Scribd
Upload
26 views452 pages

CS - 1-15 - Merged

Uploaded by

d8x4zz9r6t
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views452 pages

CS - 1-15 - Merged

Uploaded by

d8x4zz9r6t
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 452

Network Security

(Contact Session – 1)

BITS Pilani Dr. Amitesh Singh Rajput


Computer Science & Information Systems
Pilani Campus
BITS Pilani
Pilani Campus

• Advanced Technologies, Dark sides of advanced technologies


• CIA Traid, OSI Security Architecture
• Review of attacks, Mechanisms and Services, Network Security
model
Advanced Technologies
- Autonomous Cars

BITS Pilani, Pilani Campus


Advanced Technologies
- Speech Technology

BITS Pilani, Pilani Campus


What about the dark sides of
Advanced Technologies?
WHAT ABOUT THE DARK SIDES OF ADVANCED
TECHNOLOGIES?
Dam Operations with ML

Image Source: https://www.artstation.com/artwork/4bE0n4

BITS Pilani, Pilani Campus


What about the dark sides of
Advanced Technologies?
Chemical Factory Operations with ML

Image Source: https://brainworldmagazine.com/chemical-factory-inside-head/


BITS Pilani, Pilani Campus
What about the dark sides of
Advanced Technologies?
Learning credit card transactions?

Image Source: https://theconversation.com


BITS Pilani, Pilani Campus
Essential Critical Infrastructure

Image Source: Cybersecurity & Infrastructure Security Agency

BITS Pilani, Pilani Campus


Information Security

The protection afforded to an automated information system.

Preserving the confidentiality, integrity, and availability of


information system resources.

Reference: NIST Computer Security Handbook [NIST95]

BITS Pilani, Pilani Campus


Information Security Objectives

Confidentiality

Preserving authorized restrictions on information access and


disclosure.

BITS Pilani, Pilani Campus


Information Security Objectives

Integrity

Guarding against improper information modification or


destruction.

• Tampering with the opinion poll data.


• Data associated with the unique ids (e.g. PAN, Aadhar, Driving
License) are maliciously changed.

BITS Pilani, Pilani Campus


Information Security Objectives

Availability

Ensuring timely and reliable access to information.

• Railway reservation cannot be done from IRCTC website during a


specific time frame.
• Online banking not available for a particular bank. Customers are in
lurch.

BITS Pilani, Pilani Campus


CIA Traid

Confidentiality

Integrity

Availability

BITS Pilani, Pilani Campus


Useful scenarios

1. Getting exposed to attackers while sending an image or a


video file through a public network?

2. Your biometrics information stored in a central server of


your organization is modified?

3. Daily, IRCTC’s main server is closed for 20 minutes, from


00:00 hours to 00:20 hours. In between the specified hours,
what may happen if you are not informed about that and try
to book a ticket?

BITS Pilani, Pilani Campus


More Objectives?
Authentication
Information being able to be verified.

Accountability

Ability to trace security breach to a responsible party.

BITS Pilani, Pilani Campus


Major Standardization Bodies
for Information Security

IETF: The Internet Engineering Task Force (IETF)

ITU-T: International Telecommunications Union –


Telecommunications Sector

NIST: National Institute of Standards and Technology


(NIST)

ISO: International Organization for Standardization (ISO)

BITS Pilani, Pilani Campus


OSI Security Architecture

The OSI security architecture focuses on security attacks, mechanisms,


and services (as per ITU-T Recommendation X.800).

Security Attack: Any action that compromises the security of information


owned by an organization.

Security Mechanism: A process that is designed to detect, prevent, or


recover from a security attack.

Security Service: A processing or communication service that enhances


the security of the data processing systems and the information transfer of
an organization. The services are intended to counter security attacks, and
to use one or more security mechanisms.

BITS Pilani, Pilani Campus


Security Attacks
- Passive Attack

Picture source: Cryptography and Network Security, William Stallings


BITS Pilani, Pilani Campus
Security Attacks
- Active Attack

Picture source: Cryptography and Network Security, William Stallings


BITS Pilani, Pilani Campus
Security Attacks
- Types as described in X.800

Security Attacks

Snooping Modification Denial of Service (DoS)

Traffic Analysis Masquerading Attacking Availability

Attacking Confidentiality Replaying

Repudiation

Attacking Integrity

BITS Pilani, Pilani Campus


Security Attacks
Data is intercepted by an unauthorized person. E.g.
Snooping
Tapping
Attacking
Patterns like - sender, receiver, message length, time
Confidentiality
Traffic Analysis of the message etc. can be extracted to make
intelligent guesses

Some portion of a legitimate message is altered or the


Modification
message is delayed
One entity pretends to be a different entity.
Masquerading
Attacking
Integrity Subsequent retransmission of a captured message to
Replaying produce an unauthorized effect. E.g. Bill payment fake
reminders
Sender denies that it sent the message or the receiver
Repudiation
denies that it received the message

Attacking Denial of Slowing down or totally interrupting the service of a


Availability Service (DoS) system

BITS Pilani, Pilani Campus


Security Attacks

Attacks Attacking Type

Snooping,
Confidentiality PASSIVE
Traffic Analysis

Modification,
Masquerading,
Replaying, Integrity ACTIVE
Repudiation

Denial of Service
Availability ACTIVE
(DoS)

BITS Pilani, Pilani Campus


Security Mechanism

Feature designed to detect, prevent, and recover from a


security attack.

BITS Pilani, Pilani Campus


Security Mechanisms (X.800)
The use of mathematical algorithms to
Encipherment transform data into a form that is not
readily intelligible.

Digital Signature A data unit that allows a recipient of


the data unit to prove the source.

Access rights to the resources


Access Control restrained.

A mechanism to append a check


Security Data Integrity value with the data. Receiver
calculates check value on the data
Mechanisms and compares it with received one.
Authentication Two entities exchange the messages
Exchange to prove their identities to each other.

Insertion of bogus data to thwart the


Traffic Padding traffic analysis.

Discretionary selection of routes


Routing Control between sender and receiver based
on security risks.

Notarization Trusted third party assures the


information exchange.

BITS Pilani, Pilani Campus


Security Service

• Intended to counter security attacks using one or more


security mechanisms.

• Often replicates the functions normally associated with


physical documents:
• which, for example, have signatures, dates;
need protection from disclosure, tampering,
or destruction; be notarized or witnessed;
be recorded or licensed.

BITS Pilani, Pilani Campus


Security Services (X.800)
• Authentication - Assurance that the communicating entity
is the one claimed.

• Access Control - Prevention of the unauthorized use of a


resource.

• Data Confidentiality – Protecting data from unauthorized


disclosure.

• Data Integrity - Assurance that data received is as sent by


an authorized entity.

• Non-Repudiation - Protection against denial by one of the


parties in a communication.

BITS Pilani, Pilani Campus


Availability: Sixth type of
security service
Both X.800 and RFC-4949 define availability to be the
property of a system being accessible and usable upon
demand by an authorized entity. A variety of attacks can
result in the loss of or reduction in availability.

The availability service addresses the security concerns


raised by Denial of Service attacks. Thus, it can be treated
as sixth type of security service.

BITS Pilani, Pilani Campus


Security Mechanisms and
Services

Sample mapping:
mechanisms to services

BITS Pilani, Pilani Campus


A Model for Network Security

Using this model requires us to:

• Design a suitable algorithm for security transformation


• Generate secret information (keys) used by the algorithm
• Develop methods to distribute and share the secret
information
• Specify a protocol enabling the principles to use the
transformation and secret information for a security service

BITS Pilani, Pilani Campus


A Model for Network Security

Trusted Third Party


Security (Secret Information Distribution, Security
Related Arbitration) Related
Transformation Transformation
Information
Channel
Secure Secure
Message Message
Message Message

Sender Receiver
Secret Secret
Information Information

Opponent
• A logical information channel is established by defining a route through the Internet from source to destination and by the
cooperative use of communication protocols (e.g., TCP/IP) by the sender and receiver.

• An opponent may present a threat to the confidentiality of the message that is being transmitted.

• Using a secret information, sender secures the original message (encrypted or ciphered) and using the same or different
secret information receiver recovers the original message (decrypted or deciphered).

• A trusted third party distributes the secret information to both the sender and receiver.

BITS Pilani, Pilani Campus


Techniques to Implement Security
Mechanisms

1. Cryptography
2. Steganography

BITS Pilani, Pilani Campus


Techniques to Implement Security
Mechanisms

Cryptography:

Transforming the secret message to make it secure and


immune to attacks.

i. Symmetric-Key cryptography
ii. Asymmetric (or Public) Key cryptography
iii. Data Integrity
iv. Mutual Trust

BITS Pilani, Pilani Campus


Some Basic Terminology

• Plaintext - Original message


• Ciphertext - Coded message
• Cipher - Algorithm for transforming plaintext to ciphertext
• Key - Info used in cipher. Known only to sender/receiver
• Encipher (encryption) - Converting plaintext to ciphertext
• Decipher (decryption) - Recovering ciphertext from plaintext
• Cryptography - Study of encryption principles/methods
• Cryptanalysis (codebreaking) - Study of principles/
methods of deciphering ciphertext without knowing key
• Cryptology - Field of both cryptography and cryptanalysis

BITS Pilani, Pilani Campus


Symmetric Encryption

• Also known as conventional / private-key / single-key


• Sender and receiver share a common key
• All classical encryption algorithms are private-key

BITS Pilani, Pilani Campus


Symmetric Encryption:
Requirements
Requirements for secure use of symmetric encryption:
– A strong encryption algorithm
– A secret key known only to sender / receiver

Mathematically have:
Y = EK(X)
X = DK(Y)

Assume encryption algorithm is known -> Implies a secure


channel to distribute key.

BITS Pilani, Pilani Campus


Asymmetric Encryption

To send a secure message, the sender first encrypts the


message using receiver’s public key.

To decrypt the message, the receiver uses its own private


key.
Receiver’s Receiver’s
public key private key

BITS Pilani, Pilani Campus


Data Integrity and Mutual Trust

Data Integrity
Ensuring data correctness.

Hashing
A fixed-length message digest is created out of a variable-
length message. The digest is normally much smaller than the
message.

Mutual Trust
Different methods for key generation and distribution. Entity
authentication and notarization methods.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(CS - 2)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Review of CS - 1

• CIA Traid

• OSI Security Architecture

• Security Attacks
• Security Mechanisms
• Security Services

BITS Pilani, Pilani Campus


Review of CS - 1

• Network Security Model

Trusted Third Party


Security (Secret Information Distribution, Security
Related Arbitration) Related
Transformatio Transformatio
n Information n
Channel
Secure Secure
Message Message
Message Message

Sender Receiver
Secret Secret
Information Information

Opponent

BITS Pilani, Pilani Campus


Review of CS - 1

• Techniques to implement security mechanisms

1. Cryptography
2. Steganography

BITS Pilani, Pilani Campus


Symmetric Encryption

• Also known as conventional / private-key / single-key


• Sender and receiver share a common key
• All classical encryption algorithms are private-key

BITS Pilani, Pilani Campus


Symmetric Encryption: Requirements

Requirements for secure use of symmetric encryption:


– A strong encryption algorithm
– A secret key known only to sender / receiver

Mathematically have:
Y = EK(X)
X = DK(Y)

Assume encryption algorithm is known -> Implies a secure channel to distribute key.

BITS Pilani, Pilani Campus


Asymmetric Encryption

To send a secure message, the sender first encrypts the message using receiver’s
public key.

To decrypt the message, the receiver uses its own private key.

Receiver’s Receiver’s
public key private key

BITS Pilani, Pilani Campus


Data Integrity and Mutual Trust
Data Integrity
Ensuring data correctness.
Hashing

A fixed-length message digest is created out of a variable-length message. The digest


is normally much smaller than the message.

Mutual Trust
Different methods for key generation and distribution. Entity authentication and
notarization methods.

BITS Pilani, Pilani Campus


Techniques to Implement Security Mechanisms

Steganography:

• An alternative to encryption
• Hides existence of message
• Done by using only a subset of letters/words in a longer message marked in
some way
• Hiding in LSB in graphic image or sound file

• Drawback
❑ High overhead to hide relatively few info bits

BITS Pilani, Pilani Campus


Techniques to Implement Security Mechanisms

Steganography: Secret value


(10010101)2 = (149)10
01010010 01010011
10111101 10111100
01011110 01011110 Pixel modified
10111100 10111101 (01010010)2 = (82)10
01111111 01111110
01001010 01001011
(01010011)2 = (83)10
00010101 00010100
01001011 01001011

BITS Pilani, Pilani Campus


Techniques to Implement Security Mechanisms

Steganography:

https://towardsdatascience.com/steganography-hiding-an-image-inside-another-77ca66b2acb1

BITS Pilani, Pilani Campus


Cryptanalysis

Objective is to recover key not just the message.

Two general approaches:


• Brute-force attack
• Cryptanalytic attack

BITS Pilani, Pilani Campus


Brute-force Attack
Trial-and-error to guess login information.

nordvpn.com/blog/brute-force-attack/

BITS Pilani, Pilani Campus


Cryptanalytic Attacks

Known plaintext
– The attacker has access to the ciphertext and its corresponding plaintext.
The goal is to guess secret key or to deduce the encryption algorithm.

Chosen plaintext
– Choose arbitrary plaintext to be encrypted and receive the corresponding
ciphertext.

BITS Pilani, Pilani Campus


Cryptanalytic Attacks

Ciphertext only attack


– Only algorithm and ciphertext are known. Attempts made to identify the
plaintext.

Chosen ciphertext
– The attacker has the capability to make the victim decrypt any ciphertext and
send back the result. This result can be used to guess the secret key.

BITS Pilani, Pilani Campus


More Definitions

Unconditional security
– No matter how much computer power or time is available, the cipher cannot be
broken since the ciphertext provides insufficient information to uniquely determine
the corresponding plaintext.

Computational security
– Given limited computing resources (e.g. time needed for calculations is greater
than age of universe), the cipher cannot be broken.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Classical Encryption and Cryptanalysis

BITS Pilani, Pilani Campus


Classical Encryption

• Substitution Ciphers
• Transposition Ciphers

BITS Pilani, Pilani Campus


Classical Encryption

Substitution Ciphers

Letters of plaintext are replaced by


other letters or by numbers or symbols.

BITS Pilani, Pilani Campus


Caesar Cipher

Earliest known substitution cipher by Julius Caesar

First attested use in military affairs

Replaces each letter by 3rd letter

meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

BITS Pilani, Pilani Campus


Caesar Cipher
Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Mathematically give each letter a number


a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Then we can have the Caesar cipher as:


c = E(p) = (p + k) mod (26)
p = D(c) = (c – k) mod (26)

BITS Pilani, Pilani Campus


Cryptanalysis of Caesar Cipher

Only has 25 possible ciphers


– A maps to B,C,…,Z.

Attacker could simply try each in turn a brute-force search.


Given the ciphertext, just try all shifts of letters.

Do need to recognize when the plaintext appears.


e.g. break the ciphertext
"PHHW PH DIWHU WKH WRJD SDUWB"

BITS Pilani, Pilani Campus


Example

Three important characteristics of this


problem enabled the use of a brute-force
cryptanalysis:

1. The encryption and decryption


algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known
and easily recognizable.

BITS Pilani, Pilani Campus


Monoalphabetic Cipher
• Rather than just shifting the alphabet, we could shuffle (jumble) the letters
arbitrarily.
• Each plaintext letter maps to a different random ciphertext letter. Hence key is
26 letters long.

Mapping
Plain: abcdefghijklmnopqrstuvwxyz
Key: DKVQFIBJWPESCXHTMYAUOLRGZN

Encryption
Plaintext: if we wish to replace letters
Ciphertext: WI RF RWAJ UH YFTSDVF SFUUFYA

BITS Pilani, Pilani Campus


Monoalphabetic Cipher Security
Now we have a total of 26! as there are n! permutations of a set of n elements.

There is, however, another possibility of attack.

If the cryptanalyst knows the nature of the plaintext (e.g. English text), then the
regularities of the language can be exploited.

BITS Pilani, Pilani Campus


Language Redundancy and
Cryptanalysis
• Human languages are redundant.

• For example, "th lrd s m shphrd shll nt wnt" letters are not equally used.

• In English E is by far the most common letter, followed by T,R,N,I,O,A,S.

• Other letters like Z,J,K,Q,X are fairly rare.

• The cryptanalyst can have tables of single, double & triple letter frequencies for
various languages.

BITS Pilani, Pilani Campus


English Letter Frequencies

BITS Pilani, Pilani Campus


Use in Cryptanalysis
Key concept - Monoalphabetic substitution ciphers do not change relative letter
frequencies.
General methodology for cryptanalysis –
1. Calculate letter frequencies for ciphertext
2. Compare counts/plots against known values
3. If Caesar cipher, look for common peaks/troughs
4. Identify each letter
– tables of common double/triple letters help

BITS Pilani, Pilani Campus


Example Cryptanalysis
Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Count relative letter frequencies

BITS Pilani, Pilani Campus


Example Cryptanalysis

BITS Pilani, Pilani Campus


Example Cryptanalysis

…FPOMBZWPFUPZH…
Guess P & Z are e and t
Guess ZW is th (di-gram or digram) and hence ZWP is the (trigram)

Similarly, analyze the sequence ZWSZ in the first line. We do not know that
these four letters form a complete word, but if they do, it is of the form th_t.

If so, S equates with a.

BITS Pilani, Pilani Campus


Example Cryptanalysis
Populating the given ciphertext with our findings:

Proceeding with trial and error finally we get:


it was disclosed yesterday that several informal but direct
contacts have been made with political representatives of the
viet cong in moscow

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(CS - 3)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Recap

Substitution ciphers

• Ceaser Cipher
• Monoalphabetic Cipher

BITS Pilani, Pilani Campus


Playfair Cipher

Not even the large number of keys in monoalphabetic cipher provides security.
To reduce the "spikyness" of the underlying plaintext (natural language text), one
approach is to encrypt more than one letter at once.

BITS Pilani, Pilani Campus


Playfair Cipher
The playfair algorithm is based on the use of a 5 * 5 matrix of letters constructed
using a keyword.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

The keyword is monarchy.


The matrix is constructed by filling letters of the keyword from left to right and from
top to bottom, and then continuing with the remaining letters in alphabetic order.

BITS Pilani, Pilani Campus


Playfair Cipher – Encryption rules
Encrypt two letters at a time according to following rules: M O N A R
C H Y B D
1. If a plaintext pair consists of repeated letters, separate E F G I/J K
them with a filler letter, such as x. For example, balloon
L P Q S T
would be treated as ba lx lo on.
U V W X Z

2. If both plaintext letters fall in the same matrix row, replace each letter with the letter
to right (wrapping back to start from end). For example, on is encrypted as NA.

3. If both plaintext letters fall in the same matrix column, replace each with the letter
below it (again wrapping to top from bottom). For example, mu is encrypted as CM.

4. Otherwise, each letter is replaced by the letter in the same row and in the column of
the other letter of the pair. For example, hs becomes BP and ea becomes IM (or JM,
as per encipherer’s wish.)
BITS Pilani, Pilani Campus
Security of Playfair Cipher
Security is much improved over monoalphabetic cipher.
It was widely used for many years
– E.g. by US & British military in WW1
But, concluded that it can be broken, given a few hundred letters as still it has
much of plaintext structure.

BITS Pilani, Pilani Campus


Security of Playfair Cipher

The number of occurrences of each letter in the text


was counted and divided by the number of occurrences
of the letter e which is the most frequently used letter.

As a result, e has a relative frequency of 1, t of about


0.76, and so on. Horizontal axis represents letters in
order of decreasing frequency.

BITS Pilani, Pilani Campus


Polyalphabetic Ciphers

Based on the principle to improve security using multiple cipher alphabets.

Makes cryptanalysis harder with more alphabets to guess and to flatter frequency
distribution.

Uses a key to select which alphabet is used for each letter of the message.

BITS Pilani, Pilani Campus


Vigenère Cipher
Assume a sequence of plaintext letters 𝑃 = 𝑝0 , 𝑝1 , 𝑝2 , … , 𝑝𝑛−1 and a key consisting of
the sequence of letters 𝐾 = 𝑘0 , 𝑘1 , 𝑘2 , … , 𝑘𝑚−1 , where typically m < n.
The sequence of ciphertext letters is calculated as:
𝐶𝑖 = 𝑝𝑖 + 𝑘𝑖𝑚𝑜𝑑𝑚 𝑚𝑜𝑑 26

The following sequence follows -


𝐶0 = 𝑝0 + 𝑘0 𝑚𝑜𝑑 26
𝐶1 = 𝑝1 + 𝑘1 𝑚𝑜𝑑 26

𝐶𝑚 = 𝑝𝑚 + 𝑘𝑚 𝑚𝑜𝑑 26
𝐶𝑚+1 = 𝑝𝑚+1 + 𝑘0 𝑚𝑜𝑑 26
BITS Pilani, Pilani Campus
Vigenère Cipher - Example

Usually, the key is a repeating keyword.

For example, the message “we are discovered save yourself” would be encrypted
using the key deceptive as -

Key: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourself
Ciphertext: ZICVTWONGRZGVTWAVZHCQYGLMGJ

BITS Pilani, Pilani Campus


Vigenère Cipher - Problem

Problem: If two identical sequences of plaintext letters are at a distance that is a


multiple of the keyword length, they will generate identical ciphertext sequences.

Key: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourself
Ciphertext: ZICVTWONGRZGVTWAVZHCQYGLMGJ

An attacker looking at only the ciphertext would detect the repeated sequences VTW at
a distance of 9 letters and make the assumption that the keyword is either three or
nine letter in length. This becomes a good guess when the message is long.

BITS Pilani, Pilani Campus


Security of Vigenère Cipher

The number of occurrences of each letter in the text


was counted and divided by the number of occurrences
of the letter e which is the most frequently used letter.

As a result, e has a relative frequency of 1, t of about


0.76, and so on. Horizontal axis represents letters in
order of decreasing frequency.

BITS Pilani, Pilani Campus


Vernam Cipher
• Choose a keyword that is as long as the plaintext and has no statistical
relationship to it.

• Introduced by an AT&T engineer named Gilbert Vernam that works on binary data
(bits) rather than letters.

BITS Pilani, Pilani Campus


Vernam Cipher
• The essence of this technique is the means of construction of the key.

• Vernam proposed the use of a running loop of tape that eventually repeated
the key, so that in fact the system worked with a very long but repeating keyword.

• It can be broken with sufficient ciphertext, the use of known or probable plaintext
sequences, or both.

BITS Pilani, Pilani Campus


One-Time Pad

Joseph Mauborgne proposed using a random key that is as long as the message, in
a way that the key need not to be repeated.

The key is to be used to encrypt and decrypt a single message, and then discarded.

Each new message requires a new key of the same length as of its length.

Such a scheme is unbreakable.

BITS Pilani, Pilani Campus


One-Time Pad - Example

CT: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key: pxlmvmsydofuyrvzwcptnlebnenjfkdnnjfhnflzzie
PT: mr mustard with the candlestick in the hall

CT: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key: mfugpmiydfkhllawqortenxzafnbvtodfsnvgwermfn
PT: miss scarlet with the knife in the library

Suppose the cryptanalyst had managed to find these two keys. Two plausible
plaintexts are produced.
How the cryptanalyst can decide which is the correct decryption?
BITS Pilani, Pilani Campus
One-Time Pad
– Relation between Security and Implementation
The one-time pad offers complete security but, in practice, has two fundamental
difficulties.

1. Practical problem of making large quantities of random keys.


– Any heavily used system might require millions of random characters on a
regular basis. Supplying truly random characters in this volume is a
significant task.

2. Problem of key distribution and protection.


– For every message to be sent, a key of equal length is needed by both
sender and receiver. Thus, a mammoth key distribution problem exists.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(CS - 4)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Transposition Cipher

Previous techniques involve substituting the plaintext with a ciphertext.

A different mapping can be achieved by performing some permutation on the


plaintext letters, known as Transposition Cipher.

BITS Pilani, Pilani Campus


Transposition Cipher - Example

Rail fence technique

The plaintext is written down as a sequence of diagonals and then read off as a
sequence of rows.

Example:

PT: meet me after the toga party


m e m a t r h t g p r y
e t e f e t e o a a t

CT: MEMATRHTGPRYETEFETEOAAT

BITS Pilani, Pilani Campus


Transposition Cipher - Example

Rail fence technique

A more complex way using rows and columns of matrix.

PT: attack postponed until two am

Key: 4 3 1 2 5 6 7
a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
CT: TTNAAPTMTSUOAODWCOIXKNLYPETZ

BITS Pilani, Pilani Campus


Transposition Cipher - Example

Rail fence technique

Second Iteration:

PT: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Key: 4 3 1 2 5 6 7
t t n a a p t
m t s u o a o
d w c o i x k
n l y p e t z
CT: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

BASIC CONCEPTS IN NUMBER THEORY


AND FINITE FIELDS
Modular Arithmetic

Define modulo operator "a mod n” to be remainder when a is


divided by n.

Modular arithmetic is where we perform arithmetic operations within the


confines of some set of integers mod n.

It uses a finite number of values and loops back from either end
where needed.

BITS Pilani, Pilani Campus


Addition modulo 8

BITS Pilani, Pilani Campus


Multiplication modulo 8

BITS Pilani, Pilani Campus


Additive and Multiplicative Inverses modulo 8

BITS Pilani, Pilani Campus


Properties of Modular Arithmetic

For Integers in 𝑍𝑛

BITS Pilani, Pilani Campus


Modular Arithmetic - Reduction

When reducing, we "usually" want to find the positive remainder after


dividing by the modulus.

For positive numbers, this is simply the normal remainder.

For negative numbers we have to "overshoot" (i.e. find next multiple


larger than number) and "come back" (i.e. add a positive remainder to
get the number).

Example: -12 mod 7?


-12 mod 7 = -5 mod 7 = 2 mod 7 = 2

BITS Pilani, Pilani Campus


Modular Arithmetic - Congruence

For a positive integer n, two integers A and B are said to be congruent


modulo n, if A and B have the same remainder when divided by n.

𝐴 ≡ 𝐵 𝑚𝑜𝑑 𝑛

It can also be said that A and B are in the same Equivalence Class.

Known as A is congruent to B modulo n.


16 mod 5 = 1
46 mod 5 = 1
16 ≡ 46 mod 5

BITS Pilani, Pilani Campus


Groups and Rings

Groups and rings are fundamental elements of a branch of


mathematics known as abstract algebra.

In abstract algebra with sets, we can combine two elements of the set,
perhaps in several ways, to obtain a third element of the set.

These operations are subject to specific rules, which define the nature
of the set.

BITS Pilani, Pilani Campus


Group
A group G, denoted by {G, •}, is a set of elements with a binary operation
denoted by • whose result is also in the set.

Obeys:
Closure: If a and b belong to G, then a • b is also in G.
Associative: a • (b • c) = (a • b) • c for all a, b, c in G.
Identity element: For each a in G, there is an element e in G such that
e•a=a•e=a
Inverse element: For each a in G, there is an element a’ in G such that
a • a’ = a’ • a = e.
BITS Pilani, Pilani Campus
Group

A group is said to be abelian if it satisfies the following additional


condition:

Commutative: a • b = b • a for all a, b in G.

Question: Set of integers under addition?


Answer: It’s an abelian group

Question: Set of integers under multiplication?


Answer: Not a group. It does not satisfy the inverse property.
BITS Pilani, Pilani Campus
Cyclic Group

A group G is said to be a cyclic group if there exist an element ‘a’ in


G such that every element of G can be generated by ‘a’.

It defines exponentiation within a group as a repeated application of


the group operator.

BITS Pilani, Pilani Campus


Cyclic Group

Example:
𝑍6 = 0, 1, 2, 3, 4, 5 and the binary operation is addition modulo 6.

The cyclic subgroups of 𝑍6 are:


<1> = {1, 2, 3, 4, 5, 0}

Added
thrice
Added
twice

BITS Pilani, Pilani Campus


Cyclic Group
Example:
𝑍6 = 0, 1, 2, 3, 4, 5 and the binary operation is addition modulo 6.

The cyclic subgroups of 𝑍6 are:


<1> = {1, 2, 3, 4, 5, 0}
<2> = {2, 4, 0}
<3> = {3, 0}
<4> = {4, 2, 0}
<5> = {5, 4, 3, 2, 1, 0}

BITS Pilani, Pilani Campus


Cyclic Group

More Information

The additive group of integers is an infinite cyclic group generated


by the element 1.

The set of non-zero real numbers under multiplication is an abelian


group.

BITS Pilani, Pilani Campus


Ring

• A ring R, denoted by {R,+,×}, is a set of elements with two binary


operations addition and multiplication.

• Both operations are closed, i.e.


if 𝑥, 𝑦 ∈ 𝑅, then 𝑥 + 𝑦 ∈ 𝑅 and 𝑥 × 𝑦 ∈ 𝑅.

• And possess some additional properties.

BITS Pilani, Pilani Campus


Ring - Properties

With Addition With Multiplication


• It forms an Abelian group. • 𝑥, 𝑦 ∈ 𝑅 → 𝑥 × 𝑦 ∈ 𝑅
• 𝑎 × (𝑏 × 𝑐) = (𝑎 × 𝑏) × 𝑐
• 𝑥, 𝑦 ∈ 𝑅 → 𝑥 + 𝑦 ∈ 𝑅
• 𝑥+ 𝑦+𝑧 = 𝑥+𝑦 +𝑧
• 𝑥 + 0 = 𝑥,
𝑦+0=𝑦 Common distributive laws:
• 𝑥 ∈ 𝑅 → −𝑥 ∈ 𝑅,
• 𝑎× 𝑏+𝑐 =𝑎×𝑏+𝑎×𝑐
𝑦 ∈ 𝑅 → −𝑦 ∈ 𝑅
• 𝑎+𝑏 ×𝑐 =𝑎×𝑐+𝑏×𝑐
• 𝑥+𝑦 =𝑦+𝑥

BITS Pilani, Deemed to be University under Section 3 of UGC Act, 1956


Ring

If multiplication operation is commutative, it forms a commutative


ring.

Exercise
1. The set of all integers under multiplication?
2. The set of all even integers under addition?
3. The set of all odd integers under addition?

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(CS – 5)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
BITS Pilani
Pilani Campus

RANDOM NUMBERS
Random Numbers

Random numbers play an important role in encryption for various network security
applications.

A number of network security algorithms and protocols based on cryptography


make use of random binary numbers.

BITS Pilani, Pilani Campus


Randomness

• Traditionally, the concern in the generation of a sequence of random numbers has


been that the sequence of numbers be random in some well defined statistical
sense.

• Uniform distribution: The distribution of bits in the sequence should be


uniform; that is, the frequency of occurrence of ones and zeros should be
approximately equal.

• Independence: No subsequence in the given sequence can be extracted.

BITS Pilani, Pilani Campus


Unpredictability

• The successive members of the generated sequence should be unpredictable.

• An opponent should not be able to predict future elements of the sequence on the
basis of previous elements.

BITS Pilani, Pilani Campus


PRNG

Pseudo Random Number Generators (PRNGs)

• Takes as input a fixed value, called the seed, and produces


an open-ended sequence of bits using a deterministic
algorithm.

• Typically, there is a feedback path by which some of the


results of the algorithm are fed back as input as additional
output bits are produced.

BITS Pilani, Pilani Campus


PRF

Pseudo Random Function (PRF)

• Used to produce a pseudorandom string of bits of some


fixed length.

• The PRF takes as input a seed plus some context specific


values, such as a user ID or an application ID.

• Examples are symmetric encryption keys.

BITS Pilani, Pilani Campus


TRNG

True Random Number Generators (TRNGs)

• It uses a nondeterministic source to produce randomness.

• The input of a source is effectively random, often referred to as


an entropy source.

• Example: Conversion of an analog source to a binary output.

• random.org

BITS Pilani, Pilani Campus


Randomness requirement of PRNG

• The randomness requirement for a PRNG is that the generated bit stream
should appear random even though it is deterministic.

• There is no single test that can determine if a PRNG generates numbers that
have the characteristic of randomness.

• The best that can be done is to apply a sequence of tests to the PRNG. If the
PRNG exhibits randomness on the basis of multiple tests, then it can be
assumed to satisfy the randomness requirement.

BITS Pilani, Pilani Campus


NIST SP 800-22 Characteristics
A Statistical Test Suite for Random and Pseudorandom Number Generators for
Cryptographic Applications specifies that the tests should seek to establish the
following characteristics:

1. Uniformity: At any point in the generation of a sequence of random or


pseudorandom bits, the occurrence of a zero or one is equally likely.

2. Scalability: Any test applicable to a sequence can also be applied to


subsequences extracted at random.

If a sequence is random, then any extracted subsequence should also be


random.
BITS Pilani, Pilani Campus
NIST SP 800-22 Characteristics
A Statistical Test Suite for Random and Pseudorandom Number Generators for
Cryptographic Applications specifies that the tests should seek to establish the
following three characteristics:

3. Consistency: The behavior of a generator must be consistent across starting


values (seeds).

BITS Pilani, Pilani Campus


NIST SP 800-22 Tests
SP 800-22 lists 15 separate tests of randomness. Below, a few tests are covered to
get an understanding.

Frequency test: Determining whether the number of ones and zeros in a sequence
is approximately the same as would be expected for a truly random sequence.

Maurer’s universal statistical test: The focus of this test is the number of bits
between matching patterns.
– The purpose of the test is to detect whether or not the sequence can be
significantly compressed without loss of information. A significantly compressible
sequence is considered to be non-random.

BITS Pilani, Pilani Campus


Unpredictability
A stream of pseudorandom numbers should exhibit two forms of unpredictability:

1. Forward unpredictability: If the seed is unknown, the next output bit in the
sequence should be unpredictable in spite of any knowledge of previous bits in the
sequence.

2. Backward unpredictability: It should also not be feasible to determine the seed


from knowledge of any generated values.

No correlation between a seed and any value generated from that seed should be
evident.

BITS Pilani, Pilani Campus


Seed Requirements

• For cryptographic applications, the seed that serves as input to the


PRNG must be secure.

• Because the PRNG is a deterministic algorithm, if the adversary can


deduce the seed, then the output can also be determined.

• The sender need to find a way to deliver the seed to the receiver in a
secure fashion.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

PSEUDORANDOM NUMBER
GENERATORS
Pseudorandom number generators

1. Linear Congruential Generator


– Based on a set of parameters

2. Blum Blum Shub (BBS) Generator


– Based on equivalence classes

BITS Pilani, Pilani Campus


Linear Congruential Generators
• The sequence of random numbers is obtained via the following iterative
equation:

𝑋𝑛+1 = 𝑎𝑋𝑛 + 𝑐 𝑚𝑜𝑑 𝑚

• This technique produces a sequence of integers with each integer in the


range 0 ≤ 𝑋𝑛 < 𝑚.

BITS Pilani, Pilani Campus


Linear Congruential Generators
The selection of a, c, and 𝑚 is critical in developing a good random number
generator.

For example,
Consider the values 𝑎 = 7, 𝑐 = 0, 𝑚 = 32, and 𝑥0 = 1. This generates the
sequence {7,17,23,1,7,etc.}.
𝑋1 = 7 ∗ 1 + 0 𝑚𝑜𝑑 32 = 7 𝑚𝑜𝑑 32 = 7
𝑋2 = 7 ∗ 7 + 0 𝑚𝑜𝑑 32 = 49 𝑚𝑜𝑑 32 = 17
𝑋3 = 7 ∗ 17 + 0 𝑚𝑜𝑑 32 = 119 𝑚𝑜𝑑 32 = 23
𝑋4 = 7 ∗ 23 + 0 𝑚𝑜𝑑 32 = 161 𝑚𝑜𝑑 32 = 1
𝑋5 = 7 ∗ 1 + 0 𝑚𝑜𝑑 32 = 7 𝑚𝑜𝑑 32 = 7

BITS Pilani, Pilani Campus


Linear Congruential Generators
{7,17,23,1,7,etc.}.

Of the 32 possible values, only four are used.

The sequence is said to have a duration of 4.

If we change the value of 𝑎 to 5, then the sequence is {5,25,29,17,21,9,13,1,5,etc.},


which increases the duration to 8.

BITS Pilani, Pilani Campus


Need of a large modulus - m
We would like 𝑚 to be very large, so that there is the potential for producing a long
series of distinct random numbers.

Two tests to evaluate a random number generator:

1. The function should be a full-duration generating function. That is, the function
should generate all the numbers between 0 and 𝑚 before repeating.

2. The generated sequence should appear random.

BITS Pilani, Pilani Campus


Blum Blum Shub (BBS) Generator

1. First of all, choose two prime numbers 𝑝 and 𝑞 of the same equivalence
class.
– For example, the prime numbers 7 and 11 satisfy
» 7 ≡ 11 ≡ 3 (mod 4) for the given modulo 4

2. Compute 𝑛 = 𝑝 * 𝑞

3. Next, choose a random number 𝑠, such that it is relatively prime to 𝑛 (no


number other than 1 can divide them both exactly).

BITS Pilani, Pilani Campus


Blum Blum Shub Generator
Given 𝑛 and 𝑠, the BBS generator produces a sequence of bits 𝐵𝑖 according to the
following algorithm:

The least significant bit is taken at each iteration.

BITS Pilani, Pilani Campus


Blum Blum Shub Generator
Example of BBS operation. Here, 𝑛 = 192649 = 383 ∗ 503, and the seed 𝑠 = 101355.

𝑥0 = 1013552 𝑚𝑜𝑑 192649 = 20749


𝑥1 = 207492 𝑚𝑜𝑑 192649 = 143135
𝐵1 = 143135 𝑚𝑜𝑑 2 = 𝟏

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Stream Cipher
Stream Cipher

• A typical stream cipher encrypts plaintext one byte at a time.

• The key is generated from a pseudorandom bit generator that produces a


stream of 8-bit numbers that are apparently random.

• The output of the generator, called a keystream, is combined one byte at a time
with the plaintext stream using the bitwise exclusive-OR (XOR) operation.

BITS Pilani, Pilani Campus


Stream Cipher

For example, if the plaintext byte is 01101100 and the keystream byte is 11001100,
then the resulting ciphertext byte is:

BITS Pilani, Pilani Campus


Stream Cipher
Encryption and Decryption

BITS Pilani, Pilani Campus


Stream Cipher
Encryption and Decryption
Encryption using the pseudorandom sequence (key)

Decryption requires the use of the same pseudorandom sequence (key)

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 6)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
RC4

• RC4 is a stream cipher designed by Ron Rivest.

• The algorithm is based on the use of random permutation.

BITS Pilani, Pilani Campus


RC4 - Methodology

• A variable-length key from 1 to 256 bytes (8 to 2048 bits) is used to initialize a


256-byte vector S (S[0], S[1], S[2],…,S[255]).

• S at all times, contains a permutation of all 8-bit numbers from 0 through 255.

• For encryption and decryption, a byte is generated from S by selecting one of


the 255 entries in a systematic fashion.

BITS Pilani, Pilani Campus


RC4 – Initialization of S
• To begin, the entries of S are set equal to the values from 0 through 255 in
ascending order, that is, S[0] = 0, S[1] = 1, S[2] = 2,…,S[255] = 255.

• A temporary vector, T, is also created.

• If the length of the key K is 256 bytes, then is K transferred to T.

• Otherwise, for a key of length keylen bytes, the first keylen elements of T are
copied from K, and then K is repeated.

BITS Pilani, Pilani Campus


RC4 – Initialization of S

Example:
For keylen=3

𝑆0 =0 𝑇0 = 𝐾[0]
𝑆1 =1 𝑇1 = 𝐾[1]
𝑆2 =2 𝑇2 = 𝐾[2]
𝑆3 =3 𝑇3 = 𝐾[0]
𝑆4 =4 𝑇4 = 𝐾[1]
𝑆5 =5 𝑇5 = 𝐾[2]
𝑆6 =6 𝑇6 = 𝐾[0]
… …

BITS Pilani, Pilani Campus


RC4 – Initialization of S

Next we use T to produce the initial permutation of S.

This involves starting with S[0] and going through to S[255], and for each, swapping
with another byte in S according to a scheme dictated by T[i]:

BITS Pilani, Pilani Campus


RC4 – Stream Generation

Stream generation involves cycling through all elements of S, where for each S[i],
swapping with another byte in S according to the current configuration of S.

To encrypt, XOR the value k


with the plaintext.

To decrypt, XOR the value k


with the ciphertext.

BITS Pilani, Pilani Campus


RC4 – Initialization of S

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Euclidean algorithm and its extension


Greatest Common Divisor (GCD)

• The greatest common divisor of two integers is the largest integer that can divide
both of them.

BITS Pilani, Pilani Campus


Euclidean Algorithm

• The Euclidean algorithm is based on the following two facts:

1. gcd(a,0) = a
2. gcd(a,b) = gcd(b,r), where r is the remainder of dividing a by b

• The first fact tells us that if the second integer is 0, the GCD is the first one.

• The second fact allows us to change the value of a and b until b becomes 0.

BITS Pilani, Pilani Campus


Euclidean Algorithm - Example
• Example:

gcd(36, 10) 6

gcd(10, 6) 4

gcd(6, 4) 2

gcd(4, 2) 0

gcd(2, 0) = 2

BITS Pilani, Pilani Campus


Euclidean Algorithm

BITS Pilani, Pilani Campus


Extended Euclidean Algorithm

• Given two integers a and b, we often need to find other two integers, s and t, such
that

𝑠 × 𝑎 + 𝑡 × 𝑏 = gcd(𝑎, 𝑏)

• The extended Euclidean algorithm can calculate the gcd(a,b) and at the same
time calculate the value of s and t.

BITS Pilani, Pilani Campus


Extended Euclidean Algorithm
Algorithm

BITS Pilani, Pilani Campus


Extended Euclidean Algorithm
- Process

BITS Pilani, Pilani Campus


Extended Euclidean Algorithm
• GCD(161, 28) with s and t?

q r1 r2 r s1 s2 s t1 t2 t
5 161 28 21 1 0 1 0 1 -5
1 28 21 7 0 1 -1 1 -5 6
3 21 7 0 1 -1 4 -5 6 -23
7 0 -1 4 6 -23

We get gcd(161, 28) = 7, s = -1 and t = 6. The answers are tested as:


(-1)*161 + 6*28 = 7

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Introduction to Galois Field


Fields
• A field, denoted by 𝐹 = 𝐺, +,× , is a commutative ring in which the second
operation (i.e. multiplication) satisfies all properties defined for the first operation
(addition) except that the identity of the first operation has no inverse.

BITS Pilani, Pilani Campus


Fields - Example
• Given the set {0, 1, 2, 3, 4} with + and × operations under modulo 5.

Addition Multiplication
+ 0 1 2 3 4 × 0 1 2 3 4
0 0 1 2 3 4 0 0 0 0 0 0
1 1 2 3 4 0 1 0 1 2 3 4
2 2 3 4 0 1 2 0 2 4 1 3
3 3 4 0 1 2 3 0 3 1 4 2
4 4 0 1 2 3 4 0 4 3 2 1
Additive inverse Multiplicative inverse
𝑎 0 1 2 3 4 𝑎 0 1 2 3 4
−𝑎 0 4 3 2 1 𝑎−1 - 1 3 2 4

BITS Pilani, Pilani Campus


Finite Fields – Galois Fields

• Galois showed that for a field to be finite, the number of elements should be 𝑝𝑛 ,
where 𝑝 is a prime and 𝑛 is a positive integer.

• The finite fields are usually called Galois fields and denoted as GF(𝑝𝑛 ).

BITS Pilani, Pilani Campus


GF(p) Fields

• When n = 1, we have GF(p) field.

• This field can be the set 𝑍𝑝 , {0, 1, 2, …, (p-1)}, with two arithmetic operations
(addition and multiplication).

• Recall fields, that in this set each element has an additive inverse and that non-zero
elements have a multiplicative inverse (no multiplicative inverse for 0).

BITS Pilani, Pilani Campus


GF(p) Fields - Example

• GF(2) with the set {0, 1} and two operations, addition and multiplication.

• In this case, the addition is equivalent to exclusive-OR (XOR) operation, and


multiplication is equivalent to logical AND operation.

BITS Pilani, Pilani Campus


Recall the example for fields
• Given the set {0, 1, 2, 3, 4} with + and × operations under modulo 5.

Addition Multiplication
+ 0 1 2 3 4 × 0 1 2 3 4
It’s a GF(5)
0 0 1 2 3 4 0 0 0 0 0 0
1 1 2 3 4 0 1 0 1 2 3 4
2 2 3 4 0 1 2 0 2 4 1 3
3 3 4 0 1 2 3 0 3 1 4 2
4 4 0 1 2 3 4 0 4 3 2 1
Additive inverse Multiplicative inverse
a 0 1 2 3 4 a 0 1 2 3 4
-a 0 4 3 2 1 𝑎−1 - 1 3 2 4

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 7)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Fields
• A field, denoted by 𝐹 = 𝐺, +,× , is a commutative ring in which the second
operation (i.e. multiplication) satisfies all properties defined for the first operation
(addition) except that the identity of the first operation has no inverse.

BITS Pilani, Pilani Campus


Finite Fields – Galois Fields

• Galois showed that for a field to be finite, the number of elements


should be 𝑝𝑛 , where 𝑝 is a prime and 𝑛 is a positive integer.

• The finite fields are usually called Galois fields and denoted as
GF(𝑝𝑛 ).

BITS Pilani, Pilani Campus


GF(p) Fields

• When n = 1, we have GF(p) field.

• This field can be the set 𝑍𝑝 , {0, 1, 2, …, (p-1)}, with two arithmetic
operations (addition and multiplication).

BITS Pilani, Pilani Campus


Recall the example for fields
• Given the set {0, 1, 2, 3, 4} with + and × operations under modulo 5.

Addition Multiplication
+ 0 1 2 3 4 × 0 1 2 3 4
It’s a GF(5)
0 0 1 2 3 4 0 0 0 0 0 0
1 1 2 3 4 0 1 0 1 2 3 4
2 2 3 4 0 1 2 0 2 4 1 3
3 3 4 0 1 2 3 0 3 1 4 2
4 4 0 1 2 3 4 0 4 3 2 1
Additive inverse Multiplicative inverse
a 0 1 2 3 4 a 0 1 2 3 4
-a 0 4 3 2 1 𝑎−1 - 1 3 2 4

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Polynomial Arithmetic
Polynomial Arithmetic

• What is a polynomial?

• A polynomial is an expression consisting of variables and


coefficients.

• Example: 𝒙𝟑 + 𝟐𝒙𝟐 − 𝟓𝒙 + 𝟗
(polynomial with a single variable 𝑥)

– The permissible operations are addition, subtraction, multiplication,


and positive integers as exponentiation of variables.
BITS Pilani, Pilani Campus
Polynomial Arithmetic

• Three classes of polynomial arithmetic:

1. Ordinary polynomial arithmetic, using basic rules of algebra.

2. Polynomial arithmetic in which the arithmetic on the coefficients is


performed modulo p; that is, the coefficients are in GF(p).

3. Polynomial arithmetic in which the coefficients are in GF(p), and


the polynomials are defined modulo a polynomial m(x) whose
highest power is some integer n.
BITS Pilani, Pilani Campus
Ordinary Polynomial Arithmetic

Given two polynomials f(x) and g(x):

The addition and subtraction operations are performed by adding or subtracting


corresponding coefficients of f(x) and g(x).

BITS Pilani, Pilani Campus


Ordinary Polynomial Arithmetic

• Addition and Subtraction

BITS Pilani, Pilani Campus


Ordinary Polynomial Arithmetic

• Multiplication

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)

• Polynomial over the field F

• Polynomials in which the coefficients are elements of some


field F.

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)
• Addition and subtraction of polynomial arithmetic over GF(2).
• 𝑓 𝑥 = 𝑥 7 +𝑥 5 +𝑥 4 + 𝑥 3 + 𝑥 + 1 and 𝑔 𝑥 = 𝑥 3 + 𝑥 + 1.

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)
• Multiplication of polynomial arithmetic over GF(2).

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)
• Partial division on polynomials over a field

• Division is not exact over the set of integers.

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)
• Polynomial division over a coefficient set

• Given polynomials 𝑓 𝑥 of degree 𝑛 and 𝑔 𝑥 of degree 𝑚, 𝑛 ≥ 𝑚, if we divide 𝑓 𝑥


by 𝑔 𝑥 , we get a quotient 𝑞 𝑥 and a remainder 𝑟 𝑥 that obey the relationship -

𝑓 𝑥 = 𝑞 𝑥 × 𝑔 𝑥 + 𝑟(𝑥)

with polynomial degrees:


Degree 𝑞 𝑥 = 𝑛 − 𝑚
Degree 𝑟 𝑥 = 𝑚 − 1

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)
• Polynomial division over a coefficient set

𝑓 𝑥 = 𝑥 3 +𝑥 2 +2
𝑔 𝑥 = 𝑥2 − 𝑥 + 1

𝑞 𝑥 =𝑥+2
𝑟 𝑥 =𝑥

BITS Pilani, Pilani Campus


Polynomial Arithmetic with Coefficients
in 𝒁(𝒑)
• Irreducible or Prime Polynomial
• A polynomial 𝑓 𝑥 over a field 𝐹 is called irreducible if and only if 𝑓 𝑥 cannot be
expressed as a product of two polynomials, both over 𝐹, and both of degree lower
than 𝑓 𝑥 .

whereas, the polynomial 𝑓 𝑥 = 𝑥 3 + 𝑥 + 1 is irreducible.

Neither 𝑥 nor 𝑥 + 1 divides 𝑓 𝑥 .

BITS Pilani, Pilani Campus


Polynomial Arithmetic with finite fields of
the form GF(𝟐𝒏)
• We are looking for a set consisting of 2𝑛 elements, together with
the definition of addition and multiplication over the set that define a
field.

• We will not use modular arithmetic as it doesn’t result a field.

• Instead, we use the polynomial arithmetic which provides a way for


constructing the desired field.

BITS Pilani, Pilani Campus


Polynomial Arithmetic with finite fields of
the form GF(𝟐𝒏)
• Arithmetic operations follow ordinary rules of polynomial arithmetic using the basic
rules of algebra, with the following two refinements:

• Arithmetic on the coefficients is performed modulo 𝑝.

• If multiplication results in a polynomial of degree greater than 𝑛 − 1,


then the polynomial is reduced modulo some irreducible polynomial
𝑚(𝑥) of degree 𝑛.

That is, we divide by 𝑚(𝑥) and keep the remainder.


BITS Pilani, Pilani Campus
Polynomial Arithmetic with finite fields of
the form GF(𝟐𝒏)

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Block Cipher
Block Cipher

Block cipher is an encryption/ decryption


scheme in which a block of plaintext is treated
as a whole and used to produce a ciphertext
block of equal length.

BITS Pilani, Pilani Campus


Block Cipher Properties
• A block cipher operates on a plaintext block of n bits to produce
a ciphertext block of n bits.

• There are 2^n possible different plaintext blocks and, for the encryption to be
reversible, each block must produce a unique ciphertext block.

• Such a transformation is called reversible, or non-singular.

BITS Pilani, Pilani Campus


Block Cipher
- General substitution cipher for n = 4

BITS Pilani, Pilani Campus


Fiestel Cipher

Product Cipher

• Execution of two or more simple ciphers in sequence in such a way that the final
result or product is cryptographically stronger than any of the component
ciphers.

BITS Pilani, Pilani Campus


Fiestel Cipher
- Encryption Structure Input (Plaintext)

LE0 RE0
• The plaintext is divided into two equal halves LEi and REi. E stands
F K1
for Encryption., L stands for left and R stands for right. Initially i = 0.
• A subkey Ki+1 is derived from the key K. So, initially the derived key 
is K1. LE1 RE1

• A function F is defined which takes subkey Ki+1 and right half REi of F K2
the data as inputs.

• The output of the function F is XORed with the left half of the data
(LEi) and made the new right half (REi+1). LE2 RE2

• Right half (REi) of the previous round makes the left half for the next K16
round (LEi+1).
LE16 RE16
• The iteration is repeated 16 times and the left and right halves are
swapped.
LE17 RE17
• The final output is the ciphertext. Output (Ciphertext)

BITS Pilani, Pilani Campus


Fiestel Cipher
- Decryption Structure Output (Plaintext)

LD0 RD0

• The same steps are used for decryption. (D stands LD1 RD1
for Decryption). K1

• In all steps, substitution is performed on the left half LD15 RD15

XORing it with the output of function F and then



permutation is performed by swapping the right and
left halves. F K15

LD16 RD16
• Confusion and Diffusion is induced through multiple
iterations.

F K16

LE17 RE17
Input (Ciphertext)

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 8)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Review - Block Cipher

Block cipher is an encryption/ decryption


scheme in which a block of plaintext is treated
as a whole and used to produce a ciphertext
block of equal length.

BITS Pilani, Pilani Campus


Review - Block Cipher Properties
• A block cipher operates on a plaintext block of n bits to produce
a ciphertext block of n bits.

• There are 2^n possible different plaintext blocks and, for the encryption to be
reversible, each block must produce a unique ciphertext block.

• Such a transformation is called reversible, or non-singular.

BITS Pilani, Pilani Campus


Review - Fiestel Cipher
- Encryption Structure Input (Plaintext)

LE0 RE0
• The plaintext is divided into two equal halves LEi and REi. E stands
for Encryption., L stands for left and R stands for right. Initially i = 0. F K1

• A subkey Ki+1 is derived from the key K. So, initially the derived key 
is K1. LE1 RE1
• A function F is defined which takes subkey Ki+1 and right half REi of F K2
the data as inputs.

• The output of the function F is XORed with the left half of the data
(LEi) and made the new right half (REi+1). LE2 RE2

• Right half (REi) of the previous round makes the left half for the next K16
round (LEi+1).
LE16 RE16
• The iteration is repeated 16 times and the left and right halves are
swapped.
LE17 RE17
• The final output is the ciphertext. Output (Ciphertext)

BITS Pilani, Pilani Campus


Review - Fiestel Cipher
- Decryption Structure Output (Plaintext)

LD0 RD0

• The same steps are used for decryption. (D stands LD1 RD1
for Decryption). K1

• In all steps, substitution is performed on the left half LD15 RD15

XORing it with the output of function F and then



permutation is performed by swapping the right and
left halves. F K15

LD16 RD16
• Confusion and Diffusion are induced through multiple
iterations.

F K16

LE17 RE17
Input (Ciphertext)

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

AES Algorithm
Confusion and Diffusion
• Diffusion means each plaintext letter affect the value of many
cipher text letters. For example, a plaintext letter ‘B’ need not be
ciphertext letter ‘E’ all the time. It could be something else also.
• Confusion means the statistical relationship between the rule to
encrypt and the ciphertext produced should be as complex as
possible.

BITS Pilani, Pilani Campus


AES Algorithm - Preliminaries

• The arithmetic operations of addition and multiplication are performed over


GF(28 ).

• Addition of two bytes is defined as the bitwise XOR operation.

• Multiplication of two bytes is defined as multiplication in the finite field GF(28 ),


with the irreducible polynomial 𝑥 8 + 𝑥 4 + 𝑥 3 + 𝑥 + 1.

BITS Pilani, Pilani Campus


AES Algorithm

• Input size is 128-bits

Each element is of 1 byte (8-bits)

4×4

A column represents 1 word (4 bytes/ 32-bits)

BITS Pilani, Pilani Campus


AES Algorithm
– Broad view
Input key
Plaintext (16 bytes)

Initial transformation Round 0 key (16 bytes)

Round 1 Round 1 key (16 bytes)


4 transformations

Key Expansion
Round 2 Round 2 key (16 bytes)
4 transformations

Round N Round N key (16 bytes)


3 transformations

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization
1. Key size expansion to 44 sub-keys

W0 W1 W2 W3

W0 W1 W2 W3 W4 W5 W41 W42 W43

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization

Key size expansion to 44 sub-keys

W0 W1 W2 W3 W4 W5 W41 W42 W43

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization
Function g for byte number with multiple of 4:

Left shift by 1

Substitution box

Round constant

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization
Substitution box B1 B2 B3 B4

0000 0011
row column

0111 1011
(Substituted
values for B1)

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization
Round constant
• The round constant is a word, consisting of 4 bytes.
• The value of the constant depends on the round number.
• The last three bytes of a constant word always contain 0.

The values of RC[j] in hexadecimal are

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization
The values of RC[j] in hexadecimal are
𝑥8 + 𝑥4 + 𝑥3 + 𝑥 + 1

RC 1 = 𝑥 1−1 = 𝑥 0 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 1 → 00000001 → (01)16


RC 2 = 𝑥 2−1 = 𝑥 1 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 → 00000010 → (02)16
RC 3 = 𝑥 3−1 = 𝑥 2 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 2 → 00000100 → (04)16
RC 4 = 𝑥 4−1 = 𝑥 3 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 3 → 00001000 → (08)16
RC 5 = 𝑥 5−1 = 𝑥 4 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 4 → 00010000 → (10)16
RC 6 = 𝑥 6−1 = 𝑥 5 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 5 → 00100000 → (20)16
RC 7 = 𝑥 7−1 = 𝑥 6 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 6 → 01000000 → (40)16
RC 8 = 𝑥 8−1 = 𝑥 7 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 7 → 10000000 → (80)16
RC 9 = 𝑥 9−1 = 𝑥 8 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 4 + 𝑥 3 + 𝑥 + 1 → 00011011 → (1𝐵)16
RC 10 = 𝑥 10−1 = 𝑥 9 𝑚𝑜𝑑 𝑝𝑟𝑖𝑚𝑒 = 𝑥 5 + 𝑥 4 + 𝑥 2 + 𝑥 → 00110110 → (36)16
BITS Pilani, Pilani Campus
AES Algorithm
– Recalling broad view
Input key
Plaintext (16 bytes)

Initial transformation Round 0 key (16 bytes)

Round 1 Round 1 key (16 bytes)


4 transformations

Key Expansion
Round 2 Round 2 key (16 bytes)
4 transformations

Round N Round N key (16 bytes)


3 transformations

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization
One time initialization of 16-byte plaintext block (called as State)
• The 16-byte plaintext block is copied into a two-dimensional 4*4 array called
as state.
• The order of copying is the column order.

BITS Pilani, Pilani Campus


AES Algorithm
- One-time initialization

XOR the State with the key block


• The first 16 bytes (i.e. four words W[0], W[1], W[2], and W[3]) of the
expanded key are XORed with the 16-byte State array (B1 to B16).

XOR Round 1

W0 W1 W2 W3

State array First 16 bytes of expanded key

• At this stage, the initialization is complete and we are ready for rounds.

BITS Pilani, Pilani Campus


AES Algorithm
- Round Transformations
𝐾0
Round Transformations –
1. Substitute bytes
2. Shift rows
3. Mix columns 𝐾1
4. Add round key

𝐾9

𝐾10

BITS Pilani, Pilani Campus


AES Algorithm
- Round Transformations
Substitution bytes
• A simple table lookup in a matrix.
• AES defines a matrix of byte values, called as S-box, that contains a permutation
of all possible 256 8-bit values.

BITS Pilani, Pilani Campus


AES Algorithm
- Round Transformations
Substitution box

0000 0011
row column

0111 1011

BITS Pilani, Pilani Campus


AES Algorithm
- Round Transformations
Shift rows
• Operates on each row individually.
• The first row of the State array remains same.
• For the second row, a 1-byte circular left shift is performed.
• For the third row, a 2-byte circular left shift is performed.
• For the fourth row, a 3-byte circular left shift is performed.

BITS Pilani, Pilani Campus


AES Algorithm
- Round Transformations
Mix columns
• Operates on each column individually.
• Each byte of a column is mapped into a new value that is a function of all four
bytes in that column.
• The transformation is defined by the following matrix multiplication.

2 3 1 1 b1 b5 b9 b31
1 2 3 1 b2 b6 b10 b14
1 1 2 3
× b3 b7 b11 b15
3 1 1 2 b4 b8 b12 b16

𝑏1 = 𝑏1 ∗ 2 XOR 𝑏2 ∗ 3 XOR 𝑏3 ∗ 1 XOR 𝑏4 ∗ 1


BITS Pilani, Pilani Campus
AES Algorithm
- Round Transformations
Add round key - XOR the State with the Key Block
• Finally, XOR the round key with the state array.

b1 b5 b9 b31
b2 b6 b10 b14
XOR
b3 b7 b11 b15
b4 b8 b12 b16

State array Round key 𝐾𝑡

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 9)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
BITS Pilani
Pilani Campus

Modes of Operation
Modes of operation

• If the amount of plaintext to be encrypted is greater than b bits, then


the block cipher can still be used by breaking the plaintext into b-bit
blocks.

• To apply a block cipher in a variety of applications, five modes of


operation have been defined by NIST.

BITS Pilani, Pilani Campus


Modes of operation
Electronic Code Book (ECB) - Encryption
• Plaintext is handled one block at a time and each block of plaintext is encrypted
using the same key.

BITS Pilani, Pilani Campus


Modes of operation
Electronic Code Book (ECB) - Decryption
• Reverse process of encryption.

BITS Pilani, Pilani Campus


Modes of operation
Cipher Block Chaining (CBC) - Encryption

BITS Pilani, Pilani Campus


Modes of operation
Cipher Block Chaining (CBC) - Decryption

BITS Pilani, Pilani Campus


Modes of operation
Cipher Feedback (CFB) - Encryption

BITS Pilani, Pilani Campus


Modes of operation
Cipher Feedback (CFB) - Decryption

BITS Pilani, Pilani Campus


Modes of operation
Output Feedback (OFB) - Encryption
• Similar to CFB, except that the input to the encryption algorithm is the preceding
encryption output, and full blocks are used.

BITS Pilani, Pilani Campus


Modes of operation

Counter (CTR) Mode - Encryption

BITS Pilani, Pilani Campus


Modes of operation

Counter (CTR) Mode - Decryption

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Hash Functions
Hash Functions
• Hash functions are used to detect changes to the message, i.e., data integrity.

• A hash function H accepts a variable-length block of data M as input and


produces a fixed-size hash value h = H(M).

• A change to any bit or bits in the underlying message, M, results, in a change to


the hash code, h.

• The kind of hash function needed for security applications is referred to as a


cryptographic hash function.

BITS Pilani, Pilani Campus


Hash Functions

• Requirements of a cryptographic hash function:

• Computationally infeasible to find data mapping of hash (one-way


property).

• Computationally infeasible to find two different data segments that


produce the same hash (collision-free property).

BITS Pilani, Pilani Campus


Secure Hash Algorithm (SHA)
• SHA was originally designed by NIST & NSA in 1993.
• Revised in 1995 as SHA-1.
• SHA-1 produces a hash value of 160 bits.
• In 2005, a research team described an attack in which two separate messages
could be found that deliver the same SHA-1 hash using 2^69 operations.
• This result hastened the transition to newer, longer versions of SHA.

BITS Pilani, Pilani Campus


SHA Versions

BITS Pilani, Pilani Campus


SHA - 512

BITS Pilani, Pilani Campus


SHA – 512
Methodology

1. Append padding bits: The message is padded so that its length is congruent
to 896 modulo 1024 [length ≡ 896 modulo 1024].

• Padding is always added, even if the message is already of the desired


length.

2. Append length: A block of 128 bits (containing length of the original message)
is appended to the message.

• The outcome of the first two steps yield a message that is an integer multiple
of 1024 bits in length.

BITS Pilani, Pilani Campus


SHA – 512
Methodology

3. Initialize hash buffer (H): A 512-bit buffer, organized as eight 64-bit registers
(a, b, c, d, e, f, g, h), is used to hold intermediate and final results.
• These registers are initialized with the following 64-bit integers (hexadecimal
values):

BITS Pilani, Pilani Campus


SHA – 512
Methodology
4. Process message rounds:

Additive
Derived from the Constant 𝐾𝑡 .
current 1024-bit block Derived from
being processed. first 80 prime
numbers.

The output of the eightieth


round is added to the input to
the first round.

BITS Pilani, Pilani Campus


SHA - 512
Process in each round
Each round is defined by the following set of equations:

BITS Pilani, Pilani Campus


SHA - 512
Mapping from plaintext message to W
First 16 values of 𝑊𝑡 are taken directly from 16 words of the current 1024-bit
block. The remaining values are derived in a modified manner.

BITS Pilani, Pilani Campus


SHA – 3
NIST Competition
• NIST announced in 2007 a competition to produce next generation NIST hash
function, to be called SHA-3.
• The basic requirements that must be satisfied by any candidate for SHA-3 are
the following:
1. It must be possible to replace SHA-2 with SHA-3 in any application by a simple drop-in substitution.
Therefore, SHA-3 must support hash value lengths of 224, 256, 384, and 512 bits.

2. SHA-3 must preserve the nature of SHA-2. That is, the algorithm must process comparatively small
blocks (512 or 1024 bits) at a time instead of requiring that the entire message be buffered in
memory before processing it.

• Beyond these basic requirements, NIST has defined a set of evaluation


criteria.
Details about NIST Project: https://csrc.nist.gov/projects/hash-functions/sha-3-project

BITS Pilani, Pilani Campus


Message Authentication Code (MAC)

• MAC assures data integrity and that the identity of the sender is valid.

• This technique assumes that two communicating parties, say A and B, share a
secret key. When A has a message to send to B, it calculates the MAC as a
function of the message and the key.

• A MAC function is similar to encryption. One difference is that the MAC


algorithm need not be reversible.

BITS Pilani, Pilani Campus


Uses of MAC

BITS Pilani, Pilani Campus


HMAC

Question: Can we use existing hash algorithms with a key?

Answer: Yes! Using Hash-based MAC.

• HMAC treats the message digest as a black box.

• Uses the key to encrypt the message digest, which ultimately produces the
output as MAC.

BITS Pilani, Pilani Campus


HMAC

• How HMAC works?

• A few variables to understand first.

▪ L Number of blocks in the message M


▪ B Size of each block (number of bits)
▪ ipad A string 00110110 repeated b/8 times
▪ opad A string 01011010 repeated b/8 times
▪ MD Message digest/ hash function used

BITS Pilani, Pilani Campus


HMAC

• How HMAC works?

• Step 1: Make the length of key equal to b


• Three possibilities:

BITS Pilani, Pilani Campus


HMAC

• How HMAC works?

• Step 2: XOR key with ipad to produce S1

• Step 3: Append M to S1

BITS Pilani, Pilani Campus


HMAC

• How HMAC works?

• Step 4: Message digest algorithm Step 5: XOR key with opad to produce S2

BITS Pilani, Pilani Campus


HMAC

• How HMAC works?

• Step 6: Append H to S2 Step 7: Message digest algorithm

BITS Pilani, Pilani Campus


HMAC

• Complete Picture

BITS Pilani, Pilani Campus


MAC based on Block Ciphers

• Two MACs that are based on the use of a block cipher mode of operation.

1. Data Authentication Algorithm (DAA)


2. Cipher-Based Message Authentication Code (CMAC)

BITS Pilani, Pilani Campus


MAC based on Block Ciphers

Data Authentication Algorithm (DAA)

The DAC consists of


either the entire block or
the leftmost bits (16 to
64 bits) of the block.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 10)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
MAC based on Block Ciphers

• Two MACs that are based on the use of a block cipher mode of operation.

1. Data Authentication Algorithm (DAA)


2. Cipher-Based Message Authentication Code (CMAC)

BITS Pilani, Pilani Campus


MAC based on Block Ciphers

Cipher-based Message Authentication Code (CMAC)

• Refinement adopted by NIST for use with AES and triple DES. It is specified
in NIST Special Publication 800-38B.
• Two cases:
– When the message is a multiple of cipher length block.
– When the message is not a multiple of cipher length block.

BITS Pilani, Pilani Campus


MAC based on Block Ciphers

Cipher-based Message Authentication Code (CMAC)

BITS Pilani, Pilani Campus


MAC based on Block Ciphers

Cipher-based Message Authentication Code (CMAC)

BITS Pilani, Pilani Campus


MAC based on Block Ciphers

Cipher-based Message Authentication Code (CMAC)

• Key-generator for last step


– The key used in the last step is derived from encryption algorithm with
plaintext of m 0-bits using the cipher key K.
– The result is then multiplied by 𝑥 if no padding is applied, otherwise
multiplied with 𝑥 2 in case of padding.
– The multiplication is performed in GF(2𝑛 )

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Asymmetric Key Cryptography


Asymmetric Key Cryptography

To send a message, the sender first encrypts the message using


receiver’s public key.

To decrypt the message, the receiver uses its own private key.

Receiver’s Receiver’s
public key private key

BITS Pilani, Pilani Campus


Asymmetric Key Cryptography
Encryption using public key

BITS Pilani, Pilani Campus


Fermat’s Theorem
• If 𝑝 is a prime number and 𝑎 is a positive integer not divisible by 𝑝 then:

𝑎𝑝−1 ≡ 1 (𝑚𝑜𝑑 𝑝) --- First version


𝑎𝑝 ≡ 𝑎 (𝑚𝑜𝑑 𝑝) --- Second version

Example:
1. Let 𝑎 = 6, and 𝑝 = 11, → 610 𝑚𝑜𝑑 11 = 1
2. Let 𝑎 = 6, and 𝑝 = 11, → 611 𝑚𝑜𝑑 11 = 6
BITS Pilani, Pilani Campus
Euler’s Theorem
• Euler’s Totient
• Gives the number of positive integers less than 𝑛 and relatively prime to 𝑛.

It implies that ∅ 𝑝 = 𝑝 − 1.

BITS Pilani, Pilani Campus


Euler’s Theorem
• Suppose that we have two prime numbers 𝑝 and 𝑞, with 𝑝 ≠ 𝑞, we can show that
for 𝑛 = 𝑝𝑞,

∅ 𝑛 = ∅ 𝑝𝑞 = ∅ 𝑝 × ∅ 𝑞 = (𝑝 − 1) × (𝑞 − 1)

• Euler’s theorem sates that for every 𝑎 and 𝑛 that are relatively prime:

𝒂∅(𝒏) ≡ 𝟏 (𝒎𝒐𝒅 𝒏)
Let 𝑝 = 3 and 𝑝 = 5, 𝑛 = 𝑝𝑞 = 15
∅ 𝑛 = 𝑝−1 𝑞−1 =2×4=8
For 𝑎 = 14, 148 ≡ 1 (𝑚𝑜𝑑 𝑛)

BITS Pilani, Pilani Campus


Primitive roots
A primitive root of a prime number 𝑝 is the one whose powers modulo 𝑝 generate
all integers from 1 to 𝑝 − 1.
For example, primitive roots of 𝑝 = 11 are 2, 6 , 7 and 8
a a2 a3 a4 a5 a6 a7 a8 a9 a10
1 1 1 1 1 1 1 1 1 1
2 4 8 5 10 9 7 3 6 1
3 9 5 4 1 3 9 5 4 1
4 5 9 3 1 4 5 9 3 1
5 3 4 9 1 5 3 4 9 1
6 3 7 9 10 5 8 4 2 1
7 5 2 3 10 4 6 9 8 1
8 9 6 4 10 3 2 5 7 1
9 4 3 5 1 9 4 3 5 1
10 1 10 1 10 1 10 1 10 1
BITS Pilani, Pilani Campus
RSA Scheme

• RSA is considered as the most widely accepted and implemented


general-purpose approach to public-key encryption.
• It’s a block cipher in which the plaintext and cipher text are integers
between 0 and 𝑛 − 1 for some 𝑛.
• It uses the Euler’s Totient Function and Euler’s Theorem.

BITS Pilani, Pilani Campus


RSA - Methodology
1. Select two distinct prime numbers 𝑝 and 𝑞
2. Calculate 𝑛 = 𝑝 × 𝑞
3. Calculate ∅ 𝑛 = (𝑝 − 1)(𝑞 − 1)
4. Select an integer 𝑒 (relatively prime to ∅ 𝑛 ) i.e. gcd ∅ 𝑛 , 𝑒 = 1
5. Calculate 𝑑 such that 𝑑 ≡ 𝑒 −1 𝑚𝑜𝑑 ∅ 𝑛 or 𝑑𝑒 ≡ 1 𝑚𝑜𝑑 ∅ 𝑛
6. Public Key (𝑃𝑢 ) = {e, 𝑛}
7. Private Key (𝑃𝑅 ) = {d, 𝑛}
8. For encryption, the cipher text is computed as 𝐶 = 𝑃𝑒 𝑚𝑜𝑑 𝑛
9. For decryption, the plaintext is computed as 𝑃 = 𝐶 𝑑 𝑚𝑜𝑑 𝑛
BITS Pilani, Pilani Campus
RSA - Example
• Let 𝑝 = 17 and 𝑞 = 11 be the two distinct prime numbers.
• 𝑛 = 𝑝 x 𝑞 = 187
• ∅ 𝑛 = (17 − 1)(11 − 1) = 160
• Select 𝑒 such that e is relatively prime to ∅ 𝑛 = 160 and less than ∅ 𝑛 .
Let 𝑒 = 7.
• Determine 𝑑 such that 𝑑𝑒 ≡ 1 (mod 160) and d < 160.
• The correct value is 𝑑 = 23, as 23 × 7 = 161 = (1 × 160) + 1

• Public key: {7, 187}


• Private key: {23, 187}
BITS Pilani, Pilani Campus
RSA - Methodology
• Encryption:
• Public key: {7, 187}
• Let plaintext data m = 88 • Private key: {23, 187}
• Encrypt m as: 𝐶 = 887 𝑚𝑜𝑑 187 = 11

• Decryption:
• Given the ciphertext 𝐶 = 11
• Decrypt 𝐶 as: 𝑚 = 1123 𝑚𝑜𝑑 187 = 88

BITS Pilani, Pilani Campus


RSA – Security issues

• No devastating attacks on RSA have been discovered yet.

• Several attacks have been predicted based on weak plaintext, weak


parameter selection, or inappropriate implementation.

BITS Pilani, Pilani Campus


RSA – Security issues
- Factorization attack

• If the modulus is small, an attacker can factor it to obtain p and q.


Once p and q are obtained, all possible keys can be derived.

• RSA is secure as long as an efficient algorithm for factorization has


not been found.

BITS Pilani, Pilani Campus


RSA – Security issues
- Chosen Ciphertext attack

• This potential attack is based on the multiplicative property of RSA.

• Assume an entity, D, that decrypts an arbitrary ciphertext for the


attacker instead of the actual encrypted texts.

• In this case, the attacker can intercept the ciphertext C, multiply it


with its own randomly chosen encrypted text X and ask entity D for
the decryption.

BITS Pilani, Pilani Campus


RSA – Security issues
- Broadcast attack

Chinese Remainder Theorem


• Given a secret number 100 and three different modulus 19, 29, and 31.

r1 = 100 mod 19 = 5
r2 = 100 mod 29 = 13
r3 = 100 mod 31 = 7

BITS Pilani, Pilani Campus


RSA – Security issues
- Broadcast attack

Chinese Remainder Theorem


• For reconstruction, gather the secret shares (5,13,7) and compute M = m1×m2×m3
(M = 19×29×31 = 17081).

• Solving the system of congruence gives the value as follows –

• M1 = m2×m3 = 29×31 = 899 -> (899 × S1) mod 19 = 1


• M2 = m1×m3 = 19×31 = 589 -> (589 × S2) mod 29 = 1
• M3 = m1×m2 = 19×29 = 551 -> (551 × S3) mod 31 = 1

BITS Pilani, Pilani Campus


RSA – Security issues
- Broadcast attack

Chinese Remainder Theorem


• Given (S1, S2, S3) = (16,13,22), compute secret value from shares as –

x = (M1S1r1 + M2S2r2 + M3S3r3) mod M


x = (899×16×5 + 589×13×13 + 551×22×7) mod 17081
x = 100 (secret value)

BITS Pilani, Pilani Campus


RSA – Security issues
- Broadcast attack

Broadcast attack
• This attack can be done if one entity sends the same message to a group of
recipients with the same low encryption exponent.

𝐶1 = 𝑃3 𝑚𝑜𝑑 𝑛1
𝐶2 = 𝑃3 𝑚𝑜𝑑 𝑛2
𝐶3 = 𝑃3 𝑚𝑜𝑑 𝑛3

• Applying Chinese remainder theorem, an equation of the form 𝐶 ′ =


𝑃3 𝑚𝑜𝑑 𝑛1 𝑛2 𝑛3 can be created to find that 𝑃3 < 𝑛1 𝑛2 𝑛3 . Thus, 𝐶 ′ = 𝑃1/3 .

BITS Pilani, Pilani Campus


RSA – Security issues
- Unconcealed message attack
• Given public and private key pairs as {3, 33} and {7, 33}.

• Computing cipher text 𝐶 for all possible values of m (0 to 32) we get


m 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
c 0 1 8 27 31 26 18 13 17 3 10 11 12 19 5 9 4
m 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
c 29 24 28 14 21 22 23 30 16 20 15 7 2 6 25 32

➢ Here, nine values of 𝑚 maps to the same value of 𝑐 - these are known as
unconcealed messages.

BITS Pilani, Pilani Campus


RSA – Security issues
- Short message attack

• If the underlying message is small, it can be compromised using


Brute-force attack.

• For example, if it is known that A is sending a four-digit number to B,


an attacker can easily try plaintext numbers from 0000 to 9999 to
find the plaintext.

• For this reason, short messages must be padded with random bits at
the front and end to thwart this type of attack.

BITS Pilani, Pilani Campus


RSA – OAEP

• OAEP - Optimal Asymmetric Encryption Padding

• Appending the plaintext with some padding bits for improved security.

• The randomness added by the encryption process needs to be kept


secret from attackers, and have at least b-bit entropy for b-bit
security.

• Padded_value = OAEP(plaintext, derived random value)

• Ciphertext = RSA(PublicKey, Padded_value)

BITS Pilani, Pilani Campus


RSA – OAEP
- Methodology
X =
(m + zeros of fixed length (k1)) ⊕ G(r)
r is a random number of length k0

Y = r ⊕ H(X), G and H are cryptographic


hash functions

Modified plaintext would be X || Y

Image source: https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 11)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Diffie - Hellman Key Exchange
• The purpose of this algorithm is to enable two users to securely exchange a key.

• The Diffie-Hellman algorithm depends on its effectiveness on the difficulty of


computing discrete logarithm.

BITS Pilani, Pilani Campus


Diffie - Hellman Key Exchange

Discrete Logarithm
For any integer 𝑏 and a primitive root 𝑎 of prime number 𝑝, we can find a unique
exponent 𝑖 such that

𝑏 ≡ 𝑎𝑖 𝑚𝑜𝑑 𝑝

The exponent 𝑖 is referred to as the discrete logarithm of 𝑏 for the base 𝑎, 𝑚𝑜𝑑 𝑝.

BITS Pilani, Pilani Campus


Diffie - Hellman Key Exchange
- Methodology
Suppose that users A and B wish to exchange a key.

1. Both agree on two publicly known numbers: a prime number 𝑝 and an integer 𝛼
that is a primitive root of 𝑝.
2. User A selects a random integer 𝑋𝐴 < 𝑝 and computes 𝑌𝐴 = 𝛼 𝑋𝐴 𝑚𝑜𝑑 𝑝.
3. Similarly, user B selects a random integer 𝑋𝐵 < 𝑝 and computes 𝑌𝐵 = 𝛼 𝑋𝐵 𝑚𝑜𝑑 𝑝.
4. Each side keeps the value 𝑋 private and makes the value 𝑌 available publicly to
the other side.
5. User A computes the key as 𝐾 = (𝑌𝐵 ) 𝑋𝐴 𝑚𝑜𝑑 𝑝
6. User B computes the key as 𝐾 = (𝑌𝐴 ) 𝑋𝐵 𝑚𝑜𝑑 𝑝
7. These calculation at steps 5 and 6 produces identical results, i.e., 𝐾.
BITS Pilani, Pilani Campus
Diffie - Hellman Key Exchange
- Example
1. Let us say 𝑝 = 23 and one of its primitive roots e = 7.
2. User A selects XA = 3 and calculates YA = eXA mod p = 73 mod 23 = 21.
3. User B selects XB = 6 and calculates YB = eXB mod p = 76 mod 23 = 4.
4. User A sends the number 21 to B.
5. User B sends the number 4 to A.
6. A calculates the shared secret as K = YBXA mod p = 43 mod 23 = 18.
7. B calculates the shared secret as K = YAXB mod p = 216 mod 23 = 18
8. Both and A and B calculates the same shared key (K) as 18.

BITS Pilani, Pilani Campus


Diffie - Hellman Key Exchange

Because 𝑋𝐴 and 𝑋𝐵 are private, an adversary only has the following ingredients to
work with: 𝑝, 𝛼, 𝑌𝐴, and 𝑌𝐵 .

Thus, the adversary is forced to take a discrete logarithm to determine the key.

BITS Pilani, Pilani Campus


Diffie - Hellman Key Exchange
- Man-In-The-Middle Attack
• Attacker intercepts YA from user A, A C B
calculates YC and shares it with both A
and B. Selects XA
Calculates YA
Shares YA
• The system end up having two sets of
shared keys – one between A and C Selects XC
and another between C and B. Shares YC
Calculates YC
Shares YC
• Attacker C is controlling the
communication, where users A and B Selects XB
Calculates YB
and are not aware of this attack. Shares YB

• It is also known as Bucket Brigade


KCA= YAXC mod p
Attack. KA = YCXA mod p
KCB= YBXC mod p
KB= YCXB mod p

• To avoid this attack, legitimate users


can use authentication techniques.
KA = KCA KB = KCB

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Key Distribution
Key Distribution

Key distribution refers to the means of delivering a key to two parties


with the help of a third party without allowing others to see the key.

Broadly, key distribution is divided into two parts:

1. Symmetric key distribution


2. Asymmetric (Public) key distribution

BITS Pilani, Pilani Campus


Symmetric Key Distribution

Important points to remember

For symmetric encryption to work, the two parties to an exchange


must share the same key, and that key must be protected from access
by others.

Frequent key changes are usually desirable to limit the amount of data
compromised if an attacker learns the key.

BITS Pilani, Pilani Campus


Symmetric Key Distribution
Generic solutions for key distribution
For two parties A and B, key distribution can be achieved in a number of ways, as
follows:

1. A can select a key and physically deliver it to B.

2. A third party can select the key and physically deliver it to A and B.

3. If A and B have previously and recently used a key, one party can transmit
the new key to the other, encrypted using the old key.

4. If A and B each has an encrypted connection to third party C, C can deliver


a key on the encrypted links to A and B.

BITS Pilani, Pilani Campus


Key Distribution Center (KDC)
The use of a key distribution center is based on the use of a hierarchy of keys.
At minimum, two levels of keys are used.
Communication between end systems is encrypted using a temporary key, often
referred to as a session key.

BITS Pilani, Pilani Campus


Key Distribution Center (KDC)
Master key
• Used for encrypting session key.
• Shared between KDC and end user.
• Can be shared using some non-cryptographic ways (e.g. physical delivery).

Session key
• Used for a certain duration and then discarded.
• Each session key is obtained from the KDC over the same networking facilities
used for end-user communication.

BITS Pilani, Pilani Campus


Key Distribution Scenario
Assumptions:
1. The scenario assumes that each user shares a unique master key with the
key distribution center (KDC).
2. Let us assume that user A wishes to establish a logical connection with user B
and requires a one-time session key to protect the data transmitted over the
connection.
3. A has a master key, 𝑲𝒂 , known only to itself and the KDC. Similarly, B shares
the master key 𝑲𝒃 with the KDC.

BITS Pilani, Pilani Campus


Key Distribution Scenario

BITS Pilani, Pilani Campus


Hierarchical KDC
• For very large networks, it is not practical to have a single KDC.
• Hierarchy of KDCs can be established.
• For example, there can be local KDCs, each responsible for a small domain of
the network, such as a single LAN or a single building.
• For communication among entities within the same local domain, the local
KDC is responsible for key distribution.
• If two entities in different domains desire a shared key, then the corresponding
local KDCs can communicate through a global KDC.

BITS Pilani, Pilani Campus


Symmetric Key Distribution
Using Asymmetric Encryption

If A wishes to communicate with B, the following procedure is employed:

BITS Pilani, Pilani Campus


Symmetric Key Distribution
using Asymmetric Encryption
Simple Secret Key Distribution - Problem

A and B can now securely communicate using conventional encryption and the
session key 𝐾𝑠 .

But the protocol is insecure against an adversary who can intercept messages
and then either relay the intercepted message or substitute another message
(Man-in-the-middle attack).
BITS Pilani, Pilani Campus
Symmetric Key Distribution
using Asymmetric Encryption
Secret Key Distribution with Confidentiality and Authentication
It is assumed that A and B have already exchanged their public keys.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Asymmetric Key Distribution


Distribution of Public Keys
Asymmetric Keys
Several techniques have been proposed for the distribution of public keys.

General schemes -
1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates

BITS Pilani, Pilani Campus


Distribution of Public Keys
(Asymmetric Keys)
Public Announcement

Any participant can send his/her Public Key (PU) to any other participant or
broadcast the key to the community at large.
PUAlice

PUAlice

Alice’s Public Key


PUAlice

Drawback: Anyone can forge such a public announcement. E.g. some user could
pretend to be user A and broadcast such a public key. Until the time user A
discovers the forgery and alerts other participants, the forger is able to read all
encrypted messages intended for A.
BITS Pilani, Pilani Campus
Distribution of Public Keys
(Asymmetric Keys)
Publicly Available Directory
1. A trusted organization or authority maintains a directory with a {Name, Public Key} entry for
each participant.
2. Each participant registers a public key with the directory authority (either in person or by some
form of secure authenticated communication).
3. A participant may replace the existing key with a new one at any time.
4. Participants could also access the directory electronically. For this purpose, secure,
authenticated communication from the authority to the participant is mandatory.

5. Safer than public announcement but confidentiality and integrity of


the directory is crucial.

BITS Pilani, Pilani Campus


Distribution of Public Keys
Asymmetric Keys
Public Key Authority

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 12)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Distribution of Public Keys
Public Key Certificates
• Certificates can be used by participants to exchange keys without contacting a
public-key authority.
• It is as reliable as if the keys were obtained directly from a public-key authority.
• A certificate consists of a public key, an identifier of the key owner, and the
whole block signed by a trusted third party.
• A user can present his or her public key to the authority and obtain a certificate.
• The user can then publish the certificate. Anyone needing this user’s public key
can obtain the certificate and verify using the attached trusted signature.

BITS Pilani, Pilani Campus


Distribution of Public Keys
Public Key Certificates
❑ Requirements of Public-Key Certificate:

1. Any participant can read a certificate to determine the name and public key
of the certificate owner.
2. Any participant can verify that the certificate originated from the certificate
authority and is not counterfeit.
3. Only the certificate authority can create and update certificates.
4. Any participant can verify the currency (freshness) of the certificate.

BITS Pilani, Pilani Campus


Exchange of Public-Key Certificates
- Generic Scenario
• A applies to the Certificate Authority (CA), supplying its Certificate
public key (PUA) and requesting a certificate. Authority
A (CA) B
• The CA prepares a certificate CA for A which is PUA
encryption of the following using its private key (PRCA):
• Time stamp (TA)
CA = E (PRCA, [TA || IDA || PUA])
• ID of A (IDA) as known to CA.
• Public Key (PUA) supplied by A. PUB

• B also receives its certificate from CA in the same CB = E (PRCA, [TB || IDB || PUB])
manner.
• A and B now exchange their certificates directly without CA
CA.
• B decrypts the certificate of A using the public key of CB
CA and retrieves TA, IDA and PUA. In the same manner,
A also decrypts the certificate of B.
• If time stamp (T) is old the certificate must be
considered expired.
BITS Pilani, Pilani Campus
X.509 Certificate

• X.509 defines the certificate structure to be used for public key distribution.

• It is part of the ITU-T X.500 series that define a directory service.

• The information includes a mapping from user name to network address, as


well as other attributes and information about users.

• Each certificate contains the public key of a user and is signed with the private
key of a trusted certification authority.

BITS Pilani, Pilani Campus


Certificates

User’s ID
User’s PU
CA Information
Signed Certificate

Hash Code Hash Code

CA’s PR CA’s PU

Hash Code

Encrypt with CA’s private Decrypt signature with CA’s


key to form signature. public key to recover hash

CA Side Recipient Side

BITS Pilani, Pilani Campus


X.509 Certificate Structure
ITU-T X.509

Version
• Version: default is 1, if issuer and subject ids are
Certificate Serial Number
present then it is 2. With certain extensions it is 3.
Algorithm

Parameters
• Certificate Serial Number: A unique number
Issuer Name associated with the certificate.
Not Before
• Algorithms and Parameters: Algorithm used to
Not After sign the certificate. Redundant because last field
Subject Name also has it.
Algorithm
• Issuer Name: X.500 format name of the CA.
Public Key and Parameters
Issuer’s Unique Id • Duration of Validity: In terms of not before and
Subject’s Unique Id not after.
Extensions
Algorithm CA Sign • Subject Name: Name of the user who holds the
Encrypted Hash + Parameters All versions certificate.
BITS Pilani, Pilani Campus
X.509 Certificate Structure
ITU-T X.509

Version • Public Key, Algorithm and Parameters:


Certificate Serial Number Public key, algorithm where this key is to be
Algorithm used and parameters.
Parameters
• Issuer’s and Subject’s Unique Id: Unique
Issuer Name
identifiers if the same name exist for more than
Not Before
one CA and user.
Not After
Subject Name
• Extensions: Version-3 extensions.
Algorithm • Algorithm, Hash and Parameters: Signature
Public Key and Parameters information used to sign the certificate by CA.
Issuer’s Unique Id
Subject’s Unique Id
Extensions
Algorithm CA Sign
Encrypted Hash + Parameters All versions

BITS Pilani, Pilani Campus


X.509 Certificate Notion

BITS Pilani, Pilani Campus


Obtaining a user’s certificate
Multiple users

• If all users subscribe to the same CA, then there is a common trust of that CA.

• But, if there is a large community of users, it may not be practical for all users to
subscribe to the same CA.

• Because it is the CA that signs certificates, each participating user must have a
copy of the CA’s own public key to verify signatures.

• With many users, it may be more practical for there to be a number of CAs, each
of which securely provides its public key to some fraction of users.

BITS Pilani, Pilani Campus


Obtaining a user’s certificate
Multiple Users

• Suppose that A has obtained a certificate from certification authority X1 and B has
obtained a certificate from CA X2.

X2<<X1>> X1<<X2>>

X1 X2 X1 X2

A B A B

X1<<A>> X2<<B>> X1<<A>> X2<<B>>

BITS Pilani, Pilani Campus


Obtaining a user’s certificate
Multiple users

Procedure to obtain public keys a in multi CA environment:


1. A obtains from the directory the certificate of X2 signed by X1.
– Because A knows X1’s public key, A can obtain X2’s public key from its
certificate.

2. A then goes back to the directory and obtains the certificate of B signed by X2.
– Because A now has a trusted copy of X2’s public key, A can obtain B’s public
key.

Notions:
A to obtain B’s public key: X1 <<X2>> X2 <<B>>
B to obtain A’s public key: X2 <<X1>> X1 <<A>>
BITS Pilani, Pilani Campus
Obtaining a user’s certificate
Multiple users

• An arbitrarily long path of CAs can be followed to produce a chain. A chain with
N elements would be expressed as:
X1 <<X2>> X2 <<X3>> X3 <<X4>> …Xn<<B>>

• In this case, each pair of CAs in the chain must have created certificates for
each other.

• All these certificates of CAs by CAs need to appear in the directory, and the
user needs to know how they are linked to follow a path to another user’s public
key certificate.

BITS Pilani, Pilani Campus


Obtaining a user’s certificate
Multiple users

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Digital Signature
Digital Signature Standard

• Digital Signature Standard (DSS) was developed by NIST as the


Federal Information Processing Standard PUB 186 in 1991.

• The standard was further revised in 1993 and 1996.

• DSS makes use of an algorithm, called as Digital Signature Algorithm


(DSA).

BITS Pilani, Pilani Campus


DSA and Digital Signature
• The DSA algorithm makes use of the following variables:

• p = Prime number of length L bits. L is a multiple of 64 between 512 and 1024.


• q = A 160-bit prime factor of (p – 1).
• g = ℎ(𝑝−1)/𝑞 𝑚𝑜𝑑 𝑝, where h is less than (p – 1) s.t. ℎ(𝑝−1)/𝑞 𝑚𝑜𝑑 𝑝 > 1.
• x = A number less than q.
• y = 𝑔 𝑥 𝑚𝑜𝑑 𝑝
• H = Message Digest Algorithm
The first three variables p, q, and g are public in nature.
The private key is x, whereas the corresponding public key is y.
BITS Pilani, Pilani Campus
DSA and Digital Signature
• Steps:

1. The sender generates a random number k < q and calculates

• 𝑟 = 𝑔𝑘 𝑚𝑜𝑑 𝑝 𝑚𝑜𝑑 𝑞

• 𝑠 = 𝑘 −1 (𝐻 𝑚 + 𝑥𝑟 ) 𝑚𝑜𝑑 𝑞
• The values r and s are signatures of the sender that are transmitted to the
receiver.

BITS Pilani, Pilani Campus


DSA and Digital Signature
• Steps:

2. The receiver calculates:


• 𝑤 = 𝑠 −1 𝑚𝑜𝑑 𝑞
• 𝑢1 = 𝐻 𝑚 ∗ 𝑤 𝑚𝑜𝑑 𝑞
• 𝑢2 = 𝑟𝑤 𝑚𝑜𝑑 𝑞
• 𝑣 = ( 𝑔𝑢1 ∗ 𝑦 𝑢2 𝑚𝑜𝑑 𝑝) 𝑚𝑜𝑑 𝑞
• If v = r, the signature is verified. Otherwise it is rejected.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

User Authentication
User/Entity Authentication

• Entity authentication is a technique designed to let one party prove


the identity of another party.

• An entity can be a person, a process, a client, or a server.

• The entity whose identity needs to be proved is called the claimant.

• The party that tries to prove the identity of the claimant is called the
verifier.

BITS Pilani, Pilani Campus


Message Authentication vs. Entity
Authentication
• Message authentication might not happen in real-time; entity
authentication does.
• Example -
• Alice sends a message to Bob. When Bob authenticates the message, Alice
may or may not be present in the communication.
• When Alice requests entity authentication, Alice needs to be online and take
part in the process. Only after Alice is authenticated, the messages can be
communicated between them.

BITS Pilani, Pilani Campus


Verification Categories

• The claimant must verify itself to the verifier.

• Three categories –
• Something Known: A secret known only by the claimant that can be checked
by the verifier. E.g. password, PIN, secret key, etc.
• Something Possessed: Something possessed that can prove claimant’s
identity. E.g. passport, driver’s license, ID card, credit card, etc.
• Something Inherent: An inherent characteristic of the claimant. E.g.
conventional signatures, voice, facial characteristics, retinal pattern,
fingerprints, etc.

BITS Pilani, Pilani Campus


Password - Based Authentication

• Each user has its identification that is public and a password that is
private.

• Two categories –
• Fixed password Four approaches
• One-time password

Three approaches

BITS Pilani, Pilani Campus


Fixed Password
First Approach

• The system keeps a table that is sorted by user identification. When a password is
received, it is matched in the table.

• Possible attack – Accessing a password file in the system.

Second Approach
• To store the hash of the password in the password file.
• Any user can read the contents of the file, but, it is impossible to guess the value
of the password due to hash.
• Possible attack – Dictionary attack.
BITS Pilani, Pilani Campus
Fixed Password
Third Approach
• Third approach is about salting the password.
• A random string, called as salt, is concatenated to the password.
• The salted password is then hashed.

Fourth Approach
• Two identification techniques are combined.

• For example, using ATM card with a PIN.


• ATM card -> Something possessed
• PIN -> Something known
BITS Pilani, Pilani Campus
One-Time Password

First Approach
• The user and the system agree upon a list of passwords.
• Each password on the list can be used only once.

• Drawbacks -
• Need to keep a long list of passwords.
• If synchronization is missed, complexity would be more.

BITS Pilani, Pilani Campus


One-Time Password
Second Approach

• The user and the system agree to sequentially update the password.
• P1 can be used to generate P2, further P2 can be used to generate P3, and so on.

• Drawback - If P1 is guessed, all of the subsequent passwords can be revealed.

BITS Pilani, Pilani Campus


One-Time Password
Third Approach

• The user and the system create a sequentially updated password using a hash
function.
• The user and the system agree upon an original password, 𝑃0 , and a counter, n.
• The system calculates ℎ𝑛 (𝑃0 ), where ℎ𝑛 means applying a hash function n
times.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 13)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
Kerberos

Provides a centralized authentication server whose function is to


authenticate users to servers and servers to users.

BITS Pilani, Pilani Campus


Kerberos
Seeding Thoughts – Simple Model
AS
• The client (C) is looking for a service on the server (V). Client Server
(C) (V)
• The user logs into a machine and client module in that machine
IDC || PC || IDV
requests user’s password. Client enters the password (PC).
• Client module sends a message to the Authentication Server (AS) that E (KV, [IDC || ADC || IDV])
includes client id (IDC), password (PC) and the server’s ID (IDV).
• AS checks if password is valid and client C is permitted to access IDC || E (KV, [IDC || ADC || IDV])
services on V. If yes, AS provides a ticket to C. This ticket contains
client id (IDC), network address of the client (ADC) and the server’s ID
(IDV). All of this is encrypted with the shared key (KV) with the server V Observations!
and AS. ✓ User needs to get the ticket every
time, it needs to access the server.
• Client C can now apply to server V for the required service with its IDC May be ticket can be made reusable.
and the ticket.
✓ Different tickets for different servers.
• Server V can decrypt the ticket and compare the IDC (from the ticket ✓ Password is transmitted in plaintext
and message) before providing the service. in the first message. An attacker can
steal it easily.
BITS Pilani, Pilani Campus
Kerberos
Seeding Thoughts – More Secure Model
• Client (C) requests a ticket granting ticket from AS providing its IDC and Client(C) AS TGS Server
Ticket Granting Server’s (TGS) id (IDTGS). (V)
• AS responds to C with a ticket (TicketTGS) encrypted with a key KC . The key
is derived from the user password stored in AS. IDC || IDTGS
• When C receives this response, it prompts the user for the password to E (KC, TicketTGS)
decrypt the message and retrieve the ticket.
IDC || IDV || TicketTGS
• C requests TGS a ticket to access services from server V. The message
contains client IDC, server IDV, and the ticket received from AS (TicketTGS). TicketV
IDC || TicketV
• TGS can decrypt the TicketTGS and verify the following:
➢ Presence of its ID (IDTGS), Lifetime has not expired, and
• Server V can decrypt the message with KV
➢ Client ID (IDC) and Address (ADC) from the received message.
that is known only to the server and TGS and
• If client is permitted to use the server V, TGS grants a ticket (TicketV) to verify other parameters and take the decision
the client . to grant the service accordingly.
• The client requests server V for the service sending it a message with its • Timestamp (TS) and Lifetime tell the
IDC and TicketV. freshness of the tickets to avoid later replays.
TicketTGS = E (KTGS ,[IDC ||ADC || IDTGS || TS1 || Lifetime1])
TicketV = E (KV ,[IDC ||ADC || IDV || TS2 || Lifetime2])
BITS Pilani, Pilani Campus
Observations!
For More Secure Seeding Thoughts

✓ Client password is not transmitted in plaintext.

✓ TicketTGS can be decrypted only by the legitimate user because key


generation is password dependent on the client side.

✓ Tickets contain time stamps (TS1 and TS2) with lifetimes. So that
they cannot be replayed after their lifetime expired.

✓ Servers are not authenticating themselves to the client.


Masquerading could happen from the server side.

BITS Pilani, Pilani Campus


Kerberos Version-4
Authentication Dialogue

• The client (C) requests a ticket from AS providing its IDC, TGS Kerberos
id (IDTGS) and Timestamp (TS1). Client(C A TGS Server
) S (V)
• The AS responds with a message, encrypted with a key
derived from the user’s password (KC), that contains the
ticket. IDC || IDTGS || TS1

• The encrypted message also contains a copy of the session


E(KC, [KC,TGS || IDTGS || TS2 || Lifetime2 || TicketTGS])
key, KC,TGS. This is a session key for C and TGS.
• Only client can read this session key with TGS because the
message is encrypted with KC.
• The same session key is included in the ticket, which can be End of this authentication dialogue, the
read only by the TGS because ticket is encrypted with KTGS, a session key (KC, TGS) is securely available
key shared between AS and TGS. to C and can also be provided to TGS
through ticket.

TicketTGS = E (KTGS ,[KC, TGS ||IDC || ADC || IDTGS || TS2 || Lifetime2])


BITS Pilani, Pilani Campus
Kerberos Version-4
Service Granting Ticket
Kerberos
• The client (C) approaches TGS for a service granting ticket for
server V. The message contains server id (IDV), the ticket received Client(C A TGS Server
from AS (TicketTGS) and an AuthenticatorC. ) S (V)

• The Authenticator contains the ID and address of the client and a


timestamp (TS3) encrypted with KC,TGS. IDV || TicketTGS || AuthenticatorC

• TGS decrypts the ticket with the key (KTGS) and decrypts the
authenticator to verify the client (ID and address). E(KC,TGS [KC, V || IDV || TS4 || TicketV])

• If everything is fine, TGS responds with a message containing


server ID, time stamp and ticket for server. The message is
encrypted with a key shared by client and TGS (KC,TGS) and also
contains a key to be shared by client and sever (KC, V), so client can End of this service granting ticket
fetch the ticket for the server. dialogue, the client has the ticket for the
server and the session key which it can
TicketTGS = E (KTGS ,[KC, TGS ||IDC || ADC || IDTGS || TS2 || Lifetime2]) use with the server to exchange
messages securely.
AuthenticatorC = E (KC, TGS ,[IDC || ADC || TS3])

BITS Pilani, Pilani Campus


Kerberos Version-4
Client Server Authentication
Kerberos
• C now has a reusable ticket for server V. It approaches the server
Client(C) A TGS Server
with this ticket and its authenticator.
S (V)
• Server decrypts the ticket and fetches the session key (KC, V) and
decrypts the authenticator.
TicketV || AuthenticatorC
• Using authenticator, server verifies the credentials of the client.
• As a mutual authentication message, the server takes the time E(KC,V [TS5 +1])
stamp TS5 from the authenticator, adds 1 to it and sends it back to
the client encrypted with the session key. Service

• After verifying the value of the returned time stamp, client can obtain
the service from the server.
End of this client-server authentication
dialogue, the client and the server have
TicketV = E (KV ,[KC, V ||IDC || ADC || IDV || TS4 || Lifetime4]) authenticated each other and can
exchange service messages.
AuthenticatorC = E (KC, V [IDC || ADC || TS5])

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

E-Mail Security
E-Mail Security

With the explosively growing reliance on email, there grows a demand for
email authentication and confidentiality services.

Two schemes stand out as approaches that enjoy widespread use –

• Pretty Good Privacy (PGP)


• S/MIME

BITS Pilani, Pilani Campus


PGP

PGP provides a confidentiality and authentication service that can be used for
email and file storage applications.

Key Rings
• Suppose a user, Alice, may need to send messages to many people.
• Alice needs a ring of public keys, with each person’s public key.
• The PGP designers specified a ring of private/public keys.

• Each user needs to have two sets of rings: a ring of private/public keys and a
ring of public keys of other people.

BITS Pilani, Pilani Campus


PGP
- Summary of services

BITS Pilani, Pilani Campus


PGP

Two scenarios:
1. Alice needs to send a message to another person in the community:
a) She uses her private key to sign the digest.
b) She uses receiver’s public key to encrypt a newly created session key.
c) She encrypts the message and signed digest with the session key created.

2. Alice receives a message from another person in the community:


a) She uses her private key to decrypt the session key.
b) She uses the session key to decrypt the message and digest.
c) She uses sender’s public key to verify the digest.
BITS Pilani, Pilani Campus
PGP

PGP Authentication Service

BITS Pilani, Pilani Campus


PGP

PGP Confidentiality Service

BITS Pilani, Pilani Campus


PGP

PGP Confidentiality and Authentication Service

BITS Pilani, Pilani Campus


PGP
- Generic transmission and reception

BITS Pilani, Pilani Campus


PGP
- Key Rings (Detailed)

BITS Pilani, Pilani Campus


PGP
- Key Rings (Detailed)

BITS Pilani, Pilani Campus


PGP
• General Format PGP
Message (from A to B)

• R64:
• Most e-mail systems allow the
message to consist of only
ASCII characters.

• To translate other characters


not in the ASCII set, PGP
uses Radix-64 conversion.

BITS Pilani, Pilani Campus


PGP

PGP Message
Generation (from
User A to User B)

BITS Pilani, Pilani Campus


PGP

PGP Message
Reception (from
User A to User B)

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

S/MIME
S/MIME

• Secure/ Multipurpose Internet Mail Extension (S/MIME) is a security


enhancement to the MIME Internet e-mail format standard.

RFC 822 (RFC 5322) MIME S/MIME

BITS Pilani, Pilani Campus


S/MIME
RFC 5322

• In the RFC 5322 context, messages are viewed as having an envelope and
contents.
• The envelope contains whatever information is needed to accomplish
transmission and delivery.
• The contents compose the object to be delivered to the recipient.
• A message consists of some number of header lines (the header) followed by
unrestricted text (the body).
• The header is separated from the body by a blank line.

BITS Pilani, Pilani Campus


E-Mail Message Structure

Envelope
E-Mail Message

Contents
(RFC-5322)

Date: July 18, 2015 9:00:00 AM IST


From: “Professor” <[email protected]> Header
Subject: The E-Mail Format in RFC 5322
To: class@some_host.com
Blank
Cc: [email protected]
Line

Good Morning! We are committed to provide you world


class education! Body

BITS Pilani, Pilani Campus


Multipurpose Internet Mail Extensions (MIME)
References: IETF RFC-2045 and RFC-2046

▪ Five new message headers are defined.


I. MIME-Version: The default value is 1.0.
II. Content-Type: Description for the data contained in the body for user agent to pick up the
appropriate mechanism to represent the data to the user.
III. Content-Transfer-Encoding: Transformation used to make E-Mail acceptable for
transport.
IV. Content-ID: Identifications for MIME entities in multiple contexts.
V. Content-Description: A text description about the content which is useful to describe when
the data is not readable (e.g. audio or video data).

▪ Any MIME compliant system must support the first 3 headers. Other headers
are optional.

BITS Pilani, Pilani Campus


MIME Headers
Content Type

Types

Text Multipart Message Image Video Audio Application

1. Plain 1. Mixed 1. rfc822 1. jpeg 1. mpeg 1. basic 1. PostScript


2. Enriched 2. Parallel 2. Partial 2. gif 2. octet-stream
3. Alternative 3. External-body
4. Digest

BITS Pilani, Pilani Campus


S/MIME
• In terms of general functionality, S/MIME is very similar to PGP.
• Both offer the ability to sign and/or encrypt messages.
• S/MIME provides the following functions:

– Enveloped Data
– Signed Data
– Clear-Signed Data
– Signed and Enveloped data - combination of above three

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 14)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
BITS Pilani
Pilani Campus

S/MIME
S/MIME

• In terms of general functionality, S/MIME is very similar to PGP.


• Both offer the ability to sign and/or encrypt messages.
• S/MIME provides the following functions:

– Enveloped Data
– Signed Data
– Clear-Signed Data
– Signed and Enveloped data - combination of above three

BITS Pilani, Pilani Campus


S/MIME: Enveloped Data
Sender’s Procedure:
1. Generate a session key and encrypt it with the recipient’s public key.
2. Prepare a block known as RecipientInfo that contains: an identifier of the
recipient’s public-key certificate, an identifier of the algorithm used to encrypt
the session key, and the encrypted session key.
3. Encrypt the message content with the session key.
4. The RecipientInfo block followed by encrypted content is called the
Enveloped Data.
5. It is encoded into base-64 encoding.

BITS Pilani, Pilani Campus


S/MIME: Enveloped Data
Recipient's Procedure:
1. Base-64 encoding is taken off.
2. Recipient’s private key is used to decrypt the session key.
3. Session key is used to decrypt the encrypted message.

BITS Pilani, Pilani Campus


S/MIME: Signed Data
Sender’s Procedure:

1. Sender selects the digest algorithm and computes the message digest.
2. The digest is encrypted using sender’s private key.
3. A block called SignerInfo is prepared that contains sender’s public key
certificate, message digest algorithm, encryption algorithm used and
encrypted message digest.
4. The SignerInfo block followed by content is called the Signed Data.
5. It is encoded into base-64 encoding.

BITS Pilani, Pilani Campus


S/MIME: Signed Data
Recipient's Procedure:
1. Base-64 encoding is taken off.
2. Sender’s public key is used to decrypt the digest.
3. Recipient also independently calculates the digest and compares it with
the decrypted digest to verify the signature.

BITS Pilani, Pilani Campus


S/MIME: Clear-Signed Data

• Clear signing uses the multipart content type in MIME to transmit body and
signature separately.

• The body needs to be encoded in some way so that it is not altered during
transit.

• The second object, the signature, is sent in base64.

• Thus, only S/MIME enabled mail readers can use the signature.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Secure Socket Layer (SSL)


Secure Socket Layer (SSL)

• Developed by Dr. Taher ElGamal.

• The purpose of SSL is to enhance the capability of TCP with confidentiality,


data integrity, server authentication and client authentication.

• The data is compressed (optional), signed, and encrypted.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Services

• SSL provides several services on the data:

1. Fragmentation
2. Compression
3. Message Integrity
4. Confidentiality
5. Framing

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Pre-Master Secret
Pre-Master Secret

– To exchange an authenticated and confidential message, the client and server


each need six cryptographic secrets (four keys and two initialization vectors).

– To create these secrets, one pre-master secret must be established between the
two parties.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Four Protocols

• SSL is not a single protocol but rather two layers of protocols.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Handshake Protocol
• SSL Handshake Protocol allows server and client to exchange different security
parameters. This protocol performs its job before application data is transmitted.

Client Server

Establishing Security Capabilities Phase-1

Server Authentication and Key Exchange Phase-2

Client Authentication and Key Exchange Phase-3

Finalizing Handshake Protocol Phase-4

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Handshake Protocol
Phase 1: Establishing Security Capabilities

• The client and server announce Client Server


their security capabilities and
choose those that are convenient ClientHello

for both. Version


Client Random
Session Id

• A session ID is established, and Cipher Suite


Compression Method
the cipher suite is chosen using
two messages named ClientHello ServerHello
Version
and ServerHello. Server Random
Session Id
Selected Cipher Suite
Selected Compression Method

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Handshake Protocol
Phase 2: Server key exchange and authentication

• The server authenticates itself by Client Server

sending X.509 certificates. Certificate


Chain of Certificates
• ServerKey-Exchange message
ServerKey-Exchange
includes its contribution to the pre-
Server's key exchange
master secret. parameters.

CertificateRequest
• If server needs the client to Certificate Types
authenticate itself, it sends the Certificate Authorities

CertificateRequest. ServerHello done

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Handshake Protocol
Phase 3: Client key exchange and authentication

• First, the client verifies itself by sending Client Server


its certificate(s).
Certificate

• ClientKey-Exchange message includes Certificates/No Certificate

its contribution to the pre-master ClientKey-Exchange


secret. Pre-master secret or
parameters

• If the client has sent a certificate CertificateVerify


Certificate verification
declaring that it owns the public key, it
needs to prove that it knows the Client hello done

corresponding private key.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Handshake Protocol
Phase 4: Finalizing and Finishing
Client Server

• The client and server send messages


to change cipher specification and to change_cipher_spec

finish the handshaking protocol. finished

• After this phase, the client and server change_cipher_spec

are ready to exchange data. finished

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
ChangeCipherSpec Protocol
• SSL uses two attributes to distinguish cryptographic secrets:

• Write – Signing or encryption

• Read – Verifying or decryption

• The ChangeCipherSpec protocol defines the process of moving values between


the pending and active states.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
ChangeCipherSpec Protocol

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Alert Protocol
• SSL uses the Alert protocol for reporting errors and abnormal conditions.
Alert Code Alert Message Description
Received an inappropriate message This alert should never be observed in communication between proper implementations.
10 unexpected_message
This message is always fatal.
20 bad_record_mac Received a record with an incorrect MAC. This message is always fatal.
Received a SSL cipher text record which had a length more than 214+2048 bytes, or a record decrypted to a SSL compressed
22 record_overflow
record with more than 214+1024 bytes. This message is always fatal.
Received improper input, such as data that would expand to excessive length, from the decompression function. This message
30 decompression_failure
is always fatal.
Indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a
40 handshake_failure
fatal error.
Violated security parameters, such as a field in the handshake was out of range or inconsistent with other fields. This is always
47 illegal_parameter
fatal.
Received a valid certificate chain or partial chain, but the certificate was not accepted because the CA certificate could not be
48 unknown_ca
located or could not be matched with a known, trusted CA. This message is always fatal.
0 close_notify Notifies the recipient that the sender will not send any more messages on this connection.
There is a problem with the certificate, for example, a certificate is corrupt, or a certificate contains signatures that cannot be
42 bad_certificate
verified.
43 unsupported_certificate Received an unsupported certificate type.
44 certificate_revoked Received a certificate that was revoked by its signer.
45 certificate_expired Received a certificate has expired or is not currently valid.
46 certificate_unknown An unspecified issue took place while processing the certificate that made it unacceptable.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Record Protocol

• It carries messages from other three protocols as well as the data coming from
the application layer.

• The message is fragmented and optionally compressed.

• Further, MAC is computed followed by encryption and header.

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Record Protocol

Higher Layer Data

Fragmentation

Compression

MAC Addition

Encryption

Addition of SSL Record


Protocol Header

BITS Pilani, Pilani Campus


SSL vs TLS

• The Transport Layer Security


protocol is the IETF standard
version of the SSL protocol.

• The TLS and SSL are very


similar with slight differences.

Information source: https://techdifferences.com/difference-between-ssl-and-tls.html


BITS Pilani, Pilani Campus
IPSecurity (IPSec)

• By implementing security at the IP level, an organization can ensure secure


networking.

• IP-level security encompasses three functional areas: authentication,


confidentiality, and key management.

BITS Pilani, Pilani Campus


Modes of IPSec
Transport mode
• In transport mode, the IPSec protects what is delivered from the transport layer
to the network layer, i.e., the network layer payload.

• It does not protects the whole IP header.

BITS Pilani, Pilani Campus


Modes of IPSec
Tunnel mode
• In tunnel mode, the IPSec protects the entire packet.

• It takes an IP packet, including the header, applies IPSec security methods to


the entire packet, and then adds a new IP header.

BITS Pilani, Pilani Campus


IPSec - Protocols

• IPSec defines two protocols – Authentication Header (AH) Protocol and


Encapsulating Security Payload (ESP) Protocol.

• The Authentication Header (AH) protocol is designed to authenticate the source


and to ensure the integrity of the payload carried in the IP packet.

• AH does not provide privacy.

• The Encapsulating Security Payload (ESP) provides source authentication, data


integrity, and privacy.

BITS Pilani, Pilani Campus


Security Association (SA)

• It is a contract between two parties that creates a secure channel between them.

• An association is a one-way logical connection between a sender and a receiver


that affords security services to the traffic carried on it.

• If the connection is needed for two-way secure exchange, then two security
associations are required.

• The SAs can be more involved if the two parties need message integrity and
authentication.

BITS Pilani, Pilani Campus


Security Association Database (SAD)

• If Alice wants to send messages to many people and Bob needs to receive
messages from many people, SA can be very complex.

• Also, each side needs to have both inbound and outbound SAs to allow
bidirectional communication.

• We need a set of SAs that can be collected into a database, known as


Security Association Database (SAD).

Index SN OF ARW AH/ESP LT Mode MTU SPI: Security Parameter


Index
<SPI, DA, P>
DA: Destination Address
<SPI, DA, P> P: Protocol
<SPI, DA, P>

BITS Pilani, Pilani Campus


Security Policy Database (SPD)

• Security policy defines the type of security applied to a packet when it is to be sent or
when it has arrived.

• Each host that is using the IPSec protocol needs to keep a Security Policy Database
(SPD).

• Again, there is a need for an inbound SPD and an outbound SPD.

• Each entry in the SPD can be accessed using a combination of multiple indexes
including source address, destination address, name, protocol, source port, and
destination port.
SA: Source Address
Index Policy DA: Destination Address
P: Protocol
<SA, DA, Name, P, SPort, DPort>
SPort: Source port
<SA, DA, Name, P, SPort, DPort> DPort: Destination port
BITS Pilani, Pilani Campus
Security Policy Database (SPD)

Outbound SPD

When a packet is sent out, the


outbound SPD is consulted.

BITS Pilani, Pilani Campus


Security Policy Database (SPD)
Inbound SPD

When a packet arrives, the inbound SPD


is consulted.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Malicious Software
Malicious Software

• A software that is intentionally included or inserted in a system for harmful


purpose.

• Malicious software are broadly divided into two categories:

1. Those that need a host program – Parasite


– Examples include viruses, logic bombs, and backdoors

2. Those that are independent – Independent Malware


– Examples include worms and bot programs

BITS Pilani, Pilani Campus


Malicious Software
Backdoor (or Trapdoor)

• A secret entry point into a program that allows someone to gain access without
going through the usual security procedure.

• Backdoors become threats when dishonest programmers use them to gain


unauthorized access.

• It is difficult to implement operating system controls for backdoor.

BITS Pilani, Pilani Campus


Malicious Software
Logic Bomb

• The logic bomb is code embedded in some legitimate program that is set to
explode when certain conditions met.

• Examples of conditions that can be used as triggers for a logic bomb are:

• Presence or absence of certain files


• A particular day of the week or date, or
• A particular user running the application

• Once triggered, a bomb may alter or delete data or entire files, cause a
machine halt, or do some other damage.

BITS Pilani, Pilani Campus


Malicious Software
Trojan Horse

• A Trojan horse is a program or command procedure containing hidden code that,


when invoked, performs some unwanted or harmful function.

Image source: http://www.microbiologynutsandbolts.co.uk/the-bug-blog/can-trojan-horses-give-bacteria-anaemia

BITS Pilani, Pilani Campus


Malicious Software
Computer Virus

• A computer virus is a piece of software that can “infect” other programs by


modifying them.

• The modification includes injecting the original program with a routine to make
copies of the virus program, which can then go on to infect other programs.

• Spread scenario

1. Like the biological virus, a computer virus carries in its instructional code the
recipe for making perfect copies of itself.

2. The typical virus becomes embedded in a program on a computer.

3. Whenever the infected computer comes into contact with an uninfected piece of
software, a fresh copy of the virus passes into the new program.

BITS Pilani, Pilani Campus


Malicious Software
Computer Virus – Parts

• A computer virus has three parts:


1. Infection mechanism: Means by which a virus spreads, enabling it to replicate.
2. Trigger: The event or condition that determines when the payload is activated
or delivered.
3. Payload: What the virus does, besides spreading. The payload may involve
damage or may involve benign but noticeable activity.

• A virus can be prepended or post pended to an executable program.


• The key to its operation is that the infected program, when invoked, will first
execute the virus code and then execute the original code of the program.
BITS Pilani, Pilani Campus
BITS Pilani
Pilani Campus

Thank You!
Network Security
(Contact Session – 15)

BITS Pilani Dr. Amitesh Singh Rajput


Pilani Campus Computer Science & Information Systems
BITS Pilani
Pilani Campus

Malicious Software
Malicious Software
Computer Virus

• A computer virus is a piece of software that can “infect” other programs by


modifying them.

• The modification includes injecting the original program with a routine to make
copies of the virus program, which can then go on to infect other programs.

• Spread scenario

1. Like the biological virus, a computer virus carries in its instructional code the
recipe for making perfect copies of itself.

2. The typical virus becomes embedded in a program on a computer.

3. Whenever the infected computer comes into contact with an uninfected piece of
software, a fresh copy of the virus passes into the new program.

BITS Pilani, Pilani Campus


Malicious Software
Computer Virus – Parts

• A computer virus has three parts:


1. Infection mechanism: Means by which a virus spreads, enabling it to replicate.
2. Trigger: The event or condition that determines when the payload is activated
or delivered.
3. Payload: What the virus does, besides spreading. The payload may involve
damage or may involve benign but noticeable activity.

• A virus can be prepended or post pended to an executable program.


• The key to its operation is that the infected program, when invoked, will first
execute the virus code and then execute the original code of the program.
BITS Pilani, Pilani Campus
Malicious Software
Advanced Virus

• Polymorphic virus
• Creates copies during replication that are functionally equivalent
but have distinctly different bit patterns.
• The virus code is variably encrypted. A decryptor is placed at the
beginning of the virus.

BITS Pilani, Pilani Campus


Malicious Software
Advanced Virus

Polymorphic Virus

• Techniques used by polymorphic virus to avoid detection:


1. Virus encryption with a variable key
2. Virus encryption with variable encryptor / decryptor pairs
3. Code alternations
4. Generic coding
5. Polymorphic generators

BITS Pilani, Pilani Campus


Malicious Software
Advanced Virus

Polymorphic Virus

• Code alternations

https://people.ece.ubc.ca/irenek/techpaps/virus/virusf.html#:~:text=The%20generic%20decryption%20engine%20is,code%2C%20and%20decrypts%20t
he%20virus.

BITS Pilani, Pilani Campus


Malicious Software
Advanced Virus

Polymorphic Virus

• Code alternations

BITS Pilani, Pilani Campus


Malicious Software
Advanced Virus

Polymorphic Virus

• Generic coding
• This technique exploits the fact that “scan string” (or virus signature)
represents actual code and can NEVER contain code that occur in a
"normal" program.

BITS Pilani, Pilani Campus


Malicious Software
Advanced Virus

Polymorphic Virus

• Polymorphic generators
• The virus requests the generator to create an encrypted copy of the virus
code and the generator itself, plus a decryptor.
• Polymorphic generators infect a file by replacing the first byte of the file
with a jump command to the end of the file.

BITS Pilani, Pilani Campus


Malicious Software
Advanced Antivirus Techniques

• Detection techniques for polymorphic viruses


1. Heuristic binary analysis
2. Generic decryption engine

BITS Pilani, Pilani Campus


Malicious Software
Advanced Antivirus Techniques

• Detection techniques for polymorphic viruses


• Heuristic binary analysis
• Instead of searching for a particular virus signature, heuristic binary analysis
looks for more complex and fuzzy patterns, and virus-like behaviors.
• When such a pattern is found, the analyzer will indicate to the user a
possible infection.

BITS Pilani, Pilani Campus


Malicious Software
Advanced Antivirus Techniques

• Detection techniques for polymorphic viruses


• Generic decryption engine
• Is a program that can decrypt any encrypted program.
• It examines the infected program, tries to determine the decryption algorithm
from the code, and decrypts the virus.

BITS Pilani, Pilani Campus


Malicious Software
Worms

• A worm is a program that can replicate itself and send copies from computer to
computer across network connections.

“The primary difference between a virus and a worm is that viruses must be
triggered by the activation of their host; whereas worms are stand-alone malicious
programs that can self-replicate and propagate independently”

https://www.kaspersky.com/resource-center/threats/computer-viruses-vs-worms

BITS Pilani, Pilani Campus


Malicious Software
Worms – Countermeasure Approaches

1. Signature-based worm scan filtering: This approach generates a worm signature,


which is then used to prevent worm from entering /leaving a network/host.

2. Filter-based worm containment: This approach is similar to the previous method,


but focuses on worm content rather than a scan signature.

3. Payload-classification-based worm containment: These network-based


techniques examine packets to see if they contain a worm.

4. Rate limiting: This class limits the rate of traffic from an infected host.

5. Rate halting: This approach immediately blocks outgoing traffic when a threshold is
exceeded.

BITS Pilani, Pilani Campus


Intruders
• An intruder is an individual or a software program that enters a computer
system without authorization.
• Often referred to as a hacker or cracker.
• Three classes of intruders:
1. Masquerader: An individual who is not authorized to use the computer and
penetrates a system’s access controls by fake behavior.
2. Misfeasor: Misusing the privileges. A legitimate user who accesses data,
programs, or resources for which such access is not authorized.
3. Clandestine user: An individual who seizes supervisory control of the
system and uses this control to avoid auditing and access controls.
BITS Pilani, Pilani Campus
Intrusion Detection
Intrusion detection is based on the assumption that the behavior of the intruder
differs from that of a legitimate user in ways that can be quantified.

BITS Pilani, Pilani Campus


Intrusion Detection
Approaches

1. Statistical anomaly detection: Involves the collection of data relating to the


behavior of legitimate users over a period of time.
– Statistical tests are applied to observed behavior to determine with a high
level of confidence whether that behavior is not legitimate user behavior.

2. Rule-based detection: Involves an attempt to define a set of rules that can


be used to decide that a given behavior is that of an intruder.

BITS Pilani, Pilani Campus


Intrusion Detection
Fundamental tool - Audit Record
• Audit record for the command: COPY GAME.EXE TO <Libray>GAME.EXE

• In this case, the copy is aborted because Smith does not have write
permission to <Library>.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Review of Previous Sessions


CIA Traid

Confidentiality

Integrity

Availability

BITS Pilani, Pilani Campus


OSI Security Architecture

Security Attack: Any action that compromises the security of information owned
by an organization.

Security Mechanism: A process that is designed to detect, prevent, or recover


from a security attack.

Security Service: A processing or communication service that enhances the


security of the data processing systems and the information transfer of an
organization. The services are intended to counter security attacks, and to use one
or more security mechanisms.

BITS Pilani, Pilani Campus


Classical Encryption

• Substitution Cipher
• Caesar Cipher
• Monoalphabetic Cipher
• Playfair Cipher
• Polyalphabetic Ciphers - Vigenère Cipher
• Vernam Cipher
• One-Time Pad
• Transposition Cipher – Rail Fence Technique
24

BITS Pilani, Pilani Campus


Cryptanalysis

Objective is to recover key not just the message.

Two general approaches:


– Brute-force attack
– Cryptanalytic attack

BITS Pilani, Pilani Campus


Additive and Multiplicative Inverses modulo 8

BITS Pilani, Pilani Campus


Groups, Rings, and Fields

Groups, rings, and fields are fundamental elements of a branch of


mathematics known as abstract algebra.

In abstract algebra with sets, we can combine two elements of the set,
perhaps in several ways, to obtain a third element of the set.

BITS Pilani, Pilani Campus


Pseudorandom number generators

1. Linear Congruential Generator


𝑋𝑛+1 = 𝑎𝑋𝑛 + 𝑐 𝑚𝑜𝑑 𝑚
• E.g. values 𝑎 = 7, 𝑐 = 0, 𝑚 = 32, and 𝑥0 = 1 generates the sequence
{7,17,23,1,7,…}.

2. Blum Blum Shub (BBS) Generator

𝑥0 = 1013552 𝑚𝑜𝑑 192649 = 20749


𝑥1 = 207492 𝑚𝑜𝑑 192649 = 143135
𝐵1 = 143135 𝑚𝑜𝑑 2 = 𝟏

BITS Pilani, Pilani Campus


Euclidean Algorithm - Example
• Example:

gcd(36, 10) 6

gcd(10, 6) 4

gcd(6, 4) 2

gcd(4, 2) 0

gcd(2, 0) = 2
29

BITS Pilani, Pilani Campus


Polynomial Arithmetic

• Three classes of polynomial arithmetic:

1. Ordinary polynomial arithmetic, using basic rules of algebra.

2. Polynomial arithmetic in which the arithmetic on the coefficients is performed


modulo p; that is, the coefficients are in GF(p).

3. Polynomial arithmetic in which the coefficients are in GF(p), and the


polynomials are defined modulo a polynomial m(x) whose highest power is
some integer n.

BITS Pilani, Pilani Campus


AES Algorithm
– Broad view
Input key
Plaintext (16 bytes)

Initial transformation Round 0 key (16 bytes)

Round 1 Round 1 key (16 bytes)


4 transformations

Key Expansion
Round 2 Round 2 key (16 bytes)
4 transformations

Round N Round N key (16 bytes)


3 transformations

BITS Pilani, Pilani Campus


SHA - 512

BITS Pilani, Pilani Campus


MAC

BITS Pilani, Pilani Campus


Diffie - Hellman Key Exchange
- Man-In-The-Middle Attack
• Attacker intercepts YA from user A, A C B
calculates YC and shares it with both A
and B. Selects XA
Calculates YA
Shares YA
• The system end up having two sets of
shared keys – one between A and C Selects XC
and another between C and B. Shares YC
Calculates YC
Shares YC
• Attacker C is controlling the
communication, where users A and B Selects XB
Calculates YB
and are not aware of this attack. Shares YB

• It is also known as Bucket Brigade


KCA= YAXC mod p
Attack. KA = YCXA mod p
KCB= YBXC mod p
KB= YCXB mod p

• To avoid this attack, legitimate users


can use authentication techniques.
KA = KCA KB = KCB

BITS Pilani, Pilani Campus


Key Distribution Scenario
- Symmetric Key

BITS Pilani, Pilani Campus


X.509 Certificate Notion

BITS Pilani, Pilani Campus


Kerberos
Seeding Thoughts – More Secure Model

Client(C) AS TGS Server (V)

IDC || IDTGS

E (KC, TicketTGS)

IDC || IDV || TicketTGS


TicketV
IDC || TicketV

TicketTGS = E (KTGS ,[IDC ||ADC || IDTGS || TS1 || Lifetime1])


TicketV = E (KV ,[IDC ||ADC || IDV || TS2 || Lifetime2])

BITS Pilani, Pilani Campus


E-Mail Security

With the explosively growing reliance on email, there grows a demand for
email authentication and confidentiality services.

Two schemes stand out as approaches that enjoy widespread use –

• Pretty Good Privacy (PGP)


• S/MIME

BITS Pilani, Pilani Campus


Secure Socket Layer (SSL)
Four Protocols

• SSL is not a single protocol but rather two layers of protocols.

BITS Pilani, Pilani Campus


BITS Pilani
Pilani Campus

Thank You!

You might also like