Public-Key Cryptography

*Problem with DESImagine that a bank wants to give customers remote access to their accounts using conventional encryption. To limit each customer's access to only his own account, the bank would create millions of encryption algorithms and keys. This solution is impractical.On the other hand, giving the same encryption algorithm and key to every customer, will not guarantee the privacy.

*Public-key versus DESThe solution to this problem is public key encryption. Every user has the same encryption algorithm and key. The decryption algorithm and key are kept secret.Anyone can encrypt information, but only an authorized receiver can decrypt it.The decryption algorithm is not the inverse of the encryption algorithm. In addition, the keys are different. Even with the encryption algorithm and encryption key, an intruder still will be unable to decipher the code.

*Public-key cryptographyThe public-key encryption is first publicly proposed by Diffie and Hellman in 1976.It is the first truly revolutionary advance in encryption.The public-key algorithms are based on mathematical functions rather than on simple operations on bit patterns.Public-key cryptography is asymmetric, involving the use of two separate keys.The use of two keys has profound consequences in the areas of confidentiality, key distribution, and authentication.

*Misconceptions with Public-keyMisconception 1:Public-key encryption is more secure from cryptanalysis than conventional encryption. Fact The security of any encryption scheme depends on: 1- the length of the key. 2- the computational work involved in breaking a cipher.

*Misconceptions with Public-keyMisconception 2:Public-key encryption is a general-purpose technique that has made conventional encryption obsolete. Fact On the contrary, because of the computational overhead of current public-key encryption schemes, there seems no foreseeable likelihood that conventional encryption will be abandoned.

*Misconceptions with Public-keyMisconception 3:The key distribution is trivial when using public-key encryption, compared to conventional encryption. Fact Some form of protocol is needed that is not simpler or more efficient than those required for conventional encryption.

*Public-key algorithm

Encryption Algorithm

(RSA)Network

Decryption AlgorithmB's public keyA's Public key ringB's private keyUser AUser B

*Ingredients of Public-keyPlaintextThis is the readable message that is fed into the algorithm.Encryption algorithmIt performs various transformations on the plaintext.Public and private keyThis is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.CiphertextThis is the scrambled message produced as output. Decryption algorithmThis algorithm accepts the ciphertext and the matching key and produces the original plaintext.

*Basics of Public-keyThe public key of the pair is made public for others to use.The private key is known only to its owner. Public-key cryptographic algorithm relies on one key for encryption and a different but related key for decryption.

*Essential steps of Public-key1- Each user generates a pair of keys to be used for the encryption and decryption of messages.2- Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private.3- Each user maintains a collection of public keys obtained from others.4- If user A wishes to send a private message to user B, then user A encrypts the message using B's public key.5- When B receives the message, he decrypts it using his own private key.

*Applications of public-key cryptography1- Encryption/decryptionSender encrypts a message with the recipient's public key.2- Digital signatureThe sender "signs" a message with his private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block (digest) of the message.3- Key exchangeTwo sides cooperate to exchange a session key.

*Requirements for public-key cryptography1- It is computationally easy for a party B to generate a pair (public key KUb, private key KRb).2- It is computationally easy for a sender A, knowing the public key and the message, M, to generate the ciphertext.3- It is computationally easy for the receiver B to decrypt the ciphertext using the private key to recover the original message.4- It is computationally infeasible for an opponent, knowing the public key, KUb, to determine the private key, KRb.

*Requirements for public-key cryptography5- It is computationally infeasible for an opponent, knowing the public key, KUb, and a ciphertext, C, to recover the original message.6- Either of the two related keys can be used for encryption, with the other used for decryption.

*Differences between two schemes

*The functionA function is a rule that associates (maps) one element in domain set A to one element in range set B.

An invertible function is a function that associates each element in the range with exactly one element in domain.

*Trapdoor one-way functionOne-way function1- f is easy to compute: given x, y=f (x) can be easily computed. 2- f -1 is difficult to compute: given y, it is computationally infeasible to calculate x=f -1(y).Trapdoor one-way function3- Given y and a trapdoor (secrete), x can be computed easily.

*The RSA Encryption AlgorithmIt was developed in 1977 by Rivest, Shamir, and Adleman at MIT and first published in 1978. The RSA scheme is the most widely accepted and implemented approach.RSA is a block cipher in which the plaintext and ciphertext are integers between 0 and (n-1) for some n.

*Key generation of RSASelect two large prime numbers, p and q.The prime number is divisible only by 1 and itself.Calculate n = p x q.Calculate y = (p-1) x (q-1)Select a number that is relatively prime to y and call it e. This means that e is not a prime factor of y .Determine d such that (d x e) mod y =1.The public key used to encrypt is KU={e,n}The private key used to decrypt KR={d,n}.

*Encryption/decryption steps of RSAThe encryption algorithm follows these steps:Encode the data to be encrypted as a number to create the plaintext M.Calculate the ciphertext C as C=Me (modulo n). Send C as the ciphertext.

The decryption algorithm follows these steps:Receive the ciphertext C.Calculate the plaintext M=Cd modulo n.Decode M to the original data.

*Operation of RSA

Key Generation

Select p, q. p and q are prime integersCalculate n=pxqCalculate y=(p-1)(q-1).Select integer e gcd(y,e)=1Calculate d (exd) (mod y) =1Public key KU={e,n}Private key KR={d,n}

Encryption AlgorithmPlaintext MCiphertext C = Me (mod n)

Decryption AlgorithmCiphertext CPlaintext M=Cd (mod n)

*Key generation of RSA

C = Me mod n

Encryption Algorithm

M =Cd mod n

Decryption AlgorithmKU={e,n}KR={d,n}

*Example of RSA1- Select two prime numbers, p=7 and q=17.2- Calculate n = pxq = 7x17 = 119.3- Calculate y = (p-l)(q-1) = 96.4- Select e such that e is relatively prime to y=96 and less than y; In this case, e=5.5- Determine d such that dxe(mod 96)=1 and d

*Example of RSA

*Reciprocity of RSAThe RSA algorithm is reciprocal. This means that user A can use the B'private key to send a message to user B, and User B can decrypt the message using his own public key. Therefore, for the RSA cryptosystem, we have:M=D(E(M)).M=E(D(M)).

*Combining TechniquesPUPrPUPrAsymmetric cryptography is much slower than symmetric.For encipherment of large message, symmetric key is used.Asymmetric key is used for sending secrete key securely.

AuthenticationKey managementUser authenticationDigital signaturePretty Good Privacy

*Deffie-Hellman Key ExchangeThe purpose is to enable two users to exchange a secret key securely for subsequent encryption of messages. The Diffie-Hellman algorithm depends on its effectiveness on the difficulty of computing discrete logarithms. There are two publicly known numbers: a prime number q and an integer a that is a primitive root of q. Suppose the users A and B wish to exchange a key. User A selects a random integer XA < q and compute:YA = a XA mod q.

*Deffie-Hellman Key ExchangeSimilarly, user B interdentally selects a random integer XB

*Deffie-Hellman Key Exchange

Global Public Elements

q prime numbera a < q a is a primitive root of q

User A Key GenerationSelect private XA XA < qCalculate public YA YA=aXA mod q

User B Key GenerationSelect private XB XB

*Example-1Assume the prime number q and a primitive root a of q as: q = 71 and a = 7.A selects his private key as XA= 5 B selects his private key as XB= 12.Each computes its public key:YA = 75 mod 71 = 51YB = 712 mod 71 = 4After they exchange public keys, each can compute the common secret key:K=(YB)XA mod 71 = 45 mod 71 = 30K=(YA)XB mod 71 = 5112 mod 71 = 30

*Example-2Assume the prime number q and a primitive root a of q as: q = 23 and a = 7 : gcd(a,q)=1, a

*Man in the middle attackWeakness of Deffie-Hellman Key Exchange Intruder can fool A and B by creating two keys:one between him and A.another between him and B.Two keys instead of one are created.

*Man in the middle attacka and q are public.ya = aXa mod qyi = aXi mod qyayiyiyb = aXb mod qybK = yiXa mod qK = yiXb mod qK1 = yaXi mod qK2 = ybXi mod qK1K2

*Key distribution center (KDC)The problem in man in the middle attack is that the values of ya and yb are transmitted as plaintext.Any correspondence should be encrypted using symmetric key; this could create vicious circle.The solution is a trusted third party: KDC.A and B are both clients of KDC.A has a symmetric key KA with KDC.B has a symmetric key KB with KDC.Both A and B will share the session key KAB.

*First approach using KDC

KABA, BA, B, KABExchange data using KAB12KBA, B, KABKB3TicketIdentityof A & B

Needham-Schroeder ProtocolThis protocol uses multiple challenge-response interaction between parties to achieve a flawless protocol.It uses 4 different nonces: RA , RB , R1 and R2.

RA, B, KAB*Needham-Schroeder Protocol

A, B, RAARB1A, RB, KAB3RB24R1KABA, RB, KAB5R1-1, R2KAB6R2-1KAB7

*KerberosIt is an authentication protocol and a key distribution center designed at MIT.It is named after the three-headed dog in Greek mythology that guards the gates of Hades.Three servers are involved in the Kerberos protocol: 1- an authentication server (AS), 2- a ticket-granting server (TGS), 3- a real (data) server that provides services to others.

Kerberos serversRequest ticket for TGS132A-TGS session key and ticket for TGSRequest ticket for BA-B session key and ticket for B45Request serviceReal Server

6Provide serviceAuthentication Server(KDS)Ticket Granting ServerEach user registered with AS.It grants a user ID and Password.It verifies user, issues session key and sends ticket to TGS.It issues ticket for B.It provides session key KAB.

*Kerberos operation

B AA,KS13 TT+1KAB6

KSA, KS2KTG

A,KAB4B,KABKBKTG

A,KAB5 TKBKABRequesting and receiving services using KAB.

User Authentication

*User authenticationAuthentication is a procedure that verifies the identity of one entity for another.An entity can be a person, a process, a client, or a server.In message authentication, the identity of the sender is verified for each single message.In user authentication, the user identity is verified once for the entire duration of system access.

*User authenticationApproaches of user authenticationUser authentication with symmetric-keyUser authentication with public-keyUsing Symmetric key onlyUsing a nonceBidirectionalauthenticationDigital signature

*Using symmetric key onlyA sends his identity and password in an encrypted message using symmetric key KAB.

Intruder can store data and authentication message and resend them later to B.B has no way to know that this is a replay of a previous message ( no guarantee for freshness).A, PasswordA sends data to B using KABKAB

*Using a nonceA nonce is a large random number that is used only once; a one-time number.B uses a nonce to challenge A.A responds by encrypting nonce with symmetric key KAB.AA sends data to B using KAB1RB2RB3

RB*Bidirectional authenticationBoth A and B need to authenticate each other.A has its nonce RA, and B has RB.A, RAA sends data to B using KAB1RA2RB3

Digital Signature

*Digital Signature and AuthenticationAuthenticationIt is the technique by which an entity verifies that his partner is who he purports to be and not an imposter. It can be easily achieved if both parties share a common secret key or keys. However, it is much more nicely done using public key cryptography.

*Digital Signature and AuthenticationSuppose that User A wants to send a message to User B.It is not important that the message be kept secret.User A wants User B to be certain that the message is indeed from him. User A uses his own private key to encrypt the message or part of it. When User B receives the ciphertext, he finds that he can decrypt it with User A's public key.Thus proving that the message must have been encrypted by User A.

*Digital Signature and AuthenticationNo one else has User A's private key.Therefore no one else could have created a ciphertext that could be decrypted with User A's public key. Therefore, the entire encrypted message serves as an electronic or digital signature. In addition, it is impossible to alter the message without access to User A's private key.So the message is authenticated both in terms of source and in terms of data integrity.

*Digital Signature and Authentication

Encryption Algorithm

(RSA)Network

Decryption AlgorithmA's private keyA's public keyUser AUser B

*Digital Signature and AuthenticationIt is important to emphasize that the encryption process just described does not provide confidentiality. The message being sent is safe from alteration but not safe from eavesdropping. A more secure approach is to use recipient's public key to encrypt the message, so that only the recipient can read it.This step is only necessary if both authentication and secrecy are needed.

*Digital SignatureDigital signature can provide integrity, authentication and nonrepudiation, but cannot provide privacy.1- IntegrityIt is preserved because changing the message will make the decrypted message unreadable.2- AuthenticationEncrypting the message with ones key cannot be decrypted with others key.3- NonrepudiationEncrypting with private key of a user cannot be denied.

*Signature, ciphering and AuthenticationThe following approach provides three key objectives:The receiver can verify the claimed identity of the sender, because only the sender's public key will decrypt it.The sender cannot later repudiate the contents of the message, because only the possessor of the specific private key could have guaranteed it.The receiver cannot possibly have concocted the message himself.

*Signature, ciphering and Authentication

Encryption AlgorithmA's private keyUser AUser BB's public key

Decryption AlgorithmB's private keyA's public key

*Signing the digestPublic-key encryption is efficient if the message is short.The user creates a miniature version or digest of the document and signs it.To create the digest, we use a hash function.

*Properties of Hash function1- The hash function creates a fixed-size digest from a variable-length message.

2- Hashing is one-wayThe digest can only be created from the message, not vice versa.3- Hashing is a one-to-one functionTwo messages will not create the same digest.

Hash function

*Creating a Hash functionThis can be accomplished using iteration.A function with variable-size input is not used.A function with fixed-size input (compression function) is created and used as many times as necessary.The compression function compresses an n-bit string to create an m-bit string; n>m.

The scheme is called an iterated cryptographic hash function.

CompressionHash function

*Merkle-Damgard schemeMessage and padding are appended to be divisible.H0 is set to a fixed value (initial vector IV).Hi= f (Hi-1 , Mi).Hr is the cryptographic hash function of message; h(M).

Compressionfunctionn bits

M1

Padding/length

Original message

M2n bits

Mrn bits

*Two groups of compression functions1- Hash function made from scratchThese are particularly designed for this purpose.The two most common hash functions are:Message Digest 5 (MD5): produce 120-b digest.Secure Hash Algorithm 1 (SHA-1): produces 160-b.2- Hash function based on block ciphersA symmetric-key block cipher can be used as a one-way compression function.

*Signing the digest at sender siteThe digest is encrypted (signed) using the senders private key.The encrypted digest is attached to the original message and sent to the receiver.

Encryption AlgorithmA's private key

Message

Hash

DigestSignedDigest

MessageSignedDigest+To B

*At receiver siteThe receiver separates the message from encrypted digest.He applies the same hash function to the message to create a second digest.He decrypts the received digest using senders public key.Decryption AlgorithmA's public key

Hash

Digest

MessageSignedDigest

Digest

CompareFrom A

*Pretty Good Privacy (PGP)PGP protocol is used at the application layer of Internet in sending e-mail. It provides all 4 aspects of security:privacy, integrity, authentication and nonrepudiation.PGP uses digital signature (a combination of hashing and public key encryption) to provide integrity, authentication and nonrepudiation.It uses a combination of secret-key and public-key encryption to provide privacy.It uses one hash function, one secret key and two private-public key pairs.

*PGP at sender site

EncryptA's private key

Email

Hash

DigestEncrypted(secret key+message+digest)

MessageSignedDigest+Email+ signed digestSignedDigest

EncryptOne time secret key

Encrypt+Digital signaturePrivacyB's Public key

*PGP at receiver site

Decrypt

Hash

DigestEncrypted(secret key+message+digest)

MessageSignedDigest

DecryptOne time secret key

DecryptCompare

Encrypted(message + digest)Encrypted(secret key)

Digest

Network SecurityProxy serverFirewallsIntrusion detectionMalicious programs

*Proxy ServerA proxy server is an intermediary between a network host and other hosts outside the network.

*Functions of Proxy Server1- Caching of Web documents If corporate users access information on a Web server, that information is cached to the local proxy server. This allows anyone to access this information locally.This reduces the amount of network traffic on the Internet.This leads to improved performance for the corporate intranet and the Internet.

*Functions of Proxy Server2- Corporate firewall accessA proxy can provide safe passage for corporate users to the Internet through a firewall.This allows protected use of HTTP and FTP.

*Functions of Proxy Server3- Filtering client transactionsThe proxy can control access to Web servers by filtering client transactions. Filtering is accomplished by limiting or denying access to specific URLs, IP, host names, Web contents and users. In addition, you can deny access to an individual by specifying that person's user name.

*Functions of Proxy Server4- Transaction logging Administrators can track client activity and customize which data to record. This data includes accessed URLs, dates and times, and the byte counts of all data that has been transferred. Information on routing and success of a transaction can also be logged and used to evaluate network performance.

*Functions of Proxy Server5- Securing the host A proxy server can secure or block the host from users accessing the site from the Internet.

6- Enhanced administrationAdvanced logging and reporting, monitoring, automatic proxy configuring, remote management.

*FirewallIt is a secure computer system placed between a trusted network and an untrusted one such as Internet. Corporate networksupervised.Controlled.Protected.Security perimeterInternetover which you have no control.

*Functions of FirewallFiltering packets.Serving as a circuit-level or application-level gateway. Detecting intrusions. Providing enhanced password authentication.Logging and reporting.Taking evasive actions.Permitting encrypted access (with a VPN).

*Inside LANFirewallOutside LANPacket filtering routerApplication gatewayCorporate networkSecurity perimeterComponents of Firewall1- Two routers that do packet filtering.2- An application gateway. Packet filtering routerInternetEvery packet must transit 2 filters and an application gateway to go in or out. No other route exists.

*Packet filterEach packet filter is a router that inspects every incoming or outgoing packet to be inspected. Packets meeting some criterion are forwarded normally. Those that fail the test are dropped. The packet filter on the inside LAN checks outgoing packets and the one on the outside LAN checks incoming packets.Packets crossing the first hurdle go to the application gateway for further examination. Packet filters are typically driven by tables configured by the system administrator.

*Table of packet filter

Internet

IntranetPacket filter12

*The application gatewayRather than just looking at raw packets, the gateway operates at the application level.A mail gateway, for example, can be set up to examine each message going in or coming out. For each one it makes a decision to transmit or discard it based on header fields, message size, or even contents. Combined with encryption and packet filtering, this arrangement offers a limited amount of security at the cost of some inconveniences.

*The application gatewaymalicious

InternetProxy FirewallAll http packetshttp Proxyhttp ServerAccepted packets

Intrusion Detection

*IntrudersSecurity problem of networked system may be:

Hostile trespass by users

Hostile trespass by software

Unauthorized user logs on to computer.Authorized user acquires privileges beyond those authorized.Takes the form of a virus, worm or Trojan horse.

*Intrusion techniquesThe objective of intruder is to gain access to a system or to increase the range of privileges accessible on a system.This requires intruder to acquire protected information such as passwords.Each system must maintain a file that associates a password with each authorized user.This file should be stored with protection.

Intrusion prevention

Intrusion detection

Intrusion fighting

*First defense: Password protection

One-way encryption

Access control

The system stores only encrypted form of users password.When a user presents a password, the system encrypts that password and compares it with the stored value.In practice, hash function is used.Access to password file is limited to one or a very few accounts.Protection of password file

*Techniques for learning passwordsTry default passwords that are shipped with the system.Exhaustively try all short passwords (up to 3 characters).Collect information about users such as names, books, hobbies.Try users phone numbers, ID numbers and room numbers.Try all legitimate license plate numbers.Use a Trojan horse to bypass restrictions on access and copy the password file.Tap the line between a remote user and the host system.

*Password importanceThe front line of defense against intruders is the password system.Multi-user systems require that a user provide ID as well as password.Password serves to authenticate individual logging on.The importance of ID as a security way arises from:ID determines whether a user is authorized to gain access to a system.ID determines the privileges accorded to the user.ID is used as discretionary access control.

*Securing password in UNIX systemsPasswords are never stored in the clear.Each user selects a password of 8 printable characters.This is converted to 56-b that serves as a key of DES.DES algorithm is modified using 12-b salt value related to time of assignment.DES is exercised with 64-b block of zeros.The output serves as input for second encryption.Process is repeated for 25 encryptions.The resulting 64-b is translated into 11-character sequence.The ciphered password is stored together with salt and ID.

*Securing password in UNIX systems12 bits

Crypt (3)DES

Salt56 bitsPasswordUser IDSaltE(Pwd)Password file11 charactersLoad

User IDSaltE(Pwd)Password fileUser ID

Crypt (3)DESSaltPasswordCompareEncrypted

passworda: Loading a new Password.b: Verifying a Password.

*Securing password in UNIX systemsThe salt serves three purposes:It prevents duplicate passwords from being visible in the password file.It increases the length of the password without requiring the user to remember additional characters. This increases possible passwords and complicated guessing passwords.It prevents the use of a hardware implementation of DES.

*Password selection strategiesIt is needed to eliminate guessable passwords while allowing the user to select a password that is memorable.Four techniques are in use for password selection: 1- Computer-generated passwords. 2- Reactive password checking. 3- Proactive password checking. 4- User education.

*Password selection strategies1- Computer-generated passwordsIf the password are quite random in nature, users will not be able to remember them even pronounceable.2- Reactive password checkingThe system periodically runs its own password cracker to find guessable passwords.The system cancels them and notifies the user.It is resource intensive if job is done right.Also, passwords remain vulnerable until checking.

*Password selection strategies3- Proactive password checkingIt is the most promising.A user is allowed to select password.At time of selecting, the system checks to see if password is allowable, and if not, rejects it.With sufficient guidance from the system, users can select memorable un-guessable passwords.It strikes a balance between user acceptability and strength.

*Password selection strategies4- User educationUsers are alerted with importance of unguessable passwords.Users are provided with guidelines for selecting passwords.The following rules could be enforced:All passwords must be at least 8 characters long.Passwords must include at least one each of uppercase, lowercase, numeric digits and punctuation marks.Do not use common names or nicknames.Do not use common personal information (date of birth).Do not repeat letters or digits in the password.

*Password agingIt controls how often the users must change their passwords.The following rules could be enforced:Maximum password age: amount of time a user can keep it.Minimum password age: amount of time a user must keep it before changing.Password history: determines the number of passwords the operating system will remember.Minimum password length: lowest number of characters.Password complexity.

*Second defense: Intrusion detectionThe best intrusion prevention system will fail.The second line of defense is intrusion detection.It is based on the assumption that intruder behavior differs from that of legitimate user.Intrusion detection allows the followings:If intrusion is detected quickly, intruder can be identified and ejected from the system before any damage.Effective intrusion detection can serve as a deterrent.Intrusion detection enables data collection about intrusion techniques to strengthen intrusion prevention.

*Intrusion detection approaches1- Statistical anomaly detectionCollect data of behavior of legitimate users over a period. Statistical tests are applied to check intrusion behavior.Threshold detection defines threshold for frequency of occurrence of various events.A profile based activity of each user is developed and used to detect changes.2- Rule-based detectionDefine a set of rules to decide intrusion behavior.Develop rules to detect deviation from previous pattern.An expert system searches for suspicious behavior.

*HoneportsIt is a relatively recent innovation in intrusion detection.Honeports are decoy systems that are designed to lure a potential attacker away from critical systems.Honeports are designed to:Divert an attacker from accessing critical systems.Collect information about attackers activity.Encourage the attacker to stay on the system long enough for administrators to respond.

*Malicious programs

Needs host program and cannot exist independently

Self-contained independent program

Malicious programsBacteriaWormsLogic bombsTrojan horsesVirusesTrapdoors

*Malicious programs1- TrapdoorsA secrete entry point into a program that allows gain access without going through the usual security access procedure. Trap doors have been used legitimately by programmers to debug and test programs.Trap doors become threats when they are used by unscrupulous programmers to gain unauthorized access.It is difficult to implement operating system controls for trap doors.

*Malicious programs2- Logic bombsOne of the oldest types of program threats.It is a code embedded in legitimate program that is set to explode when certain conditions are met.Examples of conditions are presence or absence of certain files, a particular day of the week or application.

*Malicious programs3- Trojan horsesIt is a useful program containing a hidden code that when invoked performs some unwanted or harmful function.Motivations for Trojan horse:1- Accomplish functions indirectly that unauthorized user could not accomplish directly such as reading files.The apparently useful program when executed changes the invoking users files permissions to make files readable.2- Data destruction through deleting users files.

*Nature of virusesThe virus is a program that can infect other programs by modifying them.The modification includes a copy of a virus program, which can then go on to infect other programs.Biological viruses are tiny scraps of genetic code that can take over a living cell making replicas of virus.A computer virus makes perfect copies of itself to pass into new programs.The infection can be spread from computer to another through swapping disks or sending programs over a network.

*Phases of virus lifetime

1- Dormant phase

The virus is idle. Not all viruses have this stage.The virus will be activated by some event such as date, program or file.

2- Propagation phase

The virus places a copy into other programs or on a disk.Each infected program now will enter propagation phase.

3- Triggering phase

The virus is activated to perform its function.

4- Execution phase

The function is performed. It may be harmless as message on screen.It may be damaging as destruction of programs and files.

*Types of viruses1- Parasitic virusThe most common. It attaches itself to executable files and replicates by infecting other executable files.2- Memory-resident virusIt logged in main memory as part of a resident system program.The virus infects every program that executes.3- Boot sector virusIt infects a master boot record and spreads when a system is booted from the disk containing the virus.

*Types of viruses4- Stealth virusIt is a form of virus explicitly designed to hide itself from detection by antivirus software.5- Polymorphic virusIt mutates with every infection, making detection by the signature of the virus impossible.

***********************************************************************************************************