Chapter 2- Network Security and Cryptography

SECURITY MODELS
An organization can take several approaches to implement its security model. These approaches are
summarized as follows.
No Security: In this simplest case, the approach could be a decision to implement no security at all.
Security through obscurity: In this model, a system is secure simply because nobody knows about its
existence and contents. This approach cannot work for too long, as there are many ways an attacker can
come to know about it.
Hot Security: In this scheme, the security for each host is enforced individually. This is a very safe
approach, but the trouble is that it cannot scale well. The complexity and diversity of modern
sites/organizations makes the task even harder.
NETWORK SECURITY: Host security is tough to achieve as organizations grow and become more
diverse. In Network security technique, the focus is to control network access to various hosts and their
services, rather than individual host security. This is a very efficient and scalable model.

 A security-related transformation on the information to be sent includes the encryption of the

message, which scrambles the message so that it is unreadable by the opponent, and the
addition of a code based on the contents of the message, which can be used to verify the
identity of the sender
 Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software1Engineering)

  A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.
This general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should
be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and
the secret information to achieve a particular security service.
The Internet Organizations and RFC Publication
The Internet Society is the coordinating committee for Internet design, engineering, and management.
Areas covered include the operation of the Internet itself and the standardization of protocols used by
end systems on the Internet for interoperability. Three organizations under the Internet Society are
responsible for the actual work of standards development and publication:
 Internet Architecture Board (IAB): Responsible for defining the overall architecture of the
Internet, providing guidance and broad direction to the IETF
 Internet Engineering Task Force (IETF): The protocol engineering and development arm of the
Internet
 Internet Engineering Steering Group (IESG): Responsible for technical management of IETF
activities and the Internet standards process
Working groups chartered by the IETF carry out the actual development of new standards and protocols
for the Internet. Membership in a working group is voluntary; any interested party may participate.
During the development of a specification, a working group will make a draft version of the document
available as an Internet Draft, which is placed in the IETF's "Internet Drafts" online directory. The
document may remain as an Internet Draft for up to six months, and interested parties may review and
comment on the draft. During that time, the IESG may approve publication of the draft as an RFC
(Request for Comment). If the draft has not progressed to the status of an RFC during the six-month
period, it is withdrawn from the directory. The working group may subsequently publish a revised
version of the draft.
The IETF is responsible for publishing the RFCs, with approval of the IESG. The RFCs are the working
notes of the Internet research and development community. A document in this series may be on
essentially any topic related to computer communications and may be anything from a meeting report
to the specification of a standard.
Internet Standards
The Internet, a loosely organized international collaboration of autonomous interconnected networks,
supports communication through voluntary adherence to open protocols and procedures defined by
Internet standards.
From its inception, the internet has been, and is expected to remain, an evolving system, whose
participants regularly factor new requirements and technology into its design and implementation.
Therefore, improving existing standards and creating, implementing and deploying new standards is an

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software2Engineering)

ongoing effort. Users of the internet and providers of the equipment, software and services that support
it should anticipate and embrace this evolution as a major principle of internet philosophy.
RFC (Request for Comment)
Memos in the requests for comments document series contain technical and organizational notes about
the internet produced by four streams the Internet Engineering Task Force (IETF), Internet Research
Task Force (IRTF), The Internet Architecture Board (IAB), and independent submissions.

INTRODUCTION TO NUMBER THEORY

Mathematics plays a crucial role in cryptography! 2000 years ago, Julius Caesar used a simple
substitution cipher (replace each letter of message by a letter a fixed distance – k – away)

Say, for example, k = 3. Then “SCIENCE” transforms into: VFLHQFH

 FEW DEFINITIONS ON NUMBERS
• Natural Number – a number from the set of {1,2,3,L,∞}
• Integer – a number in the set {−∞,L,−2,−1,0,1,2,L,∞}
• Prime Number – a natural number (greater than one) that is only divisible by one
and itself.
• Composite Number – a natural number (greater than one) that is not prime.
• Greatest Common Divisor – the largest common factor of a set of numbers.
• gcd(a,b) - mathematical shorthand for the greatest common divisor of a and b.
• Coprime – a set of numbers is coprime if their greatest common divisor is one.
• Relatively Prime – the same thing as coprime.
e.g. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,
3,5,15 and 1 is the only common factor
• Totative – a number, m < n, is a totative of n if gcd(m,n) =1, where n is a natural
number. Or a totative of a given positive integer n is an integer k such that 0 < k
<= n and k is coprime to n.
PRIME NUMBERS
An integer p > 1 is a prime number if and only if its only divisors are ± 1 and ±p. Prime numbers
play a critical role in number theory. Asymmetric-key cryptography uses primes extensively.
The smallest prime is 2, which is divisible by 2 (itself) and 1.

• e.g. 2,3,5,7 are prime, 4,6,8,9,10 are not

Given a number n, how can we determine if n is a prime? The answer is that we need to see if
the number is divisible by all primes less than n.

PRIMALITY TESTING
Given a number n, how can we determine if n is a prime? The answer is that we need to see if
the number is divisible by all primes less than n. This method is inefficient, but it is a good start.
Example 1: Is 97 a prime?
Solution

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software3Engineering)

The floor of 97 = 9. The primes less than 9 are 2, 3, 5, and 7. We need to see if 97 is divisible by
any of these numbers. It is not, so 97 is a prime.
Example 2: Is 301 a prime?
Solution
The floor of 301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17. The numbers 2, 3, and 5 do not divide
301, but 7 does. Therefore 301 is not a prime.

PRIME FACTORIZATION
To factor a number n is to write it as a product of other numbers.

n=a*b*c

 Or, 100 = 5 * 5 * 2 * 2
Prime factorization of a number n is writing it as a product of prime numbers.
 143 = 11 * 13
Any integer a>1 can be factored as product of powers of primes i.e. a=p1 a1 × p2 a2 × … × pkak
where p1, p2, pk are prime numbers and a1, a2, …ak are integers.
Example 1: 91 = 7 × 13,
3600 = 24 × 32 × 52,
11011 = 7 × 112 × 13
An integer is then specified by all non-zero exponents. Thus,

MODULO OPERATOR
The modulo operator is shown as mod. The second input (n) is called the modulus. The output r
is called the residue.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software4Engineering)

E.g. 27 mod 5 = 2
FERMAT’S THEOREM
If p is prime and a is an integer not divisible by p, then:
Equation 1: ap-1 ¿ 1 (mod p) = 1.
And for every integer a:
Equation 2: ap ¿ a (mod p) = a.
This theorem is useful in public key (RSA) and primality testing.
Example 1: 610 mod 11 (this example satisfies Equation 1 b/c p=11 is prime and p-1 is 10)
therefore the answer is 1.
Example 2: 312 mod 11 (This example satisfies the second equation)
NB: 312 can be written as 311 x 31
(311 mod 11) x (31 mod 11)
3x3 mod 11
=9
15
Example 3: 5 mod 13
(5 2 mod 13) x (513 mod 13)
(25 mod 13) x 5
(12 x 5) mod 13
60 mod 13
=8
EULER’S PHI-FUNCTION

Euler’s phi-function, φ (n), which is sometimes called the Euler’s totient function plays a very
important role in cryptography.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software5Engineering)

We can combine the above four rules to find the value of f(n). For example, if n can be factored
as
n = p1e1 × p2e2 × … × pkek
then we combine the third and the fourth rule to find

Example 1

What is the value of φ (13)?

Solution

Because 13 is a prime, φ (13) = (13 −1) = 12.

Example 2

What is the value of φ (10)?

Solution

We can use the third rule: φ (10) = φ (2) × φ (5) = 1 × 4 = 4, because 2 and 5 are
primes.
Example 3

What is the value of φ

(240)?
Solution
We can write 240 = 24 × 31 × 51. Then

φ (240) = (24 −23) × (31 − 30) × (51 − 50) = 64

Example 4

Can we say that φ (49) = φ

(7) × φ
(7) = 6 × 6 = 36?
Solution
No. The third rule applies when m and n are relatively prime. Here 49 = 72. We need to use the

fourth rule: φ (49) = 72 − 71 = 42.

MODULAR ARITHMETIC
In an integer arithmetic, if we divide a by n, we can get q And r . The relationship between these
four integers can be shown as: a = q × n + r

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software6Engineering)

The division relationship (a = q × n + r) has two inputs (a and n) and two outputs (q and r). In
modular arithmetic, we are interested in only one of the outputs, the remainder r. The modulo
operator is shown as mod. The second input (n) is called the modulus. The output r is called the
residue.
Examples:
a. Dividing 27 by 5 results in r = 2
b. Dividing 36 by 12 results in r = 0.
c. Dividing −18 by 14 results in r = −4. After adding the modulus r = 10
d. Dividing −7 by 10 results in r = −7. After adding the modulus to −7, r = 3.

Compiled by: Wondimagegn Leta (BSC, Computer Science, MSC Software7Engineering)