RSA Algorithm

 Developed by Rivest, Shamir, and Adleman in 1977.

 Public key: PU = {e, n}, Private key: PR = {d, n}.
 Encrypts plaintext (P) into ciphertext (C) using exponentiation mod n.
 Key Generation:
1. Select two prime numbers ppp and qqq.
2. Compute n=p×qn = p \times qn=p×q.
3. Compute Euler's Totient Function ϕ(n)=(p−1)(q−1)\phi(n) = (p-1)(q-1)ϕ(n)=(p−1)
(q−1).
4. Choose public exponent eee (relatively prime to ϕ(n)\phi(n)ϕ(n)).
5. Compute private key ddd such that e×d≡1mod ϕ(n)e \times d \equiv 1 \mod \
phi(n)e×d≡1modϕ(n).
 Encryption: C=Pemod nC = P^e \mod nC=Pemodn.
 Decryption: P=Cdmod nP = C^d \mod nP=Cdmodn.

Modular Arithmetic

 Definition: Two integers aaa and bbb are congruent modulo mmm if they have the same
remainder when divided by mmm.
 Euler’s Totient Function: Counts numbers less than nnn that are coprime to nnn.

RSA Applications

 HTTPS, SSH, VPNs, Digital Signatures, Email & File Encryption, Secure
Communication.

Digital Signatures

 Purpose: Verifies authenticity and integrity of messages.

 Steps:
1. Compute hash of the message.
2. Encrypt hash with sender’s private key → Digital Signature.
3. Receiver decrypts using sender’s public key and verifies the hash.
 Properties:

o Must verify author, timestamp, and integrity.

o Verifiable by third parties to resolve disputes.
 Example: Bob signs a message, Alice verifies it using Bob’s public key.

Hashing & SHA-1

  Hashing: Converts variable-length input into a fixed-length hash (digest).
 SHA-1: Produces a 160-bit hash value, but is now considered weak.
 Padding: Message is divided into 512-bit blocks, padded to match block size.
 Uses: Digital signatures, password storage, secure communications.

MD5 Algorithm

 Produces a 128-bit hash.

 Steps:
1. Padding: Ensures the message length is a multiple of 512 bits.
2. Dividing into Blocks: Each block is processed separately.
3. Hash Calculation: Uses predefined constants.
4. Final Hash Value: Combines results into a unique output.
 Weaknesses: Vulnerable to collision attacks.

Authentication

 Types:
1. Something You Know: Passwords, PINs.
2. Something You Have: Smart cards, tokens.
3. Something You Are: Biometrics (fingerprints, iris scan).
 Password Security: Strong passwords must be long, include special characters, and be
changed regularly.

Intrusion Detection & Prevention

 IDS (Intrusion Detection System): Monitors traffic, alerts on suspicious activity.

 IPS (Intrusion Prevention System): Blocks malicious traffic.
 Types of IDS:
o Network-based IDS (NIDS): Monitors network traffic.
o Host-based IDS (HIDS): Monitors system logs and activity.

Firewalls

 Packet Filtering Firewalls: Inspect individual packets, allow or deny based on rules.
 Stateful Firewalls: Keep track of active connections, filter traffic accordingly.
 Next-Gen Firewalls (NGFW): Combine traditional firewall functions with intrusion
prevention and deep packet inspection.
 Firewall Designs:
o Private/Public Network Separation
o Demilitarized Zone (DMZ): Adds an extra buffer between public and private
networks.
Quick Notes on SSL, TLS, IPSec, and Cryptography for Exam Revision

1. SSL (Secure Socket Layer) & TLS (Transport Layer Security)

 Purpose: Encrypts data between a client (browser) and a server for secure communication.
 SSL vs TLS:
o SSL is an older protocol; TLS is its successor.
o TLS 1.2 and 1.3 are widely used today (SSL is deprecated).
 TLS Handshake Process:

1. Client Hello: Client sends supported TLS version, cipher suites, and a random number.
2. Server Hello: Server responds with its chosen TLS version, cipher suite, random number,
and certificate.
3. Certificate Verification: Client verifies the server’s certificate using a trusted Certificate
Authority (CA).
4. Key Exchange: Client generates a Premaster Secret, encrypts it with the server’s public
key, and sends it.
5. Session Key Generation: Both client and server generate identical session keys using
shared secrets.
6. Secure Communication: Client and server encrypt data using the session key.
 Applications: HTTPS, Secure Email (SMTPS, IMAPS), VPNs, Secure File Transfer (FTPS).

2. IPSec (Internet Protocol Security)

 Purpose: Provides authentication, integrity, and confidentiality for IP network traffic.

 Modes of Operation:
o Transport Mode: Encrypts only the data (used in end-to-end communication).
o Tunnel Mode: Encrypts the entire packet (used in VPNs).
 IPSec Protocols:

1. Authentication Header (AH): Provides integrity and authentication but no encryption.

2. Encapsulating Security Payload (ESP): Provides encryption, integrity, and
authentication.
 IPSec Steps:
1. Security Association (SA) establishment.
2. Authentication and key exchange (IKE Protocol).
3. Encryption and encapsulation of IP packets.
 Uses: Secure VPNs, site-to-site communication, remote access security.
3. Cryptography Basics

 Cryptography: Science of securing communications through encryption and decryption.

 Types:
1. Symmetric Encryption:
 Uses a single key for encryption & decryption.
 Example Algorithms: AES, DES, 3DES, RC4.
 Pros: Fast, efficient.
 Cons: Key distribution is a challenge.
2. Asymmetric Encryption:
 Uses a pair of keys (public & private).
 Example Algorithms: RSA, ECC.
 Pros: Secure, eliminates key distribution issues.
 Cons: Slower than symmetric encryption.
 Hashing:

o Converts data into a fixed-length value (one-way function).

o Example Hash Functions: MD5, SHA-1, SHA-256.
o Purpose: Data integrity verification, digital signatures.

Summary:

 SSL/TLS: Encrypts web traffic, ensures secure communication.

 IPSec: Secures IP traffic via AH (authentication) & ESP (encryption).
 Cryptography:
o Symmetric (fast, single key) vs. Asymmetric (secure, two keys).
o Hashing (one-way encryption for integrity).