ISS

Overview:

Services, Mechanisms, and Attacks

CIA triad - Confidentiality,Integrity,Availability

Glossary

Access control - The ability to limit and control the access to host systems and applications via
communication links

active attack - Unbeknownst to sender and receiver, the message has been altered by third party
intruder and shows deviations from usual behavior. E.g. Masquerade, Modification of message, Replay,
Denial of service

authentication

authenticity

availability

data confidentiality

data integrity

denial of service - an interruption of service because the system has become incapacitated/ unable to
communicate

encryption

**integrity **

intruder

**masquerade ** - Adversary impersonates an authorised entity and accesses resources, e.g.

pretending to be the sender of a message

**nonrepudiation - ** Ensures sender cannot deny having sent the message and receiver cannot deny
having received the message, i.e. the message contents cannot be repudiated

**OSI security architecture - **

passive attack

replay - Adversary obtains a copy of the message to be sent to receiver and replays it, possibly sending
fraudulent messages or gaining authentication

security attacks

security mechanisms

security services

traffic analysis

the OSI Security Architecture

A Model for Network, Security.

Classical Encryption Techniques

Symmetric Cipher Model

Substitution Techniques

Caesar/Shift Cipher

Vignere cipher/Vernam cipher

Affine Cipher

Hill Cipher
Transposition Techniques

Rail fence cipher

Playfair cipher

Rotor Machines, Steganography

Glossary

Block Ciphers And The Data Encryption Standard

Simplified DES, Block Cipher Principles, The Data Encryption Standard, The Strength of DES,
Differential and Linear Cryptanalysis, Block Cipher Design Principles

Block Cipher Modes of Operation

Algorithm
Details Users Pros Cons
mode

- Simplest
Same key - Repetition of CT
mode
independently blocks correspond
- No need for
encrypts 64-bit Simple and to repetition of PT
Electronic synchronizing
blocks of text at a short messages, blocks (highly
Code - Not sensitive
time, separately storing data deterministic,
Block to bit errors,
records liable to
only a single
Last fragment is exploitation by
block is
padded attacker)
affected

Cipher Requires an Encrypting

Block Initialisation blocks of text,
Chaining Vector message
authentication
64 bits of CT from code
previous step and
 64 bits of PT are
XORed together

K randomised CT
Transmitting
from previous
Cipher encrypted
step and K bits of - Pro
Feedback stream of data
next step are
authentication
XORed

- Vulnerable to bit
input to encryption Transmitting manipulation
Output
step is previous encrypted - Vulnerable to
Feedback
DES output stream of data known plain text
attack

Counter and PT Block oriented

block are transmissions,
Counter encrypted , applications
counter is needing high
incremented speed

Glossary

Diffusion -Diffusion makes sure . It disperses the statistical

Confusion - Confusion makes the relationship between cipher key and corresponding ciphertext

Avalanche effect - Changing just one bit of key results in a drastic change . It is considered desirable
while devising encryption algorithms

Feistel Cipher - Model of block ciphers involving multiple rounds of applying diffusion and confusion

Round keys

S-box

Triple DES

Meet-in-the-middle attack
Introduction To Finite Fields

Groups, Rings, and Fields

Modular Arithmetic

Euclid’s Algorithm

Finite Fields of the Form GF(p)

Polynomial Arithmetic

Finite Fields of the Form GF(2n)

Glossary

Advanced Encryption Standard:

Evaluation Criteria for AES

The AES Cipher

Contemporary Symmetric Ciphers:

Triple DES
Double DES , Meet-in-the middle attack

It is not much more secure than single encryption

Triple DES with three keys

Triple DES with two keys

Blowfish

RC5

Characteristics of Advanced Symmetric Block Ciphers,

RC4 Stream Cipher

Algorithm:

1. Initialise state vector of 256 bytes

2. create key vector equal to state vector

3. perform initial permutation

Vulnerable to bit flipping

Glossary

Synchronous stream ciphers

Self-synchronising stream ciphers

Confidentiality Using Symmetric Encryption

Placement of Encryption Function

Traffic Confidentiality

Key Distribution

Random Number Generation

Random numbers in cryptography are used for

True Random Number Generators

Pseudo Random Number Generators

Public-Key Encryption and Hash Functions

Introduction to Number Theory: Prime Numbers

Format’s and Euler's Theorems

Testing for Primality

The Chinese Remainder Theorem

Discrete Logarithms.

Public-Key Cryptography

Principles of Public-Key Cryptosystems the RSA Algorithm

Key Management and Other Public-Key Cryptosystems

Key Management

Diffie-Hellman key exchange

Elliptic Curve Arithmetic, Elliptic Curve Cryptography.

RSA with d

Message Authentication and Hash Functions

Authentication Requirements

Authentication Functions

Message Authentication Codes

Hash Functions

Hash functions have the following properties:-

1. Compression

2. Collision Resistant

Security of Hash Functions

MAC

Hash Algorithms

MD5 Message Digest Algorithm

Secure Hash Algorithm

RIPEMD-160

HMAC.

Digital Signatures and Authentication Protocols

Digital Signatures

Authentication Protocols

Digital Signature Standard

Network Security Practice: Authentication Applications:

Kerberos, X.509 Authentication Service, Electronic Mail
Security: Pretty Good Privacy, S/MIME. IP Security: IP Security

Overview, IP Security Architecture, Authentication Header,

Encapsulating Security Payload,Combining Security
Associations, Key Management, Web Security: Web
Security Considerations, Secure Sockets Layer and Transport
Layer Security, Secure Electronic Transaction.

System Security

Intruders: Intruders, Intrusion Detection

Password Management

Malicious Software: Viruses and Related Threats

Virus Countermeasures

Firewalls: Firewall Design Principles

Trusted Systems.