You are on page 1of 204

1|Page Network Security & Cryptography

NETWORK SECURITY
&
CRYPTOGRAPHY

DR. HIMANSHU GUPTA

Copyright © 2018-19 by Dr. Himanshu Gupta


2|Page Network Security & Cryptography

Acknowledgment
It is a great opportunity for us to write about dynamic area of Information Technology like
“Network Security”. At the time of preparing this book we have gone through different books
and websites which help me to get familiar with new topics. We are actually focusing on those
topics which are important for us to understand about this subject easily.

We acknowledge with gratitude to our respected parents, family members and colleagues for
their moral support, our respective professional mentors, who have always been sincere and
helpful in making us understanding the different system of legal research and conceptual
problems in our research work.

Apart from us this book will certainly be immense importance for those who are interesting to
know about this subject. We hope they will find it comprehensible.

We have tried hard and soul to gather all relevant documents regarding this subject. Furthermore,
in this book, we tried to cover all required topics with modern approach and techniques in this
subject and we assure to all readers that we will try to give a better volume in future.

Thank you!

Dr. Himanshu Gupta

Copyright © 2018-19 by Dr. Himanshu Gupta


3|Page Network Security & Cryptography

Preface
Unlike past, today’s networks consist of various networking devices and technologies that handle
the data as it transmits from the sender to the receiver. However, security concerns are frequently
raised in the circumstances where interconnected computers use a wireless network not
controlled by any one entity or organization. Network Security examines various network
protocols, focusing on vulnerabilities, exploits, attacks, and methods to mitigate an attack.

This book uses a define-attack-defend methodology for network security. This book briefly
introduces the relevant cryptographic protocols and follows up with detailed descriptions of
known vulnerabilities and possible attack methods. While most of the books available on this
subject focus solely on cryptographic techniques to mitigate attacks, this volume recognizes the
limitations of this methodology and considers a wider range of security problems and solutions.
By focusing on a real life issues of network security and examining actual security solutions,
readers can better understand the vulnerabilities and develop appropriate countermeasures.

This book provides conceptual understanding of information security issues, challenges and
mechanisms. This is useful to develop basic skills of secure network architecture and explains
the theory behind the security of different cryptographic algorithms. It describes common
network vulnerabilities and attacks, defense mechanisms against network attacks, and
cryptographic protection mechanisms. This book explores the requirements of real-time
communication security and issues related to the security of web services.

Copyright © 2018-19 by Dr. Himanshu Gupta


4|Page Network Security & Cryptography

Contents

Unit-I Introduction to Network Security & Cryptography Page No. 6-43

Introduction to Security Attacks, Services and Mechanism, Classical encryption techniques,


Substitution Ciphers and Transposition ciphers, Cryptanalysis, Steganography, Stream and Block
ciphers.

Unit-II Secret Key Cryptography Page No. 44-68

Modern Block Ciphers: Block Ciphers Principles, Shannon’s Theory of Confusion and
Diffusion, Fiestal Structure, Data Encryption Standard (DES), Strength of DES, Idea of
Differential Cryptanalysis, Block Cipher Modes of Operations, Triple DES

Unit-III Public Key Cryptography Page No. 69-92

Introduction to group, field, modular arithmetic, prime and relative prime numbers, Euclidean
Algorithm.

Advanced Encryption Standard (AES) encryption and decryption, Fermat’s and Euler’s theorem,
Chinese Remainder theorem, Principals of Public Key Crypto Systems, RSA algorithm, Security
of RSA algorithm.

Unit-IV Authentication Standards Page No. 93-115

Message Authentication Codes: Authentication requirements, authentication functions, message


authentication code, Hash Functions, Birthday Attacks, Security of hash functions, Secure Hash
Algorithm (SHA), Message Digest

Digital Signatures: Digital Signatures, Digital Signature Standards (DSS), proof of Digital
Signature Algorithm

Unit-V Key Management Page No. 116-132

Key Management and Distribution: Symmetric Key Distribution, Diffie-Hellman Key Exchange,
Public Key Distribution, X.509 Certificates, Public Key Infrastructure.

Copyright © 2018-19 by Dr. Himanshu Gupta


5|Page Network Security & Cryptography

Unit-VI Web Security Page No. 133-157

Authentication Applications: Kerberos, Electronic Mail Security: Pretty Good Privacy (PGP),
S/MIME.

IP Security: Architecture, Authentication Header, Encapsulating Security Payloads, Key


Management, Introduction to Secure Socket Layer, Secure electronic, transaction (SET)

Module VII: System Security Page No. 158-201

System Security: Introductory Idea of Intrusion, Intrusion Detection Techniques, Viruses and
Worms, Firewalls, Design Principles of Firewalls, IT Acts and Cyber Laws (Global Standards),
Virtual Private Network, Recent attacks on networks.

Copyright © 2018-19 by Dr. Himanshu Gupta


6|Page Network Security & Cryptography

UNIT-I

Introduction to Network Security & Cryptography

1. Network Security

Network Security means protecting network and networking systems from unauthorized access,
use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

The terms network security, computer security and information security are frequently used
interchangeably. These fields are interrelated often and share the common goals of protecting the
confidentiality, integrity and availability of information; however, there are some subtle
differences between them.

Network security is concerned with the confidentiality, integrity and availability of data
regardless of the form the data may take: electronic, print, or other forms. Computer security can
focus on ensuring the availability and correct operation of a computer system without concern
for the information stored or processed by the computer. Information security & assurance
focuses on the reasons for assurance that information is protected, and is thus reasoning about
information security.

Governments, military, corporations, financial institutions, hospitals, and private businesses


amass a great deal of confidential information about their employees, customers, products,
research, and financial status. Most of this information is now collected, processed and stored on
electronic computers and transmitted across networks to other computers. For the individual,
information security has a significant effect on privacy, which is viewed very differently in
different cultures.

The field of information security has grown and evolved significantly in recent years. There are
many ways of gaining entry into the field as a career. It offers many areas for specialization
including: securing network(s) and allied infrastructure, securing applications and databases,
security testing, information systems auditing, business continuity planning and digital forensics
science, etc.

Copyright © 2018-19 by Dr. Himanshu Gupta


7|Page Network Security & Cryptography

1.1 Needs of Network Security

There are many reasons why you should protect the network you use on your computer,
including:

1. Ensuring that our information remains confidential and only those who should access that
information
2. Knowing that no one has been able to change our information, so we can depend on its
accuracy (information integrity)
3. Making sure that our information is available when we need it (by making back-up copies
and, if appropriate, storing the back-up copies off-site)

2. Security Attacks

Security attacks are an abuse of computer base information system. It means an occurrence or
activity which could result in loss of security. It is a breach of security as was stated before,
which can be either natural, physical, or accidental examples of these include flood, fire,
earthquake, electrical spark, manufacturer error, vandalism and so on.

2.1 Types of Security Attacks

Information systems and networks offer attractive targets and should be resistant to any type of
attack. A system must be able to limit damage and recover rapidly when attacks occur.

Security attacks are mainly divided into two types as passive attack and active attack.

2.11 Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are release of message contents and traffic analysis.

The release of message contents is easily understood. A telephone conversation, an electronic


mail message, and a transferred file may contain sensitive or confidential information. We would
like to prevent an opponent from learning the contents of these transmissions.

Copyright © 2018-19 by Dr. Himanshu Gupta


8|Page Network Security & Cryptography

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common
technique for masking contents is encryption. If we had encryption protection in place, an
opponent might still be able to observe the pattern of these messages. The opponent could
determine the location and identity of communicating hosts and could observe the frequency and
length of messages being exchanged. This information might be useful in guessing the nature of
the communication that was taking place.

Copyright © 2018-19 by Dr. Himanshu Gupta


9|Page Network Security & Cryptography

Passive attacks are very difficult to detect because they do not involve any alteration of the data.
Typically, the message traffic is sent and received in an apparently normal fashion and neither
the sender nor receiver is aware that a third party has read the messages or observed the traffic
pattern. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.

2.12 Active Attacks

Active attacks involve some modification of the data stream or the creation of a false stream and
can be subdivided into four categories: masquerade, replay, modification of messages, and denial
of service.

A masquerade takes place when one entity pretends to be a different entity. A masquerade
attack usually includes one of the other forms of active attack. For example, authentication
sequences can be captured and replayed after a valid authentication sequence has taken place,
thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating
an entity that has those privileges.

Replay involves the passive capture of a data unit and its subsequent retransmission to produce
an unauthorized effect

Modification of messages simply means that some portion of a legitimate message is altered , or
that messages are delayed or reordered, to produce an unauthorized effect. For example, a
message meaning "Allow John Smith to read confidential file accounts” is modified to mean
"Allow Fred Brown to read confidential file accounts. "

The denial of service prevents or inhibits the normal use or management of communications
facilities. This attack may have a specific target; for example, an entity may suppress all
messages directed to a particular destination (e.g., the security audit service). Another form of
service denial is the disruption of an entire network, either by disabling the network or by
overloading it with messages so as to degrade performance.

Copyright © 2018-19 by Dr. Himanshu Gupta


10 | P a g e Network Security & Cryptography

Copyright © 2018-19 by Dr. Himanshu Gupta


11 | P a g e Network Security & Cryptography

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are
difficult to detect, measures are available to prevent their success. On the other hand, it is quite
difficult to prevent active attacks absolutely, because of the wide variety of potential physical,
software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover
from any disruption or delays caused by them. If the detection has a deterrent effect, it may also
contribute to prevention.

2.2 Classification of Security Attacks

Security attacks on the security of a computer can be characterized best by viewing how the
computer functions when sending and receiving information. The normal and accurate flow of
information from one source (Source A) to another source, which is the destination (Source B).

Information flow A to B
A B

Information Information

Source A Destination B
(a) Normal flow
However deviations from the normal flow of information will happen if there is an attack or a
threat:

These threats can be classified as:

• Interruption
• Interception
• Modification
• Fabrication

Interruption

This happens when an asset is destroyed or becomes unavailable or cannot be used. This is an
attack on the availability of the system. Diagram (b) shows how interception can occur.

Copyright © 2018-19 by Dr. Himanshu Gupta


12 | P a g e Network Security & Cryptography

A B

Flow of information from A to


B is stopped

(b) Interruption

Examples of interruption are destruction of a piece of hardware, the cutting of cable and
disabling of a file management system.

Interception

Interception occurs when any unauthorized unit gains access to an asset. This attack means that
there is no privacy therefore it is an attack on confidentiality. The unauthorized unit or party
could be an individual, a program or even another computer. Diagram (c) reveals the nature of
interception.

Information goes to B
A B
Same information
also goes to C –
incorrect C
destination
(c) Interception

Examples of interception can be seen in wiretapping to capture data into a network and coping
of files which is not permitted.

Modification

If an unauthorized party gains access to a system and make some changes to it, then this
tampering is known as Modification. This medication is an attack on the integrity of the system
or the organisation. Diagram (d) depicts this attack.

Copyright © 2018-19 by Dr. Himanshu Gupta


13 | P a g e Network Security & Cryptography

A B
Information C sends
goes to C -
incorrect changed
destination C information to B

(d) Modification

Examples of such tampering includes the changing of values in a file, altering a program so that
it performs differently and changing the contents of messages that are sent over the network.

Fabrication

If an unauthorized party gains access to the system and inserts false objects into it, this is
Fabrication and it degrades the authenticity of the system. Diagram (e) reflects this information.

A B
Source C sends
information to B,
B thinks that it is C
coming from A
(e) Fabrication

Examples of such an attack include a hacker gaining access to a person’s email and sending
messages. This makes the recipients believe that it is indeed the person sending the message
when it is in fact not so OR it could be addition of records to a file.

3. Security Services and Mechanism

A security service as a service provided by a protocol layer of communicating open systems,


which ensures adequate security of the systems or of data transfers. A Security service may be
defined as a processing or communication service that is provided by a system to give a specific
kind of protection to system resources; security services implement security policies and are
implemented by security mechanisms.

Copyright © 2018-19 by Dr. Himanshu Gupta


14 | P a g e Network Security & Cryptography

Authentication

The authentication service is concerned with assuring that a communication is authentic. In the
case of a single message, such as a warning or alarm signal, the function of the authentication
service is to assure the recipient that the message is from the source that it claims to be from. In
the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are
involved. First, at the time of connection initiation, the service assures that the two entities are
authentic, that is, that each is the entity that it claims to be. Second, the service must assure that
the connection is not interfered with in such a way that a third party can masquerade as one of
the two legitimate parties for the purposes of unauthorized transmission or reception.

Two specific authentication services are defined as:

• Peer entity authentication: Provides for the corroboration of the identity of a peer entity
in an association. It is provided for use at the establishment of, or at times during the data
transfer phase of, a connection. It attempts to provide confidence that an entity is not
performing either a masquerade or an unauthorized replay of a previous connection.
• Data origin authentication: Provides for the corroboration of the source of a data unit. It
does not provide protection against the duplication or modification of data units. This
type of service supports applications like electronic mail where there are no prior
interactions between the communicating entities.

Access Control

In the context of network security, access control is the ability to limit and control the access to
host systems and applications via communications links. To achieve this, each entity trying to
gain access must first be identified, or authenticated, so that access rights can be tailored to the
individual.

Data Confidentiality

Confidentiality is the protection of transmitted data from passive attacks. With respect to the
content of a data transmission, several levels of protection can be identified. The broadest service

Copyright © 2018-19 by Dr. Himanshu Gupta


15 | P a g e Network Security & Cryptography

protects all user data transmitted between two users over a period of time. For example, when a
TCP connection is set up between two systems, this broad protection prevents the release of any
user data transmitted over the TCP connection. Narrower forms of this service can also be
defined, including the protection of a single message or even specific fields within a message.
These refinements are less useful than the broad approach and may even be more complex and
expensive to implement.

The other aspect of confidentiality is the protection of traffic flow from analysis. This requires
that an attacker not be able to observe the source and destination, frequency, length, or other
characteristics of the traffic on a communications facility.

Data Integrity

As with confidentiality, integrity can apply to a stream of messages, a single message, or selected
fields within a message. Again, the most useful and straightforward approach is total stream
protection.

A connection-oriented integrity service, one that deals with a stream of messages, assures that
messages are received as sent, with no duplication, insertion, modification, reordering, or
replays. The destruction of data is also covered under this service. Thus, the connection-oriented
integrity service addresses both message stream modification and denial of service. On the other
hand, a connectionless integrity service, one that deals with individual messages without regard
to any larger context, generally provides protection against message modification only.

We can make a distinction between the service with and without recovery. Because the integrity
service relates to active attacks, we are concerned with detection rather than prevention. If a
violation of integrity is detected, then the service may simply report this violation, and some
other portion of software or human intervention is required to recover from the violation.
Alternatively, there are mechanisms available to recover from the loss of integrity of data, as we
will review subsequently. The incorporation of automated recovery mechanisms is, in general,
the more attractive alternative.

Copyright © 2018-19 by Dr. Himanshu Gupta


16 | P a g e Network Security & Cryptography

Nonrepudiation

Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus,
when a message is sent, the receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged receiver in fact
received the message.

Availability Service

Availability is a property of a system or a system resource being accessible and usable upon
demand by an authorized system entity, according to performance specifications for the system
(i.e., a system is available if it provides services according to the system design whenever users
request them).

A variety of attacks can result in the loss of or reduction in availability. Some of these attacks are
amenable to automated countermeasures, such as authentication and encryption, whereas others
require some sort of physical action to prevent or recover from loss of availability of elements of
a distributed system.

An availability service is one that protects a system to ensure its availability. This service
addresses the security concerns raised by denial-of-service attacks. It depends on proper
management and control of system resources and thus depends on access control service and
other security services.

4. A Model for Network Security

A model for much of what we will be discussing is captured, in very general terms. A message is
to be transferred from one party to another across some sort of internet. The two parties, who are
the principals in this transaction, must cooperate for the exchange to take place. A logical
information channel is established by defining a route through the internet from source to
destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two
principals.

Copyright © 2018-19 by Dr. Himanshu Gupta


17 | P a g e Network Security & Cryptography

Model for Network Security

Security aspects come into play when it is necessary or desirable to protect the information
transmission from an opponent who may present a threat to confidentiality, authenticity, and so
on. All the techniques for providing security have two components:

• A security- related transformation on the information to be sent. Examples include the


encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender
• Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception.

5. Cryptography

Cryptography is the science of devising methods that allow information to be sent in a secure
form in such a way that the only person able to retrieve this information is the intended recipient.
Cryptography is the practice and study of hiding information.

In modern times, cryptography is considered a branch of both mathematics and computer


science, and is affiliated closely with information theory, computer security, and engineering.

Copyright © 2018-19 by Dr. Himanshu Gupta


18 | P a g e Network Security & Cryptography

Cryptography is used in applications present in technologically advanced societies; examples


include the security of ATM cards, computer passwords, and electronic commerce, which all
depend on cryptography

The basic principle of Cryptography is defined as: A message being sent is known as plaintext.
The message is then coded using a cryptographic algorithm. This process is called encryption.
An encrypted message is known as ciphertext, and is turned back into plaintext by the process
of decryption. The method for decryption is the same as that for encryption but in reverse
direction. It is applicable in each phase of encryption.

Encryption-Decryption Process

Cryptography systems can be broadly classified into symmetric-key systems that use a single key
that both the sender and recipient have, and public-key systems that use two keys, a public key
known to everyone and a private key that only the recipient of messages uses.

5.11 Symmetric Key Cryptography

Symmetric cryptography uses a single private key to both encrypt and decrypt data. Any party
that has the key can use it to encrypt and decrypt data. They are also referred to as block ciphers.
Symmetric cryptography algorithms are typically fast and are suitable for processing large
streams of data. The disadvantage of symmetric cryptography is that it presumes two parties
have agreed on a key and been able to exchange that key in a secure manner prior to
communication. This is a significant challenge. Symmetric algorithms are usually mixed with
public key algorithms to obtain a blend of security and speed.

Copyright © 2018-19 by Dr. Himanshu Gupta


19 | P a g e Network Security & Cryptography

With symmetric cryptography (or symmetric-key encryption), the encryption key can be
calculated from the decryption key and vice versa. With symmetric algorithms, the same key is
used for both encryption and decryption.

Symmetric key ciphers use the same key to both encrypt and decrypt data. This type of cipher is
valuable because:

• It is relatively inexpensive to produce a strong key for these ciphers.


• The keys tend to be much smaller for the level of protection they afford.
• The algorithms are relatively inexpensive to process.

5.12 Public Key Cryptography

Public-key cryptography refers to a cryptographic system requiring two separate keys, one of
which is secret and one of which is public. Although different, the two parts of the key pair are
mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts
the ciphertext. Neither key can perform both functions. One of these keys is published or public,
while the other is kept private.

Public-key cryptography uses asymmetric key algorithms (such as RSA), and can also be
referred to by the more generic term "asymmetric key cryptography." The algorithms used for
public key cryptography are based on mathematical relationships. Although it is computationally
easy for the intended recipient to generate the public and private keys, to decrypt the message
using the private key, and easy for the sender to encrypt the message using the public key, it is
extremely difficult (or effectively impossible) for anyone to derive the private key, based only on
their knowledge of the public key. This is why, unlike symmetric key algorithms, a public key

Copyright © 2018-19 by Dr. Himanshu Gupta


20 | P a g e Network Security & Cryptography

algorithm does not require a secure initial exchange of one (or more) secret keys between the
sender and receiver.

The two main uses for public-key cryptography are:

• Public-key encryption: a message encrypted with a recipient's public key cannot be


decrypted by anyone except a possessor of the matching private key - it is presumed that
this will be the owner of that key and the person associated with the public key used. This
is used to attempt to ensure confidentiality.

• Digital signatures: a message signed with a sender's private key can be verified by
anyone who has access to the sender's public key, thereby proving that the sender had
access to the private key and, therefore, is likely to be the person associated with the
public key used. This also ensures that the message has not been tampered with (on the
question of authenticity, see also message digest).

5.2 Conventional Encryption Techniques

A conventional encryption scheme has five ingredients:

• Plaintext: This is the original intelligible message or data that is fed into the algorithm as
input.
• Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.

Copyright © 2018-19 by Dr. Himanshu Gupta


21 | P a g e Network Security & Cryptography

• Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different
output depending on the specific key being used at the time. The exact substitutions and
transformations performed by the algorithm depend on the key.
• Ciphertext : This is the scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different keys will produce two
different ciphertexts. The ciphertext is an apparently random stream of data and, as it
stands, is unintelligible.
• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes
the ciphertext and the secret key and produces the original plaintext.

Simplified Model of Conventional Encryption

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be


such that an opponent who knows the algorithm and has access to one or more
ciphertexts would be unable to decipher the ciphertext or figure out the key. This
requirement is usually stated in a stronger form: The opponent should be unable to
decrypt ciphertext or discover the key even if he or she is in possession of a number of
ciphertexts together with the plaintext that produced each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion
and must keep the key secure. If someone can discover the key and knows the algorithm,
all communication using this key is readable.

Copyright © 2018-19 by Dr. Himanshu Gupta


22 | P a g e Network Security & Cryptography

The two basic building blocks of all encryption techniques are substitution and transposition.

5.21 Substitution Encryption Techniques

A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns.

When letters are involved, the following conventions are used here. Plaintext is always in
lowercase; ciphertext is in uppercase; key values are in italicized lowercase.

5.211 Caesar Cipher Technique

The earliest known use of a substitution cipher, and the simplest, was by Julius Caesar. The
Caesar cipher involves replacing each letter of the alphabet with the letter standing three places
further down the alphabet. For example,

Plaintext: meet me after the toga party


Ciphertext: PHHW PH DIWHU WKH WRJD SDUWB

Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:

Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciphertext: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Let us assign a numerical equivalent to each letter:

a b c d e f g h i j k l m

1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y z

13 14 15 16 17 18 19 20 21 22 23 24 25

Copyright © 2018-19 by Dr. Himanshu Gupta


23 | P a g e Network Security & Cryptography

Then the algorithm can be expressed as follows. For each plaintext letter p , substitute the
ciphertext letter C :

C = E(3, p ) = ( p + 3) mod 26

A shift may be of any amount, so that the general Caesar algorithm is

C = E( k , p ) = ( p + k ) mod 26

where k takes on a value in the range 1 to 25.

The decryption algorithm is simply

p = D( k , C ) = ( C k ) mod 26

If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily
performed: Simply try all the 25 possible keys. Figure 2.3 shows the results of applying this
strategy to the example ciphertext. In this case, the plaintext leaps out as occupying the third line.

Three important characteristics of this problem enabled us to use a brute-force cryptanalysis:

1. The encryption and decryption algorithms are known.


2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.

5.212 Monoalphabetic Technique

A monoalphabetic substitution is one where a letter of plaintext always produces the same letter
of ciphertext. The operation is very similar to the Caesar Cipher, with the exception that the
cipher alphabet does not have the order.

An example of a monoalphabetic substitution is shown below.

PLAINTEXT: abcdefghijklmnopqrstuvwxyz

Copyright © 2018-19 by Dr. Himanshu Gupta


24 | P a g e Network Security & Cryptography

CIPHERTEXT: QRSKOWEIPLTUYACZMNVDHFGXJB
So, we can encrypt the message “HELLO” as “IOUUC” using following substitution chart.

Brute-Force Cryptanalysis of Caesar Cipher

One may never think that this cipher is secure, after all there are 26! different cipher alphabets (
26
4 x 10 ) to choose from, however the letter frequencies and underlying patterns will be
unchanged - and as such the cipher can be solved by pen and paper techniques. The best way to
see how the cryptanalysis is performed is by doing some analysis.

Copyright © 2018-19 by Dr. Himanshu Gupta


25 | P a g e Network Security & Cryptography

These more advanced techniques include looking systematically at the position of letters in
words in order to identify vowels, pattern words, and looking at the letter frequencies, though
common pairings (TH, HE etc.) may come up.

5.213 Polyaphabetic Technique

One of the main problems with simple substitution ciphers is that they are so vulnerable to
frequency analysis. Given a sufficiently large ciphertext, it can easily be broken by mapping the
frequency of its letters to the know frequencies of, say, English text. Therefore, to make ciphers
more secure, cryptographers have long been interested in developing enciphering techniques that
are immune to frequency analysis. One of the most common approaches is to suppress the
normal frequency data by using more than one alphabet to encrypt the message.

A polyalphabetic substitution cipher involves the use of two or more cipher alphabets. Instead of
there being a one-to-one relationship between each letter and its substitute, there is a one-to-
many relationship between each letter and its substitutes.

The Vigenere Table


The Vigenere Cipher , proposed by Blaise de Vigenere from the court of Henry III of France in
the sixteenth century, is a polyalphabetic substitution based on the following tableau:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

Copyright © 2018-19 by Dr. Himanshu Gupta


26 | P a g e Network Security & Cryptography

N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

Note that each row of the table corresponds to a Caesar Cipher. The first row is a shift of 0; the
second is a shift of 1; and the last is a shift of 25.

The Vigenere cipher uses Vigenere table together with a keyword to encipher a message. For
example, suppose we wish to encipher the plaintext message:

Plaintext: TO BE OR NOT TO BE THAT IS THE QUESTION

Using the keyword RELATIONS. We begin by writing the keyword, repeated as many times as
necessary, above the plaintext message.

To derive the ciphertext using the tableau, for each letter in the plaintext, one finds the
intersection of the row given by the corresponding keyword letter and the column given by the
plaintext letter itself to pick out the ciphertext letter.

Keyword: RELAT IONSR ELATI ONSRE LATIO NSREL


Plaintext: TOBEO RNOTT OBETH ATIST HEQUE STION
Ciphertext: KSMEH ZBBLK SMEMP OGAJX SEJCS FLZSY

Decipherment of an encrypted message is equally straightforward. One writes the keyword


repeatedly above the message:

Copyright © 2018-19 by Dr. Himanshu Gupta


27 | P a g e Network Security & Cryptography

Keyword: RELAT IONSR ELATI ONSRE LATIO NSREL


Ciphertext: KSMEH ZBBLK SMEMP OGAJX SEJCS FLZSY
Plaintext: TOBEO RNOTT OBETH ATIST HEQUE STION

This time one uses the keyword letter to pick a column of the table and then traces down the
column to the row containing the ciphertext letter. The index of that row is the plaintext letter.

5.214 Playfair Technique

The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the
plaintext as single units and translates these units into ciphertext digrams.

This cipher was actually invented by British scientist Sir Charles Wheatstone in 1854, but it
bears the name of his friend Baron Playfair of St. Andrews, who championed the cipher at the
British foreign office.

The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a
keyword. Here is an example, solved by Lord Peter Wimsey in Dorothy Sayers's Have His
Carcase :

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom, and then filling in the
remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as
one letter. Plaintext is encrypted two letters at a time, according to the following rules:

Copyright © 2018-19 by Dr. Himanshu Gupta


28 | P a g e Network Security & Cryptography

1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as
x, so that balloon would be treated as ba lx lo on.

2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.

3. Two plaintext letters that fall in the same column are each replaced by the letter beneath,
with the top element of the column circularly following the last. For example, mu is
encrypted as CM.

4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM
(or JM, as the encipherer wishes).

The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing,
whereas there are only 26 letters, there are 26 x 26 = 676 digrams, so that identification of
individual digrams is more difficult. Furthermore, the relative frequencies of individual letters
exhibit a much greater range than that of digrams, making frequency analysis much more
difficult. For these reasons, the Playfair cipher was for a long time considered unbreakable. It
was used as the standard field system by the British Army in World War I and still enjoyed
considerable use by the U.S. Army and other Allied forces during World War II.

5.215 Hill Cipher Technique

This cipher is somewhat more difficult to understand than the others. Hill cipher technique was
developed by the mathematician Lester Hill in 1929. The encryption algorithm takes m
successive plaintext letters and substitutes for them m ciphertext letters. The substitution is
determined by m linear equations in which each character is assigned a numerical value (a = 0, b
= 1 ... z = 25). For m = 3, the system can be described as follows:

c 1 = ( k 11 P 1 + k 12 P 2 + k 13 P 3 ) mod 26

Copyright © 2018-19 by Dr. Himanshu Gupta


29 | P a g e Network Security & Cryptography

c 2 = ( k 21 P 1 + k 22 P 2 + k 23 P 3 ) mod 26

c 3 = ( k 31 P 1 + k 32 P 2 + k 3 3 P 3 ) mod 26

This can be expressed in term of column vectors and matrices:

or

C = KP mod 26

where C and P are column vectors of length 3, representing the plaintext and ciphertext, and K is
a 3 x 3 matrix, representing the encryption key. Operations are performed mod 26.

For example, consider the plaintext "paymoremoney" and use the encryption key

The first three letters of the plaintext are represented by the vector

the ciphertext for the entire plaintext is LNSHDLEWMTRW.

Decryption requires using the inverse of the matrix K . The inverse K 1 of a matrix K is defined
by the equation KK 1 = K 1 K = I , where I is the matrix that is all zeros except for ones along the
main diagonal from upper left to lower right. The inverse of a matrix does not always exist, but
when it does, it satisfies the preceding equation. In this case, the inverse is:

Copyright © 2018-19 by Dr. Himanshu Gupta


30 | P a g e Network Security & Cryptography

This is demonstrated as follows:

It is easily seen that if the matrix K 1 is applied to the ciphertext, then the plaintext is recovered.
To explain how the inverse of a matrix is determined, we make an exceedingly brief excursion
into linear algebra.

For any square matrix ( m x m ) the determinant equals the sum of all the products that can be
formed by taking exactly one element from each row and exactly one element from each column,
with certain of the product terms preceded by a minus sign.

Although the Hill cipher is strong against a ciphertext-only attack, it is easily broken with a
known plaintext attack. For an m x m Hill cipher, suppose we have m plaintext-ciphertext pairs,
each of length m. We label the pairs

unknown key matrix K . Now define two m x m matrices X = ( P ij ) and Y = ( C ij ). Then we can
form the matrix equation Y = KX . If X has an inverse, then we can determine K = YX 1 . If X is
not invertible, then a new version of X can be formed with additional plaintext-ciphertext pairs
until an invertible X is obtained.

Suppose that the plaintext "friday" is encrypted using a 2 x 2 Hill cipher to yield the ciphertext
PQCFKU. Thus, we know that

Copyright © 2018-19 by Dr. Himanshu Gupta


31 | P a g e Network Security & Cryptography

Using the first two plaintext-ciphertext pairs, we have

The inverse of X can be computed:

so

This result is verified by testing the remaining plaintext-ciphertext pair.

5.22 Transposition Techniques

In cryptography, a transposition cipher is a method of encryption by which the positions held


by units of plaintext (which are commonly characters or groups of characters) are shifted
according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
That is, the order of the units is changed. Mathematically a bijective function is used on the
characters' positions to encrypt and an inverse function to decrypt.

5.221 Rail Fence cipher

The Rail Fence cipher is a form of transposition cipher that gets its name from the way in which
it is encoded. In the rail fence cipher, the plaintext is written downwards on successive "rails" of
an imaginary fence, then moving up when we get to the bottom. The message is then read off in
rows.

Copyright © 2018-19 by Dr. Himanshu Gupta


32 | P a g e Network Security & Cryptography

For example, using three "rails" and a message of 'WE ARE DISCOVERED. FLEE AT ONCE',
the cipherer writes out:

W . . . E . . . C . . . ..R . . . .L . . . .T . . . ..E
.E.R.D.S.O.E.E.F.E.A.O.C.
. . A . . . ..I . . . ..V . . . .D . . . .E . . . ..N . .

Then reads off:

WECRL TEERD SOEEF EAOCA IVDEN

(The cipherer has broken this ciphertext up into blocks of five to help avoid errors.)

5.222 Route cipher

In a route cipher, the plaintext is first written out in a grid of given dimensions, and then read off
in a pattern given in the key. For example, using the same plaintext that we used for rail fence:

WRIORFEOE
EESVELANJ
ADCEDETCX

The key might specify "spiral inwards, clockwise, starting from the top right". That would give a
cipher text as “EJXCTEDECDAEWRIORFEONALEVSE”.

Route ciphers have many more keys than a rail fence. In fact, for messages of reasonable length,
the number of possible keys is potentially too great to be enumerated even by modern machinery.
However, not all keys are equally good. Badly chosen routes will leave excessive chunks of
plaintext, or text simply reversed, and this will give cryptanalysts a clue as to the routes.

An interesting variation of the route cipher was the Union Route Cipher, used by Union forces
during the American Civil War. This worked much like an ordinary route cipher, but transposed
whole words instead of individual letters. Because this would leave certain highly sensitive

Copyright © 2018-19 by Dr. Himanshu Gupta


33 | P a g e Network Security & Cryptography

words exposed, such words would first be concealed by code. The cipher clerk may also add
entire null words, which were often chosen to make the ciphertext humorous.

5.223 Columnar Transposition

In a columnar transposition, the message is written out in rows of a fixed length, and then read
out again column by column, and the columns are chosen in some scrambled order. Both the
width of the rows and the permutation of the columns are usually defined by a keyword. For
example, the word ZEBRAS is of length 6 (so the rows are of length 6), and the permutation is
defined by the alphabetical order of the letters in the keyword. In this case, the order would be "6
3 2 4 1 5".

In a regular columnar transposition cipher, any spare spaces are filled with nulls; in an irregular
columnar transposition cipher, the spaces are left blank. Finally, the message is read off in
columns, in the order specified by the keyword. For example, suppose we use the keyword
ZEBRAS and the message WE ARE DISCOVERED. FLEE AT ONCE. In a regular columnar
transposition, we write this into the grid as:

632415
WEARED
ISCOVE
REDFLE
EATONC
EQKJEU

Providing five nulls (QKJEU) at the end. The ciphertext is then read off as:

EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE

In the irregular case, the columns are not completed by nulls:

632415
WEARED
ISCOVE

Copyright © 2018-19 by Dr. Himanshu Gupta


34 | P a g e Network Security & Cryptography

REDFLE
EATONC
E

This results in the following ciphertext:

EVLNA CDTES EAROF ODEEC WIREE

To decipher it, the recipient has to work out the column lengths by dividing the message length
by the key length. Then he can write the message out in columns again, then re-order the
columns by reforming the key word.

Columnar transposition continued to be used for serious purposes as a component of more


complex ciphers at least into the 1950s.

5.224 Double Transposition

A single columnar transposition could be attacked by guessing possible column lengths, writing
the message out in its columns (but in the wrong order, as the key is not yet known), and then
looking for possible anagrams. Thus to make it stronger, a double transposition was often used.
This is simply a columnar transposition applied twice. The same key can be used for both
transpositions, or two different keys can be used.

As an example, we can take the result of the irregular columnar transposition in the previous
section, and perform a second encryption with a different keyword, STRIPE, which gives the
permutation "564231":

564231
EVLNAC
DTESEA
ROFODE
ECWIRE
E

Copyright © 2018-19 by Dr. Himanshu Gupta


35 | P a g e Network Security & Cryptography

As before, this is read off columnwise to give the ciphertext:

CAEEN SOIAE DRLEF WEDRE EVTOC

If multiple messages of exactly the same length are encrypted using the same keys, they can be
anagrammed simultaneously. This can lead to both recovery of the messages, and to recovery of
the keys (so that every other message sent with those keys can be read).

During World War I, the German military used a double columnar transposition cipher, changing
the keys infrequently. The system was regularly solved by the French, naming it Übchi, who
were typically able to quickly find the keys once they'd intercepted a number of messages of the
same length, which generally took only a few days.

6. Cryptanalysis

The objective of attacking an encryption system is to recover the key in use rather then simply to
recover the plaintext of a single ciphertext. There are two general approaches to attacking a
conventional encryption scheme:

• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps
some knowledge of the general characteristics of the plaintext or even some sample
plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm
to attempt to deduce a specific plaintext or to deduce the key being used.
• Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained. On average, half of all possible keys
must be tried to achieve success.

If either type of attack succeeds in deducing the key, the effect is catastrophic: All future and
past messages encrypted with that key are compromised.

7. Steganography

Copyright © 2018-19 by Dr. Himanshu Gupta


36 | P a g e Network Security & Cryptography

A plaintext message may be hidden in one of two ways. The methods of steganography conceal
the existence of the message, whereas the methods of cryptography render the message
unintelligible to outsiders by various transformations of the text.

A simple form of steganography, but one that is time-consuming to construct, is one in which an
arrangement of words or letters within an apparently innocuous text spells out the real message.
For example, the sequence of first letters of each word of the overall message spells out the
hidden message.

Various other techniques have been used historically; some examples are the following:

• Character marking: Selected letters of printed or typewritten text are overwritten in


pencil. The marks are ordinarily not visible unless the paper is held at an angle to bright
light.
• Invisible ink: A number of substances can be used for writing but leave no visible trace
until heat or some chemical is applied to the paper.
• Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless
the paper is held up in front of a light.
• Typewriter correction ribbon: Used between lines typed with a black ribbon, the results
of typing with the correction tape are visible only under a strong light.

Steganography has a number of drawbacks when compared to encryption. It requires a lot of


overhead to hide a relatively few bits of information, although using some scheme like that
proposed in the preceding paragraph may make it more effective. Alternatively, a message can
be first encrypted and then hidden using steganography.

The advantage of steganography is that it can be employed by parties who have something to
lose should the fact of their secret communication (not necessarily the content) be discovered.

Steganography seeks to be strong against steganalysis, which is the attempt to uncover the
hidden message within a stego-ojbect. Figure summarizes the steganalysis process. Steganalysis
can combat steganography in ways other than detecting the message, but determining how to
uncover the message is the main problem steganalysis seeks to solve.

Copyright © 2018-19 by Dr. Himanshu Gupta


37 | P a g e Network Security & Cryptography

Steganography and Steganalysis

8. Stream Cipher and Block Cipher

In cryptography, a stream cipher is a symmetric cipher where plaintext bits are combined with a
pseudorandom cipher bit stream (keystream), typically by an XOR (exclusive-or) operation. In a
stream cipher the plaintext digits are encrypted one at a time, and in which the transformation of
successive digits varies during the encryption. An alternative name is a state cipher, as the
encryption of each digit is dependent on the current state. In practice, the digits are typically
single bits or bytes.

In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups
of bits, termed blocks, with an unvarying transformation. When encrypting, a block cipher might
take a (for example) 128-bit block of plaintext as input, and output a corresponding 128-bit block
of ciphertext. The exact transformation is controlled using a second input — the secret key.
Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of
ciphertext together with the secret key, and yields the original 128-bit block of plaintext.

Copyright © 2018-19 by Dr. Himanshu Gupta


38 | P a g e Network Security & Cryptography

While both are symmetric ciphers, stream ciphers are based on generating an "infinite"
cryptographic keystream, and using that to encrypt one bit or byte at a time (similar to the one-
time pad), whereas block ciphers work on larger chunks of data (i.e. blocks) at a time.

• Stream ciphers are typically faster than block, but that has its own price.

• Block ciphers typically require more memory, since they work on larger chunks of data and
often have "carry over" from previous blocks, whereas since stream ciphers work on only a
few bits at a time they have relatively low memory requirements (and therefore cheaper to
implement in limited scenarios such as embedded devices, firmware, and esp. hardware).

• Stream ciphers are more difficult to implement correctly, and prone to weaknesses based on
usage - since the principles are similar to one-time pad, the keystream has very strict
requirements.

• Because block ciphers encrypt a whole block at a time (and furthermore have "feedback"
modes which are most recommended), they are more susceptible to noise in transmission,
that is if we mess up one part of the data, all the rest is probably unrecoverable. Whereas
with stream ciphers are bytes are individually encrypted with no connection to other chunks
of data (in most ciphers/modes), and often have support for interruptions on the line.

Copyright © 2018-19 by Dr. Himanshu Gupta


39 | P a g e Network Security & Cryptography

• Also, stream ciphers do not provide integrity protection or authentication, whereas some
block ciphers (depending on mode) can provide integrity protection, in addition to
confidentiality.

Because of all the above, stream ciphers are usually best for cases where the amount of data is
either unknown, or continuous - such as network streams. Block ciphers, on the other hand, or
more useful when the amount of data is pre-known - such as a file, data fields, or
request/response protocols, such as HTTP where the length of the total message is known
already at the beginning.

One advantage of stream ciphers that haven't been mentioned previously is that they don't need
padding (block ciphers operates on complete blocks, so if you don't have enough data you must
generate some more somehow).

Copyright © 2018-19 by Dr. Himanshu Gupta


40 | P a g e Network Security & Cryptography

A. Fill in the Blanks:

1. Information security means protecting information and information systems from


______________ access, use, disclosure, disruption, modification, perusal, inspection, recording
or destruction.

2. ________________ is an abuse of computer base information system.

3. ________________ is very difficult to detect because they do not involve any alteration of
the data.

4. Active attacks involve some _____________ of the data stream or the creation of a false
stream.

5. A security service as a service provided by a protocol layer of communicating open systems,


which ensures ______________ of the systems or of data transfers.

6. ______________ is the science of devising methods that allow information to be sent in a


secure form in such a way that the only person able to retrieve this information is the intended
recipient.

7. Cryptography systems can be broadly classified into ____________ systems that use a single
key that both the sender and recipient have, and ___________ systems that use two keys, a
public key known to everyone and a private key that only the recipient of messages uses.

8. In ____________ attack, the attacker tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained.

9. In cryptography, a ___________ is a symmetric cipher where plaintext bits are combined with
a pseudorandom cipher bit stream (key stream), typically by an XOR (exclusive-or) operation.

10. The methods of ____________ conceal the existence of the message.

Copyright © 2018-19 by Dr. Himanshu Gupta


41 | P a g e Network Security & Cryptography

B. Frequently Asked Questions (FAQs)

1. Protecting information and information systems from unauthorized access, use, disclosure,
disruption, modification, perusal, inspection, recording or destruction is called

a) Network Security

b) Information Security

c) System Security

d) None of these

2. The nature of eavesdropping on, or monitoring of, transmissions comes under the category of

a) Active Attack

b) Passive Attack

c) Simple Attack

d) None of these

3. Which attack involves some modification of the data stream or the creation of a false stream?

a) Active Attack

b) Passive Attack

c) Simple Attack

d) None of these

4. If an unauthorized party gains access to the system and inserts false objects into it, this is
called as

a) Interruption

b) Modification

c) Fabrication

Copyright © 2018-19 by Dr. Himanshu Gupta


42 | P a g e Network Security & Cryptography

d) Interception

5. Which service prevents either sender or receiver from denying a transmitted message?

a) Data Integrity

b) Non Repudiation

c) Confidentiality

d) Authentication

6. Which service is concerned with assuring that a communication is authentic?

a) Data Integrity

b) Non Repudiation

c) Confidentiality

d) Authentication

7. The science of devising methods that allow information to be sent in a secure form in such a
way that the only person able to retrieve this information is the intended recipient is called

a) Cryptography

b) Steganography

c) Bibliography

d) None of these

8. In which type of cryptography, user uses a single private key to both encrypt and decrypt data?

a) Public Key Cryptography

b) Simple Cryptography

c) Symmetric Key Cryptography

Copyright © 2018-19 by Dr. Himanshu Gupta


43 | P a g e Network Security & Cryptography

d) None of these

9. Which type of cryptography refers to a cryptographic system requiring two separate keys, one
of which is secret and one of which is public.

a) Public Key Cryptography

b) Simple Cryptography

c) Symmetric Key Cryptography

d) None of these

10. Which attacks rely on the nature of the algorithm plus perhaps some knowledge of the
general characteristics of the plaintext or even some sample plaintext-ciphertext pairs.

a) SQL Injection

b) Cryptanalysis

c) Brute Force Attack

d) None of these

Copyright © 2018-19 by Dr. Himanshu Gupta


44 | P a g e Network Security & Cryptography

UNIT-II

Secret Key Cryptography

1. Modern Block Cipher

A block cipher is an encryption/decryption scheme in which a block of plaintext is treated as a


whole and used to produce a ciphertext block of equal length. Many block ciphers have a Feistel
structure. Such a structure consists of a number of identical rounds of processing. In each round,
a substitution is performed on one half of the data being processed, followed by a permutation
that interchanges the two halves . The original key is expanded so that a different key is used for
each round.

In a Block Ciphers the message is broken into blocks, each of which is then encrypted i.e. like a
substitution on very big characters - 64-bits or more. Block ciphers work a on block / word at a
time, which is some number of bits. All of these bits have to be available before the block can be
processed. Stream ciphers which work on a bit or byte at a time.

Modern Block Ciphers is one of the most widely used types of cryptographic algorithms, which
provide secrecy and/or authentication services. Modern block ciphers are widely used to provide
encryption of quantities of information, and/or a cryptographic checksum to ensure the contents
have not been altered. We continue to use block ciphers because they are comparatively fast, and
we are familiar to design them.

2. Stream Ciphers and Block Ciphers

In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined
with a pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is

Copyright © 2018-19 by Dr. Himanshu Gupta


45 | P a g e Network Security & Cryptography

encrypted one at a time with the corresponding digit of the keystream, to give a digit of the
cyphertext stream.

A block cipher is one in which a block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used. Using some of
the modes of operation, a block cipher can be used to achieve the same effect as a stream cipher.

3. Block Cipher Principle

Block ciphers transform a plaintext block of n letters into an encrypted block. For the alphabet
with 26 letters, there are 26n possible different plaintext blocks. The most general way of
encrypting a n-letter block is to take each of the plaintext blocks and map it to a cipher block
(arbitrary n-letter substitution cipher). For decryption to be possible, such mapping needs to be
one-to-one (i.e., each plaintext block must be mapped to a unique ciphertext block). The number
of different one-to-one mappings among n-letter blocks is (26n)!.
The length of block n can not be too short in order to secure the cryptographic scheme. For
example, n = 1 gives a monoalphabetic cipher. Such schemes, as we have seen, are vulnerable to
frequency analysis and brute-force attacks. However, an arbitrary reversible substitution cipher
for a large block size n is not practical. Let's consider the problem of specifying a mapping of all
possible n-letter blocks. In a cipher, each key specifies such a mapping. Let's assume the key
consists of a block of k letters. Then the number of all possible keys is 26k . Then for a n-letter
arbitrary substitution block cipher, the key size needs to satisfy 26k ≥ (26n)!, i.e., k ≥ n × 26n!

4. Shannon Theory’s of Confusion and Diffusion

The Claude Shannon theoretically introduced the following principles that should be followed
to design se-cure cryptographic systems. These principles aim at thwarting cryptanalysis based
on known statistical properties of the plaintext.
• Confusion. In Shannon's original definitions, confusion makes the relation between the key
and the ciphertext as complex as possible. Ideally, every letter in the key influences every
letter of the ciphertext block. Replacing every letter with the one next to it on the typewriter
keyboard is a simple example of confusion by substitution. However, good confusion can

Copyright © 2018-19 by Dr. Himanshu Gupta


46 | P a g e Network Security & Cryptography

only be achieved when each character of the ciphertext depends on several parts of the key,
and this dependence appears to be random to the observer. Ciphers that do not offer much
confusion are vulnerable to frequency analysis.

• Diffusion. Diffusion refers to the property that the statistics structure of the plaintext is
dissipated into long range statistics of the ciphertext. In contrast to confusion, diffusion
spreads the influence of a single plaintext letter over many ciphertext letters. In terms of the
frequency statistics of letters, digrams, etc in the plaintext, diffusion randomly spreads them
across several characters in the ciphertext. This means that much more ciphertexts are
needed to do a meaningful statistical attack on the cipher.

Product ciphers use the two classical encryption forms: substitution and transposition,
alternatively in multiple rounds to achieve both confusion and diffusion respectively.
Shannon was the first to investigate the product cryptosystem (so called substitution-
permutation network) and show that some sophisticated heuristic ciphers were nothing other
than products of some simpler ciphers. Most importantly, Shannon identified the necessary
condition of the cipher strength in creases as a result of cascading simple ciphers.
One possible way to build a secret key algorithm using substitution-permutation-network is
to break the input into manageable-sized chunks, do a substitution on each small chunk, and
then take the outputs of all the substitutions and run them through a permutater that is as big
as the input, which shuffles the letters around. Then the process is repeated, so that each
letter winds up as an input to each of the substitutions.
Since modern cryptosystems are all computer-based, from now on we will assume that both
plain and cipher text are strings of bits ({0, 1}), instead of strings of letters ({a, b, c, ..., z}).

5. Fiestel Structure
Fiestel cipher is a product cipher and uses two basic ciphers in sequence in such a way that their
result is cryptographically stronger. This method uses a cipher that alternates substitution and
permutation.

Copyright © 2018-19 by Dr. Himanshu Gupta


47 | P a g e Network Security & Cryptography

Principle of operation:

Fiestel cipher works on the principle of confusion of diffusion and confusion.

Diffusion:

In diffusion, the statistical nature of plain text is dissipated into long range statistics of cipher
text. This is done by making each bit of the plain text affect many bits of cipher text.

The purpose of diffusion is to make the statistical relationship between the plain text and the
cipher text as complex as possible to prevent the attacker from deducing the key.

Confusion:

In confusion, the relationship between statistics of the cipher text and the encryption key is made
as complex as possible using a complex substitution algorithm.

This is done so that even if the attacker has understood the statistics of the cipher text he will not
be able to discover the key due to complex relationship between the key and the cipher text.

Algorithm:

1. The inputs to the encryption algorithm are: a plain text block of size 2w bits and a key
having many subkeys K = {K1, K2,…, Kn}.
2. The plain text block is divided into two halves each of length w bits denoted by R0 for w
rightmost bits and L0 for w leftmost bits. These two halves pass through n rounds of
processing and are then combined to produce the cipher text block.
3. Each round i has inputs Li-1 and Ri-1 derived from previous round and a key Ki derived
from K.
4. Li is subjected to substitution by first applying a round function on Ri-1 and ex-oring the
result with Li-1. The round function has same structure for each round but is
parameterized by the round key Ki.

Following this substitution, a permutation is performed that consists of interchange of the two
halves of data.

Copyright © 2018-19 by Dr. Himanshu Gupta


48 | P a g e Network Security & Cryptography

It is worth noting that the process of decryption with a Feistel network is essentially the same as
the encryption process by using the ciphertext as input to the network, but using the subkey Ki in
reverse order. The reason is explained as follows. Let's consider the last step in encryption,
which gives,

LE16 = RE15 (1)

RE16 = LE15 ⊕ F (RE15 , K16 ) (2)

On the decryption side,

LD1 = RD0 = LE16 = RE15 (3)

RD1 = LD0 ⊕ F (RD0, K16) (4)

= RE16 ⊕ F (RE15 , K16) (5)

= [LE15 ⊕ F (RE15 , K16)] ⊕ F (RE15 , K16) (6)

= LE15 (7)

The process can be done iteratively. Finally, we will see that the output of the decryption is the
same as the input to the encryption (i.e., original plaintext).
Following fig. shows the Fiestel cipher algorithm:

Copyright © 2018-19 by Dr. Himanshu Gupta


49 | P a g e Network Security & Cryptography

Design principles:

1. Block size:
Increasing the block size increases complexity and thus improves security. But it slows
the cipher.

Typically block size is 64 bits

2. Key size:
Increasing the key size improves security but slows the cipher.

Typically key size is 128 bits.

3. Round function:

Copyright © 2018-19 by Dr. Himanshu Gupta


50 | P a g e Network Security & Cryptography

Complex functions improve security but slow the cipher.

4. Number of rounds:
Increasing the number of rounds improves complexity but slows down the cipher.

Typically 16 rounds are used.

5. Complexity of subkey generation:


Complexity of subkey generation improves security and makes the analysis harder.

6. Data Encryption Standard

The Data Encryption Standard (DES) is a previously predominant algorithm for the encryption
of electronic data. It was highly influential in the advancement of modern cryptography in the
academic world. Developed in the early 1970s at IBM and based on an earlier design by Horst
Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the
agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic
government data. In 1976, after consultation with the National Security Agency (NSA), the NBS
eventually selected a slightly modified version, which was published as an official Federal
Information Processing Standard (FIPS) for the United States in 1977. DES is an encryption
technique which encrypts the data in 64 bit blocks using 56 bit keys.

Following fig. shows the encryption procedure used by DES:

Copyright © 2018-19 by Dr. Himanshu Gupta


51 | P a g e Network Security & Cryptography

• The inputs to the encryption function are a 64 bit block of plain text and a 56 bit key.
Although the actual size of the key is 64 bits, only 56 bits are used and the remaining 8
bits are arbitrary.
• Following processes are involved in encryption of a block of plain text data using DES:
1. Initial permutation
2. 16 rounds of complex key dependent round function involving substitution and
permutation functions.
3. 32 bit swap
4. Permutation which is inverse of the initial permutation.

Initial permutation:

The initial permutation is defined by the following table:

Copyright © 2018-19 by Dr. Himanshu Gupta


52 | P a g e Network Security & Cryptography

The table has to be interpreted in the following way:

- The input to the table consists of 64 bits numbered from 1 to 64.


- The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64.
- Each entry in the permutation table indicates the position of a numbered input bit in the
output, which also consists of 64 bits.

Inverse initial permutation:

The inverse initial permutation is defined by the following table:

Single round details:

Following figure shows the details of a single round involved in data processing:

Copyright © 2018-19 by Dr. Himanshu Gupta


53 | P a g e Network Security & Cryptography

- A 64 bit intermediate value is the input to every round. This value is divided into two data
blocks each of length 32 bits.
- The right hand side block Ri-1 is subjected to an expansion/permutation block which converts
32 bit block of data into a 48 bit block.
The expansion is done according to the following table:

Copyright © 2018-19 by Dr. Himanshu Gupta


54 | P a g e Network Security & Cryptography

32 bit block of data is expanded into a 48 bit block by repeating some of the bits from the
original block. The repetition of bits is as given in the above table.

- After expansion the 48 bit data block is ex-ored with the 48 bit key.
- The 48 bit ex-or output block is then mapped into 32 bit block by a substitution function
involving eight s-boxes.
Following figure shows s-box design:

Each s-box takes 6 bits of data as input and maps it into 4 bit data.

- s-box design:
Following figure shows the design of an s-box: S1

Mapping 6 bits data into 4-bits:

Consider the 6 bit input as 110101

Copyright © 2018-19 by Dr. Himanshu Gupta


55 | P a g e Network Security & Cryptography

4 bit number = binary equivalent of 3 = 0011

i. The 2 bit number formed by the first and last bits gives the row number to be referred in
the table.
ii. The remaining 4 bits give the column number.
iii. The number at the corresponding row and column when converted into 4 bit binary
equivalent is the 4 bit mapped output.
- The output of s-box is then subjected to a permutation block which rearranges the bits in
order to increase the complexity of the encryption.
Following table defines the permutation operation:

- The permuted output is then ex-ored with the left hand side input to the round: Li-1 to
generate the right hand side output block Ri.
- The input block Ri-1 is the left hand side output of the round i.e. Li = Ri-1.

Key generation in DES:

DES uses a 64 bit key as input. Out of the 64 bits every 8th bit is ignored and only 56 bits are
used as given by the following table:

Copyright © 2018-19 by Dr. Himanshu Gupta


56 | P a g e Network Security & Cryptography

The resultant 56 bit key is then subjected to a permutation defined by the following permutation
choice -1 table:

The permuted 56 bit key is then divided into two halves Co and Do each of size 28 bits. At each
round Ci-1 and Di-1 are subjected to a circular left shift given by the following table:

The shifted values serve as input to the next round. They also serve as input to the permuted
choice-2 table which produces the 48 bit key for the round function.

PC-2 table:

DES decryption:

DES uses the same algorithm for decryption of the message except that the order of application
of the keys is reversed.

Copyright © 2018-19 by Dr. Himanshu Gupta


57 | P a g e Network Security & Cryptography

7. Strength & Weakness of DES

Strength- The strength of DES lies on two facts:

• The use of 56-bit keys: 56-bit key is used in encryption, there are 256 possible keys. A
brute force attack on such number of keys is impractical.
• The nature of algorithm: Cryptanalyst can perform cryptanalysis by exploiting the
characteristic of DES algorithm but no one has succeeded in finding out the weakness.

Weakness- Weakness has been found in the design of the cipher:

• Two chosen input to an S-box can create the same output.


• The purpose of initial and final permutation is not clear.

8. Triple DES:

DES is vulnerable to brute force attacks and therefore using DES for encryption does not ensure
complete security. Hence to improve the security of encryption, the plain text is encrypted
multiple times using same DES algorithm but with different keys.

In triple DES the plain text is encrypted by subjecting it to DES algorithm thrice.

Triple DES using two keys:

C = EK1 [DK2 {EK1 (P)}]

P = DK1 [EK2 {EK1 (C)}]

Copyright © 2018-19 by Dr. Himanshu Gupta


58 | P a g e Network Security & Cryptography

Triple DES using three keys:

C = EK3 [DK2 (EK1 (P))]

P = DK3 [EK2 (DK1(C))]

9. Differential Cryptanalysis

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block


ciphers, but also to stream ciphers and cryptographic hash functions. In the case of a block
cipher, it refers to a set of techniques for tracing differences through the network of
transformations, discovering where the cipher exhibits non-random behaviour, and exploiting
such properties to recover the secret key.

The concept of differential cryptanalysis was proposed by Eli Biham and Adi Shamir in the late
1980s, who published a number of attacks against various block ciphers and hash functions,
including a theoretical weakness in the Data Encryption Standard (DES).

Differential cryptanalysis is usually a chosen plaintext attack, meaning that the attacker must be
able to obtain encrypted ciphertexts for some set of plaintexts of his choosing. The scheme can
successfully cryptanalyze DES with an effort on the order 247 chosen plaintexts. There are,
however, extensions that would allow a known plaintext or even a ciphertext-only attack. The
basic method uses pairs of plaintext related by a constant difference; difference can be defined in
several ways, but the eXclusive OR (XOR) operation is usual. The attacker then computes the

Copyright © 2018-19 by Dr. Himanshu Gupta


59 | P a g e Network Security & Cryptography

differences of the corresponding ciphertexts, hoping to detect statistical patterns in their


distribution. The resulting pair of differences is called a differential.

Types of Differential Cryptanalysis

1. In cryptography, higher-order differential cryptanalysis is a generalization of


differential cryptanalysis, an attack against block ciphers. Developed in 1994 by Lars
Knudsen, the technique has been applied to a number of ciphers. Whereas ordinary
differential cryptanalysis analyzes the differences between two texts, the higher-order
variant considers differences between differences, etc.
2. In cryptography, truncated differential cryptanalysis is a generalization of differential
cryptanalysis, an attack against block ciphers. Lars Knudsen developed the technique in
1994. Whereas ordinary differential cryptanalysis analyzes the full difference between
two texts, the truncated variant considers differences that are only partially determined.
That is, the attack makes predictions of only some of the bits instead of the full block.
This technique has been applied to SAFER, IDEA, Twofish, CRYPTON, and even the
stream cipher Salsa20.
3. In cryptography, impossible differential cryptanalysis is a form of differential
cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks
differences that propagate through the cipher with greater than expected probability,
impossible differential cryptanalysis exploits differences that are impossible (having
probability 0) at some intermediate state of the cipher algorithm.

10. Block Cipher Modes

In cryptography, modes of operation are the procedure of enabling the repeated and secure use
of a block cipher under a single key. A block cipher by itself allows encryption only of a single
data block of the cipher's block length. When targeting a variable-length message, the data must
first be partitioned into separate cipher blocks. Typically, the last block must also be extended to
match the cipher's block length using a suitable padding scheme.

Copyright © 2018-19 by Dr. Himanshu Gupta


60 | P a g e Network Security & Cryptography

A mode of operation describes the process of encrypting each of these blocks, and generally uses
randomization based on an additional input value, called as initialization vector. An initialization
vector (IV) is a block of bits that is used by several modes to randomize the encryption and
hence to produce distinct ciphertexts even if the same plaintext is encrypted multiple times,
without the need for a slower re-keying process. Modes of operation have primarily been defined
for encryption and authentication.

1. Electronic Codebook Mode (ECB):

In electronic codebook (ECB) mode the plain text is encrypted in 64 bit blocks using the
same encryption key K. The plain text message is divided into 64 bit blocks and if the size of
any block is less than 64 bits then bits are padded. Each 64 bit block is encrypted
independent of other blocks. Hence each block will result in a unique cipher text block and
therefore the codebook is used.

This method is useful for small blocks of data. The drawback of this method is that if the
attacker discovers the encryption algorithm and the key entire data becomes visible to him.

Copyright © 2018-19 by Dr. Himanshu Gupta


61 | P a g e Network Security & Cryptography

2. Cipher Block Chaining Mode (CBC) :

- In CBC mode the cipher text output of the previous round is ex-ored with the current plain
text block and the ex-or output is subjected to the encryption block.
- For the first block of data no previous cipher text block is known and therefore an initial
value is used to ex-or it with the plain text block.
- The advantage of this method is that even if an attacker finds out the encryption key and the
encryption algorithm, he will not be able to decrypt the cipher text block unless the previous
cipher text blocks are known to him.

Copyright © 2018-19 by Dr. Himanshu Gupta


62 | P a g e Network Security & Cryptography

- Another advantage of this method is that same blocks of cipher text will produce different
blocks of cipher text and therefore the structural analysis of data is not possible.

3. Cipher Feedback Mode (CFB) :

- CFB mode converts a block cipher into stream cipher by padding with appropriate number of
bits.
- This mode is suitable for real time applications where s bits of stream data are to be
transmitted immediately.

Copyright © 2018-19 by Dr. Himanshu Gupta


63 | P a g e Network Security & Cryptography

4. Output Feedback Mode (OFB):

- The output feedback (OFB) mode makes a block cipher into a synchronous stream
cipher.
- It generates keystream blocks, which are then XORed with the plaintext blocks to get
the ciphertext.

Copyright © 2018-19 by Dr. Himanshu Gupta


64 | P a g e Network Security & Cryptography

- Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit
in the plaintext at the same location. This property allows many error correcting codes
to function normally even when applied before encryption.
- Each output feedback block cipher operation depends on all previous ones, and so
cannot be performed in parallel.

5. Counter Mode (CTR):

- Like OFB, counter mode turns a block cipher into a stream cipher.
- It generates the next keystream block by encrypting successive values of a "counter". The
counter can be any function which produces a sequence which is guaranteed not to repeat for
a long time, although an actual increment-by-one counter is the simplest and most popular.

Copyright © 2018-19 by Dr. Himanshu Gupta


65 | P a g e Network Security & Cryptography

- CTR mode is widely accepted, and problems resulting from the input function are recognized
as a weakness of the underlying block cipher instead of the CTR mode
- CTR mode has similar characteristics to OFB, but also allows a random access property
during decryption.
- The advantage of this method is that even if the attacker knows the encryption algorithm and
the secret key, he will not be able to decrypt the cipher text until he knows the cipher text.

Copyright © 2018-19 by Dr. Himanshu Gupta


66 | P a g e Network Security & Cryptography

A. Fill in the Blanks:

1. A ______________ is an encryption/decryption scheme in which a block of plaintext is


treated as a whole and used to produce a ciphertext block of equal length.

2. In cryptography, a _______________ is a symmetric key cipher where plaintext digits are


combined with a pseudorandom cipher digit stream (keystream).

3. For the alphabet with 26 letters, there are _____________ possible different plaintext blocks.

4. ________________ is a product cipher and uses two basic ciphers in sequence in such a way
that their result is cryptographically stronger. This method uses a cipher that alternates
substitution and permutation.

5. ________________ is an encryption technique which encrypts the data in 64 bit blocks using
56 bit keys.

6. The _________________ algorithm improve the security of encryption, the plain text is
encrypted multiple times using same DES algorithm but with different keys.

7. ____________________ is a general form of cryptanalysis applicable primarily to block


ciphers, but also to stream ciphers and cryptographic hash functions.

8. In cryptography, __________________ are the procedure of enabling the repeated and secure
use of a block cipher under a single key.

9. In _____________ mode the cipher text output of the previous round is ex-ored with the
current plain text block and the ex-or output is subjected to the encryption block.

10. The _______________ mode makes a block cipher into a synchronous stream cipher. It
generates keystream blocks, which are then XORed with the plaintext blocks to get the
ciphertext.

Copyright © 2018-19 by Dr. Himanshu Gupta


67 | P a g e Network Security & Cryptography

B. Frequently Asked Questions (FAQs)

1. In which principle, the message is broken into blocks, each of which is then encrypted i.e. like
a substitution on very big characters - 64-bits or more?

a) Block Cipher Principle

b) Stream Cipher Principle

c) Confusion & Diffusion Principle

d) None of these

2. In which principle, each plaintext digit is encrypted one at a time with the corresponding digit
of the keystream, to give a digit of the cyphertext stream?

a) Block Cipher Principle

b) Stream Cipher Principle

c) Confusion & Diffusion Principle

d) None of these

3. The Claude Shannon theoretically introduced the following principles that should be followed
to design se-cure cryptographic systems.

a) Block Cipher Principle

b) Stream Cipher Principle

c) Confusion & Diffusion Principle

d) None of these

4. Which algorithm was developed in the early 1970s at IBM and based on an earlier design by
Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) for the
protection of sensitive, unclassified electronic government data?

a) DES

Copyright © 2018-19 by Dr. Himanshu Gupta


68 | P a g e Network Security & Cryptography

b) Triple DES

c) AES

d) RSA

5. Which algorithm uses a 64 bit key as input? Out of the 64 bits every 8th bit is ignored and only
56 bits are used.

a) DES

b) Triple DES

c) AES

d) RSA

6. In which algorithm, the plain text is encrypted by subjecting it to DES algorithm thrice?

a) DES

b) Triple DES

c) AES

d) RSA

7. Which algorithm describes the use of three keys in the following encryption and decryption
process?

C = EK3 [DK2 (EK1 (P))]

P = DK3 [EK2 (DK1(C))]

a) DES

b) Triple DES

c) AES

d) RSA

Copyright © 2018-19 by Dr. Himanshu Gupta


69 | P a g e Network Security & Cryptography

8. Which type of cryptanalysis was proposed by Eli Biham and Adi Shamir in the late 1980s,
who published a number of attacks against various block ciphers and hash functions, including a
theoretical weakness in the Data Encryption Standard (DES)?

a) Simple Cryptanalysis

b) Differential Cryptanalysis

c) Symmetric Cryptanalysis

d) None of these

9. Which mode of operation describes the process of encrypting each of these blocks, and
generally uses randomization based on an additional input value, called as initialization vector?

a) Symmetric Cipher Mode

b) String Cipher Mode

c) Block Cipher Mode

d) None of these

10. Which type of block cipher mode converts a block cipher into stream cipher by padding with
appropriate number of bits?
a) CFB

b) ECB

c) OFB

d) CBC

Copyright © 2018-19 by Dr. Himanshu Gupta


70 | P a g e Network Security & Cryptography

UNIT – III
Public Key Cryptography

1. Number Theory

Group, ring and field are basic notions of abstract algebra, which is widely used in cryptography.

1.1 Group

A group G, sometimes denoted by {G, • }, is a set of elements with a binary operation, denoted
by • , that associates to each ordered pair (a,b) of elements in G an element (a • b) in G, such that
the following axioms are obeyed:

(A1) Closure: If a and belong to G, then a • b is also in G

(A2) Associative: a • (b • c)= (a • b) • c for all a,b,c in G

(A3) Identity element: There is an element e in G such that a • e= e • a=a for all a in G

(A4) Inverse element: For each a in G there is an element a in G such that a • a = a • a=e

A group is said to be abelian if it satisfies the following additional condition:

(A5) Commutative: a • b=b • a for all a,b in G

The set of integers (positive, negative, and 0) under addition is an abelian group. The set of real
numbers under multiplication is an abelian group.

The set S N of permutations is not an abelian group.

When the group operation is addition, the identity element is 0; the inverse element of a is –a;
and the subtraction is defined as: a-b=a+(-b).

Exponentiation within a group is defined as repeated application of the group operation, so that
a 3  a • a • a . We define also a 0  e , the identity element, and a  n  (a ) n , where a is
inverse element for a.

A group G is cyclic if every element of G is a power a k (k – integer) of a fixed element a  G .


The element a is said to generate the group G, or to be a generator of G. A cyclic group is
always abelian, and may be finite or infinite.

Copyright © 2018-19 by Dr. Himanshu Gupta


71 | P a g e Network Security & Cryptography

1.2 Ring

A ring R, sometimes denoted by {R,+,  }, is a set of elements with two binary operations, called
addition and multiplication, such that for all a, b, c in R the following axioms are obeyed:

(A1-A5) R is an abelian group with respect to addition; that is, R satisfies axioms A1
through A5, For this case of an additive group we denote the identity element as 0 and the
inverse of a as –a.

(M1) Closure under multiplication: If a and b belong to R, then ab is also in R


(multiplication, as usually, is shown by concatenation of its operands)

(M2) Associativity of multiplication: a(bc)=(ab)c

(M3) Distributive laws: a(b+c)=ab+ac

(a+b)c=ac+bc

With respect to addition and multiplication, the set of all n-square matrices over the real numbers
is a ring R.

The ring is said to be commutative if it satisfies the following additional condition:

(M4) Commutativity of multiplication: ab=ba

Let S be the set of all even integers under the usual operations of addition and multiplication. S
is a commutative ring. The set of all n-square matrices over the real numbers is not a
commutative ring.

We define integral domain, which is commutative ring that obeys the following axioms:

(M5) Multiplicative identity: There is an element 1 such that a1=1a=a for all a in R

(M6) No zero divisors: If a,b in R and ab=0, then, either a=0 or b=0.

1.3 Field

A field F, sometimes denoted by {F,+,  }, is a set of elements with two operations, called
addition and multiplication, such that for all a, b, c in F the following axioms are obeyed:

Copyright © 2018-19 by Dr. Himanshu Gupta


72 | P a g e Network Security & Cryptography

(A1-M6) F is an integral domain; that is, F satisfies axioms A1 through A5 and M1 through
M6.

(M7) Multiplicative inverse: For each a in F, except 0, there is an element a 1 in F, such


that aa 1  a 1 a  1

In essence, a field is a set in which we can do addition, subtraction, multiplication and division
without leaving the set. Division is defined as: a / b  a(b 1 )

Examples of fields are the rational numbers, real numbers, complex numbers. Set of all integers
is not a field, because not every element of the set has a multiplicative inverse; in fact, only the
elements 1 and -1 have multiplicative inverses in integers.

2. Modular Arithmetic

Modulus operator:

If a is an integer and n is a positive integer, we define a mod n to be the remainder when a is


divided by n.

• Consider a positive integer ‘n’ and any other integer ‘a’.


When a is divided by n we get remainder ‘r’ and quotient ‘q’ such that: a = nq + r

• When the remainder is required and the quotient is not of much significance, then the
operation can be represented using modulus operator as: a mod n = r

• a mod n operation gives the remainder when a is divided by n.


• For example:

Copyright © 2018-19 by Dr. Himanshu Gupta


73 | P a g e Network Security & Cryptography

7 mod 5 = 2

11 mod 7 = 4

Two integers a and b are said to be congruent modulo n, if a mod n = b mod n. This is written as
a  b mod n .

73  4 mod 23;21  9 mod 10

Properties of the Modulo Operator

1. a  b mod n if n|(a-b)
2. a  b mod n implies b  a mod n
3. a  b mod n and b  c mod n imply a  c mod n

Copyright © 2018-19 by Dr. Himanshu Gupta


74 | P a g e Network Security & Cryptography

Exponentiation is performed, as in ordinary arithmetic

To find 117 mod 13, we can proceed as follows:

112  121  4 mod 13


114  4 2  3 mod 13
117  11  4  3  132  2 mod 13

Thus, the rules for ordinary arithmetic involving addition, subtraction, and multiplication carry
over into modular arithmetic.

Congruent modulo integers:

• Two integers a and b are said to be congruent modulo n if: a mod n = b mod n and it is
represented as:

• For example:
17 13 mod 4

35 52 mod 17

Rules of modular arithmetic:

1. a mod n + b mod n = (a + b) mod n


2. a mod n - b mod n = (a - b) mod n
3. a mod n x b mod n = (a x b) mod n

Relatively Prime Numbers

• Two numbers are said to be relatively prime to each other if there is no factor common
between them other than 1 i.e. if their G.C.D is 1.
• Thus a and b are relatively prime to each other if gcd (a,b) = 1
• Any prime number is relatively prime to all numbers other than 1 and its multiples.
• For example:
25 and 33 are relatively prime to each other.

Copyright © 2018-19 by Dr. Himanshu Gupta


75 | P a g e Network Security & Cryptography

7 and 21 are not relatively prime to each other.

3. Fermat’s Theorem

Fermat’s theorem states that if ‘p’ is a prime number and ‘a’ is a positive integer not divisible by
p, then:

Proof:

If p is a prime number and a is a positive integer not divisible by p, then according to modular
arithmetic the set of numbers: { 0 mod p, a mod p, 2a mod p, ...... ,(p-1)a mod p } is identical to
set { 0, 1, 2, ...... , p-1 }.

Since 0 mod p = 0 the first element of the two sets are equal.

Now multiplying the remaining elements of the two sets and taking modulus we get:

[(1a mod p)(2a mod p).....((p-1)a mod p)] mod p = (123.......(p-1)) mod p

Using product rule on RHS:

(a2a.....(p-1)a) mod p = (123.......(p-1)) mod p

ap-1(p-1)! mod p = (p-1)! mod p

Canceling (p-1)! on both sides:

ap-1 mod p = 1 mod p

or ap-1 1 mod p

4. Euler’s Theorem:

Euler’s theorem states that for every a and n that are relatively prime:

Copyright © 2018-19 by Dr. Himanshu Gupta


76 | P a g e Network Security & Cryptography

Proof:

The proof is analogous to that of the Fermat's Theorem except that instead of the set of positive
remainders {1,2,...,n-1} we now consider the set {a1,a2, ...,ar} where ai is relatively prime with n,
hence r = (n).

Now multiply these by a, we get:


a.a1 mod n, a.a2 mod n, .........., a.ar mod n (1)

Now all of these are distinct, if a.ai mod n = a.aj mod n then
n | a.ai - a.aj  n | a (ai - aj)

But since gcd (a, n) = 1, n passes a unchanged and it must be the case that n | (ai - aj). But this
is impossible since (ai - aj) is less than n. Also it can be established that when multiplying (mod
n) two numbers relatively prime with n, the result is another number relatively prime with n. 1

Therefore the set of numbers in (1) is simply a permutation of {a1,a2, ...,ar}. Thus
(a.a1 mod n * a.a2 mod n * ... * a.ar mod n) mod n = (a1 * a2 * ... *ar) mod n

By grouping the a's together and rearranging we get,


ar (a1 * a2 * ... *ar) mod n = (a1 * a2 * ... *ar) mod n

Now we can divide both sides by a1 then a2, as so on. This gives
ar mod n = 1
OR

Copyright © 2018-19 by Dr. Himanshu Gupta


77 | P a g e Network Security & Cryptography

5. Euclidean Algorithm

The Euclidean Algorithm is used to compute the greatest common divisor (gcd) for two
integers a and b (not zero). It is based on the following fact:

If r is the remainder when a is divided by b (see the division algorithm), then gcd (a,b) =
gcd(b,r).

Let a = 2322, b = 654. Find the GCD

gcd(a,b) = gcd (b,r)

2322 = 654*3 + 360 gcd(2322, 654) = gcd(654, 360)

654 = 360*1 + 294 gcd(654, 360) = gcd(360, 294)

360 = 294*1 + 66 gcd(360, 294) = gcd(294, 66)

294 = 66*4 + 30 gcd(294, 66) = gcd(66, 30)

66 = 30*2 + 6 gcd(66, 30) = gcd(30, 6)

30 = 6*5 + 0 (indicates end) gcd(30, 6) = 6

Therefore, gcd(2322,654) = 6.

This ancient algorithm was stated by Euclid in his Elements over 2000 years ago, and is still one
of the most efficient ways to find the greatest common divisor of two integers

6. The Chinese Remainder Theorem

Let m and n be integers with gcd (m, n) = 1, M = mn and let b and c be any integers. Then the
simultaneous congruences x  b (mod m ) and x  c (mod n ) have exactly one solution with 0 
x  M.

Copyright © 2018-19 by Dr. Himanshu Gupta


78 | P a g e Network Security & Cryptography

Proof2:

We begin by solving the congruence x  b (mod m). The solution consists of all numbers of the
form x  my  b . We substitute this into the second congruence, which yields

my  c  b (mod n ).

We are given that gcd (m, n) = 1, so the Linear Congruence Theorem tells us that there is
exactly one solution y1 with 0  y1  n. Then the solution to the original is given by

x1  my1  b ;

and this will be the only solution x1 with 0  x  M , since there is only one y1 between 0 and n ,
and we multiplied y1 by m to get x1 . This completes the proof.

Examples:

1. Suppose we want to solve x  8 (mod 11) and x  3 (mod 19).

As stated in the proof, we write the solutions of the first congruence in the form of x = 11y + 8
and substitute it into the second congruence, which yields 11y  -5 (mod 19) which is equal to
11y  14 (mod 19) and equal to 11y  33 (mod 19). Then we divide both sides of the
congruence by 11 and we get y  3 (mod 19), now we can find the solution to the first
congruence, x = 11y + 8 = 11 (3) + 8 = 41.

Finally we want to check whether our answer is accurate, so substitute 41 for x and see that

41  8 (mod 11) = 33  0 (mod 11) and 41  3 (mod 19) = 38  0 (mod 19).

7. Principles of Public Key Cryptographic Systems

Public key encryption is based on using different keys for encryption and decryption purposes. In
public key encryption each communicating party generates a pair of keys. One of the keys is

Copyright © 2018-19 by Dr. Himanshu Gupta


79 | P a g e Network Security & Cryptography

publicly available and is therefore called the public key KU. The other key is known only to the
respective party and therefore called as private key KR.

The keys are generated in such a way that a message encrypted using the public key can be
decrypted using the private key only while a message encrypted using the public key can be
decrypted using the private key only.

Public key encryption can be used for authentication and confidentiality both and it also
eliminates the need for a secure medium for distribution of secure keys.

Steps involved in public key encryption:

1. Each communicating entity generates a pair of keys to be used for encryption and decryption
of messages.
2. One of the keys is kept secret and is known only to the user. This key is the private key.
3. The other key is placed in the public register and is accessible to every one. This key is the
public key.
4. Keys are used for encryption and decryption depending on the application.

Data confidentiality using public key encryption:

Confidentiality refers to the security of the information while it is transmitted through an


insecure channel. No other entity except the intended receiver should be able to view the
message.

Following figure shows how data confidentiality is obtained using public key encryption:

Copyright © 2018-19 by Dr. Himanshu Gupta


80 | P a g e Network Security & Cryptography

A source A produces messages in plain text P = [P1, P2, ......] where the elements P1, P2, P3,
...... are letters in some finite alphabet.

The receiver of the message B generates a pair of key i.e. a private key KRB known only to B
and a public key KUB known to everyone including A.

For confidentiality the receiver’s public key is used for encryption. A message encrypted using
the receiver’s public key can be decrypted using the receiver’s private key only. Since the private
key is known to no one else, the message will be secure from everyone and confidentiality will
be achieved.

Therefore A encrypts the plain text message using the receiver’s public key KUB and the cipher
text of the form C = [C1, C2, ......].

C = EKUB[P]

Upon reception B decrypts this message using the private key and generates the plain text
message as:

P = DKRB[C]

This method ensures confidentiality but not authentication as anyone having the public key of B
can forge a message masquerading as A.

Authentication using public key encryption:

Authentication refers to the genuineness of the communicating entities. For example if A and B
are communicating, both A and B should be aware of each other’s identities.

Authentication can be implemented using public key encryption in the following manner:

Copyright © 2018-19 by Dr. Himanshu Gupta


81 | P a g e Network Security & Cryptography

Here the sender A generates a plain text message P and encrypts this message using his private
key KRA to generate the cipher text C as:

C = EKRA[X]

Since this message is encrypted using the private key of the sender, it can be decrypted only
using the public key of the sender. Therefore if a communicating party is able to decrypt the
message using the public key, the identity of the sender will be authenticated as no one else can
encrypt a message using the private key.

Upon reception the receiver decrypts the message as: P = DKUA[C]

This method provides authentication but not confidentiality as the message is encrypted using the
sender’s private key and everyone having the public key can decrypt the message and view the
contents.

Authentication and confidentiality using public key encryption:

Authentication and confidentiality both can ensured using public key encryption by subjecting
the plain text message to two rounds of encryption as shown in the figure:

Copyright © 2018-19 by Dr. Himanshu Gupta


82 | P a g e Network Security & Cryptography

As shown in the figure the message is encrypted twice first using the sender’s private key and
then using the receiver’s public key.

The public key of the receiver is used to ensure confidentiality the private key of the sender is
used to authenticate the sender.

The cipher text is generated as:

C = EKUB[EKRA(P)]

The cipher text is decrypted as:

P = DKRB[DKUA(C)]

The disadvantage of this method is that the complex encryption algorithm has to be executed
twice at each end which increases the processing time.

Requirements of public key encryption:

1. It should be computationally feasible for all the communicating parties to generate a key pair
(KU, KR)
2. It should be computationally feasible for a sender A knowing the public key of the receiver B
to generate cipher text as C = EKUB(P).
3. It should be computationally feasible for the receiver B to decrypt the cipher text and obtain
the original message as P = DKRB(C).
4. It should be computationally infeasible for an attacker who knows KU to find KR.
5. It should be computationally infeasible for an attacker who knows C and KU to find P.

Copyright © 2018-19 by Dr. Himanshu Gupta


83 | P a g e Network Security & Cryptography

6. Encryption and decryption functions can be applied in any order:


M = EKUB[DKRB(M)] = DKUB[EKRB(M)] = EKRB[DKUB(M)] = DKRB[EKUB(M)]

8. Advanced Encryption Standard (AES)

The principal drawback of 3DES (which was recommended in 1999, Federal Information
Processing Standard FIPS PUB 46-3 as new standard with 168-bit key) is that the algorithm is
relatively sluggish in software. A secondary drawback is the use of 64-bit block size. For reasons
of both efficiency and security, a larger block size is desirable.

In 1997, National Institute of Standards and Technology NIST issued a call for proposals for a
new Advanced Encryption Standard (AES), which should have security strength equal to or
better than 3DES, and significantly improved efficiency. In addition, NIST also specified that
AES must be a symmetric block cipher with a block length of 128 bits and support for key
lengths of 128, 192, and 256 bits.

In a first round of evaluation, 15 proposed algorithms were accepted. A 2nd round narrowed to 5
algorithms. NIST completed its evaluation process and published a final standard (FIPS PUB
197) in November, 2001. NIST selected Rijndael as the proposed AES algorithm. The 2
researches of AES are Dr. Joan Daemon and Dr. Vincent Rijmen from Belgium.

General Detail

Designers Vincent Rijmen, Joan Daemen

First published 1998

Derived from Square

Successors Anubis, Grand Cru

Certification AES winner, CRYPTREC, NESSIE, NSA

Cipher detail

Key sizes 128, 192 or 256 bits

Block sizes 128 bits

Copyright © 2018-19 by Dr. Himanshu Gupta


84 | P a g e Network Security & Cryptography

Structure Substitution-permutation network

Rounds 10, 12 or 14 (depending on key size)

Working Principle of AES

A number of AES parameters depend on the key length. In the description of this section, we
assume the key length of 128 bits. The input to the encryption and decryption algorithm is a
single 128-bit block; this block is depicted as a square matrix of bytes. This block is copied into
the State array, which is modified at each stage of encryption or decryption. After the final stage,
State is copied to an output matrix. AES is based on a design principle known as a substitution-
permutation network, and is fast in both software and hardware. Unlike its predecessor DES, AES does
not use a Feistel network. AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key
size of 128, 192, or 256 bits. By contrast, the Rijndael specification per se is specified with block and key
sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.

Copyright © 2018-19 by Dr. Himanshu Gupta


85 | P a g e Network Security & Cryptography

AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some
versions of Rijndael have a larger block size and have additional columns in the state. Most AES
calculations are done in a special finite field.

The key size used for an AES cipher specifies the number of repetitions of transformation rounds
that convert the input, called the plaintext, into the final output, called the ciphertext. The
number of cycles of repetition are as follows:

• 10 cycles of repetition for 128 bit keys.


• 12 cycles of repetition for 192 bit keys.
• 14 cycles of repetition for 256 bit keys.

Each round consists of several processing steps, including one that depends on the encryption
key itself. A set of reverse rounds are applied to transform ciphertext back into the original
plaintext using the same encryption key.

High-level description of the AES Algorithm

1. KeyExpansion—round keys are derived from the cipher key using Rijndael's key
schedule
2. Initial Round
1. AddRoundKey—each byte of the state is combined with the round key using
bitwise xor
3. Rounds
1. SubBytes—a non-linear substitution step where each byte is replaced with another
according to a lookup table.
2. ShiftRows—a transposition step where each row of the state is shifted cyclically a
certain number of steps.
3. MixColumns—a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
4. AddRoundKey
4. Final Round (no MixColumns)
1. SubBytes

Copyright © 2018-19 by Dr. Himanshu Gupta


86 | P a g e Network Security & Cryptography

2. ShiftRows
3. AddRoundKey

(a) In the SubBytes step, each byte in the state is replaced with its entry in a fixed 8-bit
lookup table, S; bij = S(aij).

(b) In the ShiftRows step, bytes in each row of the state are shifted cyclically to the left. The
number of places each byte is shifted differs for each row.

Copyright © 2018-19 by Dr. Himanshu Gupta


87 | P a g e Network Security & Cryptography

(c) In the MixColumns step, each column of the state is multiplied with a fixed polynomial
c(x).

(d) In the AddRoundKey step, each byte of the state is combined with a byte of the round
subkey using the XOR operation (⊕).

9. RSA Algorithm

RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of
factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and
Leonard Adleman, who first publicly described it in 1977. A user of RSA creates and then
publishes the product of two large prime numbers, along with an auxiliary value, as their public
key.

The RSA algorithm consists of following modules:

I. Key Generation:

RSA involves a public key and a private key. The public key can be known to everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted
using the private key. The keys for the RSA algorithm are generated the following way:

1. Choose two distinct prime numbers p and q.

Copyright © 2018-19 by Dr. Himanshu Gupta


88 | P a g e Network Security & Cryptography

o For security purposes, the integers p and q should be chosen at random, and should be of
similar bit-length.
2. Compute n = pq.
o n is used as the modulus for both the public and private keys
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1; i.e., e
and φ(n) are coprime.
o e is released as the public key exponent.
o e having a short bit-length and small Hamming weight results in more efficient
encryption - most commonly 0x10001 = 65,537. However, small values of e (such as 3)
have been shown to be less secure in some settings.
5. Determine d as:

e*d 1 mod Ф

i.e., d is the multiplicative inverse of e mod φ(n).

• This is more clearly stated as solve for d given (de) = 1 mod φ(n)
• This is often computed using the extended Euclidean algorithm.
• d is kept as the private key exponent.

By construction, d*e= 1 mod φ(n). The public key consists of the modulus n and the public (or
encryption) exponent e. The private key consists of the modulus n and the private (or
decryption) exponent d which must be kept secret.

II. Encryption:
The sender encrypts the message M as:

1. Obtain the KU of the intended receiver.


2. Represent the message M in integer in the interval 0 to n-1.
3. Compute C = Me mod n and send it to the intended receiver.

III. Decryption:
The receiver recovers the plain text from the cipher text as:

Copyright © 2018-19 by Dr. Himanshu Gupta


89 | P a g e Network Security & Cryptography

P = Cd mod n = Med mod n

Note: even though we have to select the values of p and q which are similar, we cannot
take very nearby values because if then .

RSA Implementation for Encryption and Decryption

An Example of RSA Algorithm

Copyright © 2018-19 by Dr. Himanshu Gupta


90 | P a g e Network Security & Cryptography

A. Fill in the Blanks:

1. A group is said to be abelian if it satisfies the additional condition as _______________.

2. A group G is cyclic if every element of G is a power _____________ of a fixed element

a G .

3. A ring R, sometimes denoted by {R, +,  }, is a set of elements with two binary operations,
called ___________________.

4. Set of all integers is not a field, because not every element of the set has a
__________________.

5. If a is an integer and n is a positive integer, we define ______________ to be the remainder


when a is divided by n.

6. Two integers a and b are said to be congruent modulo n, if ______________. This is written as
a  b mod n .

7. Two numbers are said to be relatively prime to each other if there G.C.D is ______________.

8. _________________ theorem states that if ‘p’ is a prime number and ‘a’ is a positive integer

not divisible by p, then .

9. The _________________ is used to compute the greatest common divisor (gcd) for two
integers a and b (not zero).

10. Public key encryption can be used for ________________ both and it also eliminates the
need for a secure medium for distribution of secure keys.

B. Frequently Asked Questions (FAQs)

1. A group G, sometimes denoted by {G, • }, is a set of elements with a binary operation, such
that the various axioms are obeyed. These are described as

Copyright © 2018-19 by Dr. Himanshu Gupta


91 | P a g e Network Security & Cryptography

a) Closure

b) Associative

c) Identity and Inverse Element

d) All of the above

2. Set of all integers is not a field, because not every element of the set has a

a) Complex Number

b) Identity Element

c) Multiplicative Inverse

d) None of these

3. Two integers a and b are said to be congruent modulo n, if

a) a  b mod n

b) a  n mod b

c) b  a mod n

d) None of these

4. Two numbers are said to be relatively prime to each other if there is no factor common
between them other than

a) 1

b) 2

c) 3

d) 0

Copyright © 2018-19 by Dr. Himanshu Gupta


92 | P a g e Network Security & Cryptography

5. If m and n be integers with gcd (m, n) = 1, M = mn and let b and c be any integers. Then the
simultaneous congruences x  b (mod m ) and x  c (mod n ) have exactly one solution with 0 
x  M. This principle is called

a) Fermat’s Principle

b) Chinese Remainder Theorem

c) Euclidian Theorem

d) Euler’s Theorem

6. Which theorem states that if ‘p’ is a prime number and ‘a’ is a positive integer not divisible by
p, then ap-1 1 mod p

a) Fermat’s Principle

b) Chinese Remainder Theorem

c) Euclidian Theorem

d) Euler’s Theorem

7. Which algorithm describes that for every a and n that are relatively prime as ?

a) Fermat’s Principle

b) Chinese Remainder Theorem

c) Euclidian Theorem

d) Euler’s Theorem

8. Which algorithm is used to compute the greatest common divisor (gcd) for two integers a and
b (not zero) ?

a) Fermat’s Principle

b) Chinese Remainder Theorem

Copyright © 2018-19 by Dr. Himanshu Gupta


93 | P a g e Network Security & Cryptography

c) Euclidian Theorem

d) Euler’s Theorem

9. In which encryption each communicating party generates a pair of keys?

a) Public Key Encryption

b) Symmetric Key Encryption

c) Private Key Encryption

d) None of these

10. Authentication refers to the genuineness of the communicating entities. For example if A and
B are communicating, both A and B should be aware of each other’s

a) Identity

b) Network

c) Application

d) None of these

Copyright © 2018-19 by Dr. Himanshu Gupta


94 | P a g e Network Security & Cryptography

UNIT – IV
Authentication Standards

1. Message Authentication

The process of verifying the integrity and authenticity of transmitted messages is called message
authentication. Message authentication provides two services. It provides a way to ensure
message integrity and a way to verify who sent the message.

Purpose of Message Authentication:

There are three main aspects of message authentication-

1. Protecting the integrity of the message.


Preventing the messages from getting modified during transit and in the case of any
modification the receiver should be able to detect it and discard the message.

2. Validating the identity of the originator.


Authentication scheme should ensure that the sender of the message is same individual as
in indicated by the identity in the message.

3. Non repudiation of origin.


The authentication scheme should be able resolve the disputes resulting due to sender
denying any message which has its identity.

Requirements of authentication:

For any message to be authenticated following attacks must be prevented-

Copyright © 2018-19 by Dr. Himanshu Gupta


95 | P a g e Network Security & Cryptography

1. Disclosure
2. Traffic analysis
3. Masquerade
4. Content modification
5. Sequence modification
6. Timing modification
7. Source repudiation
8. Destination repudiation

2. Message Authentication Functions

Message
authentication
functions

Message
Message
authentication Hash function
encryption
code (MAC)

I. Message encryption:

Here the cipher text of the message serves as its authenticator.

1. Symmetric encryption:
In symmetric encryption a source A transmits a message M to a receiver B after
encrypting it with a secret key K shared between A and B.

Copyright © 2018-19 by Dr. Himanshu Gupta


96 | P a g e Network Security & Cryptography

Since no other party knows the secret key K, confidentiality is provided. It also
authenticates the two parties for each other. If party B receives a message encrypted
using key K and containing the identity of A, it is assured that it was generated by A as
no other party knows the secret key K.

2. Public key encryption:


Direct use of public key encryption:

In public key encryption sender A generates a message M and encrypts it using public
key KUB of the intended receiver B. upon reception party B decrypts the message using
its private key KRB.

The direct use of public key encryption provides only confidentiality and not
authentication because an attacker can easily obtain the public key of party B and forge a
message using identity of party A as shown:

Attacker C: EKUB [M, IDA]

Upon reception of such a message party B will not be able to detect that the message is
unauthorized.

Encryption using private key:

Copyright © 2018-19 by Dr. Himanshu Gupta


97 | P a g e Network Security & Cryptography

Here the sender A transmits a message M to the receiver B after encrypting it using its
private key KRA. Upon reception B decrypts this message using the public key KUA of
A and obtains M.

This method provides authentication because if B is able to decrypt the message using
KUA, it was definitely encrypted using KRA which is known only to A and no other
party. Only A can encrypt a message using its private key and therefore it is authenticity
is confirmed.

The drawback of this method is that it does not provide confidentiality because anyone
can obtain the public key KUA of A and decrypt the messages.

Authentication using multiple encryption:

In this method every message is encrypted twice before being transmitted to the receiver.

Here the sender A first encrypts the message using its private key KRA and then again using the
public key KUB of the receiver.

This method provides authentication and confidentiality both but at the cost of extra processing
time for running the complex encryption algorithm twice.

Drawbacks of using message encryption to provide authentication:

Copyright © 2018-19 by Dr. Himanshu Gupta


98 | P a g e Network Security & Cryptography

• This method provides partial authentication by authenticating only the sender of the
message and not the contents of the message. Any attacker can obtain a copy of cipher text
and remove some bits from it or rearrange the bits even if he is not able to decrypt the
message. Such types of attacks cannot be prevented and only solution is to detect and
discard such messages. This method provides no mechanism for detecting such
unauthorized modifications.
• To provide both authentication and confidentiality, the complex encryption algorithm has
to be used twice which increases the load on the system and the processing time.

II. Message authentication code (MAC):

In this method an additional data called as cryptographic checksum or message authentication


code (MAC) is added to the message which serves as its authenticator.

Following figure shows the procedure for authentication using MAC:

The sender A generates a message M to be transmitted to receiver B.

The cryptographic checksum is calculated by subjecting M to a function C called as MAC


function using the secret key K.

MAC = CK (M)

This cryptographic checksum or MAC value is then appended to the original message and then
transmitted to the intended receiver.

Copyright © 2018-19 by Dr. Himanshu Gupta


99 | P a g e Network Security & Cryptography

The MAC function and the secret key are known only to the two communicating parties
involved.

Upon reception, the receiver separates the message and MAC and then recalculates the MAC
value from M using K. If the received MAC value and the recalculated MAC value are equal, the
message is authenticated otherwise it is discarded.

The message authentication is based on the fact even if an attacker is able to modify the message,
he cannot modify the MAC value accordingly as he does not know the MAC function or the
secret key. If an attacker modifies the message to produce an unauthorized effect, the
recalculated MAC value and the received MAC value will not match and the message will be
discarded at the receiving end.

Requirement of MAC:

1. If an attacker observes M and CK (M), it should be computationally infeasible for him


to construct a message M’ such that: CK (M’) = CK (M).
2. CK (M) should be uniformly distributed in the sense that for randomly chosen messages
M and M’, the probability that CK (M’) = CK (M) is 2-n where n is the number of bits in
MAC.
3. MAC should depend equally on all bits of the message.

III. Hash function:

Hash function is a public function that maps a message of any length into a fixed length hash
value which serves as its authenticator.

Fig. shows the basic procedure involved in authentication using hash function:

Copyright © 2018-19 by Dr. Himanshu Gupta


100 | P a g e Network Security & Cryptography

The sender generates the message M and the hash value ‘h’ is calculated by subjecting M to hash
function as: h = H (M). This value is appended to the message at the source.

The receiver authenticates the message by recomputing the hash value from the message and
then comparing it with the received hash value.

Authentication is based on the fact that it is not possible for an attacker to modify the message
and the hash value accordingly. Hence even if an attacker modifies the message it will be
detected at the receiving end as the calculated and received hash values will not match.

Practical implementations of authentication using hash function:

1. Implementation using symmetric encryption:

2. Implementation using public key encryption:

3. Implementation using public key encryption and a secret data:

Properties of hash function:

Copyright © 2018-19 by Dr. Himanshu Gupta


101 | P a g e Network Security & Cryptography

1. The hash function produces a fixed length output for variable length input.
2. It can be applied on a block of data of any size.
3. H (x) should be relatively easier to calculate for any x, so that hardware and software
implementation is possible.
4. One way property: For any given value h, it is computationally infeasible to find x such
that H (x) = h.
5. Weak collision resistance: For any block x, it is computationally infeasible to find y not
equal to x such that H(x) = H(y).
6. Strong collision resistance: It is computationally infeasible to find any pair (x,y) such
that H(x) = H(y).

3. Security of Hash Function

A cryptographic hash function is similar to a checksum. The main difference is that while a
checksum is designed to detect accidental alterations in data, a cryptographic hash function is
designed to detect deliberate alterations. When data is processed by a cryptographic hash
function, a small string of bits, known as a hash, is generated. The slightest change to the
message typically makes a large change in the resulting hash. A cryptographic hash function
does not require a cryptographic key.

When sending encrypted data, SSL typically uses a cryptographic hash function to ensure data
integrity. The hash function prevents Charlie from tampering with data that Alice sends to Bob.
Two hash functions often used with SSL are Message Digest 5 (MD5) and Secure Hash
Algorithm (SHA).

4. Secure Hash Algorithm (SHA)

The Secure Hash Algorithm is a family of cryptographic hash functions published by the
National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing
Standard (FIPS):

Copyright © 2018-19 by Dr. Himanshu Gupta


102 | P a g e Network Security & Cryptography

SHA-0

A retronym applied to the original version of the 160-bit hash function published in 1993
under the name "SHA". It was withdrawn shortly after publication due to an undisclosed
"significant flaw" and replaced by the slightly revised version SHA-1.

SHA-1

A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed
by the National Security Agency (NSA) to be part of the Digital Signature Algorithm.

SHA-2

A family of two similar hash functions, with different block sizes, known as SHA-256
and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512
uses 64-bit words. There are also truncated versions of each standardized, known as
SHA-224 and SHA-384. These were also designed by the NSA.

SHA-3

A hash function chosen in a public review process from non-government designers.

The secure hash algorithm takes as input a message with a maximum length less than 264 bits and
produces a 160 bit message digest. The input is produced in 512 bit blocks and following steps
are involved in the processing:

1. The message is padded so that its length is congruent to 448 modulo 512. Padding is
always added even if the message is of desired length.
The number of padding bits is in the range of 1 to 512 bits and the padding consists of a
single 1–bit followed by the necessary number of 0 bits.

2. A block of 64 bits is appended to the message. This block is treated as an unsigned 64-bit
integer and contains the length of the original message before padding.

Copyright © 2018-19 by Dr. Himanshu Gupta


103 | P a g e Network Security & Cryptography

3. A 160 bit buffer is used to hold intermediate and final results of the hash value. The
buffer is represented by five 32-bit registers A, B, C, D and E. These buffers are
initialized to following hexadecimal values:
A = 67452301 B = EFCDAB89

C = 98BADCFE D = 10325476

E = C3D2E1F0

4. The message is processed in 512 bit or 16-word blocks.


The algorithm consists of module having rounds of processing of 20 steps each. There are
four rounds having similar structure but using different primitive logical functions.

Each round takes as input, the current 512 bit block i.e. Yq and the 160 bit buffer value
ABCDE and updates the contents of the buffer.

5. After all the 512 bit blocks have been processed, the output from the Lth stage is the 160
bit message digest or the hash value where L is the number of blocks in the message.

Copyright © 2018-19 by Dr. Himanshu Gupta


104 | P a g e Network Security & Cryptography

5. Message Digest
A message digest (also known as a cryptographic checksum or cryptographic hashcode) is
nothing more than a number - a special number that is effectively a hashcode produced by a
function that is very difficult to reverse.

A message digest is also a hash function. It takes a variable length input - often an entire disk
file - and reduces it to a small value (typically 128 to 512 bits). Give it the same input, and it
always produces the same output. And, because the output is very much smaller than the
potential input, for at least one of the output values there must be more than one input value that
can produce it; we would expect that to be true for all possible output values for a good message
digest algorithm.

Properties of Message Digest

There are two other important properties of good message digest algorithms.

1. The first is that the algorithm cannot be predicted or reversed. That is, given a particular
output value, we cannot determine an input to the algorithm that will produce that output.
With at least 128 bits of output, a brute force attack is pretty much out of the question, as
there will be 1.7 x 1038 possible input values of the same length to try, on average, before
finding one that generates the correct output.
2. The second useful property of message digest algorithms is that a small change in the
input results in a significant change in the output. Change a single input bit, and roughly
half of the output bits should change. This is actually a consequence of the first property,
because we don't want the output to be predictable based on the input. However, this
aspect is a valuable property of the message digest all by itself.

Working Criteria of Message Digest

To understand how it can be used as an authentication system for anyone who is distributing
digital documents: simply publish your documents electronically, distribute them on the Internet,
and for each document also publish its message digest. Then, if you want to be sure that the copy

Copyright © 2018-19 by Dr. Himanshu Gupta


105 | P a g e Network Security & Cryptography

of the document you download from the Internet is an unaltered copy of the original, simply
recalculate the document's message digest and compare it with the one for the document that you
published. If they match, you know you've got the same document as the original.

5.1 Message Digest 5 (MD5)

MD5 algorithm was developed by Professor Ronald L. Rivest in 1991. According to RFC 1321,
“MD5 message-digest algorithm takes as input a message of arbitrary length and produces as
output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is
computationally infeasible to produce two messages having the same message digest, or to
produce any message having a given prespecified target message digest. The MD5 algorithm is
intended for digital signature applications, where a large file must be "compressed" in a secure
manner before being encrypted with a private (secret) key under a public-key cryptosystem such
as RSA. MD5 is considered one of the most efficient algorithms currently available and being
used widely today.

MD5 Algorithm Description

MD5 algorithm uses four rounds, each applying one of four non-linear functions to each sixteen
32-bit segments of a 512-bit block source text. The result is a 128-bit digest. Figure 1 is a graph
representation that illustrates the structure of the MD5 algorithm.

The structure of MD5 algorithm

Copyright © 2018-19 by Dr. Himanshu Gupta


106 | P a g e Network Security & Cryptography

MD5 algorithm takes a b-bit message as input, where b is an arbitrary nonnegative integer. The
following five steps are performed in C programming language to compute the message digest of
the input message.

Step1. Append padding bits


The input message is "padded" (extended) so that its length (in bits) equals to 448 mod 512.
Padding is always performed, even if the length of the message is already 448 mod 512.
Step2. Append length

A 64-bit representation of b is appended to the result of step1. If b is greater than 2^64, then only
the low-order 64 bits of b are used. The resulting message (after padding with bits and with b)
has a length that is an exact multiple of 512 bits. The input message will have a length that is an
exact multiple of 16 (32-bit) words.

Step3. Initialize MD buffer

A four-word buffer (A, B, C, D) is used to compute the message digest. Each of A, B, C, D is a


32-bit register. These registers are initialized in hexadecimal value, low-order bytes first

Step4. Process message in 16-word blocks

Four auxiliary functions will be defined such that each function takes an input of three 32-bit
words and produces a 32-bit word output.

Step5. Output

The message digest produced is A, B, C, and D, beginning with the low-order byte of A, and end
with the high-order byte of D.

6. Birthday Attack

Copyright © 2018-19 by Dr. Himanshu Gupta


107 | P a g e Network Security & Cryptography

A birthday attack is a type of cryptographic attack that exploits the mathematics behind the
birthday problem in probability theory. This attack can be used to abuse communication between
two or more parties. The attack depends on the higher likelihood of collisions found between
random attack attempts and a fixed degree of permutations (pigeonholes), as described in the birthday
problem/paradox.

Birthday attacks are a class of brute-force techniques used in an attempt to solve a class of
cryptographic hash function problems. These methods take advantage of functions which, when
supplied with a random input, return one of equally likely values. By repeatedly evaluating the

function for different inputs, the same output is expected to be obtained after about
evaluations.

The birthday attack is an attack that can discover collisions in hashing algorithms, such as MD5 or SHA1. It is
based on the Birthday Paradox, which states that if there are 23 people in a room, the odds are slightly greater than
50% that two will share the same birthday. The odds might appear counterintuitive. The key to understanding the
attack is remembering that it is the odds of any two people (out of the 23) sharing a birthday and it is not the odds
of sharing a birthday with a specific person.

Alice is in a room with 23 people and has 22 chances to share a birthday with anyone else (there are 22 pairs of
people). If she fails to match, she leaves, and Bob has 21 chances to share a birthday with anyone else. If he fails to
match, Carol has 20 chances, and so on. Twenty-two pairs, plus 21 pairs, plus 20… plus one pair equals 253 pairs.
Each pair has a1/365 chance of having a matching birthday, and the odds of a match cross 50% at 253 pairs.

7. Digital Signature

A digital signature or digital signature scheme is a mathematical scheme for demonstrating the
authenticity of a digital message or document. A valid digital signature gives a recipient reason
to believe that the message was created by a known sender, and that it was not altered in transit.
Digital signatures are commonly used for software distribution, financial transactions, and in
other cases where it is important to detect forgery or tampering.

A digital signature scheme typically consists of three algorithms:

Copyright © 2018-19 by Dr. Himanshu Gupta


108 | P a g e Network Security & Cryptography

• A key generation algorithm that selects a private key uniformly at random from a set of
possible private keys. The algorithm outputs the private key and a corresponding public
key.
• A signing algorithm that, given a message and a private key, produces a signature.
• A signature verifying algorithm that, given a message, public key and a signature, either
accepts or rejects the message's claim to authenticity.

Two main properties are required. First, a signature generated from a fixed message and fixed
private key should verify the authenticity of that message by using the corresponding public key.
Secondly, it should be computationally infeasible to generate a valid signature for a party who
does not possess the private key.

Signature Generation:

The digital signature for a message is generated in two steps:

1. A message digest is generated. A message digest is a 'summary' of the message we are


going to transmit, and has two important properties:

Copyright © 2018-19 by Dr. Himanshu Gupta


109 | P a g e Network Security & Cryptography

(1) It is always smaller than the message itself and

(2) Even the slightest change in the message produces a different digest. The message
digest is generated using a set of hashing algorithms.

2. The message digest is encrypted using the sender's private key. The resulting encrypted
message digest is the digital signature.

Signature Verification:

The digital signature is attached to the message, and sent to the receiver. The receiver then does
the following:

1. Using the sender's public key, decrypts the digital signature to obtain the message digest
generated by the sender.
2. Uses the same message digest algorithm used by the sender to generate a message digest
of the received message.
3. Compares both message digests (the one sent by the sender as a digital signature, and the
one generated by the receiver). If they are not exactly the same, the message has been
tampered with by a third party.

Copyright © 2018-19 by Dr. Himanshu Gupta


110 | P a g e Network Security & Cryptography

Generation and Verification of Digital Signature

Using public-key cryptography in this manner ensures integrity, because we have a way of
knowing if the message we received is exactly what was sent by the sender. However, notice
how the above example guarantees only integrity. The message itself is sent unencrypted. To add
privacy to this conversation, we would simply need to encrypt the message as explained in the
first diagram.

8. Digital Signature Standard

The Digital Signature Standard (DSS) is a cryptographic standard proposed by the National
Institute of Standards and Technology (NIST) in 1994. It has been adopted as the federal
standard for authenticating electronic documents, much as a written signature verifies the
authenticity of a paper document.

Copyright © 2018-19 by Dr. Himanshu Gupta


111 | P a g e Network Security & Cryptography

It is based on an algorithm using discrete logarithms, which is a variant of the Elgamal algorithm
with Schnorr's improvements. DSS's security is currently considered very strong - comparable to
RSA. It is estimated that DSS's 1024-bit keys would take 1.4E16 MIPS-years to crack.

There are three algorithms that are suitable for digital signature generation under the DSS
standard. They are the Digital Signature Algorithm (DSA), the RSA algorithm, and the Elliptic
Curve Digital Signature Algorithm (ECDSA). Also in this standard is a hash function to be used
in the signature generation process. It is used to obtain a condensed version of the data, which is
called a message digest. This message digest is then put into the digital signature algorithm to
generate the digitally signed message. The same hash function is used in the verification process
as well. The hash function used in the DSS standard is specified in the Secure Hash Standard
(SHS), which are the specifications for the Secure Hash Algorithm (SHA). When a message of
any length < 264 bits is input, the SHA produces a 160-bit output (message digest). Signing the
message digest rather than the message often improves the efficiency of the process because the
message digest is usually much smaller in size than the message.

9. Digital Signature Algorithm (DSA)

DSA was a signature scheme approved by US Federal Government. It is used with SHA hash
algorithm. It was designed by NIST & NSA in early 90's. It has been quite widely accepted.
DSA is a pair of large numbers that are computed according to the specified algorithm within
parameters that enable the authentication of the signatory, and as a consequence, the integrity of
the data attached.

Digital signatures are generated through DSA, as well as verified. Signatures are generated in
conjunction with the use of a private key; verification takes place in reference to a corresponding
public key. Each signatory has their own paired public (assumed to be known to the general
public) and private (known only to the user) keys. Because a signature can only be generated by
an authorized person using their private key, the corresponding public key can be used by anyone
to verify the signature.

Copyright © 2018-19 by Dr. Himanshu Gupta


112 | P a g e Network Security & Cryptography

DSA is designed to provide strong signatures without allowing easy use for encryption. However
this signature scheme has advantages, being both smaller (320 vs 1024bit) and faster (much of
the computation is done modulo a 160 bit number) than RSA.

DSA Key Generation

• firstly shared global public key values (p,q,g) are chosen:


o choose a large prime p = 2L
o where L= 512 to 1024 bits and is a multiple of 64
o choose q, a 160 bit prime factor of p-1
o choose g = h(p-1)/q
o for any h<p-1, h(p-1)/q(mod p)>1
• then each user chooses a private key and computes their public key:
o choose x<q
o compute y = gx(mod p)

DSA key generation is related to, but somewhat more complex than El Gamal. Mostly
because of the use of the secondary 160-bit modulus q used to help speed up calculations
and reduce the size of the resulting signature.

DSA Signature Creation and Verification

• to sign a message M
o generate random signature key k, k<q
o compute
▪ r = (gk(mod p))(mod q)
▪ s = k-1.SHA(M)+ x.r (mod q)
o send signature (r,s) with message
• to verify a signature, compute:
o w = s-1(mod q)
o u1= (SHA(M).w)(mod q)
o u2= r.w(mod q)
o v = (gu1.yu2(mod p))(mod q)

Copyright © 2018-19 by Dr. Himanshu Gupta


113 | P a g e Network Security & Cryptography

o if v=r then the signature is verified

Security of DSA is regarded as high (basically as good as RSA or ElGamal with same
sized modulus), but it’s more efficient. Hence it’s now a popular choice.

A. Fill in the Blanks:

1. The process of verifying the integrity and authenticity of transmitted messages is called
_________________.

2. If an attacker modifies the message to produce an unauthorized effect, the recalculated


_________ value and the received _____________ value will not match and the message will be
discarded at the receiving end.

Copyright © 2018-19 by Dr. Himanshu Gupta


114 | P a g e Network Security & Cryptography

3. The ______________ function produces a fixed length output for variable length input.

4. A cryptographic hash function does not require a __________________ key.

5. A _________ bit hash function which resembles the earlier MD5 algorithm.

6. The secure hash algorithm takes as input a message with a maximum length less than 2 64 bits
and produces a ______________ bit message digest.

7. A _______________ is also a hash function. It takes a variable length input - often an entire
disk file - and reduces it to a small value (typically 128 to 512 bits).

8. A small change in the input results in a message digest algorithm gives _____________
change in the output.

9. MD5 algorithm was developed by _____________________ in year 1991.

10. A valid ______________ gives a recipient reason to believe that the message was created by
a known sender, and that it was not altered in transit.

B. Frequently Asked Questions (FAQs)

1. The process of verifying the integrity and authenticity of transmitted messages is called

a) Message Authentication

b) Message Integrity

c) Message Inspection

d) None of these

2. There are various aspects of message authentication as

a) Protecting the integrity

b) Validating the identity

c) Non repudiation of origin

d) All of the above

Copyright © 2018-19 by Dr. Himanshu Gupta


115 | P a g e Network Security & Cryptography

3. The message authentication function includes

a) Message Encryption

b) MAC

c) Hash Function

d) All of the above

4. Which function is a public function that maps a message of any length into a fixed length hash
value which serves as its authenticator?

a) MAC

b) Symmetric

c) Hash

d) None of these

5. Which is a family of cryptographic hash functions published by the National Institute of


Standards and Technology (NIST)?

a) SHA

b) MAC

c) MD5

d) RSA

6. Which version of hash function chosen in a public review process from non-government
designers?

a) SHA-0

b) SHA-1

c) SHA-2

Copyright © 2018-19 by Dr. Himanshu Gupta


116 | P a g e Network Security & Cryptography

d) SHA-3

7. Which algorithm is nothing more than a number - a special number that is effectively a hash
code produced by a function that is very difficult to reverse?

a) SHA

b) Message Digest

c) MAC

d) None of these

8. Which version of message-digest algorithm takes as input a message of arbitrary length and
produces as output a 128-bit "fingerprint" or "message digest" of the input?

a) MD2

b) MD4

c) MD5

d) None of these

9. Which attack is a type of cryptographic attack that exploits the mathematics behind the
birthday problem in probability theory?

a) Brute Force Attack

b) Birthday Attack

c) Cryptanalysis

d) None of these

10. Which scheme typically consists of three algorithms as key generation, signing algorithm and
signature verification?

a) Digital Signature

Copyright © 2018-19 by Dr. Himanshu Gupta


117 | P a g e Network Security & Cryptography

b) MD5

c) RSA

d) SHA

Copyright © 2018-19 by Dr. Himanshu Gupta


118 | P a g e Network Security & Cryptography

UNIT – V
Key Management

1. Key management in Symmetric Encryption

In this method the key distribution center which is a highly trusted organization generates the
secret keys to be used by two communicating entities. Following steps take place for key
distribution:

1. The initiator A has to establish a data transfer session with B. Hence A sends a request
message to KDC. Along with the request message a nonce N1 is added which can be a time
stamp or any counter number depending on the application.
2. KDC responds by a message encrypted using the secret key shared between KDC and A and
another message encrypted using the secret key shared between KDC and B.
The first message contains a secret key Ks to be used for communication message along with
a copy of the request message sent by A so that A can verify that the message did not get
modified during transit.
The other message contains the secret key Ks along with identity of A and it is encrypted
using the key shared between KDC and B so that once B receives this message it trusts the
key source.

Copyright © 2018-19 by Dr. Himanshu Gupta


119 | P a g e Network Security & Cryptography

3. A extracts the second part of the message and sends it to B.


4. B derives the key and sends an encrypted nonce to A.
5. A decrypts the nonce N2 and sends it to B so that the identity of A is authenticated to B.

2. Key management in Public Key Encryption

There are two main aspects of key management-

• Distribution of public keys


• Use of public key encryption to distribute secret keys

Distribution of public keys:

1. Public announcement of public keys:

In this method each user distributes public keys to recipients or broadcast them to the entire
community.

The drawback of this method is forgery.

Suppose X is an attacker and he sends following message to B and C after blocking the message
from A.

X to B & C : [IDA, KUX]

Copyright © 2018-19 by Dr. Himanshu Gupta


120 | P a g e Network Security & Cryptography

So here X is sending his public key pretending to be A and can masquerade until discovered by
A. Hence in method anyone can create a key claiming to be someone else and broadcast it.

2. Publicly available directory:

- In this method, the public keys are registered with a public directory. This assures greater
security to the keys.
- The directory must be trusted with following properties:
1. It should contain the name and public key entries in the form {IDX, KUX}.
2. The participants should register securely with the directory.
3. The directory should be periodically published.
4. The directory should be electronically accessible.

3. Public key authority:


In this method highly trusted public key authority controls the distribution of keys. The
public key authority provides all the functionalities of the directory. All the communicating
entities interact with the directory to obtain public keys. The only requirement of this method
is real time access to the directory.

Following figure shows the key distribution procedure by public key authority:

Copyright © 2018-19 by Dr. Himanshu Gupta


121 | P a g e Network Security & Cryptography

The key distribution takes place in the following steps:

1. A PKA: Request || T1
The initiator A sends a message to public key authority containing a request for current
public key of B and a time stamp T1. Time stamp is used to prevent replay attacks.

2. PKA A: EKRAUTH [KUB || Request|| T1]


The authority responds with a message that is encrypted using its private key KRAUTH. This
message contains the public of B and the original message that was sent by A to public key
authority. The original message is sent back to A so that A can verify the message for any
modification or replay attacks.

The message is encrypted using the private key of the authority to authenticate the public key
authority and prevent masquerade attacks.

3. A B: EKUB[IDA || N1]
A stores the public key of B and encrypts a message using this key and sends it to B. This
message contains the identity of A and a nonce N1 which serves as an identifier to the
message.

4. B PKA: Request || T2
B sends a message to public key authority requesting the public key of A. This message
contains the identity of A and a time stamp T2.

Copyright © 2018-19 by Dr. Himanshu Gupta


122 | P a g e Network Security & Cryptography

5. PKA B: EKRAUTH[KUA || Request || T2]


The public key authority responds by sending a message with KRAUTH containing the
public key of A and the original request message along with the time stamp.

6. B A: EKUA[N1 || N2]
B sends a message to A after encrypting the message with the public key of A in response to
message (3). This message contains the original nonce N1 along with a new nonce N2. The
original nonce is sent back to A so that A is assured of the identity of B. Since B is sending
the nonce N1 which was encrypted using the public key of B, it is actually B with whom A is
communicating as no one else can find N1.

7. A B: EKUB[N1 || N2]
A sends the nonce N2 back to B to authenticate itself.

4. Public key certificates:


Public key certificates allow key exchange without real time access to public key authority.

Following figure shows the key exchange procedure with public key certificates:

A public key certificate binds the identity to public key along with other information such as
period of validity, rights of use etc. All the contents of the certificate are signed by the
certificate authority and therefore it can be verified by anyone who knows the public key of
the certificate authority.

Copyright © 2018-19 by Dr. Himanshu Gupta


123 | P a g e Network Security & Cryptography

Each communicating party sends its public key to the certificate authority securely. For party
A the certificate authority verifies the relevant details and provides a certificate of the form:

CA = EKRAUTH [IDA, KUA]

Similar certificates are given to all the communicating parties after authentication.

All the communicating parties exchange the certificates instead of exchanging the public
keys.

Whenever a party receives a certificate from another party, it will obtain the public key of the
sender by decrypting the certificate using the public key of the certificate. If the certificate is
successfully decrypted with the public key of the certificate authority, the sender of the
certificate is authenticated.

3. Diffie-Hellman Key Exchange

The 1st published public-key algorithm was invented by Whitfield Diffie and Martin Hellman in
1976 and is generally referred to as Diffie-Hellman key exchange. The purpose of the algorithm
is to enable two users to exchange a key securely that can then be used for subsequent encryption
of messages. The algorithm itself is limited to exchange of the keys.

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing
discrete logarithms. Briefly, we can define the discrete logarithm as follows. First, we define a
primitive root of a prime number p as one whose powers generate all the integers from 1 to p-1.
That is, if a is a primitive root of the prime number p, then the numbers

a mod p, a2 mod p, .., ap-1 mod p

are distinct and consist of the integers from 1 through p-1 in some permutation. For any integer b
and a primitive root a of prime number p, we can find a unique exponent i such that

b  a i mod p,0  i  p .

The exponent i is referred to as the discrete logarithm, or index of b for the base a, mod p. This
value is denoted as inda,p(b). Diffie-Hellman key exchange is summarized in Figure:

Copyright © 2018-19 by Dr. Himanshu Gupta


124 | P a g e Network Security & Cryptography

Because XA and XB are private, the opponent is forced to take a discrete logarithm to determine
the key. For example, attacking the secret key of user B, the opponent must compute

X B  ind  ,q (YB )

The opponent then can calculate the key K in the same manner as user B calculates it. For large
primes, such an attack is considered infeasible.

Copyright © 2018-19 by Dr. Himanshu Gupta


125 | P a g e Network Security & Cryptography

4. X.509 Certificate

An X.509 certificate binds a name to a public key value. The role of the certificate is to associate
a public key with the identity contained in the X.509 certificate.

Integrity of the public key

Authentication of a secure application depends on the integrity of the public key value in the
application’s certificate. If an impostor replaces the public key with its own public key, it can
impersonate the true application and gain access to secure data.

To prevent this type of attack, all certificates must be signed by a certification authority (CA). A
CA is a trusted node that confirms the integrity of the public key value in a certificate.

Digital Signatures

A CA signs a certificate by adding its digital signature to the certificate. A digital signature is a
message encoded with the CA’s private key. The CA’s public key is made available to
applications by distributing a certificate for the CA. Applications verify that certificates are
validly signed by decoding the CA’s digital signature with the CA’s public key.

Illustration of X.509 Certificate

Copyright © 2018-19 by Dr. Himanshu Gupta


126 | P a g e Network Security & Cryptography

The contents of an X.509 certificate

An X.509 certificate contains information about the certificate subject and the certificate issuer
(the CA that issued the certificate). A certificate is encoded in Abstract Syntax Notation One
(ASN.1), a standard syntax for describing messages that can be sent or received on a network.

The role of a certificate is to associate an identity with a public key value. A certificate includes:

• Version number: The certificate version.

Note Different versions (version 1, 2, and 3) of X.509 certificates have evolved over
time, to provide additional security and attributes that are bound to the certificate.

• Serial number: A unique identifier for the certificate.

• Signature algorithm ID: The algorithm used to create the digital signature.
• Issuer name: The name of the certificate issuer.
• Validity period: The period during which the certificate is valid. (This is typically set to
be approximately one year.)
• Subject name: The name of the subject represented by the certificate. (The subject of a
certificate is typically a person, an organization, or a Web/application server.)
• Subject public key information: The public key algorithm.
• Issuer unique identifier: The identifier for the issuer.
• Subject unique identifier: The identifier for the subject.
• Extensions: Extensions that can be used to store additional information, such as
KeyUsage or AlternativeNames.
• Signed hash of the certificate data: The hash of the preceding fields encrypted using the
issuer's private key, which results in a digital signature.

5. Public Key Infrastructure (PKI)

PKI is a security architecture that has been introduced to provide an increased level of
confidence for exchanging information over an increasingly insecure Internet.

Copyright © 2018-19 by Dr. Himanshu Gupta


127 | P a g e Network Security & Cryptography

PKI is a methods, technologies and techniques that together provide a secure infrastructure. On
the other hand, PKI may mean the use of a public key and private key pair for authentication and
proof of content. A PKI infrastructure is expected to offer its users the following benefits:

• certainty of the quality of information sent and received electronically


• certainty of the source and destination of that information
• assurance of the time and timing of that information (providing the source of time is
known)
• certainty of the privacy of that information
• assurance that the information may be introduced as evidence in a court or law

These facilities are delivered using a mathematical technique called public key cryptography,
which uses a pair of related cryptographic keys to verify the identity of the sender (signing)
and/or to ensure privacy (encryption).

PKI can also be used to deliver cryptographic keys between users (including devices such as
servers) securely, and to facilitate other cryptographically delivered security services.

5.1 PKI methods for storing Public Keys and Private Keys

Digital certificates

Public keys are stored within digital certificates along with other relevant information (user
information, expiration date, usage, who issued the certificate etc.). The CA enters the
information contained within the certificate when it is issued and this information cannot be
changed. Since the certificate is digitally signed and all the information in it is intended to be
publicly available there is no need to prevent access to reading it, although you should prevent
other users from corrupting, deleting or replacing it.

Protection

If someone gains access to your computer they could easily gain access to your private key(s).
For this reason, access to a private key is generally protected with a password of your choice.
Private Key passwords should never be given to anyone else and should be long enough so that

Copyright © 2018-19 by Dr. Himanshu Gupta


128 | P a g e Network Security & Cryptography

they are not easily guessed. If someone has your PIN then they can take your money and you
can't stop them.

Different vendors often use different and sometimes proprietary storage formats for storing keys.
For example, Entrust uses the proprietary .epf format, while VeriSign, GlobalSign, and
Baltimore use the standard .p12 format for storing keys to enhance the security.

5.2 The components of a PKI

A PKI (public key infrastructure) is created by combining a number of services and technologies:

1) Certification authority (CA)

The CA takes responsibility for identifying (to a stated extent) the correctness of the identity of
the person asking for a certificate to be issued, and ensures that the information contained within
the certificate is correct and digitally signs it.

Generating key pairs

The CA may generate a public key and a private key (a key pair) or the person applying for a
certificate may have to generate their own key pair and send a signed request containing their
public key to the CA for validation.

Issuing digital certificates

Unless you generate your own certificate, you will generally have to purchase one from a CA.
Before a CA issues you with a certificate they will make various checks to prove that you are
who you say you are.

Using Certificates

An individual may have any number of certificates issued by any number of CAs. Different
Web applications may insist that you use certificates issued only by certain CAs. For example,
a bank may insist that you use a certificate issued by them in order to use their services, whereas
a public Web site may accept any certificate you offer.

Copyright © 2018-19 by Dr. Himanshu Gupta


129 | P a g e Network Security & Cryptography

Verifying certificates

The public key certificate is signed by the CA to prevent its modification or falsification. This
signature is also used when checking that the public key is still valid. Certificate validation
occurs automatically using the appropriate public certificate contained within the root CA list.

2) Revocation

Where a system relies upon publishing certificates so that people are able to communicate with
each other, there has to be a system for letting people knows when certificates are no longer
valid. It can be done in one of two ways. Certificates can be deleted from the Directory or
database in which they should be found. As a result, any attempt to find them to check that they
still exist will fail and anyone looking for them would know that they have been revoked.

As a result, a system of revocation lists has been developed that exists outside the Directory or
database. This is a list of certificates that are no longer valid (for whatever reason), equivalent
to a lost or stolen ATM card list. There are currently two different methods for checking for
certificate revocation - 'CRL' or 'OCSP'. Revocation lists may be publicly available even when
the matching Directory or database is not.

3) Registration Authority (RA)


A CA may use a third-party Registration Authority (RA) to perform the necessary checks on the
person or company requesting the certificate to ensure that they are who they say they are. That
RA may appear to the certificate requestor as a CA, but they do not actually sign the certificate.

4) Certificate publishing methods

One of the fundamentals of PKI systems is the need to publish certificates so that users can find
them. There are two ways of achieving this. One is to publish certificates in the equivalent of an
electronic telephone directory. The other is to send your certificate out to those people you
think might need it by one means or another.

Copyright © 2018-19 by Dr. Himanshu Gupta


130 | P a g e Network Security & Cryptography

An Overview of PKI

5) Certificate Management System

It refers to the management system through which certificates are published, temporarily or
permanently suspended, renewed or revoked. Certificate management systems do not normally
delete certificates because it may be necessary to prove their status at a point in time, perhaps for
legal reasons. A Certificate Authority (and perhaps an RA) will run certificate management
systems to be able to keep track of their responsibilities and liabilities.

Copyright © 2018-19 by Dr. Himanshu Gupta


131 | P a g e Network Security & Cryptography

A. Fill in the Blanks:

1. In Key Management, the _______________ is a highly trusted organization generates the


secret keys to be used by two communicating entities.

2. The public key authority provides all the _________________ of the directory.

3. A public key certificate binds the identity to ________________ along with other information
such as period of validity, rights of use etc.

4. The purpose of the key exchange algorithm is to enable two users to ______________ a key
securely that can then be used for subsequent encryption of messages.

5. A CA is a trusted node that confirms the _____________ of the public key value in a
certificate.

6. PKI is a methods, technologies and techniques that together provide a __________


infrastructure.

7. Entrust uses the proprietary .epf format, while VeriSign, GlobalSign, and Baltimore use the
standard _________________ format for storing keys to enhance the security.

8. An X.509 certificate contains information about the certificate subject and the _______________ .

9. A digital signature is a message encoded with the CA’s _________________ key.

10. The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing
__________________.

B. Frequently Asked Questions (FAQs)

1. Which management has two main aspects of distribution of public keys and use of public key
encryption to distribute secret keys?

Copyright © 2018-19 by Dr. Himanshu Gupta


132 | P a g e Network Security & Cryptography

a) Key Management

b) Protocol Management

c) Distribution Management

d) None of these

2. Which certificates allow key exchange without real time access to public key authority?

a) Public Key Certificates

b) Private Key Certificates

c) Digital Certificates

d) All of the above

3. The 1st published public-key algorithm was invented by Whitfield Diffie and Martin Hellman
in 1976. Which name was referred to this algorithm?

a) Whitfield-Martin key exchange

b) Diffie-Hellman key sharing

c) Whitfield-Martin key generation

d) Diffie-Hellman key exchange.

4. Which key is associated with the identity contained in the X.509 certificate?

a) Private Key

b) Public Key

c) Symmetric Key

d) None of these

5. Who signs a certificate by adding its digital signature to the X.509 certificate?

Copyright © 2018-19 by Dr. Himanshu Gupta


133 | P a g e Network Security & Cryptography

a) Key Distribution Authority

b) KDC

c) Certification Authority (CA)

d) Certification Agent (CA)

6. A certificate includes the various informations as

a) Issuer Name

b) Version Number

c) Subject Name

d) All of the above

7. Which is a security architecture that has been introduced to provide an increased level of
confidence for exchanging information over an increasingly insecure Internet?

a) PKI

b) Digital Signature

c) X.509

d) None of these

8. Which is a component of PKI (public key infrastructure)?

a) Certification authority

b) Registration authority

c) Certification Management system

d) All of the above

9. Which third-party authority is used by CA to perform the necessary checks on the person or
company requesting the certificate to ensure that they are who they say they are?

Copyright © 2018-19 by Dr. Himanshu Gupta


134 | P a g e Network Security & Cryptography

a) Registration Authority (RA)

b) Publication Authority

c) Distribution Authority

d) None of these

10. Who may generate a public key and a private key (a key pair) or the person applying for a
certificate may have to generate their own key pair and send a signed request containing their
public key to the CA for validation?

a) Key Distribution Authority

b) KDC

c) Certification Authority (CA)

d) Certification Agent (CA)

Copyright © 2018-19 by Dr. Himanshu Gupta


135 | P a g e Network Security & Cryptography

UNIT – VI
Web Security

1. Authentication Applications

1.1 Kerberos

Kerberos is a network authentication protocol. It is designed to provide strong authentication


for client/server applications by using secret-key cryptography. A free implementation of this
protocol is available from the Massachusetts Institute of Technology. Kerberos is available in
many commercial products as well.

Kerberos was created by MIT as a solution to these network security problems. The
Kerberos protocol uses strong cryptography so that a client can prove its identity to a server
(and vice versa) across an insecure network connection. After a client and server has used
Kerberos to prove their identity, they can also encrypt all of their communications to assure
privacy and data integrity as they go about their business.

An illustration of processes in Kerberos

Copyright © 2018-19 by Dr. Himanshu Gupta


136 | P a g e Network Security & Cryptography

Kerberos is freely available from MIT, under copyright permissions very similar those used
for the BSD operating system and the X Window System. MIT provides Kerberos in source
form so that anyone who wishes to use it may look over the code for themselves and assure
themselves that the code is trustworthy.

Some important facts of Kerberos may be described as:

❖ Kerberos provides

o strong security on physically insecure network

o a centralized authentication server which authenticates

▪ Users to servers

▪ Servers to users

❖ It relies on conventional encryption rather than public-key encryption

Why Kerberos is needed?

Problem: Not trusted workstation to identify their users correctly in an open distributed
environment

3 Threats:

– Pretending to be another user from the workstation

– Sending request from the impersonated workstation

– Replay attack to gain service or disrupt operations

Solution:

– Building elaborate authentication protocols at each server

– A centralized authentication server (Kerberos)

Copyright © 2018-19 by Dr. Himanshu Gupta


137 | P a g e Network Security & Cryptography

Requirements for KERBEROS

➢ Secure:

o An opponent does not find it to be the weak link

➢ Reliable:

o The system should be able to back up another

➢ Transparent:

o An user should not be aware of authentication

➢ Scalable:

o The system supports large number of clients and severs

Versions of KERBEROS

Two versions are in common use

– Version 4 is most widely used version

– Version 4 uses of DES

– Version 5 corrects some of the security deficiencies of Version 4

– Version 5 has been issued as a draft Internet Standard (RFC 1510)

Strengths of Kerberos:

➢ User's passwords are never sent across the network, encrypted or in plain text
➢ Secret keys are only passed across the network in encrypted form
➢ Client and server systems mutually authenticate
➢ It limits the duration of their users' authentication.
➢ Authentications are reusable and durable
➢ Kerberos has been scrutinized by many of the top programmers, cryptologists and
security experts in the industry

Copyright © 2018-19 by Dr. Himanshu Gupta


138 | P a g e Network Security & Cryptography

2. E-mail Security

2.1 Pretty Good Privacy (PGP)

PGP One of the most successful of these involves a system called Pretty Good Privacy (PGP).
PGP was developed by Phil Zimmerman, who developed this encryption system for
humanitarian reasons. In 1991, he published the encryption system on the Internet. His stated
objective was to preserve privacy and protect citizens from oppressive governments. Since its
release, PGP has become a de facto standard for e-mail encryption.

Pretty Good Privacy (PGP) is a freeware e-mail encryption system. PGP was first introduced in
the early 1990s, and it is considered to be a very good system. It is widely used for e-mail
security.

PGP combines some of the best features of both conventional and public key cryptography. PGP
is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the
plaintext. Data compression saves modem transmission time and disk space and, more
importantly, strengthens cryptographic security. Most cryptanalysis techniques exploit patterns
found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext,
thereby greatly enhancing resistance to cryptanalysis.

PGP then creates a session key, which is a one-time-only secret key. This key is a random
number generated from the random movements of your mouse and the keystrokes you type. This
session key works with a very secure, fast conventional encryption algorithm to encrypt the
plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to
the recipient's public key. This public key-encrypted session key is transmitted along with the
ciphertext to the recipient. Decryption works in the reverse. The recipient's copy of PGP uses his
or her private key to recover the temporary session key, which PGP then uses to decrypt the
conventionally-encrypted ciphertext.

PGP uses both symmetrical and asymmetrical systems as a part of its process. Following figure
provides an overview of how the various components of a PGP process work together to provide
security.

Copyright © 2018-19 by Dr. Himanshu Gupta


139 | P a g e Network Security & Cryptography

The PGP encryption system

2.2 Secure MIME (S/MIME)

S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail
that uses the Rivest-Shamir-Adleman encryption system. S/MIME is included in the latest
versions of the Web browsers from Microsoft and Netscape and has also been endorsed by other
vendors that make messaging products. RSA has proposed S/MIME as a standard to the Internet
Engineering Task Force (IETF).

S/MIME provides the following cryptographic security services for electronic messaging
applications: authentication, message integrity, non-repudiation of origin (using digital
signatures), privacy and data security (using encryption).

S/MIME is an extension of MIME that supports secure mail. It enables message originators to
digitally sign email messages to provide proof of message origin and data integrity. It also
enables messages to be transmitted in encrypted format to provide confidential communications.

Following figure illustrates the message encryption and decryption process. The four main steps
detailed in the illustration are as follows:

Copyright © 2018-19 by Dr. Himanshu Gupta


140 | P a g e Network Security & Cryptography

1. Message is encrypted with session key.


2. Session key is encrypted with recipient’s public key.
3. After encrypted message is received, recipient decrypts session key with the recipient’s
private key.
4. Message is decrypted with session key.

S/MIME Message Encryption and Decryption Process

3. IP Security (IPSec)

Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication session.
IPSec also includes protocols for establishing mutual authentication between agents at the
beginning of the session and negotiation of cryptographic keys to be used during the session.

Copyright © 2018-19 by Dr. Himanshu Gupta


141 | P a g e Network Security & Cryptography

IPSec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol
Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a
pair of security gateways (network-to-network), or between a security gateway and a host
(network-to-host).

Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL),
Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the
TCP/IP model.

An IPSec Scenario

In December 1993, the experimental of IP Security was researched at Columbia University and
AT&T Bell Labs. In July 1994, Wei Xu at Trusted Information Systems continued this research.
After several months, the research was completed successfully on BSDI system. By exploring
the Crypto cards from German, Wei Xu further developed an automated device driver, known as
plug-and-play today. In December 1994, it was the first time in production for securing some of
remote sites between east and west coastal states of the United States.

Another IP Security Protocol was developed in 1995 at the Naval Research Laboratory as part of
a DARPA-sponsored research project. ESP was originally derived from the SP3D protocol. The

Copyright © 2018-19 by Dr. Himanshu Gupta


142 | P a g e Network Security & Cryptography

SP3D protocol specification was published by NIST, but designed by the Secure Data Network
System project of the National Security Agency (NSA), AH is derived in part from previous
IETF standards work for authentication of the Simple Network Management Protocol (SNMP).

3.1 Security Architecture

The IPsec suite is an open standard. IPsec uses the following protocols to perform various
functions:

• Authentication Headers (AH) provide connectionless integrity and data origin


authentication for IP datagrams and provides protection against replay attacks.

• Encapsulating Security Payloads (ESP) provide confidentiality, data-origin


authentication, connectionless integrity, an anti-replay service (a form of partial sequence
integrity), and limited traffic-flow confidentiality.

• Security Associations (SA) provide the bundle of algorithms and data that provide the
parameters necessary to operate the AH and/or ESP operations. The Internet Security
Association and Key Management Protocol (ISAKMP) provides a framework for
authentication and key exchange.

3.11 Authentication Header

Authentication Header (AH) is a member of the IPSec protocol suite. AH guarantees


connectionless integrity and data origin authentication of IP packets. Further, it can optionally
protect against replay attacks by using the sliding window technique and discarding old packets.

• In IPv4, the AH protects the IP payload and all header fields of an IP datagram except for
mutable fields (i.e. those that might be altered in transit), and also IP options such as the
IP Security Option. Mutable (unauthenticated) IPv4 header fields are DSCP, Flags,
Fragment Offset, TTL and Header Checksum.
• In IPv6, the AH protects the most of the IPv6 base header, AH itself, non-mutable
extension headers after the AH, and the IP payload. Protection for the IPv6 header
excludes the mutable fields: DSCP, ECN, Flow Label, and Hop Limit.

Copyright © 2018-19 by Dr. Himanshu Gupta


143 | P a g e Network Security & Cryptography

AH operates directly on top of IP, using IP protocol number 51.

An Authentication Header

Next Header (8 bits)

Type of the next header, indicating what upper-layer protocol was protected. The value is
taken from the list of IP protocol numbers.

Payload Len (8 bits)

The length of this Authentication Header in 4-octet units, minus 2 (a value of 0 means 8
octets, 1 means 12 octets, etcetera). Although the size is measured in 4-octet units, the
length of this header needs to be a multiple of 8 octets if carried in an IPv6 packet. This
restriction does not apply to an Authentication Header carried in an IPv4 packet.

Reserved (16 bits)

Reserved for future use (all zeroes until then).

Security Parameters Index (32 bits)

Arbitrary value which is used (together with the destination IP address) to identify the
security association of the receiving party.

Copyright © 2018-19 by Dr. Himanshu Gupta


144 | P a g e Network Security & Cryptography

Sequence Number (32 bits)

A monotonic strictly increasing sequence number (incremented by 1 for every packet


sent) to prevent replay attacks. When replay detection is enabled, sequence numbers are
never reused because a new security association must be renegotiated before an attempt
to increment the sequence number beyond its maximum value.

Integrity Check Value (multiple of 32 bits)

Variable length check value. It may contain padding to align the field to an 8-octet
boundary for IPv6, or a 4-octet boundary for IPv4.

3.12 Encapsulating Security Payload

Encapsulating Security Payload (ESP) is a member of the IPSec protocol suite. In IPSec it
provides origin authenticity, integrity, and confidentiality protection of packets. ESP also
supports encryption-only and authentication-only configurations, but using encryption without
authentication is strongly discouraged because it is insecure. Unlike Authentication Header
(AH), ESP in transport mode does not provide integrity and authentication for the entire IP
packet. However, in Tunnel Mode, where the entire original IP packet is encapsulated with a new
packet header added, ESP protection is afforded to the whole inner IP packet while the outer
header remains unprotected. ESP operates directly on top of IP, using IP protocol number 50.

Encapsulating Security Payload Format

Copyright © 2018-19 by Dr. Himanshu Gupta


145 | P a g e Network Security & Cryptography

Security Parameters Index (32 bits)

Arbitrary value used (together with the destination IP address) to identify the security
association of the receiving party.

Sequence Number (32 bits)

A monotonically increasing sequence number (incremented by 1 for every packet sent) to


protect against replay attacks. There is a separate counter kept for every security
association.

Payload data (variable)

The protected contents of the original IP packet, including any data used to protect the
contents (e.g. an Initialization Vector for the cryptographic algorithm). The type of
content that was protected is indicated by the Next Header field.

Padding (0-255 octets)

Padding for encryption, to extend the payload data to a size that fits the encryption's
cipher block size, and to align the next field.

Pad Length (8 bits)

Size of the padding (in octets).

Next Header (8 bits)

Type of the next header. The value is taken from the list of IP protocol numbers.

Integrity Check Value (multiple of 32 bits)

Variable length check value. It may contain padding to align the field to an 8-octet
boundary for IPv6, or a 4-octet boundary for IPv4.

3.13 Security Association

The IP security architecture uses the concept of a security association as the basis for building
security functions into IP. A security association is simply the bundle of algorithms and

Copyright © 2018-19 by Dr. Himanshu Gupta


146 | P a g e Network Security & Cryptography

parameters (such as keys) that is being used to encrypt and authenticate a particular flow in one
direction. Therefore, in normal bi-directional traffic, the flows are secured by a pair of security
associations.

Security associations are established using the Internet Security Association and Key
Management Protocol (ISAKMP). ISAKMP is implemented by manual configuration with pre-
shared secrets, Internet Key Exchange (IKE and IKEv2), and the use of IPSECKEY DNS
records.

In order to decide what protection is to be provided for an outgoing packet, IPSec uses the
Security Parameter Index (SPI), an index to the security association database (SADB), along
with the destination address in a packet header, which together uniquely identify a security
association for that packet. A similar procedure is performed for an incoming packet, where
IPSec gathers decryption and verification keys from the security association database.

For multicast, a security association is provided for the group, and is duplicated across all
authorized receivers of the group. There may be more than one security association for a group,
using different SPIs, thereby allowing multiple levels and sets of security within a group. Indeed,
each sender can have multiple security associations, allowing authentication, since a receiver can
only know that someone knowing the keys sent the data.

3.2 Modes of Operation in IPSec

IPSec can be implemented in a host-to-host transport mode, as well as in a network tunnel mode.

Transport Mode

In transport mode, only the payload of the IP packet is usually encrypted and/or authenticated.
The routing is intact, since the IP header is neither modified nor encrypted; however, when the
authentication header is used, the IP addresses cannot be translated, as this will invalidate the
hash value. The transport and application layers are always secured by hash, so they cannot be
modified in any way.

Copyright © 2018-19 by Dr. Himanshu Gupta


147 | P a g e Network Security & Cryptography

Tunnel Mode

In tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated
into a new IP packet with a new IP header. Tunnel mode is used to create virtual private
networks for network-to-network communications (e.g. between routers to link sites), host-to-
network communications (e.g. remote user access), and host-to-host communications (e.g.
private chat).

4. Secure Socket Layer (SSL)

The SSL protocol was originally developed by Netscape, to ensure security of data transported
and routed through HTTP, LDAP or POP3 application layers. SSL is designed to make use of
TCP as a communication layer to provide a reliable end-to-end secure and authenticated
connection between two points over a network (for example between the service client and the
server). This SSL can be used for protection of data in transit in situations related to any network
service, it is used mostly in HTTP server and client applications. Today, almost each available
HTTP server can support an SSL session, whilst IE or Netscape Navigator browsers are provided
with SSL-enabled client software.

SSL between application protocols and TCP/IP

4.1 SSL Objectives and architecture

The main objectives for SSL are:

• Authenticating the client and server to each other: the SSL protocol supports the use of
standard key cryptographic techniques (public key encryption) to authenticate the
communicating parties to each other. Though the most frequent application consists in

Copyright © 2018-19 by Dr. Himanshu Gupta


148 | P a g e Network Security & Cryptography

authenticating the service client on the basis of a certificate, SSL may also use the same
methods to authenticate the client.
• Ensuring data integrity: during a session, data cannot be either intentionally or
unintentionally tampered with.
• Securing data privacy: data in transport between the client and the server must be
protected from interception and be readable only by the intended recipient. This
prerequisite is necessary for both the data associated with the protocol itself (securing
traffic during negotiations) and the application data that is sent during the session itself.

SSL is in fact not a single protocol but rather a set of protocols that can additionally be
further divided in two layers:

1. the protocol to ensure data security and integrity: this layer is composed of the SSL
Record Protocol,
2. the protocols that are designed to establish an SSL connection: three protocols are used in
this layer: the SSL Handshake Protocol, the SSL ChangeCipher SpecPprotocol and the
SSL Alert Protocol.

The SSL protocol stack is illustrated in following Figure:

The SSL protocol stack

SSL uses these protocols to address the tasks as described above. The SSL record protocol is
responsible for data encryption and integrity. This protocol is also used to encapsulate data sent
by other SSL protocols, and therefore, it is also involved in the tasks associated with the SSL
check data. The other three protocols cover the areas of session management, cryptographic
parameter management and transfer of SSL messages between the client and server.

Copyright © 2018-19 by Dr. Himanshu Gupta


149 | P a g e Network Security & Cryptography

SSL Session and Connection

The concepts as mentioned above are fundamental for a connection between the client and the
server, and they also encompass a series of attributes. Let’s try to give some more details:

• Connection: this is a logical client/server link, associated with the provision of a suitable
type of service. In SSL terms, it must be a peer-to-peer connection with two network
nodes.
• Session: this is an association between a client and a server that defines a set of parameters
such as algorithms used, session number etc. An SSL session is created by the Handshake
Protocol that allows parameters to be shared among the connections made between the
server and the client, and sessions are used to avoid negotiation of new parameters for
each connection. This means that a single session is shared among multiple SSL
connections between the client and the server.

The SSL Record Protocol

The SSL record protocol involves using SSL in a secure manner and with message integrity
ensured. To this end it is used by upper layer SSL protocols. The purpose of the SSL record
protocol is to take an application message to be transmitted, fragment the data which needs to be
sent, encapsulate it with appropriate headers and create an object just called a record, which is
encrypted and can be forwarded for sending under the TCP protocol.

The SSL record protocol is used to transfer any data within a session - both messages and other
SSL protocols (for example the handshake protocol), as well as for any application data.

The Alert Protocol

The Alert Protocol is used by parties to convey session messages associated with data exchange
and functioning of the protocol. Each message in the alert protocol consists of two bytes. The
first byte always takes a value, “warning” (1) or “fatal” (2) , that determines the severity of the
message sent. Sending a message having a „fatal” status by either party will result in an

Copyright © 2018-19 by Dr. Himanshu Gupta


150 | P a g e Network Security & Cryptography

immediate termination of the SSL session. The next byte of the message contains one of the
defined error codes, which may occur during an SSL communication session.

The Change Cipher Spec protocol

This protocol is the simplest SSL protocol. It consists of a single message that carries the value
of 1. The sole purpose of this message is to cause the pending session state to be established as a
fixed state, which results, for example, in defining the used set of protocols. This type of
message must be sent by the client to the server and vice versa. After exchange of messages, the
session state is considered agreed. This message and any other SSL messages are transferred
using the SSL record protocol.

The Handshake protocol

The handshake protocol constitutes the most complex part of the SSL protocol. It is used to
initiate a session between the server and the client. Within the message of this protocol, various
components such as algorithms and keys used for data encryption are negotiated. Due to this
protocol, it is possible to authenticate the parties to each other and negotiate appropriate
parameters of the session between them.

The process of negotiations between the client and the server can be divided into 4 phases.
During the first phase, a logical connection must be initiated between the client and the server
followed by the negotiation on the connection parameters. The client sends the server a client
hello message containing data such as:

• Version: The highest SSL version supported by the client,


• Random: data consisting of a 32-bit timestamp and 28 bytes of randomly generated data.
This data is used to protect the key exchange session between the parties of the
connection.
• Session ID: a number that defines the session identifier. A nonzero value of this field
indicates that the client wishes to update the parameters of an existing connection or
establish a new connection on this session. A zero value in this field indicates that the
client wishes to establish a new connection.

Copyright © 2018-19 by Dr. Himanshu Gupta


151 | P a g e Network Security & Cryptography

• CipherSuite: a list of encryption algorithms and key exchange method supported by the
client.

An illustration of process of negotiations between the client and the server

The server, in response to the client_hello message sends a server_hello message, containing the
same set of fields as the client message, placing the following data:

• Version: the lowest version number of the SSL protocol supported by the server,
• random data: the same fashion as used by the client, but the data generated is completely
independent,
• session ID: if the client field was nonzero, the same value is sent back; otherwise the
server’s session ID field contains the value for a new session,

Copyright © 2018-19 by Dr. Himanshu Gupta


152 | P a g e Network Security & Cryptography

• CipherSuite: the server uses this field to send a single set of protocols selected by the
server from those proposed by the client. The first element of this field is a chosen
method of exchange of cryptographic keys between the client and the server. The next
element is the specification of encryption algorithms and hash functions, which will be
used within the session being initiated, along with all specific parameters.

5. Secure Electronic Transaction (SET)

Secure Electronic Transactions (SET) is an open protocol which has the potential to emerge as a
dominant force in the securing of electronic transactions. Jointly developed by Visa and
MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open
standard for protecting the privacy, and ensuring the authenticity, of electronic transactions.

Secure Electronic Transaction (SET) was a standard protocol for securing credit card
transactions over insecure networks, specifically, the Internet. SET was not itself a payment
system, but rather a set of security protocols and formats that enabled users to employ the
existing credit card payment infrastructure on an open network in a secure fashion. However, it
failed to gain traction. VISA now promotes the 3-D Secure scheme.

5.1 Needs of Secure Electronic Transactions (SET)

SET uses a system of locks and keys along with certified account IDs for both consumers and
merchants. Through a unique process of "encrypting" or scrambling the information exchanged
between the shopper and the online store, SET ensures a payment process that is convenient,
private and most of all secure.

SET addresses seven major business requirements:

➢ Establishes industry standards to keep your order and payment information confidential.
➢ Increases integrity for all transmitted data through encryption.
➢ Provides authentication that a cardholder is a legitimate user of a branded payment card
account.

Copyright © 2018-19 by Dr. Himanshu Gupta


153 | P a g e Network Security & Cryptography

➢ Provides authentication that a merchant can accept branded payment card transactions
through its relationship with an acquiring financial institution.
➢ Allows the use of the best security practices and system design techniques to protect all
legitimate parties in an electronic commerce transaction
➢ Create a protocol that neither depends on transport security mechanisms nor prevents
their use.
➢ Facilitate and encourage interoperability among software and network providers

5.2 Key Features of Secure Electronic Transactions (SET)

The following key features of the SET protocol are responsible for its popularity:

➢ Confidentiality of Information. Cardholder information must be secured as it travels


across the network in order to prevent unauthorized access by individuals. SET addresses
this by the use of message encryption to ensure the confidentiality of information.

➢ Integrity of Data. SET must guarantee that the message content is not altered as the
information (e.g., order and payment information, personal data) is transmitted across the
network. SET uses digital signatures to ensure the integrity of payment information.

➢ Cardholder Account Authentication. In order to allow merchants to verify that a


cardholder is a legitimate user of a valid branded payment card account number, SET
uses digital signatures and cardholder certificates.

➢ Merchant Authentication. In order to allow cardholders to authenticate merchants, SET


uses digital signatures and merchant certificates.

➢ Interoperability. SET interoperability uses specific protocols to provide interoperability


of applications developed by various vendors. Therefore, any cardholder with compliant
software must be able to communicate with any merchant software that also meets the
defined standard.

Copyright © 2018-19 by Dr. Himanshu Gupta


154 | P a g e Network Security & Cryptography

5.3 Basic participants of SET

A SET system includes the following participants:

• Cardholder
• Merchant
• Issuer
• Acquirer
• Payment gateway
• Certification authority

Secure Electronic Transaction (SET)

5.4 Processes involved in SET

The sequence of events required for a secure electronic transaction is as follows:

• The customer obtains a credit card account with a bank that supports electronic
payment and SET

Copyright © 2018-19 by Dr. Himanshu Gupta


155 | P a g e Network Security & Cryptography

• The customer receives a X.509v3 digital certificate signed by the bank.


• Merchants have their own certificates

• The customer places an order with the merchant.


• The merchant sends the customer his public key and a copy of his certificate so
that the customer can verify that it's a valid store.
• The customer sends the merchant:
o His certificate.
o His order details encrypted with the merchant's public key
o His bank account details encrypted with the bank's public key.
• The merchant requests payment authorization by sending the bank:
o The payment details encrypted with the bank's public key.
o The customer's bank account details encrypted with the bank's public key.

(Note that the merchant doesn't know the client's payment details.)

• The bank sends the merchant a confirmation encrypted with the merchant's public
key.
• The merchant sends the client the bank's response encrypted with the client's
public key.
• The merchant ships the goods or provides the service to the customer.
• The merchant sends the bank a transaction request encrypted with the bank's
public key.
• The bank transfers the payment to the merchant.

Copyright © 2018-19 by Dr. Himanshu Gupta


156 | P a g e Network Security & Cryptography

A. Fill in the Blanks:

1. Kerberos is designed to provide _________________ for client/server applications by using


secret-key cryptography.

2. Kerberos has been __________________ by many of the top programmers, cryptologists and
security experts in the industry

3. Pretty Good Privacy (PGP) is a freeware _____________ encryption system.

4. S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-


mail that uses the ___________________ encryption system.

5. S/MIME is an extension of _____________ that supports secure mail.

6. Internet Protocol Security (IPSec) is a protocol suite for securing _______________


communications by authenticating and encrypting each IP packet of a communication session.

7. ________________ provide confidentiality, data-origin authentication, connectionless integrity,


an anti-replay service (a form of partial sequence integrity), and limited traffic-flow
confidentiality.

8. Authentication Header (AH) is a member of the _____________ protocol suite.

9. In IPSec ______________ provides origin authenticity, integrity, and confidentiality


protection of packets.

10. ________________ is an open standard for protecting the privacy, and ensuring the
authenticity, of electronic transactions.

B. Frequently Asked Questions (FAQs)

Copyright © 2018-19 by Dr. Himanshu Gupta


157 | P a g e Network Security & Cryptography

1. Which protocol uses strong cryptography so that a client can prove its identity to a server (and
vice versa) across an insecure network connection?

a) Kerberos

b) PGP

c) MIME

d) None of these

2. What are the characteristics of Kerberos?

a) Secure

b) Reliable

c) Transparent

d) All of the above

3. Which authentication protocol was developed by Phil Zimmerman, who developed this
encryption system for humanitarian reasons?

a) Kerberos

b) PGP

c) MIME

d) S/MIME

4. Which protocol provides the cryptographic security services for electronic messaging
applications?

a) Kerberos

b) PGP

c) MIME

Copyright © 2018-19 by Dr. Himanshu Gupta


158 | P a g e Network Security & Cryptography

d) S/MIME

5. Which security scheme is provided by IPSec, operating in the Internet Layer of the Internet
Protocol Suite?

a) End-to-end

b) Point-to-point

c) Segment-to-segment

d) None of these

6. Which member of IPSec protocol suite provides connectionless integrity and data origin
authentication for IP datagram and provides protection against replay attacks?

a) Authentication Headers (AH)

b) Encapsulating Security Payloads (ESP)

c) Security Associations (SA)

d) None of these

7. Which is simply the bundle of algorithms and parameters (such as keys) that is being used to
encrypt and authenticate a particular flow in one direction?

a) Authentication Headers (AH)

b) Encapsulating Security Payloads (ESP)

c) Security Associations (SA)

d) None of these

8. Which protocol was originally developed by Netscape, to ensure security of data transported
and routed through HTTP, LDAP or POP3 application layers?

a) Authentication Headers (AH)

b) Encapsulating Security Payloads (ESP)

Copyright © 2018-19 by Dr. Himanshu Gupta


159 | P a g e Network Security & Cryptography

c) Security Associations (SA)

d) Secure Socket Layer (SSL)

9. Which protocol is used to initiate a session between the server and the client?

a) SSL

b) Handshake Protocol

c) ESP

d) None of these

10. Which protocol has the potential to emerge as a dominant force in the securing of electronic
transactions?

a) Digital Signature

b) SSL

c) ESP

d) Secure Electronic Transactions (SET)

Copyright © 2018-19 by Dr. Himanshu Gupta


160 | P a g e Network Security & Cryptography

UNIT – VII
System Security

1. Introductory Idea of Intrusion

Intrusion is an illegal act of entering, seizing, or taking possession of another's property. It is a


wrongful entry after the determination of a particular extensive area, made before the reversion
has entered. Intrusion attempts is the potential possibility of a deliberate unauthorized attempt to

➢ Access Information
➢ Manipulate Information
➢ Render a system unreliable or unusable.

1.1 Classification of Intrusion

Intrusions can be divided into 6 main types:

• Attempted break-ins, which are detected by atypical behavior profiles or violations of


security constraints.
• Masquerade attacks, which are detected by atypical behavior profiles or violations of
security constraints.
• Penetration of the security control system, which are detected by monitoring for specific
patterns of activity.
• Leakage, which is detected by atypical use of system resources.
• Denial of service, which is detected by atypical use of system resources.

It is very important that the security mechanisms of a system are designed so as to prevent
unauthorized access to system resources and data. However, completely preventing breaches of
security appear, at present, unrealistic. To detect these intrusion attempts so that action may be
taken to repair the damage later. This process is called Intrusion Detection.

Copyright © 2018-19 by Dr. Himanshu Gupta


161 | P a g e Network Security & Cryptography

An Intrusion Detection System (IDS) is a device or software application that monitors network
or system activities for malicious activities or policy violations and produces reports to a
Management Station. Some systems may attempt to stop an intrusion attempt but this is neither
required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS)
are primarily focused on identifying possible incidents, logging information about them, and
reporting attempts.

1.2 Requirement of Intrusion Detection System

Various desirable characteristics have been identified for effective IDS. It must do the following:

• Run continuously without human supervision,


• Be fault tolerant and survivable,
• Resist subversion,
• Impose minimal overhead,
• Observe deviations from normal behavior
• Be easily tailored to a specific network
• Adapt to changes over time, and
• Be difficult to fool.

2. Intrusion Detection Techniques

Intrusion Detection Techniques are divided into various types as:

2.1 Anomaly Detection

Anomaly detection techniques assume that all intrusive activities are necessarily anomalous. This
means that if we could establish a "normal activity profile" for a system, we could, in theory, flag
all system states varying from the established profile by statistically significant amounts as
intrusion attempts. However, if we consider that the set of intrusive activities only intersects the
set of anomalous activities instead of being exactly the same, we find a couple of interesting
possibilities: (1) Anomalous activities that are not intrusive are flagged as intrusive. (2) Intrusive
activities that are not anomalous result in false negatives (events are not flagged intrusive,

Copyright © 2018-19 by Dr. Himanshu Gupta


162 | P a g e Network Security & Cryptography

though they actually are). This is a dangerous problem, and is far more serious than the problem
of false positives.

The main issues in anomaly detection systems thus become the selection of threshold levels so
that neither of the above 2 problems is unreasonably magnified, and the selection of features to
monitor. Anomaly detection systems are also computationally expensive because of the overhead
of keeping track of, and possibly updating several system profile metrics. Some systems based
on this technique are discussed in Section 4 while a block diagram of a typical anomaly detection
system is shown in Figure below.

There have been a few approaches to anomaly intrusion detection systems, some of which are
described below.

2.11 Statistical Approaches

In this method, initially, behavior profiles for subjects are generated. As the system continues
running, the anomaly detector constantly generates the variance of the present profile from the
original one. We note that, in this case, there may be several measures that affect the behavior
profile, like activity measures, CPU time used, number of network connections in a time period,
etc. In some systems, the current profile and the previous profile are merged at intervals, but in
some other systems profile generation is a one time activity.

Advantages:

• The main advantage to statistical systems is that they adaptively learn the behavior of
users; they are thus potentially more sensitive than human experts.

Copyright © 2018-19 by Dr. Himanshu Gupta


163 | P a g e Network Security & Cryptography

Disadvantages:

• These statistical approaches can gradually be trained by intruders so that eventually,


intrusive events are considered normal, false positives and false negatives are generated
depending on whether the threshold is set too low or too high, and relationships between
events are missed because of the insensitivity of statistical measures to the order of
events.

Some problems associated with this technique have been remedied by other methods, including
the method involving Predictive Pattern Generation, which takes past events into account when
analyzing the data.

2.12 Predictive Pattern Generation

This method of intrusion detection tries to predict future events based on the events that have
already occurred. Therefore, we could have a rule

E1 - E2 --> (E3 = 80%, E4 = 15%, E5 = 5%)

This would mean that given that events E1 and E2 have occurred, with E2 occurring after E1,
there is an 80% probability that event E3 will follow, a 15% chance that event E4 will follow and
a 5% probability that event E5 will follow.

Advantages:

There are several advantages to this approach.

• First, rule based sequential patterns can detect anomalous activities that were difficult
with traditional methods.

Copyright © 2018-19 by Dr. Himanshu Gupta


164 | P a g e Network Security & Cryptography

• Second, systems built using this model are highly adaptive to changes. This is because
low quality patterns are continuously eliminated, finally leaving the higher quality
patterns behind.

• Third, it is easier to detect users who try to train the system during its learning period.

• And fourth, anomalous activities can be detected and reported within seconds of
receiving audit events.

2.13 Neural Networks

Another approach taken in intrusion detection systems is the use of neural networks. The idea
here is to train the neural network to predict a user's next action or command. The network is
trained on a set of representative user commands. After the training period, the network tries to
match actual commands with the actual user profile already present in the net. Any incorrectly
predicted events actually measure the deviation of the user from the established profile.

Advantages:

Some advantages of using neural networks are:

• They cope well with noisy data.

• Their success does not depend on any statistical assumption about the nature of the
underlying data.

• They are easier to modify for new user communities.

Disadvantages:

However, they have some disadvantages:

Copyright © 2018-19 by Dr. Himanshu Gupta


165 | P a g e Network Security & Cryptography

• First, a small window will result in false positives while a large window will result in
irrelevant data as well as increase the chance of false negatives.

• Second, the net topology is only determined after considerable trial and error.

• The intruder can train the net during its learning phase.

2.2 Misuse Detection

The concept behind misuse detection schemes is that there are ways to represent attacks in the
form of a pattern or a signature so that even variations of the same attack can be detected. This
means that these systems are not unlike virus detection systems -- they can detect many or all
known attack patterns, but they are of little use for as yet unknown attack methods. An
interesting point to note is that anomaly detection systems try to detect the complement of "bad"
behavior. Misuse detection systems try to recognize known "bad" behavior. The main issues in
misuse detection systems are how to write a signature that encompasses all possible variations of
the pertinent attack, and how to write signatures that do not also match non-intrusive activity. A
block diagram of a typical misuse detection system is shown in Figure below.

Advantages:

• Simplicity and non-intrusiveness (which translate into ease of deployment).

Copyright © 2018-19 by Dr. Himanshu Gupta


166 | P a g e Network Security & Cryptography

Disadvantages:

• Inspecting each packet on the wire is becoming increasingly more difficult with the
recent advances in network and wireless technology in terms of complexity and speed.
• Most intrusion detection systems employ a combination of both techniques, and are often
deployed on the network, on a specific host, or even on an application within a host.

2.21 Expert Systems

These systems are modeled in such a way as to separate the rule matching phase from the action
phase. The matching is done according to audit trail events. IDES follows a hybrid intrusion
detection technique consisting of a misuse detection component as well as an anomaly detection
component. The anomaly detector is based on the statistical approach, and it flags events as
intrusive if they are largely deviant from the expected behavior. To do this, it builds user profiles
based on many different criteria (more than 30 criteria, including CPU and I/O usage, commands
used, local network activity, system errors etc.). These profiles are updated at periodic intervals.
The expert system misuse detection component encodes known intrusion scenarios and attack
patterns. The rule database can be changed for different systems.

Advantages:

• One advantage of the IDES approach is that it has a statistical component as well as an
expert system component. This means that the chances of one system catching intrusions
missed by the other increase.
• Another advantage is the problem's control reasoning is cleanly separated from the
formulation of the solution.

Disadvantages:

• There are some drawbacks to the expert system approach too. For example, the expert
system has to be formulated by a security professional and thus the system is only as
strong as the security personnel who program it. This means that there is a real chance
that expert systems can fail to flag intrusions.

Copyright © 2018-19 by Dr. Himanshu Gupta


167 | P a g e Network Security & Cryptography

2.22 Keystroke Monitoring

This is a very simple technique that monitors keystrokes for attack patterns. Unfortunately the
system has several defects -- features of shells like bash, ksh, and tcsh in which user definable
aliases are present defeat the technique unless alias expansion and semantic analysis of the
commands is taken up. The method also does not analyze the running of a program, only the
keystrokes. This means that a malicious program cannot be flagged for intrusive activities.
Operating systems do not offer much support for keystroke capturing, so the keystroke monitor
should have a hook that analyses keystrokes before sending them on to their intended receiver.
An improvement to this would be to monitor system calls by application programs as well, so
that an analysis of the program's execution is possible.

2.23 Model Based Intrusion Detection

States that certain scenarios are inferred by certain other observable activities. If these activities
are monitored, it is possible to find intrusion attempts by looking at activities that infer a certain
intrusion scenario. The model-based scheme consists of three important modules. The
anticipator uses the active models and the scenario models to try to predict the next step in the
scenario that is expected to occur. A scenario model is a knowledge base with specifications of
intrusion scenarios. The planner then translates this hypothesis into a format that shows the
behavior, as it would occur in the audit trail. It uses the predicted information to plan what to
search for next. The interpreter then searches for this data in the audit trail. The system proceeds
this way, accumulating more and more evidence for an intrusion attempt until a threshold is
crossed; at this point, it signals an intrusion attempt.

This is a very clean approach. Because the planner and the interpreter know what they are
searching for at each step, the large amounts of noise present in audit data can be filtered, leading
to excellent performance improvements. In addition, the system can predict the attacker's next
move based on the intrusion model. These predictions can be used to verify an intrusion
hypothesis, to take preventive measures, or to determine what data to look for next.

However, there are some critical issues related to this system. First, patterns for intrusion
scenarios must be easily recognized. Second, patterns must always occur in the behavior being

Copyright © 2018-19 by Dr. Himanshu Gupta


168 | P a g e Network Security & Cryptography

looked for. And finally, patterns must be distinguishing; they must not be associated with any
other normal behavior.

2.3 Network Based Intrusion Detection

The most obvious location for an intrusion detection system is right on the segment being
monitored. Network-based intrusion detectors insert themselves in the network just like any
other device, except they promiscuously examine every packet they see on the wire.

Advantage:

• Network-based intrusion detection is straightforward to implement and deploy.

Disadvantage:

• Truly shared segments are rare nowadays, which means a single sniffer cannot be relied
to monitor an entire subnet. Instead, detection systems must be integrated in the port of
Ethernet switches (the ones that have visibility into all packets on the wire), which is not
always feasible, even if such a port is available.
• The fact that a single intrusion detection system is servicing the entire segment makes it
an easy target for a DoS attack. Such a system should not contain any user accounts other
than the privileged (root/Administrator) user; host any unnecessary network services;
offer any sort of interactive network access (console access only); or be hosted on an
obscure, proprietary operating system.

2.4 Host Based Intrusion Detection

While network-based intrusion detectors are straightforward to deploy and maintain, there is a
whole class of attacks closely coupled to the target system and extremely hard to fingerprint.
These are the ones that exploit vulnerabilities particular to specific operating systems and
application suites. Only host-based intrusion detection systems (the ones running as an

Copyright © 2018-19 by Dr. Himanshu Gupta


169 | P a g e Network Security & Cryptography

application on a network-connected host) can correlate the complex array of system-specific


parameters that make up the signature of a well-orchestrated attack.

Advantage:

The host-based approach is ideal for those high-availability servers that enterprises rely
on for everyday business. The most prevalent advantage of the host-based approach is its ability
to detect an inside job-that is, an incident where a lawful user is using local host resources in a
manner that violates the company's security policy. This type of offense would be virtually
impossible to unveil with a network-based intrusion detection system; because the user could
have console access to the system, his or her actions would not even traverse the wire.

Disadvantage:

Not all is well in the world of host-based intrusion detection, however: Since these
systems are closely tied to the operating system, they become yet one more application to
maintain and migrate. This is a critical point in an environment where operating system levels
are upgraded often, as the intrusion detection system must be kept up to date for it to work
efficiently. Also, deploying host-based detectors alone will not protect your enterprise against
basic, Network-layer DoS attacks. These limitations withstanding, host-based detection should
be an integral part of your overall intrusion defense.

3. Honeypot : An Intrusion Detection System

In computer terminology, a honey pot is a trap set to detect, deflect, or in some manner
counteract attempts at unauthorized use of information systems. Generally it consists of a
computer, data, or a network site that appears to be part of a network, but is actually isolated and
monitored, and which seems to contain information or a resource of value to attackers.

Types of Honeypot

Honeypots can be classified based on their deployment and based on their level of involvement.
Based on deployment, honeypots may be classified as:

Copyright © 2018-19 by Dr. Himanshu Gupta


170 | P a g e Network Security & Cryptography

1. Production Honeypots
2. Research Honeypots

Production Honeypots are easy to use, capture only limited information, and are used primarily
by companies or corporations; Production honeypots are placed inside the production network
with other production servers by an organization to improve their overall state of security.
Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They
give less information about the attacks or attackers than research honeypots do.

Research Honeypots are run to gather information about the motives and tactics of the Blackhat
community targeting different networks. These honeypots do not add direct value to a specific
organization; instead, they are used to research the threats organizations face and to learn how to
better protect against those threats. Research honeypots are complex to deploy and maintain,
capture extensive information, and are used primarily by research, military, or government
organizations.

A typical Honeypot Model

Based on design criteria, honeypots can be classified as

1. Pure Honeypots

Copyright © 2018-19 by Dr. Himanshu Gupta


171 | P a g e Network Security & Cryptography

2. High-interaction Honeypots
3. Low-interaction Honeypots

Pure Honeypots are full-fledged production systems. The activities of the attacker are
monitored using a casual tap that has been installed on the honeypot's link to the network. No
other software needs to be installed. Even though a pure honeypot is useful, stealthiness of the
defense mechanisms can be ensured by a more controlled mechanism.

High-interaction Honeypots imitate the activities of the real systems that host a variety of
services and, therefore, an attacker may be allowed a lot of services to waste his time. According
to recent researches in high interaction honeypot technology, by employing virtual machines,
multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot
is compromised, it can be restored more quickly. In general, high interaction honeypots provide
more security by being difficult to detect, but they are highly expensive to maintain. If virtual
machines are not available, one honeypot must be maintained for each physical computer, which
can be exorbitantly expensive. Example: Honeynet.

Low-interaction Honeypots simulate only the services frequently requested by attackers. Since
they consume relatively few resources, multiple virtual machines can easily be hosted on one
physical system, the virtual systems have a short response time, and less code is required,
reducing the complexity of the security of the virtual systems. Example: Honeyd.

4. Malicious Software

Malicious Software or Malware is a code or software that is specifically designed to damage,


disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or
networks.

There are many different classes of malware that have varying ways of infecting systems and
propagating themselves. Malware can infect systems by being bundled with other programs or
attached as macros to files. Others are installed by exploiting a known vulnerability in an
operating system (OS), network device, or other software, such as a hole in a browser that only
requires users to visit a website to infect their computers. The vast majority, however, are

Copyright © 2018-19 by Dr. Himanshu Gupta


172 | P a g e Network Security & Cryptography

installed by some action from a user, such as clicking an e-mail attachment or downloading a file
from the Internet.

Some of the more commonly known types of malware are viruses, worms, Trojans, bots, back
doors, spyware, and adware. Damage from malware varies from causing minor irritation (such as
browser popup ads), to stealing confidential information or money, destroying data, and
compromising and/or entirely disabling systems and networks.

Malware cannot damage the physical hardware of systems and network equipment, but it can
damage the data and software residing on the equipment. Malware should also not be confused
with defective software, which is intended for legitimate purposes but has errors or bugs.

Classes of Malicious Software

Two of the most common types of malware are viruses and worms. These types of programs are
able to self-replicate and can spread copies of themselves, which might even be modified copies.
To be classified as a virus or worm, malware must have the ability to propagate. The difference
is that a worm operates more or less independently of other files, whereas a virus depends on a
host program to spread itself. These and other classes of malicious software are described below.

4.1 Viruses

A computer virus is a type of malware that propagates by inserting a copy of itself into and
becoming part of another program. It spreads from one computer to another, leaving infections as
it travels. Viruses can range in severity from causing mildly annoying effects to damaging data
or software and causing denial-of-service (DoS) conditions.

Almost all viruses are attached to an executable file, which means the virus may exist on a
system but will not be active or able to spread until a user runs or opens the malicious host file or
program. When the host code is executed, the viral code is executed as well. Normally, the host
program keeps functioning after it is infected by the virus. However, some viruses overwrite
other programs with copies of themselves, which destroys the host program altogether. Viruses

Copyright © 2018-19 by Dr. Himanshu Gupta


173 | P a g e Network Security & Cryptography

spread when the software or document they are attached to is transferred from one computer to
another using the network, a disk, file sharing, or infected e-mail attachments.

Data Attack by Virus

4.1 Types of Virus

There are different types of computer viruses and related security threats in order to determine
how they’re programmed, how they do damage, and how they spread.

1. Boot Sector Virus

The term “boot sector” is a generic name that seems to originally come from MS-DOS but is
now applied generally to the boot information used by any operating system. In modern
computers this is usually called the “master boot record,” and it is the first sector on a partitioned
storage device.

Copyright © 2018-19 by Dr. Himanshu Gupta


174 | P a g e Network Security & Cryptography

Boot sector viruses became popular because of the use of floppy disks to boot a computer. The
widespread usage of the Internet and the death of the floppy have made other means of virus
transmission more effective.

2. Browser Hijacker

This type of virus, which can spread itself in numerous ways including voluntary download,
effectively hijacks certain browser functions, usually in the form of re-directing the user
automatically to particular sites. It’s usually assumed that this tactic is designed to increase
revenue from web advertisements.

3. Direct Action Virus

This type of virus, unlike most, only comes into action when the file containing the virus is
executed. The payload is delivered and then the virus essentially becomes dormant – it takes no
other action unless an infected file is executed again.

Most viruses do not use the direct action method of reproduction simply because it is not prolific,
but viruses of this type have done damage in the past. The Vienna virus, which briefly threatened
computers in 1988, is one such example of a direct action virus.

Copyright © 2018-19 by Dr. Himanshu Gupta


175 | P a g e Network Security & Cryptography

4. File Infector Virus

Perhaps the most common type of virus, the file infector takes root in a host file and then begins
its operation when the file is executed. The virus may completely overwrite the file that it infects,
or may only replace parts of the file, or may not replace anything but instead re-write the file so
that the virus is executed rather than the program the user intended.

Although called a “file virus” the definition doesn’t apply to all viruses in all files generally – for
example, the macro virus below is not referred to by the file virus. Instead, the definition is
usually meant to refer only to viruses which use an executable file format, such as .exe, as their
host.

5. Macro Virus

A wide variety of programs, including productivity applications like Microsoft Excel, provide
support for Macros – special actions programmed into the document using a specific macro
programming language. Unfortunately, this makes it possible for a virus to be hidden inside a
seemingly benign document.

Macro viruses very widely in terms of payload. The most well known macro virus is probably
Melissa, a Word document supposedly containing the passwords to pornographic websites. The
virus also exploited Word’s link to Microsoft Outlook in order to automatically email copies of
itself.

Copyright © 2018-19 by Dr. Himanshu Gupta


176 | P a g e Network Security & Cryptography

6. Multipartite Virus

While some viruses are happy to spread via one method or deliver a single payload, Multipartite
viruses want it all. A virus of this type may spread in multiple ways, and it may take different
actions on an infected computer depending on variables, such as the operating system installed or
the existence of certain files.

7. Polymorphic Virus

Another jack-of-all-trades, the Polymorphic virus actually mutates over time or after every
execution, changing the code used to deliver its payload. Alternatively, or in addition, a
Polymorphic virus may guard itself with an encryption algorithm that automatically alters itself
when certain conditions are met.

The goal of this trickery is evasion. Antivirus programs often find viruses by the specific code
used. Obscuring or changing the code of a virus can help it avoid detection.

8. Resident Virus

This broad virus definition applies to any virus that inserts itself into a system’s memory. It then
may take any number of actions and run independently of the file that was originally infected.

A resident virus can be compared to a direct payload virus, which does not insert itself into the
system’s memory and therefore only takes action when an infected file is executed.

Copyright © 2018-19 by Dr. Himanshu Gupta


177 | P a g e Network Security & Cryptography

9. Web Scripting Virus

Many websites execute complex code in order to provide interesting content. Displaying online
video in your browser, for example, requires the execution of a specific code language that
provides both the video itself and the player interface.

Of course, this code can sometimes be exploited, making it possible for a virus to infect a
computer or take actions on a computer through a website. Although malicious sites are
sometimes created with purposely infected code, many such cases of virus exist because of code
inserted into a site without the webmaster’s knowledge.

An overview of Virus Types

4.2 Worms

Computer worms are similar to viruses in that they replicate functional copies of themselves and
can cause the same type of damage. In contrast to viruses, which require the spreading of an
infected host file, worms are standalone software and do not require a host program or human
help to propagate. To spread, worms either exploit vulnerability on the target system or use some
kind of social engineering to trick users into executing them.

Copyright © 2018-19 by Dr. Himanshu Gupta


178 | P a g e Network Security & Cryptography

A Crucial and Independent Attack by Worm

A worm enters a computer through vulnerability in the system and takes advantage of file-
transport or information-transport features on the system, allowing it to travel unaided.

4.21 Types of Worm

1. Email Worms

An email worms uses a PC's email client to spread itself. It will either send a link within
the email that, when clicked, will infect the computer, or it will send an attachment that,
when opened, will start the infection. Once the worm is installed, it will search the host
computer for any email addresses contained on it. It will then start the process again,
sending the worm without any input from the user.

A well-known example of this type of worm is the "ILOVEYOU" worm, which infected
millions of computers worldwide in 2000.

2. Internet Worms

Internet worms are completely autonomous programs. They use an infected machine to
scan the Internet for other vulnerable machines. When a vulnerable machine is located,
the worm will infect it and begin the process again. Internet worms are often created to

Copyright © 2018-19 by Dr. Himanshu Gupta


179 | P a g e Network Security & Cryptography

exploit recently discovered security issues on machines that haven't installed the latest
operating-system and security updates.

3. File-sharing Networks Worms

File-sharing worms take advantage of the fact that file-sharers do not know exactly what
they are downloading. The worm will copy itself into a shared folder with an unassuming
name. When another user on the network downloads files from the shared folder, they
will unwittingly download the worm, which then copies itself and repeats the process. In
2004, a worm called "Phatbot" infected millions of computers in this way, and had the
ability to steal personal information, including credit card details, and send spam on an
unprecedented scale.

4. Instant Message and Chat Room Worms

These work in a similar way to email worms. The infected worm will use the contact list
of the user's chat-room profile or instant-message program to send links to infected
websites. These are not as effective as email worms as the recipient needs to accept the
message and click the link. They tend to affect only the users of the particular program.

4.3 Trojans

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate
Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into
loading and executing it on their systems. After it is activated, it can achieve any number of
attacks on the host, from irritating the user (popping up windows or changing desktops) to
damaging the host (deleting files, stealing data, or activating and spreading other malware, such
as viruses). Trojans are also known to create back doors to give malicious users access to the
system.

Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-
replicate. Trojans must spread through user interaction such as opening an e-mail attachment or
downloading and running a file from the Internet.

Copyright © 2018-19 by Dr. Himanshu Gupta


180 | P a g e Network Security & Cryptography

Trojan Horse Attack

4.4 Bots

"Bot" is derived from the word "robot" and is an automated process that interacts with other
network services. Bots often automate tasks and provide information or services that would
otherwise be conducted by a human being. A typical use of bots is to gather information (such as
web crawlers), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC),
or other web interfaces. They may also be used to interact dynamically with websites.

Bots Attack

Copyright © 2018-19 by Dr. Himanshu Gupta


181 | P a g e Network Security & Cryptography

Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware
designed to infect a host and connect back to a central server or servers that act as a command
and control (C&C) center for an entire network of compromised devices, or "botnet." With a
botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their
target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log
keystrokes, gather passwords, capture and analyze packets, gather financial information, launch
DoS attacks, relay spam, and open back doors on the infected host.

5. Firewall

A computer firewall protects networked computers from intentional hostile intrusion that could
compromise confidentiality or result in data corruption or denial of service. It may be a hardware
device or a software program running on a secure host computer. In either case, it must have at
least two network interfaces, one for the network it is intended to protect, and one for the
network it is exposed to.

A network firewall sits at the junction point or gateway between the two networks, usually a
private network and a public network such as the Internet. The earliest computer firewalls were
simple routers. An Internet firewall examines all traffic routed between your network and the
Internet to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it
is stopped. A network firewall filters both inbound and outbound traffic. It can also manage
public access to private networked resources such as host applications. It can be used to log all
attempts to enter the private network and trigger alarms when hostile or unauthorized entry is
attempted.

Firewalls can filter packets based on their source, destination addresses and port numbers. This is
known as address filtering. Firewalls can also filter specific types of network traffic. This is also
known as protocol filtering because the decision to forward or reject traffic is dependant upon
the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet
attribute or state.

Copyright © 2018-19 by Dr. Himanshu Gupta


182 | P a g e Network Security & Cryptography

There are two access denial methodologies used by computer firewalls. A firewall may allow all
traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain
criteria. The type of criteria used to determine whether traffic should be allowed through varies
from one type of firewall to another. Computer Firewalls may be concerned with the type of
traffic, or with source or destination addresses and ports. They may also use complex rule bases
that analyse the application data to determine if the traffic should be allowed through.

5.1 Design Principle of Firewall


Network Firewalls operate at different layers to use different criteria to restrict traffic. The
lowest layer at which a firewall can work is layer three. In the OSI model this is the network
layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to
their destination. At this layer a firewall can determine whether a packet is from a trusted source,
but cannot be concerned with what it contains or what other packets it is associated with.

Basic Firewall Operation

Copyright © 2018-19 by Dr. Himanshu Gupta


183 | P a g e Network Security & Cryptography

Firewalls that operate at the transport layer know a little more about a packet, and are able to
grant or deny access depending on more sophisticated criteria. At the application level, firewalls
know a great deal about what is going on and can be very selective in granting access. It would
appear then, that firewalls functioning at a higher level in the stack must be superior in every
respect. This is not necessarily the case, however. The lower in the stack the packet is
intercepted, the more secure the firewall. If the intruder cannot get past level three, it is
impossible to gain control of the operating system.

Professional Firewall

Professional firewall catch each network packet before the operating system does, thus, there is
no direct path from the Internet to the operating system’s TCP/IP stack. It is therefore very
difficult for an intruder to gain control of the firewall host computer then “open the doors” from
the inside. Traditional firewall technology is susceptible to misconfiguration on non-hardened
operating systems.

5.2 Firewall Types


Firewalls fall into four broad categories:

• Packet filters
• Circuit level gateways
• Application level gateways
• Stateful multilayer inspection firewalls

Copyright © 2018-19 by Dr. Himanshu Gupta


184 | P a g e Network Security & Cryptography

A) Packet Filtering Firewall


Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP.
They are usually part of a router firewall. A router is a device that receives packets from one
network and forwards them to another.

In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can drop the packet, forward it, or send a
message to the originator. Rules can include source and destination IP address, source and
destination port number and protocol used. The advantage of packet filtering firewalls is their
low cost and low impact on network performance. Most routers support packet filtering. Even if
other firewalls are used, implementing packet filtering at the router level affords an initial degree
of security at a low network layer.

This type of firewall only works at the network layer, however, and does not support
sophisticated rule based models. Network Address Translation (NAT) routers offer the
advantages of packet filtering firewalls but can also hide the IP addresses of computers behind
the firewall, and offer a level of circuit-based filtering.

Packet Filtering Firewall

TCP protocol ensures reliable connection oriented transmission of packets between client and server.

Copyright © 2018-19 by Dr. Himanshu Gupta


185 | P a g e Network Security & Cryptography

The flow of the TCP server program can be described in following steps:

• TCP server opens up a well-known port 8080 and listens for client requests.
• TCP client opens a socket and requests connection to the server.
• TCP server acknowledges the request (which is the accept function system call).
• TCP client sends HTTP/1.1 GET request.
• TCP server sends back the response, if the client and web server address are valid.
• TCP server sends HTTP/1.1 403 Forbidden response otherwise

B) Circuit Level Gateway


Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP.
They monitor TCP handshaking between packets to determine whether a requested session is
legitimate. Information passed to a remote computer through a circuit level gateway appears to
have originated from the gateway. This is useful for hiding information about protected
networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding
information about the private network they protect. On the other hand, they do not filter
individual packets.

Circuit Level Gateway

Copyright © 2018-19 by Dr. Himanshu Gupta


186 | P a g e Network Security & Cryptography

C) Application Level Gateway


Application level gateways, also called proxies, are similar to circuit-level gateways except that
they are application specific. They can filter packets at the application layer of the OSI model.
Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms,
an application level gateway that is configured to be a web proxy will not allow any ftp, gopher,
telnet or other traffic through. Because they examine packets at application layer, they can filter
application specific commands such as http:post and get, etc. This cannot be accomplished with
either packet filtering firewalls or circuit level neither of which know anything about the
application level information.

Application Level Gateway

Application level gateways can also be used to log user activity and logins. They offer a high
level of security, but have a significant impact on network performance. This is because of
context switches that slow down network access dramatically. They are not transparent to end
users and require manual configuration of each client computer.

D) Stateful Multilayer Inspection Firewall


Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls.
They filter packets at the network layer, determine whether session packets are legitimate and
evaluate contents of packets at the application layer. They allow direct connection between client
and host, alleviating the problem caused by the lack of transparency of application level

Copyright © 2018-19 by Dr. Himanshu Gupta


187 | P a g e Network Security & Cryptography

gateways. They rely on algorithms to recognize and process application layer data instead of
running application specific proxies.

Stateful Multilayer Inspection Firewalls

Stateful multilayer inspection firewalls offer a high level of security, good performance and
transparency to end users. They are expensive however, and due to their complexity are
potentially less secure than simpler types of firewalls if not administered by highly competent
personnel.

6. IT Acts and Cyber Laws

IT Acts is an Act to provide legal recognition for transactions carried out by means of electronic
data interchange and other means of electronic communication. IT Acts involve the use of
alternatives to paper-based methods of communication and storage of information, to facilitate
electronic filing of documents with the Government agencies.

IT Acts 2000
The Information Technology Act 2000 (also known as ITA-2000, or the IT Act) is an Act of
the Indian Parliament (No 21 of 2000) notified on October 17, 2000. The Information technology
Act 2000 has been substantially amended through the Information Technology (Amendment)

Copyright © 2018-19 by Dr. Himanshu Gupta


188 | P a g e Network Security & Cryptography

Act 2008 which was passed by the two houses of the Indian Parliament on December 23, and 24,
2008. It got the Presidential assent on February 5, 2009 and was notified for effectiveness on
October 27, 2009.

Information Technology Act 2000 addressed the following issues:

1. Legal Recognition of Electronic Documents


2. Legal Recognition of Digital Signatures
3. Offenses and Contraventions
4. Justice Dispensation Systems for Cybercrimes

ITAA 2008 (Information Technology Amendment Act 2008) as the new version of Information
Technology Act 2000 is often referred has provided additional focus on Information Security. It
has added several new sections on offences including Cyber Terrorism and Data Protection.

Cyber Law

Cyber law is important because it touches almost all aspects of transactions and activities on and
concerning the Internet, the World Wide Web and Cyberspace. Every action and every reaction
in Cyberspace has some legal and Cyber legal perspectives. Cyber Crime is regulated by Cyber
Laws or Internet Laws.

Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud,
forgery, defamation and mischief, all of which are subject to the Indian Penal Code. Cybercrime
encompasses a broad range of illegal activities; it can be generally divided into five categories:

1. Intrusive Offences

➢ Illegal Access: “Hacking” is one of the major forms of offences that refers to unlawful
access to a computer system.
➢ Data Espionage: Offenders can intercept communications between users (such as e-
mails) by targeting communication infrastructure such as fixed lines or wireless, and any
Internet service (e.g., e-mail servers, chat or VoIP communications).

Copyright © 2018-19 by Dr. Himanshu Gupta


189 | P a g e Network Security & Cryptography

➢ Data Interference: Offenders can violate the integrity of data and interfere with them by
deleting, suppressing, or altering data and restricting access to them.

2. Content-related offences

➢ Pornographic Material (Child-Pornography): Sexually related content was among the


first content to be commercially distributed over the Internet.
➢ Racism, Hate Speech, Glorification of Violence: Radical groups use mass
communication systems such as the Internet to spread propaganda.
➢ Religious Offences: A growing number of websites present material that is in some
countries covered by provisions related to religious offences, e.g., anti-religious written
statements.
➢ Spam: Offenders send out millions of e-mails to users, often containing advertisements
for products and services.

3. Copyright and trademark-related offences

➢ Common copyright offences: cyber piracy, software piracy, piracy of music or movies.
➢ Trademark violations: A well-known aspect of global trade. The most serious offences
include phishing and domain or name-related offences, such as cybersquatting.

4. Computer-related offences

➢ Fraud: online auction fraud, advance fee fraud, credit card fraud, Internet banking
➢ Forgery: manipulation of digital documents.
➢ Identity theft: It refers to stealing private information including Social Security Numbers
(SSN), passport numbers, Date of birth, addresses, phone numbers, and passwords for
non-financial and financial accounts.

5. Combination offences

➢ Cyberterrorism: The main purposes of it are propaganda, information gathering,


preparation of real-world attacks, publication of training material, communication,
terrorist financing and attacks against critical infrastructure.

Copyright © 2018-19 by Dr. Himanshu Gupta


190 | P a g e Network Security & Cryptography

➢ Cyberwarfare: It describes the use of ICTs in conducting warfare using the Internet.
➢ Cyberlaundering: Conducting crime through the use of virtual currencies, online casinos
and etc.

Advantages of IT Acts and Cyber Law

In view of the growth in transactions and communications carried out through electronic records,
the Act seeks to empower government departments to accept filing, creating and retention of
official documents in the digital format. The Act has also proposed a legal framework for the
authentication and origin of electronic records / communications through digital signature.

➢ From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain
many positive aspects. Firstly, the implications of these provisions for the e-businesses
would be that email would now be a valid and legal form of communication in our
country that can be duly produced and approved in a court of law.
➢ Companies shall now be able to carry out electronic commerce using the legal
infrastructure provided by the Act.
➢ Digital signatures have been given legal validity and sanction in the Act.
➢ The Act throws open the doors for the entry of corporate companies in the business of
being Certifying Authorities for issuing Digital Signatures Certificates.
➢ The Act now allows Government to issue notification on the web thus heralding e-
governance.
➢ The Act enables the companies to file any form, application or any other document with
any office, authority, body or agency owned or controlled by the appropriate Government
in electronic form by means of such electronic form as may be prescribed by the
appropriate Government.
➢ The IT Act also addresses the important issues of security, which are so critical to the
success of electronic transactions. The Act has given a legal definition to the concept of
secure digital signatures that would be required to have been passed through a system of
a security procedure, as stipulated by the Government at a later date.
➢ Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy
in case if anyone breaks into their computer systems or network and cause loss.

Copyright © 2018-19 by Dr. Himanshu Gupta


191 | P a g e Network Security & Cryptography

7. Virtual Private Network (VPN)

A VPN is a private network that uses a public network (usually the Internet) to connect remote
sites or users together. Instead of using a dedicated, real-world connection such as leased line, a
VPN uses "virtual" connections routed through the Internet from the company's private network
to the remote site or employee.

1. Authorization ensures that only trusted hosts can gain network access.

If a computer has not logged in with the VPN gateway (GTA firewall), the connection is denied (1a).
If a computer provides authorization credentials such as a password and pre-shared secret, the VPN
gateway adds the computer to its list of computers allowed to connect (1b).

2. Encryption defeats interception of traffic by scrambling data.

Once authorized, a computer can use encryption to prevent digital eavesdropping (packet sniffing) by
any in-between points on the Internet, including unauthorized hosts.

Copyright © 2018-19 by Dr. Himanshu Gupta


192 | P a g e Network Security & Cryptography

7.1 Types of VPN

There are two common VPN types:

• Remote-access – This is also called a virtual private dial-up network (VPDN), this is a
user-to-LAN connection used by a company that has employees who need to connect to
the private network from various remote locations. Typically, a corporation that wishes to
set up a large remote-access VPN will outsource to an enterprise service provider
(ESP). The ESP sets up a network access server (NAS) and provides the remote users
with desktop client software for their computers. The telecommuters can then dial a toll-
free number to reach the NAS and use their VPN client software to access the corporate
network.
Remote-access VPNs permit secure, encrypted connections between a company's private
network and remote users through a third-party service provider.

• Site-to-site - Through the use of dedicated equipment and large-scale encryption, a


company can connect multiple fixed sites over a public network such as the Internet. Site-
to-site VPNs can be either:
 Intranet-based - If a company has one or more remote locations that they wish to
join in a single private network, they can create an intranet VPN to connect LAN
to LAN. An intranet VPN connects fixed locations, branch, and home offices,
within an enterprise WAN
 Extranet-based - When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an extranet
VPN that connects LAN to LAN, and that allows all of the various companies to
work in a shared environment. An extranet extends limited access of enterprise
computing resources to business partners, such as suppliers or customers,
enabling access to shared information.
 Trusted VPN - A VPN type used in an environment where the customers trust
the technology to maintain the integrity of the circuit and use the best available
security to avoid network traffic sniffing.
 Secure VPN - All data transferred in this VPN is encrypted and authenticated so
that no one from outside can affect its security properties.

Copyright © 2018-19 by Dr. Himanshu Gupta


193 | P a g e Network Security & Cryptography

 Hybrid VPN - In this VPN, a secure VPN is run as part of a trusted VPN.
 Provider-Provisioned VPN - VPN where the trusted VPN and trusted part of the
hybrid VPN are usually administered by the ISP or some authority other than the
user.

Types of VPN

7.2 Security of VPN

VPNs need to provide the following four critical functions to ensure security for data:

• authentication—ensuring that the data originates at the source that it claims


• access control—restricting unauthorized users from gaining admission to the network
• confidentiality—preventing anyone from reading or copying data as it travels across the
Internet
• data integrity—ensuring that no one tampers with data as it travels across the Internet
Various password-based systems, and challenge-response systems—such as challenge handshake
authentication protocol (CHAP) and remote authentication dial-in user service (RADIUS)—as
well as hardware-based tokens and digital certificates can be used to authenticate users on a VPN
and control access to network resources. The privacy of corporate information as it travels
through the VPN is guarded by encrypting the data.

Copyright © 2018-19 by Dr. Himanshu Gupta


194 | P a g e Network Security & Cryptography

7.3 Tunneling

Most VPNs rely on tunneling to create a private network that reaches across the Internet.
Essentially, tunneling is the process of placing an entire packet within another packet and
sending it over a network.

Tunneling allows senders to encapsulate their data in IP packets that hide the underlying routing
and switching infrastructure of the Internet from both senders and receivers. At the same time,
these encapsulated packets can be protected against snooping by outsiders using encryption
techniques.

Tunneling

Tunnels can consist of two types of end points, either an individual computer or a LAN with a
security gateway, which might be a router or firewall. Only two combinations of these end
points, however, are usually considered in designing VPNs.

In the first case, LAN-to-LAN tunneling, a security gateway at each end point serves as the
interface between the tunnel and the private LAN. In such cases, users on either LAN can use the
tunnel transparently to communicate with each other.

The second case, that of client-to-LAN tunnels, is the type usually set up for a mobile user who
wants to connect to the corporate LAN. The client, i.e., the mobile user, initiates the creation of
the tunnel on his end in order to exchange traffic with the corporate network. To do so, he runs
special client software on his computer to communicate with the gateway protecting the
destination LAN.

Copyright © 2018-19 by Dr. Himanshu Gupta


195 | P a g e Network Security & Cryptography

Tunneling requires three different protocols:

• Carrier protocol - The protocol used by the network that the information is traveling
over
• Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is wrapped
around the original data
• Passenger protocol - The original data (IPX, NetBeui, IP) being carried

7. 4 VPN Protocols

Four different protocols have been suggested for creating VPNs over the Internet: point-to-point
tunneling protocol (PPTP), layer-2 forwarding (L2F), layer-2 tunneling protocol (L2TP), and IP
security protocol (IPSec).

PPTP, L2F, and L2TP are largely aimed at dial-up VPNs(remote-access VPNs ) while IPSec's
main focus has been LAN–to–LAN solutions.

➢ PPTP (Point-to-Point Tunneling Protocol) - PPTP is a layer 2 protocol that encapsulates


PPP frames in IP datagram. It uses a TCP connection for tunnel maintenance and a
modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for
tunneled data. The payloads of the encapsulated PPP frames can be encrypted and/or
compressed.

Structure of PPTP packets


PPTP supports 40-bit and 128-bit encryption and will use any authentication scheme
supported by PPP. PPTP is a tunneling protocol which provides remote users encrypted,
multi-protocol access to a corporate network over the Internet. Network layer protocols,
such as IPX and NetBEUI, are encapsulated by the PPTP protocol for transport over the
Internet. PPTP can support only one tunnel at a time for each user.

Copyright © 2018-19 by Dr. Himanshu Gupta


196 | P a g e Network Security & Cryptography

➢ L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership between the
members of the PPTP Forum, Cisco and the IETF (Internet Engineering Task Force).
Combining features of both PPTP and L2F, L2TP also fully supports IPSec. L2TP can
support multiple, simultaneous tunnels for each user and can be used as a tunneling
protocol for site-to-site VPNs as well as remote-access VPNs.

L2TP uses IPSec's encryption methods. Because it uses PPP for dial-up links, L2TP
includes the authentication mechanisms within PPP, namely PAP and CHAP. Similar to
PPTP, L2TP supports PPP's use of the extensible authentication protocol for other
authentication systems, such as RADIUS.

Structure of L2TP packets

➢ L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any


authentication scheme supported by PPP. One major difference between PPTP
and L2F is that, because L2F tunneling is not dependent on IP, it is able to work
directly with other media, such as frame relay or asynchronous transfer mode
(ATM). Like PPTP, L2F uses PPP for authentication of the remote user, but it
also includes support for terminal access controller access control system
(TACACS) + and RADIUS for authentication. L2F also differs from PPTP in that
it allows tunnels to support more than one connection.

➢ IPSec

The protocol which seems destined to become the de facto standard for VPNs is
IPSec (Internet Protocol Security). It is designed to address data confidentiality,
integrity, authentication and key management, in addition to tunneling. IPSec works
well on both remote-access and site-to-site VPNs.

Copyright © 2018-19 by Dr. Himanshu Gupta


197 | P a g e Network Security & Cryptography

IPSec allows the sender (or security gateway acting on his behalf) to authenticate or
encrypt each IP packet or apply both operations to the packet. Separating the
application of packet authentication and encryption has led to two different methods
of using IPSec, called modes. In transport mode, only the transport-layer segment of
an IP packet is authenticated or encrypted. The other approach, authenticating or
encrypting the entire IP packet, is called tunnel mode. While transport-mode IPSec
can prove useful in many situations, tunnel-mode IPSec provides even more
protection against certain attacks and traffic monitoring that might occur on the
Internet.

IPSec is built around a number of standardized cryptographic technologies to provide


confidentiality, data integrity, and authentication.

For example, IPSec uses:

❖ Diffie-Hellman key exchanges to deliver secret keys between peers on a public net
❖ public-key cryptography for signing Diffie-Hellman exchanges, to guarantee the
identities of the two parties and avoid man-in-the-middle attacks
❖ data encryption standard (DES) and other bulk encryption algorithms for encrypting
data
❖ keyed hash algorithms (HMAC, MD5, SHA) for authenticating packets
❖ digital certificates for validating public keys

8. Recent Attacks on Networks


In particular several recent attacks on network systems, network virus and the harm caused by
network security point of view, the network security risk is very serious, which drew enough
attention about network security and preventive measures viewpoints. There are various ways to
avoid this attack by carefully specifying who can gain access through these services.

➢ Exploitation of known weaknesses in programs


Some programs and network services were not originally designed with strong security in
mind and are inherently vulnerable to attack. The BSD remote services (rlogin, rexec,
etc.) are an example. The best way to protect network against this type of attack is to

Copyright © 2018-19 by Dr. Himanshu Gupta


198 | P a g e Network Security & Cryptography

disable any vulnerable services or find alternatives. With Open Source, it is sometimes
possible to repair the weaknesses in the software.

➢ Denial of service
Denial of service attacks cause the service or program to cease functioning or prevent
others from making use of the service or program. These may be performed at the
network layer by sending carefully crafted and malicious datagrams that cause network
connections to fail. They may also be performed at the application layer, where carefully
crafted application commands are given to a program that cause it to become extremely
busy or stop functioning.

Preventing suspicious network traffic from reaching your hosts and preventing suspicious
program commands and requests are the best ways of minimizing the risk of a denial of
service attack. It's useful to know the details of the attack method, so we should educate
ourselves about each new attack as it gets publicized.

➢ Spoofing
This type of attack causes a host or application to mimic the actions of another. Typically
the attacker pretends to be an innocent host by following IP addresses in network packets.
For example, a well-documented exploit of the BSD rlogin service can use this method to
mimic a TCP connection from another host by guessing TCP sequence numbers. To
protect against this type of attack, verify the authenticity of datagrams and commands.
Prevent datagram routing with invalid source addresses. Introduce unpredictability into
connection control mechanisms, such as TCP sequence numbers and the allocation of
dynamic port addresses.

➢ Eavesdropping
This is the simplest type of attack. A host is configured to "listen" to and capture data not
belonging to it. Carefully written eavesdropping programs can take usernames and
passwords from user login network connections. Broadcast networks like Ethernet are
especially vulnerable to this type of attack. To protect against this type of threat, avoid

Copyright © 2018-19 by Dr. Himanshu Gupta


199 | P a g e Network Security & Cryptography

use of broadcast network technologies and enforce the use of data encryption. IP
firewalling is very useful in preventing or reducing unauthorized access, network layer
denial of service, and IP spoofing attacks. It not very useful in avoiding exploitation of
weaknesses in network services or programs and eavesdropping.

Copyright © 2018-19 by Dr. Himanshu Gupta


200 | P a g e Network Security & Cryptography

A. Fill in the Blanks:

1. _____________ is an illegal act of entering, seizing, or taking possession of another's


property.

2. An _______________ is a device or software application that monitors network or system


activities for malicious activities or policy violations and produces reports to a Management
Station.

3. In computer terminology, a _______________ is a trap set to detect, deflect, or in some


manner counteract attempts at unauthorized use of information systems.

4. ___________ cannot damage the physical hardware of systems and network equipment, but it
can damage the data and software residing on the equipment.

5. Viruses can range in severity from causing mildly annoying effects to damaging data or
software and causing _________________ conditions.

6. ___________ are standalone software and do not require a host program or human help to
propagate.

7. A network firewall filters both ______________ and ______________ traffic.

8. The Information technology Act 2000 has been substantially amended through the
______________ which was passed by the two houses of the Indian Parliament on December 23,
and 24, 2008.

9. Cyber crimes can involve ___________ activities that are traditional in nature, such as theft,
fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.

Copyright © 2018-19 by Dr. Himanshu Gupta


201 | P a g e Network Security & Cryptography

10. A ____________ is a private network that uses a public network (usually the Internet) to
connect remote sites or users together.

B. Frequently Asked Questions (FAQs)

1. Which security mechanisms of a system are designed to prevent unauthorized access to system
resources and data?

a) IDS

b) Firewall

c) Antivirus Software

d) None of these

2. Based on design criteria, honeypots can be classified as

a) High-interaction Honeypots

b) Low-interaction Honeypots

c) Pure Honeypots

d) All of the above

3. Which software is a code or software that is specifically designed to damage, disrupt, steal, or
in general inflict some other “bad” or illegitimate action on data, hosts, or networks?

a) Malicious Software

b) Freeware

c) Antivirus

d) Firewall

Copyright © 2018-19 by Dr. Himanshu Gupta


202 | P a g e Network Security & Cryptography

4. Which malware propagates by inserting a copy of itself into and becoming part of another
program?

a) Intruder

b) Worm

c) Virus

d) None of these

5. Which virus exploited Word’s link to Microsoft Outlook in order to automatically email
copies of itself?

a) Boot Sector Virus

b) Macro Virus

c) Direct Action Virus

d) File Infector Virus

6. Which malwares are similar to viruses in that they replicate functional copies of themselves
and can cause the same type of damage?

a) Intruder

b) Worm

c) Virus

d) None of these

7. Which security mechanism protects networked computers from intentional hostile intrusion
that could compromise confidentiality or result in data corruption or denial of service?

a) Firewall

b) Antivirus

Copyright © 2018-19 by Dr. Himanshu Gupta


203 | P a g e Network Security & Cryptography

c) Honeypot

d) IDS

8. Which IT act is the new version of Information Technology Act 2000 is often referred has
provided additional focus on Information Security?

a) ITAA 2008

b) IT Act 2000

c) IT Act 2005

d) IT Act 2010

9. Which law touches almost all aspects of transactions and activities on and concerning the
Internet, the World Wide Web and Cyberspace?

a) IT Law

b) IT Act

c) Cyber Law

d) None of these

10. Which network uses "virtual" connections routed through the Internet from the company's
private network to the remote site or employee?

a) VPN

b) PSTN

c) ISDN

d) None of these

Copyright © 2018-19 by Dr. Himanshu Gupta


204 | P a g e Network Security & Cryptography

About the Author

Dr. Himanshu Gupta is working as a Senior


Faculty Member in the well reputed Indian
university Amity University Uttar Pradesh,
Noida.

He completed all his academic as well as


professional education from reputed central
university Aligarh Muslim University, Aligarh
(Uttar Pradesh) India.

He has visited Malaysia, Singapore, Thailand, Cambodia, Vietnam, Indonesia, Hong Kong, Macau
and China for his academic and research work. He has delivered many Technical Sessions on “Network
Security & Cryptography” in the field of Information Technology in various reputed International
Conferences, World Summit and other foreign universities as an Invited Speaker and Visiting
Professor. He has many Research Papers and Articles in the field of Information Technology, which
have been published in various reputed Conference Proceedings and Journals.

He has successfully filed and completed his first Patent in Network Security as an Inventor, which has
been published in the International Journal of Patents by Patent Department, Govt. of India in month
of December, 2010. After that, he has filed many significant patents in the area of Network Security &
Cryptography.

He is holding prestigious senior memberships of various reputed International Technical and Research
Organizations as IEEE Computer Society (USA), TIFR (India), CSI (India), CSTA (USA), IACSIT
(Singapore), Cryptography Research Society of India (CRSI-India), UACEE (Australia) and the
World Association of Young Scientists (Paris). He has attended many National and International
Conferences, Seminars and Workshops in the field of Information Technology during his academic
and research career. He has delivered Online IT Lectures as an Invited Speaker to students of 16
African Countries under the e-Pan African Project sponsored by Govt. of India at Amity University,
Noida.

Copyright © 2018-19 by Dr. Himanshu Gupta