Cryptography and Network Security

UNIT- I 10Hrs
Classical Encryption Techniques: Security Attacks, Services & Mechanisms, Symmetric
Cipher Model. Cyber Threats, Phishing Attack, Web Based Attacks, SQL Injection Attacks,
Buffer Overflow& Format String Vulnerabilities, TCP session hijacking, UDP Session
Hijacking. Block Ciphers: Traditional Block Cipher Structure, Block Cipher Design
Principles.
UNIT- II 10 Hrs
Symmetric Key Cryptography: Data Encryption Standard (DES), Advanced Encryption
Standard (AES), Blowfish, IDEA, Block Cipher Modes of Operations. Number Theory: Prime
and Relatively Prime Numbers, Modular Arithmetic, Fermat’s and Euler’s Theorems, The
Chinese Remainder Theorem, Discrete Logarithms.
UNIT- III 10 Hrs
Public Key Cryptography: Principles, Public Key Cryptography Algorithms, RSA Algorithm,
Diffie Hellman Key Exchange, Elliptic Curve Cryptography. Cryptographic Hash Functions:
Application of Cryptographic Hash Functions, Requirements & Security, Secure Hash
Algorithm, Message Authentication Functions, Requirements & Security, HMAC & CMAC.
Digital Signatures: NIST Digital Signature Algorithm, Key Management and Distribution.
UNIT - IV 10 Hrs
User Authentication: Remote User Authentication Principles, Kerberos. Electronic Mail
Security: Pretty Good Privacy (PGP) And S/MIME. IP Security: IP Security Overview, IP
Security Architecture, Authentication Header, Encapsulating Security Payload, Combining
Security Associations and Key Management.
UNIT -V 8 Hrs
Transport Level Security: Web Security Requirements, Secure Socket Layer (SSL) and
Transport Layer Security (TLS), Secure Shell (SSH) Firewalls: Characteristics, Types of
Firewalls, Placement of Firewalls, Firewall Configuration, Trusted Systems.
TEXT BOOKS:
1) Cryptography and Network Security- William Stallings, Pearson Education, 7th
Edition.
2) Cryptography, Network Security and Cyber Laws – Bernard Menezes, Cengage
Learning, 2010 edition.
REFERENCE BOOKS:
1) Cryptography and Network Security- Behrouz A Forouzan, Debdeep Mukhopadhyaya,
Mc-GrawHill, 3rd Edition, 2015.
2) Network Security Illustrated, Jason Albanese and Wes Sonnenreich, MGH
Publishers, 2003.
e-Resources:
1. https://nptel.ac.in/courses/106/105/106105031/ lecture by Dr.
DebdeepMukhopadhyayIIT Kharagpur [Video Lecture]
2. https://nptel.ac.in/courses/106/105/106105162/ lecture by Dr.
SouravMukhopadhyay IIT Kharagpur [Video Lecture]
 Chapter -1

Definitions :

• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected
networks
Security Attack:

• Importance of information for an organization

• Importance to provide security to personnel information
• Importance of threat & attack
• can focus of generic types of attacks
– Passive : attempts to learn or make use of information from the system but does not affect system
resources
– Active : attempts to alter system resources or affect their operation
Passive Attacks:

Active Attacks:

Security Service :

– enhance security of data processing systems and information transfers of an organization

– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated with physical documents
• for example, have signatures, dates; need protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
Security Services:

• X.800: a service provided by a protocol layer of communicating open systems, which ensures adequate security
of the systems or of data transfers”

• RFC 2828: “a processing or communication service provided by a system to give a specific kind of protection to
system resources”
Security Services (X.800):

• Authentication - assurance that the communicating entity is the one claimed

• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
• Data Integrity - assurance that data received is as sent by an authorized entity
• Non-Repudiation - protection against denial(rejection) by one of the parties in a communication
Security Mechanism :

• Feature designed to detect, prevent, or recover from a security attack

• No single mechanism that will support all services required
• However one particular element underlies many of the security mechanisms in use:
– cryptographic techniques

Security Mechanisms (X.800):

• Specific security mechanisms:

– encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic
padding, routing control, notarization
• Pervasive security mechanisms:
– trusted functionality, security labels, event detection, security audit trails, security recovery
Model for Network Security:

SYMMETRIC CIPHER MODEL :

A symmetric encryption scheme has five ingredients

1. Plain Text
2. Encryption algorithm
3. Secret key
4. Cipher Text
5. Decryption algorithm

Cyber Threats :

A cyber or cyber security threat is a malicious act that seeks to damage data, steal data, or disrupt(disturb) digital life in
general the main types of information security threats are:

1. Malware attack
2. Social engineering attacks
3. Software supply chain attacks
4. Advanced persistent threats (APT)
5. Distributed denial of service (DDoS)
6. Man-in-the-middle attack (MitM)
7. Password attacks

1. Malware attacks include:

a. Trojan virus — tricks a user into thinking it is a harmless file. A Trojan can launch an attack on a system
and can establish a backdoor, which attackers can use.

b. Ransomware — prevents access to the data of the victim and threatens to delete or publish it unless a
ransom is paid. Learn more in our guide to ransomware prevention.

c. Wiper malware — intends to destroy data or systems, by overwriting targeted files or destroying an
entire file system. Wipers are usually intended to send a political message, or hide hacker activities after
data exfiltration.

d. Worms — this malware is designed to exploit backdoors and vulnerabilities to gain unauthorized access
to operating systems. After installation, the worm can perform various attacks, including Distributed
Denial of Service (DDoS).

e. Spyware — this malware enables malicious actors to gain unauthorized access to data, including
sensitive information like payment details and credentials. Spyware can affect mobile phones, desktop
applications, and desktop browsers.

f. Fileless malware — this type of malware does not require installing software on the operating system. It
makes native files such as PowerShell and WMI editable to enable malicious functions, making them
recognized as legitimate and difficult to detect.

g. Application or website manipulation — OWASP outlines the top 10 application security risks, ranging
from broken access controls and security misconfiguration through injection attacks and cryptographic
failures. Once the vector is established through service account acquisition, more malware, credential,
or APT attacks are launched.
2. Social engineering attacks :

Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker,
or divulging sensitive information.

Social engineering attacks include:

1. Phishing — Attackers send fraudulent correspondence that seems to come from legitimate sources, usually via
email. The email may urge the user to perform an important action or click on a link to a malicious website,
leading them to hand over sensitive information to the attacker, or expose themselves to malicious downloads.
Phishing emails may include an email attachment infected with malware.

2. Spear phishing — a variant of phishing in which attackers specifically target individuals with security privileges
or influence, such as system administrators or senior executives.

3. Malvertising — online advertising controlled by hackers, which contains malicious code that infects a user’s
computer when they click, or even just view the ad. Malvertising has been found on many leading online
publications.

4. Drive-by downloads — attackers can hack websites and insert malicious scripts into PHP or HTTP code on a page.
When users visit the page, malware is directly installed on their computer; or, the attacker’s script redirects
users to a malicious site, which performs the download. Drive-by downloads rely on vulnerabilities in browsers
or operating systems. Learn more in the guide to drive-by downloads.

5. Scareware security software — pretends to scan for malware and then regularly shows the user fake warnings
and detections. Attackers may ask the user to pay to remove the fake threats from their computer or to register
the software. Users who comply transfer their financial details to an attacker.

6. Baiting — occurs when a threat actor tricks a target into using a malicious device, placing a malware-infected
physical device, like a USB, where the target can find it. Once the target inserts the device into their computer,
they unintentionally install the malware.

7. Vishing — voice phishing (vishing) attacks use social engineering techniques to get targets to divulge financial or
personal information over the phone.

8. Whaling — this phishing attack targets high-profile employees (whales), such as the chief executive officer (CEO)
or chief financial officer (CFO). The threat actor attempts to trick the target into disclosing confidential
information.

9. Pretexting — occurs when a threat actor lies to the target to gain access to privileged data. A pretexting scam
may involve a threat actor pretending to confirm the target’s identity by asking for financial or personal data.

10. Scareware — a threat actor tricks the victim into thinking they inadvertently downloaded illegal content or that
their computer is infected with malware. Next, the threat actor offers the victim a solution to fix the fake
problem, tricking the victim into downloading and installing malware.

11. Diversion theft — threat actors use social engineers to trick a courier or delivery company into going to a wrong
drop-off or pickup location, intercepting the transaction.

12. Honey trap — a social engineer assumes a fake identity as an attractive person to interact with a target online.
The social engineer fakes an online relationship and gathers sensitive information through this relationship.
 13. Tailgating or piggybacking — occurs when a threat actor enters a secured building by following authorized
personnel. Typically, the staff with legitimate access assumes the person behind is allowed entrance, holding the
door open for them.

14. Pharming — an online fraud scheme during which a cybercriminal installs malicious code on a server or
computer. The code automatically directs users to a fake website, where users are tricked into providing
personal data.

3. Software supply chain attacks :

Types of software supply chain attacks:

1. Compromise of software build tools or dev/test infrastructure

2. Compromise of devices or accounts owned by privileged third-party vendors
3. Malicious apps signed with stolen code signing certificates or developer IDs
4. Malicious code deployed on hardware or firmware components
5. Malware pre-installed on devices such as cameras, USBs, and mobile phones

4. Advanced persistent threats (APT):

Common indicators of an APT presence include:

a) New account creation — the P in Persistent comes from an attacker creating an identity or credential on
the network with elevated privileges.
b) Abnormal activity — legitimate user accounts typically perform in patterns.
c) Abnormal activity on these accounts can indicate an APT is occurring, including
noting a stale account which was created then left unused for a time suddenly being active.
d) Backdoor/trojan horse malware — extensive use of this method enables APTs to
maintain long-term access.
e) Odd database activity — for example, a sudden increase in database operations
with massive amounts of data.
f) Unusual data files — the presence of these files can indicate data has been bundled
into files to assist in an exfiltration process.
5. Distributed denial of service (DDoS):

Methods of DDoS attacks include:

a) Botnets — systems under hacker control that have been infected with malware. Attackers use these
bots to carry out DDoS attacks. Large botnets can include millions of devices and can launch attacks at
devastating scale.

b) Smurf attack — sends Internet Control Message Protocol (ICMP) echo requests to the victim’s IP
address. The ICMP requests are generated from ‘spoofed’ IP addresses. Attackers automate this process
and perform it at scale to overwhelm a target system.

c) TCP SYN flood attack — attacks flood the target system with connection requests. When the target
system attempts to complete the connection, the attacker’s device does not respond, forcing the target
system to time out. This quickly fills the connection queue, preventing legitimate users from connecting.
6. Man-in-the-middle attack (MitM) :

MitM attacks include:

a) Session hijacking — an attacker hijacks a session between a network server and a client. The attacking
computer substitutes its IP address for the IP address of the client. The server believes it is
corresponding with the client and continues the session.

b) Replay attack — a cybercriminal eavesdrops on network communication and replays messages at a later
time, pretending to be the user. Replay attacks have been largely mitigated by adding timestamps to
network communications.

c) IP spoofing — an attacker convinces a system that it is corresponding with a trusted, known entity. The
system thus provides the attacker with access. The attacker forges its packet with the IP source address
of a trusted host, rather than its own IP address.

d) Eavesdropping attack — attackers leverage insecure network communication to access information

transmitted between the client and server. These attacks are difficult to detect because network
transmissions appear to act normally.

e) Bluetooth attacks — Because Bluetooth is often open in promiscuous mode, there are many attacks,
particularly against phones, that drop contact cards and other malware through open and receiving
Bluetooth connections. Usually this compromise of an endpoint is a means to an end, from harvesting
credentials to personal information.

7. Password attacks :

Password attacks include:

a) Brute-force password guessing — an attacker uses software to try many different passwords, in hopes of
guessing the correct one. The software can use some logic to trying passwords related to the name of
the individual, their job, their family, etc.

b) Dictionary attack — a dictionary of common passwords is used to gain access to the computer and
network of the victim. One method is to copy an encrypted file that has the passwords, apply the same
encryption to a dictionary of regularly used passwords, and contrast the findings.

c) Pass-the-hash attack — an attacker exploits the authentication protocol in a session and captures a
password hash (as opposed to the password characters directly) and then passes it through for
authentication and lateral access to other networked systems. In these attack types, the threat actor
doesn’t need to decrypt the hash to obtain a plain text password.

d) Golden ticket attack — a golden ticket attack starts in the same way as a pass-the-hash attack, where on
a Kerberos (Windows AD) system the attacker uses the stolen password hash to access the key
distribution center to forge a ticket-granting-ticket (TGT) hash. Mimikatz attacks frequently use this
attack vector.
Phishing:
Phishing is a type of cyber security attack during which malicious actors send messages pretending to be a trusted
person or entity. Phishing messages manipulate a user, causing them to perform actions like installing a malicious file,
clicking a malicious link, or divulging sensitive information such as access credentials. Phishing is the most common type
of social engineering, which is a general term describing attempts to manipulate or trick computer users.

Types of Phishing Attacks :

1. Email Phishing

Most phishing attacks are sent via email. Attackers typically register fake domain names that mimic real organizations
and send thousands of common requests to victims.

Email phishing messages have one of the following goals:

a) Causing the user to click a link to a malicious website, in order to install malware on their device.

b) Causing the user to download an infected file and using it to deploy malware

c) Causing the user to click a link to a fake website and submit personal data.

d) Causing the user to reply and provide personal data.

2. Spear Phishing

Spear phishing includes malicious emails sent to specific people. The attacker typically already has some or all of the
following information about the victim:

a) Name
b) Place of employment
c) Job title
d) Email address
e) Specific information about their job role
f) Trusted colleagues, family members, or other contacts, and samples of their writing

3. Whaling

Whaling attacks target senior management and other highly privileged roles. The ultimate goal of whaling is the
same as other types of phishing attacks, but the technique is often very subtle.

For example, whaling attackers commonly use bogus tax returns to discover sensitive data about the victim, and
use it to craft their attack.

4. Smishing and Vishing

This is a phishing attack that uses a phone instead of written communication. Smishing involves sending
fraudulent SMS messages, while vishing involves phone conversations.

In a typical voice phishing scam, an attacker pretends to be a scam investigator for a credit card company or
bank, informing victims that their account has been breached. Criminals then ask the victim to provide payment card
information, supposedly to verify their identity or transfer money to a secure account
5. Angler Phishing

These attacks use fake social media accounts belonging to well known organizations. The attacker uses an
account handle that mimics a legitimate organization (e.g.“@pizzahutcustomercare”) and uses the same profile picture
as the real company account. Eg: facebook hack and asking money

Web-Based Attacks Defined :

When criminals exploit vulnerabilities in coding to gain access to a server or database, these types of cyber vandalism
threats are known as application-layer attacks. Users trust that the sensitive personal information they divulge on your
website will be kept private and safe.

Intrusion in the form of web-based attacks can mean that their credit card, Social Security, or medical information might
become public, leading to potentially grave consequences.

Web applications are particularly susceptible to hacking because they are available 24 hours a day, 365 days a year, to
provide continuous services. Because these applications must be publicly accessible, they cannot be safeguarded behind
firewalls or secured from threats with SSL.

1. Most Common Types of Web Attacks

Although the tactics of cybercriminals are constantly evolving, their underlying attack strategies remain relatively stable.
Below are some of the most common:

2. Cross-site scripting (XSS). That involves an attacker uploading a piece of malicious script code onto your website that
can then be used to steal data or perform other kinds of mischief. Although this strategy is relatively unsophisticated, it
remains quite common and can do significant damage.

3. SQL Injection (SQLI). This happens when a hacker submits destructive code into an input form. If your systems fail to
clean this information, it can be submitted into the database, changing, deleting, or revealing data to the attacker.

4. Path traversal. Also resulting from improper protection of data that has been inputted, these webserver attacks
involve injecting patterns into the webserver hierarchy that allow bad actors to obtain user credentials, databases,
configuration files, and other information stored on hard drives.

5. Local File Inclusion. This relatively uncommon attack technique involves forcing the web application to execute a file
located elsewhere on the system.

6. Distributed Denial of Service (DDoS) attacks. Such destructive events happen when an attacker bombards the server
with requests. In many cases, hackers use a network of compromised computers or bots to mount this offensive. Such
actions paralyze your server and prevent legitimate visitors from gaining access to your services

Protecting Against Website Attack :

A company’s ability to use online resources to capture and store customer data has many benefits, but it also opens the
door to malicious attackers. Fortunately, there are methods you can employ to provide analysis and protection for your
site and its underlying servers and databases. They include the following:

1. Automated vulnerability scanning and security testing. These programs help you to find, analyze, and mitigate
vulnerabilities, often before actual attacks occur. Investing in these preventive measures is a cost-effective way to
reduce the likelihood that vulnerabilities will turn into cyber disasters.
2. Web Application Firewalls (WAFs). These operate on the application layer and use rules and intelligence about known
breach tactics to restrict access to applications. Because they can access all layers and protocols, WAFs can be highly
effective gatekeepers when it comes to shielding resources from attack.

3. Secure Development Testing (SDT). This instruction is designed for all security team members, including testers,
developers, architects, and managers. It provides information about the newest attack vectors. It assists the task force in
establishing a baseline and developing a practical, dynamic approach to preventing website attacks and minimizing the
consequences of breaches that cannot be stopped.

SQL injection :

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database
manipulation to access information that was not intended to be displayed. This information may include any number of
items, including sensitive company data, user lists or private customer details.

Types of SQL Injections

SQL injections typically fall under three categories:

a) In-band SQLi (Classic),

b) Inferential SQLi (Blind)
c) Out-of-band SQLi.
a) In-band SQLi

The attacker uses the same channel of communication to launch their attacks and to gather their results. In-band SQLi’s
simplicity and efficiency make it one of the most common types of SQLi attack. There are two sub-variations of this
method:

a) Error-based SQLi—the attacker performs actions that cause the database to produce error messages.
The attacker can potentially use the data provided by these error messages to gather information about
the structure of the database.

b) Union-based SQLi—this technique takes advantage of the UNION SQL operator, which fuses multiple
select statements generated by the database to get a single HTTP response. This response may contain
data that can be leveraged by the attacker.

b) Inferential (Blind) SQLi :

The attacker sends data payloads to the server and observes the response and behavior of the server to learn more
about its structure. This method is called blind SQLi because the data is not transferred from the website database to
the attacker, thus the attacker cannot see information about the attack in-band.

Blind SQL injections rely on the response and behavioral patterns of the server so they are typically slower to execute
but may be just as harmful. Blind SQL injections can be classified as follows:
a) Boolean—that attacker sends a SQL query to the database prompting the application to return a result.
The result will vary depending on whether the query is true or false. Based on the result, the information
within the HTTP response will modify or stay unchanged. The attacker can then work out if the message
generated a true or false result.
b) Time-based—attacker sends a SQL query to the database, which makes the database wait (for a period
in seconds) before it can react. The attacker can see from the time the database takes to respond,
whether a query is true or false. Based on the result, an HTTP response will be generated instantly or
after a waiting period. The attacker can thus work out if the message they used returned true or false,
without relying on data from the database.
c) Out-of-band SQLi :

The attacker can only carry out this form of attack when certain features are enabled on the database server used by the
web application. This form of attack is primarily used as an alternative to the in-band and inferential SQLi techniques.

Out-of-band SQLi is performed when the attacker can’t use the same channel to launch the attack and gather
information, or when a server is too slow or unstable for these actions to be performed. These techniques count on the
capacity of the server to create DNS or HTTP requests to transfer data to an attacker.

Key Concepts of Buffer Overflow

This error occurs when there is more data in a buffer than it can handle, causing data to overflow into adjacent storage.

This vulnerability can cause a system crash or, worse, create an entry point for a cyberattack.

C and C++ are more susceptible to buffer overflow.

Secure development practices should include regular testing to detect and fix buffer overflows. These practices include
automatic protection at the language level and bounds-checking at run-time.

Veracode’s binary SAST technology identifies code vulnerabilities, such as buffer overflow, in all code — including open
source and third-party components —so that developers can quickly address them before they are exploited.

Definition of a Buffer Overflow

A buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. A
buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle.
The extra information, which has to go somewhere, can overflow into adjacent memory space, corrupting or overwriting
the data held in that space. This overflow usually results in a system crash, but it also creates the opportunity for an
attacker to run arbitrary code or manipulate the coding errors to prompt malicious actions.

Executing a Buffer Overflow Attack

Cybercriminals exploit buffer overflow problems to alter the execution path of the application by overwriting parts of its
memory. The malicious extra data may contain code designed to trigger specific actions — in effect sending new
instructions to the attacked application that could result in unauthorized access to the system. Hacker techniques that
exploit a buffer overflow vulnerability vary per architecture and operating system.

Buffer Overflow Causes

Coding errors are typically the cause of buffer overflow. Common application development mistakes that can lead to
buffer overflow include failing to allocate large enough buffers and neglecting to check for overflow problems. These
mistakes are especially problematic with C/C++, which does not have built-in protection against buffer overflows.
Consequently, C/C++ applications are often targets of buffer overflow attacks.
Buffer Overflow Attack Example

In some cases, an attacker injects malicious code into the memory that has been corrupted by the overflow. In other
cases, the attacker simply takes advantage of the overflow and its corruption of the adjacent memory. For example,
consider a program that requests a user password in order to grant the user access to the system. In the code below, the
correct password grants the user root privileges. If the password is incorrect, the program will not grant the user
privileges.

However, there is a possibility of buffer overflow in this program because the gets() function does not check the array
bounds.

Here is an example of what an attacker could do with this coding error:

In the above example, the program gives the user root privileges, even though the user entered an incorrect password.
In this case, the attacker supplied an input with a length greater than the buffer can hold, creating buffer overflow,
which overwrote the memory of integer “pass.” Therefore, despite the incorrect password, the value of “pass” became
non zero, and the attacker receives root .privileges.

Buffer Overflow Solutions

To prevent buffer overflow, developers of C/C++ applications should avoid standard library functions that are not
bounds-checked, such as gets, scanf and strcpy.

In addition, secure development practices should include regular testing to detect and fix buffer overflows. The most
reliable way to avoid or prevent buffer overflows is to use automatic protection at the language level. Another fix is
bounds-checking enforced at run-time, which prevents buffer overrun by automatically checking that data written to a
buffer is within acceptable boundaries.
Veracode Helps Identify Buffer Overflows

Veracode’s cloud-based service identifies code vulnerabilities, such as buffer overflow, so that developers can address
them before they are exploited.

Unique in the industry, Veracode’s patented binary static application security testing (SAST) technology analyzes all code
— including open source and third-party components — without requiring access to source code.

SAST supplements threat modeling and code reviews performed by developers, finding coding errors and omissions
more quickly and at lower cost via automation. It’s typically run in the early phases of the software development
lifecycle because it’s easier and less expensive to fix problems before going into production deployment.

SAST identifies critical vulnerabilities such as SQL injection, cross-site scripting (XSS), buffer overflows, unhandled error
conditions and potential back-doors. In addition, our binary SAST technology delivers actionable information that
prioritizes flaws according to severity and provides detailed remediation information to help developers address them
quickly.

Network or TCP Session Hijacking:

TCP guarantees delivery of data, and also guarantees that packets will be delivered in the same order in which
they were sent. In order to guarantee that packets are delivered in the right order, TCP uses acknowledgement
(ACK) packets and sequence numbers to create a "full duplex reliable stream connection between two
endpoints", with the endpoints referring to the communicating hosts. The connection between the client and the
server begins with a 3-way handshake.

After the handshake, it is just a matter of sending packets and incrementing the sequence number to verify that
the packets are getting sent and received.

he goal of the TCP session hijacker is to create a state where the client and server are unable to exchange data; enabling
him/her to forge acceptable packets for both ends, which mimic the real packets. Thus, the attacker is able to gain
control of the session.
IP Spoofing: IP spoofing is a technique which is used to gain unauthorized access to computers where the
intruder sends a message to a computer with an Ip address indicating that the message is coming from a trusted
host.

Man in the middle Attack: Attacker tries to get the session Id by doing ARP spoofing and man in the middle
attack.

Blind Hijacking: In cases where source routing is disabled, the session hijacker can also use blind hijacking where he
injects his malicious data into intercepted communications in the TCP session. It is called blind because he cannot see
the response; though the hijacker can send the data or commands, he is basically guessing the responses of the client
and server.
UDP Session Hijacking

UDS Packet is a low-level transport protocol used on LAN‘s and WAN‘s to send packets between two
endpoints. UDP Session Hijacking is an attack where the attacker tricks the victim into using their computer as
part of a botnet, typically by sending them unsolicited requests disguised as coming from legitimate sources.
This illegitimate traffic can then be used to exploit vulnerable systems or steal data. UDP session hijacking is a
method of compromising a computer session by manipulating the session’s Transmission Control Protocol
(TCP) traffic. The attacker manipulates the data sent over the network, which can then be used to hijack the
session or steal information.

There are a number of risks involved with using UDP session hijacking in ethical hacking. Firstly, UDP packets
are not encrypted and are therefore easier to capture and manipulate. This makes it easier for the attacker to
steal data or hijack the session. Additionally, the attacker has control over the data being sent, which means they
can tamper with it in a number of ways. This could allow them to steal information or modify it in order to
exploit the system.

UDP Hijacking Attacks:

• One of the most powerful hackers will hijack a UDP broadcast. This allows them to steal data like passwords and
credit cards.
• The attacker, who can be someone nearby or halfway around the world, accesses the information by sending
out a false reply to the victim’s communications request to an application that uses UDP as its transport
protocol.
• This is possible in Windows XP, Windows Vista, Windows 7, and Windows 8 operating systems.
• UDP packets are accepted by default on most versions of Microsoft operating system since XP. It is a default
setting for anyone using an application on this operating system. Since these packets are not verified by the
operating system, a hacker can send one reply to another legitimate user’s request.
• This allows the hacker to receive any useful data like passwords and credit cards from the unsuspecting user.
This is dangerous because no one notices anything unless the session gets degraded or broken because of a lack
of response from the server.
• If firewall protection is in place, it will notify the user and block any unauthorized incoming packets.

A Scenario of UDP Session Hijacking:

• In UDP session hijacking, an attacker doesn’t need features like Transmission control protocol, for example,
sequence numbers and ACK mechanism to do session hijacking.
• These attacks took place in the wild back at the beginning of 1995. In this attack, an attacker is concerned about
the connection between terminals.

Block Ciphers: Traditional Block Cipher Structure, Block Cipher Design Principles.
Traditional Block Cipher Structure:

The basic scheme of a block cipher is depicted as follows −

lock Size

Though any size of block is acceptable, following aspects are borne in mind while selecting a size of a block.

Avoid very small block size − Say a block size is m bits. Then the possible plaintext bits combinations are then 2 m. If the
attacker discovers the plain text blocks corresponding to some previously sent ciphertext blocks, then the attacker can
launch a type of ‘dictionary attack’ by building up a dictionary of plaintext/ciphertext pairs sent using that encryption
key. A larger block size makes attack harder as the dictionary needs to be larger.

Do not have very large block size − With very large block size, the cipher becomes inefficient to operate. Such plaintexts
will need to be padded before being encrypted.

Multiples of 8 bit − A preferred block size is a multiple of 8 as it is easy for implementation as most computer processor
handle data in multiple of 8 bits.

Padding in Block Cipher :

Block ciphers process blocks of fixed sizes (say 64 bits). The length of plaintexts is mostly not a multiple of the block size.
For example, a 150-bit plaintext provides two blocks of 64 bits each with third block of balance 22 bits. The last block of
bits needs to be padded up with redundant information so that the length of the final block equal to block size of the
scheme. In our example, the remaining 22 bits need to have additional 42 redundant bits added to provide a complete
block. The process of adding bits to the last block is referred to as padding.

Too much padding makes the system inefficient. Also, padding may render the system insecure at times, if the padding
is done with same bits always.

Block Cipher Schemes :

There is a vast number of block ciphers schemes that are in use. Many of them are publically known. Most popular and
prominent block ciphers are listed below.

Digital Encryption Standard (DES) − The popular block cipher of the 1990s. It is now considered as a ‘broken’ block
cipher, due primarily to its small key size.

Triple DES − It is a variant scheme based on repeated DES applications. It is still a respected block ciphers but inefficient
compared to the new faster block ciphers available.
Advanced Encryption Standard (AES) − It is a relatively new block cipher based on the encryption algorithm Rijndael that
won the AES design competition.

IDEA − It is a sufficiently strong block cipher with a block size of 64 and a key size of 128 bits. A number of applications
use IDEA encryption, including early versions of Pretty Good Privacy (PGP) protocol. The use of IDEA scheme has a
restricted adoption due to patent issues.

Twofish − This scheme of block cipher uses block size of 128 bits and a key of variable length. It was one of the AES
finalists. It is based on the earlier block cipher Blowfish with a block size of 64 bits.

Serpent − A block cipher with a block size of 128 bits and key lengths of 128, 192, or 256 bits, which was also an AES
competition finalist. It is a slower but has more secure design than other block cipher.

BLCK CIPHER DESIGN PRINCIPLES :

Block Cipher Design principles

Block ciphers are designed to follow certain principles to ensure their security and effectiveness. Some of these
principles include:

1. Confusion: The encryption should make it difficult for an attacker to determine relationships between
the plaintext and the ciphertext.
2. Diffusion: The encryption should spread the plaintext across the entire ciphertext to make it difficult for
an attacker to determine patterns in the ciphertext.
3. Non-linearity: The encryption process should use non-linear operations to increase the complexity of
the cipher and make it more resistant to known plaintext attacks.
4. Provable security: The encryption should be designed in such a way that its security can be
mathematically proven.
5. Key size: The encryption should use a large enough key size to make it computationally infeasible for
an attacker to brute force the key.
6. Efficiency: The encryption process should be efficient enough to be implemented in practice.
7. Avalanche(sudden) effect: Small changes in the plaintext should result in large changes in the
ciphertext.
8. Simplicity: The encryption process should be simple enough to be implemented without errors and also
easy to analyze.

These principles are often used as guidelines to evaluate the security of a block cipher and its suitability for a
particular application.
 Chapter-2
Data Encryption Standard:
DES (Data Encryption Standard) is a symmetric-key block cipher algorithm that was widely used for securing
sensitive information. It uses a 56-bit key to encrypt 64-bit blocks of data. DES was considered a secure algorithm
for many years, but the advancement of technology has made it possible to break the encryption relatively easily.
As a result, DES is now considered to be insecure and has been replaced by more secure algorithms such as AES
(Advanced Encryption Standard).

The DES Encryption algorithm consists of the following steps:

1. Key Generation: The key used for encryption is generated by selecting a 64-bit key, of which 8
bits are used for parity and discarded, leaving a 56-bit key.
2. Initial Permutation (IP): The 64-bit plaintext block is rearranged into a new block through IP.
3. 16 rounds of encryption: The main encryption is done through 16 rounds of processing. Each
round consists of four functions:

• Expansion: The 32-bit right half of the data block is expanded to 48 bits.
• Key schedule: A round key is generated based on the original key.
• Substitution: The expanded right half of the data block is combined with the round key using
XOR. The result is then substituted using a fixed S-box table.
• Permutation: The substitution output undergoes a permutation using a fixed P-box table.

4. Final Permutation (FP): The final permutation rearranges the 64-bit ciphertext block into its final
form.
5. Output: The encrypted block is the output of the DES encryption process.
Single Round of DES Algorithm

Add 16 bits

Reduce no. of bits

In expansion add 32,04,08,12,16,20,24,28,05,09,13,17,21,25,29 and 01 once again

i/p : 64 bits o/p : 56 bits

This we are eliminating multiple of 8 bits : 8,16,24,32,40, 48,56
 In 1,2,9,16 perform 1 bit circular shit rest of all perform 2 bit circular shift

Arrange according to above order and reduce i/p : 56 and o/p : 48 bits(8 bits will be reduced )
 Sample S-Box

Number of bits will not be reduced or increased just arrange as per above order
I/P : 32 BITS O/p : 32 bits
 Final permutation becomes cipher text arrange as per above order

Expansion:

The expansion function in the DES algorithm is one of the four functions performed during each round
of the encryption process. It involves expanding the 32-bit right half of the data block to 48 bits.

The expansion function is performed by using an expansion table that takes the 32-bit right half of the
data block and maps it to a 48-bit output. The expansion table rearranges the bits in the input block,
allowing for more possible substitutions in the next step of the encryption process.

The purpose of the expansion function is to increase the size of the data block to allow for more complex
substitution using S-boxes in the next step of the encryption process.

key schedule:

The key schedule in the DES algorithm is the process of generating round keys for each of the 16 rounds
of the encryption process.

The key schedule starts with the original 56-bit key, which is then subjected to a series of permutations
and rotations to generate 16 48-bit round keys. Each round key is then used in the corresponding round
of encryption.

The key schedule process involves the following steps:

1. Permuted Choice 1 (PC-1): The original 56-bit key is subjected to a permutation using a fixed
PC-1 table. This reduces the size of the key to 48 bits.
2. Key rotations: The 48-bit key is then divided into two halves, each consisting of 24 bits. The two
halves are then rotated left by either one or two bits, depending on the round.
3. Permuted Choice 2 (PC-2): The final 48-bit round key is generated by applying another
permutation using a fixed PC-2 table.

This key schedule process is performed for each of the 16 rounds, with a new round key being generated
for each round. The round keys are used in the substitution function of each round to encrypt the data
block.

Substitution:
The substitution step in the DES algorithm is one of the four functions performed during each round of
the encryption process. In this step, the expanded right half of the data block is combined with the round
key using XOR, and the result is then substituted using a fixed S-box table.

An S-box (substitution box) is a pre-defined table that takes a 6-bit input and maps it to a 4-bit output.
The substitution step uses S-boxes to perform non-linear substitution on the output of the XOR function.
The purpose of the substitution step is to add complexity to the encryption process, making it more
difficult for an attacker to determine the original plaintext from the encrypted ciphertext.

Each of the 16 rounds of the DES encryption process has its own set of S-boxes, allowing for a different
substitution to be performed in each round. The output of the substitution step is then permuted using a
fixed P-box table in the next step of the encryption process.

Permutation:

The permutation step in the DES algorithm is one of the four functions performed during each round of
the encryption process. In this step, the output of the substitution step is subjected to a permutation using
a fixed P-box table.

A P-box (permutation box) is a pre-defined table that rearranges the bits in the output of the substitution
step. The permutation step serves to further increase the complexity of the encryption process, making it
more difficult for an attacker to determine the original plaintext from the encrypted ciphertext.

The permutation step uses a fixed P-box table to perform a permutation on the output of the substitution
step. The permuted output is then used as the input for the next round of encryption, or for the final
permutation in the last round of encryption.

The final permutation (FP) rearranges the 64-bit ciphertext block into its final form, producing the
encrypted block as the output of the DES encryption process.

Final Permutation:

The final permutation (FP) in the DES algorithm is the last step of the encryption process. It rearranges
the 64-bit ciphertext block into its final form, producing the encrypted block as the output of the DES
encryption process.

The final permutation step uses a fixed FP table to perform a permutation on the output of the 16th round
of encryption. The permuted output is then the final encrypted block, which can be transmitted or stored.

The final permutation step serves to rearrange the bits of the ciphertext into a form that is suitable for
transmission or storage. It also helps to increase the security of the encryption process by adding another
layer of complexity to the encryption process, making it more difficult for an attacker to determine the
original plaintext from the encrypted ciphertext.

Decryption :

The decryption process in the DES algorithm is essentially the reverse of the encryption process. The
decryption process takes the encrypted ciphertext block as the input and uses the same key that was used
for encryption to produce the original plaintext.

The decryption process in DES consists of the following steps:

1. Initial Permutation (IP): The encrypted ciphertext block is subjected to an initial permutation
using a fixed IP table.
2. 16 rounds of decryption: The decryption process uses the same round functions as the encryption
process, but with the round keys in reverse order. The substitution, expansion, XOR, and
permutation steps are performed in each round to produce the intermediate ciphertext block.
 3. Final Permutation (FP): The intermediate ciphertext block is subjected to a final permutation
using a fixed FP table to produce the original plaintext.

It's important to note that the decryption process uses the same key schedule as the encryption process,
but with the round keys in reverse order. This allows the decryption process to reverse the operations
performed during encryption and produce the original plaintext.

Advanced Encryption Standard (AES):

Advanced Encryption Standard (AES) is a symmetric key encryption algorithm that was developed by
the U.S. National Institute of Standards and Technology (NIST) in the late 1990s. It was designed to
replace the aging Data Encryption Standard (DES) as the standard for secure data encryption.

AES is a block cipher encryption algorithm that operates on fixed-length blocks of data, dividing the data
into 128-bit blocks and encrypting each block separately. AES supports key sizes of 128, 192, and 256
bits, and it is considered to be a highly secure and efficient encryption algorithm.

The AES encryption process involves the following steps:

1. Key Generation: The first step in AES encryption is to generate the encryption key, which is a
128-bit, 192-bit, or 256-bit key. The key is generated using a key generation algorithm, which
produces a random key based on a set of mathematical algorithms and rules.
2. Data Preparation: The next step is to prepare the data to be encrypted. The data is divided into
128-bit blocks, and each block is padded if necessary to ensure that it is a multiple of 128 bits.
3. Initial Permutation: The initial permutation step involves rearranging the bits of each 128-bit
block of data to ensure that the encryption process is unpredictable.
4. Encryption: The actual encryption process involves performing a series of mathematical
operations on the data using the encryption key. The operations include substitution and
permutation operations that are designed to make the encrypted data highly secure and difficult to
penetrate.
5. Ciphertext: The final result of the encryption process is the ciphertext, which is the encrypted
data in an unreadable format. The ciphertext can be transmitted or stored securely.

AES is widely used in various applications, such as encryption software, secure file systems, and VPNs,
due to its high security, efficiency, and ease of use.

Encryption and decryption :

Encryption and decryption in AES is done using the same key. The encryption process involves
transforming plaintext into ciphertext using a series of mathematical operations, including substitution,
permutation, and XOR operations. Decryption is the reverse process, converting ciphertext back into the
original plaintext.

Here's a brief overview of the encryption process in AES:

1. Key expansion: The encryption key is expanded into an array of key schedule.
2. Initial Round: The plaintext is XORed with the first sub-key from the key schedule.
3. Main rounds: This is where the bulk of encryption takes place, with several rounds of
substitution, permutation, and XOR operations using the key schedule. The number of rounds
depends on the key size (10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds
for 256-bit keys).
4. Final round: The output of the main rounds is processed in the final round, which includes one
last round of substitution, permutation, and XOR operations.
The decryption process is the reverse of the encryption process, using the same key schedule derived
from the encryption key. It involves performing the same operations as encryption but in reverse order to
obtain the original plaintext.

Advantages of AES:

1. Security: AES is widely considered to be secure, with no known practical attacks against it.
2. Widespread use: AES is widely used in many applications, including secure communication
protocols, disk encryption, and VPNs.
3. Fast and efficient: AES is designed to be fast and efficient, making it well suited for use in
resource-constrained devices and large-scale data processing.
4. Flexibility: AES supports different key sizes, allowing it to be adapted to a variety of security
requirements.

Disadvantages of AES:

1. Key management: AES requires secure key management to ensure the security of encrypted data.
If the encryption key is compromised, the encrypted data can be easily decrypted.
2. Resource requirements: AES can be computationally intensive, requiring significant processing
power and memory. This can be a drawback in resource-constrained environments.
3. Not quantum-resistant: AES is not quantum-resistant, meaning that it may not be secure against
future quantum computing attacks.

Overall, AES is a widely-used and well-regarded encryption algorithm that offers good security and
performance. However, it is important to carefully manage encryption keys and consider the potential for
future quantum computing attacks when choosing an encryption algorithm.

IDEA (International Data Encryption Algorithm):

IDEA (International Data Encryption Algorithm) is a symmetric-key block cipher algorithm that was
designed to provide a high level of security for data encryption and decryption. It was developed in 1991
by James Massey of ETH Zurich, Switzerland, and Xuejia Lai, of the Chinese University of Hong Kong.

IDEA uses a 128-bit key to encrypt data in 64-bit blocks. The algorithm uses a combination of
substitution and permutation operations to encrypt and decrypt data, and it is widely considered to be a
strong and secure algorithm.

IDEA is widely used in various applications, such as encryption software, secure file systems, and VPNs.
It is also commonly used as a reference implementation in cryptography research, and its design and
implementation have been widely analyzed and studied by experts in the field.

In conclusion, IDEA is an important symmetric-key block cipher algorithm that provides a high level of
security and is widely used in various applications.

IDEA (International Data Encryption Algorithm) is considered to be an important encryption algorithm

due to the following reasons:

1. Security: IDEA is considered to be a secure encryption algorithm, as it uses a 128-bit key to

encrypt data in 64-bit blocks. The algorithm uses a combination of substitution and permutation
operations to encrypt and decrypt data, making it difficult for attackers to penetrate.
2. Widely Used: IDEA has been widely used in various applications, such as encryption software,
secure file systems, and VPNs. It is also commonly used as a reference implementation in
cryptography research, and its design and implementation have been widely analyzed and studied
by experts in the field.
 3. Fast and Efficient: IDEA is designed to be fast and efficient, making it suitable for real-time
encryption and decryption, such as in network communications.
4. Patented: IDEA is patented, which can limit its use and accessibility for some organizations and
individuals, but its popularity and widespread use have made it an important algorithm in the
field of cryptography.
5. Strong Cryptographic Design: The design of IDEA is based on a combination of substitution and
permutation operations, which provides a strong and secure encryption method. The algorithm
has been widely analyzed and studied by experts in the field, and its cryptographic design is
considered to be robust.

In conclusion, IDEA is an important encryption algorithm due to its strong security, widespread use,
efficiency, and robust cryptographic design.

IDEA (International Data Encryption Algorithm) is a symmetric key block cipher encryption algorithm
that was developed in the 1990s as a replacement for DES (Data Encryption Standard). IDEA is a widely
used encryption algorithm that is considered to be highly secure and efficient.

The IDEA encryption process involves the following steps:

1. Key Generation: The first step in IDEA encryption is to generate the encryption key, which is a
128-bit key. The key is generated using a key generation algorithm, which produces a random
key based on a set of mathematical algorithms and rules.
2. Data Preparation: The next step is to prepare the data to be encrypted. The data is divided into 64-
bit blocks, and each block is padded if necessary to ensure that it is a multiple of 64 bits.
3. Initial Permutation: The initial permutation step involves rearranging the bits of each 64-bit block
of data to ensure that the encryption process is unpredictable.
4. Encryption: The actual encryption process involves performing a series of mathematical
operations on the data using the encryption key. The operations include substitution and
permutation operations that are designed to make the encrypted data highly secure and difficult to
penetrate.
5. Ciphertext: The final result of the encryption process is the ciphertext, which is the encrypted
data in an unreadable format. The ciphertext can be transmitted or stored securely.

In conclusion, the IDEA encryption process involves key generation, data preparation, initial
permutation, encryption, and the production of ciphertext. IDEA is considered to be a highly secure and
efficient encryption algorithm that is widely used in various applications, such as encryption software,
secure file systems, and VPNs

IDEA (International Data Encryption Algorithm) decryption is the process of converting the encrypted
data (ciphertext) back into its original form (plaintext). It is the reverse process of IDEA encryption and
is used to retrieve the original information that was encrypted.

Decryption :

The IDEA decryption process involves the following steps:

1. Key Generation: The first step in IDEA decryption is to generate the decryption key, which is the
same as or related to the encryption key used to encrypt the data.
2. Ciphertext: The next step is to retrieve the ciphertext, which is the encrypted data in an
unreadable format.
3. Decryption: The actual decryption process involves performing a series of mathematical
operations on the ciphertext using the decryption key. These operations undo the operations
performed by the encryption process and retrieve the original plaintext from the ciphertext.
4. Final Permutation: The final permutation step rearranges the bits of the original plaintext back to
their original order.
5. Plaintext: The final result of the IDEA decryption process is the original plaintext, which is the
unencrypted data in a readable format.
In conclusion, the IDEA decryption process involves key generation, retrieving the ciphertext,
decryption, final permutation, and the production of plaintext. IDEA decryption is an important process
that ensures the confidentiality, integrity, and security of data, and it is widely used in various
applications, such as encryption software, secure file systems, and VPNs.

Advantages of IDEA:

1. Security: IDEA is considered to be a highly secure encryption algorithm, with a 128-bit key size
that provides strong protection against brute-force attacks.
2. Efficient: IDEA is designed to be highly efficient, and it can encrypt and decrypt data quickly,
making it suitable for use in real-time applications.
3. Widely Used: IDEA is widely used and is supported by many encryption software products,
making it easy to integrate into existing systems.
4. Patented Algorithm: IDEA is a patented algorithm, which helps to ensure that it is not easily
duplicated or counterfeited.

Disadvantages of IDEA:

1. License Required: In order to use IDEA, a license is required, which can be expensive for some
users.
2. Patented Algorithm: Because IDEA is a patented algorithm, it is not free to use, which can limit
its adoption by some users.
3. Key Size: Although 128-bit key size provides strong security, some users may prefer a longer key
length for added security.

In conclusion, IDEA is a widely used, highly secure, and efficient encryption algorithm that is suitable
for use in various applications. However, its patent and licensing requirements can limit its adoption by
some users.

Blowfish algorithm:

Blowfish is a symmetric-key block cipher algorithm that was designed by Bruce Schneier in 1993. It uses
a variable-length key, ranging from 32 to 448 bits, to encrypt data blocks of 64 bits at a time. The
algorithm is designed to be fast, efficient, and secure, making it suitable for a wide range of applications,
such as secure data transmission and storage.

One of the strengths of Blowfish is its ability to provide strong encryption while maintaining high
processing speed. The algorithm uses a key schedule to generate a unique set of subkeys for each data
block, which are then used in a series of substitution, permutation, and XOR operations to encrypt and
decrypt the data.

Despite its strengths, Blowfish is not immune to attack, and the security of the encryption is dependent
on the length of the key and the implementation of the algorithm. As with any encryption algorithm, it is
important to use a strong key and a secure implementation to ensure the privacy and security of the data
being encrypted.

Blowfish is an important symmetric-key block cipher algorithm that provides strong encryption for data
transmission and storage. The following are some of the reasons why the Blowfish algorithm is
important:

1. Security: Blowfish provides a high level of security, making it suitable for applications that
require strong encryption, such as secure data transmission and storage.
2. Speed: The algorithm is designed to be fast and efficient, making it suitable for real-time
encryption and decryption, such as in network communications.
3. Key Size: Blowfish allows for variable key lengths, which provides flexibility and enhances the
security of the encryption.
 4. Simplicity: The Blowfish algorithm is relatively simple and easy to implement, making it
accessible to a wide range of users, from individuals to large organizations.
5. Widely Used: Blowfish has been widely used and implemented in various applications, such as
encryption software, secure file systems, and VPNs.
6. Patented: Blowfish was patented, which can limit its use and accessibility for some organizations
and individuals, but its popularity and widespread use have made it an important algorithm in the
field of cryptography.

In conclusion, Blowfish is an important encryption algorithm that provides strong security, speed, and
flexibility, making it suitable for a wide range of applications and users.

The steps in the Blowfish algorithm can be summarized as follows:

1. Key Generation: The key is expanded into an array of subkeys to be used in the encryption
process.
2. Initial Permutation: The plaintext is divided into blocks, and the algorithm performs an initial
permutation on the first block of data.
3. Key Schedule: The subkeys are used in a key schedule process, which involves a series of XOR
operations and substitutions to create a unique set of subkeys for each block of data.
4. Data Encryption: The subkeys are used in a series of 16 rounds of encryption, each of which
involves substitution, permutation, and XOR operations.
5. Final Permutation: The final permutation step rearranges the encrypted data to produce the final
ciphertext.
6. Data Decryption: The decryption process is the reverse of the encryption process and uses the
same subkeys generated during the key schedule.
Advantages of Blowfish algorithm:

1. Security: Blowfish provides strong encryption, making it suitable for secure data transmission
and storage.
2. Speed: The algorithm is designed to be fast and efficient, making it suitable for real-time
encryption and decryption.
 3. Key size: Blowfish allows for variable key lengths, which provides flexibility and enhances the
security of the encryption.
4. Simplicity: The Blowfish algorithm is relatively simple and easy to implement, making it
accessible to a wide range of users.

Disadvantages of Blowfish algorithm:

1. Key size: While a variable key length is an advantage, the key size can be a disadvantage if it's
too short, as it can reduce the overall security of the encryption.
2. Patent: The Blowfish algorithm was patented, which can limit its use and accessibility for some
organizations and individuals.
3. Vulnerability: Like any encryption algorithm, Blowfish is vulnerable to attacks and can be broken
if the key size is not long enough or if the implementation is not secure.

Block cipher modes of operation:

Block cipher modes of operation are methods for using a block cipher algorithm, which encrypts data in
fixed-size blocks, to encrypt data of arbitrary length. Common block cipher modes of operation include:

• ECB (Electronic Codebook): Simple and not recommended for use, as it can result in repeated
ciphertext blocks for identical plaintext blocks.
• CBC (Cipher Block Chaining): Most widely used mode of operation, provides a strong level of
encryption.
• CFB (Cipher Feedback): Mode of operation that allows data to be encrypted in a streaming
fashion.
• OFB (Output Feedback): Mode of operation that encrypts data in a similar fashion to CFB, but
with a different method of generating the keystream.
• CTR (Counter): Mode of operation that allows data to be encrypted in parallel and is widely used
in high-speed applications.

It's important to choose the right mode of operation based on the specific requirements of the application
to ensure secure encryption of data.

1. ECB (Electronic Codebook) is a mode of operation for block ciphers, where the plaintext is
divided into fixed-size blocks and each block is encrypted independently. ECB is the simplest
mode of operation, but it also has several weaknesses, such as the possibility of repeating
ciphertext for identical plaintext blocks and lack of diffusion. For these reasons, ECB is not
recommended for use in most applications and is generally considered to be insecure.
Advantages of ECB (Electronic Codebook) mode of operation:

1. Simplicity: ECB is the simplest mode of operation for a block cipher, which makes it easier to
implement and less prone to implementation errors.
2. Fast Encryption: ECB mode of operation can be faster than other modes, as each block is
encrypted independently.

Disadvantages of ECB (Electronic Codebook) mode of operation:

1. Lack of Confidentiality: ECB does not provide confidentiality, as repeated plaintext blocks will
result in repeated ciphertext blocks, which can reveal information about the plaintext.
2. Lack of Diffusion: ECB does not provide diffusion, which means that changes in the plaintext
will not affect the ciphertext in a significant way.
3. Insecurity: ECB is generally considered to be insecure, as it does not provide the level of security
required for most applications.

CBC (Cipher Block Chaining):

CBC (Cipher Block Chaining) is a mode of operation for block ciphers, where each plaintext block is
XORed with the previous ciphertext block before being encrypted. This mode of operation provides
diffusion, which means that changes in the plaintext will affect the ciphertext in a significant way, and
confidentiality, as repeated plaintext blocks will not result in repeated ciphertext blocks. CBC mode of
operation also requires an initialization vector (IV), which is used to encrypt the first plaintext block and
ensure that the same plaintext does not result in the same ciphertext.
Advantages of CBC (Cipher Block Chaining) mode of operation:

1. Confidentiality: CBC provides confidentiality, as repeated plaintext blocks will not result in
repeated ciphertext blocks.
2. Diffusion: CBC provides diffusion, which means that changes in the plaintext will affect the
ciphertext in a significant way.
3. Widely Used: CBC is widely used and considered to be secure for most applications.

Disadvantages of CBC (Cipher Block Chaining) mode of operation:

1. Complexity: CBC is more complex to implement than ECB and can be prone to implementation
errors.
2. Requirement for IV: CBC requires an initialization vector (IV), which must be securely generated
and transmitted.
3. Performance: CBC can be slower than other modes of operation, as each block of plaintext must
be encrypted one at a time.

CFB (Cipher Feedback):

CFB (Cipher Feedback) is a mode of operation for block ciphers, where each plaintext block is XORed
with the ciphertext of the previous block, which has been encrypted using the block cipher. CFB mode of
operation provides a way to encrypt data in a "streaming" fashion, where the plaintext can be encrypted
one block at a time as it becomes available, instead of having to wait for the entire plaintext to be
available.
Advantages of CFB (Cipher Feedback) mode of operation:

1. Streaming Encryption: CFB provides a way to encrypt data in a streaming fashion, which is
useful for applications where the plaintext is not available all at once.
2. Diffusion: CFB provides diffusion, which means that changes in the plaintext will affect the
ciphertext in a significant way.

Disadvantages of CFB (Cipher Feedback) mode of operation:

1. Complexity: CFB is more complex to implement than ECB and can be prone to implementation
errors.
2. Requirement for IV: CFB requires an initialization vector (IV), which must be securely generated
and transmitted.
3. Performance: CFB can be slower than other modes of operation, as each block of plaintext must
be encrypted one at a time.
4. Security: CFB can be vulnerable to certain attacks, such as message forgery, if the keystream is
not generated properly.

CFB mode of operation is less widely used than other modes, such as CBC or CTR, but it can be useful
for applications where the plaintext is not available all at once and where a high degree of confidentiality
is required.

OFB (Output Feedback):

OFB (Output Feedback) is a mode of operation for block ciphers, where the plaintext is encrypted by
XORing it with the output of the block cipher, which is used as a keystream. OFB mode of operation
provides a way to encrypt data in a "streaming" fashion, where the plaintext can be encrypted one block
at a time as it becomes available, instead of having to wait for the entire plaintext to be available.
Advantages of OFB (Output Feedback) mode of operation:

1. Streaming Encryption: OFB provides a way to encrypt data in a streaming fashion, which is
useful for applications where the plaintext is not available all at once.
2. Diffusion: OFB provides diffusion, which means that changes in the plaintext will affect the
ciphertext in a significant way.

Disadvantages of OFB (Output Feedback) mode of operation:

1. Complexity: OFB is more complex to implement than ECB and can be prone to implementation
errors.
2. Requirement for IV: OFB requires an initialization vector (IV), which must be securely generated
and transmitted.
3. Security: OFB can be vulnerable to certain attacks, such as message forgery, if the keystream is
not generated properly.

OFB mode of operation is less widely used than other modes, such as CBC or CTR, but it can be useful
for applications where the plaintext is not available all at once and where a high degree of confidentiality
is required.

CTR (Counter):

CTR (Counter) is a mode of operation for block ciphers, where a counter is encrypted using the block
cipher and then XORed with the plaintext to produce the ciphertext. CTR mode of operation provides a
way to encrypt data in a "streaming" fashion, where the plaintext can be encrypted one block at a time as
it becomes available, instead of having to wait for the entire plaintext to be available. CTR mode of
operation also provides parallelism, as multiple blocks of plaintext can be encrypted simultaneously.
Advantages of CTR (Counter) mode of operation:

1. Streaming Encryption: CTR provides a way to encrypt data in a streaming fashion, which is
useful for applications where the plaintext is not available all at once.
2. Parallelism: CTR provides parallelism, as multiple blocks of plaintext can be encrypted
simultaneously.
3. Widely Used: CTR is widely used and considered to be secure for most applications.

Disadvantages of CTR (Counter) mode of operation:

1. Complexity: CTR is more complex to implement than ECB and can be prone to implementation
errors.
2. Requirement for IV: CTR requires an initialization vector (IV), which must be securely generated
and transmitted.
3. Security: CTR can be vulnerable to certain attacks, such as message forgery, if the keystream is
not generated properly.

CTR mode of operation is widely used and considered to be secure for most applications, as it provides a
way to encrypt data in a "streaming" fashion and allows for parallel encryption of multiple blocks of
plaintext
 Chapter-3
Public key cryptography: Principles

Public key cryptography is based on the following principles:

1. Asymmetry: It uses two different keys for encryption and decryption, one for public use and one
for private use.
2. Complex Mathematical Functions: Public key cryptography relies on mathematical algorithms to
encrypt and decrypt data.
3. Key Distribution: Public keys are widely distributed while private keys are kept confidential.
4. Digital Signatures: Public key cryptography can be used to create digital signatures, which verify
the authenticity and integrity of a message.
5. Public Key Infrastructure: The secure distribution and management of public keys is important to
ensure the security of communication.

These principles ensure secure communication by providing confidentiality, authenticity, and data
integrity.

Public key cryptography uses various algorithms:

Public key cryptography uses various algorithms for encrypting and decrypting data. Some of the
commonly used algorithms are:

1. RSA (Rivest-Shamir-Adleman): It is one of the first widely-used public key algorithms and is
widely used for secure data transmission.
2. Elliptic Curve Cryptography (ECC): It is based on the mathematics of elliptic curves and
provides similar security to RSA with smaller key sizes.
3. Diffie-Hellman: It is a key agreement algorithm that allows two parties to establish a shared
secret key over an insecure communication channel.
4. DSA (Digital Signature Algorithm): It is a signature generation algorithm used for authenticating
digital signatures.
5. AES (Advanced Encryption Standard): It is a symmetric-key algorithm widely used for data
encryption.

These algorithms have different strengths and weaknesses and are used in different applications based on
their requirements and the level of security needed.

RSA algorithm:

The RSA algorithm is a widely-used public key cryptography algorithm that is based on the
mathematical properties of large prime numbers. The algorithm consists of the following steps:

1. Key Generation: Two large prime numbers are generated and used to create a public key and a
private key.
2. Encryption: The public key is used to encrypt a message, and the encrypted message can only be
decrypted using the private key.
3. Decryption: The private key is used to decrypt the encrypted message, which can only be done by
the owner of the private key.
4. Digital Signatures: The RSA algorithm can also be used to create digital signatures, which verify
the authenticity and integrity of a message.

The security of RSA is based on the difficulty of factoring large prime numbers and the difficulty of
determining the private key from the public key. The key size used for RSA determines the level of
security provided by the algorithm, with larger key sizes providing stronger security.
RSA Algorithm:

he steps in the RSA algorithm are as follows:

1. Key Generation:
o Select two large prime numbers, p and q, and compute n = p * q.
o Select a public key exponent e, such that 1 < e < φ(n) (where φ is the Euler's totient
function), and e is coprime to φ(n).
o Compute the private key exponent d, such that d * e = 1 (mod φ(n)).
o The public key is the pair (n, e) and the private key is the pair (n, d).
2. Encryption:
o To encrypt a message, m, the sender computes the ciphertext c = m^e (mod n).
3. Decryption:
o To decrypt the ciphertext, c, the receiver computes the original message m = c^d (mod n).
4. Digital Signatures:
o To create a digital signature, the sender calculates the message digest, H(m), and then
computes the signature, s = H(m)^d (mod n).
o To verify the signature, the receiver computes H(m) = s^e (mod n) and compares it to the
original message digest. If they match, the signature is verified.

Note: The RSA algorithm requires large prime numbers to be secure, which makes key generation
computationally intensive. The encryption and decryption steps, however, are relatively fast compared to
key generation.

Simple example of the RSA algorithm in action:

1. Key Generation:
o Select two prime numbers, p = 61 and q = 53.
o Compute n = p * q = 61 * 53 = 3233.
o Select a public key exponent, e = 17.
o Compute the private key exponent, d = 2753.
o The public key is (n, e) = (3233, 17) and the private key is (n, d) = (3233, 2753).
2. Encryption:
o To encrypt a message, m = 65, the sender computes the ciphertext c = m^e (mod n) =
65^17 (mod 3233) = 2790.
3. Decryption:
o To decrypt the ciphertext, c = 2790, the receiver computes the original message m = c^d
(mod n) = 2790^2753 (mod 3233) = 65.
4. Digital Signatures:
o To create a digital signature, the sender calculates the message digest, H(m) = 65, and
then computes the signature, s = H(m)^d (mod n) = 65^2753 (mod 3233) = 2790.
o To verify the signature, the receiver computes H(m) = s^e (mod n) = 2790^17 (mod 3233)
= 65 and compares it to the original message digest. Since they match, the signature is
verified.

This is a simple example to illustrate the working of the RSA algorithm, but in real-world applications,
much larger prime numbers and keys are used for security.

Here's another example of the RSA algorithm in action:

1. Key Generation:
o Select two prime numbers, p = 59 and q = 61.
o Compute n = p * q = 59 * 61 = 3609.
o Select a public key exponent, e = 13.
o Compute the private key exponent, d = 3187.
 o The public key is (n, e) = (3609, 13) and the private key is (n, d) = (3609, 3187).
2. Encryption:
o To encrypt a message, m = 98, the sender computes the ciphertext c = m^e (mod n) =
98^13 (mod 3609) = 1270.
3. Decryption:
o To decrypt the ciphertext, c = 1270, the receiver computes the original message m = c^d
(mod n) = 1270^3187 (mod 3609) = 98.
4. Digital Signatures:
o To create a digital signature, the sender calculates the message digest, H(m) = 98, and
then computes the signature, s = H(m)^d (mod n) = 98^3187 (mod 3609) = 1270.
o To verify the signature, the receiver computes H(m) = s^e (mod n) = 1270^13 (mod 3609)
= 98 and compares it to the original message digest. Since they match, the signature is
verified.

This is another simple example to illustrate the working of the RSA algorithm, but in real-world
applications, much larger prime numbers and keys are used for security

Note : To compute 98^13 (mod 3609), we can use modular exponentiation. This involves computing the
result of 98^13 and then taking the remainder when divided by 3609.

Here's the calculation:

98^13 = 98 * 98 * ... * 98 (13 times) = 285427753446958000

285427753446958000 % 3609 = 1270

So, 98^13 (mod 3609) = 1270

Advantages of RSA algorithm:

1. Security: RSA is widely used and considered to be secure because of the difficulty of factoring
large numbers and computing their modular inverse.
2. Key Generation: RSA is easy to generate keys, and the key size can be adjusted to provide the
desired level of security.
3. Widely Used: RSA is widely used and widely supported, making it easy to integrate into various
applications and protocols.
4. Digital Signatures: RSA can be used for digital signatures, allowing for secure and authentic
communication between parties.

Disadvantages of RSA algorithm:

1. Key Size: RSA keys can become very large, making them difficult to manage and slow to
process, especially for large amounts of data.
2. Complexity: RSA can be complex to implement, especially for inexperienced users.
3. Vulnerability to Quantum Computers: RSA is vulnerable to quantum computers, which can
perform certain calculations much faster than classical computers.
4. Speed: RSA can be slower than other encryption algorithms, especially for large amounts of data.
This can make it less suitable for real-time applications.
Diffile Hellman Key Exchange :

Diffie-Hellman key exchange is a method of securely exchanging cryptographic keys over a public
communication channel. It is a popular method for establishing a shared secret between two parties over
an insecure communication channel.

The basic idea behind Diffie-Hellman is that it allows two parties to agree on a shared secret key, even if
an eavesdropper is listening in on the communication. This is done by using a modular exponentiation
and a public value, which are shared between the two parties. The two parties use this information to
derive a shared secret, which can then be used as a key for symmetric encryption.

Here's how the Diffie-Hellman key exchange works:

1. Key Generation:

oSelect a prime number, p, and a base g, which is primitive root modulo p.

oEach party generates a private key, x or y, which is a random integer less than p.
oEach party computes a public key, X or Y, using the formula X = g^x (mod p) or Y = g^y
(mod p).
o The public keys X and Y are then shared between the two parties.
2. Key Exchange:
o Party A computes the shared secret key using the formula s = Y^x (mod p)
o Party B computes the shared secret key using the formula s = X^y (mod p)
o The two parties now have the same shared secret key, s.
3. Encryption:
o The shared secret key, s, can be used as a symmetric key for encryption and decryption.

This method allows two parties to securely establish a shared secret over an insecure channel, without the
need for any pre-existing secure channels or trusted third parties. It provides confidentiality, authenticity
and integrity of the shared secret key, making it a widely used method for secure key exchange.

Example of the Diffie-Hellman key exchange:

1. Key Generation:
o Let's say that p = 23 and g = 5.
o Party A generates a private key, x = 6.
o Party B generates a private key, y = 15.
o Party A computes the public key X = g^x (mod p) = 5^6 (mod 23) = 8.
o Party B computes the public key Y = g^y (mod p) = 5^15 (mod 23) = 19.
o Party A and B exchange their public keys, X = 8 and Y = 19.
2. Key Exchange:
o Party A computes the shared secret key s = Y^x (mod p) = 19^6 (mod 23) = 2.
o Party B computes the shared secret key s = X^y (mod p) = 8^15 (mod 23) = 2.
o The shared secret key s = 2 is the same for both parties.
3. Encryption:
o The shared secret key s = 2 can be used as a symmetric key for encryption and decryption.
Cryptographic hash functions:

A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash
value h = H(M). A “good” hash function has the property that the results of applying the function to a
large set of inputs will produce outputs that are evenly distributed and apparently random.

Below Figure depicts the general operation of a cryptographic hash function.Typically, the input is
padded out to an integer multiple of some fixed length (e.g., 1024 bits), and the padding includes the
value of the length of the original message in bits. The length field is a security measure to increase the
difficulty for an attacker to produce an alternative message with the same hash value, as explained
subsequently.

A cryptographic hash function is a mathematical function that takes input data of arbitrary size and
produces a fixed-size output, typically in the form of a string of digits and letters. The function is
designed to be one-way, meaning that it is computationally infeasible to derive the original input data
from the output hash value.

In addition to being one-way, cryptographic hash functions have several other important properties. They
are deterministic, meaning that the same input will always produce the same output hash value. They are
also quick to compute, meaning that it is computationally easy to compute the hash value of a given
input. Finally, they are resistant to collisions, meaning that it is extremely difficult to find two different
input values that produce the same hash value.

Cryptographic hash functions are used in a wide range of applications, including digital signatures,
password storage, and data integrity checking. Examples of commonly used cryptographic hash
functions include SHA-256, SHA-3, and BLAKE2. These hash functions are standardized and widely
used in industry and academia, and have been extensively studied to ensure their security properties.

Application of Cryptographic Hash Functions:

Cryptographic hash functions have numerous applications in various fields due to their key properties
such as one-wayness, collision resistance, and deterministic output. Here are some common applications
of cryptographic hash functions:
 1. Authentication :

Message authentication is a mechanism or service used to verify the integrity of

a message. Message authentication assures that data received are exactly as sent
(i.e., there is no modification, insertion, deletion, or replay). In many cases, there is
a requirement that the authentication mechanism assures that purported identity of
the sender is valid. When a hash function is used to provide message authentication,
the hash function value is often referred to as a message digest.

Below diagram illustrates a variety of ways in which a hash code can be used to
provide message authentication.
2. Digital Signatures: Cryptographic hash functions are used in digital signature schemes to
ensure the authenticity and integrity of digital documents. In this application, the hash
function is used to generate a message digest of the document, which is then encrypted
using a private key to create a digital signature. The recipient can then use the
corresponding public key to decrypt the signature and verify the integrity and authenticity
of the document.
3. Password Storage: Cryptographic hash functions are used to store user passwords
securely in databases. Instead of storing the actual password, the hash of the password is
stored in the database. When a user logs in, the password entered is hashed and compared
to the hash stored in the database. If they match, the user is authenticated.
4. Data Integrity Checking: Cryptographic hash functions are used to ensure that data has
not been tampered with or corrupted during transmission or storage. For example, before
transmitting a file, a sender can calculate the hash of the file and send the hash along with
the file. The recipient can then calculate the hash of the received file and compare it to the
transmitted hash. If they match, the file has not been modified during transmission.
5. Blockchain Technology: Cryptographic hash functions are a critical component of
blockchain technology. In a blockchain, each block is identified by a hash value, which is
calculated based on the contents of the block. This ensures that the block cannot be
modified without changing its hash value, making the blockchain tamper-resistant.
6. Digital Forensics: Cryptographic hash functions are used in digital forensics to identify
and verify digital evidence. By calculating the hash of a digital artifact, such as a file or
memory dump, investigators can ensure that it has not been altered or tampered with.
Requirements & Security:

Cryptographic hash functions are widely used in modern cryptography and security applications. To
ensure their effectiveness and security, cryptographic hash functions must meet several requirements.
The most important of these requirements include:

1. One-wayness: The hash function must be a one-way function, meaning that it is computationally
infeasible to find the input that produces a given output. In other words, given a hash value, it
should be impossible to determine the original input value that produced that hash.
2. Collision Resistance: The hash function must be collision-resistant, meaning that it is
computationally infeasible to find two different input values that produce the same output hash
value. This is important to prevent attackers from finding multiple input values that produce the
same hash value and use them maliciously.
3. Determinism: The hash function must be deterministic, meaning that the same input data always
produces the same hash value. This is important for applications such as digital signatures and
password storage, where the hash value is used as a reference.
4. Quick Computation: The hash function must be computationally efficient, meaning that it
should be quick to compute the hash value of a given input. This is important for real-time
applications such as data transfer and processing.
5. Resistance to Attacks: The hash function must be resistant to various attacks, including brute-
force attacks, birthday attacks, and preimage attacks. This ensures the security of the hash
function and its applications.

If a hash function does not meet these requirements, it can be vulnerable to attacks and compromise the
security of its applications. Therefore, it is important to use well-studied and standardized hash functions,
such as SHA-256 and SHA-3, that meet these requirements and have been thoroughly tested for their
security properties. Additionally, it is important to use appropriate key sizes and parameters to ensure the
security of the hash function in various applications.

Secure Hash Algorithm:

The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions developed by the
National Security Agency (NSA) in the United States. The most widely used versions of SHA are SHA-
1, SHA-2, and SHA-3.

SHA-1: SHA-1 produces a 160-bit hash value and is now considered insecure for many applications due
to its susceptibility to collision attacks. It has been recommended to be phased out in favor of stronger
hash functions.

SHA-2: SHA-2 is a family of hash functions that includes SHA-224, SHA-256, SHA-384, and SHA-512,
with each producing hash values of different sizes. SHA-256 is widely used and considered to be secure
for most applications. SHA-384 and SHA-512 are designed for applications that require higher levels of
security.

SHA-3: SHA-3 is the most recent addition to the SHA family and is based on a different design than
SHA-2. It includes four hash functions: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 is
designed to be resistant to attacks that have been developed against other hash functions and is suitable
for a wide range of applications.

The SHA family of hash functions is widely used in various applications, including digital signatures,
password storage, and blockchain technology. However, it is important to use the appropriate version of
SHA based on the level of security required for a particular application. Additionally, as computing
power and attack methods continue to evolve, it is important to keep up with the latest recommendations
and best practices for using and implementing SHA functions.
SHA-1 is a cryptographic hash function that produces a 160-bit hash value. It was developed by the
National Security Agency (NSA) and was widely used in various applications, such as digital signatures,
until its weaknesses were discovered. SHA-1 is no longer considered secure for many applications, and it
has been recommended to transition to stronger hash functions, such as SHA-2 or SHA-3.

SHA-1 Algorithm:

The SHA-1 algorithm works by taking an input message and processing it through a series of rounds to
produce a fixed-size output, or hash value. The process consists of four main steps:

1. Padding: The input message is padded with zeros and a length value so that the message length is
a multiple of 512 bits.
2. Initialization: An initial hash value is set as a fixed constant.
3. Message Processing: The padded input message is processed through a series of rounds, where
the input message is split into 512-bit blocks and each block is processed to update the hash
value.
4. Output: The final hash value is the result of the last round of processing.

The SHA-1 algorithm is designed to meet the requirements of a secure hash function, such as one-
wayness, collision resistance, and deterministic output. However, it has been found to be vulnerable to
collision attacks, where an attacker can find two different input messages that produce the same hash
value. This makes it insecure for many applications, and it has been recommended to transition to
stronger hash functions.

Advantages and Disadvantages:

Cryptographic Hash Functions

A cryptographic hash function is a mathematical function that takes input data of arbitrary size and
produces a fixed-size output, typically in the form of a string of digits and letters. The function is
designed to be one-way, meaning that it is computationally infeasible to derive the original input data
from the output hash value.

In addition to being one-way, cryptographic hash functions have several other important properties. They
are deterministic, meaning that the same input will always produce the same output hash value. They are
also quick to compute, meaning that it is computationally easy to compute the hash value of a given
input. Finally, they are resistant to collisions, meaning that it is extremely difficult to find two different
input values that produce the same hash value.

Cryptographic hash functions are used in a wide range of applications, including digital signatures,
password storage, and data integrity checking. Examples of commonly used cryptographic hash
functions include SHA-256, SHA-3, and BLAKE2. These hash functions are standardized and widely
used in industry and academia, and have been extensively studied to ensure their security properties.

Application of Cryptographic Hash Functions

Cryptographic hash functions have numerous applications in various fields due to their key properties
such as one-wayness, collision resistance, and deterministic output. Here are some common applications
of cryptographic hash functions:
 1. Digital Signatures: Cryptographic hash functions are used in digital signature schemes to ensure
the authenticity and integrity of digital documents. In this application, the hash function is used to
generate a message digest of the document, which is then encrypted using a private key to create
a digital signature. The recipient can then use the corresponding public key to decrypt the
signature and verify the integrity and authenticity of the document.
2. Password Storage: Cryptographic hash functions are used to store user passwords securely in
databases. Instead of storing the actual password, the hash of the password is stored in the
database. When a user logs in, the password entered is hashed and compared to the hash stored in
the database. If they match, the user is authenticated.
3. Data Integrity Checking: Cryptographic hash functions are used to ensure that data has not been
tampered with or corrupted during transmission or storage. For example, before transmitting a
file, a sender can calculate the hash of the file and send the hash along with the file. The recipient
can then calculate the hash of the received file and compare it to the transmitted hash. If they
match, the file has not been modified during transmission.
4. Blockchain Technology: Cryptographic hash functions are a critical component of blockchain
technology. In a blockchain, each block is identified by a hash value, which is calculated based
on the contents of the block. This ensures that the block cannot be modified without changing its
hash value, making the blockchain tamper-resistant.
5. Digital Forensics: Cryptographic hash functions are used in digital forensics to identify and verify
digital evidence. By calculating the hash of a digital artifact, such as a file or memory dump,
investigators can ensure that it has not been altered or tampered with.

These are just a few examples of the many applications of cryptographic hash functions in various fields.
The widespread use of hash functions highlights their importance in modern cryptography and security.

Requirements & Security

Cryptographic hash functions are widely used in modern cryptography and security applications. To
ensure their effectiveness and security, cryptographic hash functions must meet several requirements.
The most important of these requirements include:

1. One-wayness: The hash function must be a one-way function, meaning that it is computationally
infeasible to find the input that produces a given output. In other words, given a hash value, it
should be impossible to determine the original input value that produced that hash.
2. Collision Resistance: The hash function must be collision-resistant, meaning that it is
computationally infeasible to find two different input values that produce the same output hash
value. This is important to prevent attackers from finding multiple input values that produce the
same hash value and use them maliciously.
3. Determinism: The hash function must be deterministic, meaning that the same input data always
produces the same hash value. This is important for applications such as digital signatures and
password storage, where the hash value is used as a reference.
4. Quick Computation: The hash function must be computationally efficient, meaning that it should
be quick to compute the hash value of a given input. This is important for real-time applications
such as data transfer and processing.
5. Resistance to Attacks: The hash function must be resistant to various attacks, including brute-
force attacks, birthday attacks, and preimage attacks. This ensures the security of the hash
function and its applications.

If a hash function does not meet these requirements, it can be vulnerable to attacks and compromise the
security of its applications. Therefore, it is important to use well-studied and standardized hash functions,
such as SHA-256 and SHA-3, that meet these requirements and have been thoroughly tested for their
security properties. Additionally, it is important to use appropriate key sizes and parameters to ensure the
security of the hash function in various applications.
Secure Hash Algorithm

The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions developed by the
National Security Agency (NSA) in the United States. The most widely used versions of SHA are SHA-
1, SHA-2, and SHA-3.

SHA-1: SHA-1 produces a 160-bit hash value and is now considered insecure for many applications due
to its susceptibility to collision attacks. It has been recommended to be phased out in favor of stronger
hash functions.

SHA-2: SHA-2 is a family of hash functions that includes SHA-224, SHA-256, SHA-384, and SHA-512,
with each producing hash values of different sizes. SHA-256 is widely used and considered to be secure
for most applications. SHA-384 and SHA-512 are designed for applications that require higher levels of
security.

SHA-3: SHA-3 is the most recent addition to the SHA family and is based on a different design than
SHA-2. It includes four hash functions: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 is
designed to be resistant to attacks that have been developed against other hash functions and is suitable
for a wide range of applications.

The SHA family of hash functions is widely used in various applications, including digital signatures,
password storage, and blockchain technology. However, it is important to use the appropriate version of
SHA based on the level of security required for a particular application. Additionally, as computing
power and attack methods continue to evolve, it is important to keep up with the latest recommendations
and best practices for using and implementing SHA functions.

SHA-1 algorithm

SHA-1 is a cryptographic hash function that produces a 160-bit hash value. It was developed by the
National Security Agency (NSA) and was widely used in various applications, such as digital signatures,
until its weaknesses were discovered. SHA-1 is no longer considered secure for many applications, and it
has been recommended to transition to stronger hash functions, such as SHA-2 or SHA-3.

The SHA-1 algorithm works by taking an input message and processing it through a series of rounds to
produce a fixed-size output, or hash value. The process consists of four main steps:

1. Padding: The input message is padded with zeros and a length value so that the message length is
a multiple of 512 bits.
2. Initialization: An initial hash value is set as a fixed constant.
3. Message Processing: The padded input message is processed through a series of rounds, where
the input message is split into 512-bit blocks and each block is processed to update the hash
value.
4. Output: The final hash value is the result of the last round of processing.

The SHA-1 algorithm is designed to meet the requirements of a secure hash function, such as one-
wayness, collision resistance, and deterministic output. However, it has been found to be vulnerable to
collision attacks, where an attacker can find two different input messages that produce the same hash
value. This makes it insecure for many applications, and it has been recommended to transition to
stronger hash functions.

Advantages and Disadvantages

Advantages of SHA-1:
 1. Efficiency: SHA-1 is relatively fast and efficient compared to other hash functions that produce a
similar hash value size.
2. Widely Supported: SHA-1 is widely supported and used in various applications, such as digital
signatures and password storage.
3. Deterministic: SHA-1 produces a deterministic output, meaning that the same input message will
always produce the same hash value. This is important for applications that rely on a consistent
and predictable output.

Disadvantages of SHA-1:

1. Vulnerable to Attacks: SHA-1 is no longer considered secure for many applications due to its
vulnerabilities to collision attacks. This means that an attacker can find two different input
messages that produce the same hash value, which can lead to various security risks.
2. Weaker than Modern Alternatives: SHA-1 is weaker than modern alternatives such as SHA-2 and
SHA-3, which produce larger hash values and are more secure against attacks.
3. Security Risks: The vulnerabilities of SHA-1 make it unsuitable for high-security applications,
such as protecting classified or sensitive information.
4. Recommendations to Phase Out: Due to the weaknesses of SHA-1, many organizations and
security experts recommend phasing out its use in favor of stronger and more secure hash
functions, such as SHA-2 and SHA-3.

In summary, SHA-1 was once a widely used and efficient hash function, but its weaknesses make it
vulnerable to various attacks, and it is no longer considered secure for many applications. As a result, it
is recommended to transition to stronger hash functions such as SHA-2 or SHA-3, which offer greater
security and better resistance to attacks.
SHA-2

SHA-2 is a family of cryptographic hash functions that are more secure than SHA-1. The SHA-2 family
includes several hash functions, including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and
SHA-512/256. The most commonly used SHA-2 hash functions are SHA-256 and SHA-512.

SHA-256 produces a 256-bit hash value and is widely used in various applications such as digital
signatures, password storage, and blockchain technology. It is more secure than SHA-1 and is
recommended for most applications.

SHA-512 produces a 512-bit hash value and is designed for applications that require higher levels of
security. It is slower than SHA-256 but provides better security against attacks.

The SHA-2 hash functions use a similar design to SHA-1 but with larger block sizes and more rounds of
processing. This makes it much more difficult for an attacker to find two different input messages that
produce the same hash value (collision resistance).

The SHA-2 algorithm is a family of cryptographic hash functions that includes several hash functions,
such as SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. SHA-256 and
SHA-512 are the most commonly used hash functions in the SHA-2 family.

The SHA-2 algorithm works by taking an input message and processing it through a series of rounds to
produce a fixed-size output, or hash value. The process consists of several steps:

1. Padding: The input message is padded with zeros and a length value so that the message length is
a multiple of the block size.
2. Initialization: An initial hash value is set as a fixed constant.
3. Message Processing: The padded input message is processed through a series of rounds, where
the input message is split into blocks and each block is processed to update the hash value.
4. Output: The final hash value is the result of the last round of processing.
The SHA-2 algorithm is designed to meet the requirements of a secure hash function, such as one-
wayness, collision resistance, and deterministic output. It is more secure than its predecessor, SHA-1,
and is widely used in various applications, such as digital signatures, password storage, and blockchain
technology.

Some advantages of the SHA-2 algorithm include:

1. Security: SHA-2 is more secure than SHA-1 and provides better resistance against various types
of attacks.
2. Flexibility: The SHA-2 algorithm provides several hash sizes, making it suitable for a wide range
of applications.
3. Wide Adoption: SHA-2 is widely adopted and supported in various applications, making it a
popular choice for security.

Some potential disadvantages of the SHA-2 algorithm include:

1. Performance: The SHA-2 algorithm is generally slower than its predecessor, SHA-1, especially
for larger hash sizes.
2. Longer Hash Values: The larger hash values produced by SHA-2 may require more storage space
and processing power.

In summary, the SHA-2 algorithm is a family of cryptographic hash functions that provides better
security than SHA-1 and is widely used in various applications. It provides several hash sizes and is
designed to meet the requirements of a secure hash function.

SHA-3 (Secure Hash Algorithm 3) is a cryptographic hash function designed by the National Institute of
Standards and Technology (NIST) as a successor to SHA-2. SHA-3 was selected in 2012 as the winner
of a competition to find a new cryptographic hash function, which was initiated in 2007 after weaknesses
were found in some existing hash functions.

SHA-3 is based on a different design principle than SHA-2 and uses a sponge construction instead of the
Merkle-Damgård construction used by SHA-2. The sponge construction is a type of hash function that
absorbs an input message and then produces an output message of a fixed size.

SHA-3 provides four hash functions with different output sizes: SHA3-224, SHA3-256, SHA3-384, and
SHA3-512. In addition, it also provides two extendable-output functions (XOF) that allow for a variable-
length output.

Some key features of the SHA-3 algorithm include:

1. Security: SHA-3 is designed to provide a high level of security and resistance against various
types of attacks, including preimage, collision, and second-preimage attacks.
2. Flexibility: SHA-3 provides multiple hash sizes, making it suitable for a wide range of
applications.
3. Different Design Principle: SHA-3 is based on a different design principle than its predecessors,
which provides an additional layer of security.
4. Extendable-Output Function (XOF): SHA-3 provides two XOFs that allow for a variable-length
output, which provides more flexibility for certain applications.

Some advantages of SHA-3 include:

1. Security: SHA-3 provides a higher level of security against various types of attacks than SHA-2.
2. Different Design Principle: The sponge construction used by SHA-3 is based on a different
design principle than SHA-2, which provides an additional layer of security.
3. Flexibility: SHA-3 provides multiple hash sizes and two XOFs, making it suitable for a wide
range of applications.
Some potential disadvantages of SHA-3 include:

1. Limited Adoption: SHA-3 is a relatively new hash function and has not been widely adopted yet.
2. Performance: SHA-3 may be slower than SHA-2, especially for small input sizes.

In summary, SHA-3 is a cryptographic hash function designed to provide a higher level of security than
SHA-2. It is based on a different design principle and uses a sponge construction that provides additional
security features. SHA-3 provides multiple hash sizes and two XOFs, making it suitable for a wide range
of applications, but its limited adoption and potential performance issues may be a concern for some use
cases.
Possible attacks that are relevant to message authentication :

There are several types of attacks that are relevant to message authentication in cryptography and
network security. Some of the most common attacks include:

1. Replay Attack: In a replay attack, an attacker intercepts a message and then retransmits it to the
recipient in an attempt to gain unauthorized access. This attack can be prevented by using
timestamps or sequence numbers to ensure that each message is unique.
2. Man-in-the-middle Attack: In a man-in-the-middle attack, an attacker intercepts communication
between two parties and alters the messages. This can be prevented by using encryption and
authentication protocols, such as SSL/TLS.
3. Brute Force Attack: In a brute force attack, an attacker tries all possible combinations of keys
until the correct one is found. This can be prevented by using strong keys and increasing the key
length.
4. Birthday Attack: In a birthday attack, an attacker attempts to find two messages that produce the
same hash value. This can be prevented by using a secure hash function that produces unique
hash values for each message.
5. Known Plaintext Attack: In a known plaintext attack, an attacker has access to both the plaintext
and ciphertext of a message and uses this information to determine the encryption key. This can
be prevented by using a strong encryption algorithm.
6. Chosen Plaintext Attack: In a chosen plaintext attack, an attacker is able to choose the plaintext
that is encrypted and observe the resulting ciphertext. This can be prevented by using encryption
algorithms that are resistant to this type of attack.
7. Side-channel Attack: In a side-channel attack, an attacker observes the physical characteristics of
a cryptographic system, such as power consumption or electromagnetic radiation, to extract secret
information. This can be prevented by using countermeasures such as power analysis resistance
or electromagnetic shielding.
8. Forgery Attack: In a forgery attack, an attacker creates a false message that appears to be
authentic. This can be prevented by using digital signatures and other authentication mechanisms
to verify the authenticity of a message.

It is important to use a combination of these countermeasures to prevent attacks and ensure message
authentication in cryptography and network security

Message authentication code :

A Message Authentication Code (MAC) is a cryptographic technique used to verify the authenticity and
integrity of a message. It is a type of hash function that generates a fixed-size output, called the MAC tag
or MAC value, based on a secret key and the message. The MAC tag is then transmitted along with the
message.

To verify the authenticity of the message, the recipient of the message calculates the MAC tag using the
same secret key and the received message. If the calculated MAC tag matches the one transmitted with
the message, then the message is considered authentic and the recipient can be confident that the message
has not been altered or tampered with in transit.

MACs are commonly used in network protocols, such as Transport Layer Security (TLS), to ensure that
the data being transmitted has not been tampered with or modified. They are also used in file integrity
checks, such as for verifying the integrity of software updates or critical system files.

The strength of a MAC depends on the strength of the underlying hash function and the secrecy of the
key used to generate the MAC tag. It is important to use a secure hash function and a secret key that is
kept confidential to prevent unauthorized access and attacks.
Message authentication requirements :

1. Disclosure: Release of message contents to any person or process not possessing the appropriate
cryptographic key.
2. Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-oriented
application, the frequency and duration of connections could be determined. In either a connection-
oriented or connectionless
environment, the number and length of messages between parties could be determined.
3. Masquerade: Insertion of messages into the network from a fraudulent source. This includes the
creation of messages by an opponent that are purported to come from an authorized entity. Also included
are fraudulent acknowledgments of message receipt or nonreceipt by someone other than the message
recipient.
4. Content modification: Changes to the contents of a message, including insertion, deletion,
transposition, and modification.
5. Sequence modification: Any modification to a sequence of messages between parties, including
insertion, deletion, and reordering.
6. Timing modification: Delay or replay of messages. In a connection-oriented application, an entire
session or sequence of messages could be a replay of some previous valid session, or individual
messages in the sequence could be delayed or replayed. In a connectionless application, an individual
message (e.g., datagram) could be delayed or replayed.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by destination.

Message authentication Functions :

1. Hash function: A function that maps a message of any length into a f ixed-length hash
value, which serves as the authenticator
2. Message encryption: The ciphertext of the entire message serves as its authenticator
3. Message authentication code (MAC): A function of the message and a secret key that
produces a fixed-length value that serves as the authenticator

Message Encryption :
Message encryption by itself can provide a measure of authentication. The analysis differs for symmetric
and public-key encryption schemes.

SYMMETRIC ENCRYPTION Consider the straightforward use of symmetric encryption . A message M

transmitted from source A to destination B is encrypted using a secret key K shared by A and B. If no
other party knows the key, then confidentiality is provided: No other party can recover the plaintext of
the message.
Security of MACs :

The security of Message Authentication Codes (MACs) depends on several factors, such as the strength
of the underlying hash function, the length of the MAC tag, and the secrecy of the key used to generate
the MAC tag.

A secure MAC should have the following properties:

1. Collision resistance: The MAC function should be resistant to collisions, which occur when two
different messages produce the same MAC tag. This is important to prevent attackers from
creating fraudulent messages that produce the same MAC tag as legitimate messages.
2. Preimage resistance: It should be difficult to determine the original message from the MAC tag.
This is important to prevent attackers from reverse-engineering the original message by guessing
its contents.
3. Key secrecy: The secret key used to generate the MAC tag should be kept confidential to prevent
unauthorized access and attacks.
4. Randomness: The MAC tag should appear to be random and unpredictable to prevent attackers
from guessing the MAC tag by analyzing patterns in the data.
5. Length: The length of the MAC tag should be sufficient to prevent attackers from guessing the
MAC tag by brute force.
HMAC(Keyed-Hashing for Message Authentication Code) :

HMAC (Keyed-Hashing for Message Authentication) is a cryptographic technique used for message
authentication. It is a type of message authentication code (MAC) that is based on a hash function and a
secret key.

The HMAC algorithm works by first applying a cryptographic hash function, such as SHA-256 or SHA-
512, to the message being authenticated. The output of this hash function is then combined with a secret
key using a specific mathematical function. The resulting value is then hashed again using the same hash
function. This final output is the HMAC tag, which is used to authenticate the message.

The HMAC construction provides two main security properties:

1. Message integrity: Any alteration of the message will result in a different HMAC tag.
2. Authenticity: Any party possessing the secret key can generate the HMAC tag, so the recipient of
the message can verify the authenticity of the message by recomputing the HMAC tag using the
same key and verifying that it matches the received HMAC tag.

HMAC Design objectives:

The design of HMAC (Keyed-Hashing for Message Authentication) was motivated by the need for a
secure message authentication code (MAC) that is resistant to attacks, especially those that exploit
weaknesses in the underlying hash function. The primary design objectives of HMAC are:

1. Security: HMAC should provide strong security guarantees, including resistance to known
attacks such as birthday attacks, length extension attacks, and collision attacks.
2. Flexibility: HMAC should be able to support a wide range of hash functions, including those that
have different block sizes or output lengths.
3. Efficiency: HMAC should be efficient in terms of both computation and memory usage, so that it
can be used in resource-constrained environments.
4. Simplicity: HMAC should be easy to implement and use, so that it can be widely adopted by
developers and users.
5. Compatibility: HMAC should be compatible with existing cryptographic standards and protocols,
including those that use message authentication codes.
6. Key management: HMAC should support the use of secret keys that are securely managed and
distributed to authorized parties.
7. Resistance to side-channel attacks: HMAC should be resistant to side-channel attacks, such as
timing attacks and power analysis attacks, that attempt to extract sensitive information by
observing the execution of the algorithm.
HMAC Algorithm :

Steps :

The HMAC algorithm (Hashed Message Authentication Code) is a widely used method for message
authentication, which uses a combination of a secret key and a cryptographic hash function. Here are the
steps in HMAC algorithm:

Choose a cryptographic hash function, such as SHA-256, SHA-384, or SHA-512.

1. Choose a secret key, which should be kept secret and known only to the parties that need
to authenticate messages.
2. If the message is not already in binary format, convert it to binary format.
3. If the secret key is longer than the hash function's block size, hash the key and use the
result as the new key.
4. If the secret key is shorter than the hash function's block size, pad the key with zeros until
it reaches the block size.
5. XOR the padded secret key with the "outer" padding constant, which is a string of 0x5c
bytes that is the same length as the hash function's block size.
6. Append the result from step 6 to the message.
7. Hash the result from step 7 using the chosen hash function.
8. XOR the padded secret key with the "inner" padding constant, which is a string of 0x36
bytes that is the same length as the hash function's block size.
9. Append the result from step 9 to the hash result from step 8.
10. Hash the result from step 10 using the chosen hash function.
11. The final result from step 11 is the HMAC value for the message and the secret key.
CMAC:

CMAC (Cipher-based Message Authentication Code) is a cryptographic primitive that is used to provide
message authentication and integrity in network security protocols. It is based on a block cipher and
provides a way to generate a fixed-size message authentication code from variable-length input
messages.

CMAC is a type of MAC (Message Authentication Code) that is based on a block cipher, such as AES
(Advanced Encryption Standard), which is a widely used block cipher in network security. CMAC
operates by generating a message authentication code using a secret key, the message to be authenticated,
and a unique initialization vector (IV).

In network security, CMAC is used to provide a secure way to verify the authenticity and integrity of
network messages. It is used in protocols such as IPSec (Internet Protocol Security) and TLS (Transport
Layer Security) to provide a secure communication channel between network devices. CMAC is also
used in other cryptographic protocols, such as SSH (Secure Shell) and SSL (Secure Sockets Layer), to
provide secure authentication and integrity checks.

One advantage of CMAC is that it provides strong security guarantees while requiring relatively low
computational resources. This makes it suitable for use in a wide range of applications, including low-
power devices and resource-constrained systems.

➢ Widely used in govt & industry

➢ But has message size limitation
➢ Can overcome using 2 keys & padding
➢ Thus forming the Cipher-based Message Authentication Code (CMAC)
➢ Adopted by NIST SP800-38B

CMAC Overview :
Steps in CMAC in cryptography and network security :

CMAC (Cipher-based Message Authentication Code) is a cryptographic message authentication code

algorithm used for ensuring the authenticity and integrity of messages in network security. Here are the
steps involved in the CMAC algorithm in cryptography and network security:

1. Initialization: CMAC requires a secret key to generate message authentication codes. The first
step is to initialize the algorithm by generating two sub-keys, K1 and K2, from the secret key
using a key derivation function.
2. Padding: The message to be authenticated is padded with zeros if its length is not a multiple of
the block size.
3. Divide the message into blocks: The padded message is divided into blocks of the same size as
the block size of the cipher.
4. Generate the MAC: The MAC is generated by applying the CMAC algorithm to each block of the
message. For each block, the algorithm first computes an intermediate value by XORing the
block with the previous intermediate value or the initialization vector (IV), and then encrypts the
intermediate value using the secret key.
5. Finalization: The final MAC value is generated by applying a final XOR operation between the
last intermediate value and either K1 or K2, depending on the parity of the number of blocks in
the message.
6. Verification: To verify the authenticity and integrity of the message, the receiver applies the same
CMAC algorithm to the received message and compares the resulting MAC with the one received
with the message. If the MACs match, the message is deemed authentic and has not been
tampered with. Otherwise, the message is considered invalid and must be discarded
 Chapter-4

Remote user authentication is the process of verifying the identity of a user who is accessing a
system or network from a remote location. This is an important aspect of network security, as it
helps to prevent unauthorized access to sensitive information and resources.

There are several principles of cryptography and network security that are important for remote
user authentication, including:

1. Confidentiality: This principle refers to the protection of sensitive information from

unauthorized disclosure. In the context of remote user authentication, confidentiality is
important because it ensures that sensitive information such as passwords and
authentication tokens are not leaked to unauthorized parties.
2. Integrity: Integrity refers to the protection of information from unauthorized modification
or tampering. In the context of remote user authentication, integrity is important because
it ensures that the authentication process cannot be manipulated or compromised by
attackers.
3. Availability: Availability refers to the accessibility of resources to authorized users. In
the context of remote user authentication, availability is important because it ensures that
legitimate users can access the system or network when they need to.
4. Authentication: Authentication refers to the process of verifying the identity of a user. In
the context of remote user authentication, this involves verifying that the user is who they
claim to be, typically through the use of a password, token, or other form of
authentication.
5. Authorization: Authorization refers to the process of determining what resources a user is
allowed to access once they have been authenticated. In the context of remote user
authentication, this involves ensuring that users only have access to the resources that
they are authorized to use.
6. Non-repudiation: Non-repudiation refers to the ability to prove that a user performed a
particular action or transaction. In the context of remote user authentication, this is
important because it ensures that users cannot deny having performed a particular action,
such as accessing a particular resource or making a particular change to a system.

To implement effective remote user authentication, it is important to employ a combination of

these principles, as well as to use strong encryption and secure protocols such as SSL/TLS to
protect sensitive information and prevent unauthorized access. Additionally, it is important to
regularly review and update authentication policies and procedures to ensure that they remain
effective and up-to-date with the latest security threats and best practices.

The NIST Model for Electronic User Authentication

NIST SP 800-63-2 (Electronic Authentication Guideline, August 2013) defines electronic user
authentication as the process of establishing confidence in user identities that are presented
electronically to an information system. Systems can use the authenticated identity to determine
if the authenticated individual is authorized to perform particular functions, such as database
transactions or access to system resources. In many cases, the authentication and transaction or
other authorized function takes place across an open network such as the Internet. Equally
authentication and subsequent authorization can take place locally, such as across a local area
network. SP 800-63-2 defines a general model for user authentication that involves a number of
entities and procedures.

An applicant applies to a registration authority (RA) to become a subscriber of a credential

service provider (CSP). In this model, the RA is a trusted entity that establishes and vouches for
the identity of an applicant to a CSP. The CSP then engages in an exchange with the subscriber.
Depending on the details of the overall authentication system, the CSP issues some sort of
electronic credential to the subscriber. The credential is a data structure that authoritatively binds
an identity and additional attributes to a token possessed by a subscriber, and can be verified
when presented to the verifier in an authentication transaction. The token could be an encryption
key or an encrypted password that identifies the subscriber. The token may be issued by the CSP,
generated directly by the subscriber, or provided by a third party. The token and credential may
be used in subsequent authentication events.

Once a user is registered as a subscriber, the actual authentication process can take place between
the subscriber and one or more systems that perform authentication and, subsequently,
uthorization. The party to be authenticated is called aclaimant and the party verifying that
identity is called a verifier. When a claimant successfully demonstrates possession and control of
a token to a verifier through an authentication protocol, the verifier can verify that the claimant is
the subscriber named in the corresponding credential. The verifier passes on an assertion about
the identity of the subscriber to the relying party (RP). That assertion includes identity
information about a subscriber, such as the subscriber name, an identifier assignedat registration,
or other subscriber attributes that were verified in the registration process. The RP can use the
authenticated information provided by the verifier to make access control or authorization
decisions.
Means of Authentication
There are four general means of authenticating a user’s identity, which can be used
alone or in combination:
■ Something the individual knows: Examples include a password, a personal identification
number (PIN), or answers to a prearranged set of questions.
■ Something the individual possesses: Examples include cryptographic keys, electronic
keycards, smart cards, and physical keys. This type of authenticator is referred to as a token.
■ Something the individual is (static biometrics): Examples include recognition by fingerprint,
retina, and face.
■ Something the individual does (dynamic biometrics): Examples include recognition by
voice pattern, handwriting characteristics, and typing rhythm.

Kerberos:

Kerberos is a network authentication protocol that is designed to provide secure authentication

for client/server applications over untrusted networks, such as the internet. It was developed at
the Massachusetts Institute of Technology (MIT) in the 1980s and has since become a widely
used standard for network authentication.

Kerberos works by using a trusted third-party authentication server, called the Key Distribution
Center (KDC), to authenticate users and services. The KDC is responsible for issuing tickets to
users and services that they can use to prove their identity to each other.

The Kerberos protocol involves the following steps:

1. Authentication Request: The user sends an authentication request to the KDC, requesting
a ticket to access a specific service.
2. Ticket Granting Ticket (TGT): The KDC responds with a Ticket Granting Ticket (TGT),
which includes a session key encrypted with the user's password.
3. Service Ticket: The user presents the TGT to the KDC, along with a request for a service
ticket for a specific service. The KDC responds with a service ticket, which includes a
copy of the session key encrypted with the service's secret key.
4. Authentication Exchange: The user presents the service ticket to the service, along with a
timestamp and a checksum. The service decrypts the session key using its secret key and
verifies the timestamp and checksum to authenticate the user.

One of the key advantages of Kerberos is that it uses a shared secret key to encrypt
authentication information, which makes it resistant to attacks such as replay attacks and
eavesdropping. Additionally, because Kerberos relies on a trusted third-party authentication
server, it can be used to provide secure authentication over untrusted networks, such as the
internet.

Kerberos is widely used in enterprise networks, and it is supported by a variety of operating

systems and applications, including Microsoft Windows, Linux, and macOS. It is also integrated
with many directory services, such as Active Directory, which makes it easy to manage
authentication and authorization across large networks.
listed the following requirements.

■ Secure: A network eavesdropper should not be able to obtain the necessary information to
impersonate a user. More generally, Kerberos should be strong enough that a potential opponent
does not find it to be the weak link.

■ Reliable: For all services that rely on Kerberos for access control, lack of availability of the
Kerberos service means lack of availability of the supported services. Hence, Kerberos should be
highly reliable and should employ a distributed server architecture with one system able to back
up another.

■ Transparent: Ideally, the user should not be aware that authentication is taking place beyond
the requirement to enter a password.

■ Scalable: The system should be capable of supporting large numbers of clients and servers.
This suggests a modular, distributed architecture.

Kerberos Requirements:

• The first published report on Kerberos listed the following requirements:

•Should be highly reliable and

•A network eavesdropper should should employ a distributed
not be able to obtain the necessary server architecture with one
information to impersonate a user system able to back up
another

Secure Reliable

Scalabl Transpa
e rent
•The system should be
capable of supporting
large numbers of •Ideally, the user should not be
clients and servers aware that authentication is
taking place beyond the
requirement to enter a password
Kerberos Version 4:

• Makes use of DES to provide the authentication service

1. Authentication server (AS):

a. Knows the passwords of all users and stores these in a centralized database
b. Shares a unique secret key with each server
2. Ticket :
a. Created once the AS accepts the user as authentic; contains the user’s ID and
network address and the server’s ID
b. Encrypted using the secret key shared by the AS and the server
3. Ticket-granting server (TGS) :

• Issues tickets to users who have been authenticated to AS

• Each time the user requires access to a new service the client applies to the TGS
using the ticket to authenticate itself
• The TGS then grants a ticket for the particular service
• The client saves each service-granting ticket and uses it to authenticate its user to
a server each time a particular service is requested

Kerberos Version 4 Message Exchanges:

Importance of Kerberos Realm :

The Kerberos Realm is an important concept in the world of computer security, as it provides a
way to manage authentication and authorization of users and services in a distributed network
environment.

Here are some of the key reasons why Kerberos Realm is important:

1. Centralized authentication: Kerberos Realm provides a centralized authentication

mechanism, which allows users to access multiple resources with a single set of
credentials. This eliminates the need for users to remember multiple usernames and
passwords.
2. Secure communication: Kerberos Realm provides a secure way for users to access
network resources by using encrypted authentication and communication protocols. This
helps prevent unauthorized access and eavesdropping of sensitive information.
3. Cross-realm trust: Kerberos Realm supports cross-realm trust, which allows users in one
realm to access resources in another realm without having to authenticate separately. This
simplifies the authentication process and improves overall network security.
4. Access control: Kerberos Realm provides a way to control access to network resources
by enforcing authorization policies. This allows network administrators to restrict access
to sensitive resources based on the user's role or other criteria.
5. Audit trail: Kerberos Realm provides an audit trail of user activity, which helps network
administrators monitor and troubleshoot security issues. This information can be used to
identify and track suspicious activity, and to help comply with regulatory requirements.
The Kerberos Realm process involves the following steps:

1. User authentication: When a user attempts to access a network resource, they present
their credentials to the Authentication Server (AS) in their own realm. The AS looks up
the user's information in its database, verifies the credentials, and issues a Ticket
Granting Ticket (TGT) if the authentication is successful.
2. TGT forwarding: If the user needs to access a resource in a different realm, the user's
TGT is forwarded to the TGT Server (TGS) in the target realm.
3. TGS authentication and ticket issuance: The TGS in the target realm verifies the TGT,
and issues a Service Ticket for the requested resource if the authentication is successful.
4. Resource access: The user presents the Service Ticket to the resource server, which
verifies the ticket and grants access to the requested resource.
5. Ticket expiration: The TGT and Service Ticket both have expiration times, after which
they are no longer valid for authentication and access.
6. Cross-realm trust: Realms in Kerberos can establish trust relationships with other realms,
allowing users to access resources in other realms without requiring separate
authentication. To establish a cross-realm trust, administrators in each realm must
configure their Kerberos infrastructure to recognize and accept tickets from the other
realm.
7. Key distribution: To ensure secure communication, the Kerberos infrastructure uses a
shared secret key to encrypt and decrypt authentication messages. The key must be
securely distributed to all participating servers and clients, and must be periodically
changed to prevent attacks

Advantages of Kerberos:

Kerberos is a computer network authentication protocol that provides secure communication

over a non-secure network. It has several advantages for cryptography and network security,
including:

1. Strong Authentication: Kerberos uses symmetric key cryptography to provide strong

authentication between clients and servers. This ensures that only authenticated and
authorized users can access the network resources.
2. Single Sign-On (SSO): With Kerberos, users only need to authenticate once and then can
access multiple network resources without having to provide their credentials each time.
This reduces the number of passwords a user has to remember and reduces the risk of
password-related security breaches.
3. Mutual Authentication: Kerberos ensures mutual authentication between clients and
servers, so both parties can verify each other's identities before exchanging any sensitive
data. This prevents man-in-the-middle attacks.
4. Centralized Authentication: Kerberos uses a centralized authentication server, which
makes it easier to manage user credentials and access control policies. It also simplifies
the process of adding or removing users from the network.
5. Encryption: Kerberos encrypts all network traffic between clients and servers, including
authentication information and data exchanged during the session. This ensures that
sensitive information is protected from unauthorized access.
 6. Scalability: Kerberos can be used in large networks with many clients and servers,
making it a scalable solution for cryptography and network security.

Comparison between Kerberos version 4 to version 5 :

Kerberos is a network authentication protocol designed to provide strong authentication for

client/server applications by using secret-key cryptography. There are two main versions of
Kerberos: version 4 (Kerberos 4) and version 5 (Kerberos 5).

Here are some of the main differences between Kerberos 4 and Kerberos 5:

1. Encryption: Kerberos 4 uses DES (Data Encryption Standard) as the primary encryption
algorithm, while Kerberos 5 supports a range of stronger encryption algorithms such as
AES (Advanced Encryption Standard).
2. Ticket structure: In Kerberos 4, the ticket structure is relatively simple, with only three
fields: the client name, the server name, and the client's session key. In contrast, Kerberos
5 has a more complex ticket structure, with additional fields for encryption and
authentication information.
3. Authentication: Kerberos 5 provides more flexible authentication options than Kerberos
4. For example, Kerberos 5 supports pre-authentication, which requires the client to
prove its identity before it receives a ticket.
4. Security: Kerberos 5 has several security enhancements that are not present in Kerberos
4, such as support for stronger encryption algorithms and the ability to use public-key
cryptography for certain operations.
5. Interoperability: Kerberos 5 is designed to be more interoperable with other security
protocols and standards than Kerberos 4. For example, Kerberos 5 supports the use of
standard X.509 digital certificates for authentication.
6. Protocol specifications: Kerberos 5 has a more extensive and detailed protocol
specification than Kerberos 4, which makes it easier for developers to implement and
maintain Kerberos-based systems.

Overall, Kerberos 5 provides stronger security, more flexible authentication options, and better
interoperability than Kerberos 4. Therefore, if possible, it is recommended to use Kerberos 5 for
new deployments or upgrades. However, some legacy systems may still use Kerberos 4, and in
those cases, it is important to ensure that appropriate security measures are in place to protect
against known vulnerabilities.
Email security:
importance of email security in cryptography and network security:

Email security is crucial in cryptography and network security because emails are one of the
most commonly used communication channels for personal and business purposes. Emails
contain sensitive and confidential information such as personal data, financial information, trade
secrets, and other confidential data, making them a prime target for cybercriminals.

Here are some reasons why email security is important in cryptography and network security:

1. Confidentiality: Email security helps to ensure the confidentiality of sensitive information

by preventing unauthorized access, interception, or eavesdropping. Encryption techniques
such as PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail
Extensions) can be used to encrypt email messages and attachments, making them
unreadable to anyone who does not have the decryption key.
2. Authentication: Email security also helps to authenticate the sender of an email message.
This is important because it ensures that the recipient knows that the email message is
from a trusted source and has not been tampered with in transit. Digital signatures can be
used to authenticate the sender of an email message.
3. Integrity: Email security helps to ensure the integrity of email messages by preventing
unauthorized modification or alteration of the message in transit. Hash functions can be
used to generate a unique fingerprint of the email message, which can be used to verify
the integrity of the message.
4. Protection against malware: Email security also helps to protect against malware and
phishing attacks. Malware can be embedded in email messages as attachments or links,
and phishing attacks can trick users into revealing sensitive information such as login
credentials or credit card information. Email security solutions such as spam filters,
antivirus software, and anti-phishing solutions can help to protect against these threats.

Email Components :

1. Message User Agent (MUA):

Operates on behalf of user actors and user applications. It is their representative within
the email service.

2. Mail Submission Agent (MSA):

Accepts the message submitted by an MUA and enforces the policies of the hosting
domain and the requirements of Internet standards

3. Message Transfer Agent (MTA):

Relays mail for one application-level hop. It is like a packet switch or IP router in that its
job is to make routing assessments and to move the message closer to the recipients
4. Mail Delivery Agent (MDA):

Responsible for transferring the message from the MHS to the MS.

5. Message Store (MS):

An MUA can employ a long-term MS. An MS can be located on a remote server or on

the same machine as the MUA.

INTERNET MAIL ARCHITECTURE :

Email Security:

• email is one of the most widely used and regarded network services
• currently message contents are not secure
– may be inspected either in transit (transmission)
– or by suitably privileged users on destination system

Email Security Enhancements:

• Confidentiality
– protection from disclosure
• Authentication
– of sender of message
• Message integrity
– protection from modification
 • Non-repudiation of origin
– protection from denial by sender

Pretty Good Privacy (PGP):

• Widely used de facto(Standard Norm) secure email

• Developed by Phil Zimmermann
• Selected best available cryptographic algorithms as building blocks
• Integrated into a general-purpose applications
• Available on Unix, PC, Macintosh and Amiga systems
• Originally free, now have commercial versions available also
• Provides confidentiality and authentication

Growth for PGP:

• Available free worldwide version that run in variety of platforms including Windows,
UNIX, Macintosh, and many more
• Based on the algorithms considered extremely secure.
• RSA, DSS, and Diffie-Hellman for public-key encryption,
• CAST-128, IDEA, and 3DES for symmetric encryption, and
• SHA – 1 for hash coding
• Wide range of applicability
• Not developed by, nor controlled by, any governmental or standards organization
• Internet standard track RFC 3156

PGP Operation – Authentication:

1. Sender creates a message

2. SHA-1 used to generate 160-bit hash code of message
3. Hash code is encrypted with RSA using the sender's private key, and result is attached to
message
4. Receiver uses RSA or DSS with sender's public key to decrypt and recover hash code
5. Receiver generates new hash code for message and compares with decrypted hash code,
if match, message is accepted as authentic
PGP Operation – Confidentiality:

1. sender generates message and random 128-bit number to be used as session key for this
message only
2. message is encrypted, using CAST-128 / IDEA/3DES with session key
3. session key is encrypted using RSA with recipient's public key, then attached to message
4. receiver uses RSA with its private key to decrypt and recover session key
5. session key is used to decrypt message

PGP Operation – Confidentiality & Authentication:

• uses both services on same message

– Create signature & attach to message
– Encrypt both message & signature
– Attach RSA encrypted session key
PGP Operation:

1. Compression: ZIP compression, ZLIP compression, BZIP2 compression

2. Email Compatibility :
a. Uses Binary Data, PGP must encode raw binary data into printable ASCII
characters.
b. uses radix-64 algorithm, also appends a CRC
3. PGP also segments messages if too big
4. PGP Session Keys : sizes: 56-bit DES, 128-bit CAST or IDEA, 168-bit Triple-DES.
generated using ANSI X12.17 mode(OFB mode) provides a fast and efficient
method for encrypting financial transactions
5. PGP Public & Private Keys
6. Public and Private Key Rings :each PGP user has a pair of key rings:
– public-key ring contains all the public-keys of other PGP users known to this user,
indexed by key ID
– private-key ring contains the public/private key pair(s) for this user, indexed by
key ID & encrypted keyed from a hashed passphrase(for Authentication )
PGP Operation – Summary:

Generic format of PGP message:

• Message consists of three components

– The message component
– A signature component (optional)
– A Session key component
S/MIME (Secure/Multipurpose Internet Mail Extensions):

• Security enhancement to MIME email

– original Internet RFC822 email was text only
– MIME provided support for varying content types and multi-part messages
– with encoding of binary data to textual form
– S/MIME added security enhancements
• Have S/MIME support in various modern mail agents: MS Outlook, Netscape etc

Limitations of SMTP:

• Cannot transmit executable files or other binary objects

• Cannot transmit text data that includes National Language Characters because they
are represented by 8 bit codes with values of 128 decimal or higher, and SMTP is
limited to 7-bit ASCII
• SMTP servers may reject mail message over a certain size
• SMTP gateways translate between ASCII and the character code
EBCDIC(Extended Binary Coded Decimal Interchange Code) is a character
encoding system that was developed by IBM in the 1960)
• Cannot handle nontextual data
 • Some SMTP implementations do not adhere completely to the SMTP standards
defined in RFC 821.
• Common problems include
• Deletion, addition and reordering of carriage return and linefeed
• Truncating or wrapping lines longer than 76 characters
• Removal of trailing white space (tab and space characters)
• Padding of lines in a message to the same length
• Conversion of tab characters into multiple space characters

MIME Specification:

Following elements are included

• Five new message headers fields are defined. These fields provides information about the
body of the message
• Number of content formats are defined, thus standardizing representations that support
multimedia electronic mail
• Transfer encodings are defined that enable the conversion of any content format into a
form that is protected from alteration by the mail system

Five header fields – MIME

• MIME – Version("MIME-Version: 1.0“)

• Content – type(to specify the media type and subtype of data in the body)
• Content – Transfer – Encoding("7bit", "8bit", or "binary", then the header indicates that
there is no encoding)
• Content – ID(unique values)
• Content – Description(are optional and are often used to add descriptive text to non-
textual body parts.)
• Content-Disposition headers provide information about how to present a message or a
body part.

S/MIME Functions:

• Eenveloped data
– encrypted content and associated keys
• Signed data
– encoded message + signed digest
• Clear-signed data
– Clear text message + encoded signed digest
• Signed & enveloped data
– nesting of signed & encrypted entities
S/MIME Cryptographic Algorithms:

• Hash functions: SHA-1 & MD5

• Digital signatures: DSS & RSA
• Session key encryption: ElGamal & RSA
• Message encryption: Triple-DES, RC2/40 and others have a procedure to decide
which algorithms to use

S/MIME Certificate Processing:

• S/MIME uses X.509 v3 certificates

• managed using a hybrid of a strict X.509 CA hierarchy & PGP’s web of trust
• each client has a list of trusted CA’s certificates
• and own public/private key pairs & certificates
• certificates must be signed by trusted CA’s

Certificate Authorities:

• have several well-known CA’s

• Verisign one of most widely used
• Verisign issues several types of Digital IDs
 • with increasing levels of checks & hence trust

Class Identity Checks Usage

1 name/email check web browsing/email

2+ enroll/addr check email, subs, s/w validate

3+ ID documents e-banking/service access

IP security:
what is IP security in cryptography and network security

IP Security (IPsec) is a set of protocols and standards used to secure communication over IP
networks, such as the Internet. It is an important component of cryptography and network
security because it provides a way to ensure the confidentiality, authenticity, and integrity of IP
traffic.

IPsec can be used to secure communications between two hosts (host-to-host), between a host
and a network (host-to-network), or between two networks (network-to-network). It can be
implemented in a variety of ways, including through software or hardware-based solutions.

IP Security :

1. We have a range of application specific security mechanisms

a. eg. S/MIME, PGP, Kerberos, SSL/HTTPS
2. By implementing security at the IP level, an organization can ensure secure networking
not only for applications that have security mechanisms but also for the many security-
ignorant applications.
3. IP Security mechanisms provides
a. authentication
b. Confidentiality
c. Integrity
d. key management
4. Applicable to use over LANs, across public & private WANs, & for the Internet
5. Need identified in 1994 report

the IAB (the Internet Architecture Board ) included authentication and encryption as necessary
security features in the next-generation IP, which has been issued as IPv6.
IP Security Uses:

The above illustrates a typical IP Security scenario. An organization maintains LANs at

dispersed locations. Nonsecure IP traffic is conducted on each LAN. For traffic offsite, through
some sort of private or public WAN, IPSec protocols are used. These protocols operate in
networking devices, such as a router or firewall, that connect each LAN to the outside world.
The IPSec networking device will typically encrypt and compress all traffic going into the WAN,
and decrypt and decompress traffic coming from the WAN; these operations are transparent to
workstations and servers on the LAN. Secure transmission is also possible with individual users
who dial into the WAN. Such user workstations must implement the IPSec protocols to provide
security.

Benefits of IPSec:

➢ When implemented in a firewall/router provides strong security to all traffic crossing the
perimeter.
➢ The protocol is below the transport layer (TCP, UDP) and so is transparent to
applications.
➢ There is no need to change software on a user or server system when IPsec is
implemented in the firewall or router.
➢ It can provide security for individual users.
IPSec Services:

1. Access control
2. Connectionless integrity
3. Data origin authentication
4. Rejection of replayed packets
 a form of partial sequence integrity
5. Confidentiality (encryption)
6. Limited traffic flow confidentiality
7. IPSec provides security in three situations:
 Host-to-host, host-to-gateway and gateway-to-gateway
8. IPSec operates in two modes:
 Transport mode (for end-to-end)
 Tunnel mode (for VPN)

Transport and Tunnel Modes:

The above figure shows two ways in which the IPsec ESP service can be used. In the upper part
of the figure, encryption (and optionally authentication) is provided directly between two hosts.
Figure b shows how tunnel mode operation can be used to set up a virtual private network. In
this example, an organization has four private networks interconnected across the Internet. Hosts
on the internal networks use the Internet for transport of data but do not interact with other
Internet- based hosts. By terminating the tunnels at the security gateway to each internal
network, the configuration allows the hosts to avoid implementing the security capability. The
former technique is support by a transport mode SA, while the latter technique uses a tunnel
mode SA.

 Transport Mode
 to encrypt & optionally authenticate IP data
 good for ESP host to host traffic
 Tunnel Mode
 encrypts entire IP packet
 add new header for next hop
 no routers on way can examine inner IP header
 good for VPNs, gateway to gateway security

IP Security Specification:

The IPSec specification has become quite complex. key management. The totality of the IPsec
specification is scattered across dozens of RFCs and draft IETF documents, making this the most
complex and difficult to grasp of all IETF specifications. The best way to keep track of and get a
handle on this body of work is to consult the latest version of the IPsec document roadmap. The
documents can be categorized into the following groups:

1. Architecture: Covers the general concepts, security requirements, definitions, and

mechanisms defining IPsec technology, see RFC 4301, Security Architecture for the
Internet Protocol.
2. Authentication Header (AH): AH is an extension header for message authentication,
now deprecated. See RFC 4302, IP Authentication Header.
3. Encapsulating Security Payload (ESP): ESP consists of an encapsulating header and
trailer used to provide encryption or combined encryption/authentication. See RFC 4303,
IP Encapsulating Security Payload (ESP).
4. Internet Key Exchange (IKE): a collection of documents describing the key
management schemes for use with IPsec. See RFC4306, Internet Key Exchange (IKEv2)
Protocol, and other related RFCs.
5. Cryptographic algorithms: a large set of documents that define and describe
cryptographic algorithms for encryption, message authentication, pseudorandom
functions (PRFs), and cryptographic key exchange.
6. Other: There are a variety of other IPsec-related RFCs, including those dealing with
security policy and management information base (MIB) content.
IPsec Architecture:

 IP Security specification is quite complex, that includes:

 Architecture
 Authentication Header (AH)
 Encapsulating Security Payload (ESP)
 Internet Key Exchange (IKE)
 Cryptographic algorithms
 Other

IP Security Architecture:

 IPSec documents: NEW updates in 2005!

 RFC 2401: Security Architecture for the Internet Protocol. S. Kent, R.
Atkinson. November 1998. (An overview of security architecture) → RFC 4301
(12/2005)
 RFC 2402: IP Authentication Header. S. Kent, R. Atkinson. November 1998.
(Description of a packet encryption extension to IPv4 and IPv6) → RFC 4302
(12/2005)
 RFC 2406: IP Encapsulating Security Payload (ESP). S. Kent, R. Atkinson.
November 1998. (Description of a packet emcryption extension to IPv4 and
IPv6) → RFC 4303 (12/2005)
 RFC2407 The Internet IP Security Domain of Interpretation for ISAKMP D.
Piper. November 1998. PROPOSED STANDARD. (Obsoleted by RFC4306)
 RFC 2408: Internet Security Association and Key Management Protocol
(ISAKMP). D. Maughan, M. Schertler, M. Schneider, J. Turner. November 1998.
(Specification of key managament capabilities) (Obsoleted by RFC4306)
 RFC2409 The Internet Key Exchange (IKE) D. Harkins, D. Carrel. November
1998. PROPOSED STANDARD. (Obsoleted by RFC4306, Updated by
RFC4109)
 RFC4306 Internet Key Exchange (IKEv2) Protocol C. Kaufman, Ed. December
2005 (Obsoletes RFC2407, RFC2408, RFC2409) PROPOSED STANDARD
 RFC4109 Algorithms for Internet Key Exchange version 1 (IKEv1) P.
Hoffman. May 2005 (Updates RFC2409) PROPOSED STANDARD
IPSec Document Overview:

1. Architecture:
Covers the general concepts, security requirements, definitions and mechanisms
defining IPsec technology
2. Authentication Header (AH): AH is an extension header to provide message
Authentication
3. Encapsulating Security Payload (ESP): ESP consists of an encapsulating header and
trailer used to provide encryption or combined encryption/Authentication
4. Internet Key Exchange (IKE): This is a collection of documents describing the key
management schemes for use with Ipsec
5. Cryptographic algorithms: This category encompasses a large set of documents that
define and describe cryptographic algorithms for encryption, message Authentication
6. DOI stands for "Domain of Interpretation“. Domain of Interpretation, and it is a term
used in IPsec to define a specific set of security policies, protocols, and algorithms that
are used for secure communication between two endpoints.
Security Associations (SA):

 A one way relationsship between a sender and a receiver.

 Identified by three parameters:

a. Security Parameter Index (SPI): To enable the receiving system to select the SA
under which a received packet will be processed
b. IP Destination address(end-user system or a network system such as a firewall or
router)
c. Security Protocol Identifier : outer IP header indicates whether the association is
an AH or ESP security association

Security Association Database(SAD)

Security Policy Database(SPD)

Security Association Database(SAD):

In each IPsec implementation, that defines the parameters associated with each SA.
■ Security Parameter Index: A 32-bit value selected by the receiving end of an SA to
uniquely identify the SA. In an SAD entry for an outbound SA, the SPI
is used to construct the packet’s AH or ESP header.
■ Sequence Number Counter: A 32-bit value used to generate the Sequence
Number field in AH or ESP headers,
■ Sequence Counter Overflow: A flag indicating whether overflow of the
Sequence Number Counter should generate an auditable event and prevent
further transmission of packets on this SA
■ Anti-Replay Window: Used to determine whether an inbound AH or ESP
packet is a replay.
■ AH Information: Authentication algorithm, keys, key lifetimes, and related parameters
being used with AH
■ ESP Information: Encryption and authentication algorithm, keys, initialization values,
key lifetimes, and related parameters being used with ESP
■ Lifetime of this Security Association: A time interval or byte count after
which an SA must be replaced with a new SA (and new SPI) or terminated,
plus an indication of which of these actions should occur
■ IPsec Protocol Mode: Tunnel, transport, or wildcard.
■ Path MTU: Any observed path maximum transmission unit (maximum size of a packet
that can be transmitted without fragmentation) and aging variables
Security Policy Database(SPD)
The means by which IP traffic is related to specific SAs (or no SA in the case of traffic allowed
to bypass IPsec) is the nominal Security Policy Database (SPD). In its simplest form, an SPD
contains entries, each of which defines a subset of IP traffic and points to an SA for that traffic.
1. Remote IP Address
2. Local IP Address
3. Next Layer Protocol(The IP protocol header (IPv4, IPv6, or IPv6 Extension)
4. Name(A user identifier from the operating system)
5. Local and Remote Ports: These may be individual TCP or UDP
Authentication Header (AH):

 Provides source authentication

 Protects against source spoofing
 Provides data integrity
 Protects against replay attacks
 Use monotonically increasing sequence numbers
 Protects against denial of service attacks
 NO protection for confidentiality!
 Use 32-bit monotonically increasing sequence number to avoid replay attacks
 Use cryptographically strong hash algorithms to protect data integrity (96-bit)
 Use symmetric key cryptography
 HMAC-SHA-96, HMAC-MD5-96

Encapsulating Security Payload (ESP):

 Provides all that AH offers, and

 in addition provides data confidentiality
 Uses symmetric key encryption

ESP Details:

 Same as AH:
 Use 32-bit sequence number to counter replaying attacks
 Use integrity check algorithms
 Data confidentiality:
 Uses symmetric key encryption algorithms to encrypt packets

ESP Packet Details:

ESP Packet Details:

1. Security Parameters Index (32 bits): Identifies a security association.

2. Sequence Number (32 bits): A monotonically increasing counter value; this provides an
anti-replay function.
3. Payload Data (variable): This is a transport-level segment (transport mode) or IP packet
(tunnel mode) that is protected by encryption.
4. Padding (0–255 bytes): The purpose of this field is to make the plaintext to a multiple of
some number of bytes.
5. Pad Length (8 bits): Indicates the number of pad bytes immediately preceding this field.
6. Next Header (8 bits): Identifies the type of data contained in the payload data.
7. Integrity Check Value (variable): A variable-length field (must be an integral number
of 32-bit words) that contains the Integrity Check Value computed over the ESP packet.

Encryption & Authentication Algorithms & Padding:

 ESP can encrypt payload data, padding, pad length, and next header fields
 ESP can have optional ICV for integrity
 is computed after encryption is performed
 ESP uses padding
 to expand plaintext to required length
 to align pad length and next header fields

Cryptographic Suites:

 Variety of cryptographic algorithm types to promote interoperability have

 RFC4308 defines VPN cryptographic suites
 VPN-A matches common corporate VPN security using 3DES & HMAC
 VPN-B has stronger security for new VPNs implementing IPsecv3 and
IKEv2 using AES
 RFC4869 defines four cryptographic suites compatible with US NSA specs
 provide choices for ESP & IKE
 AES-GCM, AES-CBC, HMAC-SHA, ECP, ECDSA
 Chapter-5
Transport Level Security: Web Security Requirements, Secure Socket Layer
(SSL) and Transport Layer Security (TLS), Secure Shell (SSH) Firewalls:
Characteristics, Types of Firewalls, Placement of Firewalls, Firewall
Configuration, Trusted Systems.

Web Security Considerations:

Web security is an important consideration for any website or web application. There are a
number of different security measures that should be taken to protect against various types of
attacks, such as:

1. HTTPS: Ensure that all sensitive data is transmitted over HTTPS to prevent interception
and eavesdropping.
2. Input validation: Validate all user input to prevent injection attacks such as SQL injection
or cross-site scripting (XSS).
3. Access control: Implement access control mechanisms to ensure that only authorized
users have access to sensitive resources.
4. Password policies: Enforce strong password policies to prevent brute force attacks.
5. Security patches and updates: Keep all software and server components up-to-date with
the latest security patches and updates.
6. Two-factor authentication: Implement two-factor authentication to add an extra layer of
security for user logins.
7. Firewalls and intrusion detection systems: Implement firewalls and intrusion detection
systems to monitor and block suspicious traffic.
8. Logging and monitoring: Implement logging and monitoring to detect and respond to
security incidents in a timely manner.
9. Encryption: Use encryption to protect sensitive data at rest, such as in databases or
backups.
10. Secure coding practices: Follow secure coding practices to prevent vulnerabilities from
being introduced in the code.

Web Security Threats:

There are several web security threats that can potentially compromise the security of a website
or web application. Here are some of the most common web security threats:

1. Cross-site scripting (XSS): XSS attacks occur when a malicious user injects malicious
code into a web page viewed by other users, which can then be executed by their
browsers. This can lead to the theft of sensitive data, such as login credentials or credit
card information.
2. SQL injection (SQLi): SQLi attacks occur when an attacker injects malicious SQL code
into a web
 3. application's input fields, which can then be executed by the backend database. This can
allow the attacker to access, modify, or delete sensitive data from the database.
4. Cross-site request forgery (CSRF): CSRF attacks occur when an attacker tricks a user
into performing an action on a website without their consent, such as making a purchase
or changing their password.
5. Clickjacking: Clickjacking occurs when an attacker creates a transparent or opaque layer
over a website, which tricks users into clicking on a hidden button or link that performs
an unintended action, such as downloading malware or transferring money.
6. Distributed denial of service (DDoS): DDoS attacks occur when an attacker floods a
website with a large volume of traffic, overwhelming the server and causing it to crash or
become unavailable to legitimate users.
7. Malware: Malware refers to any software that is designed to cause harm to a computer
system, such as viruses, trojans, and ransomware. Malware can be distributed via email
attachments, infected websites, or malicious downloads.
8. Brute force attacks: Brute force attacks occur when an attacker tries to guess a user's
login credentials by repeatedly trying different combinations of usernames and
passwords.

Web Traffic Security Approaches:

A number of approaches to providing Web security are possible. The various approaches that
have been considered are similar in the services they provide and, to some extent, in the
mechanisms that they use, but they differ with respect to their scope of applicability and their
relative location within the TCP/ IP protocol stack.

a) The advantage of using IPSec is that it is transparent to end users and applications and
provides a general-purpose solution. Further, IPSec includes a filtering capability so that
only selected traffic needincur the overhead of IPSec processing.
b) The foremost example of this approach is the Secure Sockets Layer (SSL) and the follow-
on Internet standard known as Transport Layer Security (TLS). At this level, there are
two implementation choices. For full generality, SSL (or TLS) could be provided as part
of the underlying protocol suite and therefore be transparent to applications.
Alternatively, SSL can be embedded in specific packages. For example, Netscape and
Microsoft Explorer browsers come equipped with SSL, and most Web servers have
implemented the protocol.
 c) shows examples of this architecture. The advantage of this approach is that the service
can be tailored to the specific needs of a given application. In the context of Web
security, an important example of this approach is Secure Electronic Transaction (SET).

SSL (Secure Socket Layer):

Netscape originated SSL. Version 3 of the protocol was designed with public review and input
from industry and was published as an Internet draft document. Subsequently, when a consensus
was reached to submit the protocol for Internet standardization, the TLS working group was
formed within IETF to develop a common standard. This first published version of TLS can be
viewed as essentially an SSLv3.1 and is very close to and backward compatible with SSLv3.

SSL Architecture:

Two important SSL concepts are the SSL session and the SSL connection, which are defined in
the specification as follows:

1. Connection: A connection is a transport (in the OSI layering model definition) that
provides a suitable type of service. For SSL, such connections are peer-to-peer
relationships. The connections are transient. Every connection is associated with one
session.

A connection state is defined by the following parameters:

a) Server and client random: Byte sequences that are chosen by the server and client for
each connection.
b) Server write MAC secret: The secret key used in MAC operations on data sent by the
server.
c) Client write MAC secret: The secret key used in MAC operations on data sent by the
client.
d) Server write key: The conventional encryption key for data encrypted by the server and
decrypted by the client.
e) Client write key: The conventional encryption key for data encrypted by the client and
decrypted by the server.
f) Initialization vectors: When a block cipher in CBC mode is used, an initialization vector
(IV) is maintained for each key. This field is first initialized by the SSL Handshake
Protocol. Thereafter the final ciphertext block from each record is preserved for use as
the IV with the following record.
g) Sequence numbers: Each party maintains separate sequence numbers for transmitted and
received messages for each connection. When a party sends or receives a change cipher
spec message, the appropriate sequence number is set to zero. Sequence numbers may not
exceed 264
 2. Session: An SSL session is an association between a client and a server. Sessions are
created by the Handshake Protocol. Sessions define a set of cryptographic security
parameters, which can be shared among multiple connections. Sessions are used to avoid
the expensive negotiation of new security parameters for each connection.

A session state is defined by the following parameters (definitions taken from the SSL
specification):

a) Session identifier: An arbitrary byte sequence chosen by the server to identify an active
or resumable session state.
b) Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null.
c) Compression method: The algorithm used to compress data prior to encryption.
d) Cipher spec: Specifies the bulk data encryption algorithm (such as null, AES, etc.) and a
hash algorithm (such as MD5 or SHA-1) used for MAC calculation. It also defines
cryptographic attributes such as the hash_size.
e) Master secret: 48-byte secret shared between the client and server.
f) Is resumable: A flag indicating whether the session can be used to initiate new
connections.
SSL Record Protocol Services :

The SSL Record Protocol provides two services for SSL connections:
● Confidentiality: The Handshake Protocol defines a shared secret key that is used
for conventional encryption of SSL payloads.
● Message Integrity: The Handshake Protocol also defines a shared secret key
that is used to form a message authentication code (MAC).

SSL Record Protocol Operation:

The SSL (Secure Sockets Layer) Record Protocol is a core component of the SSL/TLS
(Transport Layer Security) protocol suite. Its main function is to provide confidentiality,
integrity, and authenticity of data exchanged between two endpoints (e.g., a client and a server)
over a network. Here are the basic steps involved in the SSL Record Protocol operation:

1. Establish a connection: Before the SSL Record Protocol can be used, a connection must
first be established between the two endpoints using a lower-level protocol (such as
TCP/IP).
2. Handshake: Once the connection is established, the SSL Handshake Protocol is used to
negotiate the SSL/TLS parameters and exchange cryptographic keys between the two
endpoints.
 3. Fragmentation: The SSL Record Protocol takes application data (e.g., HTTP
request/response) and fragments it into small pieces called SSL/TLS records. The
maximum size of an SSL/TLS record is determined during the SSL/TLS handshake.
4. Compression: If compression is enabled (which is optional), the SSL Record Protocol
compresses the application data before it is encrypted.
5. Encryption: The SSL Record Protocol encrypts the compressed data using symmetric
encryption algorithms such as AES or 3DES, with a randomly generated session key.
6. MAC (Message Authentication Code) generation: The SSL Record Protocol generates a
MAC for each SSL/TLS record to ensure data integrity and authenticity. The MAC is
calculated using a hash function (such as SHA-256) and a secret key derived from the
session key.
7. Transmission: The SSL/TLS records are transmitted over the network to the receiving
endpoint.
8. Decryption: Upon receiving the SSL/TLS records, the SSL Record Protocol decrypts
them using the session key, which is derived from the pre-master secret exchanged during
the SSL/TLS handshake.
9. MAC verification: The SSL Record Protocol verifies the MAC of each SSL/TLS record
to ensure data integrity and authenticity. If the MAC is invalid, the SSL Record Protocol
discards the record and terminates the connection.
10. Decompression: If compression was enabled, the SSL Record Protocol decompresses the
decrypted data.
11. Reassembly: The SSL Record Protocol reassembles the SSL/TLS records into their
original application data format (e.g., HTTP request/response).
12. Delivery: The application data is delivered to the receiving application

SSL Alert Protocol:

➢ conveys SSL-related alerts to peer entity

➢ severity
• warning or fatal
➢ specific alert
• fatal: unexpected message, bad record mac, decompression failure, handshake
failure, illegal parameter
• warning: close notify, no certificate, bad certificate, unsupported certificate,
certificate revoked, certificate expired, certificate unknown
➢ compressed & encrypted like all SSL data
SSL Handshake Protocol:

➢ allows server & client to:

⚫ authenticate each other
⚫ to negotiate encryption & MAC algorithms
⚫ to negotiate cryptographic keys to be used
➢ comprises a series of messages in phases
⚫ Establish Security Capabilities
⚫ Server Authentication and Key Exchange
⚫ Client Authentication and Key Exchange
⚫ Finish
SSL Handshake Protocol:
Cryptographic Computations:
➢ master secret creation
⚫ a one-time 48-byte value
⚫ generated using secure key exchange (RSA / Diffie-Hellman) and then hashing info
➢ generation of cryptographic parameters
⚫ client write MAC secret, a server write MAC secret, a client write key, a server write key,
a client write IV, and a server write IV
⚫ generated by hashing master secret
Secure Electronic Transaction(SET):
Secure Electronic Transaction (SET) is a protocol that was developed by Visa and Mastercard in
the mid-1990s to ensure secure electronic transactions over the internet. The protocol was
designed to provide a high level of security for online credit card transactions, by ensuring that
the cardholder's account information and transaction details were protected from interception and
tampering.

SET uses a combination of digital certificates and encryption to ensure the security of
transactions. When a cardholder initiates a transaction, their browser sends a request to the
merchant's server, which then sends a request for payment to the bank's server. The bank's server
responds with a digital certificate that includes the bank's public key, which is used to encrypt
the transaction information.

The merchant's server then sends the encrypted transaction information to the payment gateway,
which decrypts the information using the bank's public key and re-encrypts it using the
merchant's public key. The payment gateway then sends the encrypted information back to the
merchant's server, which decrypts it using the merchant's private key.

This process ensures that the cardholder's account information is not visible to the merchant, and
that the transaction details cannot be intercepted or tampered with during transmission. SET also
includes mechanisms for verifying the authenticity of the cardholder and the merchant, and for
detecting and preventing fraud.

Despite its early promise, SET was not widely adopted due to its complexity and the emergence
of simpler and more user-friendly payment methods, such as PayPal and other digital wallets.
Today, the security measures originally developed for SET continue to be used in various forms
in a wide range of electronic payment systems

SET Overview
A good way to begin our discussion of SET is to look at the business requirements for SET, its
key features, and the participants in SET transactions.

Provide confidentiality of payment and ordering information: It is necessary to assure

cardholders that this information is safe and accessible only to the intended recipient.
Confidentiality also reduces the risk of fraud by either party to the transaction or by malicious
third parties. SET uses encryption to provide confidentiality.

1. Ensure the integrity of all transmitted data: That is, ensure that no changes in content
occur during transmission of SET messages. Digital signatures are used to provide
integrity.

2. Provide authentication that a cardholder is a legitimate user of a credit card account: A

mechanism that links a cardholder to a specific account number reduces the incidence of
 fraud and the overall cost of payment processing. Digital signatures and certificates are used
to verify that a cardholder is a legitimate user of a valid account.

3. Provide authentication that a merchant can accept credit card transactions through its
relationship with a financial institution: This is the complement to the preceding
requirement. Cardholders need to be able to identify merchants with whom they can
conduct secure transactions. Again, digital signatures and certificates are used.
4. Ensure the use of the best security practices and system design techniques to protect all
legitimate parties in an electronic commerce transaction: SET is a well-
testedspecification based on highly secure cryptographic algorithms and protocols.
5. Create a protocol that neither depends on transport security mechanisms nor prevents
their use: SET can securely operate over a "raw" TCP/IP stack. However, SET does not
interfere with the use of other security mechanisms, such as IPSec and SSL/TLS.
6. Facilitate and encourage interoperability among software and network providers: The
SET protocols and formats are independent of hardware platform, operating system, and
Websoftware.

Key Features of SET

To meet the requirements just outlined, SET incorporates the following features:

1. Confidentiality of information: Cardholder account and payment information is secured

as it travels across the network. An interesting and important feature of SET is that it
prevents the merchant from learning the cardholder's credit card number; this is only
provided to the issuing bank. Conventional encryption by DES is used to provide
confidentiality.
2. Integrity of data: Payment information sent from cardholders to merchants includes order
information, personal data, and payment instructions. SET guarantees that these message
contents are not altered in transit. RSA digital signatures, using SHA-1 hash codes,
provide message integrity. Certain messages are also protected by HMAC using SHA-1.
3. Cardholder account authentication: SET enables merchants to verify that a cardholder is a
legitimate user of a valid card account number. SET uses X.509v3 digital certificates
with RSA signatures for this purpose.
4. Merchant authentication: SET enables cardholders to verify that a merchant has a
relationship with a financial institution allowing it to accept payment cards. SET uses
X.509v3 digital certificates with RSA signatures for this purpose.
SET Participants

Figure shows participants in the SET system, which include the following:

1. Cardholder: In the electronic environment, consumers and corporate purchasers interact

with merchants from personal computers over the Internet. A cardholder is an authorized
holder of a payment card (e.g., MasterCard, Visa) that has been issued by an issuer.
2. Merchant: A merchant is a person or organization that has goods or services to sell to the
cardholder. Typically, these goods and services are offered via a Web site or by
electronic mail. A merchant that accepts payment cards must have a relationship with an
acquirer.
3. Issuer: This is a financial institution, such as a bank, that provides the cardholder with the
payment card. Typically, accounts are applied for and opened by mail or in person.
Ultimately, it is the issuer that is responsible for the payment of the debt of the
cardholder.
4. Acquirer: This is a financial institution that establishes an account with a merchant and
processes payment card authorizations and payments. Merchants will usually accept more
than one credit card brand but do not want to deal with multiple bankcard associations or
with multiple individual issuers. The acquirer provides authorization to the merchant that
a given card account is active and that the proposed purchase does not exceed the credit
limit. The acquirer also provides electronic transfer of payments to the merchant's
account. Subsequently, the acquirer is reimbursed by the issuer over some sort of
payment network for electronic funds transfer.
5. Payment gateway: This is a function operated by the acquirer or a designated third party
that processes merchant payment messages. The payment gateway interfaces between
SET and the existing bankcard payment networks for authorization and payment
functions. The merchant exchanges SET messages with the payment gateway over the
Internet, while the payment gateway has some direct or network connection to the
acquirer's financial processing system.
6. Certification authority (CA): This is an entity that is trusted to issue X.509v3 public-key
certificates for cardholders, merchants, and payment gateways. The success of SET will
depend on the existence of a CA infrastructure available for this purpose. As was
discussed in previous chapters, a hierarchy of CAs is used, so that participants need not
be directly certified by a root authority.
Secure Electronic Commerce Components:

We now briefly describe the sequence of events that are required for a transaction. We will then
look at some of the cryptographic details.

1.The customer opens an account. The customer obtains a credit card account, such as
MasterCard or Visa, with a bank that supports electronic payment and SET.

2.The customer receives a certificate. After suitable verification of identity, the customer
receives an X.509v3 digital certificate, which is signed by the bank. The certificate verifies the
customer's RSA public key and its expiration date. It also establishes a relationship, guaranteed
by the bank, between the customer's key pair and his or her credit card.

3.Merchants have their own certificates. A merchant who accepts a certain brand of card must be
in possession of two certificates for two public keys owned by the merchant: one for signing
messages, and one for key exchange. The merchant also needs a copy of the payment gateway's
public-key certificate.

4. The customer places an order. This is a process that may involve the customer first browsing
through the merchant's Web site to select items and determine the price. The customer then sends
a list of the items to be purchased to the merchant, who returns an order form containing the list
of items, their price, a total price, and an order number.

5. The merchant is verified. In addition to the order form, the merchant sends a copy of its
certificate, so that the customer can verify that he or she is dealing with a valid store.
6.The order and payment are sent. The customer sends both order and payment information to
the merchant, along with the customer's certificate. The order confirms the purchase of the items
in the order form. The payment contains credit card details. The payment information is
encrypted in such a way that it cannot be read by the merchant. The customer's certificate
enables the merchant to verify the customer.

7.The merchant requests payment authorization. The merchant sends the payment information to
the payment gateway, requesting authorization that the customer's available credit is sufficient
for this purchase.

8.The merchant confirms the order. The merchant sends confirmation of the order to the
customer.

9.The merchant provides the goods or service. The merchant ships the goods or provides the
service to the customer.

10. The merchant requests payment. This request is sent to the payment gateway, which handles
all of the payment processing.

Sender side activity:

Receiver side activity:

Secure Shell (SSH):

➢ protocol for secure network communications

⚫ designed to be simple & inexpensive
➢ SSH1 provided secure remote logon facility
⚫ replace TELNET & other insecure schemes
⚫ also has more general client/server capability
➢ SSH2 fixes a number of security flaws
➢ documented in RFCs 4250 through 4254
➢ SSH clients & servers are widely available
 ➢ method of choice for remote login/ X tunnels

SSH Protocol Stack:

SSH Transport Layer Protocol:

➢ server authentication occurs at transport layer, based on server/host key pair(s)

⚫ server authentication requires clients to know host keys in advance
➢ packet exchange
⚫ establish TCP connection
⚫ can then exchange data
• identification string exchange, algorithm negotiation, key exchange, end
of key exchange, service request
⚫ using specified packet format
SSH User Authentication Protocol:

➢ authenticates client to server

➢ three message types:
⚫ SSH_MSG_USERAUTH_REQUEST
⚫ SSH_MSG_USERAUTH_FAILURE
⚫ SSH_MSG_USERAUTH_SUCCESS
➢ authentication methods used
⚫ public-key, password, host-based

SSH Connection Protocol:

➢ runs on SSH Transport Layer Protocol

➢ assumes secure authentication connection
➢ used for multiple logical channels
⚫ SSH communications use separate channels
⚫ either side can open with unique id number
⚫ flow controlled
⚫ have three stages:
• opening a channel, data transfer, closing a channel
⚫ four types:
• session, x11, forwarded-tcpip, direct-tcpip.

SSH Connection Protocol Exchange:

Port Forwarding:

➢ convert insecure TCP connection into a secure SSH connection

⚫ SSH Transport Layer Protocol establishes a TCP connection between SSH client
& server
⚫ client traffic redirected to local SSH, travels via tunnel, then remote SSH delivers
to server
➢ supports two types of port forwarding
⚫ local forwarding – hijacks selected traffic
⚫ remote forwarding – client acts for server
Firewalls: Characteristics, Types of Firewalls, Placement of Firewalls, Firewall
Configuration, Trusted Systems.

Firewalls:

A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. It acts as a barrier between an
organization's internal network and the external network (usually the Internet), controlling the
flow of traffic and preventing unauthorized access to or from the network.

Firewalls can be software-based or hardware-based, and they can be configured to allow or block
specific types of traffic based on a range of criteria, such as IP address, port number, protocol
type, and content. They can also be used to set up virtual private networks (VPNs) and to protect
against various types of cyber attacks, including malware, viruses, and denial-of-service (DoS)
attacks.

what is firewall

A firewall is a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. It acts as a barrier between an
organization's internal network and the external network (usually the Internet), controlling the
flow of traffic and preventing unauthorized access to or from the network.

Firewalls can be software-based or hardware-based, and they can be configured to allow or block
specific types of traffic based on a range of criteria, such as IP address, port number, protocol
type, and content. They can also be used to set up virtual private networks (VPNs) and to protect
against various types of cyber attacks, including malware, viruses, and denial-of-service (DoS)
attacks.

Characteristics

Some common characteristics of firewalls include:

1. Packet filtering: A firewall examines each incoming or outgoing packet and filters it
based on predefined rules.
2. Access control: A firewall can restrict access to a network by denying incoming or
outgoing traffic from certain IP addresses or domains.
3. Stateful inspection: A firewall can track the state of network connections and allow or
deny traffic based on that state. This can help prevent attacks such as session hijacking.
4. Application-level gateway: A firewall can act as a proxy for specific applications,
examining the application data to ensure that it complies with security policies.
5. VPN support: Many firewalls support VPN connections, allowing remote users to
securely access a network from outside.
 6. Intrusion detection/prevention: Some firewalls include intrusion detection and/or
prevention features, which can help identify and block attacks in real-time.
7. Reporting: Firewalls can provide detailed logs and reports of network activity, which can
be useful for troubleshooting and compliance purposes.

Placement of Firewalls:

Firewalls are typically placed at the network boundary between an organization's internal
network and the public Internet. This allows them to filter incoming and outgoing traffic,
blocking potentially malicious traffic while allowing legitimate traffic to pass through.

More specifically, firewalls can be placed in a few different locations depending on the specific
needs of the organization.

1. Perimeter firewalls: These firewalls are placed at the edge of an organization's network,
separating it from the public internet. They typically monitor traffic coming into the
network and block any traffic that is not authorized.
2. Internal firewalls: These firewalls are placed within an organization's internal network to
create security zones. By separating different areas of the network with internal firewalls,
an organization can limit the impact of a security breach and control traffic between
different zones.
3. Host-based firewalls: These firewalls are installed on individual devices such as servers,
desktops, and laptops. They provide an additional layer of security by controlling traffic
to and from the device and can be configured to block incoming traffic from specific IP
addresses or ports.

Firewall Configuration:

Firewall configuration is a critical aspect of network security as it determines how traffic is

allowed or blocked by the firewall. Here are some key considerations for configuring firewalls:

1. Define security policies: Before configuring a firewall, it's important to define security
policies that outline what traffic should be allowed or blocked. These policies should be
based on an organization's specific security needs and risk profile.
2. Determine rule order: Firewall rules are typically evaluated in order, so it's important to
define the rule order carefully. Rules that allow traffic should be placed before rules that
block traffic to avoid unintentionally blocking legitimate traffic.
3. Specify source and destination: Firewall rules should specify the source and destination
of the traffic being allowed or blocked. This can be done using IP addresses, domain
names, or other identifiers.
4. Choose protocols and ports: Firewall rules should also specify the protocols and ports
being used for the traffic. For example, HTTP traffic typically uses port 80, while HTTPS
traffic typically uses port 443.

5. Implement logging and monitoring: Firewall logging and monitoring can provide
valuable insight into network activity and potential security threats. It's important to
 configure the firewall to log relevant information and to regularly review firewall logs for
anomalies.
6. Test and refine: Firewall configurations should be tested and refined over time to ensure
that they are effectively blocking unauthorized traffic while allowing legitimate traffic to
pass through.

Overall, configuring a firewall requires careful consideration of an organization's security needs

and a thorough understanding of network traffic patterns and protocols. It's important to
regularly review and refine firewall configurations to ensure ongoing network security.

Trusted Systems:

Trusted systems are computer systems that are designed and implemented with a high level of
security and reliability, and are considered to be trustworthy by users and other systems that
interact with them. These systems are typically used in sensitive environments such as military,
government, financial, and healthcare organizations, where the integrity, confidentiality, and
availability of data are of critical importance.

Here are some key characteristics of trusted systems:

1. Secure hardware and software: Trusted systems are designed with hardware and software
that are secure and reliable, and are resistant to attacks and vulnerabilities. The hardware
and software components are thoroughly tested and validated to ensure their security and
reliability.
2. Trusted computing base: The trusted computing base (TCB) is the set of hardware,
software, and firmware components that are critical to the security and functionality of
the system. The TCB is carefully designed, implemented, and tested to ensure that it is
secure and reliable.
3. Formal methods: Trusted systems are often designed and implemented using formal
methods, which are mathematical techniques for verifying the correctness and security of
software and hardware components.
4. Access controls: Trusted systems implement strict access controls to ensure that only
authorized users and processes can access sensitive data and functions. These access
controls are typically enforced using mechanisms such as authentication, authorization,
and encryption.
5. Audit and accountability: Trusted systems implement robust audit and accountability
mechanisms that track all system activity and provide a detailed audit trail. This allows
administrators to monitor and investigate any suspicious activity and to identify potential
security threats.

Overall, trusted systems are designed and implemented with a high level of security and
reliability, and are subject to rigorous testing and validation to ensure their trustworthiness. They
provide a high degree of confidence that sensitive data and functions are protected from
unauthorized access and that the system is functioning as intended.