cryptography & network Security
cryptography & network Security
3. Connection Protocol
The Connection Protocol enables multiple logical communication channels to be
multiplexed over a single SSH connection. This allows SSH to support various
services (e.g., remote login, file transfer, or port forwarding) concurrently over one
secure connection.
Multiplexing: Multiple channels can operate simultaneously, each handling a
different type of data or service. For example, one channel might handle a
terminal session, while another handles file transfers.
Example Message Exchange (Page 22, Figure 16.11): The document
references an example of how the Connection Protocol manages message
exchanges, though specific details are not provided. Typically, this involves
clients and servers exchanging messages to establish and manage channels,
such as opening a new channel, sending data, or closing a channel.
The Connection Protocol enhances SSH’s flexibility, making it suitable for diverse
applications beyond simple remote login.
Operational Workflow
The SSH connection process typically involves the following steps:
1. Connection Establishment:
o The client initiates a TCP connection to the server (typically on port 22).
o The Transport Layer Protocol negotiates encryption, authentication,
and compression algorithms.
2. Server Authentication:
o The server presents its public key or certificate, which the client verifies
against a known host database or trusted authority.
3. User Authentication:
o The client provides credentials (e.g., public key, password, or host-
based data) to authenticate the user, as required by the server.
4. Channel Setup:
o The Connection Protocol establishes one or more logical channels for
specific services (e.g., terminal access, file transfer).
5. Data Exchange:
o Data is transmitted in encrypted packets, with integrity ensured by
MACs and optional compression applied.
6. Session Termination:
o The connection is closed when the session ends, with all channels
properly terminated.
Advantages of SSH
Based on the document and general understanding:
Security: Provides strong encryption, authentication, and integrity, protecting
against eavesdropping, impersonation, and data tampering.
Flexibility: Supports multiple authentication methods and services over a
single connection.
Scalability: Widely adopted across platforms, suitable for both individual and
enterprise use.
Forward Secrecy: Ensures past sessions remain secure even if a key is
compromised.
Summary
Secure Shell (SSH) is a robust protocol for secure network communication, designed
to replace insecure protocols like TELNET. It operates as three layered protocols:
Transport Layer Protocol: Ensures server authentication, confidentiality,
integrity, and forward secrecy, using encrypted packets with a defined format.
User Authentication Protocol: Authenticates users via public key, password,
or host-based methods, protected by the transport layer’s encryption.
Connection Protocol: Multiplexes multiple logical channels over a single
SSH connection, supporting diverse applications.
SSH2, standardized in IETF RFCs 4250–4256, improves upon SSH1’s security flaws
and is widely used for remote login, file transfer, and X tunneling. Its simplicity, cross-
platform availability, and strong security features make it a cornerstone of modern
network security.
Characteristics of Firewalls
Firewalls are network security devices or software that monitor and control incoming
and outgoing network traffic based on predefined security rules. They act as a barrier
between trusted and untrusted networks, protecting systems from unauthorized
access and threats. The characteristics of firewalls determine their capabilities,
deployment scenarios, and effectiveness in securing networks. The key
characteristics include:
1. Packet Filtering
Description: Firewalls inspect packets (small chunks of data) at the network
layer (Layer 3 of the OSI model) and make decisions based on information in
packet headers, such as source/destination IP addresses, ports, and
protocols (e.g., TCP, UDP).
Functionality: They allow, drop, or reject packets based on predefined rules
without examining the packet’s payload.
Advantages:
o Fast processing due to minimal inspection.
o Low resource consumption, suitable for high-traffic environments.
Limitations:
o Limited to header information, making them vulnerable to attacks that
manipulate payloads (e.g., application-layer attacks).
o Cannot maintain state information for complex protocols.
Example: A rule allowing HTTP traffic (port 80) from a specific IP range.
2. Stateful Inspection
Description: Also known as dynamic packet filtering, stateful firewalls operate
at the network and transport layers (Layers 3 and 4) and track the state of
active connections (e.g., TCP session states like SYN, ACK).
Functionality: They maintain a state table to monitor the context of
connections, allowing or denying packets based on whether they belong to an
established, legitimate session.
Advantages:
o More secure than basic packet filtering because it understands the
connection’s context.
o Effective against attacks like session hijacking or unauthorized access
attempts.
Limitations:
o Higher resource usage compared to basic packet filtering.
o May struggle with protocols that use dynamic ports or complex state
tracking.
Example: Allowing return traffic for an established HTTP connection initiated
by an internal client.
3. Application Layer Awareness (Proxy-Based Firewalls)
Description: These firewalls operate at the application layer (Layer 7) and
inspect the content of packets, acting as intermediaries (proxies) between
clients and servers.
Functionality: They analyze application-specific data (e.g., HTTP requests,
FTP commands) and enforce policies based on content, user authentication,
or application behavior.
Advantages:
o Provides deep packet inspection, protecting against application-layer
attacks (e.g., SQL injection, XSS).
o Can enforce user-based policies and log detailed application activity.
Limitations:
o Slower performance due to extensive processing of packet payloads.
o May require specific configurations for each supported application.
Example: Blocking specific HTTP methods (e.g., DELETE) or filtering
malicious JavaScript in web traffic.
4. Access Control
Description: Firewalls enforce access control policies to regulate which
users, devices, or applications can access network resources.
Functionality: Rules are defined based on criteria like IP addresses, ports,
protocols, user identities, or time of access to allow or deny traffic.
Advantages:
o Granular control over network access, supporting least-privilege
principles.
o Can integrate with authentication systems (e.g., LDAP, RADIUS) for
user-based access control.
Limitations:
o Complex rule sets can lead to misconfigurations, creating security
gaps.
o Requires regular updates to adapt to changing network requirements.
Example: Restricting SSH access (port 22) to a specific subnet for
administrative users.
5. Logging and Monitoring
Description: Firewalls maintain logs of network activity, including allowed and
denied traffic, and can generate alerts for suspicious events.
Functionality: Logs provide visibility into traffic patterns, security incidents,
and policy violations, supporting auditing and incident response.
Advantages:
o Enables proactive threat detection and forensic analysis.
o Helps meet compliance requirements (e.g., GDPR, PCI-DSS).
Limitations:
o Large volumes of log data can overwhelm storage or analysis
capabilities.
o Requires expertise to interpret logs and distinguish false positives from
real threats.
Example: Logging all denied connection attempts to detect potential brute-
force attacks.
6. Intrusion Prevention
Description: Advanced firewalls, often called Next-Generation Firewalls
(NGFWs), include intrusion prevention system (IPS) capabilities to detect and
block malicious activities.
Functionality: They use signature-based or anomaly-based detection to
identify and mitigate threats like malware, exploits, or DoS attacks in real time.
Advantages:
o Proactively blocks known and emerging threats before they reach the
target.
o Enhances security by combining firewall and IPS functionalities.
Limitations:
o May introduce latency due to deep packet inspection.
o Requires regular updates to threat signatures and rules.
Example: Blocking traffic matching a known exploit signature for a
vulnerability in a web server.
7. Scalability
Description: Firewalls are designed to handle varying network sizes, from
small businesses to large enterprises, and support distributed architectures.
Functionality: They can be deployed as hardware appliances, virtual
machines, or cloud-based solutions, scaling to accommodate traffic volume
and network complexity.
Advantages:
o Adapts to growing networks or cloud environments.
o Supports high availability through clustering or failover mechanisms.
Limitations:
o High-performance firewalls can be costly for large-scale deployments.
o Scalability may require additional management overhead.
Example: Deploying a cloud-native firewall to protect a multi-region AWS
infrastructure.
8. Transparency
Description: Firewalls can operate transparently, meaning users are unaware
of their presence unless explicitly interacting with them (e.g., entering
credentials for access).
Functionality: They silently filter traffic in the background, requiring minimal
user intervention beyond initial authentication or configuration.
Advantages:
o Improves user experience by minimizing disruptions.
o Simplifies deployment in environments with non-technical users.
Limitations:
o Transparency may reduce visibility into security actions for end users.
o Misconfigurations may go unnoticed without user feedback.
Example: A firewall silently blocking malicious traffic without prompting the
user.
9. Support for VPNs
Description: Many firewalls include Virtual Private Network (VPN) capabilities
to enable secure remote access or site-to-site connectivity.
Functionality: They establish encrypted tunnels using protocols like IPsec or
SSL/TLS, ensuring secure communication over untrusted networks.
Advantages:
o Facilitates secure remote work and interconnectivity between offices.
o Integrates VPN functionality into the firewall, reducing the need for
separate devices.
Limitations:
o VPN performance may be limited by firewall hardware capabilities.
o Complex VPN configurations can introduce security risks if not properly
managed.
Example: Setting up an IPsec VPN tunnel between a branch office and
headquarters.
10. Flexibility and Customization
Description: Firewalls allow administrators to define custom rules, policies,
and configurations to meet specific security needs.
Functionality: They support fine-grained rule sets, integration with other
security tools (e.g., SIEM, threat intelligence feeds), and adaptability to
various network topologies.
Advantages:
o Tailors security to organizational requirements and threat landscapes.
o Supports advanced features like QoS (Quality of Service) or bandwidth
management.
Limitations:
o Customization requires skilled administrators to avoid errors.
o Overly complex configurations may degrade performance.
Example: Creating a custom rule to prioritize VoIP traffic while blocking P2P
file-sharing applications.
Placement of Firewalls
Firewalls are strategically positioned to filter and control traffic between networks,
ensuring that only authorized data passes through while blocking potential threats.
The document highlights two primary configurations for firewall placement:
1. DMZ Network (Demilitarized Zone)
Purpose: The DMZ is a semi-trusted network zone that acts as a buffer
between the internal network and the external network (e.g., the Internet). It
hosts servers that need to be accessible from the outside world, such as web,
email, or DNS servers, while protecting the internal network from direct
exposure.
Configuration:
o Connections:
Traffic from both the internal and external networks is allowed to
reach the DMZ.
Hosts in the DMZ are restricted from initiating connections to the
internal network, ensuring that even if a DMZ host is
compromised, the internal network remains protected.
o Firewall Setup:
Outer Firewall: Positioned between the Internet and the DMZ, it
filters incoming traffic from the Internet to the DMZ, allowing only
necessary access to DMZ systems (e.g., web or mail servers).
Inner Firewall: Positioned between the DMZ and the internal
network, it applies stricter filtering to control traffic from the DMZ
to the internal network, preventing unauthorized access.
Security Benefits:
o The outer firewall provides access control and protection for DMZ
systems, balancing their need for external connectivity with security.
o The inner firewall enforces stringent filtering to safeguard enterprise
servers and workstations from external attacks.
o Multiple internal firewalls can be used to segment and protect different
parts of the internal network from each other.
o If an attacker compromises a DMZ system, the inner firewall prevents
them from accessing the internal network.
Illustration: Figure 5 in the document shows the DMZ network setup with an
outer firewall separating the DMZ from the Internet and an inner firewall
protecting the internal network from the DMZ.
2. Virtual Private Networks (VPNs)
Purpose: VPNs provide secure, encrypted connections over a public network
(e.g., the Internet) to connect distributed sites or remote users to the internal
network.
Role in Firewall Placement:
o Firewalls often play a role in VPN configurations by implementing
encryption and authentication at lower protocol layers (e.g., using
IPsec at the IP level).
o A firewall may be placed at the gateway between the internal network
and the public network to secure VPN traffic, ensuring that corporate
traffic is protected from eavesdropping and unauthorized access.
Security Benefits:
o VPNs use encryption and authentication to create a secure tunnel
through an otherwise insecure network.
o Firewalls supporting VPNs can filter and encrypt traffic, ensuring that
only authorized users gain access to the internal network.
Cost Efficiency: VPNs are generally more cost-effective than dedicated
private networks, as they leverage public infrastructure while maintaining
security through encryption.
Firewall Configurations
1. Screened Host, Single-Homed Bastion Host
Description:
o This configuration consists of two components: a packet-filtering
router and a bastion host.
o The packet-filtering router is placed between the Internet and the
internal network, filtering traffic based on IP addresses and port
numbers.
o The bastion host is a highly secured computer that provides
application-level services (e.g., proxy or authentication services) and is
the only system directly accessible from the Internet.
Traffic Rules:
o From the Internet: Only IP packets destined for the bastion host are
allowed to pass through the router.
o From the Internal Network: Only IP packets originating from the
bastion host are allowed to exit to the Internet.
Security Features:
o The bastion host performs authentication and proxy functions,
acting as a gatekeeper for all traffic.
o This setup provides flexibility, allowing direct Internet access for
specific services while maintaining security through the router’s
filtering.
Advantages:
o Simple and cost-effective configuration.
o Provides a single point of control for external access.
Limitations:
o A breach in the bastion host could potentially expose the internal
network, as the bastion host is on the same network segment as
internal systems.
Illustration: Figure 6(a) in the document shows the single-homed bastion
host configuration, with the router and bastion host working together to filter
and process traffic.
2. Screened Host, Dual-Homed Bastion Host
Description:
o Similar to the single-homed configuration, this setup includes a packet-
filtering router and a bastion host, but the bastion host is dual-
homed, meaning it has two network interfaces—one connected to the
Internet (via the router) and one to the internal network.
o The dual-homed bastion host physically separates the internal network
from the external network, preventing direct communication between
them.
Traffic Rules:
o The router filters traffic as in the single-homed configuration, allowing
only packets destined for or originating from the bastion host.
o The bastion host does not forward packets directly between its two
interfaces, ensuring that all traffic is processed (e.g., via proxy or
authentication services).
Security Features:
o The dual-homed setup provides dual layers of security: the router’s
packet filtering and the bastion host’s application-level controls.
o It prevents direct communication between the Internet and the internal
network, reducing the risk of a breach spreading to internal systems.
o Additional hosts (e.g., information servers) can communicate directly
with the router if permitted by the security policy.
Advantages:
o Enhanced security due to physical separation of networks.
o Reduces the risk of a compromised bastion host exposing the internal
network.
Limitations:
o More complex to configure than the single-homed setup.
o May require additional resources for the dual-homed bastion host.
Illustration: Figure 6(b) in the document illustrates the dual-homed bastion
host configuration, highlighting the separation between the external and
internal networks.
3. Screened Subnet
Description:
o This configuration creates an isolated subnetwork (often called a
DMZ) between the Internet and the internal network, protected by two
firewalls:
An external firewall (or router) between the Internet and the
subnet.
An internal firewall between the subnet and the internal
network.
o The subnet may include the bastion host, information servers, or other
systems like modems for dial-up access.
Traffic Rules:
o The external firewall filters traffic from the Internet to the subnet,
allowing only authorized access to subnet systems (e.g., web or email
servers).
o The internal firewall strictly controls traffic from the subnet to the
internal network, preventing unauthorized access.
Security Features:
o Provides three levels of defense:
1. The external firewall filters Internet traffic.
2. The subnet isolates public-facing systems from the internal network.
3. The internal firewall enforces strict access controls to the internal network.
o The internal network is invisible to the Internet, as direct routes from
the Internet to internal systems are blocked.
o Systems in the subnet cannot establish direct connections to the
internal network, enhancing security.
Advantages:
o Highest level of security among the three configurations due to multiple
layers of protection.
o Ideal for hosting public-facing services (e.g., web or email servers)
while protecting the internal network.
o Prevents attackers from easily reaching internal systems even if the
subnet is compromised.
Limitations:
o More complex and costly to implement due to the need for two firewalls
and a separate subnet.
o Requires careful configuration to ensure proper traffic flow and security.
Illustration: Figure 6(c) in the document depicts the screened subnet
configuration, showing the external and internal firewalls and the isolated
subnet.
Key Points on Firewall Configuration
Purpose: Firewall configurations are designed to control and monitor traffic
between networks, ensuring that only authorized data passes through while
blocking malicious or unauthorized access.
Flexibility: Each configuration offers different levels of security and
complexity, allowing organizations to choose based on their security needs
and resources.
Components:
o Packet-Filtering Router: Filters traffic based on IP addresses, ports,
and protocols.
o Bastion Host: A secure system that handles application-level services
like proxying or authentication.
o Firewalls: Used in the screened subnet configuration to create multiple
layers of protection.
Security Trade-offs:
o Single-Homed: Simpler but less secure, as the bastion host is on the
same network as internal systems.
o Dual-Homed: More secure due to network separation but requires
additional configuration.
o Screened Subnet: Most secure but complex and resource-intensive.
Trusted Systems
Definition and Purpose
Trusted Systems are systems designed to protect data or resources based
on varying levels of security classifications, ensuring that access is strictly
controlled according to the sensitivity of the information.
They are commonly used in environments requiring multilevel security, such
as military or corporate settings, where information is categorized into
hierarchical levels (e.g., Unclassified, Confidential, Secret, Top Secret in the
military).
A trusted system is one that can be proven to enforce security policies,
ensuring that subjects (users or processes) can only access objects (data or
resources) according to their assigned security levels and clearances.
Multilevel Security Requirement
The core requirement for multilevel security is to prevent unauthorized
information flow between different security levels:
o A subject at a higher security level may not convey information to a
subject at a lower or incompatible level unless explicitly authorized by a
user with the appropriate authority.
This ensures that sensitive information (e.g., Top Secret data) is not
inadvertently or maliciously disclosed to users or systems with lower
clearances (e.g., Unclassified).
Bell-LaPadula Model
The Bell-LaPadula (BLP) Model is a formal access control model developed
in the 1970s to enforce multilevel security in trusted systems. It is the
foundation for implementing trusted systems and is described as follows:
o Security Classes:
Each subject (e.g., a user or process) and object (e.g., a file or
resource) is assigned a security class or level.
In the simplest form, security classes form a strict hierarchy
(e.g., Top Secret > Secret > Confidential > Restricted >
Unclassified in the military).
Optionally, categories or compartments can be added to each
security level, requiring subjects to have both the appropriate
level and category clearance to access an object.
o Access Control Rules: The BLP model enforces two key properties to
ensure multilevel security:
1. Simple Security Property (No Read Up):
A subject can only read an object if the subject’s security
level is equal to or higher than the object’s security
level.
Example: A user with Secret clearance cannot read Top
Secret documents but can read Confidential or
Unclassified documents.
2. Star Property (No Write Down):
A subject can only write to an object if the subject’s
security level is equal to or lower than the object’s
security level.
Example: A user with Secret clearance cannot write to a
Confidential document (to prevent leaking sensitive
information) but can write to Secret or Top Secret
documents.
o Access Modes: The BLP model defines four modes of access:
1. READ: The subject has read-only access to the object.
2. APPEND: The subject has write-only access to the object (cannot read it).
3. WRITE: The subject has both read and write access to the object.
4. EXECUTE: The subject can execute the object (e.g., a program) but cannot
read or write it.
o Security Clearances and Classifications:
A subject is assigned a security clearance (e.g., Secret),
indicating the highest level of information they can access.
An object is assigned a security classification (e.g.,
Confidential), indicating its sensitivity level.
Access is granted only if the subject’s clearance and the object’s
classification align with the BLP rules.
Application Beyond Military
While the BLP model is rooted in military classifications, it is applicable to
other domains, such as corporate environments, where information can be
organized into levels and categories:
o Example: A corporate classification scheme might include Strategic >
Sensitive > Confidential > Public.
Strategic: Accessible only by corporate officers for planning
documents.
Sensitive: Accessible by administrative personnel for financial
or personnel data.
Confidential: Internal documents with restricted access.
Public: Information available to all.
Users are granted clearances to access specific levels and categories of data,
ensuring that sensitive information is protected from unauthorized access.
Key Features of Trusted Systems
Enforcement of Security Policies:
o Trusted systems use formal models like BLP to enforce access control,
ensuring that no unauthorized read or write operations occur.
Hierarchical Access Control:
o The strict hierarchy of security levels prevents higher-level information
from being accessed or modified by lower-level subjects.
Category-Based Access:
o Categories (or compartments) add granularity, allowing fine-tuned
access control within the same security level.
Proven Security:
o Trusted systems are rigorously designed and tested to prove they
enforce multilevel security, making them reliable for high-stakes
environments.
Implementation
Trusted systems implement the BLP model through:
o Access Control Lists (ACLs) or Mandatory Access Control (MAC)
to enforce security levels and categories.
o Security Labels: Each subject and object is tagged with its security
level and category.
o Policy Enforcement Mechanisms: Software or hardware ensures that
all access requests comply with the Simple Security Property and Star
Property.
Unit-1
1. Taxonomy of Security Attacks
The document provides a taxonomy of attacks related to the three security goals
(Figure 1.1) and categorizes them as passive or active (Table 1.1).
Attacks Threatening Confidentiality
These attacks aim to unauthorizedly access or intercept sensitive information.
Snooping:
o Description: Involves unauthorized access or interception of data,
such as intercepting a file transferred over the internet containing
confidential information.
o Impact: The attacker uses the intercepted data for their benefit.
o Prevention: Use encipherment techniques to make data
unintelligible to the interceptor.
o Type: Passive attack (does not modify data or harm the system).
Traffic Analysis:
o Description: Even if data is encrypted, attackers can analyze network
traffic to gather information like the route, amount, or timing of data.
o Impact: Reveals metadata about communication patterns, which can
be used to infer sensitive information.
o Prevention: Techniques like traffic padding (inserting bogus data) can
obscure traffic patterns.
o Type: Passive attack.
Attacks Threatening Integrity
These attacks involve unauthorized modification or manipulation of data.
Modification:
o Description: The attacker intercepts and alters information to benefit
themselves, e.g., changing a bank transaction request.
o Impact: Can cause financial loss or system disruption.
o Example: An attacker modifies a message to change the transaction
type.
o Type: Active attack (alters data).
Masquerading:
o Description: The attacker impersonates a legitimate entity, e.g., using
stolen bank card credentials to pose as a customer.
o Impact: Gains unauthorized access to systems or sensitive
information.
o Example: A fake website pretends to be a bank to steal user data.
o Type: Active attack.
Replaying:
o Description: The attacker captures a legitimate message and resends
it later, e.g., resending a payment request to a bank.
o Impact: Can lead to unauthorized transactions or duplicated actions.
o Example: An attacker replays a payment request to receive multiple
payments.
o Type: Active attack.
Repudiation:
o Description: One party in a communication denies sending or
receiving a message, e.g., a customer denying a bank transaction
request or a vendor denying payment receipt.
o Impact: Creates disputes and undermines trust in transactions.
o Prevention: Use non-repudiation mechanisms like digital signatures
or notarization.
o Type: Active attack.
Attacks Threatening Availability
These attacks aim to disrupt or deny access to services or information.
Denial of Service (DoS):
o Description: Overwhelms a system with excessive requests to slow it
down or crash it, e.g., flooding a server with bogus requests.
o Impact: Prevents authorized users from accessing services, causing
operational disruption.
o Example: A server crashes due to heavy load from malicious requests.
o Type: Active attack.
Man-in-the-Middle (MITM) Attack:
Description: The attacker intercepts and potentially modifies messages
between two parties without their knowledge.
Impact: Can compromise confidentiality (by reading messages), integrity (by
altering messages), or availability (by disrupting communication).
Example: An attacker intercepts communication between a client and server
to steal or manipulate data.
Type: Active attack.
3. Cryptographic Attacks
The document categorizes cryptographic attacks into two types:
Cryptanalytic Attacks:
o Description: Use statistical and algebraic techniques to uncover the
secret key of a cipher by analyzing the mathematical properties of
cryptographic algorithms.
o Goal: Identify distinguishing properties in the cipher’s output that
deviate from a random function.
o Method: The attacker guesses keys and checks for specific properties;
if detected, the guess is correct.
o Complexity: Generally less complex than brute-force attacks.
o Example: Analyzing ciphertext to deduce the key.
Non-Cryptanalytic Attacks:
o Description: Exploit vulnerabilities other than the mathematical
weaknesses of the cryptographic algorithm.
o Examples: Social engineering, physical attacks, or exploiting system
vulnerabilities.
o Impact: Can threaten confidentiality, integrity, or availability without
breaking the cipher directly.
SERVICES & MECHANISMS
1. Security Services
Security services are designed to protect against security attacks and ensure the
goals of confidentiality, integrity, and availability. The ITU-T (X.800) defines five key
security services, as illustrated in Figure 1.2 (page 6). These services are directly
related to preventing specific types of attacks (e.g., snooping, modification, denial of
service).
List of Security Services
1. Data Confidentiality:
o Purpose: Ensures that information is not accessible to unauthorized
individuals or entities.
o Protection Against: Snooping and traffic analysis attacks.
o Examples:
Protecting sensitive data during storage (e.g., customer records
in a bank).
Securing data during transmission (e.g., encrypting emails).
o Relation to Security Goals: Primarily supports confidentiality.
2. Data Integrity:
o Purpose: Protects data from unauthorized modification, insertion,
deletion, or replaying by adversaries.
o Protection Against: Modification, masquerading, replaying, and
repudiation attacks.
o Examples:
Ensuring a bank transaction message is not altered during
transmission.
Verifying that a software update has not been tampered with.
o Relation to Security Goals: Supports integrity.
3. Authentication:
o Purpose: Verifies the identity of the communicating party (sender or
receiver) to ensure they are legitimate.
o Protection Against: Masquerading and replaying attacks.
o Types:
Connection-Oriented: Authenticates the sender/receiver during
connection establishment (e.g., in a VPN).
Connectionless: Authenticates the source of data (data origin
authentication, e.g., verifying an email sender).
o Relation to Security Goals: Supports integrity and indirectly
confidentiality.
4. Nonrepudiation:
o Purpose: Prevents either the sender or receiver from denying their
involvement in a communication (e.g., sending or receiving a
message).
o Protection Against: Repudiation attacks.
o Types:
Nonrepudiation, Origin: Proves the message was sent by the
specified party.
Nonrepudiation, Destination: Proves the message was
received by the specified party.
o Examples:
A customer cannot deny requesting a bank transfer.
A vendor cannot deny receiving an electronic payment.
o Relation to Security Goals: Supports integrity.
5. Access Control:
o Purpose: Restricts unauthorized access to data or resources, including
reading, writing, modifying, or executing programs.
o Protection Against: Unauthorized access attempts, which may lead to
snooping, modification, or denial of service.
o Examples:
Requiring a password to access a database.
Using role-based access to limit system administrator privileges.
o Relation to Security Goals: Supports confidentiality, integrity, and
availability.
2. Security Mechanisms
Security mechanisms are the technical tools or methods used to implement the
security services described above. The ITU-T (X.800) recommends several
mechanisms, as shown in Figure 1.3 (page 7). These mechanisms are designed to
counter specific attacks and provide the functionality needed for the security
services.
List of Security Mechanisms
1. Encipherment:
o Description: Involves hiding or transforming data to make it
unintelligible to unauthorized parties, using techniques like
cryptography (mathematical transformations) or steganography
(hiding data within other data).
o Purpose: Primarily provides confidentiality by encrypting data.
o Applications:
Encrypting sensitive files or communications (e.g., HTTPS for
secure web browsing).
Protecting data stored on a server.
o Supported Services: Data confidentiality, data integrity, authentication.
2. Data Integrity:
o Description: Involves appending a checkvalue (e.g., a hash or
checksum) to data, which is generated from the data itself. The
receiver verifies integrity by recalculating the checkvalue and
comparing it with the received one.
o Purpose: Ensures data has not been modified during transmission or
storage.
o Process:
Sender generates a checkvalue and sends it with the data.
Receiver computes a new checkvalue from the received data
and compares it with the received checkvalue.
If they match, the data is intact; otherwise, it has been altered.
o Applications:
Verifying the integrity of a downloaded file (e.g., using MD5 or
SHA hashes).
Ensuring a message has not been tampered with.
o Supported Services: Data integrity, nonrepudiation.
3. Digital Signature:
o Description: A cryptographic method where the sender signs data
using a private key, and the receiver verifies the signature using the
sender’s public key to confirm authenticity and integrity.
o Purpose: Proves the sender’s identity and ensures the data has not
been altered.
o Process:
Sender creates a signature using their private key.
Receiver uses the sender’s public key to verify the signature.
o Applications:
Signing emails to prove the sender’s identity.
Verifying software updates from a trusted source.
o Supported Services: Data integrity, authentication, nonrepudiation.
4. Authentication Exchange:
o Description: Involves two entities exchanging messages to prove their
identities, often using shared secrets or cryptographic techniques.
o Purpose: Ensures both parties in a communication are legitimate.
o Examples:
A user logging into a system by proving knowledge of a
password.
Mutual authentication in a secure protocol like TLS.
o Applications:
Secure login to online banking.
Establishing a VPN connection.
o Supported Services: Authentication.
5. Traffic Padding:
o Description: Adds bogus data to network traffic to obscure patterns,
making it harder for attackers to perform traffic analysis.
o Purpose: Protects against traffic analysis attacks by hiding
communication patterns.
o Applications:
Adding dummy packets to a network to mask real data transfers.
Preventing attackers from deducing the volume or timing of
communications.
o Supported Services: Data confidentiality.
6. Routing Control:
o Description: Involves selecting and dynamically changing
communication routes between sender and receiver to prevent
eavesdropping on a specific path.
o Purpose: Enhances confidentiality by reducing the risk of interception.
o Applications:
Using multiple network paths for secure data transmission.
Avoiding compromised or monitored network routes.
o Supported Services: Data confidentiality.
7. Notarization:
o Description: Involves a trusted third party to oversee and validate
communication, ensuring authenticity and preventing repudiation.
o Purpose: Provides proof of communication actions (e.g., sending or
receiving a message).
o Applications:
A trusted authority verifying a contract signed electronically.
Timestamping a transaction to prove when it occurred.
o Supported Services: Nonrepudiation.
8. Access Control:
o Description: Uses methods like passwords, PINs, or biometric
authentication to verify a user’s right to access data or resources.
o Purpose: Prevents unauthorized access to systems, data, or
applications.
o Applications:
Requiring a login to access a corporate network.
Restricting database access to authorized users only.
o Supported Services: Access control.
https://grok.com/share/bGVnYWN5_48476a2b-3c6d-4475-8e70-535287a68973
CYBER THREATS
1. Definition of Cyber Threats
Cyber Threat: An attack on digital systems that allows illegal access to
devices or data, often through malicious acts from an anonymous source.
Cyber Attack: The act of exploiting vulnerabilities to gain unauthorized
access or manipulate systems, potentially compromising sensitive information
or disrupting services.
Impact: Cyber threats threaten the three core security goals:
o Confidentiality: Unauthorized access to sensitive data.
o Integrity: Unauthorized modification or corruption of data.
o Availability: Disruption of access to systems or services.
%x Hexadecimal Value
%s String Reference
Example:
o Code: printf(user_input); instead of printf("%s", user_input);.
o Input: %x%n can read stack values or write to memory, potentially
altering program control flow.
Impact:
o Confidentiality: Reads sensitive data from memory.
o Integrity: Modifies memory to execute malicious code or alter
variables.
Prevention:
o Always specify format strings explicitly (e.g., printf("%s", input);).
o Use secure functions (e.g., snprintf) that limit output.
o Validate user input to prevent format string attacks.
3. Techniques of Phishing
The document identifies three specific phishing techniques, each with distinct
methods and targets:
1. Spear Phishing:
o Description: A targeted phishing attack aimed at a specific individual
or small group, often using personalized information to increase
credibility.
o Mechanism:
Attackers craft messages that appear to come from a trusted
source, such as an employer, colleague, or service provider.
Messages may reference specific details about the target (e.g.,
their job role or recent activity) to seem legitimate.
o Targets: Individuals or groups using a particular product or website
(e.g., employees of a company or users of a specific platform).
o Example: An email to a company executive pretending to be from the
CEO, requesting sensitive financial data.
2. Clone Phishing:
o Description: Involves creating a malicious copy of a legitimate email,
often sent from a compromised or infected machine, to exploit trust in
the original communication.
o Mechanism:
Attackers intercept or replicate a genuine email and modify it to
include malicious links or attachments.
The cloned email is sent to the original recipients or others,
leveraging the inferred trust from the legitimate message.
o Purpose: To gain a foothold on another system by exploiting social
trust between parties who received the original email.
o Example: A legitimate company newsletter is cloned, with links
replaced by ones leading to a phishing site.
3. Pharming:
o Description: A technique that redirects users to fake websites by
manipulating DNS servers or a victim’s host file, without requiring user
interaction with a malicious link.
o Mechanism:
Attackers alter the DNS resolution process, directing traffic from
a legitimate domain (e.g., bank.com) to a fraudulent IP address.
Can be achieved by:
Compromising DNS Servers: Known as "DNS
poisoning," where DNS records are altered to point to
malicious sites.
Modifying Host Files: Changing a user’s local host file to
redirect specific domains to fake IPs.
o Targets: Typically home computers rather than corporate systems, as
they are less likely to have robust protections.
o Example: A user types www.paypal.com but is redirected to a fake site
that captures their login credentials.
6. Mitigation Strategies
The PDF emphasizes that SQL injection occurs due to unvalidated user input and
implies that proper input handling is key to prevention. Below are specific mitigation
strategies, derived from the document and standard security practices:
1. Input Validation and Sanitization:
o Validate user input to ensure it conforms to expected formats (e.g.,
reject special characters like ', --, or ;).
o Sanitize input by escaping dangerous characters or removing SQL-
specific syntax.
o Example: Reject inputs containing SQL keywords like OR, SELECT, or
--.
2. Parameterized Queries (Prepared Statements):
o Use parameterized queries or prepared statements to separate user
input from SQL code.
o Instead of concatenating input into queries, placeholders are used, and
input is treated as data, not executable code.
o Example:
sql
Copy
// Vulnerable code
query = "SELECT * FROM users WHERE username = '" + username + "' AND
password = '" + password + "';";
// Secure code (using prepared statements)
preparedStatement = connection.prepareStatement("SELECT * FROM users
WHERE username = ? AND password = ?");
preparedStatement.setString(1, username);
preparedStatement.setString(2, password);
o Supported by most database APIs (e.g., JDBC, PDO in PHP).
3. ORM Frameworks:
o Use Object-Relational Mapping (ORM) frameworks like Hibernate,
Django ORM, or Sequelize, which abstract SQL queries and handle
input safely.
o Example: Django’s User.objects.filter(username=username,
password=password) avoids direct query construction.
4. Least Privilege Principle:
o Configure database accounts with minimal permissions.
o Example: The application’s database user should only have SELECT
and INSERT permissions, not DROP or EXECUTE.
o Prevents attackers from executing destructive commands even if
injection occurs.
5. Error Handling:
o Suppress detailed database error messages that reveal schema details
(e.g., table or column names).
o Log errors securely on the server without displaying them to users.
o Example: Replace “Table ‘users’ not found” with a generic “An error
occurred.”
6. Web Application Firewall (WAF):
o Deploy a WAF to filter and block malicious SQL inputs based on
patterns (e.g., detecting OR 1=1).
o Example: ModSecurity can block common SQL injection payloads.
7. Regular Security Testing:
o Conduct penetration testing and vulnerability scanning to identify SQL
injection flaws.
o Use tools like SQLMap to simulate attacks and verify defenses.
8. Input Whitelisting:
o Allow only predefined values for inputs when possible (e.g., dropdown
menus instead of free-text fields).
o Example: For a search form, restrict inputs to alphanumeric characters.
1. Buffer Overflow Attacks
1.1 Definition
Buffer Overflow: A type of attack where a program receives more data than
its allocated buffer (a fixed-size memory area) can handle, causing the excess
data to overwrite adjacent memory locations.
Analogy: Like overfilling a bucket, where excess water spills into nearby
containers, potentially causing unintended effects.
Purpose: To corrupt program variables, alter program behavior, or execute
malicious code, often to gain unauthorized access or control over a system.
1.2 Mechanism
Vulnerability: Buffer overflows occur in programs that do not properly check
the size of input data before copying it into a fixed-size buffer. This is common
in languages like C and C++, which require manual memory management.
Process:
o A program allocates a buffer (e.g., an array) to store user input.
o If the input exceeds the buffer’s capacity and no bounds checking is
performed, the excess data overwrites adjacent memory.
o Overwritten memory may include:
Other variables, altering program logic.
The stack frame, including the return address of a function,
allowing attackers to redirect program execution.
The heap, affecting dynamically allocated memory.
o Attackers craft input to overwrite specific memory locations with
malicious data, such as pointers to their own code.
Types (as described in the PDF):
1. Stack Overflow:
Affects the stack, a memory region used for local variables,
function parameters, and return addresses.
Managed by the operating system in a last-in-first-out (LIFO)
manner.
Fast but limited in size, making it a common target.
Example: Overwriting a function’s return address to point to
malicious code.
2. Heap Overflow:
Affects the heap, a memory region used for dynamic data
allocation (e.g., via malloc or new).
Managed by the program, slower but limited only by virtual
memory.
More complex to exploit due to dynamic allocation but can
corrupt critical data structures.
Example: Overwriting a heap-allocated object to manipulate
program behavior.
1.3 Example (from the PDF, page 17)
Scenario: A C program accepts a password input but does not check its
length:
c
Copy
int pass = 0;
char password[8];
printf("Enter Password:");
gets(password); // Vulnerable function, no bounds checking
if (strcmp(password, "correct") == 0) {
printf("Correct Password\n");
pass = 1;
}
if (pass) {
printf("Root privileges given to the user\n");
}
Attack:
o The password buffer is allocated 8 bytes on the stack.
o The gets() function reads input without checking its length, allowing
unlimited data to be written to password.
o An attacker inputs a long string (e.g., hhhhhhhhhhhhhhhhh, 17 bytes).
o The excess data overflows the password buffer, overwriting the
adjacent pass variable (stored next to password on the stack).
o The overwrite sets pass to a non-zero value (e.g., part of the input
string interpreted as an integer).
Outcome:
o The program grants “Root privileges” (pass is non-zero), even though
the password is incorrect.
o This demonstrates how a buffer overflow can bypass security checks.
Real-World Implication:
o Attackers could overwrite the function’s return address instead of pass,
redirecting execution to malicious code (e.g., a shellcode that spawns a
system shell).
1.4 Impact
Confidentiality:
o Overwriting memory may expose sensitive data (e.g., passwords,
encryption keys) stored in adjacent memory locations.
Integrity:
o Alters program behavior by modifying variables or redirecting execution
to malicious code.
o Example: Granting unauthorized root privileges, as in the example.
Availability:
o Causes program crashes or system instability if critical memory is
corrupted.
o Example: Overwriting essential data structures may crash the
application.
System Compromise:
o Allows attackers to execute arbitrary code, potentially gaining full
control of the system.
o Example: Exploiting a buffer overflow in a server application to install a
backdoor.
1.5 Challenges
Difficulty: Finding and exploiting buffer overflows requires knowledge of the
program’s memory layout and careful crafting of input.
Severity: Despite the complexity, successful exploits can lead to severe
consequences, such as remote code execution or privilege escalation.
2. Format String Vulnerabilities
2.1 Definition
Format String Vulnerability: A vulnerability that occurs when a program
allows user input to be used as a format string in functions like printf, enabling
attackers to read or write arbitrary memory locations.
Purpose: To manipulate a program’s memory to extract sensitive data, alter
program behavior, or execute malicious code.
2.2 Mechanism
Vulnerability: Format string vulnerabilities arise in C/C++ programs that pass
user input directly to format string functions (e.g., printf, sprintf, fprintf) without
specifying a format string.
Process:
o Format string functions expect a format string (e.g., %s for strings, %d
for integers) followed by arguments to be formatted.
o If the format string is controlled by user input, attackers can supply
format specifiers to manipulate the stack.
o Common format specifiers (listed in the PDF, page 17):
%x Hexadecimal Value
%s String Reference
6. Mitigation Strategies
The PDF does not explicitly list mitigation strategies, but it implies that securing TCP
sessions requires protecting against interception and forgery. Below are mitigation
strategies based on the document’s context and standard security practices:
1. Encryption:
o Use TLS/SSL (e.g., HTTPS, SSH) to encrypt TCP sessions, making it
difficult for attackers to read or forge packets.
o Example: HTTPS ensures that even if packets are intercepted, the data
(including sequence numbers) is encrypted.
o Note: Encryption alone does not prevent hijacking if the attacker can
bypass it (e.g., via SSL stripping).
2. Strong Sequence Number Generation:
o Modern TCP implementations use cryptographically secure random
numbers for initial sequence numbers, making prediction difficult.
o Example: Linux and Windows systems use randomized sequence
numbers to reduce blind hijacking risks.
3. Network Security:
o Firewalls and Intrusion Detection Systems (IDS): Monitor for
suspicious packets (e.g., unexpected sequence numbers or spoofed
IPs).
o ARP Spoofing Protection: Use tools like ARPwatch or static ARP
tables to prevent MITM attacks on local networks.
o IPsec: Implement IPsec to authenticate and encrypt IP packets,
preventing spoofing.
4. Secure Protocols:
o Avoid unencrypted protocols like telnet or FTP, which are highly
vulnerable to hijacking.
o Use secure alternatives (e.g., SSH, SFTP).
5. Session Authentication:
o Implement application-layer authentication (e.g., session tokens, CSRF
tokens) to verify the legitimacy of requests, even if the TCP session is
hijacked.
o Example: A banking site requiring a one-time password (OTP) for
transactions.
6. Network Segmentation:
o Isolate sensitive systems on separate network segments to limit the
attacker’s access to session traffic.
o Example: Place servers in a DMZ (demilitarized zone) to reduce
exposure.
7. Monitoring and Logging:
o Monitor TCP sessions for anomalies (e.g., sudden sequence number
mismatches or unexpected packet sources).
o Log session activity to detect and investigate hijacking attempts.
8. Disable Source Routing:
o Disable IP source routing to prevent attackers from controlling packet
paths, reducing the feasibility of blind hijacking.
UDP
1. Definition of UDP Session Hijacking
UDP Session Hijacking: An attack where an attacker intercepts and
manipulates UDP-based communication by forging packets to impersonate a
legitimate party, injecting malicious data or disrupting the session.
Purpose: To compromise the integrity of UDP-based applications, redirect
traffic, or disrupt services, often targeting protocols like DNS, online gaming,
or streaming.
Key Characteristics:
o Exploits UDP’s connectionless nature, which lacks sequence
numbers, acknowledgments, or session establishment handshakes.
o Simpler to execute than TCP session hijacking due to the absence of
state tracking.
o Typically involves IP spoofing to forge packets that appear to come
from a legitimate source.
Unit-2
The Data Encryption Standard (DES) is a symmetric-key block cipher developed in
the early 1970s by IBM and later standardized by the National Institute of Standards
and Technology (NIST). It was widely used for securing sensitive data but has largely
been replaced by more secure algorithms like AES due to its relatively short key
length. The provided document (u2suresh.pdf) offers a detailed explanation of DES,
which I will summarize and elaborate on below, covering its structure, operation, key
generation, strengths, and security considerations.
Overview of DES
DES is a symmetric-key block cipher, meaning the same key is used for both
encryption and decryption. It operates on 64-bit blocks of plaintext to produce 64-bit
blocks of ciphertext using a 56-bit key (though the key is typically input as 64 bits,
with 8 bits used for parity). The document distinguishes between stream ciphers
(which encrypt data bit-by-bit or byte-by-byte) and block ciphers like DES, which
process fixed-size blocks of data.
Input/Output: DES takes a 64-bit plaintext block and transforms it into a 64-
bit ciphertext block. The reverse process decrypts the ciphertext back to
plaintext using the same key.
Key: The 56-bit key is derived from a 64-bit input by dropping 8 parity bits.
This key is used to generate subkeys for each round of encryption/decryption.
DES Structure
The DES encryption process consists of the following main components, as
illustrated in the document (Figures 2.1 and 2.2):
1. Initial Permutation (IP):
o The 64-bit plaintext undergoes an initial permutation (P-box) that
rearranges the bits according to a predefined table (Table 2.1).
o This permutation is keyless and does not add security but standardizes
the input format.
o Example: The 58th bit of the input becomes the 1st bit of the output.
2. 16 Feistel Rounds:
o DES employs a Feistel network, a structure that splits the 64-bit input
into two 32-bit halves (Left and Right) and processes them through 16
rounds.
o Each round involves:
Expansion: The 32-bit right half (R) is expanded to 48 bits using
an expansion permutation (Figure 2.6). This involves dividing
the 32 bits into eight 4-bit sections, each expanded to 6 bits by
copying certain bits and borrowing bits from adjacent sections.
Key Mixing (Whitener): The expanded 48-bit right half is
XORed with a 48-bit round key (derived from the main key).
Substitution (S-Boxes): The 48-bit result is divided into eight 6-
bit chunks, each processed by one of eight S-boxes (substitution
boxes). Each S-box maps 6 input bits to 4 output bits using a
lookup table (e.g., Table 2.2 for S-box 1). This step introduces
confusion (non-linearity) to obscure the relationship between
plaintext and ciphertext.
Example: For S-box 1, input 100011 yields output 1100
(decimal 12) by using the first and sixth bits (11 = row 3)
and the middle four bits (0001 = column 1).
Permutation (P-Box): The 32-bit output from the S-boxes is
permuted according to a fixed permutation table (Table 2.3).
Feistel Function: The permuted output is XORed with the left
half (L) to produce the new right half for the next round. The old
right half becomes the new left half.
o The document notes that the 16th round omits the swap of the left and
right halves, unlike the earlier rounds (Figure 2.9).
3. Final Permutation (FP):
o After the 16 rounds, the 64-bit result undergoes a final permutation,
which is the inverse of the initial permutation.
o Example: The 1st bit of the input becomes the 58th bit of the output.
o This produces the final 64-bit ciphertext.
The decryption process mirrors encryption but applies the round keys in reverse
order (K16 for round 1, K1 for round 16).
Key Generation
DES uses a 56-bit key to generate sixteen 48-bit round keys (K1 to K16) through the
following steps (Figure 2.10):
1. Parity Drop:
o The 64-bit input key includes 8 parity bits (bits 8, 16, 24, ..., 64), which
are dropped.
o The remaining 56 bits are permuted according to a parity-bit drop table
(Table 2.4).
2. Key Splitting and Circular Left Shifts:
o The 56-bit key is split into two 28-bit halves (C and D).
o Each half undergoes a circular left shift, with the number of shifts
varying by round (Table 2.5):
1 bit for rounds 1, 2, 9, and 16.
2 bits for all other rounds.
o After shifting, the two halves are recombined to form a 56-bit key.
3. Compression D-Box:
o A compression permutation (Table 2.6) selects 48 bits from the 56-bit
key to produce the round key for each round.
This process ensures that each round uses a unique 48-bit subkey derived from the
original key.
Strength of DES
The document outlines the following factors contributing to DES's strength:
1. Key Size:
o DES uses a 56-bit key, resulting in 2562^{56}256 (approximately 72
quadrillion) possible keys.
o A brute-force attack, trying all possible keys, is computationally
intensive. At one encryption per microsecond, it would take thousands
of years to test all keys.
o However, advancements in computing power and parallel processing
(e.g., a hypothetical machine with one million encryption units, as
suggested by Diffie and Hellman) make brute-force attacks more
feasible today.
2. Algorithm Design:
o The S-boxes are critical to DES's security, introducing non-linearity
(confusion). Despite extensive cryptanalysis, no significant
weaknesses in the S-boxes have been found.
o The 16 rounds and the Feistel structure provide diffusion, ensuring
that changes in the plaintext or key affect the entire ciphertext.
3. Resistance to Cryptanalysis:
o DES was designed to resist differential cryptanalysis, a technique
unknown to the public at the time but known to its designers. It requires
2472^{47}247 chosen plaintexts or 2552^{55}255 known plaintexts,
which is impractical.
o Linear cryptanalysis, a newer attack, is more effective, requiring
2432^{43}243 known plaintext pairs. However, obtaining this many
pairs is still impractical.
4. Timing Attacks:
o Timing attacks exploit variations in encryption/decryption time to infer
key information. DES is vulnerable to such side-channel attacks,
particularly in hardware implementations like smartcards.
o Mitigation involves "blinding" techniques to ensure consistent
computation times regardless of input or key.
Security of DES
While DES was a robust cipher for its time, its security has been compromised by
modern standards due to the following:
1. Brute-Force Attacks:
o The 56-bit key size is too short for modern computing power. A brute-
force attack can be completed in a reasonable time with specialized
hardware.
o The document mentions the key complement weakness, where
testing 2552^{55}255 keys can break DES due to symmetry in the key
structure.
2. Differential Cryptanalysis:
o Although DES is resistant, it is not immune. The choice of 16 rounds
and specific S-box designs makes differential cryptanalysis impractical
but not impossible.
3. Linear Cryptanalysis:
o DES is more vulnerable to linear cryptanalysis, which exploits linear
approximations of the S-boxes. However, the large number of plaintext-
ciphertext pairs required makes it impractical.
4. Triple DES (3DES):
o To address DES's vulnerabilities, 3DES applies DES three times with
two or three keys (effective key sizes of 112 or 168 bits). This
significantly increases resistance to brute-force attacks but is slower
and less efficient than modern ciphers like AES.
AES
The Advanced Encryption Standard (AES) is a symmetric-key block cipher
standardized by the National Institute of Standards and Technology (NIST) in 2001. It
was developed by Joan Daemen and Vincent Rijmen and is also known as the
Rijndael algorithm. AES replaced the Data Encryption Standard (DES) due to its
stronger security, larger key sizes, and efficiency. The provided document
(u2suresh.pdf) includes a detailed explanation of AES, which I will elaborate on
below, covering its structure, operation, key generation, and security features.
Overview of AES
AES is a symmetric-key block cipher, meaning the same key is used for both
encryption and decryption. It operates on 128-bit blocks of plaintext to produce 128-
bit blocks of ciphertext and supports three key sizes: 128, 192, or 256 bits.
Depending on the key size, the algorithm is referred to as AES-128, AES-192, or
AES-256.
Block Size: Fixed at 128 bits (16 bytes).
Key Sizes: 128, 192, or 256 bits, offering significantly stronger security than
DES's 56-bit key.
Rounds: The number of transformation rounds (NrN_rNr) depends on the key
size:
o AES-128: 10 rounds
o AES-192: 12 rounds
o AES-256: 14 rounds
Round Keys: The key-expansion algorithm generates Nr+1N_r + 1Nr+1
round keys, each 128 bits, matching the block size.
AES is widely used in applications such as SSL/TLS, VPNs, disk encryption, and
secure communications due to its speed, security, and versatility.
AES Structure
AES operates on a 4x4 matrix of bytes called the state array, which represents the
128-bit block (16 bytes). The plaintext is transformed into this matrix, processed
through multiple rounds, and converted back to a 128-bit ciphertext block. The
document illustrates this in Figure 2.11 and describes the process in detail (pages
11–14).
State Array
A 128-bit plaintext block is arranged into a 4x4 matrix in column-major order:
o The first 4 bytes fill the first column, the next 4 bytes fill the second
column, and so on.
o Example (page 12): For the text "AESUSESAMATRIXZZ" (16 bytes
after padding), each character is converted to a numerical value (e.g.,
'S' = 18 = 121612_{16}1216 in hexadecimal) and arranged into the
state array column by column.
Encryption Process
The AES encryption process (Figure 2.12) consists of the following steps:
1. Initial Round:
o AddRoundKey: The 128-bit plaintext (state) is XORed with the first
128-bit round key (K0K_0K0).
2. Main Rounds (1 to Nr−1N_r - 1Nr−1): Each round applies four
transformations to the state:
o SubBytes: Each byte in the state is replaced with a new byte using a
16x16 S-box (substitution box) containing a permutation of all 256
possible 8-bit values (Table on page 14).
The leftmost 4 bits of a byte select the row, and the rightmost 4
bits select the column.
Example: Byte 121612_{16}1216 maps to C916C9_{16}C916
(row 1, column 2).
This step introduces confusion (non-linearity).
o ShiftRows: The rows of the state matrix are cyclically shifted left:
Row 0: No shift
Row 1: Shift left by 1 byte
Row 2: Shift left by 2 bytes
Row 3: Shift left by 3 bytes
This ensures diffusion across columns.
o MixColumns: Each column of the state is treated as a polynomial over
the Galois Field GF(28)GF(2^8)GF(28) and multiplied by a fixed matrix.
This step enhances diffusion by mixing bytes within each column.
o AddRoundKey: The state is XORed with the round key for the current
round (KiK_iKi).
3. Final Round (NrN_rNr):
o The final round omits the MixColumns step to simplify decryption.
o It includes SubBytes, ShiftRows, and AddRoundKey with the final
round key (KNrK_{N_r}KNr).
The output of the final round is the 128-bit ciphertext.
Decryption Process
AES decryption reverses the encryption process by applying inverse
transformations:
InvSubBytes: Uses an inverse S-box to map each byte back.
InvShiftRows: Shifts rows to the right by the same amounts as in ShiftRows.
InvMixColumns: Applies the inverse of the MixColumns matrix.
AddRoundKey: XORs the state with the round keys in reverse order (starting
with KNrK_{N_r}KNr).
The decryption process uses the same round keys but applies them in reverse order,
ensuring that the original plaintext is recovered.
Key Generation
AES uses a key-expansion algorithm to generate Nr+1N_r + 1Nr+1 128-bit round
keys from the input key (128, 192, or 256 bits). The document does not provide
detailed steps for key expansion but notes:
The number of round keys is always one more than the number of rounds
(e.g., 11 keys for AES-128).
Round keys are denoted K0,K1,...,KNrK_0, K_1, ..., K_{N_r}K0,K1,...,KNr.
The key-expansion process involves:
o Expanding the input key into a larger key schedule.
o Applying transformations such as rotations, S-box substitutions, and
XOR operations with round constants to generate each round key.
All round keys are 128 bits, regardless of the input key size, to match the
block size.
For example, in AES-128:
The 128-bit key is expanded into 11 round keys (176 bytes total).
The process ensures that each round key is unique and cryptographically
strong.
Security of AES
AES is considered highly secure and is the standard for modern cryptographic
applications. The document does not delve deeply into AES's security analysis, but
key points can be inferred:
1. Key Size:
o The 128, 192, or 256-bit key sizes provide a vast keyspace
(21282^{128}2128, 21922^{192}2192, or 22562^{256}2256), making
brute-force attacks infeasible with current technology.
o Compared to DES's 56-bit key, AES offers exponentially greater
resistance to exhaustive key searches.
2. Resistance to Cryptanalysis:
o Differential and Linear Cryptanalysis: AES was designed to resist
these attacks. The SubBytes and MixColumns steps introduce strong
non-linearity and diffusion, making it difficult to exploit patterns in the
ciphertext.
o Side-Channel Attacks: Like DES, AES is vulnerable to side-channel
attacks (e.g., timing or power analysis) in certain implementations.
Mitigation involves techniques like constant-time operations or
masking.
3. No Practical Attacks:
o As of 2025, no practical attacks against full AES have been discovered.
Some theoretical attacks (e.g., related-key attacks) exist for reduced-
round versions, but they are not feasible for the full algorithm with
standard key management practices.
4. Performance:
o AES is optimized for both hardware and software implementations. It is
faster than 3DES and supports parallel processing, making it suitable
for high-speed applications.
BLOWFISH
Blowfish is a symmetric-key block cipher designed by Bruce Schneier in 1993 as a
fast, secure, and flexible alternative to older ciphers like DES. It is known for its
simplicity, efficiency, and strong security, making it suitable for both software and
hardware implementations. While the provided document (u2suresh.pdf) does not
explicitly cover Blowfish, I will provide a comprehensive explanation based on
standard cryptographic knowledge, addressing its structure, operation, key
generation, strengths, and security considerations, while aligning with the level of
detail provided for DES and AES in the document.
Overview of Blowfish
Blowfish is a symmetric-key block cipher, meaning the same key is used for both
encryption and decryption. It operates on 64-bit blocks of plaintext to produce 64-bit
blocks of ciphertext and supports variable key sizes ranging from 32 bits to 448
bits (typically 128 bits in practice). Blowfish was designed to be secure against
known cryptanalytic attacks while being faster than DES, particularly in software.
Block Size: 64 bits (8 bytes).
Key Size: Variable, from 32 to 448 bits, in increments of 8 bits. Common key
sizes are 128 or 256 bits.
Rounds: 16 Feistel rounds, plus additional key-dependent operations.
Key Schedule: Generates 18 subkeys (P-array) and four 256-entry S-boxes,
making the key setup computationally intensive.
Applications: Blowfish is used in applications like file encryption (e.g.,
OpenSSL, bcrypt), VPNs, and password hashing, though it is less common
today for new systems due to its 64-bit block size.
Blowfish Structure
Blowfish uses a Feistel network, similar to DES, which splits the 64-bit input block
into two 32-bit halves and processes them through 16 rounds. The algorithm also
incorporates a complex key schedule that generates key-dependent S-boxes,
enhancing security. Below is a detailed breakdown of the encryption process.
Encryption Process
1. Input:
o The 64-bit plaintext block is split into two 32-bit halves: L (left) and R
(right).
2. Feistel Rounds (16 Rounds): Each round iii (for i=1i = 1i=1 to 16) applies the
following steps:
o F Function: The right half (RiR_iRi) is processed by the Blowfish F
function, which is key-dependent and non-linear:
The 32-bit input is split into four 8-bit chunks: a,b,c,da, b, c,
da,b,c,d.
Each chunk indexes one of four 256-entry S-boxes
(S1,S2,S3,S4S_1, S_2, S_3, S_4S1,S2,S3,S4), each mapping 8
bits to 32 bits.
The outputs are combined as follows:
F(x)=((S1[a]+S2[b])mod 232)⊕S3[c])+S4[d]mod 232F(x) =
((S_1[a] + S_2[b]) \mod 2^{32}) \oplus S_3[c]) + S_4[d] \mod
2^{32}F(x)=((S1[a]+S2[b])mod232)⊕S3[c])+S4[d]mod232.
The addition (+mod 232+ \mod 2^{32}+mod232) and XOR
(⊕\oplus⊕) operations introduce confusion and diffusion.
o Key Mixing: The output of the F function is XORed with the left half
(LiL_iLi) to produce the new right half: Ri+1=Li⊕F(Ri)R_{i+1} = L_i
\oplus F(R_i)Ri+1=Li⊕F(Ri).
o Subkey Addition: The right half (RiR_iRi) is XORed with the iii-th
subkey (PiP_iPi) from the P-array to produce the new left half:
Li+1=Ri⊕PiL_{i+1} = R_i \oplus P_iLi+1=Ri⊕Pi.
o Swap: The left and right halves are swapped for the next round (except
in the final round).
3. Final Swap:
o After the 16th round, the halves are swapped one last time.
4. Output Whitening:
o The final left half is XORed with the 17th subkey (P17P_{17}P17).
o The final right half is XORed with the 18th subkey (P18P_{18}P18).
o This step, called output whitening, adds an extra layer of security by
ensuring the output depends on additional subkeys.
5. Output:
o The resulting 64-bit block is the ciphertext.
Decryption Process
Decryption is nearly identical to encryption, with two key differences:
The subkeys are applied in reverse order (P18,P17,...,P1P_{18}, P_{17}, ...,
P_1P18,P17,...,P1).
The Feistel structure ensures that the F function and round operations are
applied in the same way, but the reverse key order undoes the encryption.
Key Generation
Blowfish’s key schedule is one of its most distinctive features, generating an 18-
element P-array (subkeys) and four 256-entry S-boxes from the input key. The
process is computationally intensive, which discourages frequent key changes but
enhances security.
1. Initialization:
o The P-array (18 subkeys, each 32 bits) is initialized with the fractional
part of the mathematical constant π\piπ (in hexadecimal, precomputed
values).
o The four S-boxes (each with 256 32-bit entries) are also initialized with
digits of π\piπ.
2. Key Incorporation:
o The input key (32 to 448 bits) is XORed with the P-array entries in a
cyclic manner:
If the key is kkk bytes, the first 4 bytes are XORed with
P1P_1P1, the next 4 bytes with P2P_2P2, and so on, looping
back to the start of the key if necessary.
Example: For a 128-bit (16-byte) key, P1P_1P1 to P4P_4P4 are
XORed with the key bytes, and P5P_5P5 to P18P_{18}P18
remain initialized with π\piπ.
3. S-box and P-array Update:
o The entire P-array and S-boxes are updated by running the Blowfish
encryption algorithm repeatedly:
Encrypt a 64-bit block of all zeros using the current P-array and
S-boxes.
Replace P1P_1P1 and P2P_2P2 with the resulting ciphertext.
Encrypt the new ciphertext and replace P3P_3P3 and P4P_4P4,
and so on, until all 18 P-array entries are updated.
Continue encrypting to update all 1024 S-box entries (256
entries per S-box).
o This process requires 521 iterations of the Blowfish algorithm, making
key setup slow but ensuring that the subkeys and S-boxes are highly
dependent on the input key.
The resulting P-array (P1P_1P1 to P18P_{18}P18) and S-boxes (S1S_1S1 to
S4S_4S4) are used in the encryption and decryption processes.
Strengths of Blowfish
1. Security:
o Variable Key Size: Supports keys up to 448 bits, offering strong
resistance to brute-force attacks (e.g., 21282^{128}2128 possibilities
for a 128-bit key).
o Key-Dependent S-boxes: Unlike DES’s fixed S-boxes, Blowfish’s S-
boxes are generated from the key, making the algorithm more resistant
to cryptanalysis.
o Feistel Structure: The 16 rounds and complex F function provide
strong diffusion and confusion, thwarting attacks like differential and
linear cryptanalysis.
2. Performance:
o Blowfish is optimized for software implementations, particularly on 32-
bit processors, where it outperforms DES due to its simpler operations
(XOR, addition, and table lookups).
o It is compact, requiring only about 4 KB of memory for the P-array and
S-boxes, making it suitable for resource-constrained environments like
embedded systems.
3. Flexibility:
o The variable key size allows Blowfish to balance security and
performance based on application needs.
o It is unpatented and freely available, encouraging widespread adoption.
4. Resistance to Cryptanalysis:
o Blowfish has been extensively studied since 1993 and remains secure
against practical attacks when used with a sufficiently large key (e.g.,
128 bits or more).
o It is resistant to differential cryptanalysis due to its key-dependent S-
boxes and 16 rounds.
Security Considerations
While Blowfish is a strong cipher, it has limitations that make it less suitable for some
modern applications:
1. Block Size:
o The 64-bit block size is relatively small by today’s standards, making
Blowfish vulnerable to birthday attacks in modes like CBC when
encrypting large amounts of data (2322^{32}232 blocks or about 4 GB).
AES’s 128-bit block size is more secure for such scenarios.
2. Key Setup:
o The key schedule is computationally expensive (521 encryption
iterations), making Blowfish less suitable for applications requiring
frequent key changes.
o However, this slow key setup is a security feature, as it increases the
cost of brute-force attacks on the key schedule.
3. Cryptanalytic Attacks:
o Differential Cryptanalysis: Blowfish is designed to resist this attack,
requiring an impractical number of chosen plaintexts (e.g.,
2482^{48}248 or more for reduced-round versions).
o Related-Key Attacks: Some theoretical attacks exploit weaknesses in
the key schedule when related keys are used, but these are impractical
in real-world scenarios with proper key management.
o Side-Channel Attacks: Like DES and AES, Blowfish is vulnerable to
timing or power analysis attacks in certain implementations. Mitigation
requires constant-time operations or hardware protections.
4. Modern Alternatives:
o AES has largely replaced Blowfish in many applications due to its
larger block size, hardware acceleration (e.g., AES-NI instructions),
and standardization by NIST.
o Blowfish’s successor, Twofish (also by Schneier), was a finalist in the
AES competition and offers a 128-bit block size and improved security,
but it is less widely adopted than AES.
5. Key Size:
o While Blowfish supports up to 448-bit keys, keys shorter than 128 bits
(e.g., 32 or 64 bits) are insecure by modern standards due to brute-
force feasibility.
o Common practice uses 128-bit or 256-bit keys to ensure long-term
security.
Unit-4
Authentication Header
The Authentication Header (AH) in IP Security (IPSec) is a protocol designed to
provide data integrity, data origin authentication, and protection against replay
attacks for IP packets. It is detailed in the provided document (pages 16–18) as part
of the IPSec suite, which enhances security at the IP layer. Below is a
comprehensive explanation based on the document:
Overview of Authentication Header (AH)
Purpose: AH ensures that the data in an IP packet has not been altered
during transit (data integrity), verifies the identity of the packet's source (data
origin authentication), and prevents unauthorized retransmission of packets
(anti-replay protection).
Mechanism: AH uses a Message Authentication Code (MAC), which
requires both communicating parties to share a secret key.
Scope: It authenticates the entire IP packet, except for certain mutable fields
in the IP header that may change during transit (e.g., Time to Live, Type of
Service).
AH Header Format
The AH header, as described on page 16 and illustrated in Figure 5, consists of the
following fields:
1. Next Header (8 bits): Indicates the type of header immediately following the
AH (e.g., TCP, UDP).
2. Payload Length (8 bits): Specifies the length of the AH in 32-bit words,
minus 2. For example, with a default authentication data field of 96 bits (3
words) and a 3-word fixed header, the payload length is calculated as 6 - 2 =
4.
3. Reserved (16 bits): Reserved for future use, set to zero.
4. Security Parameters Index (SPI) (32 bits): Identifies the Security
Association (SA) for the packet, which defines the security parameters (e.g.,
keys, algorithms).
5. Sequence Number (32 bits): A monotonically increasing counter to prevent
replay attacks by ensuring packets are processed in order.
6. Authentication Data (variable length): Contains the Integrity Check Value
(ICV) or MAC, computed over the packet to verify integrity and authenticity.
This field must be an integral number of 32-bit words.
Key Features and Services
1. Data Integrity:
o Ensures that the packet's content remains unchanged during transit.
The ICV is calculated using the shared secret key and covers the entire
packet, excluding mutable fields (e.g., fields that routers may modify,
such as TTL).
o Mutable fields are set to zero during MAC calculation to ensure
consistency.
2. Data Origin Authentication:
o Verifies that the packet was sent by the claimed source. The MAC,
generated with the shared secret key, ensures that only the legitimate
sender could have produced the correct ICV.
3. Anti-Replay Protection (pages 17–18):
o AH uses the Sequence Number field to thwart replay attacks, where
an attacker retrans retransmits a previously captured packet to
disrupt service or gain unauthorized access.
o Mechanism:
The sender initializes a sequence number counter to 0 when a
new SA is established and increments it for each packet
(starting from 1).
The receiver maintains a sliding window (default size W = 64) to
track valid sequence numbers. The window's right edge is the
highest valid sequence number received (N).
Packet processing:
If a packet’s sequence number is within the window and
new, the MAC is verified, and the slot is marked.
If the packet is to the right of the window and new, the
window advances, and the slot is marked after MAC
verification.
If the packet is outside the window or fails authentication,
it is discarded, and an auditable event is logged.
o Replay Attack Example (page 17):
An attacker captures a message (e.g., a bank transfer request)
and retransmits it to duplicate the transaction. The sequence
number ensures the duplicate is rejected.
o Limitation: IP’s connectionless nature means packets may arrive out
of order, so the window mechanism accommodates this while
preventing replays.
Transport and Tunnel Modes (page 18)
AH operates in two modes, affecting the scope of authentication:
1. Transport Mode:
o Used for end-to-end authentication between two hosts (e.g., client
and server).
o The AH is inserted after the IP header and before the payload (e.g.,
TCP segment).
o Authentication covers the entire packet, excluding mutable fields in the
IP header (set to zero for MAC calculation).
o For IPv6, AH is treated as an end-to-end payload, placed after the base
header and certain extension headers (e.g., hop-by-hop, routing).
2. Tunnel Mode:
o Used for gateway-to-gateway or host-to-gateway communication
(e.g., VPNs).
o The entire original IP packet (including the inner IP header) is
authenticated, and the AH is inserted between the original IP header
and a new outer IP header.
o The inner packet is fully protected, while the outer header’s mutable
fields are excluded from authentication.
o Example: A packet from Host A is encapsulated by a firewall, sent
through a tunnel, and decapsulated by the destination firewall.
Scope of Authentication (Figure 8, page 18)
IPv4:
o Transport mode: AH protects the IP header (excluding mutable fields)
and the payload.
o Tunnel mode: AH protects the entire inner IP packet, including the inner
header, but excludes mutable fields in the outer header.
IPv6:
o Transport mode: AH follows the base header and extension headers
(e.g., hop-by-hop, routing), protecting the payload and excluding
mutable fields.
o Tunnel mode: Similar to IPv4, the entire inner packet is protected, with
the outer header’s mutable fields excluded.
ESP
Overview of Encapsulating Security Payload (ESP)
Purpose: ESP primarily ensures the confidentiality of the packet's payload
by encrypting it, preventing eavesdropping by unauthorized parties. It can also
provide authentication and integrity checks (via an optional authentication
feature) and protect against replay attacks.
Key Services:
o Confidentiality: Encrypts the payload (and optionally the entire packet
in tunnel mode) to protect data from unauthorized access.
o Limited Traffic Flow Confidentiality: Conceals the actual length of
the payload to obscure traffic patterns.
o Authentication and Integrity (optional): Verifies the packet’s origin
and ensures it has not been altered.
o Anti-Replay Protection: Prevents attackers from retransmitting
captured packets.
Flexibility: Unlike the Authentication Header (AH), which only provides
authentication, ESP can provide both encryption and authentication or
encryption alone, depending on configuration.
Anti-Replay Protection
ESP uses the Sequence Number field to prevent replay attacks, similar to
AH (page 19).
The sender increments the sequence number for each packet within an SA,
starting from 1.
The receiver uses a sliding window (default size W = 64) to track valid
sequence numbers, rejecting packets with duplicate or out-of-window
numbers.
This ensures that captured packets cannot be retransmitted to disrupt
communication or gain unauthorized access.
Authentication Process
The authentication process consists of two key steps:
1. Identification Step:
o The user presents an identifier (e.g., a username or user ID) to the
security system to claim an identity.
o Example: A user named Alice enters her user ID ("Alice") to initiate
access.
2. Verification Step:
o The user provides or generates authentication information to
corroborate the binding between the entity and the claimed identifier.
o Example: Alice enters a password, which the system verifies against
stored credentials to confirm her identity.
In essence, identification establishes "who" the user claims to be, while
authentication validates that claim.
Mutual Authentication
Definition: Mutual authentication involves protocols that allow both
communicating parties (e.g., a user and a server) to verify each other’s
identity and establish a secure session key.
Key Issues:
1. Confidentiality:
To prevent masquerade (impersonation) and protect session
keys, authentication data and session keys must be transmitted
in encrypted form.
This requires prior existence of secret or public keys (e.g.,
symmetric keys or public-private key pairs) for encryption.
2. Timeliness:
Ensures messages are fresh and not replayed by attackers.
Replay attacks could allow an adversary to compromise session
keys, impersonate a party, or disrupt operations.
Purpose: Mutual authentication ensures that both the user and the system
are legitimate, preventing scenarios where a user connects to a malicious
server or a server grants access to an impersonator.
Replay Attacks
The document (page 29–30) describes replay attacks as a significant threat in
remote authentication, where an attacker captures and retransmits valid messages
to deceive the system. Examples include:
1. Simple Replay:
o An attacker copies a message and replays it later to gain unauthorized
access.
o Example: Capturing a login message and resending it to log in as the
user.
2. Replay Within Time Window:
o An attacker replays a timestamped message within its valid time
window, making it appear legitimate.
o If both the original and replayed messages arrive within the window,
the incident may be logged but not prevented.
3. Replay with Original Suppression:
o The attacker replays a timestamped message and suppresses the
original, preventing detection of the duplicate.
o Example: Intercepting a funds transfer request and resending it to
duplicate the transaction.
4. Backward Replay:
o The attacker replays a message back to the sender (possible with
symmetric encryption), who may not distinguish sent from received
messages.
o Example: Replaying a server’s response to confuse the sender.