CRYPTOGRAPHY AND NETWORK SECURITY UNIT 1 DEFINITIONS • Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers • Network Security - measures to protect data during their transmission • Internet Security - measures to protect data during their transmission over a collection of interconnected networks SECURITY TRENDS 1.1OSI SECURITY ARCHITECTURE The OSI security architecture is useful to managers as a way of organizing the task of providing security Security attacks Any action that compromises the security of information owned by an organization. Two type of Attacks • Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Types 1. Release of message contents is easily understood. A telephone conversation ,an electronic mail message ,and transferred file may contain sensitive or confidential information. 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CRYPTOGRAPHY AND NETWORK SECURITY
UNIT 1
DEFINITIONS
• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected networks
SECURITY TRENDS
1.1OSI SECURITY ARCHITECTURE
The OSI security architecture is useful to managers as a way of organizing the task of providing security
Security attacks
Any action that compromises the security of information owned by an organization.
Two type of Attacks
• Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being transmitted.
Passive attacks are very difficult to detect because they do not involve any alteration of the data.
Types
1. Release of message contents is easily understood. A telephone conversation ,an electronic mail message ,and transferred file may contain sensitive or confidential information.
2. Traffic analysis the opponents can captured the message, could not extract the information from the message.
• Active attacks – modification of data stream or creation of a false stream.
Types
1. masquerade takes place when one entity pretend to be a different entity.It usually includes one of the other form of active attack
1
2.replay involves the passive capture of the data unit and its subsequent retransmission to produce an unauthorized effect
3.modification of message simply means that some portion of a message is altered or message are delayed or reordered to produce an unauthorized effect
4.denial of service prevents the normal use or management of communication facilities
Security Service
Security service is something that enhances the security of the data processing systems and the information transfers of an organization.
X.800 defines a security service as a service provided by a protocol layer of communicating open systems which ensure adequate security of the system or data transfers.
RFC2828 defines security service as a service provided by a system to give a specific kind of protection to system resources.
Security Services (X.800) : divides these service into five categories and fourteen specific services
• Authentication - assurance that the communicating entity is the one claimed
Peer Entity Authentication: Used in association with a logical connection to provide confidence in the identity of the entities connected.
Data Origin Authentication: In a connectionless transfer provides assurance that the source of received data is as claimed.
• Access Control - prevention of the unauthorized use of a resource
• Data Confidentiality –protection of data from unauthorized disclosure
Connection Confidentiality: The protection of all user data on a connection.
Connectionless Confidentiality: The protection of all user data in a single data block.
Selective Field Confidentiality: The confidentiality of selected field within the user data on a connection or in a single data block.
Traffic Flow Confidentiality: The protection of the information that might be derived from observation of traffic flows.
• Data Integrity - assurance that data received is as sent by an authorized entity
Connection Integrity with recovery: Provides for the integrity of all user data on a connection and detects any modification, insertion deletion or replay of data within an entire data sequence with recovery attempted
2
Connection Integrity without recovery: It provides only detection without recovery.
Selective-Field Connection Integrity: Provides for the integrity of selected fields within the user data of a data block transferred over a connection
Connectionless Integrity: Provides for the integrity of a single connectionless data Provides for the integrity of all user data on a connection block and may take the form of detection of data modification.
Selective-Field Connectionless Integrity: Provides for the integrity of selected fields within the a single connectionless data block.
• Non-Repudiation - protection against denial by one of the parties in a communication.
` Nonrepudiation, Origin: Proof that the message was sent by the specified party
Nonrepudiation,Destination:Proof that the message was received by the specified party .
Security Mechanism
A process that is designed to detect, prevent, or recover from a security attack
A MODEL FOR NETWORK SECURITY
The general model shows that there are four basic tasks in designing a particular security service:
1. Design a suitable algorithm for the security transformation
2. Generate the secret information (keys) used by the algorithm
3. Develop methods to distribute and share the secret information
4. Specify a protocol enabling the principals to use the transformation and secret information for a security service
3
Model for Network Access Security
• using this model requires us to:
– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorised users access designated information or resources
• trusted computer systems can be used to implement this model
The programs can prevent two kinds of threats
Information access threats: modify the data on behalf of users who should not have access to that data.
Service threats exploit service flaw in computer to inhibit use by legitimate users.
4
1.2CLASSICAL CRYPTO SYSTEMS
SYMMETRIC CIPHER MODEL
A symmetric encryption scheme has following ingredients
• Plaintext - the original message
• Cipher text - the coded message
• Cipher - algorithm for transforming plaintext to cipher text
• Key - info used in cipher known only to sender/receiver
• Encipher (encrypt) - converting plaintext to cipher text
• Decipher (decrypt) - recovering cipher text from plaintext
• Cryptography - study of encryption principles/methods
1. Cryptographic system are characterized along three independent dimension
2. The type of operations used for transforming plaintext to cipher text
3. The number of keys used
4. The way in which the plain text is processed
• Cryptanalysis (code breaking) - the study of principles/ methods of deciphering cipher text without knowing key
• Cryptology - the field of both cryptography and cryptanalysis
• Brute-force attack: The attacker tries every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained.
5
Types of attacks
• Cipher text only
– only know algorithm / cipher text, statistical, can identify plaintext
• Known plaintext
– know/suspect plaintext & cipher text to attack cipher
• Chosen plaintext
– select plaintext and obtain cipher text to attack cipher
• Chosen cipher text
– select cipher text and obtain plaintext to attack cipher
• Chosen text
– select either plaintext or cipher text to en/decrypt to attack cipher
CLASSICAL CRYPTO SYSTEM
1. Substitution method
2. Transposition method
Substitution method:
The letters of plaintext are replaced by other letters or by numbers or symbols.
The substitution methods are
1. Caesar Cipher 2. Monoalphabetic Ciphers 3. Playfair Cipher
4. Hill Cipher 5. Polyalphabetic Ciphers 6. One-Time Pad
Caesar Cipher: It involves replacing each letter of the alphabet with the letter standing three places further down the alphabet.
Example:
Plain text: meet me after the toga party
Cipher text: PHHW PH DIWHU WKH WRJD SDUWB
Then the algorithm can be expressed as follows
C=E(3,p)=(p+3)mod 26
A shift may be of any amount ,so that the general Caesar algorithm is
C=E(k,p)=(p+K)mod 26
Where k takes on a value in the range 1to 25 .The decryption algorithm is simply 6
P=D(k,C)=(C-k)mod 26
C->Cipher text
P->Plain text
D->Decryption
E->Encryption
Disadvantages:
1. Algorithm is known
2. There are only 25 keys to try
3. Language is known and easily traceable
Monoalphabetic Ciphers:
This is a substitution cipher. Here the substitution is done from the plain text to cipher text. Single cipher alphabet is used per message.
Step 1:The relative frequency of the letters in the cipher text is determined
Step 2: This is compared with the standard frequency distribution for English
E=12.702
T=9.056
Step 3: The closely matched ones in cipher are replaced with the characters of English
Disadvantages:
Monoalphabetic ciphers are easy to break because they make use of the frequency of occurrences
To overcome this disadvantage we do multiple substitutions for a single letter. This method is called homophones
Playfair Ciphers:
The playfair algorithm is based on the use of a 5*5 matrix of letters constructed using a keyword.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
7
Plain text is encrypted two letters at a time according to the following rules:
1. If a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on"
2. If both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM"
3. If both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM"
4. Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs" encrypts to "BP", and “ea" to "IM" or "JM" (as desired)
Example:
Plaintext : BALLOON
Add filler :BA LX LO ON
Cipher Text: I/JB SU PM AR
Polyalphabetic Ciphers:
The techniques have the following features
1. A set of related monoalphabetic substitution rules is used.
2.Use a key to select which alphabet is used for each letter of the message
To encrypt a message a key is needed that is as long as the message .Usually the key is a repeating keyword.
The Modern Vigenere Tableau
Plaintext
a b c D E f g h i j K l m n o p q r s t u v w x y z
a a b c D E f g h i j K l m n o p q r s t u v w x y z
b b c d E F g h i j k L m n o p q r s t u v w x y z a
c c d e F G h i j k l M n o p q r s t u v w x y z a b
d d e f G H i j k l m N o p q r s t u v w x y z a b c
e e f g H I j k l m n O p q r s t u v w x y z a b c d
f f g h I J k l m n o P q r s t u v w x y z a b c d e
g g h i J K l m n o p Q r s t u v w x y z a b c d e f
8
h h i j K L m n O p q R s t u v w x y z a b c d e f g
i i j k L M n o p q r S t u v w x y z a b c d e f g h
j j k l M N o p q r s T u v w x y z a b c d e f g h i
k k l m N O p q r s t U v w x y z a b c d e f g h i j
l l m n O P q r s t u V w x y z a b c d e f g h i j k
m m n o P Q r s t u v W x y z a b c d e f g h i j k l
n n o p Q R s t u v w X y z a b c d e f g h i j k l m
o o p q R S t u v w x Y z a b c d e f g h i j k l m n
p p q r S T u v w x y Z a b c d e f g h i j k l m n o
q q r s T U v w x y z A b c d e f g h i j k l m n o p
r r s t U V w x y z a B c d e f g h i j k l m n o p q
s s t u V W x y z a b C d e f g h i j k l m n o p q r
t t u v W X y z a b c D e f g h i j k l m n o p q r s
u u v w X Y z a b c d E f g h i j k l m n o p q r s t
v v w x Y Z a b c d e F g h i j k l m n o p q r s t u
w w x y Z A b c d e f G h i j k l m n o p q r s t u v
x x y z A B c d e f g H i j k l m n o p q r s t u v w
y y z a B C d e f g h I j k l m n o p q r s t u v w x
z z a b C D e f g h i J k l m n o p q r s t u v w x y
Example:
Key : HAI
Key : HAIHA
Plain text : HELLO
Ciphertext: OETSO
Hill Cipher:
9
K
E
Y
The hill cipher is a multi letter cipher. It is developed by the mathematician Lester Hill. The algorithm takes m successive plain text letters and substitutes’ for M cipher text letters.
Here m=3
= mod26
C=KPmod26
C,P represents the cipher and plain text
K is the 3*3 matrix the encryption key
Example
P=PAY
The alphabets are taken as 0 to 25 for a to z
K=
Cipher text is
= mod26
=LNS
Plain text:=PAY
Cipher text =LNS
Merits and Demerits:10
C1
C2
C3
K11 k12 k13
K21 k22 k23
K31 k32 k33
P1
P2
P3
17 17 5
21 18 21
2 2 19
C1
C2
C3
17 17 5
21 18 21
2 2 19
15
0
24
Completely hides single letter and 2 letter frequency information
Easily attacked with known plain text attack
One –Time Pad:
Each new message requires a new key of the same length as new message. Such a scheme is known as a one-time pad is unbreakable. It produces random output that bears no statistical relationship to the plaintext.
Advantages:
Random output is produced for each message
Not easy to break
Drawback:
Practically impossible to generate a random key as the length of the message
The second problem is that of key distribution and key protection.
Transposition method
The transposition technique is one cipher text is formed by the permutation of plaintext letters.
Example
Rail Fence technique
-The plaintext is written as a sequence of diagonals and read as sequence of rows.
Plain text: Computer Science
C m u e s i n e
O p t r c e c
Cipher text: cmuesine optrcec
Other method:
The key specifies the order in which the scrambling to be done
Example
Key 4 3 1 2
Plaintext: Computer Science
The text is written in a matrix of 4 columns
11
C o m p
U t e r
S c I e
N c e z
4 3 1 2
Cipher text: m e i e p r e a o t c c c u s n
Rotor machines:
The rotor machine is a substation method to produce the cipher text. The rotor machine has multiple stages of encryption. The machine has independently rotating cylinders through which electrical pulses can flow. Each cylinder has go to 26 input pin and 26output with internal wiring. This wire is connected to an unique output pin.
If we associate each input and output pin with a letter of the alphabet, a single cylinders is a mono alphabetic substitution.
The cylinder which is closer to the operator is the input cylinder. The input rotates one pin position dor each key stroke.
The inner cylinder gives the input to the middle cylinder which is rotated by the one position .The middle cylinder rotates the outer cylinder by one position. The DES is uses the concept of rotor machine.
Steganography:
In steganography the plain text is hidden.
Methods:
1. Character Marking: Selected letters of printed or typed text is over written with pencil. These marks are not visible. They can seen when the paper is held at an angle to bright light.
2. Invisible Ink: substance is used for writing. Can be reconstructed when heated or upon the application of a chemical to the paper
3. Pin Punctures: Pin punctures are placed on selected letters which are not visible under normal position .They should be kept in front of the light
4. Type writer correction Ribbons: The text is stagged between lines typed with black ribbon. The character typed with correction ribbon under strong light.
1.3DIFFERENT TYPES OF CIPHERS
1. Caesar Cipher
2. Monoalphabetic Ciphers
3. Playfair Cipher
4. Hill Cipher
12
5. Polyalphabetic Ciphers
1.4BASIC NUMBER THEROY
PRIME NUMBER THEROY
prime numbers only have divisors of 1 and self
they cannot be written as a product of other numbers
note: 1 is prime, but is generally not of interest
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
prime numbers are central to number theory
list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199
to factor a number n is to write it as a product of other numbers: n=a x b x c
note that factoring a number is relatively hard compared to multiplying the factors together to generate the number
the prime factorisation of a number n is when its written as a product of primes
eg. 91=7x13 ; 3600=24x32x52
GCD
two numbers a, b are relatively prime if have no common divisors apart from 1
eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor
conversely can determine the greatest common divisor by comparing their prime factorizations and using least powers
eg. 300=21x31x52 18=21x32 hence GCD(18,300)=21x31x50=6
Fermat's Theorem
This theorem states that if Pis a prime number and a is a positive interger not divisible by p then
13
ap-1 = 1 (mod p)
or)If p is prime and a is any positive integer then
aP=a mod P
Euler Totient Function ø(n)
to compute ø(n) need to count number of residues to be excluded
in general need prime factorization, but
for p (p prime) ø(p)=p-1
for p.q (p,q prime) ø(p.q)=(p-1)x(q-1)
eg.
ø(37) = 36
ø(21) = (3–1)x(7–1) = 2x6 = 12
Euler's Theorem
a generalisation of Fermat's Theorem
aø(n) = 1 (mod n)
for any a,n where gcd(a,n)=1
eg.
a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; ø(11)=10;
hence 210 = 1024 = 1 mod 11
also have: aø(n)+1 = a (mod n)
Primality Testing
often need to find large prime numbers
traditionally sieve using trial division
ie. divide by all numbers (primes) in turn less than the square root of the number
only works for small numbers
14
alternatively can use statistical primality tests based on properties of primes
for which all primes numbers satisfy property
but some composite numbers, called pseudo-primes, also satisfy the property
can use a slower deterministic primality test
Chinese Remainder Theorem
used to speed up modulo computations
if working modulo a product of numbers
eg. mod M = m1m2..mk
Chinese Remainder theorem lets us work in each moduli mi separately
since computational cost is proportional to size, this is faster than working in the full modulus M
can implement CRT in several ways
to compute A(mod M)
first compute all ai = A mod mi separately
determine constants ci below, where Mi = M/mi
then combine results to get answer using:
1.6 FINITE FIELD
Introduction
• will now introduce finite fields
• of increasing importance in cryptography
– AES, Elliptic Curve, IDEA, Public Key
• concern operations on “numbers”
– where what constitutes a “number” and the type of operations varies considerably
• start with concepts of groups, rings, fields from abstract algebra
Group
• a set of elements or “numbers”
• with some operation whose result is also in the set (closure)
15
• obeys:
– associative law: (a.b).c = a.(b.c)
– has identity e: e.a = a.e = a
– has inverses a-1: a.a-1 = e
• if commutative a.b = b.a
– then forms an abelian group
Cyclic Group
• define exponentiation as repeated application of operator
– example: a-3 = a.a.a
• and let identity be: e=a0
• a group is cyclic if every element is a power of some fixed element
– ie b = ak for some a and every b in group
• a is said to be a generator of the group
Ring
• a set of “numbers” with two operations (addition and multiplication) which are:
• an abelian group with addition operation
• multiplication:
– has closure
– is associative
– distributive over addition: a(b+c) = ab + ac
• if multiplication operation is commutative, it forms a commutative ring
• if multiplication operation has inverses and no zero divisors, it forms an integral domain
Field
• a set of numbers with two operations:
– abelian group for addition
– abelian group for multiplication (ignoring 0)
– ring
Modular Arithmetic
16
• define modulo operator a mod n to be remainder when a is divided by n
• use the term congruence for: a ≡ b mod n
– when divided by n, a & b have same remainder
– eg. 100 = 34 mod 11
• b is called the residue of a mod n
– since with integers can always write: a = qn + b
• usually have 0 <= b <= n-1
-12 mod 7 ≡ -5 mod 7 ≡ 2 mod 7 ≡ 9 mod 7
Modulo 7 Example
-21 -20 -19 -18 -17 -16 -15
-14 -13 -12 -11 -10 -9 -8
-7 -6 -5 -4 -3 -2 -1
0 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 32 33 34
...
Divisors
• say a non-zero number b divides a if for some m have a=mb (a,b,m all integers)
• that is b divides into a with no remainder
• denote this b|a
• and say that b is a divisor of a
• eg. all of 1,2,3,4,6,8,12,24 divide 24
Modular Arithmetic Operations
• is 'clock arithmetic'
• uses a finite number of values, and loops back from either end
• modular arithmetic is when do addition & multiplication and modulo reduce answer
17
• can do reduction at any point, ie
– a+b mod n = [a mod n + b mod n] mod n
Modular Arithmetic
• can do modular arithmetic with any group of integers: Zn = {0, 1, … , n-1}
• form a commutative ring for addition
• with a multiplicative identity
• note some peculiarities
– if (a+b)≡(a+c) mod n then b≡c mod n
but (ab)≡(ac) mod n then b≡c mod n only if a is relatively prime to n
Modulo 8 Example
Greatest Common Divisor (GCD)
• a common problem in number theory
• GCD (a,b) of a and b is the largest number that divides evenly into both a and b
– eg GCD(60,24) = 12
• often want no common factors (except 1) and hence numbers are relatively prime
– eg GCD(8,15) = 1
– hence 8 & 15 are relatively prime
18
Euclid's GCD Algorithm
• an efficient way to find the GCD(a,b)• uses theorem that:
– GCD(a,b) = GCD(b, a mod b) Euclid's Algorithm
• to compute GCD(a,b):
– A=a, B=b
– while B>0
• R = A mod B
• A = B, B = R
– return A
Galois Fields
• finite fields play a key role in cryptography
• can show number of elements in a finite field must be a power of a prime pn
• known as Galois fields
• denoted GF(pn)
• in particular often use the fields:
– GF(p)
– GF(2n)
Galois Fields GF(p)
• GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p
• these form a finite field
– since have multiplicative inverses
• hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)
Polynomial Arithmetic
• can compute using polynomials
19
• several alternatives available
• ordinary polynomial arithmetic
• poly arithmetic with coords mod p
• poly arithmetic with coords mod p and polynomials mod M(x)
Ordinary Polynomial Arithmetic
• add or subtract corresponding coefficients
• multiply all terms by each other
• eg
– let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1
f(x) + g(x) = x3 + 2x2 – x + 3
f(x) – g(x) = x3 + x + 1
f(x) x g(x) = x5 + 3x2 – 2x + 2
20
UNIT-2
BLOCK CIPHER
A block cipher is an encryption /decryption method in which a block of plain text is treated as a whole and produces the cipher text block. The length of the cipher text is equal to the length of the plain text.
Example.
1.Feistel cipher
2.DES
2.1DES(Data Encryption Standard)
The Data Encryption standard has been the most widely used encryption algorithm. It exhibits the classical Feistel structure.DES uses a 64-bit block and 56-bit key.
DES Encryption:
21
The overall scheme for DES encryption is illustrated in Figure, which takes as input 64-bits of data and of key.
The left side shows the basic process for enciphering a 64-bit data block which consists of:
- an initial permutation (IP) which shuffles the 64-bit input block
- 16 rounds of a complex key dependent round function involving substitutions & permutations
- a final permutation, being the inverse of IP
The right side shows the handling of the 56-bit key and consists of:
- an initial permutation of the key (PC1) which selects 56-bits out of the 64-bits input, in two 28-bit halves
- 16 stages to generate the 48-bit subkeys using a left circular shift and a permutation of the two 28-bit halves .
DES Single Round Structure
22
The overall processing at each round can be summarized in the following formula
Li=Ri-1
Ri=Li-1*F(Ri-1,Ki)
Initial Permutation:
The 64 entries in the permutation table contains a permutation of the numbers from 1 to 64.Each entry in the permutation table indicates the position of a numbered input bit in the output,which also consists of 64 bits.Initial Permutation(IP)
23
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
Inverse Initial permutation(IP-1)
Expansion Permutation(E)
Permutation Function(P)
Substitution Boxes S:
The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output.Row selection depends on both data & key the feature is known as autoclaving (autokeying) .
24
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 23 62 30
37 5 45 13 53 22 61 29
36 4 44 12 52 21 60 28
35 3 43 11 51 20 59 27
34 2 42 10 50 19 58 26
33 1 41 9 49 18 57 25
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25
Key Generation:
A 64bit key used as input to the algorithm. The bits of the key are numbered from 1 through 64;every eight bit is ignored .The resulting 56bit key is then treated as two 28bit quantities labelled C0 and D0,At each round Ci-1 and Di-1 are separately subjected to a circular left shift or rotation.These shifted values serve as input to the next round .They also serve as input to permuted choice two,which produce a 48bit output that serves as input to the function F(Ri-
1,Ki ).
DES Decryption:
As with any Feistel cipher decryption uses the same algorithms as encryption, except that the application of the sub keys is reversed.
The avalanche effect:
A desirable property of any algorithm is that a small change in either the plaintext or the key should produce a change in cipher text.
2.2Differential Cryptanalysis:
History:
Biham & Shamir show Differential Cryptanalysis can be successfully used to crypt analyse the DES with an effort on the order of 247 encryptions, requiring 247 chosen plaintexts. They also demonstrated this form of attack on a variety of encryption algorithms and hash functions.
25
Differential cryptanalysis was known to the IBM DES design team as early as 1974 (as a T attack), and influenced the design of the S-boxes and the permutation P to improve its resistance to it.
Differential Cryptanalysis attack:
The differential cryptanalysis attack is complex. The rationale behind differential cryptanalysis is to observe the behavior of pairs of text blocks evolving along each round of the cipher, instead of observing the evolution of a single text block. Each round of DES maps the right-hand input into the left-hand output and sets the right-hand output to be a function of the left-hand input and the sub key for this round, which means you cannot trace values back through cipher without knowing the value of the key. Differential Cryptanalysis compares two related pairs of encryptions, which can leak information about the key, given a sufficiently large number of suitable pairs.
This attack is known as Differential Cryptanalysis because the analysis compares differences between two related encryptions, and looks for a known difference in leading to a known difference out with some (pretty small but still significant) probability. If a number of such differences are determined, it is feasible to determine the subkey used in the function f.
3.3Mode of Operation:
A block cipher algorithm is a basic building block for providing data security. To apply a block cipher in a Varity of application four “mode of operation “have been defined by NIST.
1.Electronic Codebook Mode
2.Cipher Block Chaining Mode
3.Cipher Feedback Mode
4.Counter Mode
Electronic Codebook Mode:
The plaintext is broken into blocks, P1, P2, P3, ....Each block is encrypted independently:
Ci = EK(Pi)
26
For a given key, this mode behaves like we have a gigantic codebook, in which each plaintext block has an entry, hence the name Electronic Code Book .
P1 P2
K K
C1 C2
C1 C2
K K
• Strength: it’s simple.
• Weakness:
– If the same message (e.g., an SSN) is encrypted (with the same key) and sent twice, their cipher texts are the same.
• Typical application: secure transmission of short pieces of information (e.g. a temporary encryption key)
Cipher Block Chaining Mode:
Initialization Vector (IV)
– Must be known to both the sender & receiver
27
Encrypt Encrypt
DecryptDecrypt
– Typically, IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext.
Cipher Feedback Mode:
The DES scheme is a block cipher technique that uses b-bit blocks. It is possible to convert DES into stream cipher. The unit of plain text are chained together, so that the cipher text of any plaintext unit is a function of all the proceeding plaintext.
The input to the encryption function is a b-bit shift register that is initially set to some IV.The leftmost s bits of the output of the encryption function are XORed with the first segment of plaintext Pi to produce the first unit of ciphertext Ci. Which is then transmitted?
For decryption the received ciphertext unit is XORed with the output of thr encryption function to produce the plaintext unit.
Encrption In CFB Mode:
28
Decryption In CFB Mode:
29
Counter Mode :
• Plaintext blocks: p1, p2, p3, …
• Key: k
• Basic idea: construct key stream k1, k2, k3, …
T1 = IV (random)
Ti = IV + i - 1
Ci = Pi ♁ EK(Ti)
C = (IV, C1, C2, C3, ...)
Advantages :
1)Hardware efficiency
2)Software efficiency
3)Preprocessing
30
4)Simplicity
5)Provable security
3.4Triple DES
1.Triple DES with two key
2.Triple DES with Three Key
Triple DES With Two Key:
• Use two keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
C=E(K1,D(K2,E(K1,P)))
• Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)
C = ciphertext
• P = Plaintext
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K
• Effective key length of 168 bits
C=E(K1,D(K2,E(K3,P)))
PUBLIC KEY CRYPTOSYSTEM
31
The public key cryptography is otherwise called as asymmetric cryptography. They make use of one key for encryption and another key for decryption.
Ingredients of public key cryptography
1. Plain text 2. Encryption algorithm 3. Public key
4. Private key 5. Cipher text 6. Decryption algorithm
RSA Algorithms
Steps:
1) each user generates a public/private key pair by:
2) selecting two large primes at random - p, q
3) computing their system modulus N=p.q
• ø(N)=(p-1)(q-1)
4) selecting at random the encryption key e
• where 1<e<ø(N), gcd(e,ø(N))=1
5) solve following equation to find decryption key d
• e.d=1 mod ø(N) and 0≤d≤N
6) publish their public encryption key: KU={e,N}
7) keep secret private decryption key: KR={d,p,q}
8) to encrypt a message M the sender:
C=Me mod N, where 0≤M<N
9) to decrypt the ciphertext C the owner:
M=Cd mod N
Example:
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
6. Publish public key KU={7,187}32
7. Keep secret private key KR={23,17,11}
sample RSA encryption/decryption is:
given message M = 88 (nb. 88<187)
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88
Attack:
Four possible approaches to attacking the RSA algorithm are as follows
1) Brute Force: This involves trying all possible private Keys
2) Mathematical Attacks: There are several approaches all equivalent in effort to factoring the product of two primes
3) Timing attacks: These depend on the running time of the decryption algorithms
4) Chosen cipher text attacks: This type of attack exploits properties of the RSA Algorithms
Factoring Problem:
We can identify three approaches to attacking RSA mathematically
1) Factor n into its two prime factors. This enables calculation of
ø(n)=(p–1)(q-1) which in turn enables determination of d=e-1(mod(ø(n))
2) Determine ø(n ) directly without first determining p and q.Again this enables determination of d=e-1(mod(ø(n))
3) Determine d directly without first determining ø(n)
33
UNIT -3
3.1DISCRETE LOGARITHMS
Computing Discrete logs:
We can define the discrete logarithm in the following way. First we define a primitive root of the prime number p as one whose powers modulo p generate all the integers from 1 to
p-1.That is ,if α is a primitive root of the prime number p then the numbers
α mod p, α mod2 p………………. αp-1 mod p
For any integer b and α primitive root α of prime number p, we can define exponent i such that
b≡ αi (mod p)
The exponent i is referred to as the discrete logarithms of b for the base α, mod p. We can express this value as dlog α,p(b).
3.2DIFFIE-HELLMAN KEY EXCHANGE
The first published public-key algorithms appeared in the seminal paper by Diffie and Hellman that defined public-key cryptography and are generally referred to as Diffie-Hellman key Exchange.
The purpose of the algorithm is to enable two users to securely exchange a key that can be used for subsequent encryption of messages
The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.
That is
b≡ai(mod p)
Algorithms
34
Global Public Elements
q Prime number
α α<q and α a primitive root of q
User B Key Generation
Select private XB XB<q
Calculate public YB YB=αXB mod q
Example:
Key exchange is based on the use of the prime number q=353 and a primitive root of 353.in this case α=3.A and B select secret keys XA=97 and XB=233.
Calculate public Key
A computes YA=397 mod 353 =40
B computes YB=3233 mod 353=248
Exchange public keys and compute secret Key
A computes K= (YB)XA mod 353 = 24897 mod 353 =160
B computes K=(YA)XB mod 353 =40233 mod 353 =160
HASH FUNCTION
Definition: A hash value h is generated by a function H of the form
h=H(M)
Where M is a variable –length message and H(M) is the fixed –length hash value. The hash value is appended to the, message at the source at a time when the message is assumed or known to be correct.
Requirement of hash function:
35
User A Key Generation
Select private XA XA<q
Calculate public YA YA=αXA mod q
Calculation of secret key by user A
K=(YB)XA
mod q
Calculation of secret key by user b
K=(YA)XB
mod q
The hash function should have the following properties
1. H can be applied to block of data of any size
2. H produces a fixed length output
3. H(x) is easy to compute for any given x , making hardware and software implementation practical and easy
4. One way property: For any given value h ,it is computationally infeasible to find x, such that H(x)=h
5. Weak collision Resistance: For any given block x, it is computationally infeasible to find y≠x, such that H(y)=H(x)
6. Strong collision property: It should be computationally infeasible to find any pair(x,y) such that H(x)=H(y).
First three properties are requirement for the practical application of a hash function to message authentication
The fourth property, one way property states that it is easy to generate a code given a message but impossible to generate a message given a code.
The fifth property states that an alternative message hashing to the same value as a given message cannot be found
The sixth property refers to how resistant the hash function is to a type of attack known as the birthday attack
Simple Hash function
The input is viewed as a sequence of n-bit blocks. The input is processed one block at a time in an iterative fashion to produce an n-bit hash function.
One of the simplest hash functions is the bit-by-bit exclusive –OR of every block. This can be expressed as follows
Ci=bi1bi2…………..bim
Where
Ci=ith bit of the hash code
M=number of n-bit block in the input
Bij=ith bit in jth block
=XOR operation
A simple way to improve matters is to perform a one-bit circular shift, or rotation on the hash value after each block is processed. The procedure can be summarized as follows
36
1. Initially set the n-bit hash value to zero
2. Process each successive n-bit block of data as follows
Rotate the current hash value to the left by one bit
XOR the block into the hash value
This procedure is a parity check called as longitudinal redundancy checks.
Given a message consisting of a sequence of 64-bit blocks X1,X2……..Xn, define the hash code C as the block –by-block XOR of all blocks and append the hash code as the final block
C=XN+1=X1X2………..XN
By the definition of CBC
X1=IVD(K,Y1)
Xi=Yi-1D (K,Yi)
XN+1=YND(K,YN+1)
XN+1=X1X2…………….XN
=[IVD(K,Y1)] [Y1D(K,Y2)] ……….[YN-1D(K,YN)]
MD 5:
This hashing algorithm was developed by Ron Rivest at MIT until last few years MD5 was the most widely secure hash algorithms.
Input: Message of arbitrary length, IV(128bit)
Processing: 512 bit block
Output: 128 bit message digit
The processing has in the following steps:
Step 1: Append Padding Bits
The message is padded so that the length =448 modulo 512
The padding consists of one 1 bit followed by necessary number of 0’s
Step 2: Append Length
The length of the original message before padding is appended to the result on step 1.The length is represented in 64bits.
If the original length is greater than 264, then only the low order 64 bits of the length are used37
The expanded message is split into 512 bit blocks y0,y1,y2…..yL-1
Step 3: Initialize the MD buffer
A 128 bit buffer is used to store the intermediate and final result of the hash function
The buffer is represented as four -32 bit register A,B,C,D.The register are initialized as
A=67452301
B=EFCDAB89
C=98BADCFE
D=10325476
Step 4: Processing 512 bit block:
The important function of MD5 is a compression function. The compression function is called 128 bit message digest.
The compression function has four rounds of processing called HMD5
Each round takes the current 512 bit block that is being processed yq and the 128 bit buffer ABCD values. Does the process and the output is updated to the buffer.
The output to the fourth round is added to the input to the first round CVq to produce CVq+1.The addition is done using addition module 232
Step 5:
After all the L-512 bit blocks are processed the output from the Lth stage is 128 bit message digest.The process of MD5 can be represented in equation as
Strength of MD5:
1. Every bit of the hash code is a function of every bit in the input
2. When two message chosen at random will not have the same hash code.
Attacks on MD5
1.
DIGITAL SIGNATURE
The message authentication protocol protects the two parties who exchange the message. But it does not protect the two principles against each other.
38
There are chances for disputes like
The receiver may forge a different message and claim that it came from the authenticated sender
The sender can deny sending the message.
The Properties of Digital signature
1. It must be verify the author, the date and the time of the signature2. It must authenticate the contents at the time of the signature3. It must be verifiable by the third parties in case of dispute
The Requirements of Digital signature are
1. The signature must be bit pattern and should depend on the message being signed.2. The signature must use the unique feature of the sender to prevent for gery and denial3. It must be relatively easy to produce ,recognize and verify the digital signature4. It must be computationally infeasible to forge the digital signature5. It must be stored in a storage to retain a copy of the digital signature
Approaches to have Digital Signature function Directed Digital Signature Arbitrated Digital Signature
Directed Digital SignatureThis method needs only the two principles. When public key cryptography is used, the source is
to know the public key of the receiver.
The digital signature can be produced by,
1. Encrypting the entire message with sender’s private key
2. Encrypting the hash code of the message with the sender’s private key
(1)
(2) Compare
39
M E EKRa(M) D M
KuaKRaM
H F
H
D
KRa
EKRa(H)(M) Kua
It is important to perform the signature followed by encryption because if the signature is calculated on the encrypted message then the third party must decrypt the message to read the original text.
Weakness of Direct Digital Signature
1. If the sender wants to deny sending a particular message the sender can claim that the private key was stolen or lost.
2. The sender would have really cost the key at a time T. The opponent can then send the message signed with the sender and the time stamp will be less than or equal T.
Arbitrated Digital Signature
The problems associated with the direct digital signature can be overcome by using arbitrated schemes.
In the arbitrated scheme all the signed message from the sender goes to the arbiter A. The arbiter subjects the message and signature to a number of tests to check the origin and control. The date and time is attached to the message. This indicates that the digital signature has been verified and is satisfied.
Requirement of arbiter
As the arbiter plays the sensitive and critical role it should be a trusted third party.
Various schemes of arbitrated signature
Scheme 1: Conventional Encryption, Arbiter sees the message
The symmetric encryption is used .The sender X and arbiter A share the master key Kax, the receiver Y and the arbiter A share the master key Kay.
When X wants to send a message M to Y, Constructs a message computes the hash value H(M).This hash is encrypted using symmetric encryption with the key Kax which acts as signature. The message along with the signature is transmitted to A..
At A,it decrypts the signature and checks the hash value to validate the message.A message transmits the message to Y, encrypted with Kay .The message is IDx , M,signature and a time stamp.Y decrypts to extract the message and signature.
The message transmitted are
X->A:M||EKax[IDx||H(M)] x->sender y->receiver
A->Y:EKay[IDx||M||EKax[IDx||H(M)||T] A->arbiter
Disadvantages:
Eaves dropper can read the message as there is no confidentiality
Scheme 2: Conventional Encryption, Arbiter does not see the message
40
The key used are Kax,Kay,Kxy.Where Kax,Kay are the master keys ,shared between the arbiter and x or y. Kxy is the key shared between x and y.
When X wants to transmit a message to Y,the packet goes to arbiter
X->A:IDx||Kxy[M]||Ekax[IDx||H(Ekxy[M])]
A->y:Ekay[IDx||Ekxy[M]||Ekxa[IDx||Ekxy[M]]||T]
The signature is the hash of the message encrypted with Kxa.
A decrypts the signature and check the hash value to validate the message.
A cannot read the message. A attaches to it the time stamp, encrypt with Kxa and transmit to Y
Scheme 3 :Public Key encryption ,Arbiter does not see the messages
The messages:
X->A:IDx||E(PRx[IDx||E(Puy,E(PRx,m))])
A->y=E(PRa, [IDx||E(Puy, E(PRx,m))||T])
This method uses the public key cryptography which gives authentication and digital signature. The doubly encrypted message is concatenated with IDx and sent to arbiter. A can decrypt the outer encryption to ensure that the message has come from X.A then transmits the message with IDx and timestamp.
Advantages:
No information is shared among parties before communication ,hence fraud is avoided
No incorrectly dated message can be sent
Disadvantages:
The complex public key algorithms is to be executed twice for encryption and twice for decryption
BIRTHDAY ATTACK (Birthday Paradox)
o The source A signs a message by appending the m bit hash value encrypted with A’s private key
o The opponent generates 2m/2 variation of the message, all the of which conveys the same meaning
o The opponent generates another 2m/2 messages, which are the variation on the fraudulent message.
41
o The two sets of messages are compared to find a pair of message that produces the same hash value
o The two sets of messages are compared to find a pair of message that produces the same hash value
o The probability of success is >0.5.
o If no match is found another valid and fraudulent messages are generated until a match is made
o The signature can then be attached to the fraudulent and sent to the receiver.
As the two messages have the same signature the opponent is assured with success.
SECURE HASH(security of hash function)
1. Brute-Force attacks
2. Cryptanalysis
Brute-Force Attacks:
The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithms. The hash functions that there are three desirable properties.
One –way
Weak collision resistance
Strong collision resistance
For a hash code of length n, the level of effort is required as follows
Requirement Effort needed
One way 2n
Weak collision Resistance 2n
Strong collisions Resistance 2n/2
MAC
The brute force attack on MAC is difficult because it needs known message MAC pairs
The security depends upon the size of the key and the MAC generated
The level of effort needed for brute force attack on MAC is the min(2k,2n)
Crypt Analysis:42
In general more crypt analytic effort will be needed than brute force attack on MAC or Hash.
A way to measure the resistance of hash/MAC algorithms to crypt analysis is to compare the strength to the effort needed for attack.
The overall structure of a typical secure hash function shown in figure .This structure referred to as an iterated hash function.
CV0=IV=initial n-bit value
CVi=f(CVi-1,Yi-1)
H(M)=CVL
Where the input to the hash function is a message M consisting of the blocks
Y0, Y1………..YL-1.Cryptanalysis of hash functions focuses on the internal structure of f and is based on attempts to find efficient techniques for producing collisions for a single execution of f.
DIGITAL SIGNATURE ALGORITHMS
The DSA is based on the difficulty of computing discrete logarithms
43
Global Public Key Components
p Prime number where 2L-1<p<2L for 512<L1024 and L a multiple of 64;i.e., bit length of between 512 and 1024 bits in increments of 64bits
q Prime divisor of(p-1) where 2159<q<2160; i.e.,bit length of 160bits
g=h(p-1)/q mod p, where h is any integer with 1<h<(p-1) such that h(p-1)/q mod p>1
User’s Private Key
X random or pseudorandom integer with 0<x<q
User’s Per –Message secret Number
K= random or pseudorandom integer with 0<k<q
Definition: A hash value h is generated by a
Signing
R=(g k mod p)mod q
S=[k-1 (H(M)+xr)]mod q
Signature=(r,s)
Verifying
w=(s’)-1 mod q
u1=[H(M)’w]mod q
u2= (r’)w mod q
v= [(gu1 yu2) mod p] mod q
TEST: v=r’
M’,r’,s’=received versions of M,r,s.
There are three parameters that are public and common to a group of users.
1. A 160 bit prime number q is chosen
2. A prime number p is selected with length between 512 and 1024 bits such that q divides (p-1)
3. G is chosen to be of the form h(p-1)/q mod p where h is an integer between 1 and (p-1)
To create a signature a user calculates two quantities r and s that are the function of the public key components and user’s private key, the hash code of the message H(M).
s=f1(H(M),k,x,r,q)=(k-1(H(M)+xr))mod q
r=f2(k,p,q,g)=(gk mod p)mod q
At receiving side verification is performed using the formula
w=f3(s’,q)=(s’)-1 mod q
v=f4(y,q,g,H(M’),w,r’)
=((g(H(M’)w)modq yr’w modq)mod p)mod q
Fig shows the function of signing and verifying
44
f2
f1HM
r
gqp
x q
s
q
Signing
M’
S’
r’
H
f3
f4
y q g
v
CompareVerifying
UNIT-5
SYSTEM SECURITY
5.1 INTRUSION TECHNIQUES
Definition:
The main objective of the intruder is to gain access to the system , to increase the privileges accessible on a system.
The intruder needs to acquire information that is protected.
Example: Password
The password is protected 2 ways
1. One way function: The system stores only the value of a function based on user’s password. When the user presents a password the system transforms the password and does the comparison with the stored value.
2. Access Control: Access to password file is limited to one or few account.
Password crackers use the following technique to learn the password
45
Try default password Try the words in the system’s dictionary Collect personal information about the user Try user’s phone number Try license numbers
Counter measure:
Detection: used to learn the attack before or after the success of the attack Prevention: The defender must attempt to thwart all possible.
INTRUSION DETECTION:
Definition:
Intrusion detection can serve as deterrent to prevent intrusions. This enables to collect information about intrusion techniques to strengthen the intrusion prevention facility
Approaches to intrusion detection:
Statically anomaly detection Rule Base detection
Statically anomaly detection:
This method collects data relating to the behavior of legitimate user over a period of time. Then the Statistical tests are applied to observe the behavior to determine with a high level of confidence whether the behavior is that of a legitimate or not
Methods (types)
Threshold Detection: This method defines the threshold , independent of the user , for the frequency of occurrence of various events
Profile Based: A profile of activity of each user is developed are used to detect the changes in the behavior of individual accounts.Metrics that can be used for profile base intrusion detection are
Counter: Non negative integer, incremented until rest by management.(E.g.) Account of number of event is kept track over a particular period of time
Gauge: A non negative integer may be incremented or decremented. It is used to measure the current value of an entity
Interval Timer: The length of time between two related events, (E.g.) time between two successive login.
Resource Utilization: Quality of resources consumed during specified period, (e.g.) Total time consumed by program execution.
Statistical Tests:
The various statistical tests that are performed to determine an intruder activity are
Mean and standard Deviation: This gives the average behavior and its variations Multivariate: Find correlation between two or more parameters
46
Markov process: used to find the transition probabilities among the various states Time series: This method finds the sequence of events too rapidly or too slowly that finds
the activates over intervals of time.
Rule Based Intrusion Detection:
This method detects intrusion by observing events in the system and applying a set of rules that lead to a decision regarding whether a given pattern or activity is or not suspicious.
Rule based Anomaly detection:
Audit records are analyzed to identify the usage pattern. Then generate rules that describe the pattern.
Rules represent the past behavior. The current behavior is observed and each transaction is matched against the rules to
determine if the current matches the observed pattern or not This method is based on that past and the future is predicated
Rule based penetration identification
This approach is based on expert system. This method is based on the use of rules for identifying the intrusion.
Rules can be defined to identify suspicious behavior
Honey Pots:
This is recent intrusion detection method .The honey pots are decoy systems, which are designed to move potential attacker away from a critical systems.
Honey pots are designed to:
Direct an attacker from accessing critical system Collect Information about attacker’s activity Encourage the attacker to stay on the system for admin to respond
PASSWORD MANAGEMENT
This is in the front line in the defense against intruders. The password is used for authentication and provides security. The user ID provides security in following ways.
The ID determines whether the user is an authorized user or not. With the help of ID the privileges given to user can be identified. ID is also used to give discretionally access control.
Procedure to Store the Password:
User selects a password of length 8 characters. The encryption is called as crypt and is based on DES. This also is modified using a 12 bit salt value. For DES the input data is a block of 64 bit of zeroes. The output is then an input to the
second encryption.47
Thus the same is repeated for 25 encryption. The output 64 bit is translated to 11 characters sequence. The hashed password is stored along with a plain text copy of the salt the password file.
Uses of SALT:
Prevents duplicate password It increase the length of the password without asking the user to remember the additional
characters Prevents the hardware implementation of DES.
The techniques used to give passwords are,
1. User Education: Users need to be educated upon giving the passwords.2. Computer generated password: if the password are random, users will not remember. If
pronounceable the users will not note it down. It is prone to attack.3. Reactive password checking: the system runs its own crackers to find guessable
password. The system cancels the passwords if that are generated and notifies the same to uses.
4. Proactive password checking: If the system rejects too many passwords, users will complain that it is difficult to select a password. On the other hand if it simple, crack is feasible.
5.2MALICIOUS SOFTWARE
Definition:
The software threat includes the programs that exploit the vulnerabilities in computing system. The software threat is otherwise called as malicious program.
The malicious programs can be divided into 2 major categories
1. Needs host programs: Fragment of program that cannot exist independently of the some program.
2. Independent: They are self contained programs that can be scheduled and run by the operating system
48
Malicious programs
Needs host
Programs
Independent
Trap Doors Virus Worm Zombie
Logic Bomb Trojan Horses
Replicate
Trap Door:
A trap door is a secret entry point to a program that allows someone who is aware of the trapdoor to gain access without going through the usual security access procedure. The trap door has been legitimately by programmers to debug and test programs.
This is done when a programmer is developing an application that has an authentication procedure , requiring the users to enter many different values to run the application
To debug the developers gains special privilege.
Security measures focus in the program development and software update activities.
Logic Bomb
The oldest type of program threat is the logic bomb. The logic bomb is code embedded in some legitimate program that is set to explode when certain conditions are met.
Once triggered the bomb alter or delete data or files causing the machine to halt.
Trojan horse
Trojan horse is a useful program (or) procedure containing hidden code when invoked performs unwanted or harmful function.
Trojan horse can be used to accomplish function , indirectly that unauthorized users could not accomplish
The second motivation of Trojan horse is data destruction. The program appears to be doing useful function but quietly deleting the user’s files.
Zombie
A Zombie is program that secretly takes over another internet attached complier, uses that system to lunch attacks which are difficult to trace the creator.
Zombie is used in Denial of service attack
Worm
A worm seeks more machines to infect, each machine that is infected serves as a launch pad for attacks. No need of human to propagate.
To replicate itself, a network worm uses some sort of network vehicle. Examples include the following
Electronic mail facility: A worm mails a copy of itself to other systems
Remote execution capability: A worm executes a copy of itself on another system
49
Remote login Capability: A worm logs onto a remote system as a user and then uses commands to copy itself from one system to the other
Phases of life cycle:
The worm also has Dormant phase, propagation phase. Triggering phase and executing phase.
Searches for other system to infect by examining host tables
Establish the connection with remote system
Copies itself to a remote system and make the copy to run
The Morris Worm
The Morris worm was designed to spread on UNIX systems and used a number of different techniques for propagation.
1. It attempted to log on to a remote host as a legitimate user. In this method, the worm first attempted to crack the local password file, and then used the discovered passwords and corresponding user IDs. The assumption was that many users would use the same password on different systems. To obtain the passwords, the worm ran a password-cracking program that tried
a. Each user's account name and simple permutations of it
b. A list of 432 built-in passwords that Morris thought to be likely candidates
c. All the words in the local system directory
2. It exploited a bug in the finger protocol, which reports the whereabouts of a remote user.
3. It exploited a trapdoor in the debug option of the remote process that receives and sends mail.
Recent Worm attacks
Attacks In late 2001, a more versatile worm appeared, known as Nimda. Nimda spreads by multiple mechanisms:
from client to client via e-mail
from client to client via open network shares
from Web server to client via browsing of compromised Web sites
from client to Web server via active scanning for and exploitation of various Microsoft
State of Worm Technology
Multiplatform
Ultrafast spreading
Polymorphic
Metamorphic
Transport vehicles
50
Zero-day exploit
5.3VIRUSES:
Definition:
A virus is a piece of software that can "infect" other programs by modifying them;.
The modification includes a copy of the virus program, which can then go on to infect other programs.
A virus can do anything that other programs do.
The only difference is that it attaches itself to another program and executes secretly when the host program is run.
Once a virus is executing, it can perform any function, such as erasing files and programs.
Life cycle of a virus (Phases)
Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage.
Propagation phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
Triggering phase: The virus is activated to perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.
Execution phase: The function is performed. The function may be harmless or damaging.
Types of Virus:
Parasitic virus: The traditional and still most common form of virus. A parasitic virus attaches itself to executable files and replicates, when the infected program is executed, by finding other executable files to infect.
Memory-resident virus: Present in main memory as part of a resident system program. From that point on, the virus infects every program that executes.
Boot sector virus: Infects the boot record and spreads when the system is booted from the disk containing the virus.
Stealth virus: This virus is to hide itself from detection by antivirus software.
Polymorphic virus: A virus that mutates with every infection, making detection is impossible.
Metamorphic virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection.
Macro Virus: The macro virus is platform independent. It infects documents not executables. They are easily spread
51
Email virus: The e-mail virus sends itself to everyone on the mailing list in the user’s e-mail package. The virus does local damage. The email virus has the character of worm because it propagates itself from system to system but like needs human to propagate.
Virus Structure:
A virus structure can be pretended or post pended to an executable program or can be embedded. The importance to its operation is that the infected program when invoked will first execute the virus code and then execute the original code of the program.
When this program is invoked, control passes to its virus, which performs the following steps
1. For each uninfected file P2 that is found , the virus first compresses that file to produce P2’ which is shorter than the original program by the size of the virus
2. A copy of the virus is pretended to the compressed program
3. The compressed version of the original infected program, P1’is uncompressed
4. The uncompressed original program is executed
2
4
3 P1 P2 1
To T1
Initial Infection:
Once a virus has gained entry to a system by infecting a single program, it is in a position to infect some or all other executable files on that system when the infected program executes. The prevention is by preventing the virus from gaining entry in the first place. But prevention is extremely difficult.
Virus Countermeasure:
Antivirus Approaches
Definition
The ideal solution to the threat of viruses is prevention. The next best approach is to be able to do the following:
Detection: Once the infection has occurred, determine that it has occurred and locate the virus.
Identification: Once detection has been achieved, identify the specific virus that has infected a
program.
52
P1’
CV
P2P1’
CV
P2’
CV
Removal: Once the specific virus has been identified, remove all traces of the virus from the
infected program and restore it to its original state. Remove the virus from all infected systems so
that the disease cannot spread further
Generation of Antivirus Software
First Generation: simple scanners
Second Generation: Heuristic scanners
Third Generation: activity traps
Fourth Generation: Full-featured protection
First generation scanner:
A first-generation scanner requires a virus signature to identify a virus. Such signature-specific scanners are limited to the detection of known viruses.
The virus may contain wild card but has the same structure and bit pattern in all software.
Another type of first-generation scanner maintains a record of the length of programs and looks for changes in length.
Second generation Scanner
The second generation scanner uses heuristic rules to search for probable virus infection. It looks for fragments of code that are often associated with viruses.
Another second-generation approach is integrity checking.
A checksum can be appended to each program.
If a virus infects the program without changing the checksum, The integrity check will identify the virus software
Third generation Scanner
Third-generation programs are memory-resident programs that identify a virus by its actions.
It is necessary only to identify the small set of actions that indicate an infection is being attempted and then to intervene.
Fourth Generation Scanner
Fourth-generation products are packages consisting of a variety of antivirus techniques used in conjunction. These include scanning and activity trap components.
Advanced Antivirus Techniques:
5.4FIREWALLS
Definition
The firewall is inserted between the premise network and internet to establish a controlled link and to erect an outer security wall or perimeter. The aim of this perimeter is to protect the premises network from internet based attacks and to provide a single choke point where security and audit can be
53
imposed. The firewall can be a single computer system or a set of two or more systems that cooperate to perform the firewall function
Firewall characteristics
1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implement various types of security policies.
3. The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating system.
Technique to control Access and enforce security policy
1. Service control – determines the type of internet services that can be accessed, inbound or outbound. The firewall may filter traffic on this basis of IP address and TCP port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as web or mail service.
2. Direction control – determines the direction in which particular service request may be initiated and allowed to flow through the firewall.
3. User control – controls access to a service according to which user is attempting to access it.
4. Behavior control – controls how particular services are used.
Scope of a Firewall
1. A firewall defines a single choke point that keeps unauthorized users out of the protected network, provides protection from various kinds of IP spoofing and routing attacks.
2. A firewall provides a location for monitoring security related events.
3. A firewall is a convenient platform for several internet functions that are not security related.
4. A firewall can serve as the platform for IPsec
Limitation of Firewalls
1. The firewall cannot protect against attacks that bypass the firewall
2. The firewall does not protect against internal threats.
3. The firewall cannot protect against the transfer of virus-infected programs or files. It would be impractical and perhaps impossible for the firewall to scan all incoming files, e-mail, and messages for viruses
Types of Firewalls
Packet filters
Application-level gateways
Circuit-level gateways
Packet Filters
54
A packet Filtering router applies a set of rules to each incoming IP packet an then forward or discards the packet. Router is configured to filter the packets going in both directions. Filtering rules are based on information contained in the packet. They are
Source IP address: - IP address of the system that the packet originated
Destination IP address:- IP address of the system that the packet is to reach
Advantages:
– Simple
– Transparent to users
– Very fast
Disadvantages:
1. Be packet filter firewalls do not examine upper-layer data,
2. It does not support advanced user authentication schemes
3. They are generally vulnerable to attacks such as layer address spoofing
4. As limited information is available to the firewall, logging function present in packet filter firewall is limited
Attacks on packet filtering Routers
1. IP address spoofing: the intruders transmit packets from the outside with a source IP address field containing an address of an internal host.
2. Tiny Fragment Attack: The intruders use IP fragmentation to create extremely small fragments and keep the header in a separate packet. This attack is designed to circumvent filtering rules that depend upon the TCP header information.
3. Source routing attack: the source station specifies the route that a packet should take in the internet. It hopes that it will bypass security measures that do not analyze the routing information.
Application level gateway
– An Application level gateway, also called a proxy server, acts as a relay of application level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP,
– The gateway asks the user for the name of the remote host to be accessed. .
55
– When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints
– Application level gateways tend to be more secure than packet filters. It is easy to log and audit all incoming traffic at the application level.
Advantages
1. More secure than packet filter
2. Scans only few allowable application\
3. Easy to log and audit all incoming traffic at the application level
Disadvantages:
Additional processing over head in each connection.
Circuit level Gateway:
Circuit level gateway can be a stand-alone system or it can be a specified function performed by an application level gateway for certain applications.
A Circuit level gateway does not permit an end-to-end TCP connection. . The security function consists of determining which connections will be allowed.
A typical use of Circuit level gateways is a situation in which the system administrator trusts the internal users.
The gateway can be configured to support application level or proxy service on inbound connections and circuit level functions for outbound connections.
56
Bastion Host:
A bastion host is a system identified by the fir wall administator as a critical strong point in the network’s security.The bastion host servers as a platform for an application level gate way or circuit level gateway
Characteristics:
Each proxy is configured to support only a subset of standard application’s command set.
Each proxy is configured to allow access only to specific host systems.
Each proxy maintains detailed audit information by logging all traffic, each connection and the duration of each connection.
Each proxy is independent of other proxies on the Bastion host
Firewalls Configuration:
1. Screened host firewall , single homed bastion
2. Screened host firewall dual homed bastion
3. Screened subnet firewall
1. Screened Host Fire wall, single homed Bastion
In this configuration the firewall consists of 2 systems a packet filtering router and Bastion host.
The router is configured for,
For traffic from the internet, only IP packets destined for the bastion host are allowed in.
For traffic from the internal network, only IP packets from the bastion host are allowed out.
The Bastion host is configured for,
This configuration implements both packet level and application level filtering, allowing for considerable flexibility in defining security policy.
An intruder must generally penetrate two separate systems before the security of the internal network is compromised.
57
2. Screened host firewall dual homed bastion
This configuration physically prevents the security breach of packet filtering router
Advantages:
The same as that of single homed bastion
Information server (or) host can be allowed directly to communicate with the router
3. Screened subnet firewall
This is the most secure firewall
Two packet filtering routers are used one between the Internet and bastion host and the other between the bastion Host and the private network
The internet and the internal network have access to hosts on the screened sub net but traffic across the subnet is blocked
Advantages:
Three levels to defense the intruders
The outside router advertises the existence subnet to the Internet
The inside router advertise only the existence of screened subnet to the internal network.
58
5.5 SECURITY STANDARDS
The importance of standards:
There are a number of advantages and disadvantages to the standards-making process .The principal advantages of standards are as follows:
Advantages:
A standard assures that there will be a large market for particular piece of equipment or software. This encourages mass production and the use of large –scale-integration, and resulting in lower costs.
A standard allows products from multiple vendors to communicate giving purchaser more flexibility in equipment selection and use
Disadvantages:
A standard tends to freeze the technology. By the time a standard is developed subjected to review and compromise and promulgated more efficient techniques are possible.
Internet standards:
Internet Architecture Board(IAB): Responsible for defining the overall architecture of the internet
Internet Engineering Task Force(IETF): The protocol engineering and development arm of the internet
Internet Engineering Steering Group (IESG): Responsible for technical management of IETF activities and the Internet standards process.
Internet Standards Categories:
Technical specification (TS): A TS defines a protocol, service, procedure, convention or format.
Application statement(AS): An AS specifies how and under what circumstances , one or more TS may be applied to support particular internet capability
59
60
Related Documents
