Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
1
UNIT - I
INTRODUCTION
Computer data often travels from one computer to another, leaving the safety of
its protected physical surroundings
...
Cryptography can reformat and transform our data, making it safer on its trip
between computers
...
•
Computer Security - generic name for the collection of tools designed to protect
data and to thwart hackers
•
Network Security - measures to protect data during their transmission
•
Internet Security - measures to protect data during their transmission over a
collection of interconnected networks
THE OSI SECURITY ARCHITECTURE
To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the
approaches to satisfying those requirements
...
However, for our purposes in this chapter, an understanding of the OSI protocol
architecture is not required
...
The OSI security architecture focuses on security attacks,
mechanisms, and services
...
technoscriptz
...
1
...
That is, a threat is
a possible danger that might exploit a vulnerability
...
Security Attacks, Services And Mechanisms
To assess the security needs of an organization effectively, the manager
responsible for security needs some systematic way of defining the requirements for
security and characterization of approaches to satisfy those requirements
...
Security mechanism – A mechanism that is designed to detect, prevent or
recover from a security attack
...
The services are
intended to counter security attacks and they make use of one or more security
mechanisms to provide the service
...
Eg
...
Authentication: Ensures that the origin of a message or electronic document is
correctly identified, with an assurance that the identity is not false
...
technoscriptz
...
Modification includes writing,
changing status, deleting, creating and delaying or replaying of transmitted
messages
...
Access control: Requires that access to information resources may be controlled
by or the target system
...
Table 1
...
Security Services (X
...
Peer Entity Authentication
Used in association with a logical connection to provide confidence in the identity of the
entities connected
...
ACCESS CONTROL
The prevention of unauthorized use of a resource (i
...
, this service controls who can have
access to a resource, under what conditions access can occur, and what those accessing
the resource are allowed to do)
...
Connection Confidentiality
The protection of all user data on a connection
...
technoscriptz
...
2
...
800)
AUTHENTICATION
The confidentiality of selected fields within the user data on a connection or in a single
data block
...
Connection Integrity with Recovery
Provides for the integrity of all user data on a connection and detects any modification,
insertion, deletion, or replay of any data within an entire data sequence, with recovery
attempted
...
Selective-Field Connection Integrity
Provides for the integrity of selected fields within the user data of a data block
transferred over a connection and takes the form of determination of whether the selected
fields have been modified, inserted, deleted, or replayed
...
Additionally, a limited form of replay detection may be
provided
...
NONREPUDIATION
Provides protection against denial by one of the entities involved in a communication of
having participated in all or part of the communication
...
Nonrepudiation, Destination
Powered By www
...
com
5
Table 1
...
Security Services (X
...
SECURITY MECHANISMS
One of the most specific security mechanisms in use is cryptographic techniques
...
Some of the mechanisms are
Encipherment
Digital Signature
Access Control
SECURITY ATTACKS
There are four general categories of attack which are listed below
...
This is
an attack on availability
...
g
...
Sender
Receiver
Interception
Powered By www
...
com
6
An unauthorized party gains access to an asset
...
Unauthorized party could be a person, a program or a
computer
...
g
...
This is
an attack on integrity
...
g
...
Sender
Receiver
Eavesdropper or forger
Fabrication
An unauthorized party inserts counterfeit objects into the system
...
e
...
, insertion of spurious message in a network or addition of records to a file
...
technoscriptz
...
The goal of the opponent is to obtain information that is being transmitted
...
We would like
to prevent the opponent from learning the contents of these transmissions
...
The opponent could determine the
location and identity of communication hosts and could observe the frequency
and length of messages being exchanged
...
Passive attacks are very difficult to detect because they do not involve any alteration
of data
...
Active attacks
Powered By www
...
com
8
These attacks involve some modification of the data stream or the creation of a false
stream
...
Replay – involves passive capture of a data unit and its subsequent transmission
to produce an unauthorized effect
...
Denial of service – Prevents or inhibits the normal use or management of
communication facilities
...
It is quite difficult to prevent active attacks absolutely, because to do so would require
physical protection of all communication facilities and paths at all times
...
Symmetric and public key algorithms
Encryption/Decryption methods fall into two categories
...
The encryption key is shared and the decryption key is easily
calculated from it
...
In public key cryptography, encryption key is made public, but it is
computationally infeasible to find the decryption key without the information known to
the receiver
...
technoscriptz
...
The
two parties, who are the principals in this transaction, must cooperate for the exchange to
take place
...
g
...
using this model requires us to:
–
design a suitable algorithm for the security transformation
–
generate the secret information (keys) used by the algorithm
–
develop methods to distribute and share the secret information
–
specify a protocol enabling the principals to use the transformation and
secret information for a security service
MODEL FOR NETWORK ACCESS SECURITY
Powered By www
...
com
10
•
using this model requires us to:
–
select appropriate gatekeeper functions to identify users
–
implement security controls to ensure only authorised users access
designated information or resources
•
trusted computer systems can be used to implement this model
CONVENTIONAL ENCRYPTION
•
referred conventional / private-key / single-key
•
sender and recipient share a common key
•
all classical encryption algorithms are private-key
•
was only type prior to invention of public-key in 1970‟plaintext - the original
message
Some basic terminologies used :
•
ciphertext - the coded message
•
cipher - algorithm for transforming plaintext to ciphertext
•
key - info used in cipher known only to sender/receiver
•
encipher (encrypt) - converting plaintext to ciphertext
•
decipher (decrypt) - recovering ciphertext from plaintext
•
cryptography - study of encryption principles/methods
Powered By www
...
com
11
•
cryptanalysis (codebreaking) - the study of principles/ methods of deciphering
ciphertext without knowing key
•
cryptology - the field of both cryptography and cryptanalysis
Here the original message, referred to as plaintext, is converted into apparently
random nonsense, referred to as cipher text
...
The key is a value independent of the plaintext
...
Once the cipher text is produced, it may be
transmitted
...
The security depends on several factors
...
Beyond that, the security depends on the secrecy of the key, not the secrecy of the
algorithm
...
technoscriptz
...
A key of the form K = [K1, K2, …, KJ] is
generated
...
With the message X and the encryption key K as input, the encryption algorithm
forms the cipher text Y = [Y1, Y2, …, YN]
...
It is assumed that the opponent knows the encryption and
decryption algorithms
...
Often if the
opponent is interested in being able to read future messages as well, in which case an
attempt is made to recover K by generating an estimate
...
technoscriptz
...
The number of keys used
If the sender and receiver uses same key then it is said to be symmetric key (or)
single key (or) conventional encryption
...
The way in which the plain text is processed
A block cipher processes the input and block of elements at a time, producing
output block for each input block
...
Cryptanalysis
The process of attempting to discover X or K or both is known as cryptanalysis
...
There are various types of cryptanalytic attacks based on the amount of
information known to the cryptanalyst
...
Known plaintext – The cryptanalyst has a copy of the cipher text and the
corresponding plaintext
...
They cannot open it to find the key, however; they can encrypt a large
number of suitably chosen plaintexts and try to use the resulting cipher texts to
deduce the key
...
technoscriptz
...
STEGANOGRAPHY
A plaintext message may be hidden in any one of the two ways
...
A simple form of steganography, but one that is time consuming to construct is
one in which an arrangement of words or letters within an apparently innocuous text
spells out the real message
...
g
...
(ii) Subset of the words of the overall message is used to convey the hidden message
...
The marks are ordinarily not visible unless the paper is held to an angle
to bright light
...
Pin punctures – small pin punctures on selected letters are ordinarily not visible
unless the paper is held in front of the light
...
Drawbacks of steganography
Requires a lot of overhead to hide a relatively few bits of information
...
Powered By www
...
com
15
CLASSICAL ENCRYPTION TECHNIQUES
There are two basic building blocks of all encryption techniques: substitution and
transposition
...
SUBSTITUTION TECHNIQUES
A substitution technique is one in which the letters of plaintext are replaced by other
letters or by numbers or symbols
...
(i)Caesar cipher (or) shift cipher
The earliest known use of a substitution cipher and the simplest was by Julius
Caesar
...
e
...
, plain text : pay more money
Cipher text: SDB PRUH PRQHB
Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟
...
The decryption algorithm is simply
P = D(C) = (C-k) mod 26
(ii)Playfair cipher
The best known multiple letter encryption cipher is the playfair, which treats
digrams in the plaintext as single units and translates these units into cipher text digrams
...
Let the keyword be „monarchy‟
...
Powered By www
...
com
16
The letter „i‟ and „j‟ count as one letter
...
Plaintext letters that fall in the same row of the matrix are each replaced by the
letter to the right, with the first element of the row following the last
...
Otherwise, each plaintext letter is replaced by the letter that lies in its own row
and the column occupied by the other plaintext letter
...
Since there are 26 letters, 26x26 = 676 diagrams are possible, so identification of
individual digram is more difficult
...
Powered By www
...
com
17
(iii)Polyalphabetic ciphers
Another way to improve on the simple monoalphabetic technique is to use
different monoalphabetic substitutions as one proceeds through the plaintext message
...
All the techniques have the
following features in common
...
(iv)Vigenere cipher
In this scheme, the set of related monoalphabetic substitution rules consisting of
26 caesar ciphers with shifts of 0 through 25
...
e
...
,
Caesar cipher with a shift of 3 is denoted by the key value 'd‟ (since a=0, b=1, c=2 and so
on)
...
PLAIN TEXT
e
f
g
h
i
j
k
…
x
a A B C D E
F
G
H
I
J
K
…
X Y Z
I
J
K
L
…
Y Z
J
K
L
M
…
Z
J
K
L
M N
…
A B C
K
L
M N
K
E
a
b
c
d
Y b B C D E
F
G H
c C D E
F
L
d D E
F
G H I
E
e E
F
G H I
T
f
G H I
T
g G H I
J
K L
M N
E
:
:
:
:
:
:
:
:
:
F
:
:
z Z
J
O
…
z
A
A B
B C D
O
P
…
C D E
O
P
Q
…
D E
F
:
:
:
:
…
:
:
:
:
:
:
:
:
:
:
A B C D
E
F
G
H
…
W
A B C D E
F
G
H
I
…
X
G
H
I
J
…
Y
:
R : : : :
S x X Y Z
y Y Z
G H I
y
J
K L
A B C D E
F
M N
Each of the 26 ciphers is laid out horizontally, with the key letter for each cipher
to its left
...
The process of
Powered By www
...
com
18
encryption is simple: Given a key letter X and a plaintext letter y, the cipher text is at the
intersection of the row labeled x and the column labeled y; in this case, the ciphertext is
V
...
Usually, the
key is a repeating keyword
...
g
...
The key letter again identifies the row
...
Strength of Vigenere cipher
o There are multiple ciphertext letters for each plaintext letter
...
One Time Pad Cipher
It is an unbreakable cryptosystem
...
this can be accomplished by writing all numbers in binary, for example, or by
using ASCII
...
Once a key is used, it is discarded and never used again
...
Decryption uses the same key
...
technoscriptz
...
g
...
Disadvantages
It requires a very long key which is expensive to produce and expensive to
transmit
...
II
...
A very different kind of mapping is achieved by
performing some sort of permutation on the plaintext letters
...
Rail fence is simplest of such cipher, in which the plaintext is written down as a
sequence of diagonals and then read off as a sequence of rows
...
The order of columns then becomes the key of the algorithm
...
g
...
technoscriptz
...
The transposition cipher can be made significantly
more secure by performing more than one stage of transposition
...
SIMPLIFIED DATA ENCRYPTION STANDARD (S-DES)
Powered By www
...
com
21
The figure above illustrates the overall structure of the simplified DES
...
The S-DES
decryption algorithm takes an 8-bit block of ciphertext and the same 10-bit key used to
produce that ciphertext as input and produces the original 8-bit block of plaintext
...
Here a 10-bit key is used from which two 8-bit subkeys
are generated
...
Then a shift operation is
performed
...
The output of the shift
operation also feeds into another shift and another instance of P8 to produce the second
subkey (K2)
...
technoscriptz
...
From this
key, two 8-bit subkeys are produced for use in particular stages of the encryption and
decryption algorithm
...
Let the 10-bit key
be designated as (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10)
...
technoscriptz
...
So the first output bit is bit 3 of
the input; the second output bit is bit 5 of the input, and so on
...
Next, perform a circular left shift (LS-1), or
rotation, separately on the first five bits and the second five bits
...
Next we apply P8, which picks out and permutes 8 of the 10 bits
according to the following rule:
P8
6
3
7
4
8
5
10
9
The result is subkey 1 (K1)
...
We then go back to
the pair of 5-bit strings produced by the two LS-1 functions and performs a circular left
shift of 2 bit positions on each string
...
Finally, P8 is applied again to produce K2
...
S-DES encryption
Encryption involves the sequential application of five functions
...
Consider the plaintext to be 11110011
...
technoscriptz
...
The functions can be expressed as
follows
...
Then we let
fk(L, R) = ( L F(R, SK), R)
Where SK is a subkey and is the bit by-bit exclusive-OR function
...
g
...
Then f K(10111101) = 1011 1110, 1101
= 01011101
We now describe the mapping F
...
The first
operation is an expansion/permutation operation:
E/P
4
e
...
,
1
2
3
2
3
4
1
R= 1101
E/P output = 11101011
It is clearer to depict the result in this fashion:
The 8-bit subkey K1 = (k11, k12 12, k13 13, k14
14, k15 15, k16 16, k17 17, k18) is added to this value using exclusive-OR:
Powered By www
...
com
25
Let us rename these 8 bits:
The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a
2- bit output, and the remaining 4 bits (second row) are fed into S1 to produce another 2bit output
...
The first and fourth input bits are treated as a 2-bit
number that specify a row of the S-box, and the second and third input bits specify a
column of the S-box
...
For
example, if (p0,0 p0,3) = ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0,
column 2 of S0, which is 3, or (11) in ) binary
...
Next, the 4 bits
produced by S0 and S1 undergo a further permutation as follows:
P4
2
4
3
1
The output of P4 is the output of the function F
...
The switch function (SW)
interchanges the left and right 4 bits so that the second instance of f K operates on a
different 4 bits
...
The key input is K2
...
Powered By www
...
com
26
BLOCK CIPHER PRINCIPLES
Virtually, all symmetric block encryption algorithms in current use are based on a
structure referred to as Fiestel block cipher
...
We begin with a comparison of stream cipher
with block cipher
...
E
...
A block cipher is one in which a block of plaintext is
treated as a whole and used to produce a cipher text block of equal length
...
Block cipher principles
•
most symmetric block ciphers are based on a Feistel Cipher Structure
•
needed since must be able to decrypt ciphertext to recover messages efficiently
•
block ciphers look like an extremely large substitution
•
would need table of 264 entries for a 64-bit block
•
instead create from smaller building blocks
•
using idea of a product cipher
in 1949 Claude Shannon introduced idea of substitution-permutation (S-P) networks
called modern substitution-transposition product cipher
these form the basis of modern block ciphers
•
S-P networks are based on the two primitive cryptographic operations we have
seen before:
•
substitution (S-box)
•
permutation (P-box)
•
provide confusion and diffusion of message
•
diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
•
confusion – makes relationship between ciphertext and key as complex as
possible
Feistel cipher structure
Powered By www
...
com
27
The input to the encryption algorithm are a plaintext block of length 2w bits and a
key K
...
The two halves of the
data pass through „n‟ rounds of processing and then combine to produce the ciphertext
block
...
in general, the subkeys Ki are different
from K and from each other
...
A substitution is performed on the left half of the
data (as similar to S-DES)
...
The round function has the same general structure for each round but is
parameterized by the round subkey ki
...
This structure is
a particular form of the substitution-permutation network
...
Powered By www
...
com
28
Fig: Classical Feistel Network
Powered By www
...
com
29
Fig: Feistel encryption and decryption
The process of decryption is essentially the same as the encryption process
...
i
...
, kn in the first round, kn-1 in second round and so on
...
The diagram
below indicates that, at each round, the intermediate value of the decryption process is
same (equal) to the corresponding value of the encryption process with two halves of the
value swapped
...
e
...
technoscriptz
...
The output of that round is the cipher text
...
The input to the first
round is RE16 || LE16, which is equal to the 32-bit swap of the output of the sixteenth
round of the encryption process
...
First consider
the encryption process,
LE16 = RE15
RE16 = LE15
F (RE15, K16)
On the decryption side,
LD1 =RD0 = LE16 =RE15
RD1 = LD0
F (RD0, K16)
= RE16
F (RE15, K16)
= [LE15
F (RE15, K16)]
F (RE15, K16)
= LE15
Therefore,
LD1 = RE15
RD1 = LE15
In general, for the ith iteration of the encryption algorithm,
LEi = REi-1
REi = LEi-1
F (REi-1, Ki)
Finally, the output of the last round of the decryption process is RE0 || LE0
...
DATA ENCRYPTION STANDARD (DES)
Powered By www
...
com
31
PRINCIPLES OF PUBLIC KEY CRYPTOGRAPHY
The concept of public key cryptography evolved from an attempt to attack two of
the most difficult problems associated with symmetric encryption
...
Digital signatures
...
These algorithms have the following important characteristics:
It is computationally infeasible to determine the decryption key given only the
knowledge of the cryptographic algorithm and the encryption key
...
The essential steps are the following:
Each user generates a pair of keys to be used for encryption and decryption of
messages
...
This is the public key
...
Powered By www
...
com
32
If A wishes to send a confidential message to B, A encrypts the message using
B‟s public key
...
No other recipient
can decrypt the message because only B knows B‟s private key
...
As long
as a system controls its private key, its incoming communication is secure
...
Suppose A wishes to send a message to B
...
KRb is known only to B, whereas KUb is publicly
available and therefore accessible by A
...
i
...
, Y=E KUb(X)
The receiver can decrypt it using the private key KRb
...
e
...
Powered By www
...
com
33
Plain text
Encryption
Sender‟s
private key
Decryption
Cipher
text
Sender‟s
public key
Fig: authentication
The encrypted message serves as a digital signature
...
There is no protection of confidentiality because any observer can decrypt
the message by using the sender‟s public key
...
Ciphertext Z = EKUb [EKRa (X)]
Plaintext
X = EKUa[EKRb (Y)]
Initially, the message is encrypted using the sender‟s private key
...
Next, we encrypt again, using the receiver‟s public key
...
Thus confidentiality is provided
...
technoscriptz
...
It is computationally easy for a sender A, knowing the public key and the message
to be encrypted M, to generate the corresponding ciphertext: C=EKUb(M)
...
It is computationally infeasible for an opponent, knowing the public key KUb, and
a ciphertext C, to recover the original message M
...
The counter
measure is to use large keys
...
This algorithm makes use of an
expression with exponentials
...
That is, the block size must be less than or equal to
log2 (n); in practice, the block size is k-bits, where 2k < n < 2k+1
...
the sender knows the value of e
and only the receiver knows the value of d
...
technoscriptz
...
For this algorithm to
be satisfactory for public key encryption, the following requirements must be met:
It is possible to find values of e, d, n such that Med = M mod n for all M
It is infeasible to determine d given e and n
...
We need to find the relationship of the form:
Med = M mod n
A corollary to Euler‟s theorem fits the bill: Given two prime numbers p and q and two
integers, n and m, such that n=pq and 0
mkФ(n) +1 = mk(p-1)(q-1) +1 = m mod n
where Ф(n) – Euler totient function, which is the number of positive integers less than n
and relatively prime to n
...
According to the rule of modular
arithmetic, this is true only if d (and therefore e) is relatively prime to Ф(n)
...
The steps involved in RSA algorithm for generating the key are
Select two prime numbers, p = 17 and q = 11
...
Select e such that e is relatively prime to Ф(n) = 160 and less than Ф(n); we
choose e = 7
...
the correct value is d = 23,
because 23*7 = 161 = 1 mod 160
...
Key Generation
Powered By www
...
com
36
Select p, q
Calculate n = p x q
Calculate (n) = (p -l)(q - 1)
Select integer e
Calculate
d
Public key
Private key
KR = {d,n}
p ,q both prime pq
gcd((n), e) = 1; 1< e< (n)
d= e-1mod (n)
Decryption
KU = { e,n} Ciphertext
Plaintext
11
88
Encryption
KU
= 7,187
Figure : Example of RSA Algorithm
Plaintext
M
Ciphertext
KR = 23, 187
C = Me (mod n)
Decryption
Ciphertext
C
Plaintext
M = Cd (mod n)
Encryption
Security of RSA
There are three approaches to attack the RSA:
brute force key search (infeasible given size of numbers)
mathematical attacks (based on difficulty of computing ø(N), by factoring
modulus N)
timing attacks (on running time of decryption)
Factoring Problem
Mathematical approach takes 3 forms:
Powered By www
...
com
37
Factor n = p*q, hence find Ф(n) and then d
...
Find d directly, without first determination Ф(n)
...
Although the timing attack is a
serious threat, there are simple countermeasures that can be used:
Constant exponentiation time – ensures that all exponentiations take the same
amount of time before returning a result
...
Blinding – multiply the ciphertext by a random number before performing
exponentiation
...
Append PGP keys to email messages or post to news groups or email list
•
Major weakness is forgery
Powered By www
...
com
38
o Anyone can create a key claiming to be someone else and broadcast it
o Until forgery is discovered can masquerade as claimed user
Publicly Available Directory
•
Can obtain greater security by registering keys with a public directory
•
Directory must be trusted with properties:
o Contains {name, public-key} entries
o Participants register securely with directory
o Participants can replace key at any time
o Directory is periodically published
o Directory can be accessed electronically
•
Still vulnerable to tampering or forgery
Public-Key Authority
•
Improve security by tightening control over distribution of keys from directory
•
Has properties of directory
•
Requires users to know public key for the directory
•
Users interact with directory to obtain any desired public key securely
o Does require real-time access to directory when keys are needed
Powered By www
...
com
39
Public-Key Certificates
•
Certificates allow key exchange without real-time access to public-key authority
•
A certificate binds identity to public key
o Usually with other info such as period of validity, rights of use etc
•
With all contents signed by a trusted Public-Key or Certificate Authority (CA)
•
Can be verified by anyone who knows the public-key authorities public-key
Powered By www
...
com
40
DIFFIE-HELLMAN KEY EXCHANGE
The purpose of the algorithm is to enable two users to exchange a key securely
that can then be used for subsequent encryption of messages
...
First, we define a primitive root of a prime number p as
one whose power generate all the integers from 1 to (p-1) i
...
, if „a‟ is a primitive root of
a prime number p, then the numbers
a mod p, a2 mod p, … ap-1 mod p
are distinct and consists of integers from 1 to (p-1) in some permutation
...
With this background, we can define
Diffie Hellman key exchange as follows:
There are publicly known numbers: a prime number „q‟ and an integer α that is primitive
root of q
...
User A selects a random integer
XA < q and computes YA = α XA mod q
...
Each side keeps the X value private and
makes the Y value available publicly to the other side
...
technoscriptz
...
K = (YB)XA mod q
= (α XB mod q)XA mod q
= (α XB)XA mod q
= (α XA)XB mod q
= (α XA mod q)XB mod q
= (YA)XB mod q
The result is that two sides have exchanged a secret key
...
For large
primes, the latter task is considered infeasible
...
technoscriptz
...
Traffic analysis – discovery of the pattern of traffic between parties
...
Content modification – changes to the content of the message, including insertion
deletion, transposition and modification
...
Timing modification – delay or replay of messages
...
Destination repudiation – denial of transmission of message by destination
...
Measures to deal with 3 through 6 are regarded as message authentication
...
AUTHENTICATION FUNCTIONS
Any message authentication or digital signature mechanism can be viewed as
having fundamentally two levels
...
This lower
layer function is then used as primitive in a higher-layer authentication protocol that
enables a receiver to verify the authenticity of a message
...
Message authentication code (MAC) – a public function of the message and a
secret key that produces a fixed length value serves as the authenticator
...
Powered By www
...
com
43
Message encryption
Message encryption by itself can provide a measure of authentication
...
Suppose the message can be any arbitrary bit pattern
...
One solution to this problem is to force the plaintext
to have some structure that is easily recognized but that cannot be replicated without
recourse to the encryption function
...
technoscriptz
...
The FCS is appended to M and the entire block is then encrypted
...
B applies the same function F to attempt to reproduce the FCS
...
In the internal error control, the function F is applied to the plaintext, whereas in
external error control, F is applied to the ciphertext (encrypted message)
...
This technique assumes that two communication parties say A
and B, share a common secret key „k‟
...
MAC = CK(M)
Where M – input message
C – MAC function
K – Shared secret key
Powered By www
...
com
45
+MAC - Message Authentication Code
The message plus MAC are transmitted to the intended recipient
...
The received MAC is compared to the calculated MAC
...
A MAC function is similar to encryption
...
In general, the MAC function is a manyto-one function
...
Let M‟ be equal to some known transformation on M
...
e
...
Powered By www
...
com
46
MAC based on DES
One of the most widely used MACs, referred to as Data Authentication Algorithm
(DAA) is based on DES
...
The data to be authenticated are
grouped into contiguous 64-bit blocks: D1, D2 … Dn
...
Using the DES encryption
algorithm and a secret key, a data authentication code (DAC) is calculated as follows:
O1 = EK(D1)
O2 = EK(D2
O1)
O3 = EK(D3
O2) …
ON = EK(DN
ON-1)
Powered By www
...
com
47
HASH FUNCTIONS
A variation on the message authentication code is the one way hash function
...
Unlike a MAC, a hash code does not
use a key but is a function only of the input message
...
There are varieties of ways in which a hash code can be used to provide message
authentication, as follows:
a) The message plus the hash code is encrypted using symmetric encryption
...
Because encryption is applied to
the entire message plus the hash code, confidentiality is also provided
...
This reduces the
processing burden for those applications that do not require confidentiality
...
technoscriptz
...
It provides authentication plus the digital signature
...
e) This technique uses a hash function, but no encryption for message
authentication
...
The source computes the hash value over the
concatenation of M and S and appends the resulting hash value to M
...
Powered By www
...
com
49
KERBEROS
Kerberos provides a centralized authentication server whose function is to
authenticate users to servers and servers to users
...
The following are the requirements for Kerberos:
secure
reliable
transparent
scalable
A simple authentication dialogue
In an unprotected network environment, any client can apply to any server for
service
...
To counter this threat, servers
must be able to confirm the identities of clients who request service
...
An alternative is to use an authentication server (AS) that knows the passwords of
all users and stores these in a centralized database
...
The simple authentication dialogue is as follows:
1
...
AS >> C: Ticket
3
...
technoscriptz
...
A more secure authentication dialogue
There are two major problems associated with the previous approach:
Plaintext transmission of the password
...
To solve these problems, we introduce a scheme for avoiding plaintext passwords,
and anew server, known as ticket granting server (TGS)
...
C >> AS: IDc||IDtgs
2
...
C >> TGS: IDc||IDv||Tickettgs
4
...
C >> V: IDc||ticketv
Tickettgs= Ektgs(IDc||ADc||IDtgs||TS1||Lifetime1)
Ticketv= Ekv(IDc||ADc||IDv||TS2||Lifetime2)
C: Client, AS: Authentication Server, V: Server, IDc : ID of the client, Pc:Password of
the client, ADc: Address of client, IDv : ID of the server, Kv: secret key shared by AS
and V, ||: concatenation, IDtgs: ID of the TGS server, TS1, TS2: time stamps, lifetime:
lifetime of the ticket
...
technoscriptz
...
If the lifetime is very short,
then the user will be repeatedly asked for a password
...
Requirement for the servers to authenticate themselves to users
...
Differences between version 4 and 5
Version 5 is intended to address the limitations of version 4 in two areas:
Environmental shortcomings
o encryption system dependence
o internet protocol dependence
o message byte ordering
Powered By www
...
com
52
o ticket lifetime
o authentication forwarding
o inter-realm authenticaiton
Technical deficiencies
o double encryption
o PCBC encryption
o Session keys
o Password attacks
The version 5 authentication dialogue
ELECTRONIC MAIL SECURITY
PRETTY GOOD PRIVACY (PGP)
Powered By www
...
com
53
PGP provides the confidentiality and authentication service that can be used for
electronic mail and file storage applications
...
Integrate these algorithms into a general purpose application that is independent
of operating system and processor and that is based on a small set of easy-to-use
commands
...
Enter into an agreement with a company to provide a fully compatible, low cost
commercial version of PGP
...
A number of reasons can be
cited for this growth
...
It is based on algorithms that have survived extensive public review and are
considered extremely secure
...
g
...
It has a wide range of applicability
...
Operational description
The actual operation of PGP consists of five services: authentication, confidentiality,
compression, e-mail compatibility and segmentation
...
Authentication
The sequence for authentication is as follows:
The sender creates the message
SHA-1 is used to generate a 160-bit hash code of the message
The hash code is encrypted with RSA using the sender‟s private key and
the result is prepended to the message
Powered By www
...
com
54
The receiver uses RSA with the sender‟s public key to decrypt and recover
the hash code
...
If the two match, the message is accepted as
authentic
...
Confidentiality
Confidentiality is provided by encrypting messages to be transmitted or to be
stored locally as files
...
The 64-bit cipher feedback (CFB) mode is used
...
That is, a new key is generated
as a random 128-bit number for each message
...
To protect the key, it is encrypted
with the receiver‟s public key
...
The message is encrypted using CAST-128 with the session key
...
The receiver uses RSA with its private key to decrypt and recover the
session key
...
Confidentiality and authentication
Here both services may be used for the same message
...
Then the
plaintext plus the signature is encrypted using CAST-128 and the session key is
encrypted using RSA
...
Compression
Powered By www
...
com
55
As a default, PGP compresses the message after applying the signature but
before encryption
...
The signature is generated before compression for two reasons:
It is preferable to sign an uncompressed message so that one can store
only the uncompressed message together with the signature for future
verification
...
Even if one were willing to generate dynamically a recompressed message
fro verification, PGP‟s compression algorithm presents a difficulty
...
Message encryption is applied after compression to strengthen cryptographic
security
...
The compression algorithm used is ZIP
...
e-mail compatibility
Many electronic mail systems only permit the use of blocks consisting of
ASCII texts
...
The scheme used for this purpose is radix-64 conversion
...
e
...
, consider the 24-bit (3 octets) raw text sequence 00100011 01011100
10010001, we can express this input in block of 6-bits to produce 4 ASCII
characters
...
Segmentation and reassembly
Powered By www
...
com
56
E-mail facilities often are restricted to a maximum length
...
g
...
Any message longer than that must be broken up into smaller segments,
each of which is mailed separately
...
The
segmentation is done after all the other processing, including the radix-64
conversion
...
Cryptographic keys and key rings
Three separate requirements can be identified with respect to these keys:
A means of generating unpredictable session keys is needed
...
Each PGP entity must maintain a file of its own public/private key pairs as
well as a file of public keys of correspondents
...
1
...
Random 128-bit
numbers are generated using CAST-128 itself
...
Using cipher feedback mode, the CAST-128 produces
two 64-bit cipher text blocks, which are concatenated to form the 128-bit session
key
...
These numbers are based on the keystroke input from the
user
...
Key identifiers
If multiple public/private key pair are used, then how does the recipient
know which of the public keys was used to encrypt the session key? One simple
Powered By www
...
com
57
solution would be to transmit the public key with the message but, it is
unnecessary wasteful of space
...
The solution adopted by PGP is to assign a key ID to each public key that is, with
very high probability, unique within a user ID
...
i
...
, the key ID of public key
KUa is (KUa mod 264)
...
Message component – includes actual data to be transmitted, as well as the
filename and a timestamp that specifies the time of creation
...
o Message digest – hash code
...
o Key ID of sender‟s public key – identifies the public key
Session key component – includes session key and the identifier of the
recipient public key
...
Key rings
PGP provides a pair of data structures at each node, one to store the public/private
key pair owned by that node and one to store the public keys of the other users
known at that node
...
The general structures of the private and public key rings are shown below:
Powered By www
...
com
58
Timestamp – the date/time when this entry was made
...
Public key – public key portion of the pair
...
User ID – the owner of the key
...
Signature trust field – indicates the degree to which this PGP user trusts the signer to
certify public key
...
PGP message generation
First consider message transmission and assume that the message is to be both signed
and encrypted
...
technoscriptz
...
signing the message
PGP retrieves the sender‟s private key from the private key ring using user ID
as an index
...
PGP prompts the user for the passpharse (password) to recover the
unencrypted private key
...
2
...
PGP retrieves the recipient‟s public key from the public key ring using user
ID as index
...
The receiving PGP entity performs the following steps:
Powered By www
...
com
60
passphrase
H
Private-key ring
Public-key ring
Select
E( KRb)
DC
Private key
KRb
Receiver‟s
key ID
DP
Encrypted
session key
Ks
Encrypted
message +
signature
Sender‟s
key ID
Encrypted
digest
Public key
KUa
DP
DC
Compare
Message
H
Figure: PGP message reception
1
...
PGP prompts the user for the passpharse (password) to recover the
unencrypted private key
...
2
...
PGP recovers the transmitted message digest
...
Powered By www
...
com
61
PEM(PRIVACY ENHANCED MAIL)
Introduction
On the Internet, the notions of privacy and security are practically non-existent
...
Many people may think that sending an email in plain text is privacy-protected and
enhancement of privacy is not necessary
...
Whether you realize
it or not, those messages you've been sending to business partners or friends over the
Internet have been sent in the clear; information you thought was enclosed in a sealed
envelope was instead sent just like a postcard
...
Any of these machines can read the message and/or record it for
future work
...
Authenticity
Many people assume that the name given as the sender of an email message identifies
who actually sent it
...
For example, the Netscape Navigator mail function allows people
to enter their own description of who they are, and what their email address is
...
Integrity
When you send a message via email, there is no guarantee that it will be received, or that
what is received is exactly what you sent
...
This is due to the passing of
messages from machine to machine, between your email server and that of the intended
recipient
...
This is obvious if you consider that a mail
message is only a file that gets passed from person to person along a delivery chain
...
The next person in the chain doesn't know it's coming, what's in it, or
how big it should be
...
If you mis-spell the recipient's address, the mail server at their end may send the note
back to you as undeliverable
...
Normally the postmaster will re-send it to the appropriate
Powered By www
...
com
54
person, but this is a manual process, which may take some time, or it may not be done at
all
...
These files can be altered by authorized administrators or by
anybody capable of assuming authority
...
Reliability
As a sender, you have no way of knowing when a message was delivered
...
Also,
there is no standard way of requesting a receipt when the message is read
...
Because of the wide-spread nature of these problems, a number of competing solutions
are being developed that address the authentication and integrity issues
...
Pretty Good Privacy, PGP, and Privacy-Enhanced Mail, PEM, are both “systems” that
provide secrecy and non-repudiation of data that is sent over the Internet, mostly by email
(figure 1)
...
Powered By www
...
com