NETWORK SECURITY

UNIT-1
INTRODUCTION
CRYPTOGRAPHY-Greek word-”Secret Writing”
 Cryptography is the science of using mathematics to
encrypt and decrypt data.
Cryptography enables you to store sensitive
information or transmit it across insecure net- works (like
the Internet)
so that it cannot be read by anyone except the intended
recipient.
 BASICS OF CRYPTOGRAPHY

 Cryptanalysis is the science of analyzing and

breaking secure communication.
 Cryptanalysts are also called attackers.
 Cryptology embraces both cryptography and
cryptanalysis.
 Plain Text: Original Message
 Cipher Text: The Transformed Message produced as
output. It depends on the plain text.
 Key: Some critical information used by cipher,
known only to the sender and receiver.

 Cipher: An algorithm for transforming plaintext

message into Cipher Text.

 Encipher: The Process of converting plaintext to

cipher text using a cipher and a key.

 Decipher: The Process of converting cipher text to

plain text using a cipher and a key.
Elements of information Security

CONFIDENTIALITY

SECURITY

INTEGRITY AVAILABILITY
CONVENTIONAL CRYPTOGRAPHY

plaintext Cipher text decryption plaintext

encryption
 TYPES OF CRYPTOGRAPHY

1. SYMMETRIC KEY CRYPTOGRAPHY

2. ASYMMETRIC KEY CRYPTOGRAPHY

SYMMETRIC KEY CRYPTOGRAPHY

 Same key is used for encryption and decryption.
 The sender and receiver must share the
algorithm and key.
 Also called as secret key encryption.
 Very fast.
 Key exchange is a big problem.
ASYMMETRIC KEY CRYPTOGRAPHY

 One key for encryption and other key for decryption.

 One of the two key must be kept secret.

 Also called as Public key encryption.

 Key exchange is not a problem.

 Size of the resulting encrypted text is more than the original

text.
 PUBLIC KEY CRYPTOGRAPHY
Public key Private key

plaintext encryption decryption plaintext

ciphertext
 Public key cryptography- The concept of which was
introduced by Whitfield Diffie and Martin Hellman in
1975.
 It is an asymmetric scheme.
 That uses a pair of keys for encryption: a public key,
which encrypts data, and a corresponding private key
(secret key) for decryption.
 You publish your public key to the world while
keeping your private key secret.
 The need for sender and receiver to share secret keys
via some secure channel is eliminated.
 No private key is ever transmitted or shared.
Examples of Public key cryptography
 Elgamal (named for its inventor, Taher Elgamal)

 RSA (named for its inventors, Ron Rivest, Adi

Shamir, and Leonard Adle- man)

 Diffie-Hellman (named, you guessed it, for its

inventors)

 DSA-the Digital Signature Algorithm, (invented

by David Kravitz).
 SECURITY ATTACKS
An attempt to gain unauthorized access to information
resources or services, or to cause harm to information
systems.
TYPES OF SECURITY ATTACKS:
1. ACTIVE ATTACKS-Attacker attempts to alter,
destroy, or disrupt the normal operation of a system
or network
2. PASSIVE ATTACKS-Attackers eavesdropping on, or
monitoring of data transmission
 PASSIVE ATTACKS TYPES

 Release of message content-Telephone conversation,

Email Conversation.

 Traffic Analysis-Mask the content of message so

that opponents could not extract the information
from the message.
 ACTIVE ATTAKS
Masquerade or Interruption

Replay

Modification of message

Denial of service
 MAN IN THE MIDDLE ATTACK
 Man-in-the-Middle (MitM) attacks happen when
traffic between two parties is observed or
manipulated by an unknown third party.

 A MitM attack is a cybercrime method used to steal

personal information or login credentials. Cyber
criminals also use MitM attacks as a means to spy
on, corrupt information, or disrupt communications
between two parties.
 METHODS
 Man-in-the-Middle attacks can happen in a number of
ways:

 Types of Spoofing (IP, DNS, HTTPS)

 Hijacking (Secure Socket Layer, Email)

 Wi-Fi Eavesdropping

 Theft of Browsing Cookies

 Man-in-the-Browser:

 When a Man-in-the-Browser attack takes place, the

attacker uses a Phishing method in order to
administer malware to a device.

 Malware is software meant to damage a network,

server or personal computer.
Example of Man-in-the-Browser
 Protection

 Ensure that the browser is using “https” when

browsing the web.

 Be on alert of Phishing emails that request

credentials to be updated
 Hash Functions
 A hash function maps a message of an arbitrary length to
a m-bit output known as the fingerprint or the message
digest.
 Cryptographic hash functions are hash functions with
additional security requirements.
 Hash functions are used to detect whether the message
input has been altered –MDC-Modification Detection
code.
 Another hash functions that involves a secret key and
provide data origin authentication, as well as data
integrity called as MACs-Message authentication code.
 MAC
 A MAC scheme is a hash family, used for message
authentication
 MAC = CK(M)
 The sender and the receiver share K
 The sender sends (M, Ck(M))
 The receiver receives (X,Y) and verifies that
CK(X)=Y, if so, then accepts the message as from the
sender
 To be secure, an adversary shouldn’t be able to come
up with (X’,Y) such that CK(X)=Y.
 ONE WAY HASH FUNCTION
 One way hash function also known as message
digest, finger print or compression function.

 It takes variable length of input string and converts it

into a fixed-length binary sequence.
 To compute the hash function, the algorithm needs
two things
1. Data in the block
2. An input seed
 HASH FUNCTION
• A hash value h is generated by a function H of the
form
h=H(M)
Where M-Variable length of message
H(M)-Fixed Length hash value
APPLICATION:
 Verification of message integrity
 Password verification
 Generation of Pseudorandom numbers
 HMAC
 HMAC-Hashed Message Authentication Codes which uses
a shared secret key between two parties rather than public
key methods.
 HMACK[M] = Hash[(K+  opad) || Hash[(K+  ipad)||
M)]]
• K+ is the key padded (with 0) to B bytes, the input block
size of the hash function
• ipad = the byte 0x36(36 in Hexadecimal) repeated B times
• opad = the byte 0x5C(5C in Hexadecimal) repeated B
times.
HMAC Overview
 CMAC
 Cipher based message Authentication code.
 Block ciphered based message authentication code.
 It is used with AES and DES
 CMAC Message is constructed by splitting it into
blocks of size equal to the block size of underlying
cipher.
CMAC
 C1= E(K,M1)
C2= E(K,[M2 C1 ]
C3= E(K,[M3 C2 ]
·
·
Cn= E(K,[Mn Cn-1 ]
T= MSBTlen(Cn)
where
T= message authentication code, also referred to as the tag
Tlen= bit length of T
MSBs(X)= the s leftmost bits of the bit string X
 SHA
 SHA-Secure Hash Algorithm.

 Developed by National Institute of Standards and

Technology(NIST).

 Based on the input digest lengths SHA includes such

as SHA-1,SHA-256,SHA-384,SHA-512.
 3

SHA-1: Iterative compression

Idea: iterate over all of the L blocks, outputting a value that
is a function of the previous output and the current block:

m1 m2 m3 mL

h’ h’ h’ h’

X0 X1 X2 X3 XL =h(m)

(X0 is constant)

Now, the function h’…

 4-5

SHA-1: Compression function: h’

• Input: X0 (160 bits), m1 (512 bits): Output: X1 (160 bits)
Expand m1 from
m1
5122560 bits.
m1=(W0..W15) (32 bits each) W0 W1 … W15 W16 … W19 W79
…
W t  W t  3  W t  8  W t 14  W t 16 1
e
H 4   e  e d 
 H  d  d   
 3      c   X 0  X1
Initialization X 0  H 2    c  c  … (20 iters)  
4 rounds of 20       b 
 H1   b  b   a 
iterations  H 0   a   a 
each:
Round 2 Round 3 Round 4
Each round uses
a different K K0..19=0x5A827999 K20..39=6ED9EBA1 K60..79=CA62C1D6
and different
Round 1 K40..59=8F1BBCDC
nonlinear
mixing
function f
 How SHA Works?
• Digest Length=160 bit
• I/P Text=512 bit
• Sub Block size=32bit
• 512/32=16 total Sub blocks
• No. Of Rounds=4
• Iteration per round=20
• Chaining Variable = 5*32=160
• K[t] constant= Where t=0 to 79
• O/P-> four 32 bit blocks
 Continue…
5. Process Blocks now the actual algorithm begins.
message in 16-word (512-bit) chunks:
– Copy CV into single register for storing temporary
intermediate as well as the final results.
– Divide the current 512-bit blocks into 16 sub-blocks,
each consisting of 32 bits.
 Has No. Of Rounds=4, each round consisting of 20
bit /step iteration operations on message block &
buffer
 expand 16 words into 80 words(20*4) by mixing &
shifting.K[t] constant= Where t=0 to 79
 Form new buffer value by adding output to input.
6. output hash value is the final buffer value
SHA-1 Compression Function terms
• each round has 20 steps which replaces the 5 buffer
words thus:
(A,B,C,D,E) <-(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,
(B<<30),C,D)
• ABCDE refer to the 5 words of the buffer
• t is the step number
• f(t,B,C,D) is nonlinear function for round
• Wt is derived from the message block
• Kt is a constant value
• S^t circular left shift of 32 bit sub-block by t bits
1. Padding,2.Append Length,3.Divide the input into
1024- bit blocks
4.Initialization Of Chaining Variable
• 8*64= 512 bits
• A,B,C,D,E,F,G,H
 5.Process Blocks
• heart of the algorithm
• processing message in 1024-bit blocks
• consists of 80 rounds
– updating a 512-bit buffer TEMP CHAINING
VARIABLES.
– using a 64-bit value Wt derived from the current
message block
– and a round constant based on cube root of first
80 prime numbers
SHA-512 Round Function
 SHA-512 Round Function
• Let us look in more detail at the logic in each of the 80 steps of the
processing of one 512-bit block (Figure). Each round is defined by the
following set of equations:
 SHA-512 Round Function
where
 t =step/round number; 0 t 79
 Ch(e, f, g)= (e AND f) XOR (NOT e AND g)
 the conditional function: If e then f else g
 Maj(a, b,c)= (a AND b) XOR (a AND c) XOR (b AND c)
 the function is true only of the majority (two or three) of the
arguments are true.
 Sum (ai)= RORT (ai By 28 Bit) XOR RORT (ai By 34 Bit) XOR
 RORT (ai By 39 Bit)
 Sum (ei)= RORT (ei By 14 Bit) XOR RORT (ei By 18 Bit) XOR

 RORT (ei By 41 Bit)

 ROTRn(x) = circular right shift (rotation) of the 64-bit argument x
by n bits
 Wt = a 64-bit word derived from the current 512-bit input
block (i.e:- Message Digest)
 Kt = a 64-bit additive constant
 + = addition modulo 2^64
SHA-512 Round Function
 DIGITAL SIGNATURE
 It is an authentication mechanism.
 It is a cryptography techniques used to validate the
authenticity and integrity of the digital message.
 It is formed by taking the hash of the message and
encrypting the message with creator’s private key.
 GENERAL SCHEME FOR DIGITAL SIGNATURE
1. Direct
2. Arbitrated
 PROPERTIES
It must have the following properties
 It must verify the author and the date and time of the
signature.

 It must to authenticate the contents at the time of

signature.

 It must be verifiable by third parties ,to resolve

disputes.
SCHEMES FOR DIGITAL SIGNATURE

• DIRECT DIGITAL SIGNATURE

• ARBITRATED DIGITAL SIGNATURE
DIRECT DIGITAL SIGNATURE
 It involves only the communicating parties source
and destination
 It is assumed that the destination knows the public
key.
 Confidentiality can be provided by encrypting the
entire message + signature +secret key
 DIRECT SIGNATURE
1. MESSAGE+SIGNATURE=>ENCRYPTION
2. MESSAGE=> ENCRYPTION+SIGNATURE

ARBITRATED DIGITAL SIGNATURE

 Every signed message from A to B
goes to an arbiter BB ( Big Brother)
 DSS-DIGITAL SIGNATURE
STANDARD
• It makes the use of SHA
• DSS cannot be used for encryption or key
exchange.

 SENDER SIDE-private key

 RECEIVER SIDE-public key