Network Security Notes
Content
UNIT-I
INTRODUCTION
SECURITY GOALS:
There are three security goals,
• Confidentiality
• Integrity
• Availability
Confidentiality:
It is probably the most common aspect of information security. We need to protect our
information. An organization nedds to guard against those malicious action that endanger the
confidentiality of it information.
In industry, hiding some information from competition is crucial to the operation of the
organization.
Integrity:
It means that changes need to be done only by the authorized entities and through the
authorized mechanism.
Availability:
The third component of information security is availability. The information created and
stored by an organization needs to be available to authorized entities.
Information is useless, if it is not available.
ATTACS:
Our three goals of security can be threatened by security attacks.
Atta!"# t$reatening integrity:
1
The integrity of data can be threatened by several kinds of attacks.
. !odification"
After intercepting or accessing information, the attacks modifies the information
to make it beneficial to herself.
#. !as$uerading"
!as$uerading or spoofing happens %hen the attacker impersonates somebody
else. &.g., an attacker might steal the bank card and 'I( of the bank costomer and
pretend that she is that customer.
). *eplaying"
The attacker obtain a copy of a message send by a user and later tries to replay it.
+. *epudiation"
It is performed by one of the t%o parties in the communication. The sender of the
message might later deny that she has sent the message.
The receiver of the message might later deny that he has received the message.
Atta!"# t$reatening Availability:
. ,enial of service"
It is a very common attack. It may slo% do%n or totally interrupt the service of a
system.
2
-he might send to many bogus re$uest to a server that the server crashes because
of heavy load.
Atta!"# t$reatening by !onfidentiality:
There are t%o types of attacks threaten the confidentiality of information.
. -nooping"
It refers to unauthorized access to or interruption of data.
#. Traffic analysis"
&ncipherment of data may make it non.intelligible to the interceptor/ she can
obtain some other type of information by monitoring online traffic. -he can find
the electronic addresses of the sender or the receiver.
SER%ICES:
Data !onfidentiality:
It is designed to protect the data from disclosure attacks. It is defined by 0.122. it is
designed to prevent snooping and traffic analysis attack.
Data integrity:
It is designed to protect data from modification, insertion, deletion and replaying by an
adversary. It may protect the %hole message or part of the message.
A&t$enti!ation:
3
This service provides the authentication of the party at the other end of the line.
Non-re'&diation:
This service protects against repudiation by either the sender or the receiver of the data.
A!!e## !ontrol:
It provides the protection against unauthorized access to data.
SECURITY (EC)ANIS(:
En!i'$er*ent:
3iding or covering data can provide confidentiality.
Data integrity:
This mechanism appends to the data of a short check value that has been created by a
specific process from the data itself.
4
The receiver receives the data and check value. 3e creates a ne% check value from
received data and compares the ne%ly created check value %ith the one received.
If the t%o check values are same, the integrity of data has been preserved.
Digital Signat&re:
It means by %hich the sender can electronically sigh the data and the receiver can
electronically verify the signature.
A&t$enti!ation E+!$ange:
In this t%o entities e4change some messages to prove their identity to each other.
Traffi! ,adding:
It means inserting some bogus data into the data traffic to th%art the adversary is attempt
to use the traffic analysis.
Ro&ting Control:
It means selecting and continuously changing different available routes bet%een sender
and receiver to prevent the opponent from eavesdropping on a particular route.
Notari-ation:
It means selecting a third trusted party to control the communication bet%een t%o
entities.
A!!e## Control:
It uses methods to prove that a user has access right to the data or resources o%ned by a a
system. &.g., proofs, pass%ord and 'I(s.
TEC)NI.UES:
To implement the security goals, %e need some techni$ues. The t%o types of techni$ues
are,
5
. Cryptography,
#. -teganography.
Cry'togra'$y:
Cryptography, a %ord %ith 5reek origins, means 6secret %riting7. We use the term to
refer to the science and art of transforming messages to make term secure and immune to attacks.
In the past Cryptography referred to only the encryption and decryption of messages
using secret keys.
(o%adays, three distinct mechanisms are used,
. -ymmetric key encipherment
#. Asymmetric key encipherment
). 3ashing.
Sy**etri! "ey en!i'$er*ent:
If one person 8Alice9 sends a message to another person 8:ob9 over an insecure channel,
then the third person 8&ve9 cannot understand the content of the message by simply
eavesdropping over the channel.
Alice encrypts the message using an encryption algorithm. :ob decrypt the message
using a decryption algorithm.
-ymmetric key encipherment uses a single secret key for both encryption and decryption.
A#y**etri! "ey en!i'$er*ent:
3ere there are t%o keys instead of one,
. 'ublic key,
6
#. 'rivate key.
Alice first encrypt the message using :ob;s public key. To decrypt the message, :ob uses his
o%n private key.
)a#$ing:
In hashing, a fi4ed length digest is created out of a variable length message. The digesr is
normally much smaller than the message.
Steganogra'$y:
The %ord -teganography, %ith origin in 5reek, means 6Covered Writing7 in contrast
%ith cryptography %hich means -ecret Writing.
-teganography means concealing the message itself by covering it %ith something else.
)i#tori!al &#e:
In china %ar messages %ere %ritten on thin pieces of slice and rolled into a small ball and
s%allo%ed by messengers. Invisible inks %ere used to %rite the secret messages on the back of
the paper.
(odern &#e:
Today, any form of data, such as te4t, image, audio or video can be digitized and it is
possible to insert secret binary information into the data during digitization process.
S&b#tit&tion Ci'$er:
It replaces one symbol %ith another. If the symbol in plain te4t are in alphabetic order, it
replace one character by other, for e4ample, letter A replaced by letter (. if the symbol in plain
te4t are digits, then it replace one digits %ith other. i.e., number # replaced by +.
Types of -ubstitution Cipher"
. !onoalphabetic < hello = khoor
#. 'olyalphabetic < hello = khazr
7
!onoalphabetic < in this character in the plain te4t is al%ays replaced by the same character in
cipherte4t. *elationship is one to one.
'olyalphabetic < in this, each occurrence of a character may have a different substitute. The
relationship bet%een character in the plain te4t and cipher te4t is one to many.
(onoal'$abeti! !i'$er:
Additive Ci'$er:
The simplest monoalphabetic cipher is additive cipher or shift cipher or caeser cipher.
&4ample"
>se additive cipher %ith key ?=@, stating the message to encrypt 6hello7.
8
The encrypt %ord for 6hello7 is 6WTAA,7
Aor decryption,
Cry'tanaly#i#:
Cryptography is the science and art of creating secret codes. Cryptanalysis is the science
and art of breaking those codes. The study of cryptanalysis is helps as to create better secret
codes. Additive ciphers having only #B keys, so it is easily attacked by third person or intruder.
(<i'li!ative Ci'$er:
In this cipher, the encryption algorithm specifies multiplication of the plain te4t by the
key. The decryption algorithm specifies division of cipher te4t by key.
Affine Ci'$er:
It is the combination of additive and !ultiplicative Cipher.
,olyal'$abeti! Ci'$er:
A&to "ey Ci'$er:
9
In this cipher, the key is a stream of sub keys. The first sub key is a predetermeined value,
secretly agreed by Alice and :ob.
The second sub key is value of first plain te4t, the third sub key is second plain te4t and
so on.
&4ample"
Assume that Alice and :ob agreed to use an auto key cipher %ith initial value ? = #, the plain
te4t is 6attack is today7.
Tran#'o#ition !i'$er:
The Transposition cipher does not substitute one symbol for another, instead it changes
the location of the symbol.
A symbol in the first position of the plain te4t may appear in the tenth position of cipher
te4t.
T%o methods of Transposition cipher"
. ?eyless Transposition cipher
10
#. ?eyed Transposition cipher
eyle## Tran#'o#ition !i'$er:
8i9 The te4t is %ritten into a table in column by column and transferred into ro% by ro%.
8ii9 The te4t is %ritten into a table in ro% by ro% and transferred into column by column.
The cipher te4t is
The cipher te4t is
eyed Tran#'o#ition !i'$er:
In this method, plain te4t is divided into groups of predetermined size, called blocks and
then use a key to permute the characters in each block separately.
11
Co*bining t/o a''roa!$e#:
!ore recent transposition cipher combine t%o approaches to achieve better scrambling.
&ncryption or decryptions are done in three steps.
. The te4t is %ritten into a table ro% by ro%
#. The permutation is done by re.ordering the columns.
). (e% table is read column by column.
The first and third step provides keyless re.ordering and second step provides block %ise keyed
re.ordering
12
STREA( AND 0LOC CI,)ER:
Strea* Ci'$er:
In a stream cipher, encryption and decryption are done one symbol at a time. We have
plain te4t stream 8'9, cipher te4t stream 8C9 and key stream 8?9.
Characters in the plainte4t are fed into the encryption algorithm, one at a time. The cipher te4t
are also created one at a time. The key stream is created in many %ays. It may be a stream of pre.
determined values. It may be created one value at a time using an algorithm.
0lo!" Ci'$er:
13
In a block cipher, a group of plainte4t symbols of size m 8mC9 are encrypted together,
creating a group of cipherte4t of the same size. In this, the single key is used to encrypt the
%hole block even if the key is made of multiple values.
In a block cipher, a cipher te4t block depends on the %hole plainte4t block.
DATA ENCRY,TION STANDARD:
,&- is a symmetric key block cipher, published by (ational institute of -tandards and
Technology 8(I-T9. It %as published in the federal register in march DE@ as a draft of AI'- <
Aederal Information 'rocessing -tandard.
Overvie/ of DES:
DES Str&!t&re:
14
The encryption process made up of t%o permutations 8initial and final9 and B.rounds.
&ach round uses different +1.bit key, %hich is generated by round key generator. The key are
generated based on the predefined algorithm.
Initial and 1inal ,er*&tation#:
&ach of these permutations takes B+.bit input and permutes them according to a
predefined rule. These permutations are key.less straight permutations that are inverse of each
other. Aor e4ample, in the initial permutation, the @1
th
bit in the input becomes
st
bit in the
output. -imilarly in the final permutation, the
st
bit in the input becomes @1
th
bit in the output.
15
Ro&nd#:
The round takes FI., *I. from previous round and creates FI and *I, %hich is given to
ne4t round.
16
&ach round consists of t%o cipher elements, mi4er and s%apper. The s%apper is
invertible element. i.e., it s%aps left half of the te4t to right and vice.versa. The mi4er is
invertible because of 0O* operation. All non.invertible elements are collected inside the
functions.
DES 1&n!tion#:
,&- functions consists of,
. &4pansion '.bo4
#. Whitener 80O*9 or adding key
). -.:o4es
+. -traight 'ermutations
E+'an#ion ,-bo+:
*I. is a )#.bit input and ?I is a +1.bit. We need to e4pand *I. to +1.bit. *I. is divided
into 1, +.bit sections and each +.bit section is e4panded to B.bit. The e4pansion permutation is
based on the pre.determined rule.
17
2$itener or adding "ey:
After the e4pansion permutations, ,&- uses 0O* operation on the e4panded right
section and round key.
-.:o4es"
18
,&- uses 1. -.:o4es, each %ith B.bit input and +.bit output. &ach -.bo4 consist of +.
ro%s and B.columns. -ubstitution of each bo4 based on pre.defined rule.
The combination of bit and B of the inputs are defines one of the four ro%s and the
combination of bit #, ), +, @ defines one of the B columns in the -.:o4.
Straig$t ,er*&tation#:
It accepts )#.bit input and creates )#.bit output. The input and output relationships are
based on predetermined rule.
Ci'$er and Rever#e Ci'$er:
>sing mi4er and s%apper, %e can create cipher and reverse cipher. Cipher is used in the
encryption site and reverse cipher is used in the decryption site. Our aim is to design cipher and
reverse cipher as similar.
19
20
DES Analy#i#:
In the analysis of ,&-, some test has been done to measure the strength of ,&- and the
properties in the block cipher and the design criteria of ,&-.
,ro'ertie# of DES:
There are t%o properties in ,&-,
. Avalanche effect
#. Completeness effect.
Avalan!$e effe!t:
A small change in the plain te4t creates significant change in the cipher te4t. Aor
e4ample, G change in the plain te4t creates [email protected] change in cipher te4t.
Co*'letene## effe!t:
It means that each bit in the cipher te4t needs to depend on the many bits in the plain te4t.
De#ign !riteria:
To design an ,&- algorithm, the four parameters are to be considered,
. -.:o4es ,esign
#. '.:o4es ,esign
). (umber of *ound
(<i'le DES:
To improve the security of ,&-, the researchers design a ne% cipher,
. A&-,
#. !ultiple ,&-.
In multiple ,&-, it does not re$uire an investment in ne% soft%are and hard%are.
21
Do&ble DES:
In this approach, %e use t%o ,&- ciphers for encryption and t%o ,&- reverse ciphers for
decryption. &ach ,&- use different keys. The total key length @B. The double ,&- is easily
attacked by kno%n plain te4t attack.
Assume that the )
rd
person encrypt kno%n plain te4t ' usins all possible values of key ? and
record all values obtained for !. the )
rd
person decrypt the cipher te4t, C using all possible
values of key ?# and record all values obtained for !. and )
rd
person compares the t%o tables by
! values. If the value of ! is same in both tables, they can easily identify ? and ?#.
22
Tri'le DES:
To improve the security of ,&-, triple ,&- %as proposed. Three stages of ,&- is used
for encryption and decryption. There are t%o versions of triple ,&-,
. Triple ,&- %ith # keys
#. Triple ,&- %ith ) keys.
Tri'le DES /it$ 3 "ey#:
3ere, only # keys ? and ?#.
st
and )
rd
stage use? and #
nd
use ?#. To make triple ,&-
compatible %ith single ,&-, the middle stage uses decryption in the encryption site and
encryption in the decryption site.
Tri'le DES /it$ 4 "ey#:
23
Se!&rity of DES:
There are three interesting attacks to test the security of ,&-.
24
AD%ANCED ENCRY,TION STANDARD:
It is published by (I-T in ,ecember #22. A&- is a symmetric block cipher that is
indented to replace ,&-.
De#ign !riteria:
The design criteria defined by (I-T for selecting A&- is fall into three areas,
. -ecurity < #1.bit key 8resistance to attacks9
#. Cost < efficiency, storage 83ard%are and soft%are9
). Implementation < Ale4ibility and -implisity.
Ro&nd#:
A&- is a non.fiestal cipher that encrypts and decrypts a data block of #1.bits. It has 2,
#, + rounds. The key size %hich can be #1, D# or #@B bits depends on the number of rounds.
25
Data &nit#:
A&- uses five units of measurement to refer the data,
. :it
#. :yte
). Word
+. :lock
@. -tate
0lo!":
A block in A&- is a group of #1 bits, a block can be represented as a ro% matri4 of B
bytes.
State:
A&- uses several rounds, is made of several stages. ,ata block is transferred from one
state to another.
At the beginning and end of the cipher, A&- uses the term data block. :efore and after
each stage, the data block is referred to as a state.
26
Str&!t&re of ea!$ ro&nd:
&ach round, e4cept the last uses for transformation that are invertible. The last round has
only three transformations. &ach transformation takes a state and creates another state to be used
for the ne4t round.
(ote"
. One Add round key is applied before the first round.
#. The third transformation is missing in the last round.
At the decryption, the inverse transforms are used,
Inverse -ub byte, Inverse -hift ro%s, Inverse !i4 columns, Add *ound key.
27
S&b#tit&tion:
Airst, the substitution is done in each byte. -econd, only one table is used for
transformation of each byte, %hich means that, if t%o bytes are same, the transformation is also
same.
Third, the transformation is defined by either a table lookup process or mathematical
calculation. The sub byte transformation is done based on sub byte transformation table.
28
,er*&tation#:
Another transformation in a round is shifting, shifting transformation in A&- is done at
byte level.
S$ift ro/#:
The number shifts depends on the ro% number of the state matri4.
29
(i+ing:
The mi4ing transformation changes the contents of each byte by taking four bytes at a
time and combining them to recreate four ne% bytes.
&ach ne% byte is different 8even if all the four bytes are same9 the combination process
first multiplies each byte %ith a different constant and then mi4ing them. The mi4ing can be
provided by matri4 multiplication.
ey Adding:
The important transformation is including cipher key. All the previous transformations
use kno%n algorithms, they are invertible.
If the cipher key is not added to the stack at each round, it is very easy for the adversary
to find the plainte4t. The cipher key is the only secret bet%een Alice and :ob. A&- uses a
process called key e4pansion that creates (rH round keys from the cipher key. &ach round key
is #1.bits long/ it is treated as four )#.bit %ords. Aor adding keys to the state, each %ord is
considered as a column matri4.
ey E+'an#ion:
To create round key for each round, A&- uses a key e4pansion process. The key
e4pansion routine creates round keys %ord by %ord, %here the %ord is an array of four bytes.
The routine creates +4 8(rH9 %ords that are called W2, W, W# . . . W+ 8(rH9 < . In
the A&- #1 version 82 rounds9, there are ++ %ords.
A&- D# 8#@9 < @# %ords
A&- #@B 8+@9 < B2 %ords.
30
Ci'$er and Rever#e-!i'$er of AES:
Analy#i# of AES:
. -ecurity
#. Implementation
). -implicity and cost 8A&- is simple9.
31
Se!&rity:
. :rute force attack
#. ,ifferential and linear attacks 8applicable for ,&- and not for A&-9
). -tatistical attacks.
• ,&- < @B.bit key < to break ,&-, #
@B
key used.
• A&- < #1.bit key < to break A&-, #
#1
key used.
• A&- is also resistant to statistical analysis
• A&- is more secure than ,&-
• Aor implementing A&-, can be done in hard%are, soft%are and firm%are
555555555
32
UNIT II
,U0LIC EY CRY,TOGRA,)Y
Introd&!tion to integer arit$*eti!:
In integer arithmetic, %e use set and a fe% operations.
Set of integer:
The set of integers denoted by IJ;, contains all integral numbers8%ith no fraction9 from
negative infinity to positive infinity
J=KLL,.#,.,,,#,LLL..M
0inary o'eration#:
In cryptography %e use three binary operations
. Addition, #. -ubtraction, ). !ultiplication
These binary operations take t%o inputs N crates one output.
(OT&" the division does not fit in this category because it produces # output
Integer divi#ion:
In integer arithmetic, if %e divide Ia; by In; %e get I$; and Ir;. The relationships bet%een
the four integers are
A=$nHr
T/o re#tri!tion#:
. Airst %e re$uire that the divisor be a positive integer8nC29
#. -econd, %e re$uire that the remainder be a non.negative integer 8rC=29
Divi#ibility:
If Ia; is not zero and %e let r=2 in the division relation %e get A=$On
33
When %e are not interested in the value of I$;, %e can %rite the above relationship as
IaPn;. if the remainder is not zero, then aHn
Greate#t !o**on divi#or
One integer often needed in cryptography is the greatest common divisor of t%o positive
integers.
T%o Hve integers may have many common divisors but only one greatest common
divisor
E&!lidean algorit$*
Ainding greatest common divisor 85C,9 of t%o positive integers by listing all common
divisors is not practical %hen the t%o integers are large
Aortunately, more than #222 years ago a mathematician named euclid developed an
algorithm that can find the greatest common divisor of t%o positive integers
Aact " gcd8a,29 =a
Aact #" gcd8a,b9=gcd8b,r9 %here Ir; is the remainder of dividing Ia; by Ib;.
The first fact tells us that if the #
nd
integer is I2; then the greatest common divisor is the first one.
34
The #
nd
fact allo%s us to change the value of a,b until Ib; becomes I2;
(od&lar arit$*eti!:
In modular arithmetic, %e are interested in only one of the outputs, the remainder Ir; %e
don;t care about the $uotient I$;
This implies that %e can change the above relation into a binary operation %ith inputs Ia;
N In; and one output Ir;.
35
(od&lar o'erator:
The above mentioned binary operator is called modulo operator
The modulo operator takes an integer 8a9 from the set 8z9 N positive modulus 8n9. the operator
creates a non.negative residue 8r9.
We can say a *od n6r
Set of re#id&e# 7-n8
The result of modulo operation %ith modulus In; is al%ays an integer bet%een I2; and In.
In other %ords, the result of Ia mod n; is al%ays non.negative integer less than In;. We can say
that the modulo operation creates a set, %hich in modular arithmetic is referred to as the set of
least residues modulo In; or Izn;.
Congr&en!e:
In cryptography, %e often used the concept of congruence instead of e$uality. !apping
from z to zn is not one.to.one. Infinite members of Iz; can map to one member of Izn; 8many to
one9
O'eration# in -n:
The three binary operations that %e discussed for the set Iz; can be defined for the set zn.
The result may need to be mapped to zn using mod operator.
36
E+a*'le: 9
,ro'ertie#:
. 8aHb9mod n=Q8a mod n9 H 8b mod n9Rmod n
#. 8a.b9mod n=Q8a mod n9 .8b mod n9Rmod n
). 8aOb9mod n=Q8a mod n9 1 8b mod n9Rmod n
(atri!e#:
!atri4 is rectangular array of lOm elements
l no of ro%s m no of columns
37
only one ro% ro% matri4 only one column column matri4
,iagonal matri4 all other elements e4cept diagonal elements are zero
Identity matri4 diagonal elements are one, other elements are zero
O'eration : relation:
&$uality" # matri4 are e$ual then aiS=biS
-calar multiplication" matri4 is multiplied %ith the constant
-$uare matri4" ro%s = columns
,eterminant"
Inverse" # types of inverse are there
. !ultiplicative inverse" A.A
.
=I
#. Additive inverse" AHA
.
=2
Re#id&e *atri+: A residue matri4 has a multiplicative inverse if gcdQdet8A9,n9=
Congr&en!e: if t%o matri4 is e$ual then it can be called as congruence,
AT : 8mod n9 if aiS T biS 8mod n9 for all i;s and S;s.
Linear !ongr&en!e:
38
-ingle variable linear e$uation" the general form of e$uation is , a4==b 8mod n9
This kind of e$uation may or may not has solution
If gcd8a,n9=d, if d is divisible by b %e have Id; solution
bPd or dPb has no remainder, Id; solution
if dPb has remainder, no solution
3ence if dPb occurs, follo% these procedures
. reduce the e$uation by dividing both sides of the e$uation Qincluding the modulusR by d
2. multiply both sides of the reduces e$uation by the multiplicative inverse of a to find the
particular solution 4o
). the general solutions are
0=0OH?8nPd9 for ?=2,,#,L..
A#y**etri! "ey !ry'togra'$y:
RSA !ry'to#y#te*:
It uses t%o keys
public key encryption 8lock data9
39
private keydecryption8unlock data9
Introd&!tion:
*-A use t%o e4ponents, Ie; and Id;, %here epublic, dprivate. -uppose pplain te4t,
ccipher te4t,
Alice uses c=p
e
mod n to create cipher te4t
:ob uses p=c
d
mod n to retrieve the plain te4t
&ncryption N decryption use modular e4ponentiation
40
T/o algebrai! #tr&!t&re#:
*-A use # algebraic structures . *ing#. 5roup
En!ry'tion ; De!ry'tion ring:
&ncryption and decryption are done using the commutative ring *=UJn, H, 4C %ith t%o
arithmetic operations" addition and multiplication
In *-A, this ring is public because the modulus In; is public. Anyone can send a message to bob
using this ring to do encryption
ey generation gro&':
*-A uses a multiplicative group 5UJV8n9O,0C for key generation. This group supports
only multiplication and division %hich are needed for generating public and private key.
En!ry'tion: Anyone can send a msg to bob by using bob public key. &ncryption in *-A can be
done using an algorithm %ith polynomial time comple4ity. The size of the plain te4t must be Un.
if the size of plain te4t is larger than n, it should be divided into blocks.
De!ry'tion: It can be done using an algorithm %ith polynomial time comple4ity 8using bob
private key9. -ize of the cipher te4t is Un.
41
Atta!"# on RSA:
-everal attacks have been predicted based on the %eek plain te4t, %eak parameter
selection or inappropriate implementation
OEA,<O'ti*al a#y**etri! en!ry'tion 'adding=:
42
We add some pogus data %ith the short msg in this method. A short message in *-A
makes the cipher te4t vulnerable to short message attacks. It has been sho%n that simply adding
pogus data to the message makes &ve;s Sob harder.
The solution proposed by the *-A group and some vendors is to spply a procedure called OA&'.
En!ry'tion:
. Alice pads the message to make an m.bit msg, %hich %e call m
#. Alice choose a random number r of k bits. (ote that Ir; is used only once and is then
destroyed.
). Alice uses a public one.%ay function, 5 that makes an r.bit integer. This is the mask
+. Alice applies the mask 58r9 to create the first part of the plain te4t
@. Alice creates the second part of the plain te4t as
The function 3 is another public function that takes an m.bit input
and creates an k.bit output
43
This function can be a cryptographic hash function. '# is used to allo% bob to create
the mask after decryption
B. Alice creates and sends C to bob
De!ry'tion:
. :ob creates
#. :ob first recreates the value of Ir; using
). :ob uses to recreate the value of the padded message
+. After removing the padding from m, bob finds the original message.
Elli'ti! !&rve !ry'to#y#te*:
*-A cryptosystem is a asymmetric key cryptosystem, their security comes %ith price and
larger size. &CC provide the same security level %ith smaller key size. -ystem is based on
elliptic curve
&lliptic curve over real nos"
&lliptic curve %hich are not directly related to ellipses, it is a cubic e$uation in t%o
variables that are similar to the e$uations used to calculate the length of a curve in the
circumference of the ellipse.
The general e$uation for an ellipse curve is,
&lliptic curves over real numbers use a special class of elliptic curves of the form
In an non.singular elliptic curve, the e$uation 4
)
Ha4=b=2 has three distinct roots. In a singular
elliptic curve the e$n 4
)
Ha4=b=2 does not have three distinct roots
Abelian gro&':
44
The abelien group is defined by using points on the elliptic curve. 'oint '=84,y9
represents point on the curve if 4 N y are the coordinates of the point on the curve that satisfy
the e$uation of the curve.
The points are represented by # real numbers. To create an abelian group %e need a set and
operation on the set and five properties that are satisfied by the operation.
Set: -et is the point on the curve %here each point is the pair of real numbers
O'eration: The operation is the addition of # points on the curve to get another point on the
curve.
In the first case # points '84,y9 and W84#,y#9 have different 4 and y coordinates. The line
connecting p N W intersect the curve at the point called .*.
* is the reflection of .* %ith respect to 4.a4is. The coordinates are found by using
45
In case 8ii9 the t%o points are overlapped *='H'. in this case the slope of line N the coordinates
of the point * is found by,
In case 8iii9 the t%o points are additive inverses of each other
The line connecting to% points does not intercept the curve at third point defined as additive
identify of group.
,ro'ertie# of o'eration:
. Closure" Adding t%o points and created another point in the curve.
#. Associative"
). Commutative" 'HW=WH'
+. &4istence of identity" '='H2=2H'
@. &4istence of inverse" &ach pt on the curve has an inverse '84,y9 and W84#,y#9 i.e., 'HW=2
Gro&' : 1ield:
Gro&': The group defines set of points on the elliptic curve N the addition operation on the
points.
1ield: The field defines addition, subtraction, multiplication N division using operations on real
numbers that are needed to find the addition of points in the group.
Elli'ti! !&rve# over G17'8:
We have defined an elliptic curve group %ith an addition operation, but the operation on
the coordinates of the points are over the 5A8p9 field %ith 'C).
46
In modular arithmetic, the points on the curve do not make nice graphs, but the concept is the
same.
We can use the same addition operation %ith the calculation done in modulo '. %e call the
resulting elliptic curve &p8a,b9 p.C modulus
a,bco.efficient of the e$uation
Elli'ti! !&rve# over G173
n
8:
Addition N multiplication on the elements are the same as addition N multiplication on
polynomials. To define an elliptic curve over G173
n
8 one needs to change the cubic e$uation.
The common e$uation is
Where b not = 2. (ote that the value of 4,y,a,b are polynomials representing n.bit %ords.
Sy**etri! "ey di#trib&tion:
-ymmetric key cryptography is more efficient than asymmetric key cryptography for
enciphering large messages. It needs a shared secret key bet%een # parties. If Alice needs to
e4change confidential messages %ith I(; people, she need I(; different keys.
If one million people need to communicate %ith each other, each person has almost one million
different keys. In total, almost one trillion keys are needed. This is referred to as (
#
problems,
because the number of re$uired key for I(; entities is (
#
. The number of keys is not the only
problem. The distribution of key is another. -o, %e need the efficient %ay to maintain and
distribute secret keys.
ey-Di#trib&tion !enter: DC
A practical solution id the use of trusted third party 8?,C9. To reduce the number of
keys, each person establishes a shared secret key %ith ?,C. A secret key is established bet%een
47
the ?,C and each member. Alice sends a re$uest to the ?,C stating that she needs a session
secret key bet%een herself and :ob.
The ?,C informs :ob about Alice re$uest. The bob agrees, a session key is created bet%een the
t%o.
1lat *<i'le DC>#:
When the number of people using a ?,C increases, the system becomes unmanageable
and a bottleneck can result. To solve the problem, %e divide the %orld into domains, each
domain can have one or more ?,C.
If alice %ant to send a message to bob %ho belongs to another domain, alice contace her ?,C
%hich inturn contacts the ?,C in bob domain. The t%o ?,C create a secret key bet%een alice
and bob. We call this as flat multiple ?,C.
48
)ierar!$i!al *<i'le DC:
The e4tension of flat multiple ?,C is hierarchical !. ?,C
) types" . Focal
#. (ational
). International ?,C;s
49
Se##ion "ey#:
A ?,C creates a secret key for each member. This secret key can be used only bet%een
the member and the ?,C, not bet%een t%o members. If alice needs to communicate secretly
%ith bob, she needs a secret key bet%een herself N bob. A key create a session key bet%een alice
and bob, using their keys %ith the center. The keys of alice and bob are used to authenticate alice
and bob to the center N to each other before the session key is established.
Si*'le 'roto!ol &#ing DC:
) steps to produce the session key
. Alice sends a plain te4t message to ?,C. The message consist of alice and bob reg.
identity. The message is not encrypted. It is public.
#. ?,C receives the msg and creates a ticket. The ticket is encrypted using bob key ?b.
Ticket consists of alice and bob identity, session key ?A:, ticket and copy of session key
is send to alice. Alice receives msg, decrypt it and e4tract the key.
). Alice sends the ticket to bob. :ob opens the ticket, kno%s that alice need to send a msg to
him using session key ?A:
50
Need$a* S!$roeder 'roto!ol:
It is foundation for many other protocols. It uses multiple challenge responses
interactions bet%een parties. It uses t%o nonce *A,*:
-tep " Alice send a msg to ?,C. The msg consist of alice nonce *A, alice and bob register
identity.
-tep #" ?,C sends an encrypted msg to alice. The msg consists of *A, bob reg. identity, session
key, encrypted ticket for bob. The %hole msg is encrypted %ith alice key.
-tep )" Alice send bob ticket to him.
-tep +/ :ob send his challenge to alice 8*09 encrypted %ith session key.
-tep @" Alice response to bob;s challenge using *:.
51
Ot/ay ree# 'roto!ol:
-tep " alice send a msg to bob that includes common nonce *, alice N bob identity, ticket for
?,C. The ticket for ?,C consist of alice nonce *A, copy of common nonce *, alice N bob reg.
identity.
-tep #" bob creates same type of ticket %ith his o%n nonce *:, both tickets are send to the ?,C.
-tep )" ?,C creates a msg consists of common nonce *, N ticket for alice and bob. This msg is
send to bob. The ticket consist of corresponding nonce *A, *: and session key ?A:.
-tep +" bob send alice ticket to alice
-tep @" Alice send a short msg encrypted %ith alice session key ?A: to sho% that alice has the
secret.
52
erbero#:
Authentication protocol ?,C used in several systems 8including
%indo%s #2229
3ere ) types of servers
. authentication server8A-9
#. Ticket 5ranting server 8T5-9
). *eal server8*-9
A-" &ach user registers %ith the A- and is granted a user identity and a pass%ord.
53
T5-" it issues a ticket for the real server 8bob9. It also provides the session key 8?A:9 bet%een
alice and bob.
*-" it provides services for the user 8Alice9
Xersion @ vs version +"
. 3as longer life time
#. Can accept any symmetric key algorithm
). It uses different protocols for describing data types
+. Tickets can be rene%ed
@. !ore overhead than X+
Sy**etri! "ey agree*ent:
-ecret keys are generated %ithout using ?,C
Alice and bob can create a session key bet%een themselves %ithout using a ?,C
This method of session.key creation is referred to as the symmetric.key agreement
Diffie-)ell*an "ey agreet*ent:
In this t%o parties creates a symmetric key %ithout the need of a ?,C. :efore
establishing a key, th% t%o parties need to choose to% numbers Ip; and Ig;. the first number Ip; is
a large no on the order of )22 decimal digits. The second no Ig; is a generator of order '. in the
group UJpO,0C
-ession key creation procedure"
. alice chooses a large random number I4; such that 2U=4U=p. and calculates *=g
4
mod p
#. bob chooses another large random number Iy; such that 2U=yU=p. and calculates
*#=g
y
mod p
54
). Alice send * to bob. (ote that alice doesn;t send the value of 4, she sends only I*;
+. :ob send *# to alice. (ot sent the value of Iy;
@. Alice calculates ?=8*#9
4
mod '
B. :ob also calculates ?=8*9
y
mod '
(o% bob has calculated ?=8*9
y
mod ' = 8g
4
mod p9
y
mod '=g
4y
mod '
Alice has calculated ?=8*#9
4
mod '= 8g
y
mod p9
4
mod '=g
4y
mod '
:oth have reached the same value %ithout bob kno%ing the value of 4 N %ithout kno%ing the
value of y.
55
Analy#i# of diffie $ell*an:
The secret key bet%een Alice and bob is made of ) parts g, 4, y. the value of g is public.
Therefore everyone kno%s P) of the key. The other # parts are added by Alice and bob.
Alice add 4 as a second part for bob and bob adds y as a second part for alice.
When Alice receives #P) completed key from bob she adds the last part 4 to complete the key.
When bob receives #P) completed key from Alice she add the also part y to complete the key.
Therefore the # keys are same N ?=g
4y
=g
y4
56
-ecurity of ,iffie . 3ellman"
3ere %e have # attacks
. ,iscrete logarithmic attack
#. !an in the middle attack
When alice sends *=g
4
mod p to bob, the intruder comes N find the value of 4.. similarly find
the value of y. by kno%ing this intruder can generate key. To avoid this %e choose the value of '
as high.
!an in middle attack" a person can impersonate N collect the * and *# values from both N
generate separate key for the other thereby collecting both the user;s data.
57
Station to #tation agree*ent:
This method based on ,iffie.3ellman. It uses digital signatures %ith public key certificates to
establish a session key bet%een Alice and bob.
'rocedure"
1. After calculating *, Alice sends it to bob
2. After calculating *#, and the session key bob concatenates alice Id, * N *#. 3e then signs
the result %ith his private key. :ob no% sends *# the signature and his o%n public.key
certificate to Alice.
3. After calculating the session key, if bob signature is verified alice concatenates bob Id, * N
*#. -he then signs the result %ith her o%n private key and sends it to bob.
4. If alice signature is verified, bob keeps the session key.
58
,&bli! "ey di#trib&tion:
The public key distribution centre has the collection of public key N the user can get
from this '?,C. In asymmetric key cryptography, if alice %ant to send msg to bob, she needs to
kno% bob public key %hich is open to the public and available to everyone. In public key
cryptography every one keeps the private key and advertises the public key.
'ublic announcement"
:ob can put his public key in his %ebsite or announce it in a local or national ne%spaper.
When alice need to send a confidential msg to bob she can obtain bob;s public key from his side
or from ne%spaper or even send a msg to bob for getting public key.
This approach is not secured. It is subSect to forgery.
Aor eg" if alice directly re$uests to bob public key, eve can intercept bob response and substitute
her o%n forged public key for bob;s public key.
Trusted centre"
To overcome the dra%back in public announcement %e use trusted centre. It is like a
directory in the telephone system. &ach user can select the private and public key, keeps the
private key and deliver the public key into the directory. The centre re$uire that each user
registered in the centre and prove the identity.
59
Controlled trusted center"
A higher level security can be achieved if there are added controls on the distribution of
the public key. The public key announcement can include a time stamp and it is signed by an
authority to prevent interception and modification of response.
Certification authority"
The previous approach can create a heavy load on the centre of the number of re$uest is
large. The alternative is to create public key certificates. :ob %ants # things.
. he %ant people to kno% his public key.
#. he %ants no one to accept the forged public key as his.
:ob can go to certificate authority i.e., a state organization that binds a public key to an entity
and issues a certificate. The CA has a %ell kno%n public key. It cannot be forged by bob itself.
60
?@ABC:
The use of CA solved the problem of public key fraud but it has created a side effect i.e.,
each certificate may have different format. If alice %ant to use a program to automatically
do%nload different programs may not be able to do%nload the certificate, because each
certificate is in different format. To remove the side effect the IT> designed 0.@2D. it is a %ay to
describe a certificate in a structured %ay. It uses a protocol called A-(. Qabstract synta4
notationR
Xersion number"
This field defines the version number of the certificate. The version no. stated at zero.
The current version is #.
-erial number" A number assigned to each certificate.
-ignature algorithm I," The algorithm used to sign the certificate.
61
Issuer name" the certification authority that issued the certificate.
Xalidity period" it defines the earliest time N the latest time, the certificate is valid.
-ubSect name" it defines the entity to %hich the public key belongs.
-ubSect public key" it defines the o%ners of public key. It is the heart of the certificate.
Issuer uni$ue identifier" It is optional field allo%s t%o issuer to have the same issuer field value.
-ubSect uni$ue identifier" # different subSect to have same subSect field value.
&4tensions" add more private info to the certificate.
-ignature" it is made up of ) section
. it contain all other field in the certificate.
#. it contains digest of the first section encrypted %ith CA
). it contains the algorithm identifier to create second section
Certifi!ate rene/al" &ach certificate has a period of validity. The CA is used ne% certificate
before the old one e4pires. This process is like a rene%al of credit card.
Certifi!ate revo!ation: In some cases the certificate must be revoked before its e4piration
62
T$i# &'date date: When this list is released
Revo"ed !ertifi!ate: This is a repeated list of all une4pired certificates to have been revoked.
&ach list consists of # sections
. >ser certificate serial number
#. *evocation date
Delta revo!ation: To make revocation more efficient, the delta revocation list is introduced. The
delta revocation list is created and posted on the directory if there are any changes after the
update date and ne4t update date.
555555555
63
UNIT-III
AUT)ENTICATION AND )AS) 1UNCTION
(ESSAGE INTEGRITY:
The cryptography system that %e have studied so far provides secrecy or confidentiality
but not integrity. In some situations %e may not need secrecy, but instead %e must have integrity.
Aor e4ample, Alice may %rite a %ill to distribute her estate upon her death. The %ill does not
need to be encrypted. 3o%ever, the integrity of %ill need to be preserved.
Do!&*ent and 1inger'rint:
To preserve the integrity of document is through the use of fingerprint.
!essage and !essage ,igest"
The electronic e$uivalent of document is message. The electronic e$uivalent of
fingerprint is message digest. To preserve the integrity f the message, it is passed through an
algorithm called cryptography hash function. This function creates compressed image of the
message.
(e##age and Dige#t:
64
C$e!"ing Integrity:
To check the integrity of the message or document, %e run the hash function again and
compare the ne% message digest %ith previous one. If both are same, then the original message
is not changed.
Cry'togra'$y and )a#$ 1&n!tion Criteria:
. 're.image resistance
#. -econd pre.image resistance
). Collision resistance.
,re-i*age Re#i#tan!e:
65
The hash function must be pre.imaged resistance, the given hash function Ih; and
y=h8m9, so digest must be e4tremely difficult for &ve to find any message m
. i.e., y=h 8m
9.
Se!ond ,re-i*age Re#i#tan!e:
It ensures that, a message cannot easily forged. If the Alice creates a message and ,igest
and send both to :ob, this criteria ensures that &ve cannot easily create another message that
hashes to the e4act same digest.
Colli#ion Re#i#tan!e:
66
The collision resistance encrypt that &ve cannot find t%o messages that hash to same
digest.
RANDO( ORACLE (ODEL:
This model %as introduced in DD) by :ellare N *oga%ay. It is an ideal mathematical model
for hash function, the model behaves as follo%s"
. When ne% message of any length is given, the oracle creates and gives the fi4ed length
digest. i.e., random string of zero;s and ones. The oracle records the message and digests.
#. When a message is given for %hich the digest e4ist the oracle simply gives the digest in
the record.
). The digest for a ne% message need to be chosen independently from all previous digest.
This implies that the oracle cannot use a formula or an algorithm to calculate digest.
(ESSAGE AUT)ENTICATION:
The message digest guarantees the integrity of message 8i.e., message is not changed9.
The digest does not authenticate the sender of the message. When Alice need to send an message
to :ob, :ib needs to kno%, if the message is coming from Alice. To provide message
authentication, Alice need provide a proof.
The digest created by cryptography hash function is normally called modification
detection coed. The code can detect any modification in the message and data origin
authentication is a message authentication code.
(ODI1ICATION DETECTION CODE 7(DC8:
67
Alice can create message digest, !,C and send both to :ob. :ob can create ne% !,C
from the message and compared %ith received !,C. If they are same the message is not
changed.
(ESSAGE AUT)ENTICATION CODE 7(AC8:
To ensure the integrity of message and data origin authentication, %e need to change
!,C to !AC.
The difference bet%een !,C and !AC is shared secret key bet%een Alice and :ob.
Alice uses hash function and key to a insecure channel. :ob separates message from the !AC.
:ob creates ne% !AC from received message, then it compare %ith received !AC. If both are
same, then the message authentic and the content of the message is not changed. In !AC, there
is no need of t%o channels for both message and !AC send to a insecure channel.
Se!&rity of (AC:
-uppose, &ve has intercepted message and digest, ho% can &ve forge the message
%ithout kno%ing the secret keyY There are three possible cases/
. If the size of the key is very small, then the number of possibilities also less. Therefore
they can forged the message by using less possibilities.
#. The size of the key is normally very large, but &ve can use another tool. i.e., 're.Imaged
attack.
). :y using given message, !AC, &ve can manipulate them to come up %ith ne% message
and !AC.
Ne#ted (AC 7N(AC8:
68
To improve the security of !AC, nested !AC %ere designed in %hich hashing id done
in t%o steps.
. The key is added %ith message and it;s hashed to create intermediate digest.
#. The key is added %ith intermediate digest to create a final digest.
)a#$ed (AC 7)(AC8:
The 3!AC is much more comple4 than (ested !AC, only the difference is it uses
padding.
-teps"
. The message is divided into ;(; blocks, each of ;b; bits.
#. The secret key is left padded %ith zeros to create Ib; bit key.
). The result of step.# is 0O*ed %ith constant called input pad 8ipad9 to create Ib; bit block.
+. The resulting block is added %ith I(; message block. Therefore total number of block is
(H.
@. The result of step.+ is hashed to create I(; bit digest %hich is called as intermediate
3!AC.
B. The intermediate I(; bit 3!AC is padded %ith zero;s to create Ib; bit block.
E. -tep # N ) are repeated by a different constant. i.e., output pad 8opad9.
1. The result of step E is attached to step B.
D. The result of step.1 is hashed to create final 3!AC P final digest.
69
C$ild (AC 7C(AC8:
(I-T also defined a standard called data authentication algorithm or C!AC. The
message is divided into ( blocks, each Im; bits long. The size of the C!AC is In; bits. If the last
block is not Im; bits, it is padded %ith a .bit follo%ed by enough 2.bits to make it Im; bits. The
first block of the message is encrypted %ith the symmetric key to create an m.bit block of
encrypted data. The block is 0O*ed %ith the ne4t block and the result is encrypted again to
create a ne% m.bit block. The process continuous until the last block message is encrypted.
The In; leftmost bit from the last block is the C!AC
70
SECURE )AS) ALGORIT)( 7S)A8:
It is published as a federal information processing standard 8AI' 129. It is sometimes
reformed as -ecure 3ash -tandard 8-3-9. The standard %as revised in DD@ under AIp12..
There are four ne% versions of -3A,
. -3A ##+
#. -3A #@B
). -3A )1+
+. -3A @#
71
S)A-A93:
It creates the digest of @# bits from and multiple block messages. &ach block is 2#+ bit
length.
The digest is initialized to a predetermined value of @# bits. The algorithm mi4es this
initial value %ith the first block of the message to create the first intermediate message digests of
@# bits. The digest is then mi4ed %ith second block to create the second intermediate digest.
Ainally, the 8(.9th digest is mi4ed %ith the (th block to create the (th digest. When the last
block is processed, the resulting digest is the message digest for the entire message.
(e##age ,re'aration:
-3A.@# insists that the length of the original message be less than #
#1
bits. This means
that if the length of the message is e$ual to or greater than #
#1
, it %ill not be proceesed by -3A.
@#.
72
Lengt$ 1ield and ,adding:
The length field defines length of the original message before adding length field or
padding. We need to pad original messages to make the length a multiple of 2#+. A length of
padding can be calculated as,
2ord#:
-3A.@# operates on %ords, it is %ords oriented. A %ord is defined as B+ bits. This
means that, after the padding and length field are added to the message, each block of the
message consists of si4teen B+.bit %ords. The message digest also mad eof B+.bit %ords, but the
message digest is only eight %ords and the %ords are named A, :, C, ,, &, A, 5 and 3.
73
2ord E+'an#ion:
:efore processing, each block must be e4panded. A block is made of B %ords. In -3A
processing, %e need 12 %ords, so the B %ord block need to be e4panded to 12 %ords.
Co*'re##ion 1&n!tion:
74
The process of each block of data involves 12 rounds, in each round the content of 1
previous buffers, one %ord from e4panded block and B+.bit constant are mi4ed together to create
a ne% set of eight buffers.
At the beginning of processing, the values of 1.buffers are saved into 1.temporary
variables. At the end of the processing, these values are added to the values created from the
round ED. This last operation is called final adding.
Str&!t&re of Ea!$ Ro&nd:
75
In each round eight ne% values are created based on the previous buffer values. B buffer
values are e4act copies of one of the buffer in the previous round, remaining t%o values A and &
are calculated based on some comple4 functions, such as previous buffer, corresponding %ord
and constant.
Analy#i# of S)A:
-3A.@# e4pected to be resistant for all attacks.
DIGITAL SIGNATURE:
A digital signature or digital signature scheme is a mathematical scheme for
demonstrating the authenticity of a digital message or document. A valid digital signature gives a
recipient reason to believe that the message %as created by a kno%n sender such that they cannot
deny sending it 8authentication and non.repudiation9 and that the message %as not altered in
transit 8integrity9. ,igital signatures are commonly used for soft%are distribution, financial
transactions, and in other cases %here it is important to detect forgery or tampering.
Co*'ari#on:
,ifference bet%een conventional signatures and ,igital signatures.
In!l&#ion:
A conventional signature is included in the document/ it is part of the document. When
%e %rite a check, the signature on the check, it is not a separate document.
When %e sign a document digitally, %e send signature as a separate document. The
senders send the t%o documents, the message and the signature. The recipient receives both
documents and verifies that the signature belongs to the supposed sender.
%erifi!ation (et$od:
Aor a conventional signature, %hen the recipient receives a document, she compares the
signature on the document %ith the signature on file. If they are the same, the document is
authentic.
76
Aor digital signature, the recipient receives the message and signature. A copy of the
signature is not stored any%here. The recipient needs to apply a verification techni$ue to the
combination of the message and the signature to verify the authenticity.
Relation#$i':
Aor conventional signature, there is normally a one2to.many relationship bet%een a
signature and document. A person uses the same signature to sign many documents.
Aor digital signature, there is one.to.one relationship bet%een a signature and a message.
&ach message has it;s o%n signature.
D&'li!ity:
In conventional signature, a copy of the signed document can be distinguished from the
original one on file.
In digital signature, there is no such distinction unless there is a factor of time on the
document.
Digital Signat&re ,ro!e##:
The sender uses a signing algorithm to sign the message. The message and the signature
are sent to the receiver. The receiver receives the message and signature and applies the verifying
algorithm to the combination. If the result is true, the message is accepted, other%ise, it is
reSected.
77
Need for ey#:
In a digital signature, the signer uses her private key, applied to a signing algorithm, to
sign a document. The verifier, on the other hand, uses the public key of the signer, applied to the
verifying algorithm, to verify the document.
We can add the private and public keys to give more complete concept of digital
signature.
Signing t$e Dige#t:
In digital signature system, the messages are normally long, but %e have to use
asymmetric.key schemes. The solution is to sign a digest of the message, %hich much shorter
than the message.
78
Digital Signat&re Servi!e#:
A ,igital -ignature provides message authentication, message integrity, non.repudiation
and confidentiality.
0IO-(ETRICS:
It is the measure of physiological or behavioral of feature that identify the person.
Co*'onent#:
To measure the features of person in capturing devices, processors and storage devices
are used.
Enroll*ent:
:efore using bio.metrics techni$ue, corresponding features of each person should be
available in the data base.
A&t$enti!ation:
It is done by verification and identification.
• Xerification 8one.to.one match9 < A person feature is matched %ith single record
in the data base.
• Identification code 8one.to.many !atch9 < A person feature is matched %ith all
records in the data base.
Te!$niD&e#:
The techni$ues are divided into t%o broad categories,
. 'hysiological
• Ainger print
• Iris
• *etina
79
• Aace
• Xoice
• 3ands
• ,(A
#. :ehavioral
• -ignature
• ?ey stroke
1inger 'rint:
T%o common methods are used, . !inutiae based, #.image based.
In minutiae based techni$ue, the creates a graph, based on %here the individual ridges
start, stop or branch.
In image based techni$ue, the system creates a image of finger strip and find the
similarities to the image in the data base. It is used for verification and identification.
Iri#:
It measures the pattern %ithin the iris. It is uni$ue for each person. It is very accurate and
stable over a person life. It is used for verification and identification.
Retina:
It e4amines the blood vessels in back of the eye. It is very e4pensive. It is not mostly
used.
1a!e:
It analyze the geometry of the face, based on distance bet%een the facial features. i.e.,
nose, eyes, mouth. -ome technology combines geometric features %ith skin te4ture. Xideo
cameras are used for verification and identification.
)and#:
80
It measures the dimensions of hands, i.e., shape and length of the fingers. It is used for
verification.
%oi!e:
It measures the pitch, tone and cadence in the voice. It is used for verification.
DNA:
It is a chemical found in the nucleus of all cells of human and most other organisms. It is
used throughout the life and even after death. It is used for verification and identification.
Signat&re:
In the past, the signature %here used in banking to verify the identity of check %riter.
-ome e4perts are used for verifying the signature on checks or document by comparing %ith file.
They measure other things, i.e., timing needed to %rite the signature. It is used for verification.
ey Sto"e:
It measures the behavior of the person related to %orking %ith keyboard. It measures,
. ,uration of key depression
#. Time bet%een key strokes
). (umber of errors and fre$uency of errors
+. 'ressure on the key.
A!!&ra!y:
It is measured using t%o parameters,
. Aalse *eSection *ate < it measure the ratio of false reSection to the total number of
attempts in percentage.
#. Aalse Acceptance *ate < it measures the ratio of false acceptance to the total number of
attempts in percentage.
81
UNIT-I%
SECURITY AND ,OLICIES
E-(AIL SECURITY:
-ending e.mail is an one time activity. In e.mail there is no session. i.e., Alice and :ob
cannot create a session. Alice sends a message to :ob, sometime later, :ob reads the message
and may or may not send a reply.
Cry'togra'$y Algorit$*:
If e.mail is a one.time activity, ho% can sender and receiver agree on a cryptographic
algorithm to user for e.mail securityY There are no session and no handshaking to decide the
algorithm for encryption/ decryption and hashing then ho% the receivers can kno% %hich
algorithm the sender has chosen for its purpose.
Sol&tion-9:
One solution is to select one algorithm for each cryptographic operation and force Alice
to use only those algorithms.
Sol&tion-3:
To define the set of algorithms for each operation that the user used in the system. -o,
Alice includes the name of the algorithm %hen she sends the message to :ob.
Cry'togra'$i! Se!ret#:
In e.mail security encryption and decryption is done using symmetric key algorithm but
the symmetric key to decrypt the message is encrypted %ith the public key of the receiver, and is
send %ith the message.
,G, 7,RETTY GOOD ,RI%ACY8:
82
'5' %as invented by 'hil Jimmer !ann to provide e.mail %ith privacy, integrity and
authentication. It can be used to create secure e.mail message or to store a file securely for future
retrieval.
S!enario#:
,lainte+t:
The Alice 8-ender9 composes the message and send it to :ob. The message is stored in
:ob mail message until it is replaced by :ob. 3ere, there is no integrity and confidentiality.
(e##age integrity:
The ne4t improvement is Alice sign the message and Alice creates the digest of the
message and sign it %ith her private key. When :ob receives the message, he verifies the
message using Alice public key.
Co*'re##ion:
83
In this, there is no security benefit, but it reduces the traffic.
Confidentiality /it$ one ti*e #e##ion "ey:
Alice can create a session key, use the session key to encrypt the message and digest, and
send the key itself %ith the message. 3o%ever, to protect the session key, Alice encrypts it %ith
:ob;s public key.
When :ob receives the packet, he first decrypts the key, using his private key to remove
the key. 3e then uses the session key to decrypt the rest of the message. After decompressing the
84
rest of the message, :ob creates a digest of the message and checks to see if it is e$ual to the
digest sent by Alice. If it is, then the message is authentic.
ey Ring#:
In previous cases, Alice needs to send the message only to :ob. If Alice %ant to send a
message to many people, she need a key rings. &ach user need to have a t%o set of rings.
. A ring of private P public keys
#. A ring of public keys of other people.
,G, Certifi!ate#:
3ere, there is no need for certificate authority/ anyone in the ring can sign the
certificate for anyone else in the ring. The issuer of certificate is usually called as
introducer. The entire operation of '5' is based on
. Introducer trust level
85
#. Certificate trust level
). Fegitimacy of public key.
Introd&!er Tr&#t Level:
There are three levels of trust to any user. . (one, #.'artial, ).Aull. The introducer
specifies the trust issued by the introducer for the other people in the ring.
Certifi!ate Tr&#t Level:
When Alice receives the certificate from an introducer, she stored the certificates under
the name of certified entity. -he assigns the level of trust to the certificate. The trust level is
normally same as the introducer trust level.
Legiti*a!y of ,&bli! ey:
The purpose of using introducer and certificate trust level is to determine the legitimacy
of public key. that is Alice needs to kno% ho% legitimate the public keys of :o;s and so on.
?ey *ing Table"
>ser I, < e.mail address of the user
?ey I, < ,efines the public key amongst user public keys
'ublic ?ey < it list the public key belonging to the particular private or public key pair.
&ncrypted 'rivate ?ey < -ho%s the encrypted value of private key in private or public key pair.
86
Time -tamp < It hold the date and time of key pair creation.
'roducer Fist < It defines producer level of trust
Certificate < It hold the certificate or certificate signed by other entries for this entity
Certificate trust < It represent the certificate trust
?ey Fegitimacy < The value is calculated by '5' based on certificate trust value.
,G, ,a!"et#:
A message in '5' consists of one or more packets. '5' has header that applies to every
packet.
87
Tag < The first bit is al%ays one 89, second bit is , if %e are using the latest version, and the
second bit isI2;. If %e are using old version, the remaining B.bit can define up to B+ different
packet types.
Fength < It defines the length of entire packet in bytes.
,a!"et Ty'e#:
• Fiteral data packet
• Compressed data packet
• &ncrypted data packet
• -ignature packet
• -ession.key packet
• 'ublic.key packet
• >ser I, packet.
,G, (e##age#:
88
89
It is the combination of se$uenced packets. &ncrypted messages, -igned and Certificate
!essages is used for transmission.
A''li!ation of ,G,: used in e.mail security.
S;(I(E 7Se!&re ; (<i'&r'o#e Internet (ail E+ten#ion8:
(I(E:
90
In e.mail, %e can send messages only in (XT E.bit A-CII format. It has some
limitations. It cannot be used to send binary files or video or audio data. !I!& is a
supplementary protocol it allo%s non.A-CII data to be sent through e.mail. !I!& defines five
headers that can be added to the original e.mail header section to define the transformation
parameters.
1ive )eader# areE
. !I!& version < .
#. Content type < type P subtype
). Content transform encoding < encoding type
+. Content I, < message I,
@. Content description < te4tual or non.te4tual e4planation.
(I(E ver#ion:
It defines the version of !I!&, the current version is .
91
Content ty'e:
It defines the type of data used in the body of the message. There are seven types of
message.
• Te4t < The original message is in E.bit A-CII format. There are t%o subtypes, i9plain,
ii9 3T!F
• !ultipart < the body contains multiple independent parts. It has four subtypes. i9 mi4ed,
ii9 parallel, iii9 digest, iv9 alternative.
• !essage < the body is itself an entire mail message. Three subtypes are currently used,
i9 *AC1##, ii9 partial, iii9 e4ternal body.
• Image < the original message is a stationary image. There is no animation. The t%o
currently used subtypes are, i9 Z'&5, ii9 5IA 85raphics Interchange Aormat9.
• Xideo < the original message is a time varying image. -ubtype is !'&5.
• Audio < the original message is -ound. -ubtype < :asic, %hich uses 1k3z standard audio
data.
• Application < the original message is a type of data not previously defined
Content tran#fer En!oding:
It defines the method used to encode the messages into 2;s and ;s. there are five types of
encoding methods.
92
Content ID:
It identifies the message in a multiple message environment.
Content De#!ri'tion:
It defines %hether the body is message or audio or video.
S;(I(E:
It adds some ne% content types to include security services in !I!&. The ne%
parameters are 6application P pkcs E.!I!&7. pkcs < public key cryptography specification.
Cry'togra'$y (e##age Synta+:
It defines, ho% security services can be added to the !I!& content types.
Signed Data Content Ty'e:
It is used to provide integrity for the message.
93
'rocess,
. Aor each signer the messages digest is created from the content using hash algorithm,
chosen by the signer.
#. The digest is signed %ith private key of the signer.
). The content, signature value, certificate and algorithms are collected to create signed data
content type.
Envelo'ed data !ontent ty'e:
It is used to provide privacy for the message.
94
'rocess,
. 8'seudorandom9 session key is created for the symmetric key algorithms to be used.
#. Aor each recipient, the copy of session key is encrypted %ith public key of each recipient.
). The content encrypted using different algorithms and created session key.
+. The encrypted content session key algorithm certificates are encoded using *adi4.B+.
Dige#t data !ontent ty'e:
It is used to provide integrity for the message.
'rocess,
. The digest is calculated from the content
#. The digest, algorithm and content are added together to form a digest data content type.
En!ry'ted data !ontent ty'e:
95
It is used to create encrypted version of any content type. It is look like a envelope data
content type.
A&t$enti!ated data !ontent ty'e:
It is used to provide authentication for message.
'rocess,
. >sing pseudorandom generator !AC key is created for each recipient.
#. !AC key is encrypted %ith public key of recipient.
). !AC is created for the content.
96
+. The content, !AC, algorithms and other information;s are collected to form a
authenticated data.
A''li!ation of S;(I(E:
It is used to provide security for the commercial e.mail.
SSL ARC)ITECTURE:
There are t%o main protocols are used for providing security at the transport layer.
. --F < secure socket layer protocol
#. TF- < transport layer security protocol.
• --F is designed to provide security and compression services to data generated from the
application layer.
• --F receive data from application layer. The received data is compressed 8optional9,
signed and encrypted.
• The data is then passed to a reliable transport later protocol such as TC'.
Servi!e# of SSL:
97
There are five services in --F
. Aragmentation < it divides the data into blocks of #
+
bytes or less.
#. Compression < each block of data is compressed using one of the lossless
compression methods, based on server < client mechanism.
). !essage integrity < --F uses keyed hash functions to create !AC.
+. Confidentiality < the original data and !AC are encrypted using symmetric key
cryptography.
@. Araming < A header added to encrypted payload. The payload is then passed to a
transport layer protocol.
ey E+!$ange Algorit$*#:
To e4change an authenticated and confidential message the client and server need B
cryptographic secrets. To create this secrets one pre.master secret must be established bet%een
t%o parties. --F defines B key e4change algorithms to establish the pre.master secret.
. (ull < there is no key e4change in this method, no pre.master is established.
98
#. *-A < pre.master secret is a +1.byte random number created by client, it is encrypted
%ith server public key and send to the server. The server need to send encryption and
decryption certificate.
). Anonymous ,iffie.3ellman < the pre.master secret is established using ,iffie.3ellman
protocol. That is half of the key is sent %ith plain te4t and the remaining half key is
kno%n by the receiver and it is added to create the key. !ost disadvantage is man in the
middle attack.
+. &phemeral ,iffie.3ellman < to avoid man in the middle attack. The &phemeral ,iffie.
3ellman is used, each party send the key signed by its private key. *eceiving party need
to verify the signature using public key of the sender.
@. Ai4ed ,iffie.3ellman < Another method to avoid man in the middle attack is fi4ed ,iffie.
3ellman. All entities in a group can prepare fi4ed parameters Ig; and Ip;. each entity can
create a fi4ed half key Ig
4
;.
B. Aortezza < it is a registered trademark of >- national security agency 8(-A9. It is a
family of security protocol developed for the defense department.
En!ry'tion and De!ry'tion Algorit$*#:
It is divided into B groups.
99
)a#$ Algorit$*#:
To provide message integrity, three hash functions are defined,
Co*'re##ion Algorit$*:
Compression is optional in --F. (o specific compression algorithm is defined for --F.
Therefore the default compression method is (>FF.
TRANS,ORT LAYER SECURITY:
The --F and TF- are very similar %ith slight differences. Instead of describing TF-, %e
are going to describe the difference bet%een TF- and --F.
%er#ion:
The current version of --F is ) and current version of TF- is .
Ci'$er #&ite:
The minor difference bet%een --F and TF- is lack of support for the Aortezza. TF- does
not support Aortezza for key e4change.
Generation of Cry'togra'$i! Se!ret#:
The secret creation is more comple4 in TF- %hen compared to --F. TF- defines t%o
functions to create the secrets.
100
. ,ata e4pansion function
#. 'seudo random function.
Data e+'an#ion f&n!tion:
It uses pre.defined 3!AC to e4pand the secrets. The functions are divided into multiple
sections. &ach section creates one hash value. The e4tended secret is the collection of hash
values. &ach section uses t%o 3!AC. i.e., seed and secret. The data e4pansion function is the
chain of many sections. i.e., each section input is depending on the previous section first 3!AC
output.
,#e&do rando* f&n!tion 7,R18:
'*A is the combination of t%o ,&A. this !,@ and -3A.. '*A takes three input secret
label and seed. The label and seed are collected to serve as the seed for both ,&A. the secret is
divided into t%o half;s each half is used as the data secret of each ,&A. The output of ,&A is
0O*ed together to create final e4panded secret.
101
,re-*a#ter Se!ret:
The 're.!aster -ecret in ,F- is e4actly same as in --F.
(a#ter Se!ret:
102
TF- uses the '*A function to create the master secret from the pre.master secret. This is
achieved by using the pre.master secret as the secret, the string Imaster secret; as the label and
concatenation of the client random number and server random number as the seed. (ote that the
label is actually the A-CII code of the string Imaster secret;. In other %ords, the label defines the
output %e %ant to create, the master secret.
ey (aterial:
TF- uses the '*A function to create the key material from the master secret. This time
the secret is the master secret, the label is the string Ikey e4panding;, and the seed is the
concatenation of the server random number and the client random number.
)and#$a"e ,roto!ol:
TF- has made some changes in the handshake protocol. -pecifically the details of the
certificate verify message and finished message have been changed.
Re!ord ,roto!ol:
The only changes in the record protocol are the use of 3!AC for signing the message.
TF- uses !AC for creating 3!AC.
103
I, SECURITY:
I' -ecurity is a collection of protocols designed by I&TA, to provide security for packets
at the net%ork level. The net%ork layer in the internet is referred to as internet protocol or I'
layer.
I' security operates in one of t%o different modes
. Transport mode
#. Tunnel mode.
Tran#'ort (ode:
It does not protect the I' header. It only protect the information coming from the
transport layer.
T&nnel (ode:
I' security protects the entire I' packet. Including I' header, it applies the I' security to
the entire packet and then it adds the ne% I' header.
104
Se!&rity ,roto!ol:
I' security provides t%o protocols,
. Authentication 3eader 'rotocol
#. &ncapsulating security payload protocol.
A&t$enti!ation )eader ,roto!ol:
105
It is designed to authenticate the sender and to ensure the integrity of the payload carried
in the I' packet. This protocol uses hash function and symmetric key to create a digest. The
digest is inserted in the authentication header. The authentication header is placed in the
appropriate location based on the mode 8transport or tunnel9.
• (e4t 3eader < the 1.bit field defines the type of payload carried by the I' packets.
• 'ayload length < it does not define the length of the payload. It changes the length of the
authentication header in +.byte multiple4er.
• -ecurity parameter inde4 < the )#.bit field plays a role of virtual circuit identifier.
• Authentication data < the result of applying hash function to the entire I' packet is called
authentication data.
En!a'#&lation Se!&rity ,ayload 7ES,8:
It provides source authentication, integrity and privacy.
The &-' procedure,
. &-' trailer is added to the payload
#. The payload and trailer are encrypted
106
). &-' header is added
+. &-' header payload, &-' trailer are used to create authentication data.
@. The authentication data are added to the end of the &-' trailer.
B. The I' header is added to the protocol P packet.
Servi!e# 'rovided by I, #e!&rity:
Se!&rity A##o!iation:
It is very important aspect of I' security. I' security re$uires the logical relationship
called security association bet%een the t%o parties.
Idea of Se!&rity A##o!iation 7SA8:
-A is a contract bet%een t%o parties. It create secure channel bet%een them. If Alice
%ants to transfer a data to :ob, they need to create t%o -A;s
. Out.bound -A
#. In.bound -A
&ach of them stores the value of key and name of the encryption and decryption algorithm.
107
SA data ba#e:
The -A is very comple4 %hen Alice %ants to send message to many people and :ob need
to receive message from many people. To reduce the comple4ity the security associations are
collected into a data base, this data base is called -A data base 8-A,9.
SECURITY ,OLICY:
It is one of the important aspect of I' security, it defines type of security applied to the
packets %hen it is to be sent or %hen it has received or arrived.
Se!&rity ,oli!y Data 0a#e:
&ach end system 8host9 that using security protocol need to keep cryptographic security
policy for that in.bound and out.bound -', are created.
-ecurity policy data base consist of source address, destination address, name, protocol,
source port and destination port.
108
O&t-bo&nd S,D:
When packet is to be sent out, the out.bound -', is used.
The input to the out.bound -', is the se4tuple inde4/ the output is one of the three follo%ing
cases.
. ,rop < This means that the packet defined by the inde4 cannot be send. It is dropped.
#. :ypass < this means that there is no policy for the packet %ith policy inde4. The packet is
send by bypassing the security header application.
). Apply < In this case, security header is applied and t%o situation may occur.
• If an out.bound security association is already established, then the packet is
encrypted, authenticated and it is transmitted.
109
• If an out.bound -A is not yet established then internet key e4change protocol used
to establish out.bound -A.
110
In-bo&nd S,D:
When packet arrives the in.bound -', is used.
111
The input to the in.bound -', is the se4tuple inde4/ the output is one of the three
follo%ing cases.
. ,iscard < it means that the packet defined by the policy must be dropped.
#. :ypass < this means that there is no policy for packet %ith policy inde4. The packet is
processed, ignoring the information from A3 and &-' header. The packet is delivered to
the transport layer.
). Apply < in this case, security header must be processed, t%o situation may occur.
• If in.bound -A is already established then the decryption and authentication are
applied. If the packet passes the security criteria then A3 and &-' are discarded
and packet is delivered to the transport layer.
• If security association is not yet established then the packet must be discarded.
112
UNIT-%
SYSTE( LE%EL SECURITY
INTRUDER DETECTION:
Intr&#ion:
One of the t%o most publicized threats to security is the intruder 8the other is viruses9,
generally referred to as a hacker or cracker. There are three classes of intruders"
• (a#D&erader: An individual %ho is not authorized to use the computer and %ho
penetrates a system[s access controls to e4ploit a legitimate user[s account.
• (i#fea#or: A legitimate user %ho accesses data, programs, or resources for %hich such
access is not authorized, or %ho is authorized for such access but misuses his or her
privileges.
• Clande#tine &#er: An individual %ho seizes supervisory control of the system and uses
this control to evade auditing and access controls or to suppress audit collection.
The mas$uerader is likely to be an outsider/ the misfeasor generally is an insider/ and the
clandestine user can be either an outsider or an insider.
Intr&#ion Dete!tion:
Inevitably, the best intrusion prevention system %ill fail. A system[s second line of
defense is intrusion detection, and this has been the focus of much research in recent years. This
interest is motivated by a number of considerations, including the follo%ing"
. If an intrusion is detected $uickly enough, the intruder can be identified and eSected from
the system before any damage is done or any data are compromised. &ven if the detection
is not sufficiently timely to preempt the intruder, the sooner that the intrusion is detected,
the less the amount of damage and the more $uickly that recovery can be achieved.
#. An effective intrusion detection system can serve as a deterrent, so acting to prevent
intrusions.
). Intrusion detection enables the collection of information about intrusion techni$ues that
can be used to strengthen the intrusion prevention facility.
113
Intrusion detection is based on the assumption that the behavior of the intruder differs from
that of a legitimate user in %ays that can be $uantified. Of course, %e cannot e4pect that there
%ill be a crisp, e4act distinction bet%een an attack by an intruder and the normal use of resources
by an authorized user. *ather, %e must e4pect that there %ill be some overlap.
T$ere are t/o ty'e# of a''roa!$e# for intr&#ion dete!tion:
. Stati#ti!al ano*aly dete!tion: Involves the collection of data relating to the behavior of
legitimate users over a period of time. Then statistical tests are applied to observed
behavior to determine %ith a high level of confidence %hether that behavior is not
legitimate user behavior.
• T$re#$old dete!tion: This approach involves defining thresholds, independent of
user, for the fre$uency of occurrence of various events.
• ,rofile ba#ed: A profile of the activity of each user is developed and used to
detect changes in the behavior of individual accounts.
#. R&le-ba#ed dete!tion: Involves an attempt to define a set of rules that can be used to
decide that a given behavior is that of an intruder.
• Anomaly detection" *ules are developed to detect deviation from previous usage
patterns.
• 'enetration identification" An e4pert system approach that searches for suspicious
behavior.
A&dit Re!ord#:
A fundamental tool for intrusion detection is the audit record. -ome record of ongoing
activity by users must be maintained as input to an intrusion detection system. :asically, t%o
plans are used"
9@ Native a&dit re!ord#: Xirtually all multiuser operating systems include accounting
soft%are that collects information on user activity. The advantage of using this
information is that no additional collection soft%are is needed. The disadvantage is that
the native audit records may not contain the needed information or may not contain it in a
convenient form.
3@ Dete!tion-#'e!ifi! a&dit re!ord#: A collection facility can be implemented that
generates audit records containing only that information re$uired by the intrusion
detection system. One advantage of such an approach is that it could be made vendor
114
independent and ported to a variety of systems. The disadvantage is the e4tra overhead
involved in having, in effect, t%o accounting packages running on a machine.
&ach audit record contains the follo%ing B fields"
• S&bFe!t: Initiators of actions. A subSect is typically a terminal user but might also be a
process acting on behalf of users or groups of users. All activity arises through commands
issued by subSects. -ubSects may be grouped into different access classes, and these
classes may overlap.
• A!tion: Operation performed by the subSect on or %ith an obSect/ for e4ample, login,
read, perform IPO, e4ecute.
• ObFe!t: *eceptors of actions. &4amples include files, programs, messages, records,
terminals, printers, and user. or program.created structures. When a subSect is the
recipient of an action, such as electronic mail, then that subSect is considered an obSect.
ObSects may be grouped by type. ObSect granularity may vary by obSect type and by
environment. Aor e4ample, database actions may be audited for the database as a %hole
or at the record level.
• E+!e'tion-Condition: ,enotes %hich, if any, e4ception condition is raised on return.
• Re#o&r!e-U#age: A list of $uantitative elements in %hich each element gives the amount
used of some resource 8e.g., number of lines printed or displayed, number of records read
or %ritten, processor time, IPO units used, session elapsed time9.
• Ti*e-Sta*': >ni$ue time.and.date stamp identifying %hen the action took place.
Di#trib&ted Intr&#ion Dete!tion
>ntil recently, %ork on intrusion detection systems focused on single.system stand.alone
facilities. The typical organization, ho%ever, needs to defend a distributed collection of hosts
supported by a FA( or internet%ork. Although it is possible to mount a defense by using stand.
alone intrusion detection systems on each host, a more effective defense can be achieved by
coordination and cooperation among intrusion detection systems across the net%ork.
There are some follo%ing maSor issues in the design of a distributed intrusion detection
system,
• A distributed intrusion detection system may need to deal %ith different audit record
formats. In a heterogeneous environment, different systems %ill employ different native
115
audit collection systems and, if using intrusion detection, may employ different formats
for security.related audit records.
• One or more nodes in the net%ork %ill serve as collection and analysis points for the data
from the systems on the net%ork. Thus, either ra% audit data or summary data must be
transmitted across the net%ork. Therefore, there is a re$uirement to assure the integrity
and confidentiality of these data. Integrity is re$uired to prevent an intruder from masking
his or her activities by altering the transmitted audit information. Confidentiality is
re$uired because the transmitted audit information could be valuable.
• &ither a centralized or decentralized architecture can be used. With a centralized
architecture, there is a single central point of collection and analysis of all audit data. This
eases the task of correlating incoming reports but creates a potential bottleneck and single
point of failure. With a decentralized architecture, there are more than one analysis
centers, but these must coordinate their activities and e4change information.
,istributed intrusion detection system architecture, %hich consists of three main
components"
. )o#t agent *od&le: An audit collection module operating as a background process on a
monitored system. Its purpose is to collect data on security.related events on the host and
transmit these to the central manager.
#. LAN *onitor agent *od&le: Operates in the same fashion as a host agent module
e4cept that it analyzes FA( traffic and reports the results to the central manager.
). Central *anager *od&le: *eceives reports from FA( monitor and host agents and
processes and correlates these reports to detect intrusion.
116
General A''roa!$ for Di#trib&ted intr&#ion dete!tion:
The agent captures each audit record produced by the native audit collection system. A
filter is applied that retains only those records that are of security interest. These records are then
reformatted into a standardized format referred to as the host audit record 83A*9. (e4t, a
template.driven logic module analyzes the records for suspicious activity. At the lo%est level, the
agent scans for notable events that are of interest independent of any past events. &4amples
include failed file accesses, accessing system files, and changing a file[s access control. At the
ne4t higher level, the agent looks for se$uences of events, such as kno%n attack patterns
8signatures9. Ainally, the agent looks for anomalous behavior of an individual user based on a
historical profile of that user, such as number of programs e4ecuted, number of files accessed,
and the like.
117
When suspicious activity is detected, an alert is sent to the central manager. The central
manager includes an e4pert system that can dra% inferences from received data. The manager
may also $uery individual systems for copies of 3A*s to correlate %ith those from other agents.
The FA( monitor agent also supplies information to the central manager. The FA(
monitor agent audits host.host connections, services used, and volume of traffic. It searches for
significant events, such as sudden changes in net%ork load, the use of security.related services,
and net%ork activities such as rlogin.
)oney'ot#
118
A relatively recent innovation in intrusion detection technology is the honeypot.
3oneypots are decoy systems that are designed to lure a potential attacker a%ay from critical
systems. 3oneypots are designed to
• ,ivert an attacker from accessing critical systems
• Collect information about the attacker[s activity
• &ncourage the attacker to stay on the system long enough for administrators to respond.
These systems are filled %ith fabricated information designed to appear valuable but that a
legitimate user of the system %ouldn[t access. Thus, any access to the honeypot is suspect. The
system is instrumented %ith sensitive monitors and event loggers that detect these accesses and
collect information about the attacker[s activities. :ecause any attack against the honeypot is
made to seem successful, administrators have time to mobilize and log and track the attacker
%ithout ever e4posing productive systems.
Initial efforts involved a single honeypot computer %ith I' addresses designed to attract
hackers. !ore recent research has focused on building entire honeypot net%orks that emulate an
enterprise, possibly %ith actual or simulated traffic and data. Once hackers are %ithin the
net%ork, administrators can observe their behavior in detail and figure out defenses.
Intr&#ion Dete!tion E+!$ange 1or*at:
To facilitate the development of distributed intrusion detection systems that can function
across a %ide range of platforms and environments, standards are needed to support
interoperability. -uch standards are the focus of the I&TA Intrusion ,etection Working 5roup.
The purpose of the %orking group is to define data formats and e4change procedures for sharing
information of interest to intrusion detection and response systems and to management systems
that may need to interact %ith them. The outputs of this %orking group include the follo%ing"
• A re$uirements document, %hich describes the high.level functional re$uirements for
communication bet%een intrusion detection systems and re$uirements for communication
bet%een intrusion detection systems and %ith management systems, including the
rationale for those re$uirements. -cenarios %ill be used to illustrate the re$uirements.
• A common intrusion language specification, %hich describes data formats that satisfy the
re$uirements.
119
• A frame%ork document, %hich identifies e4isting protocols best used for communication
bet%een intrusion detection systems, and describes ho% the devised data formats relate to
them.
,ASS2ORD (ANAGE(ENT:
,a##/ord ,rote!tion:
The front line of defense against intruders is the pass%ord system. Xirtually all multiuser
systems re$uire that a user provide not only a name or identifier 8I,9 but also a pass%ord. The
pass%ord serves to authenticate the I, of the individual logging on to the system. In turn, the I,
provides security in the follo%ing %ays"
• The I, determines %hether the user is authorized to gain access to a system. In some
systems, only those %ho already have an I, filed on the system are allo%ed to gain
access.
• The I, determines the privileges accorded to the user. A fe% users may have supervisory
or \super user\ status that enables them to read files and perform functions that are
especially protected by the operating system. -ome systems have guest or anonymous
accounts, and users of these accounts have more limited privileges than others.
• The I, is used in %hat is referred to as discretionary access control. Aor e4ample, by
listing the I,s of the other users, a user may grant permission to them to read files o%ned
by that user.
T$e #alt #erve# t$ree '&r'o#e#:
• It prevents duplicate pass%ords from being visible in the pass%ord file. &ven if t%o users
choose the same pass%ord, those pass%ords %ill be assigned at different times. 3ence,
the \e4tended\ pass%ords of the t%o users %ill differ.
• It effectively increases the length of the pass%ord %ithout re$uiring the user to remember
t%o additional characters. 3ence, the number of possible pass%ords is increased by a
factor of +2DB, increasing the difficulty of guessing a pass%ord.
• It prevents the use of a hard%are implementation of ,&-, %hich %ould ease the difficulty
of a brute.force guessing attack.
120
,a##/ord Sele!tion Strategie#:
!any users choose a pass%ord that is too short or too easy to guess. At the other e4treme,
if users are assigned pass%ords consisting of eight randomly selected printable characters,
pass%ord cracking is effectively impossible. :ut it %ould be almost as impossible for most users
to remember their pass%ords.
,a##/ord Sele!tion Te!$niD&e#:
• >ser education
121
• Computer.generated pass%ords
• *eactive pass%ord checking
• 'roactive pass%ord checking
• This &#er ed&!ation strategy is unlikely to succeed at most installations, particularly
%here there is a large user population or a lot of turnover. !any users %ill simply ignore
the guidelines. Others may not be good Sudges of %hat is a strong pass%ord. Aor e4ample,
many users 8mistakenly9 believe that reversing a %ord or capitalizing the last letter makes
a pass%ord unguessable.
• Co*'&ter-generated 'a##/ord# also have problems. If the pass%ords are $uite random
in nature, users %ill not be able to remember them. &ven if the pass%ord is
pronounceable, the user may have difficulty remembering it and so be tempted to %rite it
do%n. In general, computer.generated pass%ord schemes have a history of poor
acceptance by users. AI'- '>: 1 defines one of the best.designed automated pass%ord
generators. The standard includes not only a description of the approach but also a
complete listing of the C source code of the algorithm. The algorithm generates %ords by
forming pronounceable syllables and concatenating them to form a %ord. A random
number generator produces a random stream of characters used to construct the syllables
and %ords.
• A rea!tive 'a##/ord !$e!"ing strategy is one in %hich the system periodically runs its
o%n pass%ord cracker to find guessable pass%ords. The system cancels any pass%ords
that are guessed and notifies the user. This tactic has a number of dra%backs. Airst, it is
resource intensive if the Sob is done right. :ecause a determined opponent %ho is able to
steal a pass%ord file can devote full C'> time to the task for hours or even days, an
effective reactive pass%ord checker is at a distinct disadvantage. Aurthermore, any
e4isting pass%ords remain vulnerable until the reactive pass%ord checker finds them.
122
• The most promising approach to improved pass%ord security is a 'roa!tive 'a##/ord
!$e!"er. In this scheme, a user is allo%ed to select his or her o%n pass%ord. 3o%ever, at
the time of selection, the system checks to see if the pass%ord is allo%able and, if not,
reSects it. -uch checkers are based on the philosophy that, %ith sufficient guidance from
the system, users can select memorable pass%ords from a fairly large pass%ord space that
are not likely to be guessed in a dictionary attack.
%IRUSES AND RELATED T)REATS:
'erhaps the most sophisticated types of threats to computer systems are presented by
programs that e4ploit vulnerabilities in computing systems. In this conte4t, %e are concerned
%ith application programs as %ell as utility programs, such as editors and compilers.
We begin this section %ith an overvie% of the spectrum of such soft%are threats. The
remainder of the section is devoted to viruses and %orms.
(ali!io&# Soft/are:
It is soft%are that is intentionally included or inserted in a system for a harmful purpose.
%ir&#:
It is a piece of soft%are that can infect other programs by modifying them. 3ere,
modification includes a copy of virus program %hich can go on to infect other programs.
2or*:
It is a program that can replicate itself and send from computer to computer across
net%ork connection.
Denial of Servi!e 7DOS8:
It prevents the services used by legitimate users.
Di#trib&ted DOS:
It is launched from multiple co.ordinate sources.
(ali!io&# ,rogra*#:
There are four categories of malicious programs.
123
0a!"door
A backdoor, also kno%n as a trapdoor, is a secret entry point into a program that allo%s
someone that is a%are of the backdoor to gain access %ithout going through the usual security
access procedures.
:ackdoors become threats %hen unscrupulous programmers use them to gain
unauthorized access.
Logi! 0o*b
One of the oldest types of program threat, predating viruses and %orms, is the logic
bomb. The logic bomb is code embedded in some legitimate program that is set to \e4plode\
%hen certain conditions are met.
TroFan )or#e#
A TroSan horse is a useful, or apparently useful, program or command procedure
containing hidden code that, %hen invoked, performs some un%anted or harmful function.
Another motivation is data destruction.
Go*bie
A zombie is a program that secretly takes over another Internet.attached computer and
then uses that computer to launch attacks that are difficult to trace to the zombie[s creator.
Jombies are used in denial.of.service attacks, typically against targeted Web sites. The
zombie is planted on hundreds of computers belonging to unsuspecting third parties, and then
used to over%helm the target Web site by launching an over%helming onslaught of Internet
traffic.
T$e Nat&re of %ir&#e# H
A virus can do anything that other programs do. The only difference is that it attaches
itself to another program and e4ecutes secretly %hen the host program is run. Once a virus is
e4ecuting, it can perform any function, such as erasing files and programs.
124
D&ring it# lifeti*eE a ty'i!al vir&# goe# t$ro&g$ t$e follo/ing fo&r '$a#e#:
• Dor*ant '$a#e: The virus is idle. The virus %ill eventually be activated by some event,
such as a date, the presence of another program or file, or the capacity of the disk
e4ceeding some limit. (ot all viruses have this stage.
• ,ro'agation '$a#e: The virus places an identical copy of itself into other programs or
into certain system areas on the disk. &ach infected program %ill no% contain a clone of
the virus, %hich %ill itself enter a propagation phase.
• Triggering '$a#e: The virus is activated to perform the function for %hich it %as
intended. As %ith the dormant phase, the triggering phase can be caused by a variety of
system events, including a count of the number of times that this copy of the virus has
made copies of itself.
• E+e!&tion '$a#e: The function is performed. The function may be harmless, such as a
message on the screen, or damaging, such as the destruction of programs and data files.
%ir&# Str&!t&re:
A virus can be pre.pended or post.pended to an e4ecutable program, or it can be
embedded in some other fashion. The key to its operation is that the infected program, %hen
invoked, %ill first e4ecute the virus code and then e4ecute the original code of the program.
• The first line of code is a Sump to the main virus program.
• The second line is a special marker that is used by the virus to determine %hether or not a
potential victim program has already been infected %ith this virus. When the program is
invoked, control is immediately transferred to the main virus program. The virus program
first seeks out uninfected e4ecutable files and infects them. (e4t, the virus may perform
some action, usually detrimental to the system.
125
Ty'e# of %ir&#e#:
There has been a continuous arms race bet%een virus %riters and %riters of antivirus
soft%are since viruses first appeared. As effective countermeasures have been developed for
e4isting types of viruses, ne% types have been developed.
126
• ,ara#iti! vir&#: The traditional and still most common form of virus. A parasitic virus
attaches itself to e4ecutable files and replicates, %hen the infected program is e4ecuted,
by finding other e4ecutable files to infect.
• (e*ory-re#ident vir&#: Fodges in main memory as part of a resident system program.
Arom that point on, the virus infects every program that e4ecutes.
• 0oot #e!tor vir&#: Infects a master boot record or boot record and spreads %hen a system
is booted from the disk containing the virus.
• Stealt$ vir&#: A form of virus e4plicitly designed to hide itself from detection by
antivirus soft%are.
• ,oly*or'$i! vir&#: A virus that mutates %ith every infection, making detection by the
\signature\ of the virus impossible.
• (eta*or'$i! vir&#: As %ith a polymorphic virus, a metamorphic virus mutates %ith
every infection. The difference is that a metamorphic virus re%rites itself completely at
each iteration, increasing the difficulty of detection. !etamorphic viruses my change
their behavior as %ell as their appearance.
(a!ro %ir&#e#
In the mid.DD2s, macro viruses became by far the most prevalent type of virus. !acro
viruses are particularly threatening for a number of reasons"
. A macro virus is platform independent. Xirtually all of the macro viruses infect !icrosoft
Word documents. Any hard%are platform and operating system that supports Word can
be infected.
#. !acro viruses infect documents, not e4ecutable portions of code. !ost of the information
introduced onto a computer system is in the form of a document rather than a program.
). !acro viruses are easily spread. A very common method is by electronic mail.
E-*ail %ir&#e#
A more recent development in malicious soft%are is the e.mail virus. The first rapidly
spreading e.mail viruses, such as !elissa, made use of a !icrosoft Word macro embedded in an
attachment. If the recipient opens the e.mail attachment, the Word macro is activated. Then
. The e.mail virus sends itself to everyone on the mailing list in the user[s e.mail package.
127
#. The virus does local damage.
At the end of DDD, a more po%erful version of the e.mail virus appeared. This ne%er version
can be activated merely by opening an e.mail that contains the virus rather than opening an
attachment. The virus uses the Xisual :asic scripting language supported by the e.mail package.
%IRUS COUNTER(EASURES:
Antivir&# A''roa!$e#:
The ideal solution to the threat of viruses is prevention" ,o not allo% a virus to get into
the system in the first place. This goal is, in general, impossible to achieve, although prevention
can reduce the number of successful viral attacks. The ne4t best approach is to be able to do the
follo%ing"
• Dete!tion: Once the infection has occurred, determine that it has occurred and locate the
virus.
• Identifi!ation: Once detection has been achieved, identify the specific virus that has
infected a program.
• Re*oval: Once the specific virus has been identified, remove all traces of the virus from
the infected program and restore it to its original state. *emove the virus from all infected
systems so that the disease cannot spread further.
If detection succeeds but either identification or removal is not possible, then the alternative
is to discard the infected program and reload a clean backup version.
1o&r generation# of antivir&# #oft/are:
. Airst generation" simple scanners
#. -econd generation" heuristic scanners
). Third generation" activity traps
+. Aourth generation" full.featured protection.
A fir#t-generation scanner re$uires a virus signature to identify a virus. The virus may
contain \%ildcards\ but has essentially the same structure and bit pattern in all copies. -uch
signature.specific scanners are limited to the detection of kno%n viruses. Another type of first.
generation scanner maintains a record of the length of programs and looks for changes in length.
128
A #e!ond-generation scanner does not rely on a specific signature. *ather, the scanner uses
heuristic rules to search for probable virus infection. One class of such scanners looks for
fragments of code that are often associated %ith viruses. Aor e4ample, a scanner may look for the
beginning of an encryption loop used in a polymorphic virus and discover the encryption key.
Once the key is discovered, the scanner can decrypt the virus to identify it, then remove the
infection and return the program to service.
T$ird-generation programs are memory.resident programs that identify a virus by its
actions rather than its structure in an infected program. -uch programs have the advantage that it
is not necessary to develop signatures and heuristics for a %ide array of viruses. *ather, it is
necessary only to identify the small set of actions that indicate an infection is being attempted
and then to intervene.
1o&rt$-generation products are packages consisting of a variety of antivirus techni$ues
used in conSunction. These include scanning and activity trap components. In addition, such a
package includes access control capability, %hich limits the ability of viruses to penetrate a
system and then limits the ability of a virus to update files in order to pass on the infection.
Advan!ed Antivir&# Te!$niD&e#:
Generi! De!ry'tion:
5eneric decryption 85,9 technology enables the antivirus program to easily detect even
the most comple4 polymorphic viruses, %hile maintaining fast scanning speeds. *ecall that %hen
a file containing a polymorphic virus is e4ecuted, the virus must decrypt itself to activate. In
order to detect such a structure, e4ecutable files are run through a 5, scanner, %hich contains
the follo%ing elements"
• C,U e*&lator: A soft%are.based virtual computer. Instructions in an e4ecutable file are
interpreted by the emulator rather than e4ecuted on the underlying processor. The
emulator includes soft%are versions of all registers and other processor hard%are, so that
the underlying processor is unaffected by programs interpreted on the emulator.
• %ir&# #ignat&re #!anner: A module that scans the target code looking for kno%n virus
signatures.
• E*&lation !ontrol *od&le: Controls the e4ecution of the target code.
129
At the start of each simulation, the emulator begins interpreting instructions in the target
code, one at a time. Thus, if the code includes a decryption routine that decrypts and hence
e4poses the virus, that code is interpreted. In effect, the virus does the %ork for the antivirus
program by e4posing the virus. 'eriodically, the control module interrupts interpretation to scan
the target code for virus signatures.
,uring interpretation, the target code can cause no damage to the actual personal computer
environment, because it is being interpreted in a completely controlled environment. The most
difficult design issue %ith a 5, scanner is to determine ho% long to run each interpretation.
Typically, virus elements are activated soon after a program begins e4ecuting, but this need not
be the case. The longer the scanner emulates a particular program, the more likely it is to catch
any hidden viruses. 3o%ever, the antivirus program can take up only a limited amount of time
and resources before users complain.
Digital I**&ne Sy#te*:
The digital immune system is a comprehensive approach to virus protection developed by
I:! . The motivation for this development has been the rising threat of Internet.based virus
propagation. We first say a fe% %ords about this threat and then summarize I:![s approach.
Traditionally, the virus threat %as characterized by the relatively slo% spread of ne%
viruses and ne% mutations. Antivirus soft%are %as typically updated on a monthly basis, and this
has been sufficient to control the problem. Also traditionally, the Internet played a comparatively
small role in the spread of viruses. :ut as QC3&-DER points out, t%o maSor trends in Internet
technology have had an increasing impact on the rate of virus propagation in recent years"
• Integrated *ail #y#te*#: -ystems such as Fotus (otes and !icrosoft Outlook make it
very simple to send anything to anyone and to %ork %ith obSects that are received.
• (obile-'rogra* #y#te*#: Capabilities such as Zava and Active0 allo% programs to
move on their o%n from one system to another.
Ste'# in digital i**&ne #y#te* o'eration:
. A monitoring program on each 'C uses a variety of heuristics based on system behavior,
suspicious changes to programs, or family signature to infer that a virus may be present.
130
The monitoring program for%ards a copy of any program thought to be infected to an
administrative machine %ithin the organization.
#. The administrative machine encrypts the sample and sends it to a central virus analysis
machine.
). This machine creates an environment in %hich the infected program can be safely run for
analysis. Techni$ues used for this purpose include emulation, or the creation of a
protected environment %ithin %hich the suspect program can be e4ecuted and monitored.
The virus analysis machine then produces a prescription for identifying and removing the
virus.
+. The resulting prescription is sent back to the administrative machine.
@. The administrative machine for%ards the prescription to the infected client.
B. The prescription is also for%arded to other clients in the organization.
E. -ubscribers around the %orld receive regular antivirus updates that protect them from the
ne% virus.
131
0e$avior-0lo!"ing Soft/are:
>nlike heuristics or fingerprint.based scanners, behavior.blocking soft%are integrates
%ith the operating system of a host computer and monitors program behavior in real.time for
malicious actions. The behavior blocking soft%are then blocks potentially malicious actions
before they have a chance to affect the system. !onitored behaviors can include the follo%ing"
• Attempts to open, vie%, delete, andPor modify files/
• Attempts to format disk drives and other unrecoverable disk operations/
• !odifications to the logic of e4ecutable files or macros/
• !odification of critical system settings, such as start.up settings/
• -cripting of e.mail and instant messaging clients to send e4ecutable content/ and
• Initiation of net%ork communications.
If the behavior blocker detects that a program is initiating %ould.be malicious behaviors as it
runs, it can block these behaviors in real.time andPor terminate the offending soft%are. This gives
it a fundamental advantage over such established antivirus detection techni$ues as fingerprinting
or heuristics.
1IRE2ALL DESIGN ,RINCI,LES:
Information systems in corporations, government agencies, and other organizations have
undergone a steady evolution"
• Centralized data processing system, %ith a central mainframe supporting a number of
directly connected terminals
• Focal area net%orks 8FA(s9 interconnecting 'Cs and terminals to each other and the
mainframe
• 'remises net%ork, consisting of a number of FA(s, interconnecting 'Cs, servers, and
perhaps a mainframe or t%o
• &nterprise.%ide net%ork, consisting of multiple, geographically distributed premises
net%orks interconnected by a private %ide area net%ork 8WA(9
• Internet connectivity, in %hich the various premises net%orks all hook into the Internet
and may or may not also be connected by a private WA(.
132
1ire/all C$ara!teri#ti!#:
De#ign goal# for a fire/all:
• All traffic from inside to outside, and vice versa, must pass through the fire%all. This is
achieved by physically blocking all access to the local net%ork e4cept via the fire%all.
Xarious configurations are possible, as e4plained later in this section.
• Only authorized traffic, as defined by the local security policy, %ill be allo%ed to pass.
Xarious types of fire%alls are used, %hich implement various types of security policies,
as e4plained later in this section.
• The fire%all itself is immune to penetration. This implies that use of a trusted system %ith
a secure operating system.
1ire/all# fo!&#ed 'ri*arily on #ervi!e !ontrolE b&t t$ey $ave #in!e evolved to 'rovide all
fo&r:
• Servi!e !ontrol: ,etermines the types of Internet services that can be accessed, inbound
or outbound. The fire%all may filter traffic on the basis of I' address and TC' port
number/ may provide pro4y soft%are that receives and interprets each service re$uest
before passing it on/ or may host the server soft%are itself, such as a Web or mail service.
• Dire!tion !ontrol: ,etermines the direction in %hich particular service re$uests may be
initiated and allo%ed to flo% through the fire%all.
• U#er !ontrol: Controls access to a service according to %hich user is attempting to
access it. This feature is typically applied to users inside the fire%all perimeter 8local
users9. It may also be applied to incoming traffic from e4ternal users/ the latter re$uires
some form of secure authentication technology, such as is provided in I'-ec
• 0e$avior !ontrol: Controls ho% particular services are used. Aor e4ample, the fire%all
may filter e.mail to eliminate spam, or it may enable e4ternal access to only a portion of
the information on a local Web server.
:efore proceeding to the details of fire%all types and configurations, it is best to summarize
%hat one can e4pect from a fire%all. The follo%ing capabilities are %ithin the scope of a
fire%all"
133
. A fire%all defines a single choke point that keeps unauthorized users out of the protected
net%ork, prohibits potentially vulnerable services from entering or leaving the net%ork,
and provides protection from various kinds of I' spoofing and routing attacks. The use of
a single choke point simplifies security management because security capabilities are
consolidated on a single system or set of systems.
#. A fire%all provides a location for monitoring security.related events. Audits and alarms
can be implemented on the fire%all system.
). A fire%all is a convenient platform for several Internet functions that are not security
related. These include a net%ork address translator, %hich maps local addresses to
Internet addresses, and a net%ork management function that audits or logs Internet usage.
+. A fire%all can serve as the platform for I'-ec. The fire%all can be used to implement
virtual private net%orks.
1ire/all# $ave t$eir li*itation#E in!l&ding t$e follo/ing:
. The fire%all cannot protect against attacks that bypass the fire%all. Internal systems may
have dial.out capability to connect to an I-'. An internal FA( may support a modem
pool that provides dial.in capability for traveling employees and telecommuters.
#. The fire%all does not protect against internal threats, such as a disgruntled employee or
an employee %ho un%ittingly cooperates %ith an e4ternal attacker.
). The fire%all cannot protect against the transfer of virus.infected programs or files.
:ecause of the variety of operating systems and applications supported inside the
perimeter, it %ould be impractical and perhaps impossible for the fire%all to scan all
incoming files, e.mail, and messages for viruses.
1ire/all Config&ration#:
In addition to the use of a simple configuration consisting of a single system, such as a
single packet.filtering router or a single gate%ay more comple4 configurations are possible and
indeed more common. Aollo%ing figure illustrates three common fire%all configurations.
134
In the #!reened $o#t fire/allE #ingle-$o*ed ba#tion configuration, the fire%all consists
of t%o systems" a packet.filtering router and a bastion host. Typically, the router is configured so
that,
. Aor traffic from the Internet, only I' packets destined for the bastion host are allo%ed in.
135
#. Aor traffic from the internal net%ork, only I' packets from the bastion host are allo%ed
out.
The bastion host performs authentication and pro4y functions. This configuration has greater
security than simply a packet.filtering router or an application.level gate%ay alone, for t%o
reasons. Airst, this configuration implements both packet.level and application.level filtering,
allo%ing for considerable fle4ibility in defining security policy. -econd, an intruder must
generally penetrate t%o separate systems before the security of the internal net%ork is
compromised.
In the single.homed configuration Sust described, if the packet.filtering router is completely
compromised, traffic could flo% directly through the router bet%een the Internet and other hosts
on the private net%ork. The #!reened $o#t fire/allE d&al-$o*ed ba#tion configuration
physically prevents such a security breach. The advantages of dual layers of security that %ere
present in the previous configuration are present here as %ell. Again, an information server or
other hosts can be allo%ed direct communication %ith the router if this is in accord %ith the
security policy.
The #!reened #&bnet fire/all configuration of Aigure is the most secure of those %e have
considered. In this configuration, t%o packet.filtering routers are used, one bet%een the bastion
host and the Internet and one bet%een the bastion host and the internal net%ork. This
configuration creates an isolated sub net%ork, %hich may consist of simply the bastion host but
may also include one or more information servers and modems for dial.in capability. Typically,
both the Internet and the internal net%ork have access to hosts on the screened subnet, but traffic
across the screened subnet is blocked.
T$i# !onfig&ration offer# #everal advantage#:
• There are no% three levels of defense to th%art intruders.
• The outside router advertises only the e4istence of the screened subnet to the Internet/
therefore, the internal net%ork is invisible to the Internet.
• -imilarly, the inside router advertises only the e4istence of the screened subnet to the
internal net%ork/ therefore, the systems on the inside net%ork cannot construct direct
routes to the Internet.
136
TRUSTED SYSTE(S:
One %ay to enhance the ability of a system to defend against intruders and malicious
programs is to implement trusted system technology. This section provides a brief overvie% of
this topic. We begin by looking at some basic concepts of data access control.
Data A!!e## Control:
Aollo%ing successful logon, the user has been granted access to one or a set of hosts and
applications. This is generally not sufficient for a system that includes sensitive data in its
database. Through the user access control procedure, a user can be identified to the system.
Associated %ith each user, there can be a profile that specifies permissible operations and file
accesses.
The operating system can then enforce rules based on the user profile. The database
management system, ho%ever, must control access to specific records or even portions of
records. Aor e4ample, it may be permissible for anyone in administration to obtain a list of
company personnel, but only selected individuals may have access to salary information. The
issue is more than Sust one of level of detail.
Whereas the operating system may grant a user permission to access a file or use an
application, follo%ing %hich there are no further security checks, the database management
system must make a decision on each individual access attempt. That decision %ill depend not
only on the user[s identity but also on the specific parts of the data being accessed and even on
the information already divulged to the user.
T$e ba#i! ele*ent# of t$e *odel are a# follo/#:
• S&bFe!t" An entity capable of accessing obSects. 5enerally, the concept of subSect e$uates
%ith that of process. Any user or application actually gains access to an obSect by means
of a process that represents that user or application.
• ObFe!t: Anything to %hich access is controlled. &4amples include files, portions of files,
programs, and segments of memory.
• A!!e## rig$t" The %ay in %hich an obSect is accessed by a subSect. &4amples are read,
%rite, and e4ecute.
137
T$e Con!e't of Tr&#ted Sy#te*#:
!uch of %hat %e have discussed so far has been concerned %ith protecting a given
message or item from passive or active attacks by a given user. A some%hat different but %idely
applicable re$uirement is to protect data or resources on the basis of levels of security. This is
commonly found in the military, %here information is categorized as unclassified 8>9,
confidential 8C9, secret 8-9, top secret 8T-9, or beyond. This concept is e$ually applicable in
other areas, %here information can be organized into gross categories and users can be granted
clearances to access certain categories of data. Aor e4ample, the highest level of security might
be for strategic corporate planning documents and data, accessible by only corporate officers and
their staff/ ne4t might come sensitive financial and personnel data, accessible only by
administration personnel, corporate officers, and so on.
When multiple categories or levels of data are defined, the re$uirement is referred to as
*<ilevel #e!&rity. The general statement of the re$uirement for multilevel security is that a
subSect at a high level may not convey information to a subSect at a lo%er or non.comparable
level unless that flo% accurately reflects the %ill of an authorized user. Aor implementation
purposes, this re$uirement is in t%o parts and is simply stated.
A *<ilevel #e!&re #y#te* *&#t enfor!e t$e follo/ing:
• No read &': A subSect can only read an obSect of less or e$ual security level. This is
referred to in the literature as the Si*'le Se!&rity ,ro'erty.
• No /rite do/n: A subSect can only %rite into an obSect of greater or e$ual security level.
These t%o rules, if properly enforced, provide multilevel security. Aor a data processing
system, the approach that has been taken, and has been the obSect of much research and
development, is based on the reference monitor concept.
The reference monitor is a controlling element in the hard%are and operating system of a
computer that regulates the access of subSects to obSects on the basis of security parameters of the
subSect and obSect. The reference monitor has access to a file, kno%n as the security kernel
database, that lists the access privileges 8security clearance9 of each subSect and the protection
attributes 8classification level9 of each obSect. The reference monitor enforces the security rules
8no read up, no %rite do%n9 and has the follo%ing properties"
138
• Co*'lete *ediation: The security rules are enforced on every access, not Sust, for
e4ample, %hen a file is opened.
• I#olation: The reference monitor and database are protected from unauthorized
modification.
• %erifiability: The reference monitor[s correctness must be provable. That is, it must be
possible to demonstrate mathematically that the reference monitor enforces the security
rules and provides complete mediation and isolation.
Co**on Criteria for Infor*ation Te!$nology Se!&rity Eval&ation:
ReD&ire*ent#:
The CC defines a common set of potential security re$uirements for use in evaluation.
The term target of eval&ation 8TO&9 refers to that part of the product or system that is subSect to
evaluation. The re$uirements fall in t%o categories"
139
• 1&n!tional reD&ire*ent#: ,efine desired security behavior. CC documents establish a
set of security functional components that provide a standard %ay of e4pressing the
security functional re$uirements for a TO&.
• A##&ran!e reD&ire*ent#: The basis for gaining confidence that the claimed security
measures are effective and implemented correctly. CC documents establish a set of
assurance components that provide a standard %ay of e4pressing the assurance
re$uirements for a TO&.
,rofile# and Target#:
The CC also defines t%o kinds of documents that can be generated using the CC.defined
re$uirements.
140
• ,rote!tion 'rofile# 7,,#8: ,efine an implementation.independent set of security
re$uirements and obSectives for a category of products or systems that meet similar
consumer needs for IT security. A '' is intended to be reusable and to define
re$uirements that are kno%n to be useful and effective in meeting the identified
obSectives. The '' concept has been developed to support the definition of functional
standards, and as an aid to formulating procurement specifications. The '' reflects user
security re$uirements
• Se!&rity target# 7ST#8: Contain the IT security obSectives and re$uirements of a specific
identified TO& and defines the functional and assurance measures offered by that TO& to
meet stated re$uirements. The -T may claim conformance to one or more ''s, and forms
the basis for an evaluation. The -T is supplied by a vendor or developer.
555555555
141
NET2OR SECURITY
T2O (AR .UESTIONS 2IT) ANS2ERS
Unit I
9@ S'e!ify t$e fo&r !ategorie# of #e!&rity t$read#I
• Interruption
• Interception
• !odification
• Aabrication
3@ E+'lain a!tive and 'a##ive atta!" /it$ e+a*'leI
,a##ive atta!": !onitoring the message during transmission. &g" Interception
A!tive atta!": It involves the modification of data stream or creation of false data
stream. &.g." Aabrication, !odification, and Interruption
4@ Define integrity and nonre'&diationI
Integrity: -ervice that ensures that only authorized person able to modify the message.
Nonre'&diation: This service helps to prove that the person %ho denies the transaction
is true or false.
J@ Differentiate #y**etri! and a#y**etri! en!ry'tionI
• Sy**etri!: It is a form of cryptosystem in %hich encryption and decryption performed
using the same key. &g" ,&-, A&-
• A#y**etri!: It is a form of cryptosystem in %hich encryption and decryption performed
using t%o keys. &g" *-A, &CC
A@ Define !ry'tanaly#i#I
It is a process of attempting to discover the key or plainte4t or both.
K@ Co*'are #trea* !i'$er /it$ blo!" !i'$er /it$ e+a*'le@
• Strea* !i'$er: 'rocesses the input stream continuously and producing one element at a
time. &4ample" caeser cipher.
• 0lo!" !i'$er: 'rocesses the input one block of elements at a time producing an output
block for each input block. &4ample" ,&-.
142
L@ Define #e!&rity *e!$ani#*
It is process that is designed to detect prevent, recover from a security attack. &4ample"
&ncryption algorithm, ,igital signature, Authentication protocols.
M@ Differentiate &n!onditionally #e!&red and !o*'&tationally #e!&red
An &ncryption algorithm is unconditionally secured means, the condition is if the cipher
te4t generated by the encryption scheme doesn;t contain enough information to determine
corresponding plainte4t. &ncryption is computationally secured means,
. The cost of breaking the cipher e4ceeds the value of enough information.
#. Time re$uired to break the cipher e4ceed the useful lifetime of information.
C@ Define #teganogra'$y
3iding the message into some cover media. It conceals the e4istence of a message.
9B@ 2$y net/or" need #e!&rityI
When systems are connected through the net%ork, attacks are possible during
transmission time.
99@ Define En!ry'tion
The process of converting from plainte4t to cipher te4t.
93@ S'e!ify t$e !o*'onent# of en!ry'tion algorit$*@
. 'lainte4t
#. &ncryption algorithm
). -ecret key
+. Cipher te4t
@. ,ecryption algorithm
94@ Define !onfidentiality and a&t$enti!ation
• Confidentiality: It means ho% to maintain the secrecy of message. It ensures that the
information in a computer system and transmitted information are accessible only for
reading by authorized person.
• A&t$enti!ation: It helps to prove that the source entity only has involved the transaction.
9J@ Define !ry'togra'$y@
It is a science of %riting -ecret code using mathematical techni$ues. The many schemes
used for enciphering constitute the area of study kno%n as cryptography.
9A@ Co*'are S&b#tit&tion and Tran#'o#ition te!$niD&e#@
143
9K@ 2$at are t$e de#ign 'ara*eter# of 1ei#tel !i'$er net/or"I
• :lock size
• ?ey size
• (umber of *ounds
• -ub key generation algorithm
• *ound function
• Aast soft%are &ncryptionP,ecryption
• &ase of analysis
9L@ Define ,rod&!t !i'$er@
It means t%o or more basic cipher are combined and it produce the resultant cipher is
called the product cipher.
9M@ E+'lain Avalan!$e effe!t@
A desirable property of any encryption algorithm is that a small change in either the
plainte4t or the key produce a significant change in the cipherte4t. In particular, a change in one
bit of the plainte4t or one bit of the key should produce a change in many bits of the cipherte4t.
If the change is small, this might provider a %ay to reduce the size of the plainte4t or key space
to be searched.
9C@ Give t$e five *ode# of o'eration of 0lo!" !i'$er@
. &lectronic Codebook8&C:9
#. Cipher :lock Chaining8C:C9
). Cipher Aeedback8CA:9
+. Output Aeedback8OA:9 and @. Counter8CT*9
3B@ State advantage# of !o&nter *ode@
• 3ard%are &fficiency
• -oft%are &fficiency
• 'reprocessing
144
• *andom Access
• 'rovable -ecurity
• -implicity.
39@ Define Diff&#ion : !onf&#ion@
• Diff&#ion: It means each plainte4t digits affect the values of many cipherte4t digits %hich
is e$uivalent to each cipherte4t digit is affected by many plainte4t digits. It can be
achieved by performing permutation on the data. It is the relationship bet%een the
plainte4t and cipherte4t.
• Conf&#ion: It can be achieved by substitution algorithm. It is the relationship bet%een
cipherte4t and key.
33@ Define (<i'le En!ry'tion@
It is a techni$ue in %hich the encryption is used multiple times. &g" ,ouble ,&-, Triple
,&-
34@ S'e!ify t$e de#ign !riteria of blo!" !i'$er@
• (umber of rounds
• ,esign of the function A
• ?ey scheduling
3J@ Define Rever#ible *a''ing@
&ach plain te4t is maps %ith the uni$ue cipher te4t. This transformation is called
reversible mapping.
3A@ S'e!ify t$e ba#i! ta#" for defining a #e!&rity #ervi!e@
A service that enhances the security of the data processing systems and the information
transfer of an organization. The services are intended to counter security attack, and they make
use of one or more security mechanism to provide the service.
3K@ 2$at i# Tri'le En!ry'tionI )o/ *any "ey# are &#ed in tri'le en!ry'tionI
Triple &ncryption is a techni$ue in %hich encryption algorithm is performed three times
using three keys.
Unit II
9@ Define t$e *eaning of relatively 'ri*e 7or8 !o-'ri*eI
T%o integer a and b are relatively prime if gcd8a,b9 =
&g" gcd8#2,E9 = gcd8E,#2 mod E9
145
= gcd8E,B9
= gcd8B,E mod B9
= gcd8,B mod 9
= gcd8,29
=
3@ Define E&ler># t$eore*
&uler;s theorem states that for every a and n that are relatively prime"
a]8n9TT mod n
4@ Define E&ler># totient f&n!tion
The &uler;s totient function states that, it should be clear for a prime number p,
] 8p9= p.
J@ Deter*ine ] 73L8 &#ing E&ler># totient f&n!tionI
] 8p e9=p e.p e.
] 8) )9=) ). ) #
=#E.D
=1
] 8#E9=1
A@ Define 1er*at T$eore*I
Aermat Theorem states the follo%ing" If p is prime and a is a positive integer not divisible
by p, then Ap.T mod p
K@ Differentiate '&bli! "ey and !onventional en!ry'tionI
146
L@ 2$at are t$e 'rin!i'le ele*ent# of a '&bli! "ey !ry'to#y#te*I
The principle elements of a cryptosystem are"
. plain te4t
#. &ncryption algorithm
). 'ublic and private key
+. Cipher te4t
@. ,ecryption algorithm
M@2$at are role# of '&bli! and 'rivate "eyI
The t%o keys used for public.key encryption are referred to as the public key and the
private key. Invariably, the private key is kept secret and the public key is kno%n publicly.
>sually the public key is used for encryption purpose and the private key is used in the
decryption side.
C@ S'e!ify t$e a''li!ation# of t$e '&bli! "ey !ry'to#y#te*I
The applications of the public.key cryptosystem can classified as follo%s
. En!ry'tion;De!ry'tion" The sender encrypts a message %ith the recipient;s public key.
#. Digital #ignat&re: The sender 6signs7 a message %ith its private key. -igning is achieved by a
cryptographic algorithm applied to a message or to a small block of data that is a function of the
message.
). ey E+!$ange: T%o sides cooperate to e4change a session key. -everal different approaches
are possible, involving the private key8s9 of one or both parties.
147
9B@ 2$at reD&ire*ent# *&#t a '&bli! "ey !ry'to#y#te* to f&lfill to a #e!&red algorit$*I
The re$uirements of public.key cryptosystem are as follo%s"
. It is computationally easy for a party : to generate a pair8'ublic key ?>b, 'rivate key
?*b9
#. It is computationally easy for a sender A, kno%ing the public key and the message to be
encrypted , !, to generate the corresponding cipherte4t" C=&?>b8!9
). It is computationally easy for the receiver : to decrypt the resulting cipherte4t using the
private key to recover the original message " !=,?*b8C9=,?*bQ&?>b8!9R
+. It is computationally infeasible for an opponent , kno%ing the public key,?>b,to
determine the private key,?*b.
@. It is computationally infeasible for an opponent , kno%ing the public key,?>b, and a
cipherte4t, C, to recover the original message,!.
B. The encryption and decryption functions can be applied in either order"
!=&?>bQ,?*b8!9R=,?>b Q&?*b8!9R
99@ Li#t fo&r general !$ara!teri#ti!# of #!$e*a for t$e di#trib&tion of t$e '&bli! "eyI
The four general characteristics for the distribution of the public key are
. 'ublic announcement
#. 'ublicly available directory
). 'ublic.key authority
+. 'ublic.key certificate
93@ 2$at i# a '&bli! "ey !ertifi!ateI
The public key certificate is that used by participants to e4change keys %ithout
contacting a public key authority, in a %ay that is as reliable as if the keys %ere obtained directly
from the public.key authority. &ach certificate contains a public key and other information, is
created by a certificate authority, and is given to a participant %ith the matching private key.
94@ 2$at are e##ential ingredient of t$e '&bli! "ey dire!toryI
The essential ingredient of the public key are as follo%s"
. The authority maintains a directory %ith a Kname, public keyM entry for each 'articipant
#. &ach participant registers a public key %ith the directory authority. *egistration %ould
have to be in person or by some form of secure authenticated communication.
148
). A participant may replace the e4isting key %ith a ne% one at a time ,either because of the
desire to replace a public key that has already been used for a large amount of data, or
because the corresponding private key has been comprised in some %ay.
+. 'eriodically, the authority publishes the entire directory or updates to the directory. Aor
e4ample, a hard.copy version much like a telephone book could be published, or updates
could be listed in a %idely circulated ne%spaper.
@. 'articipants could also access the directory electronically. Aor this purpose, secure,
authenticated communication from the authority to the participant is mandatory.
9J@ ,erfor* en!ry'tion and de!ry'tion &#ing RSA Alg@ for t$e follo/ing@
,6LH D699H e69LH (6M@
-oln" n = p$, n = EO=EE
^8n9=8p.9 8$.9
=BO2 = B2
e =E
d =#E
C = !e mod n
C = 1E mod EE
= @E
! = Cd mod n
= @E#E mod EE
= 1
9A@ De#!ribe in general ter*# an effi!ient 'ro!ed&re for 'i!"ing a 'ri*e n&*berI
The procedure for picking a prime number is as follo%s"
. 'ick an odd integer n at random 8eg., using a pseudorandom number generator9.
#. 'ick an integer aUn at random.
). 'erform the probabilistic primality test, such as !iller.*abin. If n fails the test, reSect the
value n and go to step .
+. If n has passed a sufficient number of tests, accept n/ other%ise , go to step #.
9K@ 2$at i# t$e 'ri*itive root of a n&*berI
We can define a primitive root of a number p as one %hose po%ers generate all the
integers from to p.. That is p, if a is a primitive root of the prime number p then the numbers.
149
9L@ U#er A and 0 e+!$ange t$e "ey &#ing Diffie-)ell*an algorit$*@ A##&*e N6A D699
?A63 ?064@ 1ind t$e val&e of YAEY0 and "I
-oln"
_A= `0
A mod $
= #@ mod
= )
_: = `0
: mod $
= #@ mod
= +
? = 8 _A9 0
: mod $
= #E mod
= @
? = 8 _:9 0
A mod $
= B mod
= @
(et%ork -ecurity
# mark $uestions %ith ans%ers
Unit III
9@2$at i# a one /ay f&n!tionI
One %ay function is one that map the domain into a range such that every function value
has a uni$ue inverse %ith a condition that the calculation of the function is easy %here as the
calculations of the inverse is infeasible.
3@2$at i# a tra'door one /ay f&n!tionI
150
It is function %hich is easy to calculate in one direction and infeasible to calculate in
other direction in the other direction unless certain additional information is kno%n. With the
additional information the inverse can be calculated in polynomial time. It can be summarized
as" A trapdoor one %ay function is a family of invertible functions fk, such that
_= fk8 09 easy, if k and 0 are kno%n
0=fk
.8_9 easy, if k and y are kno%n
0= fk
.8_9 infeasible, if _ is kno%n but k is not kno%n
4@ 2$at i# *e##age a&t$enti!ationI
It is a procedure that verifies %hether the received message comes from assigned source
has not been altered. It uses message authentication codes, hash algorithms to authenticate the
message.
J@ Define t$e !la##e# of *e##age a&t$enti!ation f&n!tion@
• !essage encryption" The entire cipher te4t %ould be used for authentication.
• !essage Authentication Code" It is a function of message and secret key produce a fi4ed
length value.
• 3ash function" -ome function that map a message of any length to fi4ed length %hich
serves as authentication.
A.2$at are t$e reD&ire*ent# for *e##age a&t$enti!ationI
. ,isclosure"*elease of message contents to any person or process
#. Traffic Analysis" ,iscovery of the pattern of traffic bet%een parties.
). !as$uerade" Insertion of messages into the net%ork from a fraudulent source.
+. Content modification" Changes to the contents of a message.
@. -e$uence modification" Any modification to a se$uence of messages bet%een parties,
including insertion, deletion, and modification.
B. Timing modification" ,elay or replay of messages.
E. -ource repudiation" ,enial of transmission of message by source.
1. ,estination repudiation" ,enial of receipt of message by destination.
K@ 2$at yo& *eant by $a#$ f&n!tionI
3ash function accept a variable size message ! as input and produces a fi4ed size hash
code 38!9 called as message digest as output. It is the variation on the message authentication
code.
151
L@ Differentiate (AC and )a#$ f&n!tionI
(AC: In !essage Authentication Code, the secret key shared by sender and receiver. The !AC
is appended to the message at the source at a time %hich the message is assumed or kno%n to be
correct.
)a#$ 1&n!tion: The hash value is appended to the message at the source at time %hen the
message is assumed or kno%n to be correct. The hash function itself not considered to be secret.
M@ Any t$ree $a#$ algorit$*@
• !,@ 8!essage ,igest version @9 algorithm.
• -3Aa 8-ecure 3ash Algorithm9.
• *I'&!,aB2 algorithm.
C@ 2$at are t$e reD&ire*ent# of t$e $a#$ f&n!tionI
• 3 can be applied to a block of data of any size.
• 3 produces a fi4ed length output.
• 3849 is relatively easy to compute for any given 4, making both hard%are and soft%are
implementations practical.
9B@ 2$at yo& *eant by (ACI
!AC is !essage Authentication Code. It is a function of message and secret key %hich
produce a fi4ed length value called as !AC. !AC = Ck8!9 Where ! = variable length message
? = secret key shared by sender and receiver. C?8!9 = fi4ed length authenticator.
99@ Differentiate internal and e+ternal error !ontrol@
• Internal error !ontrol: In internal error control, an error detecting code also kno%n as
frame check se$uence or checksum.
• E+ternal error !ontrol: In e4ternal error control, error detecting codes are appended
after encryption.
93@2$at i# t$e *eet in t$e *iddle atta!"I
This is the cryptanalytic attack that attempts to find the value in each of the range and
domain of the composition of t%o functions such that the for%ard mapping of one through the
first function is the same as the inverse image of the other through the second function.$uite
literally meeting in the middle of the composed function.
94@2$at i# t$e role of !o*'re##ion f&n!tion in $a#$ f&n!tionI
152
The hash algorithm involves repeated use of a compression function f, that takes t%o
inputs and produce a n.bit output. At the start of hashing the chaining variable has an initial value
that is specified as part of the algorithm. The final value of the chaining variable is the hash value
usually bCn/ hence the term compression.
9J@ 2$at i# t$e differen!e bet/een /ea" and #trong !olli#ion re#i#tan!eI
9A@ Co*'are (DAE S)A9 and RI,E(D-9KB algorit$*@
9K@ Di#ting&i#$ bet/een dire!t and arbitrated digital #ignat&reI
9L@ 2$at are t$e 'ro'ertie# a digital #ignat&re #$o&ld $aveI
153
• It must verify the author and the data and time of signature.
• It must authenticate the contents at the time of signature.
• It must be verifiable by third parties to resolve disputes.
9M@ 2$at reD&ire*ent# #$o&ld a digital #ignat&re #!$e*e #$o&ld #ati#fyI
• The signature must be bit pattern that depends on the message being signed.
• The signature must use some information uni$ue to the sender, to prevent both forgery
and denial.
• It must be relatively easy to produce the digital signature.
• It must be relatively easy to recognize and verify the digital signature.
• It must be computationally infeasible to forge a digital signature, either by constructing a
ne% message for ane4isting digital signature or by constructing a fraudulent digital
signature for a given message.
• It must be practical to retain a copy of the digital signature in storage.
Unit I%
9@ Define erbero#@
?erberos is an authentication service developed as part of proSect Athena at !IT. The
problem that ?erberos address is, assume an open distributed environment in %hich users at
%ork stations %ish to access services on servers distributed throughout the net%ork.
3@ 2$at are t$e &#e# of erbero#I
?erberos is an authentication service developed as a part of proSect Athena at !IT.
?erberos provide a centralized authentication server %hose functions is to authenticate servers.
4@ 2$at J reD&ire*ent# /ere defined by erbero#I
• -ecure
• *eliable
• Transparent
• -calable
J@ In t$e !ontent of erbero#E /$at i# real*I
154
A full service ?erberos environment consisting of a ?erberos server, a no. of clients,
no.of application server re$uires the follo%ing"
• The ?erberos server must have user I, and hashed pass%ord of all participating users in
its database.
• The ?erberos server must share a secret key %ith each server. -uch an environment is
referred to as 6*ealm7.
A@ A##&*e t$e !lient C /ant# to !o**&ni!ate #erver S &#ing erbero# 'ro!ed&re@ )o/ !an
it be a!$ievedI
,ialogue bet%een client IC;, server I-; and authentication server8A-9 are given belo%
a9 C b A-" QI,ccc 'c cc I,sR
b9 A- b C" Ticket
c9 C b -" QI,c cc A,c cc I,sR
Ticket = &?s QI,c ccA,c cc I,sR
Ste' 9" The user logon to %orkstation and re$uest access to the server -. The client module C in
the %orkstation re$uest user pass%ord and sends message to A- that includes user I,8I,c9,
server I,8I,c9 and its pass%ord.
Ste' 3" (o% the A- verify users pass%ord against its pass%ord database, if it is valid. A- sends
the ticket to C that includes user I,8I,c9, server I,8I,s9 and the address of the client
%orkstation 8A,c9 are encrypted %ith key %hich is shared by both A- and server8-9.
Ste' 4" (o% the client use the ticket to server -, to send the message to - %ith I,c to access
service.
K@ 2$at i# t$e '&r'o#e of ?@ABC #tandardI
0.@2D defines frame%ork for authentication services by the 0.@22 directory to its
users.0.@2D defines authentication protocols based on public key certificates.
L@2$at are t$e #ervi!e# 'rovided by ,G, #ervi!e#
• ,igital signature
• !essage encryption
• Compression
• &.mail compatibility
• -egmentation
M@ E+'lain t$e rea#on# for &#ing ,G,I
155
a9 It is available free %orld%ide in versions that run on a variety of platforms, including
,O-P%indo%s, >(I0, !acintosh and many more.
b9 It is based on algorithms that have survived e4tensive public revie% and are considered
e4tremely secure.
&.g.9 *-A, ,-- and ,iffie.3ellman for public key encryption, CA-T.#1, I,&A, ),&- for
conventional encryption, -3A.for hash coding.
c9 It has a %ide range of applicability from corporations that %ish to select and enforce a
standardized scheme for encrypting files and communication.
d9 It %as not developed by nor is it controlled by any governmental or standards
organization.
C@ 2$y E-*ail !o*'atibility f&n!tion in ,G, neededI
&lectronic mail systems only permit the use of blocks consisting of A-CII te4t. To
accommodate this restriction '5' provides the service converting the ro% 1. bit binary stream to
a stream of printable A-CII characters. The scheme used for this purpose is *adi4.B+
conversion.
9B@ Na*e any !ry'togra'$i! "ey# &#ed in ,G,I
@. One.time session conventional keys.
B. 'ublic keys.
E. 'rivate keys.
1. 'ass phrase based conventional keys.
99@ Define "ey IdentifierI
'5' assigns a key I, to each public key that is very high probability uni$ue %ith a user
I,. It is also re$uired for the '5' digital signature. The key I, associated %ith each public key
consists of its least significant B+bits.
93@ Li#t t$e li*itation# of S(T,;R1C M33I
a9 -!T' cannot transmit e4ecutable files or binary obSects.
b9 It cannot transmit te4t data containing national language characters.
c9 -!T' servers may reSect mail message over certain size.
d9 d9 -!T' gate%ays cause problems %hile transmitting A-CII and &:C,IC.
e9 -!T' gate%ays to 0.+22 &.mail net%ork cannot handle non te4tual data included in
0.+22 messages.
94@ Define S;(I(EI
156
-ecureP!ultipurpose Internet !ail &4tension8-P!I!&9 is a security enhancement to the
!I!& Internet &.mail format standard, based on technology from *-A ,ata -ecurity.
9J@ 2$at are t$e ele*ent# of (I(EI
• Aive ne% message header fields are defined %hich may be included in an *AC 1##
header.
• A number of content formats are defined.
• Transfer encodings are defined that enable the conversion of any content format into a
form that is protected from alteration by the mail system.
9A@ 2$at are t$e $eader# field# define in (I(EI
• !I!& version.
• Content type.
• Content transfer encoding.
• Content id.
• Content description.
9K@ 2$at i# (I(E !ontent ty'e and e+'lainI
It is used to declare general type of data. -ubtype define particular format for that type of
the data. It has E content type N @ subtypes. They are,
. Te4t type
d 'lain te4t. &nriched.
#. !ultipart type
• !ultipartPmi4ed.
• !ultipartPparallel.
• !ultipartPalternative.
• !ultipartPdigest.
). !essage type
• !essageP*AC1##.
• !essagePpartial.
• !essagePe4ternal.
+. Image type
• Z'&5.
• CIA.
@. Xideo type.
B. Audio type.
157
E. Application type
d 'ost script.
d Octet stream.
9L@ 2$at are t$e "ey algorit$*# &#ed in S;(I(EI
d ,igital signature standards.
d ,iffi 3ellman.
d *-A algorithm.
9M@ Give t$e #te'# for 're'aring envelo'e data (I(EI
d 5enerate ?s.
d &ncrypt ?s using recipient;s public key.
d *-A algorithm used for encryption.
d 'repare the Irecipient info block;.
d &ncrypt the message using ?s.
9C@ 2$at yo& *ean by %eri#ign !ertifi!ateI
!ostly used issue 0.@2D certificate %ith the product name7 Xerisign digital id7. &ach
digital id contains o%ner;s public key, o%ner;s name and serial number of the digital id.
3B@ 2$at are t$e f&n!tion area# of I, #e!&rityI
d Authentication
d Confidentiality
d ?ey management.
39@ Give t$e a''li!ation of I, #e!&rityI
d 'rovide secure communication across private N public FA(.
d -ecure remote access over the Internet.
d -ecure communication to other organization.
33@ Give t$e benefit# of I, #e!&rityI
d 'rovide security %hen I' security implement in router or fire%all.
d I' security is belo% the transport layer is transparent to the application.
d I' security transparent to end.user.
d I' security can provide security for individual user.
34@ 2$at are t$e 'roto!ol# &#ed to 'rovide I, #e!&rityI
d Authentication header 8A39 protocol.
d &ncapsulating -ecurity 'ayload 8&-'9 protocol.
3J@ S'e!ify t$e I, #e!&rity #ervi!e#I
d Access control.
d Connectionless integrity.
d ,ata origin authentication
158
d *eSection of replayed packet.
d Confidentiality.
d Fimited traffic for Confidentiality.
3A@ 2$at do yo& *ean by Se!&rity A##o!iationI S'e!ify t$e 'ara*eter# t$at identify t$e
Se!&rity A##o!iationI
d An association is a one.%ay relationship bet%een a sender and receiver that affords
security services to the traffic carried on.
d A key concept that appears in both the authentication and confidentiality mechanism for
I' is the security association 8-A9.
A security Association is uni$uely identified by ) parameters"
d -ecurity 'arameter Inde4 8-'I9.
d I' ,estination Address.
d -ecurity 'rotocol Identifier.
3K@ 2$at doe# yo& *ean by Re'ly Atta!"I
d A replay attack is one in %hich an attacker obtains a copy of an authenticated packet and
later transmits it to the intended destination.
d &ach time a packet is send the se$uence number is incremented in the counter by the
sender.
3L@ General for*at of I,#e! ES, 1or*atI
3M@ Differentiate Tran#'ort and T&nnel *ode in I,#e!I
159
3C @ 2$at i# A&t$enti!ation )eaderI Give t$e for*at of t$e I,#e! A&t$enti!ation )eaderI
It provides the authentication of I' 'acket, so authentication is based on the use of !AC.
Aormat of I'sec Authentication 3eader"
4B@ Li#t t$e #te'# involved in SSL re!ord 'roto!olI
. --F record protocol takes application data as input and fragments it.
#. Apply lossless Compression algorithm.
). Compute !AC for compressed data.
+. !AC and compression message is encrypted using conventional alg.
49@ Give SSL re!ord for*atI
43@ 2$at are t$e different bet/een SSL ver#ion 4 and TLSI
SSL TLS
• In --F the minor version is 2 and O In TF-, the maSor version is ) and the
the maSor version is ) minor version is .
• --F use 3!AC alg., e4cept that O TF- makes use of the same alg. the padding bytes
concatenation.
• --F supports # various alert O TF- supports all of the alert codes codes. defined in
--F) %ith the e4ception of
• (o certificate.
44@ 2$at i# *ean by SETI 2$at are t$e feat&re# of SETI
160
-ecure &lectronic Transaction 8-&T9 is an open encryption and security specification
designed to protect credit card transaction on the internet.
Aeatures are" . Confidentiality of information
#. Integrity of data
). Cardholder account authentication
+.!erchant authentication
4J@2$at are t$e #te'# involved in SET Tran#a!tionI
. The customer opens an account
#. The customer receives a certificate
). !erchants have their o%n certificate
+. The customer places an order.
@. The merchant is verified.
B. The order and payment are sent.
E. The merchant re$uests payment authorization.
1. The merchant confirm the order.
D. The merchant provides the goods or services.
2. The merchant re$uests payment.
4A@ 2$at i# d&al #ignat&reI 2$at it i# '&r'o#eI
The purpose of the dual signature is to link t%o messages that intended for t%o different
recipients. To avoid misplacement of orders.
161
Unit %
9@ Li#t t$e 4 !la##e# of intr&derI
Classes of Intruders
9 !as$uerader
#9 !isfeasor
)9 Clandestine user
3@ S&gge#t any fo&r 'a##/ord #ele!tion #trategie# and identify t$eir advantage# and
di#advantage# if any@
• >ser education
• Computed generated pass%ords
• *eactive pass%ord checking
• 'roactive pass%ord checking
4@ 2$at i# t$e ObFe!tive of intr&derI
To gain access to a system
J@ 2$at are t$e #!$e*e# &#ed in ,a##/ord 'rote!tionI
• One %ay encryption
• -tore the encrypted form of pass%ord
• Access control
• Accessible only by the authorized user
A@ 2$at i# t$e '&r'o#e of SaltI
• 'revents duplicate pass%ord
• Increases the length of pass%ord
• 'revents hard%are implementations
K@ 2$at i# Intr&#ion Dete!tionI
,etected based on the behavior
L@ 2$at i# *eant by #tati#ti!al ano*aly dete!tionI
• Collect the authorized user behavior over certain time.
• Threshold detection
• Counting the no of occurrences of a specific event
• 'rofile based anomaly detection
• Aocusing on past behavior
M@ 2$at i# *eant by r&le ba#ed dete!tionI
162
• ,efine the set of rules
• anomaly detection
• rules are developed from previous usage patterns
• penetration identification
• rules are developed by e4perts
C@ 2$at are t$e !o*'onent# of Di#trib&ted Intr&#ion Dete!tionI
• 3ost agent module
• Collect the data on security related events
• 3ost monitor agent module
• Analyses FA( traffic
• Central mgr module
• ,etect the intrusion
9B@ Define 1ire/all@
Aire%all defines a single choke point that keeps unauthorized users out of the protected
net%ork.
99@ Li#t t$e de#ign goal# of fire/all#I
9 All traffic from inside to outside, and vise versa, must pass through the fire%all.
#9 Only authorized traffic, as defined by the local security policy, %ill be allo%ed to pass.
)9 The fire%all itself is immune to penetration.
93@ Give t$e different ty'e# of fire/all#I
d 'ack filtering router
d Application level gate%ay
d Circuit level gate%ay
94@ 2$at i# t$e f&n!tion of ,a!" filtering ro&terI
Aor%ard P discard the packet the packet based on I' address.
9J@ 2$at i# a''li!ation level gate/ayI
An application level gate%ay also called a pro4y server/ act as a relay of application.level
traffic. The user contacts the gate%ay using a TC'PI' application, such as Telnet or AT', and the
gate%ay asks the user for the name of the remote host to be accessed.
9A@ 2$at i# !ir!&it level gate/ayI
d *elays t%o TC' connections
d Imposes security by limiting %hich such connections are allo%ed
d Once created usually relays traffic %ithout e4amining contents
d Typically used %hen trust internal users by allo%ing general Outbound connections
9K@ 2$at are t$e !onfig&ration# of fire/allI
163
d -creened host fire%all single homed bastion
d >se 'A* and bastion host %ith single connection
d -creened host fire%all dual homed bastion
d >se 'A* and bastion host %ith dual connection
d -creened subnet fire%all
d >se t%o 'A* and bastion host
9L@ Define vir&#@
A virus is a program that can infect other program by modifying them the modification
includes a copy of the virus program, %hich can then go on to infect other program.
9M@ S'e!ify t$e ty'e# of vir&#e#I
@. 'arasitic virus
B. !emory.resident virus
E. :oot sector virus
1. -tealth virus
D. 'olymorphic virus
9C@2$at are t$e '$a#e# of vir&#e#I
d dormant < %aiting on trigger event
d propagation < replicating to programsPdisks
d triggering < by event to e4ecute payload
d e4ecution < of payload
3B@ S'e!ify #o*e Antivir&# A''roa!$e#
• 'revention
• ,etection
• Focate the virus
• Identify the virus
• *emove the virus
39@ Li#t t$e Generation of vir&#e#I
• fir#t-generation: scanner uses virus signature to identify virus or change in length of
programs
• #e!ond-generation: uses heuristic rules to spot viral infection or uses program
checksums to spot changes
• t$ird-generation: memory.resident programs identify virus by actions
• fo&rt$-generation: packages %ith a variety of antivirus techni$ues eg scanning N
activity traps, access.controls
33@ S'e!ify t$e Advan!ed antivir&# a''roa!$e#
• generic decryption
• digital immune system 8I:!9
164
• :ehavior blocking soft%are
,OSSI0LE 9K (AR .UESTIONS
UNIT-I
INTRODUCTION
. ,iscuss any four -ubstitution Techni$ue and list their merits and demerits.
#. &4plain in detail Transposition Techni$ueY
). Write short notes on 8i9. -ecurity attacks 8ii9. -ecurity services.
+. Convert 6!&&T !&7 using 3ill cipher %ith the key matri4.
@. Convert the cipher te4t back to plainte4t
B. &4plain in detail the Fegendre and Zacobi symbols.
E. :riefly e4plain the design principles of block cipher.
1. ,iscuss in detail block cipher modes of operation.
D. Write short notes on 8i9 Aermat and &uler;s theorem 8ii9 Chinese *emainder theorem.
165
2. &4plain in detail the conventional and modern cryptographic techni$ues %ith illustrative
e4amples.
. &4plain playfair cipher and vernam cipher %ith e4ample in detail.
#. Compare A&- to ,&-. Aor each of the follo%ing elements of ,&-, indicate the
comparable element in A&- or e4plain %hy it is not needed in A&-.
8i9 0O* of sub key material %ith the input to the function.
8ii9 0O* of the function output %ith the left half of the block.
8iii9 The If; function.
8iv9 'ermutations '.
UNIT-II
,U0LIC EY CRY,TOGRA,)Y
. Identify the possible threats for *-A algorithm and list their counter measures.
#. 'erform decryption and encryption using *-A algorithm %ith p=), $=, e=E and (=@.
). ,ra% the general structure of ,&- and e4plain the encryption decryption process.
+. !ention the strengths and %eakness of ,&- algorithm.
@. &4plain the generation sub key and - :o4 from the given )#.bit key by :lo%fish.
B. In A&-, hoe the encryption key is e4panded to produce keys for the 2 rounds.
E. ,escribe about *C+ algorithm. 819 8ii9 &4plain the !iller.*abin Algorithm .
1. Illustrate *-A crypto system %ith an e4ample.
D. Write notes on ?erberos.
2. &4plain in detail &lliptic Curve Crypto -ystems.
. ,escribe briefly ,iffie.3ellman Algorithm.
#. ,escribe *-A algorithm in detail.
166
). 'erform encryption and decryption using the *-A algorithm for the follo%ing values
p = / $ = ), e = , ! = E.
+. &4plain in detail the geometric description of elliptic curves.
@. &4plain the principles of direct digital signature.
UNIT-III
AUT)ENTICATION AND )AS) 1UNCTION
. Write and e4plain the digital signature algorithm.
#. &4plain in detail 3ash Aunctions.
). Compare the Aeatures of -3A. and !,@ algorithm.
+. ,iscuss about the obSectives of 3!AC and it security features.
@. >sers A and : use the ,iffie 3ellman key e4change techni$ue, a common prime $=
and a primitive root alpha=E.
8i9 If user A has private key 0A=).What is A;s public key _AY
8ii9 If user : has private key 0:=B What is :;s public key _:Y
8iii9 What is the shared secret keyY Also %rite the algorithm.
8iv9 3o% man in middle attack can be performed in ,iffie 3ellman algorithm.
B. &4plain in detail &I5amal 'ublic key cryptosystem.
E. ,iscuss clearly -ecure 3ash Algorithm8-3A9
1. ,escribe the !,@ message digest algorithm %ith necessary block diagrams.
D. &4plain the I' -ec architecture %ith neat sketch.
2. &4plain the *andom Oracle !odel in detail.
167
. &4plain the processing steps of -3A algorithm in detail.
#. &4plain the principles of direct digital signature.
). What are the re$uirements of !ACY
+. What are the techni$ues of biometric authenticationY
UNIT-I%
SECURITY AND ,OLICIES
. 3o% does '5' provide confidentiality and authentication service for e.mail and file
storage applicationsY ,ra% the block diagram and e4plain its components.
#. Write -hort notes on -P!I!&.
). &4plain the architecture of I' -ecurity
+. ,escribe the --F -pecific protocol < 3andshake action in detail.
@. &4plain -ecure &lectronic transaction %ith neat diagram.
B. What is ?erberosY &4plain ho% it provides authenticated service.
E. &4plain the format of the 0.@2D certificate.
1. Write a detailed note on --F architecture and Transport layer -ecurity.
D. &4plain in detail about -ecurity policy.
2. &4plain in detail about the e.mail security.
. &4plain the operation of '5' in detail.
#. &4plain about -P!I!& in detail.
UNIT-%
SYSTE( LE%EL SECURITY
168
. &4plain any t%o approaches for intrusion detection.
#. Identify a fe% malicious programs that need a host program for their e4istence.
). &4plain fire%alls and ho% they prevent intrusions.
+. Fist and :rief, the different generation of antivirus soft%are
@. ,efine intrusion detection and the different types of detection mechanisms, in detail.
B. &4plain the types of 3ost based intrusion detection. Fist any t%o I,- soft%are available.
E. What are the positive and negative effects of fire%allY
1. ,escribe packet filtering router in detail.
D. ,escribe the familiar types of fire%all configurations.
2. ,iscuss briefly security breaches.
. What are Trusted -ystemsY &4plain in detail.
#. &4plain detail about the distributed intrusion detection system.
). 3o% to classify intruders based on AndersonY
+. ,iscuss in detail the techni$ues to protect and learn pass%ords.
@. What is meant by detection < specific audit recordsY 5ive e4ample for good detection <
specific audit record.
B. &4plain the concept of multilevel secure system.
E. What are the types of fire%alls and their design principlesY What are their limitationsY
169
170
