K.G.C.E.

Karjat - Raigad
ASST CrNMENT-09 Page No. :
Date:
KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCERGErGOEKGGEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE

Name i om Dattatrey Kumbhbar.

class 3 TE

Roll No 32

Subiect CNSE
CNS
DOP DOA Rernark Sian
 K.G.C.E.
Karjat - Raigad
|PageNo. :
Date :
KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEVCCEV

OExplaîn the WoTktng of AEs.

AAdvanced Eocypton tandard (AEC):
lcoAES ts cymmetrtc key cyptoqraphic alaotthm
publ?shed to 2001 by Nattonal intttute of
stabdard andtechnology (NIST
le) AES Works on block ctpher
(3)AES USes 98 bite blocks.
0T an work with key sizes of 129 192 and
256 bts.
S) Software fmple mentatton n cand Java.
8 Workinc af AEL?
)AESperforms operatton.s on bytes of data
Tother than îo bits.
2Since the block st2e Ps 22 btsthe cîpher
oTDcesses 128 bits Cor 16 byte)af the înput
dataat a tme
o)The nurmher af roundc denends an key
length
as follows
128-btt key -40 ToLhd s
192-5it kev- 19ouunds
956- b1+ key-14 0unds
4)A key alqarttthm calculates all the round
Schecule

keys Hom #he key. So the intttal key ts used

to create manv_different round keys whtch wil
he used tn comespondtng Taund of the encryotioD
 K.G.C. -R
Page No.; Karjat
K.G.C.E. |Date:
Karjat - Raigad

weRYOCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOCEKGCEKGCEVO
KGCEKGCEKGCEKGCEK

Platn Text (128 btts)

KO
re-Tound
transformatton

Round1 key
Expans on
Round 2
Round N Kn

cipher Text (128 bits)

Erennton and Decmupttan stens3

Encryptton Decryptton
128-b+ Data Block 128-bRf encrypted data blodk ,
key Expanston Key Expanston

Add Round key Add Round key

shift RoWs
SubBytes Subßytes
shift RoWs
MX Columns Add Round key
Add Round key MX columns
shift Rows

SubBytes SubByes
shrft RoWs
Add Rou nd key Add Round key|

122 67t enchypteel data block 129-bt Data Block

 K.G.C.E. Page No. :
Karjat - Raigad Date
weEKGCEKGCEKGÇEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKOCEKGCEKGCEKGCEKOCEKGE

Encoyatton
DAES conctders each block cs l6-byte(4 byte x
4 byte 129)artd tna column-matar arsaqernent..
bo b4b2b12
b1 b5 b9 b13
1

b2 b6b10 b14
b3b+bi1 b15

( Each mund comprlce.c of 4 ctepc

> SubByies
>ShP£HRoW.s
>MIx Columns
> Add Raund key

e)sub Bytec
-Tn this tten each byte fs cubstttuted by_another byt

-A byte ts nevEr ubstttuted by ftself

table called s s-hb
- Tt Ps performed tustng a Jaokup

a)shrt Rowso
roW îe shitec d partteular numlber oftmec
Each
>The Pirst oy îs chtted
not

> SecoDd roN ts sbfed once to the let.

> Thid row îs chifted twice to the left
> fourth rofc shiPAed thYtce to the left

bo b b12 bo b4 b8 bl2

b1 66 b9 b13lb5 b9 b 13 bl

b6 b10 b14|b10 | b14 lb% b6

b2
b3 bt |bi1 |b15 bI5 b3 b4 bll
 Page No K.G.C - Raiga

Karjat
K.G.C.E. Date
Karjat- Raigad

6)Mx Column.s -
KOENOCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOEKGCEKGCE
KGCEKGCEKGCEKGCEKGCE

s mattx multplt cettaD..

-This a

- Each ts multtpted wHha spectHtc mat

calubmn
byte tn the
and thus the pn.stifon nf each

le2
|23231 3
1

b2
b

3I 21 Lb3
6)Add Round keys
Resultant autput aE prevlolr stage fs xoR-ed
Wth the carrespand?nq aund key

Platntext

SubBytes
Round 1 shiftRoWs
MIX Colu mns
Add Rou Round key (ktU
nd Key4
inher
key
Last
SubBytes
Round SubBytes
Add Round keye ROund tey

Ctpher Text
- After 4hese ouDd.s 129 bits
all
af encrypted
data are qtVen back s autput.
-Tht:prbces 1sepeated uttl all the
tn be enypted
data
underqoes thts piocesc,
proCess
 Page No. :
K.G.C.E. Date :
Karjat - Raigad EKOCEKCEKGCE
CEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKOCEvorEe
EKCCEKGCEKGCEKGOEKGCEKGCEKGCEKGCEKGCEKG

ecTVnton undane
lo
stage.cthe Tound.s can be eactly
oThe
stage.s have an appacíte to ft whtch
ac theSe
rtVerts the chanqe:
when perforned the 1O,12 ar 14
122 blo ck aces thTolah
Eacb
on key size
round.s cepending a
af decsyptian
each rauDd
ca) Sfaqes af
fallowS -
> Add round key
>TnYerseMX ColumD
> ShRoNs
TDYeme subBrte
> encryptian
procese Is the
eThedecryptton tn r yerse.
done
Dreces
5) TOYerce MixCalumns to Mix Columns ctep tn
stmtlar ured to
-This sten îs the matmx
encryptor but differt în
aperatton.
Carry aut the fs usec
îs the matx
muttplicatian
- Matix atep
nf thic concta nt
- The autput values anda
of ald
multtpli cattan
nnatix 14 I| 13 9 co]
13]
Cbi]= c21
b2]=
b3 13 14

uSed aca lookup table ad

-Tnyerce S-box are cubcituted
duxing.
the hyec
LStng wbtch

decryptien.
 |Date
K.G.C.E.
Karjat - Raigad

wHh c StTHable
e xao (GCEKGCEKGCEKG

RSA algarithm
GCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGGEKGGERGGERGCEkGCEKGCEKGOE

2)Explatn
-ATHEORY c a publtc key encryptton
alq ontthm as the moct
GORSA constdered
and
fechntaue
af encyptfon.
secLITeWay by Ryect shamr and
) WNas nyented by RSA
n veay 194 and hence named
Adleman
algethm.
ollowînq featungs
holcls the
G)The RSA algortthm th
a popular exponentiattan
-RSA algox?thm i

a ftntte freld aver fntegers thcidng

tncludtnq pme
numbeS
EThe inteqers method aTe
used by thts
Aufffetenty large mektog tt diffcult to calve.
- There are two_cetc keye in
fn this algartthm,
aff

ptvate key and publ?e key

BALCoRITHM
RSA algothm uer the followîng procedure to
Loenernte publte and prtvate keyci
C1) select two large prine numberspand q
)Multply these numbes to fnd n=p X
where D fs called the modulus for
encrypttarn and
decryptten.
)Choose a number e less than n such that
n Îs relatyely pitme to
neans that e and (p-l) X Cq-) have ha.
Commen fatar except 1 Choose e&uch
that 1<e<Cn)e s ortme to Cn).
qcd(e,rd (n))=1
 K.G.C.E.
Karjat - Raigad
Page No.:
Date:
voeEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGGEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEVOCEVOcE

2InXatheh fhe pttblfc key ?e<en

cc) Comp ute Eulers totlent Eunction, Ch) bv
ustng Cp-1)
(p-1) xq-)
n) = p-) (4-1)
4)select an encrypttan exponent,e i
-choose Such that 1<e <hcn and gcdCe,dcn
Must be coprime wth dCn) en&urDg
4 ha Do
Do common factor other harn 1

5) Cormpute the decrypton exponent d3

- Etnd
)Publte
d sich
and
tthat
PItYate
:dxe key Patr
mod
&
(n)=1
- Puklic key Ce,n)
-Pyîvate kev 5 (dn)

Ecnunttan
1)Convert the platnte xt mes. M toto an
toteqer m, where o<m <n
h) Encrupt messcge using
Cmad n)
pabltc key :
)Relteve ciphertext c.
) Decrypt ciphertexdt ustng pvate key

3) Convert the decrypted fnteger m back to

plaîntext M.
 Page o K.
K.G.C.E.
Karjat- Raigad
Date
uocEKOCEKGCEKGCEKGCEKGCERGGERGGEKGCEKGCER
: Karjat

NOCEROCEKGOEKGOEKOOEKOCEKOCEKGCEKOCEKOCEKOCEKGCEKOCEKGCEKGCEKGCEKGC CEKGCEKGCEKG

CEXAMPLE8 A ute.
-In a RSA cryptotystem,a paTticipant
p=13 andq=14 n
4wo
nenerate
prtme numbhecs
her pubc and ptvate key . TE

oublte key of A is 35, then fHnd fhe pxâvate

key.

Soluton
Nyen Pime numbers ip=l3q=14
Publ?c key 35

Sten. b1
01 :p=l3and Ia=|4
sten 02 Calculattng n: D=pXq = 3 X 12
n=21
Step 03.t Eulers Totient functon Cn)
n)=Cp-1) x q-)
12X 16

Chep o4E SelecttDq encrypton exXpanent 'ee.

Already aiven,e=351
Publlekey (en)=35,22
Chep.65Decrypiton exponentd
dxe. nod n)
Hdx35
By putttng d,
rmod 1991
equatton ts sattsfted.
11X35 rnod 192 1.
Chep o6 :
Ptvate key Cdyn) (,221).
 K.G.C.E.
Karjat - Raigad Page No. :
Date :
weCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
3Explaîn the aperatton of Kerbexos 5:
Al KERBERO.S 5-0
- Kexberons 5:0 po Vîdes centraltzed authenttcat
a
Îon server whoce funtion is to authenttcate
Users to Seryer and Servers to lsers.
- In Kerberos 5r0,the authenttcatton Server and
a databa.se ae used for c?e nt authenttcatHton
- KerheOs 60 mD as a thid-party trusted
server known as the Key Di.strtbutton Center
(KD).

coMPoNENT OF KERBEROS 5:0

The componentsaf Kerbe ros
matn 5:0 are
Authenticotion Server CAs):
The Authentcatton SeNer perfom: the
Pnftial authentication and tssuet a tcket
for the Ticket CraDg seice.
Database
The Authenticaton SerVer vertfter the ac
tahts af users în the database
Tcket Caontna Seryer CTGS)
The Tcket Crantfnq Server fssues the
Aerver cket for he Rquested server

CSTEPS TN KERBEROS 5.0

•Step 1

The ucer Ioqs în and requests servtee on the

bost. The
use ATst regue.te atcket
Cronog cket (TGT) from the Athentcat
Pon Server.
 Page No
Date:
K.G.C.E.
Karjat - Raigad

GCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOCEK kGCEKGCE

Step 2 the
Server yertfre.s USer
The Authentcaton
stng database cnd 4hen
tte
access rahts
(nantng Ttcke (TOT)ana
prnv?dec a Tcket
sesston_ key. The reult are encrypted uain
the users passWerd

The user decrypts the mescaqe usîng their.

passWod anc sends he ToT_ to the Iicket
hanttngq cerver (TGS) TrT contaîns cuthentca
tor
CIR Auch n the sers name and netwark
dddes makirDg the pTocesc more secu.
• Step 4
TG serer decypts the TOT and verifies the
authentfcato. T then fesues dd serîce ttcket
Por accessing the reqUected cervice
Step 5
The user Sends the seryice tHcket cnd
autheniicato
authentt catacA Hh ex
eqLested server
•step 6i
The seTVer vertiesthe
serice tcket and
dtthentcator then
the Teq Lested
qant the Ser accece to
ervfce After veficatton.
4he user
securely accecr he Seryicec

D1IMITATTONS
Kurbero.s 5:0 addre sser
severl
-A.csLuDes Norkstattonc unerabiltHes
are cecur.
 K.G.C.E.
Karjat - Raigad Page No. :
Date
acKGCEKGCEKGOEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
4) ts
Whoat PtrealL ? 1Rst out
a ts vatoUS
aTchte cture cnd explatn any ahe o 1

AFLREWALL
)A renall ie
ts stmply aproqTam ar hardware
dlevtce that lters the inforroatton comîng.
though the nternet connectton into_ yaur
YÎYote netWork ar cormnputer ysterm
2) Tt also lters all traffte between intranet
and extranet Nhtch runs thOLah tt.
3) The matn puXpo.se is to keep attackers
though
autctde 4he rotected envronment
e)Tt ?s a banier place betweer îneider and
nutstdex netwark to prntect atnantsattan
from hackers.

eFTREWAI ARCHTTECTURE -
a)ArrNall sa kind f
referencemonitor. AlL
network traffic pacces through rewall. A
fArewal is kenttsolated and cannot be
mdtPed by anyhody, ather than admântshato.
)followna a cammen architectal implement
attons of reNalle.
()Packet fltertoq crateway
(tUstateftu) TInspectton Phevallc
(T)AppltcatPon Aoxtes
v) CruaTd.s
(V) Personal ftrewalls

CEXPLANATION PACkET FILTERNG EIREWALL

) Packet Filtertnq Ptrewal ts most baste
CDd olde st" tupe of frewall archtecture.
 Do
m
K
Page No.;
K.G.C.E.
Karjat - Raigad Date

KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKOC KGCEKCEK

Packet-fHtertng fircwall basically create a

checkpotnt at a traffie TOuter or cwttch.

9) Packet- PRltertng firewal) c d Detwork
ceautty techntaue that ?s used ta control
data flay to andxom d n etwork
G0TH tsa securttymechantsrn that allows the
mevement of packet deross thenetwark
and canols thetr Aow on the basts af
cet af rulesprotocols IP adcdresses and

5)pefault discard & That whfch to nat expresal

peTnitted 1s prohtb?ed
a)Default farwaTd that which fs not expressi
prohfbted îs neromtted,

-lea.st expencive thah other tpes af rewal

- Packet frltertng nuler ane nlatiuely eacy
to canu re.

- No contfqu mton
pITtected
change Dececcay to the
Norkstattons.
(3) Dicodva
ntaaec
-Packet Rlertnq freNalls atfere least
-Nlo screeningof secuft
packet
Cormplex pcylaadevatlable
reÑall_palfeler are di£ftcult to
Iroplernent usihe
filterinq rulec alone.
 C.E
Karjat - Raigad

Page No.:
Date :
GExnlaîn DiHe
Hellman Key
cKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
exchnqe alqotthm
ATHEORY(INTRODUCTION3
TWo parttercan aqree ona
key ustng this ymmetic
techntque
(2) Thic can be then
sed Por encrypttan
decrypten.
(3)Thic algcithm can be only foY key
used
aqreement, but nat for encryptioh ar
decnypticn.
e IH Ýs based an
mathemattcal otnctpler.

6ALGORTTHM -
)tty and Bob aaree upon 9 laqe
Alfce
pYtme Dumbers - n and a Thece number
need not be secret and can
be shard oubicly
C2)AIfce chooses another lanae random number
x(prtvate ta her) and calculates A Ruch thati

(3) Allce send this to Bob

4).Gob chooses another larae Tandam number
y (prtvate to htm) and calculater B such that

(5)Bab Cends this to Alice.

G)A1Tce now computes her secret key Ki as

K1 =B* modn
Bob conmputes bìc cecret key k9 as Pallone!
K)= AY mod n
a) KL=Ke CKey exchange complee)
EROCEKGCEKG
K.G.
DattatryK Karjat

nm Page No.

Date:
K.G.C.E. KGCEKGCEKGCEK
Raigad
Karjat -

upon 2larqe
ptme
end Bob aqrce
6)Allce
6CEKGCEKGCEKGÇEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKEGCEKGCEKGCM

number

Bab
Allce

X=3 y=6
A=9*mod n B=grncd n

3)A=mod 1l =2 5)B= mod IL=4

ks)lk=B* mod D K2= AY mod n

KI 4 mod 1= 9 Ke 2 modI|=9
 Karjat - Raigad

Page No.:

|Whatîs MAC ? Explctn the

Date
ACKGCEKGCEKGtRGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
proce.sS of t wtth
suthable
IAMAC dagtam.
MAC rfers to Message Authenttcation Codes.
-Message Authenttcaton Codes are the codes
whtch plays theîr role în two tmpartant
functons Authenttcatian Dete ctton and
Pals?ftcatton Detectton.
Compenent Messaqe ,key MAC algartthm
MAC alue.

8lpRoCESS oE MAC
Sender Recefver

MESSAGE |MESSACE
MAC MESSAGE
Keylk)-* key(k)-+MAC
|Algotthm MAc Algorfthnm

|MAC |MAC? MAC

MAC: If he same MAC ic

Message Authenttca found t then Hhe
ton Code

authentc cnd
Trtearthy checked
ELce i sornethtng
A Kumbho
CEKGCEKGCEKGCEKGCEKGCEKGC

Dattatry K.G.C.E. - Raigad

Page No Karjat

Date :
K.G.C.E.
Karjat -Raigad KGCEKGCEKO

asecret mecso KGCEKGCEKGCEKGpEKGCEKGc

IE sender A want to cend

KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEK

ts tn
conditfon
Tce?ver then B. the first

share Hhe cecret key

k

Otendex A caleulate. the MAC by applytng

Kk to Message M.
aA Sends the artalnal nes caqe M and
MAC to .
Ca) When B nncetve.s the message also
es kto calculate 1te awn MAc
MAC oVer
me.sscqe m.

a) B no compares both Hhe MAC 1f matchina!

is corect B aeume that messaqe M hac
hen altered durtng
match accuTs, B can reect he mecsage
Sia nîtcance
0MAC ensurt that only receiyer canPdent1fy
the original
mes.cage.
(a) MAC pIo Vide data confiderntialfty and
authencotion.
 K.G.C.E,
Karjat -Raigad

Page No.:

3Explatn hash Date :

Unctton
EKGCEKGCEKGERGCEkGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
Scenao with allt
toplemenattot
IAHASH EUNCTON
-Hash functoc a
Nauteu. wtdely
domatnc tn cemputer fmplemerted acsosa
science and
Secuty due to thety
abrhty to qenesnte
xed- cize
utputs from vaable
-cze înputs.
-Hashing is theprocess
of tak?ng
of toput any length
nforoaiton and fnding a
xed Jength untaue.
eprecentantton ef that ioput
tnioxmaton.

6TMPLEMENTATIAN SCENARTO.SS
cerDato o Pass WOYd Storage
-When yoL clqn up for a webatte and create a
password Instead t unc youY passWoe
thmugh hash functton and etarec the hached

c2) scehate o2 i Data Integtty

When you dowwload laxge e from intenet
the webstte nnîaht also provide a hash value
for that fle.

Lca) Scenarto 03 Verctan Conto Cirit

-IF you've ever used verston control softwar
1ke GE, every change yau make to yaur
code ts caved with a
unique camm hash.
4) Scenato 042 Diata] îqnatlrec
-When 1mpartant documente ane cent aver
internet hach functian are used to create a

uniaue tnaerhxtnà of the dacument_called hash.

dfqest
GcEKGCEKGCEKGcEKGCEKG
K.G.
om Dattatrey Page No,:
Karjat

|Date:
K.G.C.E.
Karjat - Raigad KGCEKGCEKGCEKG

wHh a sutable dPo

cMAC
KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKOCEKGCEKGCEKOCEKOCEKGCEKGCEKGCEKGCEKGCEKGGEKGGERGGERGGERGGEKGCEKGCEKO
and
OExplain HMAC
+ALHMAC. Message
for Hash -Based
-HMAC stand.s
Code.
Authenttcatfan a
Code în whtch
The Message Authentlcaton
unctton îs used c.s c MAC functorn
hashtng
to calculate the MAC value.

fax ensy rplaceahil f4y of émbedded

AHows
hách funttoh.
-Preserve ortatnal performance of hach Auncton
wthautslgn?ffcant deqradatton.
-Speed nf MAC generatton is highest ?n HMAc.
Strength of MAC Ps high tn HMAC
- Number of key used ie anly
-Key tr not to encrypt used
Hhe mersage
-Hashtnq Puncttonr could he geneml hach.
PunctioDs. guch as MD5, SHA-1SHA-9
Sender
Recerver
Messaqel Key Metsage MAC value

No Rejedt
Hash Functton
|Message key méssge
equa
MAC val ue Hach functon
Accep+
Send Message and
me tae
MAC MAC Value
 K.G.C.E,
Karjat - Raigad

Page No
eeKGCEKGÇEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGC
GCEKGCKGCEKGCcEKOCEKO
Date :

-CMAC standc for

Clpher-kased t4ecaqe
Authenttcatton
- The Code
Message Authenttcatton code 1n
ymmettc bleck toher encrypttan whtcha
1s used as the MAc functon to Euncttan
talculcte
Hhe MAC value fc called CMAC
This ctpher- based MAC hac
heen wdely adagte
in government and
Indtstry
Only messageof ane red lenath af mm E1t
qn nocesSed, wherr n is the ctoher hlocE
clzeand m ts a ftred nos?Ye tnteger
- Thic îmftnticn can be averrome usinq
multtpie keye whtch can be dertved rooa
stogle kE
Speed nt MAC generaten tcmedum.
Strength af MÁC tc
ic very high.
Number cf kEV& USed one key diided înto
multple subcke

Messag e

Pla?ntext Platntext Platntext

blcck 1 block 2 block n
X62

Ciphertesxt ctphertext Ctphertext

bleck 1 block 2 blockn

MAC alue
EKGCEKGCEKG

5OmDat
Nme Page No.
Date:
K.G.C.E. KGCEKGC
Karjat - Raigad
entttt es and
wlh all t basîc
KGCEKGCEKGCEKGOEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKCOe

5Explatn PkI fomat of x dataI

509 dtgtHal
Gtye the
operatlons,
eextffcate.
AlPKT
oPKI Publc key Infxcstructure,
stands for
used to
)I+ to cryptogaphic techntque
with the heta
secure electronic înfommatfon
Such au
oF Certatn techniquer such a diattal certtticatel

OT sfanatures and kransmisstor

of tb
Pnforoatton securly aver the înternet.
ca) I+ 2 created by coablninga number af
servtcer and kechholoqiec

TlPkI BASIC ENTIIES AND OPERATIONSE

stgned Message.
subject
Rdyi ng
party
certtffcate
RA
Anblte

Req uests
key
a
cereete certifrcate

CA

ISsues the Rapa sttary

certif cate
 Karjat - Raigad
Page tio
Date
EKGCEKGCEHKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOCEKGCEKGCEKGCEKGCE

Verston
Certtfcate
SertalNumber
Signature
ratgote Alaortthm
Sdlenffex paramneters

Perfod
ISsuer nae
Not before
vatratyt

Verson3
verston
Yeson
Not after

Subiec name
Subjects
Algorfthm
key Parameters
fnfo key
I&Suer unique
tdentfer
Subject untque
fdenttfter
Extenstons
Algertthm
Stanature paramneters A
oSfons
Venteo

encrypted

FoRMAT oF X509 Dqta Cesttente.

KGCEKGCEKG
Datt K Karia
Om
Ncme Page No.
Date CEKGCEKGCE
K.G.C.E.
Karjat - Raigad

archtecture.
KGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEHKGCEKGCEKGCCEKGCEKGCF
8s_protocol
(EExplain ocket Layer.
assL stands for Secuxîty Work
to TCP and 4 does not
(2)sSL ls spectftc
With UDP.
progtamming fnterface
prevides
)8sL applcattor
(API) to applicatfons the applicatton
e)SSL Dproto col s lacated hetween
model and uces
and hransport loy er af TCP/TP
diattal certtffcate and digttal sianature to
Securely communicate between clfent and cerver
macht ne.

5)SSI encypts the Tcefved ram aaplicator

data
layer of clfent machfne and add t awn
hender &SL hender) into the enerypted data
and send encsypited data to serVer sTde.
6) UponTeCeVîng encrypted data, server remores
the ssL header and decrypt_ the data and cend.
decpypted dato to appl?catton layer recefver
Applîcaton HTIP FTP SMTP
$SL SSL
TCP TCP
IP LP
G sSL PTotoco Interngl Archtecture
SSL handshake 8SL cipher &sL alert Applicatten
proto col
change protocol Proto co l

protoce|
(eg- HTTP)
SSL Reco rd Protocol
TCP
IP
SSL Proto co |Archttecture
ate No. K.G.C.E,
Karjat - Raigad

CEKGCEKGCEKGCE Page No.

OExplatn TLS oretocol Date

TLS
stands for
EKGCEKGCEKGGCEKGCEKGCKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCE
archthectu
Ironcport Layer
to SSL Cecutty
proYide Wtth the aîm ic to
secutty and
Iayer hetween data at the
(3)Al wo web appl? Tansport
Neb cattons
no broWSers Aupport TLS and en3ure c
enVesdrappi ng and tampertng
message of Hhe
|(4)Trnnsport layer
secutty CTLS)
aperate ahove
protocols
the TCe ayer,
use popular
TP
protocals
Decian of thest
Interfacec CAPT) to TCP Applîcatton Praa arn
Ioterfac?ng wth TCP
called zackete" fer "
layer.
(5) Applications are
noN Interaced to
Secuxfty Layer' înstead of TCP Transpot
Cc) TLS te
directty
chnîcally ne sides between
appli catHon
and transport layer,
thct actsr at TCP lcwer
enhanced wth securîty cervîce c.
G) The reason for
popularîn af ucing
cecuty at Transport Layer Tr
simplhchy
Applfcatton
Applicatton TLS
TCP
IP IP
Phystcol Netwerk Phystco Networ

Norrnal Applî cattons and Applientton with

TLS
 Page No. :

Date KGCEKGCI

K.G.C.E.
-Raigad col
IPSec proto
Karjat

the Working of a protocal îs

CEKGCENGCEKGOEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKCORY
Cecurtty)
(8) Eylatn Protocol
(Internet oVer a networ
LcoIPSec communicaton.c
usedtosecure the nternet
over Engîneertnt
e&pectally by the Internet
oISec ts destaned
Task Force (IETE)

WORKINE 8
OAuentcatton Nant to communicate
-When two dexîces cother to
they trt authentt cate each
&ecure
theîr oentter
conftm devicec fnoo
Ths preventr unauthzed
tototng the conversatton.

Hhe data
ance authentteated, TPSec encvnto
hetna cent between he deyfcec
tnto a format
- Encryptìon sorambler the data
that ony the tntended can understan
reretpentc

c)Tnteqtthy
-TPSec encures that Hhe data hasnt been
alco
tampered math duYfha tanotssion.
Tt uses checksumt and hashtna algoxtthmr ta
vertty the data
th recefY ed Pe exactty the same

as what we gent

)
Key Management
the data cecurely, IPSec
-To encrypt nd decryp
USes CEyptoqxnph?e keys Ensurer-only auth oxtz ed
devlce s have aCCeas to key.
 age
Date:
No K.G.C.E,
Karjat - Raigad

Page No.:
EKGCEKGCEKGCE
Explatn
PP
tn bxte
|Date :

eKGCENnnGEKGCEKGCEKGCEKOoEvoveoEVecEKGCEKGCEKGCEKGCEKGCEKGCEKGUENG
)PTP
stands for
whtch ts Pretthy Ctood Prîvacy (PGP)
phil Zmmermann
1S destaned to_pIovîde all four aspects
TSecuYtty ,ieDatVacy ntegrtty, authenti catten
Ahd noh- repud?atton the
n cendtna of ematl
9 PGP ses a dlatta)
stanature o pravîde
Inteqy authentt cation
CP usea coobination
and
of
noD-repudiatiao
secret key
encryption and ptblic key eneryptlan ta
EXVîde privacy
6)PGP Ys an opensOLUTCe and freely avaflahle
sottare package for ema
cecufty.
CG) PPprovides authentication through the se
cf Dtattal Sianatare
It
TH provtder confhdenttalky through the ure
at ayrnmetrîc block encrypton.
(8) TE poV?de.c Comoxesstan by ustng the zIP
alacrtihm, and EMAIL Coahattbiliy ustna the
Radx-s4 encoding scheme

to Explatn network based tntruston detecttan with

La suttable block diaqam.
)NIDS stands for Network- based intustah
detecton.
2) NIDS detects the attacks by monttoring,

arinetiork
catuing.and analyzinq packets
indlcatton that
trofftc and ties to give
misused.
computer has heeh
ecte maltctou.s data present înto paucketc
(3)T4 det

monitoni ng netwexk taoffe

by
 Page No.:

Date
K.G.C.E.
Karjat - Raigad

traffc
monttors Detvvork"
DEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGCEKGOCEKGCEK

e0NIDS._continuously rt attemphing
are
that f hacke
and discOVer
to brtak the Syetem which
fnstalled an matn seryer
(5)when NIDS
Constste af multtple hest
ctngle Ina
attcks pre sent n the
network pt detect
Incomng packéts
multale hy
hact by checkingq
ooks USes pTobe or sensorc
that
uncxdinay.
6) Networkbased TDS ingtalled throiahaut
the hetW/ork.

NaTae
Hot

User
NetWOrk HUB

Outstde
attacker

Attack
Pattern S

tnste
attaekey
Nonal Abnormal
to
detec
eunke
ctttackes 23