Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
M.Sc COMPUTER SCIENCE
Paper XII : NETWORK SECURITY AND CRYPTOGRAPHY
Paper Code: 33C
UNIT- I
Introduction to cryptography
Broadly the security can be of the following three types
➢ Computer Security - generic name for the collection of tools designed to protect data
and to thwart hackers
➢ Network Security - measures to protect data during their transmission
➢ Internet Security - measures to protect data during their transmission over a
collection of interconnected networks
Network security consists of measures to deter, prevent, detect, and correct security
violations that involve the transmission & storage of information
There are three aspects of information security:
⚫ security attack
⚫ security mechanism
⚫ security service
The Security attack is any action that compromises the security of information
owned by an organization. The information security is about how to prevent attacks,
or failing that, to detect attacks on information-based systems. Often threat and attack
used to mean same thing have a wide range of attacks can focus of generic types of
attacks passive and active.
Security services
➢ Authentication - assurance that the communicating entity is the one claimed
➢ Access Control - prevention of the unauthorized use of a resource
➢ Data Confidentiality –protection of data from unauthorized disclosure
➢ Data Integrity - assurance that data received is as sent by an authorized entity
➢ Non-Repudiation - protection against denial by one of the parties in a
communication
Security mechanism
➢ feature designed to detect, prevent, or recover from a security attack
➢ no single mechanism that will support all services required
➢ however one particular element underlies many of the security mechanisms in use that
is cryptographic technique.
➢ specific security mechanisms:
⚫ encipherment, digital signatures, access controls, data integrity, authentication
exchange, traffic padding, routing control, notarization
➢ pervasive security mechanisms:
⚫ trusted functionality, security labels, event detection, security audit trails,
security recovery
Model for network security
1. design a suitable algorithm for the security transformation
2. generate the secret information (keys) used by the algorithm
3. develop methods to distribute and share the secret information
4. specify a protocol enabling the principals to use the transformation and secret
information for a security service
5. select appropriate gatekeeper functions to identify users
6. implement security controls to ensure only authorised users access designated
information or resources
The following are the two requirements for secure use of symmetric encryption:
• a strong encryption algorithm
• a secret key known only to sender / receiver
The cryptographic system can be characterized by:
1. The type of encryption operations used
▪ substitution / transposition / product
2. The number of keys used
▪ single-key or private / two-key or public
3. The way in which plaintext is processed
▪ block / stream
Cryptanalysis
The objective of cryptanalysis is to recover key not just message. That has 2 general
approaches like cryptanalytic attack and brute-force attack.
Block Cipher Principles
➢ most symmetric block ciphers are based on a Feistel Cipher Structure
➢ needed since must be able to decrypt ciphertext to recover messages efficiently
➢ block ciphers look like an extremely large substitution
➢ would need table of 264 entries for a 64-bit block
➢ instead create from smaller building blocks
➢ using idea of a product cipher
Feistel Cipher Structure
➢ Horst Feistel devised the feistel cipher
⚫ based on concept of invertible product cipher
➢ partitions input block into two halves
⚫ process through multiple rounds which
⚫ perform a substitution on left data half
⚫ based on round function of right half & subkey
⚫ then have permutation swapping halves
➢ implements Shannon’s S-P net concept
Feistel Cipher Structure
Feistel Cipher Decryption
Data Encryption Standard (DES)
➢ most widely used block cipher in world
➢ adopted in 1977 by NBS (now NIST)
⚫ as FIPS PUB 46
➢ encrypts 64-bit data using 56-bit key
➢ has widespread use
➢ has been considerable controversy over its security
Modular Arithmetic
➢ define modulo operator “a mod n” to be remainder when a is divided by n
➢ use the term congruence for: a = b mod n
when divided by n, a & b have same remainder
eg. 100 = 34 mod 11
➢ b is called a residue of a mod n
since with integers can always write: a = qn + b
usually chose smallest positive remainder as residue
ie. 0 <= b <= n-1
process is known as modulo reduction
eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7
Modular Arithmetic Operations
➢ uses a finite number of values, and loops back from either end
➢ modular arithmetic is when do addition & multiplication and modulo reduce answer
➢ can do reduction at any point, that is
a+b mod n = [a mod n + b mod n] mod n
➢ uses a finite number of values, and loops back from either end
➢ modular arithmetic is when do addition & multiplication and modulo reduce answer
➢ can do reduction at any point, that is
a+b mod n = [a mod n + b mod n] mod n
Advanced Encryption Standard (AES)
UNIT –II
PUBLIC KEY CRYPTOSYSTEM
Number Theory:
Integers are the building blocks of the theory of numbers. This chapter
contains somewhat very simple and obvious observations starting with properties
of inte- gers and yet the proofs behind those observations are not as simple. In this
chapter we introduce basic operations on integers and some algebraic definitions that
will be necessary to understand basic concepts in this book. We then introduce
the Well ordering principle which states basically that every set of positive
integers has a smallest element. Proof by induction is also presented as an efficient
method for proving several theorems throughout the book. We proceed to define the
con- cept of divisibility and the division algorithm. We then introduce the
elementary but fundamental concept of a greatest common divisor (gcd) of two
integers, and the Euclidean algorithm for finding the gcd of two integers. We end
this chap- ter with Lame’s Lemma on an estimate of the number of steps in the
Euclidean algorithm needed to find the gcd of two integers. Number theory has its
roots in the study of the properties of the natural numbers
N={1,2,3,….}
I. Divisibility.
• Euclidean algorithm and greatest common divisors.
• Primes and the Fundamental Theorem of Algebra.
• Results and conjectures concerning primes: Euclid’s theorem; the Riemann zeta
function; arithmetic progressions.
II. Congruences.
• Modular (clock) arithmetic
• Chinese remainder theorem:
• A first view of primality testing and factorization.
• Groups, rings and fields (especially finite abelian groups and
• finite fields).
III. Cryptography
Simple cryptosystems and symmetric ciphers.
Public key cryptography
Diffie-Hellman key exchange
RSA cryptosystem
The Euclidean Algorithm:
In this section we describe a systematic method that determines the greatest com- mon divisor
of two integers. This method is called the Euclidean algorithm.
Lemma 1. If a and b are two integers and a = bq + r where also q and r are integers,
then (a, b) = (r, b).
Proof. Note that by theorem 8, we have (bq + r, b) = (b, r).
The above lemma will lead to a more general version of it. We now present the Euclidean
algorithm in its general form. It states that the greatest common divisor of two integers is the
last non zero remainder of the successive division.
ALGORITHM:
for all j = 0, 1, ..., n − 2 and
rn+1 = 0.
Then (a, b) = rn .
Proof. By applying the division algorithm, we see that
r0
r1
=
=
.
r1q1 + r2
r2q2 + r3
0 ≤ r2 < r1,
0 ≤ r3 < r2,
.
.
rn−
2
rn−
1
=
=
rn−1qn−1 +
rn
rn qn .
0 ≤ rn <
rn−1,
Notice that, we will have a remainder of 0 eventually since all the remainders
are integers and every remainder in the next step is less than the remainder in the
previous one. By Lemma 1, we see that
(a, b) = (b, r2 ) = (r2, r3) = ... = (rn , 0) = rn .
Congruence:
A congruence is nothing more than a statement about divisibility. The
theory of congruences was introduced by Carl Friedreich Gauss. Gauss contributed
to the basic ideas of congruences and proved several theorems related to this theory.
We start by introducing congruences and their properties. We proceed to prove
theorems about the residue system in connection with the Euler φ-function. We
then present solutions to linear congruences which will serve as an introduction to
the Chinese remainder theorem. We present finally important congruence
theorems derived by Wilson, Fermat and Euler.
Definition: Let m be a positive integer. We say that a is congruent to b modulo m if m
| (a − b) where a and b are integers, i.e. if a = b + km where k ∈ Z.
If a is congruent to b modulo m, we write a ≡ b(mod m).
The Chinese Remainder Theorem:
In this section, we discuss the solution of a system of congruences having different
moduli. An example of this kind of systems is the following; find a number that leaves a
remainder of 1 when divided by 2, a remainder of 2 when divided by three and a
remainder of 3 when divided by 5. This kind of question can be translated into the
language of congruences. As a result, in this chapter, we present a systematic way of solving
this system of congruences.
Also notice that Nk yk ≡ 1(mod nk ). Hence x is a solution to the system of t
congruences. We have to show now that any two solutions are congruent modulo N . Suppose
now that you have two solutions x0, x1 to the system of congruences. Then
x0 ≡ x1(mod nk )
for all 1 ≤ k ≤ t. Thus by Theorem 23, we see that
x0 ≡ x1 (mod N ).
Thus the solution of the system is unique modulo N .
Public-key Cryptosystem:
Suppose Alice and Bob want to communicate with each other, but they do not want
others to be able to ‘ease drop’ on their conversations. For example, Alice and Bob may be
working on top-secret research or they may be allies in a war. They would need to develop
their own system for communication like their own language or alphabet. However, this
would not necessarily ensure that they could protect the translation from an attacker. They
need a way of converting information and then decoding the converted information so that it
is only understood by each other. The process by which they will achieve this is
cryptography, also known as cryptology. The particular scheme that they employ is a
cryptosystem.
Cryptosystems are made up of three basic parts: the encryption algorithm, the
decryption algorithm, and the key(s). The encryption algorithm is the algorithm used to
encode an original, or a plaintext message. The decryption algorithm is the reverse process
of the encryption algorithm. With the decryption algorithm, the user converts the encoded
message back to its original plaintext message. The key system is used during the process of
encrypting and decrypting messages. Generally, an encryption key is used to encrypt
messages, whereas a decryption key is used decrypt messages.
The RSA algorithm is used in cryptography as a public-key cryptosystem. This
algorithm was the first known to be suitable for signing as well as encryption. Because of
this, it was one of the first great advancements in public-key cryptology. RSA is still widely
used and is believed to be secure given sufficiently long keys. This is because RSA is based
on the difficulty of factoring large prime numbers.
RSA Algorithm:
Ron Rivest, Adi Shamir, and Len Adleman described the RSA algorithm at MIT in 1977.
The algorithm’s name, “RSA”, was derived from the initials of their last names. The
algorithm was patented by MIT in the United States in 1983. Previously we chose a prime
number p to be the modulus. Now, instead, we find two large primes, p and q, and use their
product
n = pq
as the modulus. We still choose a public exponent, e, and using the extended Euclidian
algorithm find d, the inverse of e modulo (n). This time, however, we are finding the d that
satisfies
e * d = 1 mod (p - 1)(q - 1)
The pair (n, e) is the public key and d is the private key. The primes p and q must be kept
secret or destroyed.
To compute ciphertext c from a plaintext message m, find
c = me mod n
To recover the original message, compute
m = cd mod n
Only the entity that knows d can decrypt.
Because of the relationship between d and e, the algorithm correctly recovers the original
message m, since
cd mod n = (me)d = med = m1 = m mod n
Anyone else who wants to compute d, must first know (n), but to know (n) one must
know p and q. In other words, they must factor n. Remember the one-way function? We
knew that multiplying big prime numbers can be a one-way function, we simply needed to
figure out a way to use that fact. Here it is, build the private key using two primes and the
public key using their product.
There is one more condition, the public exponent e must be relatively prime with
(p - 1)(q - 1). That is because if e is not relatively prime with (p - 1)(q - 1), there will be no
modular inverse.
Incidentally, in practice you would generally pick e, the public exponent first, then find the
primes p and q such that e is relatively prime with (p - 1)(q - 1). There is no mathematical
requirement to do so, it simply makes key pair generation a little easier. In fact, the two most
popular e‘s in use today are F0 = 3 and F4 = 65,537. The F in F0 and F4 stands for Pierre de
Fermat, the 17th century mathematician who first described the special properties of these
and other interesting numbers.
Diffie-Hellman Key Exchange:
Diffie-Hellman key exchange offers the best of both worlds -- it uses public key
techniques to allow the exchange of a private encryption key. Let's take a look at how the
protocol works, from the perspective of Alice and Bob, two users who wish to establish
secure communications. We can assume that Alice and Bob know nothing about each other
but are in contact.
Here are the nine steps of the process:
1. Communicating in the clear, Alice and Bob agree on two large positive integers, n and
g, with the stipulation that n is a prime number and g is a generator of n.
2. Alice randomly chooses another large positive integer, XA, which is smaller than n. XA
will serve as Alice's private key.
3. Bob similarly chooses his own private key, XB.
4. Alice computes her public key, YA, using the formula YA = (g^XA) mod n.
5. Bob similarly computes his public key, YB, using the formula YB = (g^XB) mod n.
6. Alice and Bob exchange public keys over the insecure circuit.
7. Alice computes the shared secret key, k, using the formula k = (YB ^XA) mod n.
8. Bob computes the same shared secret key, k, using the formula k = (YA ^XB) mod n.
9. Alice and Bob communicate using the symmetric algorithm of their choice and the
shared secret key, k, which was never transmitted over the insecure circuit.
Elliptic Curve Cryptography:
Basically, it is “an approach to public-key cryptography based on the mathematics of
elliptic curves”. The good thing about Elliptic Curve Cryptography (or ECC), is that it can be
faster than RSA and uses smaller keys, but still provides the same level of security. What
makes ECC better? To quote Scott Vanstone “ECC is based on something called the elliptic
curve discrete log problem, and it’s a much harder problem than factoring integers. Because
it’s much harder, we can get away with fewer bits, so what we like to say is that ECC
provides the most security per bit of any public key scheme”.
Digital Signature and Authentication Protocol:
Digital signatures are the public-key primitives of message authentication. In the physical
world, it is common to use handwritten signatures on handwritten or typed messages. They
are used to bind signatory to the message. Similarly, a digital signature is a technique that
binds a person/entity to the digital data. This binding can be independently verified by
receiver as well as any third party. Digital signature is a cryptographic value that is
calculated from the data and a secret key known only by the signer. In real world, the
receiver of message needs assurance that the message belongs to the sender and he should
not be able to repudiate the origination of that message. This requirement is very crucial in
business applications, since likelihood of a dispute over exchanged data is very high.
The following points explain the entire process in detail
• Each person adopting this scheme has a public-private key pair.
• Generally, the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the signature key and the
public key as the verification key.
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm which produces
the digital signature on given hash. Signature is appended to the data and then both
are sent to the verifier.
• Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
• Verifier also runs same hash function on received data to generate hash value.
• For verification, this hash value and output of verification algorithm are compared.
Based on the comparison result, verifier decides whether the digital signature is
valid.
• Since digital signature is created by ‘private’ key of signer and no one else can have
this key; the signer cannot repudiate signing the data in future.
UNIT –III
NETWORK SECURITY PRACTICE
KERBEROS:
Kerberos provides a centralized authentication server whose function is to authenticate users to
servers and servers to users. In Kerberos Authentication server and database is used for client
authentication. Kerberos runs as a third-party trusted server known as the Key Distribution
Center (KDC). Each user and service on the network is a principal.
The main components of Kerberos are:
• Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for Ticket
Granting Service.
• Database:
The Authentication Server verifies access rights of users in database.
• Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
• Step-1:
User logon and request services on host. Thus user request for ticket-granting-service.
• Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-
granting-ticket and session key. Results are encrypted using Password of user.
• Step-3:
Decryption of message is done using the password then send the ticket to Ticket
Granting Server. The Ticket contain authenticators like user name and network address.
• Step-4:
Ticket Granting Server decrypts the ticket send by User and authenticator verifies the
request then creates the ticket for requesting services from the Server.
• Step-5:
User send the Ticket and Authenticator to the Server.
• Step-6:
Server verifies the Ticket and authenticators then generate the access to the service.
After this User can access the services.
X.509 Authentication Service:
• Part of X.500 Directory Services „
• Issued in 1988; revised in 1993 and 1995 „
• Defines a framework for authentication service using the X.500 directory. Repository
of public-key certificates „
• Based on use of public-key cryptography and digital signatures „
• Recommends use of RSA
E-Mail Security:
Confidentiality: Protection from disclosure
Authentication: Of sender of message
Message integrity: Protection from modification
Non-repudiation of origin: Protection from denial by sender
PGP:
PGP provides the confidentiality and authentication service that can be used for
electronic mail and file storage applications.
The steps involved in PGP are:
Select the best available cryptographic algorithms as building blocks.
Integrate these algorithms into a general purpose application that is independent of operating
system and processor and that is based on a small set of easy-to-use commands.
Make the package and its documentation, including the source code, freely available via the
internet, bulletin boards and commercial networks.
Enter into an agreement with a company to provide a fully compatible, low cost commercial
version of PGP.
UNIT –IV
WEB SECURITY
Secure Socket Layer:
Secure Sockets Layer (SSL) is a networking protocol designed for securing connections
between web clients and web servers over an insecure network, such as the internet. After
being formally introduced in 1995, SSL made it possible for a web server to securely enable
online transactions between consumers and businesses. Due to numerous protocol and
implementation flaws and vulnerabilities, SSL was deprecated for use on the internet by the
Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport
Layer Security (TLS) protocol.
Secure Electronic Transaction:
SET is a system which ensures security and integrity of electronic transactions done
using credit cards in a scenario. SET is not some system that enables payment but it is a
security protocol applied on those payments. It uses different encryption and hashing
techniques to secure payments over internet done through credit cards. SET protocol was
supported in development by major organizations like Visa, Mastercard, Microsoft which
provided its Secure Transaction Technology (STT) and NetScape which provided technology
of Secure Socket Layer (SSL). SET protocol restricts revealing of credit card details to
merchants thus keeping hackers and thieves at bay. SET protocol includes Certification
Authorities for making use of standard Digital Certificates like X.509 Certificate.
Requirements in SET :
SET protocol has some requirements to meet, some of the important requirements are :
• It has to provide mutual authentication i.e., customer (or cardholder) authentication by
confirming if the customer is intended user or not and merchant authentication.
• It has to keep the PI (Payment Information) and OI (Order Information) confidential by
appropriate encryptions.
• It has to be resistive against message modifications i.e., no changes should be allowed
in the content being transmitted.
• SET also needs to provide interoperability and make use of best security mechanisms.
Participants in SET :
In the general scenario of online transaction, SET includes similar participants:
• Cardholder – Customer
• Issuer – Customer financial institution
• Merchant – Sales person
• Acquirer – Merchant financial
• Certificate authority – Authority which follows certain standards and issues
certificates(like X.509V3) to all other participants.
Intruders:
• Significant issue for networked systems is hostile or unwanted access
• Either via network or local
• Can identify classes of intruders: – masquerader – misfeasor – clandestine user
• Varying levels of competence
Aim to gain access and/or increase privileges on a system. Basic attack methodology – target
acquisition and information gathering – initial access – privilege escalation – covering tracks
key goal often is to acquire passwords.
Viruses:
Parasitic virus: The traditional and still most common form of virus. A parasitic
virus attaches itself to executable files and replicates, when the infected program is executed,
by finding other executable files to infect.
Memory-resident virus: Lodges in main memory as part of a resident system program. From
that point on, the virus infects every program that executes.
Boot sector virus: Infects a master boot record or boot record and spreads when a system is
booted from the disk containing the virus.
Stealth virus: A form of virus explicitly designed to hide itself from detection by antivirus
software.
Polymorphic virus: A virus that mutates with every infection, making detection by
the "signature" of the virus impossible.
E-mail Viruses: A more recent development in malicious software is the e-mail virus. The
first rapidly spreading e-mail viruses, such as Melissa, made use of a Microsoft Word macro
embedded in an attachment. If the recipient opens the e-mail attachment, the Word macro is
activated.
Worms : A worm is a program that can replicate itself and send copies from computer to
computer across network connections. Upon arrival, the worm may be activated to replicate
and propagate again. Network worm programs use network connections to spread from
system to system. Once active within a system, a network worm can behave as a computer
virus or bacteria, or it could implant Trojan horse programs or perform any number of
disruptive or destructive actions.
Firewalls:
A firewall is a network security device, either hardware or software-based, which monitors all
incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or
drops that specific traffic. Firewall match the network traffic against the rule set defined in its
table. Once the rule is matched, associate action is applied to the network traffic. For example,
Rules are defined as any employee from HR department cannot access the data from code
server and at the same time another rule is defined like system administrator can access the data
from both HR and technical department. Rules can be defined on the firewall based on the
necessity and security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or incoming. Firewall
maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from
the server itself, allowed to pass. Still, setting a rule on outgoing traffic is always better in order
to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these
three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a source
address and destination address. Also, TCP and UDP have port numbers. ICMP uses type
code instead of port number which identifies purpose of that packet.
Firewalls can be categorized based on its generation.
1. First Generation- Packet Filtering Firewall
2. Second Generation- Stateful Inspection Firewall
3. Third Generation- Application Layer Firewall
UNIT –V
CASE STUDY
Implementation of Cryptographic Algorithms:
RSA:
import java.math.BigInteger;
import java.security.SecureRandom;
public class RSA {
private final static BigInteger one = new BigInteger("1");
private final static SecureRandom random = new SecureRandom();
private BigInteger privateKey;
private BigInteger publicKey;
private BigInteger modulus;
// generate an N-bit (roughly) public and private key
RSA(int N) {
BigInteger p = BigInteger.probablePrime(N/2, random);
BigInteger q = BigInteger.probablePrime(N/2, random);
BigInteger phi = (p.subtract(one)).multiply(q.subtract(one));
modulus = p.multiply(q);
publicKey = new BigInteger("65537"); // common value in practice = 2^16 + 1
privateKey = publicKey.modInverse(phi);
}
BigInteger encrypt(BigInteger message) {
return message.modPow(publicKey, modulus);
}
BigInteger decrypt(BigInteger encrypted) {
return encrypted.modPow(privateKey, modulus);
}
public String toString() {
String s = "";
s += "public = " + publicKey + "\n";
s += "private = " + privateKey + "\n";
s += "modulus = " + modulus;
return s;
}
public static void main(String[] args) {
int N = Integer.parseInt(args[0]);
RSA key = new RSA(N);
StdOut.println(key);
// create random message, encrypt and decrypt
BigInteger message = new BigInteger(N-1, random);
//// create message by converting string to integer
// String s = "test";
// byte[] bytes = s.getBytes();
// BigInteger message = new BigInteger(bytes);
BigInteger encrypt = key.encrypt(message);
BigInteger decrypt = key.decrypt(encrypt);
StdOut.println("message = " + message);
StdOut.println("encrypted = " + encrypt);
StdOut.println("decrypted = " + decrypt);
}
}
DSA:
import java.math.BigInteger;
import java.security.SecureRandom;
public class RSA {
private final static BigInteger one = new BigInteger("1");
private final static SecureRandom random = new SecureRandom();
private BigInteger privateKey;
private BigInteger publicKey;
private BigInteger modulus;
// generate an N-bit (roughly) public and private key
RSA(int N) {
BigInteger p = BigInteger.probablePrime(N/2, random);
BigInteger q = BigInteger.probablePrime(N/2, random);
BigInteger phi = (p.subtract(one)).multiply(q.subtract(one));
modulus = p.multiply(q);
publicKey = new BigInteger("65537"); // common value in practice = 2^16 + 1
privateKey = publicKey.modInverse(phi);
}
BigInteger encrypt(BigInteger message) {
return message.modPow(publicKey, modulus);
}
BigInteger decrypt(BigInteger encrypted) {
return encrypted.modPow(privateKey, modulus);
}
public String toString() {
String s = "";
s += "public = " + publicKey + "\n";
s += "private = " + privateKey + "\n";
s += "modulus = " + modulus;
return s;
}
public static void main(String[] args) {
int N = Integer.parseInt(args[0]);
RSA key = new RSA(N);
StdOut.println(key);
// create random message, encrypt and decrypt
BigInteger message = new BigInteger(N-1, random);
//// create message by converting string to integer
// String s = "test";
// byte[] bytes = s.getBytes();
// BigInteger message = new BigInteger(bytes);
BigInteger encrypt = key.encrypt(message);
BigInteger decrypt = key.decrypt(encrypt);
StdOut.println("message = " + message);
StdOut.println("encrypted = " + encrypt);
StdOut.println("decrypted = " + decrypt);
}
}
ECC:
ECC Key Agreement:
Importjava.math.BigInteger; import java.security.*; import java.security.spec.*; import javax.crypto.KeyAgreement; public class ECCKeyAgreement { public static void main(String[] args) throws Exception { KeyPairGenerator kpg; kpg = KeyPairGenerator.getInstance("EC","SunEC");
ECGenParameterSpec ecsp; ecsp = new ECGenParameterSpec("secp192k1"); kpg.initialize(ecsp); KeyPair kpU = kpg.genKeyPair(); PrivateKey privKeyU = kpU.getPrivate(); PublicKey pubKeyU = kpU.getPublic(); System.out.println("User U: " + privKeyU.toString()); System.out.println("User U: " + pubKeyU.toString()); KeyPair kpV = kpg.genKeyPair(); PrivateKey privKeyV = kpV.getPrivate(); PublicKey pubKeyV = kpV.getPublic(); System.out.println("User V: " + privKeyV.toString()); System.out.println("User V: " + pubKeyV.toString()); KeyAgreement ecdhU =
KeyAgreement.getInstance("ECDH"); ecdhU.init(privKeyU); ecdhU.doPhase(pubKeyV,true); KeyAgreement ecdhV =
KeyAgreement.getInstance("ECDH"); ecdhV.init(privKeyV); ecdhV.doPhase(pubKeyU,true); System.out.println("Secret computed by U: 0x" + (new BigInteger(1,
ecdhU.generateSecret()).toString(16)).toUpperCase()); System.out.println("Secret computed by V: 0x" + (new BigInteger(1,
ecdhV.generateSecret()).toString(16)).toUpperCase()); } }
ECC Key Generation:
import
java.security.*; import java.security.spec.*; public class ECCKeyGeneration { public static void main(String[] args) throws Exception { KeyPairGenerator kpg; kpg = KeyPairGenerator.getInstance("EC","SunEC"); ECGenParameterSpec ecsp; ecsp = new ECGenParameterSpec("secp192r1"); kpg.initialize(ecsp); KeyPair kp = kpg.genKeyPair(); PrivateKey privKey = kp.getPrivate(); PublicKey pubKey = kp.getPublic(); System.out.println(privKey.toString()); System.out.println(pubKey.toString());
} }
Network Forensics:
Network forensics is a sub-branch of digital forensics relating to the monitoring and
analysis of computer network traffic for the purposes of information gathering, legal
evidence, or intrusion detection. Unlike other areas of digital forensics, network
investigations deal with volatile and dynamic information. Network traffic is transmitted and
then lost, so network forensics is often a pro-active investigation.
Network forensics generally has two uses. The first, relating to security, involves
monitoring a network for anomalous traffic and identifying intrusions. An attacker might be
able to erase all log files on a compromised host; network-based evidence might therefore be
the only evidence available for forensic analysis. The second form relates to law
enforcement. In this case analysis of captured network traffic can include tasks such as
reassembling transferred files, searching for keywords and parsing human communication
such as emails or chat sessions. Two systems are commonly used to collect network data; a
brute force "catch it as you can" and a more intelligent "stop look listen" method.
The internet can be a rich source of digital evidence including web browsing,
email, newsgroup, synchronous chat and peer-to-peer traffic. For example, web server logs
can be used to show when (or if) a suspect accessed information related to criminal activity.
Email accounts can often contain useful evidence; but email headers are easily faked and, so,
network forensics may be used to prove the exact origin of incriminating material. Network
forensics can also be used in order to find out who is using a particular computer by
extracting user account information from the network traffic. Wireless forensics is a sub-
discipline of network forensics. The main goal of wireless forensics is to provide the
methodology and tools required to collect and analyze (wireless) network traffic that can be
presented as valid digital evidence in a court of law. The evidence collected can correspond
to plain data or, with the broad usage of Voice-over-IP (VoIP) technologies, especially over
wireless, can include voice conversations. Analysis of wireless network traffic is similar to
that on wired networks, however there may be the added consideration of wireless security
measures.
Security Audit:
Audit means having some outside team come in to review everything and tell them
what they’re doing wrong. The network security audit is a process that many managed
security service providers (MSSPs) offer to their customers. In this process, the MSSP
investigates the customer’s cyber security policies and the assets on the network to identify
any deficiencies that put the customer at risk of a security breach. While the specific method
of the audit may change from one MSSP to the next, a few basic steps include:
• Device & Platform Identification. The first step of the audit is to identify all of the
assets on your network, as well as the operating systems they use. This is vital to
ensure that any and all threats have been identified.
• Security Policy Review. Here, the MSSP reviews all of your company’s security
policies and procedures to see whether they match up to the standards required to
effectively protect your technology and information assets. For example, who has
access to what, and do they really need that access?
• Security Architecture Review. Where the policy review assesses your documented
policies, the architecture review analyzes the actual controls and technologies that are
in place. This builds off of the device & platform identification process to give you an
in-depth analysis of your cyber security measures.
• Risk Assessment. Here, the MSSP conducts various assessments to characterize your
systems (process, application, and function), identify threats, and analyze the control
environment to determine what your risks are and their potential impact. This
information is then used to prioritize the fixes from the biggest threat that is easiest to
remedy to the smallest threat that is the hardest to fix.
• Penetration Testing. Pen tests serve as a kind of stress test for your network’s
security architecture, wherein the testers try to “break” your security architecture so
they can find and fix previously-undiscovered issues.
Steganography:
It is the practice of concealing a file, message, image, or video within another file,
message, image, or video. The word steganography comes from Greek steganographia,
which combines the words steganós, meaning "covered or concealed", and –graphia meaning
"writing". The first recorded use of the term was in 1499 by Johannes Trithemius in
his Steganographia, a treatise on cryptography and steganography, disguised as a book on
magic. Generally, the hidden messages appear to be (or to be part of) something else: images,
articles, shopping lists, or some other cover text. For example, the hidden message may be
in invisible ink between the visible lines of a private letter. Some implementations of
steganography that lack a shared secret are forms of security through obscurity, and key-
dependent steganographic schemes adhere to Kerckhoffs's principle.
The advantage of steganography over cryptography alone is that the intended secret
message does not attract attention to itself as an object of scrutiny. Plainly
visible encrypted messages, no matter how unbreakable they are, arouse interest and may in
themselves be incriminating in countries in which encryption is illegal.Whereas cryptography
is the practice of protecting the contents of a message alone, steganography is concerned both
with concealing the fact that a secret message is being sent and its contents.
Steganography includes the concealment of information within computer files. In
digital steganography, electronic communications may include steganographic coding inside
of a transport layer, such as a document file, image file, program or protocol. Media files are
ideal for steganographic transmission because of their large size. For example, a sender might
start with an innocuous image file and adjust the color of every hundredth pixel to correspond
to a letter in the alphabet. The change is so subtle that someone who is not specifically
looking for it is unlikely to notice the change.
Types of Steganography
Image Steganography:
The image Steganography is used to hide a secret message inside an image. The most
widely used technique to hide secret bit inside the LSB of the cover image. Because this
method uses bits of each pixel in the image, it is necessary to use a lossless compression
format, otherwise the hidden information will get lost in the transformations of a lossy
compression algorithm.
Audio Steganography:
Audio stenography can conceal the secret message in the audio file with the help of its
digital representation. The sender embeds secret data of any type using a key in a digital
cover file to produce a stego file, in such a way that an observer cannot detect the existence
of the hidden message.
Video Steganography:
Video Steganography brings more possibilities of disguising a large amount of data
because it is a combination of image and sound. Therefore, image and audio Steganography
techniques can also be employed on the video. Video files are generally a collection of
images and sounds, so most of the presented techniques on images and - audio can be applied
to video files too. The Video Steganography is nothing but a combination of Image
Steganography and Audio Steganography.
Text Steganography:
Steganography can be applied to different types of media including text, audio, image
and video etc. However, text Steganography is considered to be the most difficult kind of
Steganography due to lack of redundancy in text as compared to image or audio but still has
smaller memory occupation and simpler communication.
Quantum Cryptography:
Quantum cryptography, also called quantum encryption, applies principles of
quantum mechanics to encrypt messages in a way that it is never read by anyone outside of
the intended recipient. It takes advantage of quantum’s multiple states, coupled with its "no
change theory," which means it cannot be unknowingly interrupted. Performing these tasks
requires a quantum computer, which have the immense computing power to encrypt and
decrypt data. A quantum computer could quickly crack current public-key cryptography.
How to defend quantum cryptography:
Longer keys are the first line of defense against quantum encryption, and pretty much
everybody is on board with that. In fact, the 1024-bit version of the RSA encryption standard
is no longer regarded as safe by NIST, which recommends 2048 bits as a minimum. Longer
keys make encryption slower and more costly, however, and the key length will have to
increase substantially to stay ahead of quantum computers. Another option is to use
symmetric encryption for the messages themselves, then use asymmetric encryption just for
the keys. This is the idea behind the Transport Layer Security (TLS) online standard, says
Alan Woodward, a professor at the department of computing at the University of Surrey.
Quantum cryptography, or quantum key distribution (QKD), uses a series of photons
(light particles) to transmit data from one location to another over a fiber optic cable. By
comparing measurements of the properties of a fraction of these photons, the two endpoints
can determine what the key is and if it is safe to use.
How Quantum cryptography works:
1. The sender transmits photons through a filter (or polarizer) which randomly gives
them one of four possible polarizations and bit designations: Vertical (One bit),
Horizontal (Zero bit), 45 degree right (One bit), or 45 degree left (Zero bit).
2. The photons travel to a receiver, which uses two beam splitters (horizontal/vertical
and diagonal) to “read” the polarization of each photon. The receiver does not know
which beam splitter to use for each photon and has to guess which one to use.
3. Once the stream of photons has been sent, the receiver tells the sender which beam
splitter was used for each of the photons in the sequence they were sent, and the
sender compares that information with the sequence of polarizers used to send the
key. The photons that were read using the wrong beam splitter are discarded, and the
resulting sequence of bits becomes the key.
Water Marking:
Watermarking is a technique with similarities to steganography. It has been around
for centuries and is commonly used in money and stamps to assist in identifying
counterfeiting. The idea behind watermarking is to create a translucent image on the paper to
provide authenticity. Since mailing letters was far more expensive centuries back, it was
common for people to use counterfeit stamps on their mail. For example, a translucent
elephant watermark was used on stamps in India to deter counterfeiting. Various watermarks
are also added to money at the time of manufacture. For example, many denominations of
paper money in the United States contain a watermark of the individual printed on the
money. Digital watermarking is used to maintain ownership and authenticity of digital media
such as music and videos. It is important to note that although watermarking has many
similarities to steganography in terms of embedding data, but the intent of watermarking is
not to make it difficult to detect that embedded data, but rather make it difficult to remove the
embedded data so as to prevent the unauthorized reuse of the file.
Types of Watermarks :
Visible Watermarks – These watermarks are visible.
Invisible Watermarks – These watermarks are embedded in the media and use steganography
technique. They are not visible by naked eyes.
Public Watermarks – These can be understood and modified by anyone using certain
algorithms. These are not secure.
Fragile Watermarks – These watermarks are destroyed by data manipulation. There must be a
system which can detect all changes in the data if fragile watermarks are to be used.
Applications of Watermarks:
• Watermarks are used in forensics. Tampered evidence is unacceptable in forensics and
Watermarked images are acceptable.
• This is used by brands. The Digital Watermarking is done so that the authority of the
digital media is intact.
• Digital Watermarking prevents copying of the data.
• Video editing software use watermarks so that people buy the full version of it.
• It is used in video authentication. News channels often show videos of other agencies
which are watermarked. It is also used for ID card security.
• It is used for content management in social media.
DNA Cryptography:
Cryptography is the branch of science which deals with the encoding of information for the
purpose of hiding messages. It plays a vital role in the infrastructure of communication
security. The Pioneering work had been done by Ashish Gehani et al and Amin et al after
Leonard Max Adleman had shown the capability of molecular computation in 1994. This paved
the way for DNA Computing. DNA Cryptology combines cryptology and modern
biotechnology
Importance of DNA Cryptography
• DNA Cryptography is one of the rapidly evolving technologies in the world.
• Adelman showed the world how it can be used to solve complex problems like directed
Hamilton path problem and NP-complete problem (for example Travelling Salesman
problem). Hence user can design and implement more complex Crypto algorithms.
• It brings forward new hope to break unbreakable algorithms. This is because DNA
computing offers more speed, minimal storage and power requirements.
• DNA stores memory at a density of about 1 bit/nm3 where conventional storage media
requires 1012 nm3/bit.
• No power is required for DNA computing while the computation is taking place.
• Surprisingly, one gram of DNA contains 1021 DNA bases which is equivalent to 108
TB of data. Hence can store all the data in the world in a few milligrams.
DNA Cryptology user have DNA algorithms like “Public-key system using DNA as a
one-way function for key distribution,” “DNASC cryptography system”, DNA Steganography
Systems, Triple stage DNA Cryptography, Encryption algorithm inspired by DNA and Chaotic
computing.
So, how do encode data in a DNA strand which is mainly made, up of 4 nitrogenous bases
namely:
1. Adenine (A)
2. Thymine (T)
3. Cytosine (C)
4. Guanine (G)
Hand written notes shared during online class: