Information Security

Technologies and Tools used in Information

Security.
• Identification, Authentication and
Authorization.
• Identification:- is a means through which a user
claims identity (who it is) on a system.
• Authentication:- is a means through which the
validity of the claimed identity is assessed
(verified).
• Authorization defines and maintain allowed
actions on a system.
Technologies and Tools used in Information
Security.
• Identification and Authorization forms the
basis for Accountability.

• The combination of all the three;

Identification, authentication and
Authorization forms the basis for identity-
based access control.
 Authentication forms
• Authentication mechanisms:
– Something the user have. (eg. Tokens)
– Something known only to the user. (like
passwords)
– Something the user is. (sampled characteristics of
the user) eg. Fingerprints.
 Authentication forms
• Static:- reuses the same authenticator (eg.
Static password)
– The strength of this authenticator depends on
how secured it is both in storage and in transit.
• Dynamic:- uses cryptography or other
techniques to create one per-session
authenticator. Authenticator changes per
authentication session.
 Authentication forms
• Multiple factor:- uses two or more
authentication techniques.. eg. Using a token
together with a password.
 Cryptography
• Encryption is the process of scrambling the
contents of a file or message to make it
unintelligible to anyone not in possession of
the "key" required to unscramble it.

• Cryptography is the science of writing in secret

code.
 Purpose of cryptography
• Within the context of any application-to-
application communication, there are some
specific security requirements, including:
• Authentication: The process of proving one's
identity. (The primary forms of host-to-host
authentication on the Internet today are
name-based or address-based, both of which
are notoriously weak.)
 Purpose of cryptography
• Privacy/confidentiality: Ensuring that no one
can read the message except the intended
receiver.
• Integrity: Assuring the receiver that the
received message has not been altered in any
way from the original.
• Non-repudiation: A mechanism to prove that
the sender really sent this message.
 Purpose of cryptography
• cryptography is necessary when
communicating over any untrusted medium,
which includes just about any network,
particularly the Internet.
 cryptosystem
• A cryptosystem or algorithm is the process or
procedure to turn plaintext into cryptotext.
• A crypto algorithm is also known as a "cipher."
Elements of effective cryptosystem
• First and foremost it must be reversible.
– A crypto algorithm is of no practical use if once
you have scrambled your information, you cannot
unscramble it.
• The security of the cryptosystem should be
dependent on the secrecy and length of the
key and not on the details of the algorithm.
Elements of effective cryptosystem
– knowing the algorithm should not make it
significantly easier to crack the code (restricted
versus unrestricted).
• A cipher should generate ciphertext roughly
equivalent in size
 Cipher
• Below is an example of a cipher; to scramble a
message with this cipher, simply match each
letter in a message to the first row and convert
it into the number or letter in the second row.
• To unscramble a message, match each letter
or number in a message to the corresponding
number or letter in the second row and
convert it into the letter in the first row.
 Cipher
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 A B C D E F G H I J K L M N O P Q R S T
 Cipher
• Ciphers usually fall into one of two categories:
• stream ciphers.
• block ciphers
 Stream ciphers
• Stream cipher algorithms process plaintext to
produce a stream of ciphertext.
– The cipher inputs the plaintext in a stream and
outputs a stream of ciphertext.
Plaintext: Let us talk one to one.
Ciphertext: F5n om n1fe ih5 ni ih5
 Stream ciphers
Weaknesses
• The most crucial shortcoming of stream
ciphers is the fact that patterns in the plaintext
can be reflected in the ciphertext.
• NB:
– Knowing that certain words repeat makes
breaking the code easier.
– certain words in the English language appear with
predictable regularity.
 Stream ciphers
– Letters of the alphabet also appear in predictable
regularity. The most
– commonly used letters of the alphabet in the
English language are E, T, A, O, N, and I.
– least commonly used letters in the English
language are J, K, X, Q, and Z.
– The most common combination of letters in the
English language is "th." As a result, if a code
breaker is able to find a "t" in a code, it doesn't
take long to find an "h."
 Stream ciphers
• Another weakness of stream ciphers is that they
can be susceptible to a substitution attack even
without breaking the code.
– This is a type of replay attack where someone can
simply copy a section of an old message and insert it
into a new message. You don't need to break the
code to insert the old section into a new message.
• Examples of stream ciphers include the Vernam
cipher, Rivest cipher #4 (RC4), and one-time
pads.
 Block ciphers
• Block ciphers encrypt and decrypt information
in fixed size blocks rather than encrypting and
decrypting each letter or word individually.
• A block cipher passes a block of data or
plaintext through its algorithm to generate a
block of ciphertext.
• A block cipher ideally should generate
ciphertext roughly equivalent in size (in terms
of number of blocks) to the cleartext.
 Block ciphers
• Another requirement of block ciphers is that
the ciphertext should contain no detectable
pattern.
• Examples of well-known block ciphers include
– Data Encryption Standard (DES),
– International Data Encryption Algorithm (IDEA),
and
– SKIPJACK.
 Breaking ciphers
• For as long as ciphers have existed, there have
been people trying to break them.
• There are many methods employed to break
cipher. Some methods are ingenious. Some
are sophisticated and technical in nature,
while others are more crude in nature.
 widely used techniques employed in
breaking ciphers.
1. Known Plaintext Attack
– This method relies on the code breaker knowing in
advance the plaintext content of a ciphertext
message.
– Having both the plaintext and the ciphertext the
code breaker reengineers the cipher and the key
used to create the ciphertext.
 widely used techniques employed in
breaking ciphers.
2. Chosen Plaintext Attack
– This method relies on the ability of the code
breaker to somehow get a chosen plaintext
message encrypted.
3. Cryptanalysis
– Technically, any method employed to break a cipher
or code is cryptanalysis.
– cryptanalysis is employing mathematical analysis to
break a code. This method requires a high level of
skill and sophistication.
 widely used techniques employed in
breaking ciphers.
– It is usually only employed by academics and
governments. Today it relies very heavily on the
use of ultrafast super computers.
– Probably the most active and successful
organization in the world, dedicated to breaking
codes, is the National Security Agency (NSA).
 widely used techniques employed in
breaking ciphers.
• This is the largest and most secret spy agency
in the United States. It is sometimes referred
to as the Puzzle Palace, because the group
spends so much time and energy on codes
and cipher.
 widely used techniques employed in
breaking ciphers.
4. Brute Force
– The brute force method tries every possible
combination of keys or algorithms to break a
cipher.
– Requires tremendous resources. Usually, this type
of attack requires computer assistance. If the
algorithm is simple or the key is small, then the
CPU resources required could be provided by a
simple PC
 widely used techniques employed in
breaking ciphers.
5. Social Engineering
– This method relies on breaking a cipher by getting
someone knowledgeable about the cipher to
reveal information on how to break it.
– Bribing someone, tricking him or her into divulging
information, or threatening him or her with harm
to reveal information.
– When the threat of harm is employed it is
sometimes referred to as rubber-hose
cryptanalysis.
 widely used techniques employed in
breaking ciphers.
6. Substitution:
– This is a type of replay attack where a previous message, in
part or in whole, is inserted into a legitimate message.
– An attacker does not need to break the cipher for this type of
attack to be effective.
7. Timing attacks:
– Some cryptosystems can be broken if an outsider is able to
accurately measure the time required to perform the
encryption and decryption of a known ciphertext.
– The known ciphertext and the timing provide enough
information to deduce fixed exponents and factors of some
systems.
 Encryption
• Encryption is the process of scrambling the
contents of a file or message to make it
unintelligible to anyone not in possession of
the "key" required to unscramble the file or
message.
• There are two types of encryption:
– symmetric (private/secret) key and
– Asymmetric (public) key encryption.
 Symmetric Key Encryption
• Symmetric key, also referred to as private key
or secret key, is based on a single key and
algorithm being shared between the parties
who are exchanging encrypted information.
• The same key both encrypts and decrypts
messages.
 Symmetric Key Encryption
• The strength of the scheme is largely
dependent on the size of the key and on
keeping it secret.
– Generally, the larger the key, the more secure the
scheme.
• In addition, symmetric key encryption is
relatively fast.
 Symmetric Key Encryption
• The main weakness of the system is that the
key or algorithm has to be shared.
• You can't share the key information over an
unsecured network without compromising the
key.
– As a result, private key cryptosystems are not well
suited for spontaneous communication over open
and unsecured networks. In addition, symmetric
key provides no process for authentication or
nonrepudiation.
 Symmetric Key Encryption
• Examples of widely deployed symmetric key
cryptosystems include DES, IDEA, Blowfish,
RC4, CAST, and SKIPJACK.
 Data Encryption Standard (DES)
• DES is one of the oldest and most widely used
algorithms.
• DES was developed by IBM with the
encouragement of the NSA.
• It was originally deployed in the mid 1970s. DES
consists of an algorithm and a key.
• The key is a sequence of eight bytes, each
containing eight bits for a 64-bit key. Since each
byte contains one parity bit, the key is actually 56
bits in length.
 Data Encryption Standard (DES)
• DES is widely used in automated teller
machine (ATM) and point-of-sale (POS)
networks,
• DES has been enhanced with the triple DES.
• DES has been broken.
• It is gradually being phased out of use.
 International Data Encryption Algorithm
(IDEA)
• IDEA is a symmetric key block cipher
developed at the Swiss Federal Institute in the
early 1990s.
• IDEA utilizes a 128-bit key. Supposedly, it is
more efficient to implement in software than
DES and triple DES. Since it was not developed
in the United States, it is not subject to U.S.
export restrictions.
 CAST
• The CAST algorithm supports variable key lengths,
anywhere from 40 bits to 256 bits in length.
• CAST uses a 64-bit block size, which is the same as
the DES, making it a suitable drop-in replacement.
• CAST has been reported to be two to three times
faster than a typical implementation of DES and six
to nine times faster than a typical implementation
of triple DES.
 CAST
• The CAST algorithm was developed by Carlisle
Adams and Strafford Travares and patented by
Entrust Technologies, but a version of the
CAST algorithm is available for free
commercial and noncommercial use.
• CAST is employed in Pretty Good Privacy
(PGP).
 Rivest Cipher #4 (RC4)
• Developed by Ron Rivest of RSA fame, RC4 is a
stream cipher that uses a variable size key.
– However, when used with a key of 128 bits it can
be very effective.
– Until recently, the approved export version only
used a 40-bit key.
• RC4 is used in Netscape Navigator and
Internet Explorer.
 Asymmetric Key Encryption
• Asymmetric cryptography is also known as
public key cryptography.
• Public key cryptography uses two keys as
opposed to one key for a symmetric system.
• With public key cryptography there is a public
key and a private key.
 Asymmetric Key Encryption
• The keys' names describe their function. One key
is kept private, and the other key is made public.
– Knowing the public key does not reveal the private
key.
• A message encrypted by the private key can only
be decrypted by the corresponding public key.
• Conversely, a message encrypted by the public
key can only be decrypted by the private key.
 Public Key Cryptosystems
• There are three public key algorithms in wide
use today:
– Diffie-Hellman;
– RSA; and the
– Digital Signature Algorithm (DSA).
 Public Key Cryptosystems
1. Diffie-Hellman
• The Diffie-Hellman algorithm was developed
by Whitfield Diffie and Martin Hellman at
Stanford University.
• It was the first usable public key algorithm.
• Diffie-Hellman is based on the difficulty of
computing discrete logarithms.
 Public Key Cryptosystems
• It can be used to establish a shared secret key
that can be used by two parties for symmetric
encryption.
• Diffie-Hellman is often used for IPSEC key
management protocols.
 Public Key Cryptosystems
For spontaneous communications with Diffie-Hellman,
– Two communicating entities would each generate a
random number that is used as their private keys.
– They exchange public keys.
– They each apply their private keys to the other's
public key to compute identical values (shared secret
key).
– They then use the shared secret key to encrypt and
exchange information
 Public Key Cryptosystems
2. Rivest, Shamir, Adelman (RSA)
– The RSA public key algorithm was developed by Ron
Rivest, Adi Shamir, and Len Adelman at MIT.
– RSA multiplies large prime numbers together to
generate keys. Its strength lies in the fact that it is
extremely difficult to factor the product of large prime
numbers.
– This algorithm is the one most often associated with
public key encryption.
– The RSA algorithm also provides digital signature
capabilities.
 Public Key Cryptosystems
3. Digital Signature Algorithm (DSA)
– DSA was developed as part of the Digital Signature
Standard (DSS).
– Unlike the Diffie-Hellman andRSA algorithms, DSA
is not used for encryption but for digital
signatures.
 Message Integrity
• To attain a high level of confidence in the
integrity of a message or data, a process must
be put in place to prevent or detect alteration
during transit. One technique employed is
called a hash function.
• Hash function:
• A hash function takes a message of any length
and computes a product value of fixed length.
• The product is referred to as a "hash value."
 Message Integrity
• The length of the original message does not
alter the length of the hash value.
• Hash functions are used to ensure the
integrity of a message or file.
• Using the actual message or file, a hash
function computes a hash value, which is a
cryptographic checksum of the message. This
checksum can be thought of as a fingerprint
for that message.
 Message Integrity
• The hash value can be used to determine if
the message or file has been altered since the
value was originally computed.

• Using e-mail as an example, the hash value for

a message is computed at both the sending
and receiving ends.
 Message Integrity
• If the message is modified in anyway during
transit, the hash value computed at the
receiving end will not match the value
computed at the sending end.
• Hash functions must be one way only.
– In other words, there should be no way to reverse
the hash value to obtain information on the
message. Obviously, this would represent a risk.
 Digital Signatures
• Another requirement of an effective one-way
hash function is that the possibility of
"collisions" is very limited, if nonexistent.
• A collision occurs when the same hash value is
computed for two or more unique messages.
If the messages are different the hash values
should be different. No two unique messages
should compute the same hash value.
 Digital Signatures
• Some of the more widely implemented
hashing algorithms are:
– Message digest #4 (MD4) from RSA
– Message digest #5 (MD5) from RSA
– Secure hash algorithm-1 (SHA-1)
– RACE Integrity Primitives Evaluation (RIPE) MD-
160 (RIPEMD-160)
 Digital Signatures
• MD4
– MD4 was developed by Ron Rivest of RSA.
– MD4 is a one-way hash function that takes a
message of variable length and produces a 128-bit
hash value or message digest.
– MD4 has been proven to have weaknesses.
Analysis has shown that at least the first two
rounds of MD4 are not one-way (there are three
rounds in MD4) and that the algorithm is subject
tocollisions.
 Digital Signatures
• MD5
– MD5 was also created by Ron Rivest as an improvement on
MD4.
– MD5 creates a unique 128-bit message digest value derived
from the contents of a message or file. This value, which is a
fingerprint of the message or file content, is used to verify the
integrity of the message's or file's contents. If a message or file
is modified in any way, even a single bit, the MD5 cryptographic
checksum for the message or file will be different.
– Considered very difficult to alter a message or file in a way that
will cause MD5 to generate the same result as was obtained for
the original file.
 Digital Signatures
• While MD5 is more secure than MD4, it too has been
found to have some weaknesses:
• Analysis has found a collision in the compression
function of MD5, although not for MD5 itself.
Nevertheless, this attack casts doubts on the whether
MD5 is truly a collision-resistant hash algorithm.
• The MD5 algorithm is intended for digital signature
applications, where a large file must be "compressed" in
a secure manner before being encrypted with a private
(secret) key under a public-key cryptosystem such as
RSA.
 Digital Signatures
• Secure Hash Algorithm-1 (SHA-1)
– SHA-1 is a one-way hash algorithm used to create
digital signatures.
– SHA-1 is derived from SHA, which was developed
in 1994 by the NIST.
– SHA-1 is similar to the MD4 and MD5 algorithms
but is slightly slower than MD4 and MD5, but it is
reported to be more secure.
 Digital Signatures
– The SHA-1 hash function produces a 160-bit hash
value or message digest.
– Since it produces a 160-bit message digest it is
more resistant to brute force attacks than MD4
and MD5, which produce a 128-bit message
digest.
 Digital Signatures
• RIPEMD
– RIPEMD is a hash function that was developed
through the European Community's project RIPE.
– There are several extensions to RIPEMD
– RIPEMD-128, RIPEMD-160, and RIPEMD256.
– Each extension is a reference to the length of the
hash value or message digest. For example,
RIPEMD-160 is a 160-bit cryptographic hash
function, designed by Hans Dobbertin, Antoon
Bosselaers, and Bart Preneel.
 Authentication

• To have a high level of confidence and trust in the

integrity of information received over a network, the
transacting parties need to be able to authenticate each
other's identity.
• While confidentiality was ensured with the use of public
key cryptography, there was no authentication of the
parties' identities.
• . To ensure secure business transactions on unsecured
networks like the Internet, both parties need to be able
to authenticate their identities.
 Authentication
• Authentication in a digital setting is a process
whereby the receiver of a message can be
confident of the identity of the sender.
• The lack of secure authentication has been a
major obstacle in achieving widespread use of
the Internet for commerce.
• One process used to authenticate the identity
of an individual or entity involves digital
signatures.
 Digital Signatures
• A digital signature allows a receiver to
authenticate (to a limited extent) the identity of
the sender and to verify the integrity of the
message.
• For the authentication process, you must already
know the sender's public key, either from prior
knowledge or from some trusted third party.
• Digital signatures are used to ensure message
integrity and authentication.
 Digital Signatures
• In its simplest form, a digital signature is
created by using the sender's private key to
hash the entire contents of the message being
sent to create a message digest.
• The recipient uses the sender's public key to
verify the integrity of the message by
recreating the message digest.
• By this process you ensure the integrity of the
message and authenticate the sender
 Digital Signatures
• To sign a message, senders usually append
their digital signature to the end of a message
and encrypt it using the recipient's public key.
• Recipients decrypt the message using their
own private key and verify the sender's
identity and the message integrity by
decrypting the sender's digital signature using
the sender's public key
 Digital Signatures
• Alice has a pair of keys, her private key
and her public key.
• She sends a message to Bob that includes
both a plaintext message and a version of
the plaintext message that has been
encrypted using her private key.
• The encrypted version of her text
message is her digital signature.
 Digital Signatures
• Bob receives the message from Alice and decrypts it
using her public key.
• He then compares the decrypted message to the
plaintext message.
• If they are identical, then he has verified that the
message has not been altered and that it came from
Alice.
• He can authenticate that the message came from Alice
because he decrypted it with Alice's public key, so it
could only have been encrypted with Alice's private key,
to which only Alice has access.
 Digital Signatures
• The strengths of digital signatures are that they
are almost impossible to counterfeit and they
are easily verified. However, if Alice and Bob
are strangers who have never communicated to
• each other before, and Bob received Alice's
public key, but had no other means to verify
who Alice was, other than Alice's assertion that
she was who she claimed to be, then the digital
signature is useless for authentication.
 Digital Signatures
• It will still verify that a message has arrived
unaltered from the sender, but it cannot be
used to authenticate the identity of the
sender.
• In cases where the parties have no prior
knowledge of one another, a trusted third
party is required to authenticate the identity
of the transacting parties.