# Network Security and Management

Rotor machine
In cryptography, a rotor machine is an electro-mechanical device used for encrypting and decrypting secret messages. Rotor machines were the cryptographic state-of-the-art for a brief but prominent period of history; they were in widespread use in the 1930s–1950s. The most famous example is the Enigma machine. The primary component is a set of rotors, also termed wheels or drums, which are rotating disks with an array of electrical contacts on either side. The wiring between the contacts implements a fixed substitution of letters, replacing them in some complex fashion. On its own, this would offer little security; however, after encrypting each letter, the rotors advance positions, changing the substitution. By this means, a rotor machine produces a complex polyalphabetic substitution cipher. The machine consists of a set of independently rotating cylinders through which electrical pulses can flow. Each cylinder has 26 input pins and 26 output pins, with internal wiring that connects each input pin to a unique output pin. For simplicity, only three of the internal connections in each cylinder are shown.

1

Network Security and Management Consider a machine with a single cylinder. After each input key is depressed, the cylinder rotates one position, so that the internal connections are shifted accordingly. Thus, a different monoalphabetic substitution cipher is defined. After 26 letters of plaintext, the cylinder would be back to the initial position. Thus, we have a polyalphabetic substitution algorithm with a period of 26. A single-cylinder system is trivial and does not present a formidable cryptanalytic task. The power of the rotor machine is in the use of multiple cylinders, in which the output pins of one cylinder are connected to the input pins of the next. Figure above shows a three-cylinder system. The left half of the figure shows a position in which the input from the operator to the first pin (plaintext letter a) is routed through the three cylinders to appear at the output of the second pin (ciphertext letter B). With multiple cylinders, the one closest to the operator input rotates one pin position with each keystroke. The right half of Figure shows the system's configuration after a single keystroke. For every complete rotation of the inner cylinder, the middle cylinder rotates one pin position. Finally, for every complete rotation of the middle cylinder, the outer cylinder rotates one pin position. The result is that there are 26 x 26 x 26 = 17,576 different substitution alphabets used before the system repeats.

Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning "covered or protected", and graphein meaning "to write". The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

2

Network Security and Management

Data Encryption Standard
The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 56-bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis. The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 64-bit key. A DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the key odd, i.e., there is an odd number of "1"s in each 8-bit byte1. A TDEA key consists of three DES keys, which is also referred to as a key bundle. Authorized users of encrypted computer data must have the key that was used to encipher the data in order to decrypt it. A block to be enciphered is subjected to an initial permutation IP, then to a complex keydependent computation and finally to a permutation which is the inverse of the initial permutation IP-1. The key-dependent computation can be simply defined in terms of a function f, called the cipher function, and a function KS, called the key schedule.

3

Network Security and Management

4

Let K be a block of 48 bits chosen from the 64-bit key. but for a final interchange of blocks. to decipher it is only necessary to apply the very same algorithm to an enciphered message block. Using the notation defined in the introduction. Let the 64 bits of the input block to an iteration consist of a 32 bit block L followed by a 32 bit block R.Network Security and Management Enciphering: The computation which uses the permuted input block as its input to produce the preoutput block consists.K) Consequently.K) Deciphering: The permutation IP-1 applied to the preoutput block is the inverse of the initial permutation IP applied to the input. of 16 iterations of a calculation that is described below in terms of the cipher function f which operates on two blocks.K) is given in Figure 5 . Then the output L'R' of an iteration with input LR is defined by: L' = R R' = L ⊕ f(R. the input block is then LR. R = L' L = R' ⊕ f(L'. one of 32 bits and one of 48 bits. The Cipher Function f A sketch of the calculation of f(R. and produces a block of 32 bits. taking care that at each iteration of the computation the same block of key bits K is used during decipherment as was used during the encipherment of the block.

Let E be such that the 48 bits of its output. 6 . Each of the unique selection functions S1..Network Security and Management Let E denote a function which takes a block of 32 bits as input and yields a block of 48 bits as output.S2. takes a 6-bit block as input and yields a 4-bit block as output. The permutation function P yields a 32-bit output from a 32-bit input by permuting the bits of the input block..S8. written as 8 blocks of 6 bits each...

Network Security and Management 7 .

Network Security and Management Figure: General Depiction of DES The Avalanche Effect A desirable property of any encryption algorithm is that a small change in either the plaintext or the key should produce a significant change in the ciphertext. 8 . If the change were small. a change in one bit of the plaintext or one bit of the key should produce a change in many bits of the ciphertext. In particular. this might provide a way to reduce the size of the plaintext or key space to be searched.

Network Security and Management Table: Avalanche Effect in DES (a) Change in Plaintext Number of bits that Round differ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1 6 21 35 39 34 32 31 29 42 44 32 30 30 26 29 (b) Change in Key Number of bits that Round differ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 2 14 28 32 30 32 35 34 40 38 31 33 28 26 34 9 .

It is no longer recommended by the National Institute of Standards and Technology (NIST) and not supported by ISO/IEC 18033-3. and K3 = K1. without designing a completely new block cipher algorithm.e. because the first and second DES operations simply cancel out.g. Because the key size of the original DES cipher was becoming problematically short. Keying options The standards define three keying options: Keying option 1: All three keys are independent. Keying option 1 is the strongest. Keying option 3: All three keys are identical. with only 56 key bits. Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA) block cipher. Keying option 2 provides less security. e. This option provides backward compatibility with DES. 21 bits differ between the two blocks. 10  . On completion. Triple DES In cryptography. with 2 x 56 = 112 key bits. which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. because it protects against meet-in-the-middle attacks. the two ciphertexts differ in 34 bit positions. Keying option 2: K1 and K2 are independent. K1 = K2 = K3. with K1 and K2. Keying option 3 is no better than DES.Network Security and Management Table: Avalanche Effect in DES (a) Change in Plaintext Number of bits that Round differ 16 34 (b) Change in Key Number of bits that Round differ 16 35 The Table shows that after just three rounds. Triple DES was designed to provide a relatively simple method of increasing the key size of DES to protect against brute force attacks. This option is stronger than simply DES encrypting twice. with 3 x 56 = 168 independent key bits. i.

in DES. this function relies on the use of S-boxes. design of the function F.1 operations. Thus. are more resistant to differential and linear cryptanalysis. the strength of any algorithm that satisfies the criterion can be judged solely on key length. As we have seen. If DES had 15 or fewer rounds.Network Security and Management Block Cipher Design Principles Although much progress has been made in designing block ciphers that are cryptographically strong. and key scheduling. whereas brute force requires 255. Blowfish. differential cryptanalysis would require less effort than bruteforce key search. 11  . An n x m S-box has n input bits and m output bits. In the absence of a cryptanalytic breakthrough. There are three critical aspects of block cipher design: the number of rounds. This criterion is attractive because it makes it easy to judge the strength of an algorithm and to compare different algorithms. Schneier [SCHN96] observes that for 16round DES. Design of Function F The heart of a Feistel block cipher is the function F. the more difficult it is to perform cryptanalysis. by and large. In general. the basic principles have not changed all that much since the work of Feistel and the DES design team in the early 1970s. the more difficult any type of cryptanalysis will be. One obvious criterion is that F be nonlinear. S-Box Design One obvious characteristic of the S-box is its size. Design Criteria for F The function F provides the element of confusion in a Feistel cipher. even for a relatively weak F. a differential cryptanalysis attack is slightly less efficient than brute force: the differential cryptanalysis attack requires 255. has 8 x 32 S-boxes. the more difficult it is to approximate F by a set of linear equations. In rough terms. Number of Rounds The greater the number of rounds. the criterion should be that the number of rounds is chosen so that known cryptanalytic efforts require greater effort than a simple brute-force key search attack. the more nonlinear F is. it must be difficult to "unscramble" the substitution performed by F. This criterion was certainly used in the design of DES. as we discussed previously. The more nonlinear F. DES has 6 x 4 S-boxes. Larger S-boxes.

Key Distribution For symmetric encryption to work. Therefore. the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. For two parties A and B. frequent key changes are usually desirable to limit the amount of data compromised if an attacker learns the key. a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization.Network Security and Management Key Schedule Algorithm A final area of block cipher design. as follows:     A can select a key and physically deliver it to B. the signature will be of a certificate authority (CA). the strength of any cryptographic system rests with the key distribution technique. we would like to select subkeys to maximize the difficulty of deducing individual subkeys and the difficulty of working back to the main key. key distribution can be achieved in a number of ways. A third party can select the key and physically deliver it to A and B. is the key schedule algorithm. In a typical public key infrastructure (PKI) scheme. Furthermore. Public key certificate In cryptography. the signature is of either the user (a self-signed certificate) or other users ("endorsements"). encrypted using the old key. With any Feistel block cipher. one party can transmit the new key to the other. If A and B each has an encrypted connection to a third party C. In a web of trust scheme. the two parties to an exchange must share the same key. In general. and so forth. their address. In either case. No general principles for this have yet been promulgated. The certificate can be used to verify that a public key belongs to an individual. and one that has received less attention than S-box design. C can deliver a key on the encrypted links to A and B. without allowing others to see the key. the key is used to generate one subkey for each round. 12  . If A and B have previously and recently used a key. a term that refers to the means of delivering a key to two parties who wish to exchange data. and that key must be protected from access by others.

Alice computes s = B a mod p 196 mod 23 = 2. Diffie–Hellman key exchange Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. it provides the basis for a variety of authenticated protocols. then sends Alice B = gb mod p B = 515 mod 23 = 19. Alice chooses a secret integer a=6. Bob computes s = A b mod p 815 mod 23 = 2. This key can then be used to encrypt subsequent communications using a symmetric key cipher. However. and original. Bob chooses a secret integer b=15. For link encryption. this is a reasonable requirement. In a distributed system. The simplest. where p is prime and g is primitive root mod p. manual delivery is awkward. and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes. implementation of the protocol uses the multiplicative group of integers modulo p. Thus. Although Diffie–Hellman key agreement itself is an anonymous (non-authenticated) keyagreement protocol.Network Security and Management Options 1 and 2 call for manual delivery of a key. each device needs a number of keys supplied dynamically. for end-to-end encryption. 13  . then sends Bob A = ga mod p A = 56 mod 23 = 8. The problem is especially difficult in a wide area distributed system. Alice and Bob agree to use a prime number p=23 and base g=5. any given host or terminal may need to engage in exchanges with many other hosts and terminals over time. because each link encryption device is going to be exchanging data only with its partner on the other end of the link.

p. and a and b were at least 100 digits long. Bob computes (ga)b. If p were a prime of at least 300 digits. g is assumed to be known by all attackers. Note that only a. because gab and gba are equal mod p. Bob picks a random natural number b and sends gb to Alice. b. g. gb mod p and ga mod p. then even the best algorithms known today could not find a given only g. since it is easy to try all the possible values of gab mod 23 (there will be. even if a and b are large). Here's a more general description of the protocol: Alice and Bob agree on a finite cyclic group G and a generating element g in G. even using all of mankind's computing power.Network Security and Management Both Alice and Bob have arrived at the same value. much larger values of a. (This is usually done long before the rest of the protocol. 22 such values. Alice picks a random natural number a and sends ga to Bob. All the other values – p. ga mod p. for sending messages across the same open communications channel. 14  .) We will write the group G multiplicatively. and p would be needed to make this example secure. known only to them. and gb mod p – are sent in the clear. b and gab = gba mod p are kept secret. Once Alice and Bob compute the shared secret they can use it as an encryption key. Alice computes (gb)a. at most. Of course.

Network Security and Management Figure: General Description of Diffie-Hellman 15  .

Compute φ(pq) = (p − 1)(q − 1). The RSA algorithm involves three steps: key generation. The private key consists of the private (or decryption) exponent d which must be kept secret. It is the first algorithm known to be suitable for signing as well as encryption. and was one of the first great advances in public key cryptography. e having a short bit-length and small Hamming weight results in more efficient encryption. 4. Choose an integer e such that 1 < e < φ(pq). 16  . the integers p and q should be chosen uniformly at random and should be of similar bit-length. However. ed − 1 can be evenly divided by the totient (p − 1)(q − 1). Prime integers can be efficiently found using a primality test.  n is used as the modulus for both the public and private keys 3. Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography[1]. and e and φ(pq) share no divisors other than 1 (i. For security purposes.. e and φ(pq) are coprime). Messages encrypted with the public key can only be decrypted using the private key. and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. 2. The public key can be known to everyone and is used for encrypting messages. encryption and decryption. Choose two distinct prime numbers p and q. d is kept as the private key exponent. Compute n = pq. RSA is widely used in electronic commerce protocols. The public key consists of the modulus n and the public (or encryption) exponent e. Key generation RSA involves a public key and a private key. This is often computed using the extended Euclidean algorithm. Stated differently. 5. small values of e (such as e = 3) have been shown to be less secure in some settings. RSA (which stands for Rivest. Determine d (using modular arithmetic).   e is released as the public key exponent.e. 1<d<φ(pq) which satisfies the congruence relation    .Network Security and Management RSA In cryptography. (φ is Euler's totient function). The keys for the RSA algorithm are generated the following way: 1.

but one can also use OpenSSL to generate and examine a real keypair. Choose two prime numbers p = 61 and q = 53 2. Bob then transmits c to Alice. she can recover the original message M by reversing the padding scheme.e) to Bob and keeps the private key secret.e) Private key  (d) Encryption Alice transmits her public key (n. Choose any number e > 1 that is coprime to 3120. A worked example Here is an example of RSA encryption and decryption. Compute n = pq 3. The parameters used here are artificially small. Choosing a prime number for e leaves you with a single check: that e is not a divisor of 3120. For primes the totient is maximal and equals x − 1. 1. He then computes the ciphertext c corresponding to: This can be done quickly using the method of exponentiation by squaring. Decryption Alice can recover m from c by using her private key exponent d by the following computation: Given m.Network Security and Management Public key  (n. Bob then wishes to send message M to Alice. Compute the totients of product. He first turns M into an integer 0 < m < n by using an agreed-upon reversible protocol known as a padding scheme. e = 17 17  . Therefore 4.

and -367 mod 3120 is 2753) The public key is (n = 3233. we calculate To decrypt c = 855. lest the Fermat factorization for n be successful.. For a padded message m the encryption function is or abstractly: The private key is (n = 3233. Numbers p and q should not be 'too close'. n can be factored quickly by Pollard's p − 1 algorithm. an integer. this is the correct answer. The extended euclidean algorithm finds the solution to Bézout's identity of 3120x2 + 17x-367=1. The decryption function is its general form: or in For instance. 18  . for instance is less than 2n1/4 (which for even small 1024-bit values of n is 3×1077) solving for p and q is trivial. and these values of p or q should therefore be discarded as well. we tap . d = 2753). Security and practical considerations Key generation Finding the large primes p and q is usually done by testing random numbers of the right size with probabilistic primality tests which quickly eliminate virtually all non-primes. (iterating finds (15 times 3120)+1 divided by 17 is 2753. e = 17). Furthermore. if either p − 1 or q − 1 has only small prime factors. in order to encrypt m = 123.g. if p − q. whereas other values in place of 15 do not produce an integer. Compute d such that multiplicative inverse of e modulo d = 2753 : e. by computing the modular since 17 · 2753 = 46801 and 46801 mod 3120 = 1.Network Security and Management 5.

it is of utmost importance to use a strong random number generator for the symmetric key. Eve can then intercept any ciphertext sent by Bob. For instance. decrypt it with her own private key. Boneh and Brumley demonstrated a more practical attack capable of recovering RSA factorizations over a network connection (e. because otherwise Eve (an eavesdropper wanting to see what was sent) could bypass RSA by guessing the symmetric key. keep a copy of the message. Eve sends Bob her own public key. encrypts the (comparatively short) symmetric key with RSA. Key distribution As with all ciphers. In practice.. Defenses against such attacks are often based on digital certificates or other components of a public key infrastructure. One way to thwart these attacks is to ensure that the decryption operation takes a constant amount of time for every ciphertext. she can deduce the decryption key d quickly. which Bob believes to be Alice's. how RSA public keys are distributed is important to security. Suppose further that Eve can intercept transmissions between Alice and Bob. However. In 2003. encrypt the message with Alice's public key. Key distribution must be secured against a man-in-the-middle attack. This procedure raises additional security issues. This attack takes advantage of information leaked by the Chinese remainder theorem optimization used by many RSA implementations. and send the new ciphertext to Alice. In principle. from a Secure Socket Layer (SSL)-enabled webserver). Suppose Eve has some way to give Bob arbitrary keys and make him believe they belong to Alice. 19  . this approach can significantly reduce performance. Timing attacks If the attacker Eve knows Alice's hardware in sufficient detail and is able to measure the decryption times for several known ciphertexts. neither Alice nor Bob would be able to detect Eve's presence. Bob typically encrypts a secret message with a symmetric algorithm. This attack can also be applied against the RSA signature scheme. and transmits both the RSA-encrypted symmetric key and the symmetrically-encrypted message to Alice.Network Security and Management Speed RSA is much slower than DES and other symmetric cryptosystems.g.

A signing algorithm which. 20  . so that even if the private key is exposed. First. Digital signatures can also provide non-repudiation. given a message and a private key. meaning that the signer cannot successfully claim they did not sign a message. The algorithm outputs the private key and a corresponding public key. it should be computationally infeasible to generate a valid signature for a party who does not possess the private key. contracts. properly implemented digital signatures are more difficult to forge than the handwritten type. or a message sent via some other cryptographic protocol. public key and a signature. a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. and in other cases where it is important to detect forgery and tampering. further. A digital signature scheme typically consists of three algorithms:  A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. and that it was not altered in transit. Digital signatures employ a type of asymmetric cryptography. For messages sent through an insecure channel. either accepts or rejects the message's claim to authenticity. produces a signature. A signature verifying algorithm which given a message.   Two main properties are required. Secondly. A valid digital signature gives a recipient reason to believe that the message was created by a known sender. the signature is valid nonetheless. Digitally signed messages may be anything representable as a bitstring: examples include electronic mail. a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. financial transactions. Digital signatures are equivalent to traditional handwritten signatures in many respects. Digital signatures are commonly used for software distribution. some nonrepudiation schemes offer a time stamp for the digital signature. Digital signature schemes in the sense used here are cryptographically based. and must be implemented properly to be effective. while also claiming their private key remains secret.Network Security and Management Digital signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document.

Network Security and Management Digital Signature Standard The DSS makes use of the Secure Hash Algorithm (SHA) described in Chapter 12 and presents a new digital signature technique. 21  . the Digital Signature Algorithm (DSA). The recipient takes the message and produces a hash code. In the RSA approach. it is a public-key technique. Nevertheless. The DSS Approach The DSS uses an algorithm that is designed to provide only the digital signature function. Unlike RSA. The DSS approach also makes use of a hash function. This hash code is then encrypted using the sender's private key to form the signature. Figure contrasts the DSS approach for generating digital signatures to that used with RSA. Because only the sender knows the private key. We can consider this set to constitute a global public key (PUG). The hash code is provided as input to a signature function along with a random number k generated for this particular signature. labeled s and r. The signature function also depends on the sender's private key (PRa)and a set of parameters known to a group of communicating principals. The recipient also decrypts the signature using the sender's public key. The result is a signature consisting of two components. the message to be signed is input to a hash function that produces a secure hash code of fixed length. the signature is accepted as valid. it cannot be used for encryption or key exchange. If the calculated hash code matches the decrypted signature. only the sender could have produced a valid signature. Both the message and the signature are then transmitted.

The processing of a message block consists of four similar stages. The main MD5 algorithm operates on a 128-bit state.") = e4d909c290d0fb1ca068ffaddf22cbd0 22  . is appended to the end of the message. and is also commonly used to check the integrity of files. The padding works as follows: first a single bit. C and D. each block modifying the state. MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. divided into four 32-bit words. The main algorithm then operates on each 512-bit message block in turn. B. in bits. termed rounds.Network Security and Management MD5 In cryptography. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The 128-bit (16-byte) MD5 hashes (also termed message digests) are typically represented as a sequence of 32 hexadecimal digits. For example. MD5 has been employed in a wide variety of security applications. MD5 processes a variable-length message into a fixed-length output of 128 bits. These are initialized to certain fixed constants. An MD5 hash is typically expressed as a 32-digit hexadecimal number. denoted A. However. due to the avalanche effect. 1. the message is padded so that its length is divisible by 512. adding a period to the end of the sentence: MD5("The quick brown fox jumps over the lazy dog. The remaining bits are filled up with a 64-bit integer representing the length of the original message. it has been shown that MD5 is not collision resistant. MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. The input message is broken up into chunks of 512-bit blocks (sixteen 32-bit little endian integers). The following demonstrates a 43-byte ASCII input and the corresponding MD5 hash: MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 Even a small change in the message will (with overwhelming probability) result in a mostly different hash. as such. each round is composed of 16 similar operations.

respectively. and is employed in several widely-used security applications and protocols. In 2005. indicating that a stronger hash function would be desirable. The 256 and 320-bit versions diminish only the chance of accidental collision. It is an improved version of RIPEMD. RIPEMD-160 was designed in the open academic community. 256 and 320-bit versions of this algorithm. but has a more conservative design. and SHA-2. SHA-1 is the most widely used of the existing SHA hash functions. SHA stands for Secure Hash Algorithm. Federal Information Processing Standard. in contrast to the NSA-designed SHA-1 and SHA-2 algorithms. but corrects an error in the original SHA hash specification that led to significant weaknesses. RIPEMD-160 appears to be used somewhat less frequently than SHA-1. SHA-1 is a cryptographic hash function designed by the National Security Agency (NSA) and published by the NIST as a U. SHA-1 produces a 160-bit digest from a message with a maximum length of (264 − 1) bits. and RIPEMD-320. There also exist 128. RIPEMD RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm (and cryptographic hash function). On the other hand.S. and which had been found to have questionable security. called RIPEMD-128. The 128-bit version was intended only as a drop-in replacement for the original RIPEMD. The SHA-0 algorithm was not adopted by many applications. SHA-2 on the other hand significantly differs from the SHA-1 hash function. RIPEMD-128 and RIPEMD-160. and don't have higher levels of security as compared to. SHA-1. RIPEMD256. security flaws were identified in SHA1. and is similar in performance to the more popular SHA-1. namely that a mathematical weakness might exist. respectively. The three SHA algorithms are structured differently and are distinguished as SHA-0.Network Security and Management SHA-1 In cryptography. SHA-1 is based on principles similar to those used by Ronald L. SHA-1 is very similar to SHA-0. which may have caused it to be less scrutinized than SHA. 23  . Rivest of MIT in the design of the MD4 and MD5 message digest algorithms. which was also 128-bit. which in turn was based upon the design principles used in MD4.

g. Each public key is bound to a user name and/or an e-mail address. changing d to c: RIPEMD-160("The quick brown fox jumps over the lazy cog") = 132072df690933835eb8b6ad0b77e7b6f14acad7 Pretty Good Privacy Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication. It was created by Philip Zimmermann in 1991.Network Security and Management The 160-bit RIPEMD-160 hashes (also termed RIPE message digests) are typically represented as 40-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding RIPEMD-160 hash: RIPEMD-160("The quick brown fox jumps over the lazy dog") = 37f332f68db77bd9d7edd4969571ad671cf9dd3b Even a small change in the message will (with overwhelming probability) result in a completely different hash. PGP encryption uses a serial combination of hashing. 24  . and. data compression. symmetric-key cryptography. finally. encrypting and decrypting e-mails to increase the security of e-mail communications. public-key cryptography. e. each step uses one of several supported algorithms. PGP is often used for signing.

Network Security and Management PGP Services General Format of PGP Message(from A to from B) 25  .

is possible if some loss of fidelity is acceptable. while lossy schemes accept some loss of data in order to achieve higher compression. Lossless versus lossy compression Lossless compression algorithms usually exploit statistical redundancy in such a way as to represent the sender's data more concisely without error. For example. For example. In some cases. and the probability that the letter 'q' will be followed by the letter 'z' is very small. compressed data communication only works when both the sender and receiver of the information understand the encoding scheme. a lossy data compression will be guided by research on how people perceive the data in question. On the downside. transparent (unnoticeable) compression is desired. lossless data compression algorithms will always fail to compress some files. Compression is useful because it helps reduce the consumption of expensive resources. Another kind of compression. Lossless compression is possible because most real-world data has statistical redundancy. Similarly. the human eye is more sensitive to subtle variations in luminance than it is to variations in color. The design of data compression schemes therefore involves trade-offs among various factors. and this extra processing may be detrimental to some applications. Attempts to compress data that has been compressed already will therefore usually result in an expansion. compressed data can only be understood if the decoding method is known by the receiver. data compression or source coding is the process of encoding information using fewer bits (or other information-bearing units) than an unencoded representation would use. JPEG image compression works in part by "rounding off" some of this lessimportant information. as will attempts to compress all but the most trivially encrypted data. the letter 'e' is much more common than the letter 'z'. including the degree of compression. in other cases. For instance. a compression scheme for video may require expensive hardware for the video to be decompressed fast enough to be viewed as it is being decompressed (the option of decompressing the video in full before watching it may be inconvenient.Network Security and Management Data compression In computer science and information theory. For example. Lossy data compression provides a way to obtain the best fidelity for a given amount of compression. such as hard disk space or transmission bandwidth. Generally. any compression algorithm will necessarily fail to compress any data containing no discernible patterns. Lossless compression schemes are reversible so that the original data can be reconstructed. called lossy data compression or perceptual coding. However. As with any communication. compressed data must be decompressed to be used. and requires storage space for the decompressed video). fidelity is sacrificed to reduce the amount of data as much as possible. in English text. indeed. through use of specific encoding schemes. 26  . this text makes sense only if the receiver understands that it is intended to be interpreted as characters representing the English language. the amount of distortion introduced (if using a lossy compression scheme). and the computational resources required to compress and uncompress the data.

like for example always removing the last byte of a file. just written in a smaller form. DEFLATE is used in PKZIP.Network Security and Management In practice.[9]8 Interpreted as. Also noteworthy are the LZR (LZ-Renau) methods. Compression of human speech is often performed with even more specialized techniques. the original string is perfectly recreated. methods of psychoacoustics are used to remove non-audible (or less audible) components of the signal. Lossy Lossy image compression is used in digital cameras. this table is generated dynamically from earlier data in the input. A current LZ-based coding scheme that performs well is LZX. therefore compression can be slow. to increase storage capacities with minimal degradation of picture quality. DEFLATE is a variation on LZ which is optimized for decompression speed and compression ratio. used in Microsoft's CAB format. Different audio and speech compression standards are listed under audio codecs. will always compress a file up to the point where it is empty. using 26 instead. In lossy audio compression. lossy compression is the following string: 25. DVDs use the lossy MPEG-2 Video codec for video compression. at the benefit of a smaller file. An example of lossless vs. LZW (Lempel-Ziv-Welch) is used in GIF images. LZX). Lossless The Lempel-Ziv (LZ) compression methods are among the most popular algorithms for lossless storage. while audio compression is used for CD ripping and is decoded by audio players. SHRI. so that "speech compression" or "voice coding" is sometimes distinguished as a separate discipline from "audio compression". For most LZ methods. LZ methods utilize a table-based compression model where table entries are substituted for repeated strings of data. The table itself is often Huffman encoded (e. the exact original data is lost. gzip and PNG. although an extremely lossy algorithm. In a lossy system. Similarly. "twenty five point 9 eights". Voice compression is used in Internet telephony for example. which serve as the basis of the Zip method. lossy data compression will also come to a point where compressing again does not work.888888888 This string can be compressed as: 25. 27  .g.

MIME headers MIME Version The presence of this header indicates the message is MIME-formatted. Content-ID The Content-ID header is primarily of use in multi-part messages (as discussed below). Virtually all human-written Internet e-mail and a fairly large proportion of automated e-mail is transmitted via SMTP in MIME format.example.. including for the web. The value is typically "1.Network Security and Management MIME Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of e-mail to support:     Text in character sets other than ASCII Non-text attachments Message bodies with multiple parts Header information in non-ASCII character sets MIME's use.0 It should be noted that implementers have attempted to change the version number in the past and the change had unforeseen results.32252. such as in communication protocols like HTTP for the World Wide Web.31.0" so this header appears as MIME-Version: 1. has grown beyond describing the content of e-mail to describing content type in general. HTTP requires that data be transmitted in the context of e-mail-like messages. in IMG tags of an HTML message allowing the inline display of attached images).1057009685@server01. Internet e-mail is so closely associated with the SMTP and MIME standards that it is sometimes called SMTP/MIME e-mail. a Content-ID is a unique identifier for a message part. however. allowing it to be referred to (e. The content types defined by MIME standards are also of importance outside of e-mail. Here is an example: Content-ID: <5. although the data most often is not actually e-mail.g. The content ID is contained within angle brackets in the Content-ID header.net> 28  . It was decided at an IETF meeting to leave the version number as is even though there have been many updates and versions of MIME.

29  o o . one of them is to include an at sign (@).  Suitable for use with normal SMTP: o 7bit – up to 998 octets per line of the code range 1. Designed to be efficient and mostly human readable when used for text data consisting primarily of US-ASCII characters but also containing a small proportion of bytes with values outside that range. with the hostname of the computer which created the content ID to the right of it. which means that it should be automatically displayed when the message is displayed.127 with CR and LF (codes 13 and 10 respectively) only allowed to appear as part of a CRLF line ending. or an attachment content-disposition. It indicates whether or not a binary-to-text encoding scheme has been used on top of the original encoding as specified within the Content-Type header. Designed to be efficient for non-text 8 bit data. quoted-printable – used to encode arbitrary octet sequences into a form that satisfies the rules of 7bit.Network Security and Management The standards don't really have a lot to say about exactly what is in a Content-ID. This is the default value. Content-Type This header indicates the Internet media type of the message content. they're only supposed to be globally and permanently unique (meaning that no two are the same. base64 – used to encode arbitrary octet sequences into a form that satisfies the rules of 7bit. even when generated by different people in different times and places). for example Content-Type: text/plain Content-Disposition A MIME part can have:   an inline content-disposition. Content-Transfer-Encoding The content-transfer-encoding: MIME header has 2-sided significance: 1. Sometimes used for text data that frequently uses non-US-ASCII characters. some conventions have been adopted.. To achieve this. If such a binary-to-text encoding method has been used it states which one. consisting of a type and subtype. and 2. in which case it is not displayed automatically and requires some form of action from the user to open it.

in this case. a digital signature of the content is formed. although they cannot verify the signature. S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. Suitable only for use with SMTP servers that support the BINARYMIME SMTP extension (RFC 3030): o binary – any sequence of octets. The original specification used the recently developed IETF MIME specification with the de facto industry standard PKCS#7 secure message format. A signed data message can only be viewed by a recipient with S/MIME capability. most importantly RFCs. The content plus signature are then encoded using base64 encoding. S/MIME functionality is built into the majority of modern e-mail software and interoperates between them. Functions S/MIME provides the following functions:   Enveloped data: This consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients. S/MIME provides the following cryptographic security services for electronic messaging applications: authentication.Network Security and Management  Suitable for use with SMTP servers that support the 8BITMIME SMTP extension: o  8bit – up to 998 octets per line with CR and LF (codes 13 and 10 respectively) only allowed to appear as part of a CRLF line ending. only the digital signature is encoded using base64. S/MIME was originally developed by RSA Data Security Inc. Signed data: A digital signature is formed by taking the message digest of the content to be signed and then encrypting that with the private key of the signer. 30   . message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption). Clear-signed data: As with signed data. S/MIME is on an IETF standards track and defined in a number of documents. As a result. S/MIME specifies the application/pkcs7-mime (smime-type "enveloped-data") type for data enveloping (encrypting): the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity. However. recipients without S/MIME capability can view the message content.

The following abbreviations are used:     AS = Authentication Server SS = Service Server TGS = Ticket-Granting Server TGT = Ticket-Granting Ticket The client authenticates to the AS once using a long-term shared secret (e. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication. Knowledge of this key serves to prove an entity's identity. Kerberos works on the basis of "tickets" which serve to prove the identity of users. For communication between two entities. Description Kerberos uses as its basis the symmetric Needham-Schroeder protocol. Kerberos builds on symmetric key cryptography and requires a trusted third party. These tickets can be used to prove authentication to SS. Kerberos Kerberos is a computer network authentication protocol. so that encrypted data may be signed and signed data or clear-signed data may be encrypted. for SS. which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). it can (re)use this ticket to get additional tickets from TGS. each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. Kerberos protocol messages are protected against eavesdropping and replay attacks. termed a key distribution center (KDC). Its designers aimed primarily at a client–server model. The KDC maintains a database of secret keys.g. and it provides mutual authentication — both the user and the server verify each other's identity. It makes use of a trusted third party. 31  . A simplified and more detailed description of the protocol follows. when the client wants to contact some SS. the KDC generates a session key which they can use to secure their interactions.Network Security and Management  Signed and enveloped data: Signed-only and encrypted-only entities may be nested. The security of the protocol relies heavily on participants maintaining loosely synchronized time and on short-lived assertions of authenticity called Kerberos tickets. without resorting to using the shared secret. a password) and receives a TGT from the AS. Later. which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

routers or firewalls). Transport mode is used for host-to-host communications. however. connectionless integrity. or between a security gateway and a host. since the IP header is neither modified nor encrypted. IPsec is a dual mode. such as Secure Sockets Layer (SSL). the IP addresses cannot be translated. The routing is intact. must typically be incorporated into the design of applications. Hence. Security Architecture The IPsec suite is a framework of open standards. IPsec can be used for protecting any application traffic across the Internet. Some other Internet security systems in widespread use. security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3.   Modes of operation Transport mode In transport mode. as this will invalidate the hash value. and limited traffic flow confidentiality.g. Transport Layer Security (TLS) and Secure Shell (SSH). The transport and application layers are always secured by hash. IPsec can be used to protect data flows between a pair of hosts (e. Encapsulating Security Payload (ESP) to provide confidentiality. computer users or servers). data origin authentication. operate in the upper layers of these models. end-to-end.Network Security and Management IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks. on the other hand. Applications don't need to be specifically designed to use IPsec. only the payload (the data you transfer) of the IP packet is encrypted and/or authenticated. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. an anti-replay service (a form of partial sequence integrity). The use of TLS/SSL. A means to encapsulate IPsec messages for NAT traversal has been defined by RFC documents describing the NAT-T mechanism. between a pair of security gateways (e. when the authentication header is used.g. 32  . IPsec uses the following protocols to perform various functions:  A security association (SA) is set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by IPsec. so they cannot be modified in any way (for example by translating the port numbers).

TLS provides RSA security with 1024 and 2048 bit strengths. instant messaging and voice-over-IP (VoIP). In typical end-user/browser usage. and host-to-host communications (e. From this list.  The handshake begins when a client connects to a TLS-enabled server requesting a secure connection. Tunnel mode is used to create Virtual Private Networks for network-to-network communications (e. It is then encapsulated into a new IP packet with a new IP header. SSL Transport Layer Security (TLS) and its predecessor. Working A TLS client and server negotiate a stateful connection by using a handshaking procedure. and the server's public encryption key.g. The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.Network Security and Management Tunnel mode In tunnel mode. the entire packet (which need not be IP) is encrypted and/or authenticated. Secure Socket Layer (SSL). Several versions of the protocols are in widespread use in applications like web browsing.   33  . During this handshake.g. host-to-network communications (e. remote user access).g. Internet faxing. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. private chat). The certificate usually contains the server name. are cryptographic protocols that provide security for communications over networks such as the Internet. but not vice versa (the client remains unauthenticated or anonymous). TLS authentication is unilateral: only the server is authenticated (the client knows the server's identity). the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision. between routers to link sites). the client and server agree on various parameters used to establish the connection's security. electronic mail. and presents a list of supported CipherSuites (ciphers and hash functions). TLS and SSL encrypt the segments of network connections at the Transport Layer endto-end. The server sends back its identification in the form of a digital certificate. the trusted certificate authority (CA).

but keep session. and sends the result to the server. you can renegotiate TLS parameters and create entirely new session without interrupting connection. In order to generate the session keys used for the secure connection.Network Security and Management   The client may contact the server that issued the certificate (the trusted CA as above) and confirm that the certificate is authentic before proceeding. Only the server should be able to decrypt it (with its private key (PvK)): this is the one fact that makes the keys hidden from third parties. both parties generate key material for encryption and decryption. SSL_SESSION object is used for storing sessions to resume them later. It helps to avoid some resource consuming crypthography operations. the client encrypts a random number (RN) with the server's public key (PbK). The client knows PbK and RN. Difference between SSL Session and SSL Connection Difference between connection and session is that connection is a live communication channel. stored session should be kept both on the client and on the server). From the random number. and subsequently resume it using another connection. 34  . or even after system reboot (of course. and session is a set of negotiated cryptography parameters. and the server knows PvK and (after decryption of the client's message) RN. A third party may only know RN if PvK has been compromised. even store it to disk. since only the server and the client have access to this data. You can close connection. On other hand. which is encrypted and decrypted with the key material until the connection closes.  This concludes the handshake and begins the secured connection. may be in completely different process.

All messages entering or leaving the intranet pass through the firewall.Network Security and Management Firewall Firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. The proxy server effectively hides the true network addresses. Firewalls can be implemented in either hardware or software. The firewall itself is immune to penetration. must pass through the firewall. Once the connection has been made. Various configurations are possible. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. or a combination of both. such as FTP and Telnet servers. This implies that use of a trusted system with a secure operating system. This is achieved by physically blocking all access to the local network except via the firewall. which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques:  Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. This is very effective. All traffic from inside to outside. and vice versa. Although difficult to configure. 35  . 2.  Proxy server: Intercepts all messages entering and leaving the network. as explained later in this section. Design Principles 1.  Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria. Only authorized traffic. packets can flow between the hosts without further checking. it is fairly effective and mostly transparent to its users.  Application gateway: Applies security mechanisms to specific applications. Various types of firewalls are used. as explained later in this section. but can impose a performance degradation. which implement various types of security policies. It is susceptible to IP spoofing. as defined by the local security policy. especially intranets. will be allowed to pass. 3.