Information Assurance and Security

Chapter Four

Review of Shared Key Cryptography and Hash Functions

Sub Contents

4.1. Basic Public Key Cryptography (DH, RSA, CAs, PKI)

4.2. Introduction to the TCP/IP Stack
4.3. Network Security (ports and protocols)
4.4. Firewalls and Firewall Rules
 Shared Key Cryptography

• Shared key Cryptography is a type of Cryptography that uses a single shared

secret key for both encryption and decryption purpose.

• Shared key cryptography (also known as symmetric key cryptography)

involves functions E (encryption) and D (decryption):
 E: key x message -> cyphertext
 D: key x cyphertext -> message.
 Hash Function

• Hashing is the process of generating a value from a text or a list of numbers

using a mathematical function known as a Hash Function.

• A Hash Function is a function that converts a given numeric or

alphanumeric key to a small practical integer value.
 Basic Public Key Cryptography

• Public key cryptography (sometimes referred to as asymmetric cryptography) is a

class of cryptographic protocols based on algorithms.

• This method of cryptography requires two separate keys, one that is private or
secret, and one that is public.

• Public key cryptography uses a pair of keys to encrypt and decrypt data to protect it
against unauthorized access or use.
 Cont.…

• When the two parties communicate to each other to transfer the intelligible or
sensible message, referred to as plaintext, is converted into apparently random
nonsense for security purpose referred to as ciphertext
• Encryption:
The process of changing the plaintext into the ciphertext is referred to
as encryption.
• Decryption:
The process of changing the ciphertext to the plaintext that process is known
as decryption
 Cont.…

• Public Key Encryption : Asymmetric is a form of Cryptosystem in which encryption

and decryption are performed using different keys-Public key (known to everyone) and
Private key (Secret key). This is known as Public Key Encryption.
• Example:
Public keys of every user are present in the Public key Register. If B wants to send a
confidential message to C, then B encrypt the message using C Public key.
• When C receives the message from B then C can decrypt it using its own Private key.
No other recipient other than C can decrypt the message because only C know C’s
private key
Cont.…
 C

Components of Public Key Encryption:

 Plain Text:
This is the message which is readable or understandable. This message is given to the Encryption
algorithm as an input.
 Cipher Text:
The cipher text is produced as an output of Encryption algorithm. We cannot simply understand
this message.
 Encryption Algorithm:
The encryption algorithm is used to convert plain text into cipher text.
 Decryption Algorithm:
It accepts the cipher text as input and the matching key (Private Key or Public key) and produces
the original plain text
 Public and Private Key:
One key either Private key (Secret key) or Public Key (known to everyone) is used for encryption
and other is used for decryption
 Diffie-Hellman (DH) and Rivest Shamir Adleman (RSA)

• Diffie-Hellman and RSA are security algorithms that are essential for protecting
information from unauthorized users.
• They are responsible for encrypting the information and preventing unauthorized
users from not accessing or opening the contents/ information.
• They ensure that the cyber contents are safe and both sender and receiver have the
right to access the information.
• No, third-party or unauthorized users can access the information that is not meant
for them to access.
 Rivest Shamir Adleman (RSA)

• RSA stands for Rivest, Shamir, Adleman. These are the creators of the RSA
Algorithm. It is a public-key encryption technique used for secure data
transmission especially over the internet.
• Transmitting confidential and sensitive data over the internet through this
technology is safe due to its standard encryption method.
• The Rivest Shamir Adleman (RSA) is the cryptography system that is used for
public key cryptography, which is commonly used when sending secure, sensitive
data over an insecure network like the internet.
• RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually
means that it works on two different keys i.e., Public Key and Private Key. As
the name describes that the Public Key is given to everyone and the Private key is
kept private.
An example of asymmetric cryptography:
1. A client (for example browser) sends its public key to the server and requests some data.
2. The server encrypts the data using the client’s public key and sends the encrypted data.
3. The client receives this data and decrypts it.
 Diffie-Hellman (DH)

• Diffie-Hellman is a security algorithm with only one private key that is used by
both client and server i.e., the key is shared by both client and user.

• Diffie- Hellman uses exponential methods for the generation of keys.

• Diffie-Hellman uses the same key for encryption & decryption.

 Introduction to the TCP/IP Stack

• The Transmission Control Protocol/Internet Protocol (TCP/IP) stack is a set of

protocols that enables communication between devices over the Internet. It consists
of four layers:
I. Network Interface Layer,
II. Internet Layer,
III. Transport Layer, and
IV. Application Layer.
 Network Security (ports and protocols)

Network Security refers to the measures taken by any enterprise or organization to

secure its computer network and data using both hardware and software systems.
This aims at securing the confidentiality and accessibility of the data and network.
Every company or organization that handles a large amount of data, has a degree
of solutions against many cyber threat.
The most basic example of Network Security is password protection which the
user of the network oneself chooses.
 Benefits of Network Security

Network Security has several benefits, some of which are mentioned below:
1. Network Security helps in protecting clients’ information and data which ensures
reliable access and helps in protecting the data from cyber threats.
2. Network Security protects the organization from heavy losses that may have
occurred from data loss or any security incident.
3. It overall protects the reputation of the organization as it protects the data and
confidential items.
 Port Security in Computer Networking

Attackers’ task is comparatively very easy when they can enter the network they want
to attack.
Ethernet LANs are very much vulnerable to attack as the switch ports are open to use
by default.
Users can secure a port in two steps:
• Limiting the number of MAC addresses to a single switch port, i.e. if more than the
limit, Mac addresses are learned from a single port then appropriate action will be
taken.
 Port security –

Switches learn MAC addresses when the frame is forwarded through a switch port.
By using port security, users can limit the number of MAC addresses that can be
learned to a port, set static MAC addresses, and set penalties for that port if it is used
by an unauthorized user. Users can either use
restrict,
shut down or
protect port-security commands.
 Cont.….

• Shut down mode is mostly preferred as compared to other modes as it shut

down the port immediately if unauthorized access is done.
Note –
• The port security will work on access port only i.e., to enable port security, the
user first has to make it an access port.
 Configuration of port security

Applying port-security on fa0/1 interface of switch .first, convert the port to an

access port and will enable port-security.
• S1(config)#int fa0/1
• S1(config-if)#switchport mode access
• S1(config-if)#switchport port-security
 Cont.….

Use sticky command so that it will learn the Mac address dynamically and will
provide the limit and the appropriate action that should be taken.
 S1(config-if)#switchport port-security mac-address sticky
 S1(config-if)#switchport port-security maximum 2
 S1(config-if)#switchport port-security violation shutdown
 Cont.….

If the user wants to provide a static entry, then configure that by starting its Mac
address.
• S1(config-if)#switchport port-security
• S1(config-if)#switchport port-security violation shutdown
• S1(config-if)#switchport port-security mac-address aa.bb.cc.dd.ee.ff
 The End

•THE END