NW & SC Printout
NW & SC Printout
NW & SC Printout
• If encryption is to be used to counter attacks on confidentiality, we need to decide what to encrypt and
where the encryption function should be located.
• Have many locations where attacks can occur in a typical scenario such as:
• Now examine potential locations of security attacks and then look at the two major approaches to
encryption placement: link encryption and end to end encryption
• link encryption
– each vulnerable communications link is equipped on both ends with an encryption device.
– But all the potential links in a path from source to destination must use link encryption.
– Each pair of nodes that share a link should share a unique key, with a different key used on each
link. Thus, many keys must be provided.
end-to-end encryption
– encryption occurs between original source and final destination so we can say that the
encryption process is carried out at the two end systems.
– Thus end-to-end encryption relieves the end user of concerns about the degree of security of
networks and links that support the communication.
– The user data is secure, but the traffic pattern is not because packet headers are transmitted in
the clear.
Placement of Encryption
• With end-to-end encryption, user data are secure, but the traffic pattern is not because packet headers
are transmitted in the clear.
• However end-to-end encryption does provide a degree of authentication, since a recipient is assured that
any message that it receives comes from the alleged sender, because only that sender shares the relevant
key.
• To achieve greater security, both link and end-to-end encryption are needed.
– end-to-end protects data contents over entire path and provides authentication
– end-to-end can occur at layers 3, 4, 6, 7 (network layer ,Transport layer, Presentation and
Application layer.
– as move higher less information is encrypted but it is more secure though more complex with
more entities and keys
• often secure system failure due to a break in the key distribution scheme
• if A & B have communicated previously can use previous key to encrypt a new key
• if A & B have secure communications with a third party C, C can relay key between A & B
Key Hierarchy
• typically have a hierarchy of keys
• session key
– temporary key
• master key
• hierarchies of KDC’s required for large networks, but must trust each other
• use of automatic key distribution on behalf of users, but must trust system
– session keys
• in all cases its critical that these values be
• note that an attacker can reconstruct sequence given a small number of values
• for cryptographic applications, can use a block cipher to generate random numbers
• Counter Mode
Xi = EKm[i]
ANSI X9.17 PRG
– xi = xi-12 mod n
• slow, since very large numbers must be used, but has a very high level of security.
• Prime numbers play a critical role both in number theory and cryptography.
• An integer p>1 is a prime number if and only if its divisor are +- 1 and +- p.
where p1 < p2 < ……. < pt are prime numbers and each a(i) is a positive integer. This is fundamental
theorem of arithmetic.
– For eg. 91 = 7 * 13
3600 = 24 x 32 x 52
• It can be express in another way. If P is the set of all prime numbers, then any positive integer a can be
written uniquely in the following form :
• two numbers a, b are relatively prime if have no common divisors apart from 1
– eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the
only common factor
• conversely can determine the greatest common divisor by comparing their prime factorizations and using
least powers
• Two theorem that play a important role in the Symmetric key (public key) cryptography.
– Fermat’s theorem
– Euler’s theorem
Fermat's Theorem
– ap-1 = 1 (mod p)
• also ap = a (mod p)
• reduced set of residues is those numbers (residues) which are relatively prime to n
– eg for n=10 = (2 * 5)
• number of elements is reduced in a given complete set is called the Euler Totient Function ø(n)
• to compute ø(n) need to count number of residues( what is left over) to be excluded
• eg.
ø(37) = 36
Euler's Theorem
• aø(n) = 1 (mod n)
– for any a,n where gcd(a,n)=1
• eg.
a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; ø(11)=10;
Primality Testing
• For many cryptography algorithm , it is necessary to select one or more very large prime numbers at
random.
• Thus we are faced with the task of determining whether a given no is prime.
• We have a one popular algorithm that produce a number that is not necessarily a prime but almost
certainly a prime.
• n-1 is even integer then divide (n-1) by 2 until result is an odd number q, for total of k divisions.
• If n is a binary number, then the result is achieved by shifting the number to the right until the right most
digit is 1, for total of k shift.
• First property:
• If p is prime and a is positive integer less than p, then a2 mod p = 1 if and only if either a mod p = 1 or a
mod p = -1 and p=p-1.
a2 mod p =1
Second property:
• let p is prime number greater than 2 then
• Let a be any integer in the range 1<a<p-1 then one of the condition is true :
congruent to -1 mod p.
• algorithm is:
4. for j = 0 to k – 1 do
6. return ("composite")
Probabilistic Considerations
• if Miller-Rabin returns “composite” the number is definitely not prime
• Develop by Rivest, Shamir & Adleman of MIT in 1977 and published in 1978.
• RSA scheme is a block cipher in which the plaintext and cipher text are integers between 0 and n-1 for
some n. So typical size for n is 1024 bits or 309 decimal digits. That is n is less than 2 1024 .
• Encryption and decryption are of the following form, for some plaintext block M and cipher text C.
• Plaintext M= Cd mod n
• The sender only knows the value of e and the receiver only know the value of d. Thus this is a public-key
encryption algorithm with a public key PU = { e,n} and a private key PR = { d, n}
RSA
– note ø(n)=(p-1)(q-1)
RSA Use
• to encrypt a message M the sender:
– computes: M = Cd mod n
5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23x7=161= 10x160+1
• encryption:
• decryption:
RSA Security
– mathematical attacks
– timing attacks
Factoring Problem
– find d directly
• This attacks are applicable not to RSA but to other public-key cryptography system.
• Countermeasures
• Ensure that all exponentiations take the same amount of time before returning a value.
– random delays
• choose ciphertext to full use of properties of RSA to provide info to help cryptanalysis
Intruders
• A significant security problem for networked systems is unfriendly, or at least unwanted, being
unauthorized login or use of a system, by local or remote users; or by software such as a virus, worm, or
Trojan horse.
• All these attacks relate to network security because system entry can be achieved by means of network.
All attacks are not confined to network based attacks.
– For eg
• Someone who intrudes on the privacy or property of another without permission is known as Intruders
– Masquerader
• An unauthorized user who penetrates a computer system’s access control and gains
acccess to user accounts.
– Misfeasor
– Clandestine user
• A user who seizes the supervisory control of the system and uses it to evade auditing
and access control.
– The intruder threat has been well publicized,particularly because of the famous “Wily Hacker”incident of
1986–1987.
– intruders might be tolerable, although they do consume resources and may slow performance for
legitimate users.
– Intruders may use compromised systems to launch attacks on other systems, further degrading
performance.
– Eg is the threat occurred at texas A&M University .In August 1992 , the computer center there was
notified that one of its machine was being used to attack computers at another location via the Internet.
– By Monitoring activity , the computer center personnel learned that there were several outsider
intruders involved , who were running password-cracking routine on various computer.
– A few days letter, one of the local system manager detected that the intruder attack had
resumed.
– Files were found containing hundreds of captured passwords, including some on major and
secure servers. In addition , one local machine had been set up as a hacker bulletin board, which
the hackers used to contact each other and to discuss techniques and progress.
Intrusion Techniques
Objective: An intruder wants to gain access to a system or to increase the range of priviliges accessible on the
system.
• With knowledge of some other user’s password,an intruder can log in to a system and exercise all the
priviliges to the legitimate user.
• System maintains a file that associates a password with each authorized user.
• If such a file is stored with no protection, then it is easy matter to gain access to it and learn password.
• The system stores only the value of a function based on the user’s password. When the
user presents a password, the system transforms that password and compares it with
the stored value.
• If one or both of these countermeasure are in place, some efforts is needed for intruder to learn
password.
• Collect information about the user’s hobbies, family names, birthday, etc.
• Try user’s phone no, Social Security no and room no.
• Tap the line between a remote user and the host system.
• Intruders can also get access to a system by exploiting attacks such as buffer overflows on a
program that runs some privileges.