not involve any alternation of data. It is feasible to prevent the success of attack, usually by means of encryption. ‘Observe pattern of messages from sender to receiver Receiver Fig. 1.5.3 Traffic analysis Active Attack + Activ i ificati false fads involve some modification of the data stream or the creation of * ae Stream. These attacks can not be prevented easily. Active attacks can be subdivi ided into four types : 1. Masquerade 2 Replay 3. Modifi ication of. message 4. Denial of service 1. Masquerade * It takes place when : masquerade, one entity pretends to be a different entity. Fig. 1.54 show?oe. Network Security 1-17 Introduction ‘Message from opponent that appears to be from sender Receiver Fig. 1.5.4 Masquerade * For example : Authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an‘ authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. ‘+ Interruption attacks are called as masquerade attacks. 2, Replay * It involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. + Fig. 1.5.5 shows replay attack. i Opponent Capture message from sender to receiver, later replay message to receiver ol « Receiver Sender Fig, 1.5.5 Replay 3. Modification of message * It involves some change to the original message. It produces an unauthorized effect. Fig. 1.5.6 shows the modification of message. * For example, a message meaning "Allow Rupali Dhotre to read confidential file accounts "is modified to. mean "Allow Mahesh Awati to read confidential file accounts” TECHNICAL PUBLICATIONS® « an’ un-thnsot tae tmnstnrinnIntroductie Network Security Yn 18 Opponent modifies message from sender to receiver Receiver 4, Denial of service @ Fabrication cquses Denial Of Service (DOS) attacks. * DOS prevents the normal use or management of communications facilities. * Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as’ to degrade performance. © Fig.'1.5.7 shows denial of service attack. Disrupts service provided by server Fig. 1.5.7 Denial of service * It is difficult to Prevent active attack beca Physical, software and network a f ide vari i Vulnerabilities, "© Wide vatiety of potenti Source system sends a large numb, SYN packets are used to begin a ite CAIN Packets tothe target sytem. Te connection. eyca ‘Network Security 1-19 Introduction Source ' Server Ee 4 a Target ga | lat oe Legitimate connection attempt TCP SYN packet TCP SYNACK packet TCP ACK packet ‘Syn flood DOS attack TCP SYN packet TCP SYN ACK packet The final TOP ACK packet is never sent Fig. 1.5.8 SYN flood DOS attack When the target receives a SYN packet, it replies with TCP SYN ACK packet, which acknowledges the SYN packet and sends connection setup information back to the source of the SYN. The target also places the new connection information into a pending connection buffer. For a real TCP connection, the source would send a final TCP ACK packet when it receives the SYN ACK. However, for this attack, the source ignores the SYN ACK and continues to send SYN packets. Eventually, the target's pending connection buffer fills up and it can no longer respond to new connection requests. Difference between Passive and Active Attack ~ Sr. No. Passive attacks Active attacks Passive attacks are in the nature of Active attacks involve some modification of eavesdropping on, or monitoring of, the data stream or the creation of a false | transmissions. ty stream. Types : Release of message contents and ‘Types : Masquerade, replay, modification ~ _traffic analysis, of message and denial of service. Very difficult to detect. Easy to detect. .Network Security 1-20 Intro The emphasis in dealing with passive It is ane difficult to prevent active a attacks is on prevention rather than absolutely. detection. \ : ; Oy dite skein tec ene the system. It does not affect the system. It affects the syst Man-in-the-Middle Attack * In cryptography, a Man-In-The-Middle (MITM) attack is an attack in which attacker is able to read, insert and modify at will, meassages between two parti without either party knowing that the link between them has been compromised, * The attacker must be able to observe and intercept, messages: going between the two victims. The MITM attack can work against public-key cryptography and is also particularly applicable to thé original Diffie-Hellman key exchange protocs), when used without authentication. * The MITM attack may include one or more of 1. Eavesdropping, including traffic analysis and possibly a known-plaintext attack. 2. Chosen ciphertext attack, dep that it, decrypts, 3. Substitution attack 4. Replay attacks 5. Denial of service attack. The ending on what the receiver does with a message . attacker may for instance jam all communications before atticking one of the parties. ‘The defense is for both parties to Periodically send authenticated Status messages and. to treat their disappearance with paranoia, * MITM is typically used to tefer to active mani ulatio; s, rather than passively eavesineghy, nanip\ mn of the meassages, ig for which she has the private to be Bob's, then encrypts he! Mallory again intercepts, deci using the public key Bob keeps a copy, and: reenciphers enciphered message, he Doe 2284-10 Alice. When Bab seccivos the nell will believe it came from. TECHNICAL Prim) nx.Network Security 1-21 Introduction * This example shows the need for Alice and Bob to have some way to ensure that they are truly using the correct public keys of each other. Otherwise, such. attacks are generally possible in principle, against any message sent using public-key technology. Defenses against the attack * The possibility of a man-in-the-middle attack remains a serious security problem even for many public-key based cryptosystems. Various defenses against MITM attacks use authentication techniques that are based on : m 1. Public keys 2, Stronger mutual authentication 3. Secret keys (high information entropy secrets) 4. Passwords (low information entropy secrets) 5. Other criteria, such as voice recognition or other biometrics * The integrity of public keys must:generally be assured in some manrer, but need not be secret, whereas passwords and shared secret keys have the additional secrecy requirement, Public keys can be verified by a Certificate Authority, whose public key is distributed through a secure channel Review Questions 1. What are the different types of attacks ? Explain. Sse) 2. Write a note on different types of security attacks and services in detail. Hash Function uae LAU : May-17.18, Dec-19 | * Definition : A ‘hash function is a computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length, called hash-values. * The data to be encoded is often called the "message", and the hash value is sometimes called the message digest or simply digest. * The most common cryptographic uses of hash functions are with digital signatures and for data integrity. ; * When hash functions are used to detect whether the message input has been altered, they are called Modification Detection Codes (MDC). There is another category of hash functions that involve a secret key and provide data origin authentication, as well as data integrity; these are called Message Authentication Codes (MACs). TECHNICAL PUBLICATIONS® - an ip-hrust for knowledgeNetwork Security ction ri 4 7 q One - way Hash Fun ‘on, also known as a message digest, fingerprint function, also or * A one-way hash Ay Fenetion, is a mathematical function which takes a vatiable-lengi, So nang aa converts it into a fixed-length binary sequence. input string, one-way hash function is designed in such a way that it is hard t ‘ nie pines that is, to-find a string that hashes to a given value (hence the reverse the ” " name one-way.) * A good hash function also makes it hard to find two strings that would Produce | the same hash value, All modern hash algorithms produce hash values of 128 bits and higher. | Even a slight change in an input string should cause the hash value to change drastically: Even if 1 bit is Bipped in the input string, at least half of the bits in| the hash value will flip as a result. This is called an avalanche effect. A common way for one-way hash functions to deal with the variable length input problem is called a compression function. Compression functions work by | viewing the data being hashed as a sequence of n fixed-length blocks. To compute the hash value of a given block, the algorithm needs two things : the data in the block and an input seed. The input seed is set to some constant value, c, and the algorithm computes the hash value hy of the first block. Next, the hash value of the first block, hy is used as the seed for the second block. * The function proceeds to compute the hash value of the second block based on the data in the second block and the hash value of the first block, hy. So, the hash Value for block n is related to -the data in block a and the hesh val ae m1). The hash value of the entire input stream is the hash value of the Hash Function . A A hash value h is generated by a function H of the form. h = HM) where M = Variable - Length message HM) = Fixed - Length hash value. . | a Requirements of Hash Functions * The pu 4 TPose of ion is i i He me ogee fa bac function is to produce a fingerprint of a file, / eensra Network Security 1:23 Introduction Properties 1, H can be applied to a block of data of any size. 2. H produces a fixed length output. : 3. H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical. 4. For any given value h, it is computationally infeasible to find x such that H(x) = - h. This is called one-way property. 5. For any given block x, it is computationally infeasible to find y # x such that H(y) = H(%). This is called’as weak collision resistance. 6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). This _ is called as strong collision resistance. Simple hash functions * For a hash function, the input is viewed as a sequence of n-bit blocks. The input is processed one block at a time in an iterative fashion to produce an n-bit hash function. * One of the simplest hash functions is the bit-by-bit exclusive-OR of every block. This can be expressed as follows = bi @bj2 ©[email protected] where C, = i bit of the hash code, 1 n ipad opad = K padded with zeros on the le length. = 00110110 (36 in hexadecimal). repeated b/8 times ft so that the result is b bits in = 01011100 (5C in hexadecimal) repeated b/8 times.- eas, Introduction Pad to b bits [J Hmac(km) Fig. 1.6.2 HMAC structure Then HMAC can be expressed as follows : HMAC (K, M) = H [(K* © opad) || H[(K* © ipad) || M] . Append zeros to the left end of K to create a b-bit string K*. XOR K* with ipad to produce the b-bit block S,. Append M to §. . Apply H to the stream generated in step 3. . XOR K* with opad to produce the b-bit block S,. . Append the hash result from step 4 to S,. . Apply H to the strearh generated in step 6 and output the result. NOOR ON SE TECHNICAL PUBLICATIONS® - an up-thrust for knoivledgeNetwork Security rm efficient implementation is possible, as shown in Fig. 163. Ty, * A more quantities are precomputed : {(IV, (K* @ ipad)) fav, (K* © opad)) Where (CV, block) is the compression function for the hash function. 1 Precomputed I Computed per message ! K ipad I ' ‘ in | ; . wz | bbits b bits bbits | I Yo |°%4 eee Nica 3 I b bas] : ! nbits po yy £}-—_1+—+| Hash > 1 t n bits i an i H(S; Il M) i ES ! pad to b bits 1 Y 1 1 35 i bbits ! v —+[f}—__} eis _ rf | n bits ! J. HMAC\(M) Fig. 1.6.3 Efficient implementation of HMAC HMAC security ¢ Know that the security of HMAC relates to that of the underlying hash algorithm. * Attacking HMAC requires either : | a) Brute-force attack on key uséd. This in order of 2n where n is the chaining variable bit-width. ») Birthday attack (but since keyed would need to observe a very large number of messages). Like MDS this is in order of 2n/2 for a hash length of n. Choose hash function used based on speed versus security constraints. Note that HMAC is more secure than MDS for birthday attack. | Pee (I‘Network Security 1-31 Introduction: a) In MDS the attacker can choose any set of messages to find a collision (ie. H(M) = HM’). b) In HMAC since the attacker does not know K, he cannot generate ‘messages offline. For a hash code of 128 bits, this requires 264 observed blocks (ie. 264 * 29 = 273 bits) generated using the same key. On a 1 Gbps line, this requires monitoring stream of messages with no change of the key for 250,000 years (quite infeasible !!), cMAC Cipher-based Message Authentication Code (CMAC) is a block cipher-based message authentication code algorithm. CMAC mode of operation is used with AES and triple DES. The CMAC on a message is constructed by splitting it into blocks of size equal to the block size of the underlying cipher, for instance, 128 bits in the case of the AES, Cipher Block Chaining (CBC)-encrypting the message and retaining the result of the last block éncryption as the computed MAC value. To avoid certain classes of attack, the last block is subjected, before ciphering, to an exclusive disjunction (XORing) with one of two possible "subkey" values, usually denoted as K1 or K2. The choice of which subkey to use is determined by whether the last message block contains padding or not. The subkey values can only be computed by parties knowing the cipher key in use. Fig. 1.6.4 shows calculation of CMAC. Message (M,) Message (M,) : Message (M3) MSB (Tlen) | Fig. 1.6.4 Message length is integer multiple of block size if " E(K, M,) C= E(K [M2 ®@Ci)) nen in aminNetwork Security hinge = C3 = E(K[M3®C]) Cy = EK [My ®Cy-1 ®Ky)) T= MSBuen(Cy) where T = message authentication code Tien = bit length of T MSBs (X) = the s left most bits of the bit string X Secure Hash Algorithm * The Secure Hash Algorithm (SHA) was developed by National Institute of Standards: and Technology (NIST). It is based on the MD4 algorithm. Based on different digest lengths, SHA includes algorithms such as SHA-1, SHA-256, SHA-384, and SHA-512. * Unlike encryption, given a variable’ length meassge x, a secure hash algorithm computes a function h(x) which has a fixed and often smaller number of bits. When a message of any length is less than 2 bits is input, the SHA-1 produces a 160-bit output called message digest. SHA-1 called: secure bacause it is computationally infeasible to find a’ message which corresponds to a given message digest, or to find two different messages which produce the same message digest. : * There are a number of attacks on SHA-1, all relating to what is known as collision resistance. For examples, if you are using SHA-1 for the storage of passwards, there are no passoword recovery attacks as at December 2011 that make use of the collision attacks on SHA-1. The most commonly used hash function from the SHA family is SHA-1. It is used in many applications and protocols that require secure and authenticated communications. SHA-1 is used in SSL/TLS, PGP, SSH, S/MIME, and IPSec. Features of SHA : 1. The SHA-1 is used to compute a message digest for a message or data file that is, Provided as input, . 2, The message or data file should be considered to be a bit string. 3. The length of the mesa, message has length 0), rte ey ge is the number of bits in the message (the emptyNetwork Security 1-33 Introduction 4. If the number of bits in a message is a multip! le of 8, for compactness we can represent the message in hex. a The purpose of message padding is to make the total length of a padded message a multiple of 512. a The SHA-1 sequentially processes blocks of 512 bits’ when computing the message digest. The 64-bit integer is 1, the length of the original message 8. The padded message is then processed by the SHA-1 as n 512-bit block. SHA-1 was cracked in the year 2005 by two different research groups. In one of these two demonstrations, Xiaoyun Wang, Yigun Lisa Yin, and Hongbo Yu demonstrated that it was possible to come up with a collosion for SHA-1 within a space of size only 2°, which was far fewer that the security level of 28 that is associated with this hash function. N * New hash function SHA-512 is introduced to overcome problem of SHA-1. Secure Hash Algorithm (SHA-512) * The Secure Hash Algorithm (SHA) was developed by the National Institute of Standards and Technology (NIST). SHA-1 produces a hash value of 160 bits. * In 2002, NIST produced a revised version of the standard, FIPS 180-2, that defined three new version of SHA, with hash value lengths of 256,384 and 512 bits, known as SHA-256, SHA-384 and SHA-512. * Comparison of SHA parameters Parameters SHA-1 SHA-256 Message size tS cad oy | Block size ae ee a re 32 32 64 4 80 : 64 : 80 80; 1-34 Introduet, Network Security For both SHA-1 and SHA-256, one begins by converting the message f0 @ tniqu . ‘or bot S tation of the message that is a multiple of 512 bits in length, without los, representat f information about its exact original length in bits, as follows : Append a 1 t, ol : the message. es © Then add as many zeroes as necessary to reach the target length, which is the next| possible length that is 64-its less than a whole multiple of 512 bits. Finally, as q 64-bit binary number, append the original length of the message in bits. Description of SHA-1 q « Expand each block of 512, when it is time to use it, into a source of 80 ate subkeys as follows : The first 16 subkeys are the block itself. All remaining subkeys are generated as follows : Subkey N is the exclusive OR of subkeys N-3, N-8, N-14 and N-16, subjected to a’circular left shift of one place. Starting from the 160-bit-block value (in hexadecimal). 67452301 EFCDAB89 98BADCFE 10325476 _C3D2E1F0 As input for the processing of the first 512-bit block of the modified message, for each message block, do the following * Encipher the starting value using the 80 sub keys for. the current message block. Add each of the 32-bit pieces of the cipher text result to the starting value, modulo 2432, of course and use that result as the starting value for handling the next message block. ¢ The starting value created at the end of handling the last block is the hash value, which is 160 bits long. The SHA "block cipher” component * The main calculation in SHA enciphers a 160-bit block using 80 32-bit subkeys in 80 rounds. This calculation is somewhat similar to a series of Feistel rounds, except that instead of dividing the block into two halves, it is divided into five pieces. , a Fefunction is calculated from four of the five pieces, although it is really the ah G a tine of three of the pieces and a circular left shift of a fourth, and with one piece, which is also modified by bei i tound's subkey and a constant, Se soe The sam i wea ial ere over each group of 20 rounds: One of the other blocks ea Boing a circular left shift, and then the (160-bit) blocks ate * The F-function, as five pieces of the 160-bit block being " " ‘he SHA "block cipher" component proceed eet oY ©” © 4 and ceed as follows a Well as the constant, is changed every 20 rounds. Calling the , the rounds of‘Network Security 1-35 Introduction « Change a by adding the current constant to it. The constants are, in hexadecimal © For rounds 1 to 20 : 54827999 : © For rounds 21 to 40 : 6ED9EBA1 7 © For rounds 41 to 60 : 8FIBBCDC © For rounds 61.to 80 : CA62C1D6 * Change’a by adding the appropriate subkey for this round to it. © Change a by adding e, circular left-shifted 5 places to it. ~* Change a by adding the main f-function of b, ¢ and d to it, calculated as follows : © For rounds 1 to 20, it is (b AND c) OR (NOT b) AND (d). © For rounds 21 to-40, it is b XOR ¢ XOR d. © For rounds’ 41 to 60, it is (b AND c) OR (b AND d) OR (c AND 4). © For rounds 61 to 80, it is again b XOR c XOR d. © Change d by giving it a circular right shift of 2 positions (or, for consistency, a circular left shift of 30 places.) * Then swap pieces, by moving each piece to the next earlier one, except that the old a value is moved to e. © There are various types in SHA such as SHA-256, SHA-384, and SHA-512. SHA-512 logic * Fig. 16.5 shows message digest generation using SHA-512. Nx 1024 bits, Lbits 128 bits ‘Message i 400.0 | 1024 bit 1024 bits 1.1024 bits ee Fig. 1.6.5°Message digest using SHA-512 TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-36 Introduction, al The algorithm takes as input a message with a maximum length of Jess than 2'% bits and produces as output a 512-bit message digets. The input is processed jn 1024-bit blocks. Steps 1. Append paddirig bits : The message 896 modulo 1024. Padding consists © number of:0-bits. { 2. Append length : A block of 128 bits is appended to the message. This block is treated as an unsigned 128-bit integer that contains the length of the original message (before the padding). 3, Initialize has buffer : A 512-bit buffer is used to hold intermediate and final results of the hash function. The buffer can be represented as eight 64-bit registers (a, b,c, d,e, f g, h). These registers are initialised to the following 64-bit integers (hexadecimal values) '|Sr. No. ‘Register Velues 1 ] __ 6AOSE667F3BCC908 is padded so that its length is congruent to f a single 1-bit followed by the necessary | 3C6EF372FE94F82B, BB67AE8584CAA73B | ASGEPS3ASFID3ER1 | $10E527FADE682D1 9B05688C2B3E6C1E | | ‘8 1F83D9ABFBAIBDEB | SBEOCDI9137E2179Network Security Introduction Hi Fig. 1.6.6 SHA-512 processing of a single 1024-bit block 5, Output : The output from the N"™ stage is the 512-bit message digest. «| The behaviour of SHA-512 is as-follows ‘Hy = IV H, = SUMgg (H;, - 1, abcdefghj) MD = Hy, where IV = Initial value of the abcdefgh buffer. ‘The output of the last round of processing of the i** message block. = The number of blocks in the message. SUMg, = Addition modulo 2 performed separately on each word of the pair » of inputs. abedefgh, N TECHNICAL PUBLICATIONS® - an up-thrust for knowledgeNetwork Security 1-38 : Introd MD = Final message digest value SHA - 512 round function Each round is defined by the following set of equations. Ty = heehlefg(Di7e)+Wi tke Ty = (Zp? a) +Maja,b,) | T,+T,Network Security 1-39 Introduction Compare the performance of RIPEMD - 160 algorithm and SHA - 1 algorithm, (URE eae Solution : RIPEMD-160 verses SHA-1 : ©. Brute force attack harder (160 like SHA-1 vs 128 bits for MD5) * Not vulnerable to known attacks, like SHA-1 though stronger * RIPEMD-160 is slower than SHA-1 * RIPEMD-160 is more secure than SHA-1 all designed as simple and compact * SHA-1 optimised for big endian CPU's vs RIPEMD-160 optimised for little endian CPU's 1. How Hash function algorithm is designed ? Explain their fedtures and properties. LURE SEM 2. List the design objectives of HMAC and explain the algorithm in detail. Authentication Authentication * Authentication techniques are used. to verify identity. The. authentication of authorized users prevents. unauthorized users from gaining access to corporate information systems. ‘ © Authentication method is of validating the identity of user, service or application. The use of authentication mechanisms can also prevent authorized users from accessing information that they are not authorized to view. © Data authentication means providing data integrity as well as that the data have been received from the individual who claimed to supply this information. In authentication : a. A Brute force attack is an automated process of trial and error used to guess a person's user name, password, credit-card number of cryptographic key. b. Insufficient authentication occurs when a website permits an attacker to access sensitive content or functionality without having to properly authenticate. ©. Weak password recovery validation is when a website permits an attacker to illegally obtain, change or recover another user's password. TECHNICAL BUIRLICATIONS® «an uo-thrust for knowledge1-40 Network Security ‘© Authorization is a procedure of cont the ss of authenticated users to 4 Pp ing the access of auth cd is trolling rrr a tem resources. An authorization system provides each user “with exactly system . ly rights granted to them by the administrator. Toe ee idi i rights to files, ides providing users with access ae rest ances po en aie might control user privileges, such as server, setting the system time, creating backup copi shutdown. ies of the data and sery zation: Liss i 2 J e 1a ceeds /oesds prediction is a method of hijacking .or impersonating a websit bv. revit authorization is when a website permits access to sensitive content functionality that should require increased access control restrictions. c. Insufficient session expiration is when a website permits an attacker to reuse old session credentials or session IDs for authorization. Authentication Requirements « Attacks can be identified as follows : . . 1. Disclosure : Release of message .contents to any person or process 1 Possessing the appropriate cryptographic key. 2. Traffic analysis : Discovery of the patter of traffic between parties. 3. Masquerade : Insertion of messages into the network from a fraudulent source, 4. Sequence modification : Any modification to @ sequence of messages between, Patties, including insertion, deletion and reordering. 5. Content modification : Changes to the contents of a message, including) insertion, deletion, transposition and modification, § Timing modification : Delay or replay of messages. 7. Source Tepudiation : Denial of transmission of message by source, ss Destination repudiation : Denial of receipt of message by destination, “ssage authentication is a procedure to verify that received m the alleged source and have nit been altered. Digital signature is an authent tication technique that also incl sto Counter repudiation by the source. oeihe ‘essages come form | |4a Network Security. 1-44 : Introduction Authentication Function Functions are at two levels in message authentication. At the lower level, function that produces an authenticator. These value is used to authenticate a message. The lower level function is used in the higher level authentication protocol. The higher level authentication protocol enables a receiver to verify the authenticity of message. 3 ; * Following are the some types of functions that may be used to produce an authenticator. They may be grouped into three classes. 1. Message encryption. 2. Message Authentication Code (MAC) 3. Hash function. 1) Message encryption * Ciphertext of the entire message serves as its authenticator. Message encryption by itself can provide a measure of authentication. Symmetric encryption * Fig. 1.7.1 shows the uses of message encryption in symmetric encryption. Ae (KM) k +— SourceA ——> +— Destination B. —= Fig. 1.7.1 Symmetric encryption (confidentiality and authentication) * A message M transmitted from source A to destination B is encrypted using a secret key K. shared by A and B. If no other party knows the key, then confidentiality is provided. * Destination B is assured that the message was generated by A, Because of secret key used by both party, it provides authentication as’well as confidentiality. * Given a decryption function D and a secret key K, the destination will accept any input X and produce output Y = D(K, X), * IfX is the ciphertext of a legitimate: message M produced by the corresponding, encryption function, then Y is some plaintext message M, Otherwise, Y will likely be a meaningless sequence of bits.4. Introd Network Security fete « For example, suppose that we are transmitting English language ste using , caesar cipher with’a shift of two’A sends the following legitimate ciphertext : nbsftfbupbutboeepftfbupbutboemjuumfmbnet B decrypt to produce the following plaintext : lzqdrdzsrizsrzmccmdrdzsnzsrzmckhsskdkzlar , | + If an opponent generates the following random sequences of letters = zuvrsoevggxlzwigamdvamhpmccxiuureosfbceb This decrypts to : Which does not fit the profile of ordinary English. Public key encryption : - © Public key encryption provides confidentiality but not authentication. Fig. 17. shows public key encryption with confidentiality in message encryption. +— SourceA ——> —— Destination B —> E(PU,, M) PUp PR, Fig. 1.7.2 Public key encryption (Confidentiality) * Source A uses the public key PU, of the destination B to encrypt messagé M. + Because only B has the corresponding private key PR,, only B can decrypt the message. * This: method provides no authentication because any opponent could also use B’s Public key to encrypt a message, claiming to be A. * Fig. 17.3 shows the message encryption i ; j Bah ee ee yption in public key encryption with PR, E(PR,, M) SH Souda —~— __ Destination B = ——> Fig. 1.7.3 Puta on. _Netivork Security 1-43 Introduction A uses its private key to encrypt the message, and B uses A’s public key to decrypt. It provides authentication. The message must have come from A because A is the only party that possesses PR,. It also provides digital signature. Only A could have constructed the ciphertext because only A possesses PR,. Not even B, the recipient could have constructed the ciphertext. To provide both confidentiality and authentication, A can encrypt M first using its Private key, which provides the digital signature and then using B’s public key, which provides confidentiality. Fig. 1.7.4 shows confidentiality, authentication and signature for public key encryption. E(PU,, E (PR,.M)) E(PR,,.M) i E(PR,,M) & PU, PR, PY, Fig. 1.7.4 Public key encryption © It provides confidentiality because of PU,. © Provides authentication and signature because of PR,. 2) Message Authentication Code (MAC) * MAC is an alternative technique which. uses secretkey. This technique assumes that two communicating parties, share a common secret key K. ‘© When A has a message to send to B, it calculates the MAC. MAC = C(K,M) where .M = Input message C = MAC function “K = Shared secret key MAC = Message authentication code * Calculated MAC and message are transmitted to the receiver. The receiver performs the same calculation on the received message. * Received MAC is compared with the calculated MAC. If both are matches, then 1. The receiver is assured that the message has not been altered. : 2. The receiver is assured that the message is from the alleged sender.