VII SEM updates.doc

7/25/2019 VII SEM updates.doc

1/171

ALPHA COLLEGE OF ENGINEERING

DEPARTMENT

OF

INFORMATION TECHNOLOGY

MINIMUM LEARNING MATERIAL

FOR THE THIRD YEAR B.Tech(IT) DEGREE COURSE

(R-2013)

SEMESTER-II

1


2/171

TABLE OF CONTENTS

LIST OF SUB!ECTSPAGE

NO

CURRICULAM """

IT6701 Information Management

CS6701 Cryptography and Network Security

IT6702 Data are !ou"ing and Data Mining

CS670# $rid and C%oud Computing

IT600& Software Te"ting

IT6711 Data Mining 'a(oratory

IT6712 Security 'a(oratory

IT671#$rid and C%oud Computing 'a(oratory

2


3/171

ANNA UNIERSITY CHENNAI

AFFILIATED INSTITUTIONS

2013 REGULATION B.TECH. INFORMATION TECHNOLOGY

II SEMESTERS CURRICULUM AND SYLLABI

C#$e N#. C#%&'e T"e L T P C

THEORY

IT6701 Information Management# 0 0 #

CS6701 Cryptography and Network Security# 0 0 #

IT6702 Data are !ou"ing and Data Mining # 0 0 #

CS670# $rid and C%oud Computing# 0 0 #

IT600& Software Te"ting # 0 0 #

PRACTICAL

IT6711 Data Mining 'a(oratory 0 0 # 2

IT6712 Security 'a(oratory 0 0 # 2

IT671#$rid and C%oud Computing 'a(oratory

0 0 # 2

TOTAL 1* 0 + 21

3


4/171

CS,01 CRYPTOGRAPHY AND NETOR/ SECURITY L T P C

3 0 0 3

UNIT I INTRODUCTION NUMBER THEORY 10

Ser)ice"* Mechani"m" and attack"+the ,SI "ecurity architecture+Network "ecurity mode%+

C%a""ica% -ncryption techni.ue" /Symmetric cipher mode%* "u("titution techni.ue"*

tran"po"ition techni.ue"* "teganographyINIT- I-'DS 3ND N4M5- T!-,8$roup"* ing"* ie%d"+Modu%ar arithmetic+ -uc%id9" a%gorithm+inite fie%d"+ :o%ynomia%

3rithmetic ;:rime num(er"+ermat9" and -u%er9" theorem+ Te"ting for prima%ity +The

Chine"e remainder theorem+ Di"crete %ogarithm"

UNIT II BLOC/ CIPHERS PUBLIC /EY CRYPTOGRAPHY 10

Data -ncryption Standard+5%ock cipher princip%e"+(%ock cipher mode" of operation+

3d)anced -ncryption Standard /3-S+Trip%e D-S+5%owfi"h+C< a%gorithm :u(%ic key

cryptography8 :rincip%e" of pu(%ic key crypto"y"tem"+The S3 a%gorithm+=ey

management ; Diffie !e%%man =ey e>change+-%%iptic cur)e arithmetic+-%%iptic cur)e

cryptography

UNIT III HASH FUNCTIONS AND DIGITAL SIGNATURES ?

3uthentication re.uirement ; 3uthentication function ; M3C ; !a"h function ; Security

of ha"h function and M3C ;MD< ; S!3 ; !M3C ; CM3C ; Digita% "ignature and

authentication protoco%" ; DSS ; -I $ama% ; Schnorr

UNIT I SECURITY PRACTICE SYSTEM SECURITY ?

3uthentication app%ication" ; =er(ero" ; @


5/171

REFERENCES

1 5ehrouF 3 erouFan* Cryptography G Network SecurityE* Tata Mc $raw !i%%* 2007

2 Man oung hee* Internet Security8 Cryptographic :rincip%e"E* 3%gorithm" and

:rotoco%"E* i%ey :u(%ication"* 200#

# Char%e" :f%eeger* Security in ComputingE* &th -dition* :rentice !a%% of India* 2006

& 4%y"e"" 5%ack* Internet Security :rotoco%"E* :ear"on -ducation 3"ia* 2000


6/171

ALPHA COLLEGE OF ENGINEERING

Th"&%567h"'6" Che886" 9 ,0012

LESSON PLAN

6


7/171

acu%ty Name 8 :ra"ath De"ignation 83:

Su(Hect Name 8Cryptography GNetwork Securit

Code 8CS6701

ear 8IBSeme"ter 807

Degree G 5ranch 85TechIT

AIM

To under"tand ,SI "ecurity architecture and c%a""ica% encryption techni.ue" 3c.uire fundamenta%know%edge on the concept" of finite fie%d" and num(er theory* under"tand )ariou" (%ock cipher and "treamcipher mode%"* De"cri(e the princip%e" of pu(%ic key crypto"y"tem"* ha"h function" and digita% "ignature

S. N#. T#:"c'N#. #; Pe&"#$'

Rechange 1 T1

1A -%%iptic cur)e cryptography 1 T1

7


8/171

S. N#. T#:"c'N#. #; Pe&"#$'

Reporta(i%ity+-ncoding+Secure -%ectronicTran"action /S-T

2 T2

UNIT I

PART A (TO MAR/S)

1. S:ec";@ he ;#%& c6e#&"e' #; 'ec%&"@ h&e6'Interruption Interception Modification a(rication

8


9/171

2. E=:6"8 6c"e 68$ :6''"e 66c? "h e=65:e (!%8e 1*)P6''"e 66c?8 Monitoring the me""age during tran"mi""ion -g8 InterceptionAc"e 66c?8 It in)o%)e" the modification of data "tream or creation of fa%"e data

"tream -g8 a(rication* Modification* and Interruption

3. De;"8e "8e&"@ 68$ 8#8-&e:%$"6"#8.

I8e&"@8 Ser)ice that en"ure" that on%y authoriFed per"on a(%e to modify the me""age

N#8 &e:%$"6"#88 Thi" "er)ice he%p" to pro)e that the per"on who denie" the tran"action

i" true or fa%"e

. D";;e&e8"6e '@55e&"c 68$ 6'@55e&"c e8c&@:"#8

Symmetric encryption 3"ymmetric encryption

It i" a form of crypto"y"tem in whichencryption and decryption performed

u"ing the "ame key -g8 D-S* 3-S

It i" a form of crypto"y"tem in

which encryption and decryption:erformed u"ing two key"

-g8S3*-CC

*. De;"8e c&@:686@'"'It i" a proce"" of attempting to di"co)er the key or p%ainte>t or (oth

,. C#5:6&e '&e65 c":he& "h #c? c":he& "h e=65:e. (M6@ 1*)

Stream cipher 5%ock cipher

:roce""e" the input "tream continuou"%yand producing one e%ement at a time

->amp%e8 cae"er cipher

:roce""e" the input one (%ock ofe%ement" at a time producing an output

(%ock for each input (%ock ->amp%e8

D-S

. De;"8e 'ec%&"@ 5ech68"'5.

It i" proce"" that i" de"igned to detect pre)ent* reco)er from a "ecurity attack ->amp%e8

-ncryption a%gorithm* Digita% "ignature* 3uthentication protoco%"

. D";;e&e8"6e %8c#8$""#86@ 'ec%&e$ 68$ c#5:%6"#86@ 'ec%&e$.

3n -ncryption a%gorithm i" %8c#8$""#86@ 'ec%&e$mean"J the condition i" if the cipher

te>t generated (y the encryption "cheme doe"n9t contain enough information to determine

corre"ponding p%ainte>t -ncryption i" c#5:%6"#86@ 'ec%&e$mean"*

The co"t of (reaking the cipher e>ceed" the )a%ue of enough information

Time re.uired to (reak the cipher e>ceed the u"efu% %ifetime of information

9


10/171

+. De;"8e 'e68#&6:h@.

!iding the me""age into "ome co)er media It concea%" the e>i"tence of a me""age

10. h@ 8e#&? 8ee$ 'ec%&"@

hen "y"tem" are connected through the network* acti)e attack" and pa""i)e attack" are

po""i(%e during tran"mi""ion time from "ender to recei)er and )ice )er"a So network

need" "ecurity

11. De;"8e E8c&@:"#8.

The proce"" of con)erting from p%ainte>t to cipher te>t i" known a" encryption

12. S:ec";@ he c#5:#8e8' #; e8c&@:"#8 6#&"h5

/a :%ainte>t /( -ncryption a%gorithm /c "ecret key /d cipher te>t /e Decryption

a%gorithm

13. De;"8e c#8;"$e8"6"@ 68$ 6%he8"c6"#8

C#8;"$e8"6"@8 It mean" how to maintain the "ecrecy of me""age It en"ure" that the

information in a computer "y"tem and tran"mitted information are acce""i(%e on%y for

reading (y authoriFed per"on

A%he8"c6"#8It he%p" to pro)e that the "ource entity on%y ha" in)o%)ed the tran"action

1. De;"8e c&@:#&6:h@.

It i" a "cience of writing Secret code u"ing mathematica% techni.ue" The many "cheme"

u"ed for enciphering con"titute the area of "tudy known a" cryptography

1*. C#5:6&e S%'"%"#8 68$ T&68':#'""#8 ech8"t digit" which

i" e.ui)a%ent to each cipher te>t digit i" affected (y many p%ainte>t digit" It can (e

achie)ed (y performing permutation on the data It i" the re%ation"hip (etween the

p%ainte>t and cipher te>t C#8;%'"#88 It can (e achie)ed (y "u("titution a%gorithm It i"

the re%ation"hip (etween cipher te>t and key

10

SUBSTITUTION TRANSPOSITION

3 "u("titution techni.ue" i" one in

which the %etter" of p%ainte>t are

rep%aced (y other %etter or (y num(er

or "ym(o%"

It mean"* different kind of mapping

i" achie)ed (y performing "ome "ort

of permutation on the p%ainte>t

%etter"

K-g8 Cae"ar cipher K-g8 D-S* 3-S


11/171

1. De;"8e M%":e E8c&@:"#8'.

L It i" a techni.ue in which the encryption i" u"ed mu%tip%e time" -g8 Dou(%e D-S* Trip%e

D-S

1. S:ec";@ he $e'"8 c&"e&"6 #; #c? c":he&.

Num(er of round"* De"ign of the function * =ey "chedu%ing

1+. De;"8e Ree&'"e 56::"8. (N# 13)

-ach p%ain te>t i" map" with the uni.ue cipher te>t Thi" tran"formation i" ca%%ed

re)er"i(%e mapping

20. S:ec";@ he 6'"c 6'? ;#& $e;"8"8 6 'ec%&"@ 'e&"ce.

3 "er)ice that enhance" the "ecurity of the data proce""ing "y"tem" and the information

tran"fer of an organiFation The "er)ice" are intended to counter "ecurity attack* and theymake u"e of one or more "ecurity mechani"m to pro)ide the "er)ice

PART B (1, 56&?)

1. E=:6"8 OSI 6&ch"ec%&e (M6@ 11)

OSI Sec%&"@ A&ch"ec%&e

IT4+T @?00 Security 3rchitecture for ,SI define" a "y"tematic way of defining and

pro)iding "ecurity re.uirement"

Sec%&"@ Se&"ce'

@?00 define" it a"8 a "er)ice pro)ided (y a protoco% %ayer of communicating open

"y"tem"* which en"ure" ade.uate "ecurity of the "y"tem" or of data tran"fer"

C 2?2? define" it a"8 a proce""ing or communication "er)ice pro)ided (y a "y"tem to

gi)e a "pecific kind of protection to "y"tem re"ource"

@?00 define" it in < maHor categorie"

A%he8"c6"#8 + a""urance that the communicating entity i" the one c%aimedAcce''

C#8 + pre)ention of the unauthoriFed u"e of a re"ource

D66 C#8;"$e8"6"@;protection of data from unauthoriFed di"c%o"ure

11


12/171

D66 I8e&"@ + a""urance that data recei)ed i" a" "ent (y an authoriFed entityN#8-

Re:%$"6"#8 + protection again"t denia% (y one of the partie" in a communication

Sec%&"@ Mech68"'5'

"pecific "ecurity mechani"m"8 encipherment* digita% "ignature"* acce"" contro%"* data integrity* authentication

e>change* traffic padding* routing contro%* notariFation

per)a"i)e "ecurity mechani"m"8

tru"ted functiona%ity* "ecurity %a(e%"* e)ent detection* "ecurity audit trai%"* "ecurity

reco)ery

C6''";"c6"#8 #; Sec%&"@ A6c?' a"

:6''"e 66c?' + ea)e"dropping on* or monitoring of* tran"mi""ion" to8

o(tain me""age content"* or monitor traffic f%ow"

6c"e 66c?';modification of data "tream to8ma".uerade of one entity a" "ome other

rep%ay pre)iou" me""age" modify me""age" in tran"it denia% of "er)ice

Sec%&"@ A6c?'i" c%a""ified a"

:a""i)e attack

eading content" of me""age"

3%"o ca%%ed ea)e"dropping

Difficu%t to detect pa""i)e attack"

Defence8 to pre)ent their "ucce""

3cti)e attack"

Modification or creation of me""age" /(y attacker"

our categorie"8 modification of me""age"* rep%ay* ma".uerade* denia% of "er)ice

-a"y to detect (ut difficu%t to pre)ent

Defen"e8 detect attack" and reco)er from damage"

2. G"e 6 5#$e ;#& 8e#&? 'ec%&"@. ( 56&?')

12


13/171

3. E=:6"8 c6''"c6 E8c&@:"#8 ech8"


14/171

' D:! ' BD ' OT@!4!$I C3M- I S3 I C,NO4--D

ie mapping i"

35CD-$!I='MN,:OST4B@D-$!I='MN,:OST4B@35C

M"=e$ A:h6e'

Mo"t genera%%y we cou%d u"e an ar(itrary mi>ed /Hum(%ed a%pha(et

each p%ainte>t %etter i" gi)en a different random cipherte>t %etter* hence key i" 26

%etter" %ong

:%ain8 35CD-$!I='MN,:OST4B@Cipher8 D=BOI5:-SC@!TM34,'$N:%ainte>t8 I-IS!T,-:'3C-'-TT-SCipher te>t8 I34!TSDBS443

C&@:686@'"'

u"e fre.uency count" to gue"" %etter (y %etter

a%"o ha)e fre.uencie" for digraph" G trigraph"

Ge8e&6 M#8#6:h6e"c

"pecia% form of mi>ed a%pha(et

u"e key a" fo%%ow"8

o write key /with repeated %etter" de%eted

o then write a%% remaining %etter" in co%umn" underneath

o then read off (y co%umn" to get cipherte>t e.ui)a%ent"

14


15/171

P#@6:h6e"c S%'"%"#8

in genera% u"e more than one "u("titution a%pha(et

make" cryptana%y"i" harder "ince ha)e more a%pha(et" to gue""

and (ecau"e f%atten" fre.uency di"tri(ution

/"ince "ame p%ainte>t %etter get" rep%aced (y "e)era% cipherte>t %etter* depending on

which a%pha(et i" u"ed

"e8&e C":he&

(a"ica%%y mu%tip%e Cae"ar cipher"

key i" mu%tip%e %etter" %ong = P kQ/1 kQ/2 kQ/d

ith%etter "pecifie" itha%pha(et to u"e

u"e each a%pha(et in turn* repeating from "tart after d %etter" in me""age

. E=:6"8 E%c"$' 6#&"h5 68$ Fe&56' L"e The#&e5. (M6@ 12 M6@ 1*)

TheEuclidean Algorithmi" a techni.ue for .uick%y finding theGCDof two

integer"

The 3%gorithm

The -uc%idean 3%gorithm for finding $CD/3*5 i" a" fo%%ow"8

If 3 P 0 then $CD/3*5P5* "ince the $CD/0*5P5* and we can "top

If 5 P 0 then $CD/3*5P3* "ince the $CD/3*0P3* and we can "top

rite 3 in .uotient remainder form /3 P 5O R

ind $CD/5* u"ing the -uc%idean 3%gorithm "ince $CD/3*5 P $CD/5*

Fe&56J' "e The#&e5

Fe&56J' "e he#&e5"tate" that ifpi" aprime num(er* then for anyintegera* thenum(er ap ai" an integer mu%tip%e ofp In the notation ofmodu%ar arithmetic* thi" i"

e>pre""ed a"

or e>amp%e* ifaP 2 andpP 7* 27P 12?* and 12? 2 P 7 1? i" an integer mu%tip%e of

7

15
https://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Integerhttps://en.wikipedia.org/wiki/Integerhttps://en.wikipedia.org/wiki/Modular_arithmetichttps://en.wikipedia.org/wiki/Modular_arithmetichttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Integerhttps://en.wikipedia.org/wiki/Modular_arithmetic


16/171

If ai" not di)i"i(%e (yp* ermatU" %itt%e theorem i" e.ui)a%ent to the "tatement that ap 1

1 i" an integer mu%tip%e ofp* or in "ym(o%"

V1WV2W

or e>amp%e* if aP 2 andpP 7 then 26P 6& and 6& 1 P 6# i" thu" a mu%tip%e of 7

ermatU" %itt%e theorem i" the (a"i" for the ermat prima%ity te"t and i" one of the

fundamenta% re"u%t" ofe%ementary num(er theory The theorem i" named after :ierre de

ermat* who "tated it in 16&0 It i" ca%%ed the X%itt%e theoremX to di"tingui"h it

fromermatU" %a"t theorem

*. E=:6"8 $";;e&e8 @:e' #; 66c? "8 $e6".

C%a""e" of attack might inc%ude pa""i)e monitoring of communication"* acti)e

network attack"* c%o"e+in attack"* e>p%oitation (y in"ider"* and attack" through the "er)icepro)ider Information "y"tem" and network" offer attracti)e target" and "hou%d (e

re"i"tant to attack from the fu%% range of threat agent"* from hacker" to nation+"tate" 3

"y"tem mu"t (e a(%e to %imit damage and reco)er rapid%y when attack" occur

There are fi)e type" of attack8

PASSIE ATTAC/

3 :6''"e 66c?monitor" unencrypted traffic and %ook" for c%ear+te>t pa""word"

and "en"iti)e information that can (e u"ed in other type" of attack" P6''"e

66c?'inc%ude traffic ana%y"i"* monitoring of unprotected communication"* decrypting

weak%y encrypted traffic* and capturing authentication information "uch a" pa""word"

:a""i)e interception of network operation" ena(%e" ad)er"arie" to "ee upcoming action"

:a""i)e attack" re"u%t in the di"c%o"ure of information or data fi%e" to an attacker without

the con"ent or know%edge of the u"er

ACTIE ATTAC/

In an 6c"e 66c?the attacker trie" to (ypa"" or (reak into "ecured "y"tem"

Thi" can (e done through "tea%th* )iru"e"* worm"* or TroHan hor"e" 3cti)e attack" inc%ude

attempt" to circum)ent or (reak protection feature"* to introduce ma%iciou" code* and to

"tea% or modify information The"e attack" are mounted again"t a network (ack(one*

e>p%oit information in tran"it* e%ectronica%%y penetrate an enc%a)e* or attack an authoriFed

16
https://en.wikipedia.org/wiki/Fermat's_little_theorem#cite_note-1https://en.wikipedia.org/wiki/Fermat's_little_theorem#cite_note-2https://en.wikipedia.org/wiki/Fermat_primality_testhttps://en.wikipedia.org/wiki/Elementary_number_theoryhttps://en.wikipedia.org/wiki/Elementary_number_theoryhttps://en.wikipedia.org/wiki/Pierre_de_Fermathttps://en.wikipedia.org/wiki/Pierre_de_Fermathttps://en.wikipedia.org/wiki/Fermat's_last_theoremhttps://en.wikipedia.org/wiki/Fermat's_last_theoremhttps://en.wikipedia.org/wiki/Fermat's_last_theoremhttps://en.wikipedia.org/wiki/Fermat's_little_theorem#cite_note-1https://en.wikipedia.org/wiki/Fermat's_little_theorem#cite_note-2https://en.wikipedia.org/wiki/Fermat_primality_testhttps://en.wikipedia.org/wiki/Elementary_number_theoryhttps://en.wikipedia.org/wiki/Pierre_de_Fermathttps://en.wikipedia.org/wiki/Pierre_de_Fermathttps://en.wikipedia.org/wiki/Fermat's_last_theorem


17/171

remote u"er during an attempt to connect to an enc%a)e 3cti)e attack" re"u%t in the

di"c%o"ure or di""emination of data fi%e"* DoS* or modification of data

DISTRIBUTED ATTAC/

3 $"'&"%e$ 66c?re.uire" that the ad)er"ary introduce code* "uch a" a TroHan hor"eor (ack+door program* to a tru"tedE component or "oftware that wi%% %ater (e di"tri(uted

to many other companie" and u"er" Di"tri(ution attack" focu" on the ma%iciou"

modification of hardware or "oftware at the factory or during di"tri(ution The"e attack"

introduce ma%iciou" code "uch a" a (ack door to a product to gain unauthoriFed acce"" to

information or to a "y"tem function at a %ater date

INSIDER ATTAC/

3n "8'"$e& 66c?in)o%)e" "omeone from the in"ide* "uch a" a di"grunt%edemp%oyee* attacking the network In"ider attack" can (e ma%iciou" or no ma%iciou"

Ma%iciou" in"ider" intentiona%%y ea)e"drop* "tea%* or damage informationJ u"e information

in a fraudu%ent mannerJ or deny acce"" to other authoriFed u"er" No ma%iciou" attack"

typica%%y re"u%t from care%e""ne""* %ack of know%edge* or intentiona% circum)ention of

"ecurity for "uch rea"on" a" performing a ta"k

CLOSE-IN ATTAC/

3 c#'e-"8 66c?in)o%)e" "omeone attempting to get phy"ica%%y c%o"e to networkcomponent"* data* and "y"tem" in order to %earn more a(out a network C%o"e+in attack"

con"i"t of regu%ar indi)idua%" attaining c%o"e phy"ica% pro>imity to network"* "y"tem"* or

faci%itie" for the purpo"e of modifying* gathering* or denying acce"" to information C%o"e

phy"ica% pro>imity i" achie)ed through "urreptitiou" entry into the network* open acce""*

or (oth

PHISHING ATTAC/

In phi"hing attack the hacker create" a fake we( "ite that %ook" e>act%y %ike a

popu%ar "ite "uch a" the S5I (ank or paypa% The phi"hing part of the attack i" that the

hacker then "end" an e+mai% me""age trying to trick the u"er into c%icking a %ink that %ead"

to the fake "ite hen the u"er attempt" to %og on with their account information* the

hacker record" the u"ername and pa""word and then trie" that information on the rea% "ite

17


18/171

HI!AC/ ATTAC/

!iHack attack In a hiHack attack* a hacker take" o)er a "e""ion (etween you and

another indi)idua% and di"connect" the other indi)idua% from the communication ou "ti%%

(e%ie)e that you are ta%king to the origina% party and may "end pri)ate information to the

hacker (y accident

SPOOF ATTAC/

Spoof attack In a "poof attack* the hacker modifie" the "ource addre"" of the

packet" he or "he i" "ending "o that they appear to (e coming from "omeone e%"e Thi"

may (e an attempt to (ypa"" your firewa%% ru%e"

BUFFER OERFLO

5uffer o)erf%ow 3 (uffer o)erf%ow attack i" when the attacker "end" more data to

an app%ication than i" e>pected 3 (uffer o)erf%ow attack u"ua%%y re"u%t" in the attacker

gaining admini"trati)e acce"" to the "y"tem in a ommand prompt or "he%%

E4PLOIT ATTAC/

->p%oit attack In thi" type of attack* the attacker know" of a "ecurity pro(%em

within an operating "y"tem or a piece of "oftware and %e)erage" that know%edge (y

e>p%oiting the )u%nera(i%ity

PASSORD ATTAC/

:a""word attack 3n attacker trie" to crack the pa""word" "tored in a network account

data(a"e or a pa""word+protected fi%e There are three maHor type" of pa""word attack"8 a

dictionary attack* a (rute+force attack* and a hy(rid attack 3 dictionary attack u"e" a

word %i"t fi%e* which i" a %i"t of potentia% pa""word" 3 (rute+force attack i" when the

attacker trie" e)ery po""i(%e com(ination of character"

,. E=:6"8 C":he& Fee$6c? 68$ O%:% Fee$6c?.

C":he& Fee$6c? (CFB)

Me""age i" treated a" a "tream of (it" o added to the output of the (%ock cipher

re"u%t i" feed(ack for ne>t "tage /hence name

"tandard a%%ow" any num(er of (it /1*? or 6& or whate)er to (e feed(ack o denoted

C5+1* C5+?* C5+6& etc

18


19/171

i" mo"t efficient to u"e a%% 6& (it" /C5+6& CiP :i@, D-S=1/Ci+1 C+1P IB

u"e"8 "tream data encryption* authentication

A$686e' 68$ L"5"6"#8' #; CFB

appropriate when data arri)e" in (it"(yte" o mo"t common "tream mode

%imitation i" need to "ta%% whi%e do (%ock encryption after e)ery n+(it" o note that

the (%ock cipher i" u"ed in encryption mode at (oth end"

error" propagate for "e)era% (%ock" after the error

O%:% Fee$6c? (OFB)

me""age i" treated a" a "tream of (it" output of cipher i" added to me""age

output i" then feed(ack /hence name

feed(ack i" independent of me""age

can (e computed in ad)ance

CiP :i@, ,i,iP D-S=1/,i+1 ,+1P IB

o u"e"8 "tream encryption o)er noi"y channe%"

A$686e' 68$ L"5"6"#8' #; OFB

4"ed when error feed(ack a pro(%em or where need to encryption" (efore me""age i"

a)ai%a(%e

"uperficia%%y "imi%ar to C5

(ut feed(ack i" from the output of cipher and i" independent of me""age o a )ariation of

a Bernam cipher

hence mu"t ne)er reu"e the "ame "e.uence /keyRIB

"ender and recei)er mu"t remain in "ync* and "ome reco)ery method i" needed to en"ure

thi" occur

origina%%y "pecified with m+(it feed(ack in the "tandard"

Su("e.uent re"earch ha" "hown that on%y OFB-,"hou%d e)er (e u"ed

. E=:6"8 Ch"8e'e Re5"8$e& The#&e5.

Ch"8e'e Re56"8$e& The#&e5

4"ed to "peed up modu%o computation" o working modu%o a product of num(er"

19


20/171

eg mod M P m1m2mk

Ch"8e'e Re56"8$e& he#&e5%et" u" work in each modu%e mi"eparate%y

"ince computationa% co"t i" proportiona% to "iFe* thi" i" fa"ter than working in the

fu%% modu%u" M

can imp%ement CT in "e)era% way"

to compute /3 mod M can fir"t%y compute a%% /a imod mi "eparate%y and then

com(ine re"u%t" to get an"wer u"ing8

5#$ M

K ( 5#$ ) ;#& 1

P&"5""e R##'

from -u%er" theorem ha)e aY/nmod nP1 o con"ider ammod nP1* $CD/a*nP1

mu"t e>i"t for mP Y/n (ut may (e "ma%%er o once power" reach m* cyc%e wi%%repeat

if "ma%%e"t i" mP Y/n then a i" ca%%ed a primiti)e root

if p i" prime* then "ucce""i)e power" of a XgenerateX the group mod p o the"e are

u"efu% (ut re%ati)e%y hard to find

D"'c&ee L#6&"h5' #& I8$"ce'

the in)er"e pro(%em to e>ponentiation i" to find the di"crete %ogarithm of a num(er

modu%o p

that i" to find > where a>P ( mod p

written a" >P%oga( mod p or >Pinda*p/(

if a i" a primiti)e root then a%way" e>i"t"* otherwi"e may not

> P %og#& mod 1# /> "t #>P & mod 1# ha" no an"wer

> P %og2# mod 1# P & (y trying "ucce""i)e power"

hi%"t e>ponentiation i" re%ati)e%y ea"y* finding di"crete %ogarithm" i" genera%%y

a hard pro(%em

. E=:6"8 c#8;"$e8"6"@ #; S@55e&"c E8c&@:"#8

C#8;"$e8"6"@ U'"8 S@55e&"c E8c&@:"#8

Traditiona%%y "ymmetric encryption i" u"ed to pro)ide me""age confidentia%ity con"ider

typica% "cenario

work"tation" on '3N" acce"" other work"tation" G "er)er" on '3N

'3N" interconnected u"ing "witche"router"

20


21/171

with e>terna% %ine" or radio"ate%%ite %ink" con"ider attack" and p%acement in thi"

"cenario

"nooping from another work"tation

u"e dia%+in to '3N or "er)er to "noop

u"e e>terna% router %ink to enter G "noop monitor andor modify traffic one

e>terna% %ink" ha)e two maHor p%acement a%ternati)e"

L"8? e8c&@:"#8

-ncryption occur" independent%y on e)ery %ink

imp%ie" mu"t decrypt traffic (etween %ink"

re.uire" many de)ice"* (ut paired key"

e8$-#-e8$ e8c&@:"#8

-ncryption occur" (etween origina% "ource and fina% de"tination

need de)ice" at each end with "hared key"

T&6;;"c C#8;"$e8"6"@ when u"ing end+to+end encryption mu"t %ea)e header" in c%ear

"o network can correct%y route information

hence a%though content" protected* traffic pattern f%ow" are not

idea%%y want (oth at once end+to+end protect" data content" o)er entire path and

pro)ide" authentication

%ink protect" traffic f%ow" from monitoring

P6ce5e8 #; E8c&@:"#8

Can p%ace encryption function at )ariou" %ayer" in ,SI eference Mode% o %inkencryption occur" at %ayer" 1 or 2

end+to+end can occur at %ayer" #* &* 6* 7

a" mo)e higher %e"" information i" encrypted (ut it i" more "ecure though more

comp%e> with more entitie" and key"

T&6;;"c A86@'"'

I" monitoring of communication" f%ow" (etween partie" o u"efu% (oth in mi%itary

G commercia% "phere"

can a%"o (e u"ed to create a co)ert channe% o %ink encryption o("cure" header

detai%"

(ut o)era%% traffic )o%ume" in network" and at end+point" i" "ti%% )i"i(%e o traffic

padding can further o("cure f%ow"

UNIT II

21


22/171

PART A (TO MAR/S)

1. D";;e&e8"6e :%"c ?e@ 68$ c#8e8"#86 e8c&@:"#8 (Dec 11)

2.

h6 6&e he :&"8c":e ee5e8' #; 6 :%"c ?e@ c&@:#'@'e5

The princip%e e%ement" of a crypto"y"tem are8

p%ain te>t

-ncryption a%goritm

:u(%ic and pri)ate key

Cipher te>t

Decryption a%gorithm IT

3. h6 6&e e' #; :%"c 68$ :&"6e ?e@

The two key" u"ed for pu(%ic+key encryption are referred to a" the pu(%ic key and the

pri)ate key In)aria(%y* the pri)ate key i" kept "ecret and the pu(%ic key i" known

pu(%ic%y 4"ua%%y the pu(%ic key i" u"ed for encryption purpo"e and the pri)ate key i" u"ed

in the decryption "ide

. S:ec";@ he 6::"c6"#8' #; he :%"c ?e@ c&@:#'@'e5

22

Con)entiona% -ncryption :u(%ic key -ncryption

The "ame a%gorithm with the "ame key i"

u"ed for encryption and decryption

,ne a%gorithm i" u"ed for encryption

and decryption with a pair of key"*

one for encryption and another for

decryption

The "ender and recei)er mu"t "hare the

a%gorithm and the key

the "ender and recei)er mu"t each

ha)e one of the matched pair of key"

The key mu"t (e "ecret ,ne of two key" mu"t (e kept Secret

It mu"t (e impo""i(%e or at%ea"t

impractia% me""age if no other

information i" a)ai%a(%e

It mu"t (e impo""i(%e or to at %ea"t

impractica% to decipher a me""age if

no other information i" a)ai%a(%e

=now%edge of the a%gorithm p%u"

"amp%e" of cipher te>t mu"t in"ufficient

to determine the key

=now%edge of the a%gorithm p%u" one

of key p%u" "amp%e" of cipherte>t

mu"t (e in"ufficient to determine the

other key


23/171

The app%ication" of the pu(%ic+key crypto"y"tem can c%a""ified a" fo%%ow"

E8c&@:"#8>Dec&@:"#8The "ender encrypt" a me""age with the recipient9" pu(%ic key

D""6 '"86%&eThe "ender "ign"E a me""age with it" pri)ate key Signing i" achie)ed

(y a cryptographic a%gorithm app%ied to a me""age or to a "ma%% (%ock of data that i" a

function of the me""age

/e@ E=ch68e Two "ide" cooperate to e>change a "e""ion key Se)era% different

approache" are po""i(%e* in)o%)ing the pri)ate key/" of one or (oth partie"

*. h6 &et

u"ing the pri)ate key to reco)er the origina% me""age 8

MPD=(/CPD=(V-=4(/MW It i" computationa%%y infea"i(%e for an opponent* knowing the pu(%ic key*=4(*to

determine the pri)ate key*=( It i" computationa%%y infea"i(%e for an opponent* knowing the pu(%ic key*=4(*

and a cipher te>t* C* to reco)er the origina% me""age The encryption and decryption function" can (e app%ied in either order8

MP-=4(VD=(/MWPD=4( V-=(/MW

,. h6 "' 6 #8e 6@ ;%8c"#8 (Dec 12)

,ne way function i" one that map the domain into a range "uch that e)ery function )a%ue

ha" a uni.ue in)er"e with a condition that the ca%cu%ation of the function i" ea"y wherea"

the ca%cu%ation" of the in)er"e i" infea"i(%e

. h6 "' 6 &6:$##& #8e 6@ ;%8c"#8 (Dec 12)

It i" function which i" ea"y to ca%cu%ate in one direction and infea"i(%e to ca%cu%ate in

other direction in the other direction un%e"" certain additiona% information i" known ith

the additiona% information the in)er"e can (e ca%cu%ated in po%ynomia% time It can (e

"ummariFed a"8 3 trapdoor one way function i" a fami%y of in)erti(%e function" fk* "uch

that P fk/ @ ea"y* if k and @ are known @Pfk +1 / ea"y* if k and y are known @P fk

+1 / infea"i(%e* if i" known (ut k i" not known

23


24/171

. L"' ;#%& e8e&6 ch6&6ce&"'"c' #; 'che56 ;#& he $"'&"%"#8 #; he :%"c ?e@(M6@

11)

The four genera% characteri"tic" for the di"tri(ution of the pu(%ic key are

:u(%ic announcement :u(%ic%y a)ai%a(%e directory

:u(%ic+key authority

:u(%ic+key certificate

+. h6 6&e e''e8"6 "8&e$"e8' #; he :%"c ?e@ $"&ec#&@

The e""entia% ingredient" of the pu(%ic key are a" fo%%ow"8

The authority maintain" a directory with a Zname* pu(%ic key[ entry for each

participant

-ach participant regi"ter" a pu(%ic key with the directory authority egi"trationwou%d ha)e to (e in per"on or (y "ome form of "ecure authenticated

communication 3 participant may rep%ace the e>i"ting key with a new one at a time *either

(ecau"e of the de"ire to rep%ace a pu(%ic key that ha" a%ready (een u"ed for a %arge

amount of data* or (ecau"e the corre"ponding pri)ate key ha" (een compri"ed in

"ome way :eriodica%%y* the authority pu(%i"he" the entire directory or update" to the

directory or e>amp%e* a hard+copy )er"ion much %ike a te%ephone (ook cou%d (e

pu(%i"hed* or update" cou%d (e %i"ted in a wide%y circu%ated new"paper

:articipant" cou%d a%"o acce"" the directory e%ectronica%%y or thi" purpo"e*"ecure* authenticated communication from the authority to the participant i"

mandatory

10. h6 6&e he $e'"8 :6&65ee&' #; Fe"'e c":he& 8e#&?

K5%ock "iFe K=ey "iFe KNum(er of ound" KSu( key generation a%gorithm Kound

function Ka"t "oftware -ncryptionDecryption K-a"e of ana%y"i"

11. De;"8e P$%c c":he&.

It mean" two or more (a"ic cipher are com(ined and it produce the re"u%tant cipher i"

ca%%ed the product cipher

12. E=:6"8 A668che e;;ec.

3 de"ira(%e property of any encryption a%gorithm i" that a "ma%% change in either the

p%ainte>t or the key produce a "ignificant change in the cipher te>t In particu%ar* a change

in one (it of the p%ainte>t or one (it of the key "hou%d produce a change in many (it" of

24


25/171

the cipher te>t If the change i" "ma%%* thi" might pro)ider a way to reduce the "iFe of the

p%ainte>t or key "pace to (e "earched

13. G"e he ;"e 5#$e' #; #:e&6"#8 #; B#c? c":he&. (Dec 1)

-%ectronic Code(ook/-C5

Cipher 5%ock Chaining/C5C

Cipher eed(ack/C5

,utput eed(ack/,5

Counter/CT

1. S6e 6$686e' #; c#%8e& 5#$e.

K!ardware -fficiency K Software -fficiency K:reproce""ing K andom 3cce"" K

:ro)a(%e Security K Simp%icity

1*. F"8$ c$ (1+0 10,,) %'"8 E%c"$' 6#&"h5 (Dec 13)

gcd /1A70*1066 P gcd/1066*1A70 mod 1066

P gcd/1066*A0&

P 2 1


26/171

n P 7K11P77

\/nP/p+1 /.+1

P6K10 P 60

e P17 d P27

C P Memod n

C P ?17 mod 77

P changing cryptographic key"o)er a pu(%ic channe% and wa" one of the fir"tpu(%ic+key

protoco%"a" origina%%y conceptua%iFed (y a%ph Merk%eand named after hitfie%d

Diffieand Martin !e%%manV1WV2WD;! i" one of the ear%ie"t practica% e>amp%e" of pu(%ic key

e>changeimp%emented within the fie%d of cryptographyTraditiona%%y* "ecure encrypted

communication (etween two partie" re.uired that they fir"t e>change key" (y "ome

26
https://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Algebraic_structurehttps://en.wikipedia.org/wiki/Algebraic_structurehttps://en.wikipedia.org/wiki/Elliptic_curvehttps://en.wikipedia.org/wiki/Finite_fieldhttps://en.wikipedia.org/wiki/Finite_fieldhttps://en.wikipedia.org/wiki/Galois_fieldhttps://en.wikipedia.org/wiki/Encryptionhttps://en.wikipedia.org/wiki/Digital_signaturehttps://en.wikipedia.org/wiki/Digital_signaturehttps://en.wikipedia.org/wiki/CPRNGhttps://en.wikipedia.org/wiki/CPRNGhttps://en.wikipedia.org/wiki/CPRNGhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Block_cipherhttps://en.wikipedia.org/wiki/Bruce_Schneierhttps://en.wikipedia.org/wiki/Data_Encryption_Standardhttps://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#cite_note-1https://en.wikipedia.org/wiki/Key_(cryptography)https://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Ralph_Merklehttps://en.wikipedia.org/wiki/Whitfield_Diffiehttps://en.wikipedia.org/wiki/Whitfield_Diffiehttps://en.wikipedia.org/wiki/Martin_Hellmanhttps://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#cite_note-Merkle_1978-2https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#cite_note-Diffie_1976-3https://en.wikipedia.org/wiki/Key_exchangehttps://en.wikipedia.org/wiki/Key_exchangehttps://en.wikipedia.org/wiki/Key_exchangehttps://en.wikipedia.org/wiki/Cryptographyhttps://en.wikipedia.org/wiki/Cryptographyhttps://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Algebraic_structurehttps://en.wikipedia.org/wiki/Elliptic_curvehttps://en.wikipedia.org/wiki/Finite_fieldhttps://en.wikipedia.org/wiki/Galois_fieldhttps://en.wikipedia.org/wiki/Encryptionhttps://en.wikipedia.org/wiki/Digital_signaturehttps://en.wikipedia.org/wiki/CPRNGhttps://en.wikipedia.org/wiki/CPRNGhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Block_cipherhttps://en.wikipedia.org/wiki/Bruce_Schneierhttps://en.wikipedia.org/wiki/Data_Encryption_Standardhttps://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#cite_note-1https://en.wikipedia.org/wiki/Key_(cryptography)https://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Ralph_Merklehttps://en.wikipedia.org/wiki/Whitfield_Diffiehttps://en.wikipedia.org/wiki/Whitfield_Diffiehttps://en.wikipedia.org/wiki/Martin_Hellmanhttps://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#cite_note-Merkle_1978-2https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#cite_note-Diffie_1976-3https://en.wikipedia.org/wiki/Key_exchangehttps://en.wikipedia.org/wiki/Key_exchangehttps://en.wikipedia.org/wiki/Cryptography


27/171

"ecure phy"ica% channe%* "uch a" paper key %i"t" tran"ported (y a tru"ted courier The

Diffie;!e%%man key e>change method a%%ow" two partie" that ha)e no prior know%edge of

each other to Hoint%y e"ta(%i"h a "hared "ecretkey o)er anin"ecurechanne% Thi" key can

then (e u"ed to encrypt "u("e.uent communication" u"ing a "ymmetric keycipher

Diffie;!e%%man i" u"ed to "ecure a )ariety of Internet"er)ice" !owe)er* re"earch

pu(%i"hed in ,cto(er 201< "ugge"t" that the parameter" in u"e for many D;! Internet

app%ication" at that time are not "trong enough to pre)ent compromi"e (y )ery we%%+

funded attacker"* "uch a" the "ecurity "er)ice" of %arge go)ernment"

The "cheme wa" fir"t pu(%i"hed (y hitfie%d Diffie and Martin !e%%man in 1A76 5y

1A7


28/171

Diffie;!e%%man =ey ->change e"ta(%i"he" a "hared "ecret (etween two partie" that can (e

u"ed for "ecret communication for e>changing data o)er a pu(%ic network The fo%%owing

conceptua% diagram i%%u"trate" the genera% idea of the key e>change (y u"ing co%or"

in"tead of )ery %arge num(er"

The proce"" (egin" (y ha)ing the two partie"* 3%ice and 5o(* agree on an ar(itrary

"tarting co%or that doe" not need to (e kept "ecret /(ut "hou%d (e different e)ery timeJ in

thi" e>amp%e the co%or i" ye%%ow -ach of them "e%ect" a "ecret co%or;red and a.ua

re"pecti)e%y;that they keep to them"e%)e" The crucia% part of the proce"" i" that 3%ice and

5o( now mi> their "ecret co%or together with their mutua%%y "hared co%or* re"u%ting in

orange and (%ue mi>ture" re"pecti)e%y* then pu(%ic%y e>change the two mi>ed co%or"

ina%%y* each of the two mi> together the co%or they recei)ed from the partner with their

own pri)ate co%or The re"u%t i" a fina% co%or mi>ture /(rown that i" identica% to the

partnerU" co%or mi>ture

If another party /u"ua%%y namedEveincrypto%ogypu(%ication"* -)e (eing a third+party

who i" con"idered to (e an ea)e"dropper had (een %i"tening in on the e>change* it wou%d

(e computationa%%y difficu%t for that per"on to determine the common "ecret co%orJ in fact*

when u"ing %arge num(er" rather than co%or"* thi" action i" impo""i(%e for

modern "upercomputer"to do in a rea"ona(%e amount of time

2. E=:6"8 DES "8 $e6". (M6@ 1*)

D66 E8c&@:"#8 S68$6&$ (DES)

Mo"t wide%y u"ed (%ock cipher in wor%d

adopted in 1A77 (y N5S /now NIST

a" I:S :45 &6encrypt" 6&+(it data u"ing


29/171

I8""6 Pe&5%6"#8 IP

fir"t "tep of the data computation

I: reorder" the input data (it"

e)en (it" to '! ha%f* odd (it" to ! ha%f

.uite regu%ar in "tructure /ea"y in hw

DES R#%8$ S&%c%&e u"e" two #2+(it ' G ha%)e"

e>pand" to &?+(it" u"ing perm -

add" to "u( key

pa""e" through ? S+(o>e" to get #2+(it re"u%t

fina%%y permute" thi" u"ing #2+(it perm :

S%'"%"#8 B#=e' S

ha)e eight S+(o>e" which map 6 to & (it"

each S+(o> i" actua%%y & %itt%e & (it (o>e"

outer (it" 1 G 6 /row (it" "e%ect one row"

inner (it" 2+< /co% (it" are "u("tituted

re"u%t i" ? %ot" of & (it"* or #2 (it"

row "e%ection depend" on (oth data G key

feature known a" autoc%a)ing /auto keying

e>amp%e8 S/1? 0A 12 #d 11 17 #? #A P ha%foutput (it"

making attempt" to home

inE (y gue""ing key" impo""i(%e

D-S e>hi(it" "trong a)a%anche

29


30/171

3. B&"e;@ e=:6"8 #c? c":he& $e'"8 :&"8c":e' 68$ 5#$e' #; #:e&6"#8. (Dec13)

B#c? C":he& De'"8 P&"8c":e' 68$ M#$e' #; O:e&6"#8

5a"ic princip%e"

"ti%% %ike ei"te% in 1A70 " num(er of round"

more i" (etter* e>hau"ti)e "earch (e"t attack

function f8

pro)ide" confu"ionE* i" non%inear* a)a%anche

key "chedu%e

comp%e> "u(key creation* key a)a%anche

M#$e' #; O:e&6"#8

(%ock cipher" encrypt fi>ed "iFe (%ock"

eg D-S encrypt" 6&+(it (%ock"* with


31/171

!owe)er if IB i" "ent in the c%ear* an attacker can change (it" of the fir"t (%ock* and

change IB to compen"ate hence either IB mu"t (e a fi>ed )a%ue /a" in -T:,S or it

mu"t (e"ent encrypted in -C5 mode (efore re"t of me""age

at end of me""age* hand%e po""i(%e %a"t "hort (%ock

(y padding either with known non+data )a%ue /eg nu%%"

or pad %a"t (%ock with count of pad "iFeeg V (1 (2 (# 0 0 0 0 t "tage /hence name

"tandard a%%ow" any num(er of (it /1*? or 6& or whate)er to (e feed (ack

denoted C5+1* C5+?* C5+6& etc

i" mo"t efficient to u"e a%% 6& (it" /C5+6&

u"e"8 "tream data encryption* authenticationA$686e' 68$ L"5"6"#8' #; CFB

appropriate when data arri)e" in (it"(yte"

mo"t common "tream mode

%imitation i" need to "ta%% whi%e do (%ock encryption after e)ery n+(it"

note that the (%ock cipher i" u"ed in encryption mode at (oth end"

error" propagate for "e)era% (%ock" after the error

(")O%:% Fee$B6c? (OFB)

me""age i" treated a" a "tream of (it"

output of cipher i" added to me""age

output i" then feed (ack /hence name feed(ack i" independent of me""age

can (e computed in ad)ance C

u"e"8 "tream encryption o)er noi"y channe%"

()C#%8e& (CTR)

a newE mode* though propo"ed ear%y on

"imi%ar to ,5 (ut encrypt" counter )a%ue rather than any feed(ack )a%ue

mu"t ha)e a different key G counter )a%ue for e)ery p%ainte>t (%ock /ne)er reu"ed

C u"e"8 high+"peed network encryption"

. E=:6"8 RSA 6#&"h5 "8 $e6" "h 68 e=65:e (M6@ 11 M6@ 12 Dec 1)

RSAi" one of the fir"t practica%pu(%ic+key crypto"y"tem"and i" wide%y u"ed for "ecure

data tran"mi""ion In "uch a crypto"y"tem* theencryption keyi" pu(%ic and differ" from

the decryption keywhich i" kept "ecret In S3* thi" a"ymmetry i" (a"ed on the practica%

difficu%ty of factoringthe product of two %argeprime num(er"* the factoring pro(%em

S3 i" made of the initia% %etter" of the "urname" ofon i)e"t*3di Shamir*

31
https://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Cryptosystemhttps://en.wikipedia.org/wiki/Encryption_keyhttps://en.wikipedia.org/wiki/Encryption_keyhttps://en.wikipedia.org/wiki/Decryption_keyhttps://en.wikipedia.org/wiki/Factorizationhttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Factoring_problemhttps://en.wikipedia.org/wiki/Ron_Rivesthttps://en.wikipedia.org/wiki/Ron_Rivesthttps://en.wikipedia.org/wiki/Ron_Rivesthttps://en.wikipedia.org/wiki/Adi_Shamirhttps://en.wikipedia.org/wiki/Public-key_cryptographyhttps://en.wikipedia.org/wiki/Cryptosystemhttps://en.wikipedia.org/wiki/Encryption_keyhttps://en.wikipedia.org/wiki/Decryption_keyhttps://en.wikipedia.org/wiki/Factorizationhttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Factoring_problemhttps://en.wikipedia.org/wiki/Ron_Rivesthttps://en.wikipedia.org/wiki/Adi_Shamir


32/171

and'eonard 3d%eman* who fir"t pu(%ic%y de"cri(ed the a%gorithm in 1A77C%ifford

Cock"* an -ng%i"h mathematician working for the 4= inte%%igence agency $C!O* had

de)e%oped an e.ui)a%ent "y"tem in 1A7#* (ut it wa" notdec%a""ifiedunti% 1AA7

3 u"er of S3 create" and then pu(%i"he" a pu(%ic key (a"ed on two %argeprime num(er"*

a%ong with an au>i%iary )a%ue The prime num(er" mu"t (e kept "ecret 3nyone can u"e

the pu(%ic key to encrypt a me""age* (ut with current%y pu(%i"hed method"* if the pu(%ic

key i" %arge enough* on%y "omeone with know%edge of the prime num(er" can fea"i(%y

decode the me""age5reaking S3encryptioni" known a" theS3 pro(%emJwhether it i"

a" hard a" the factoring pro(%em remain" an open .ue"tion

S3 i" a re%ati)e%y "%ow a%gorithm* and (ecau"e of thi" it i" %e"" common%y u"ed to

direct%y encrypt u"er data More often* S3 pa""e" encrypted "hared key" for"ymmetric

keycryptography which in turn can perform (u%k encryption+decryption operation" at

much higher "peed

The S3 a%gorithm in)o%)e" four "tep"8 keygeneration* key di"tri(ution* encryption and

decryption

S3 in)o%)e" apublic keyand aprivate key.The pu(%ic key can (e known (y e)eryone

and i" u"ed for encrypting me""age" The intention i" that me""age" encrypted with the

pu(%ic key can on%y (e decrypted in a rea"ona(%e amount of time u"ing the pri)ate key

The (a"ic princip%e (ehind S3 i" the o("er)ation that it i" practica% to find three )ery

%arge po"iti)e integer" e*dand n"uch that with modu%ar e>ponentiationfor a%% m8

and that e)en knowing eand nor e)en mit can (e e>treme%y difficu%t to find d3dditiona%%y* for "ome operation" it i" con)enient that the order of the two

e>ponentiation" can (e changed and that thi" re%ation a%"o imp%ie"8

1. /e@ $"'&"%"#8

To ena(%e 5o(to "end hi" encrypted me""age"* 3%icetran"mit" her pu(%ic key /n* e to

5o( )ia a re%ia(%e* (ut not nece""ari%y "ecret route The pri)ate key i" ne)er di"tri(uted

2. E8c&@:"#8

Suppo"e that 5o( wou%d %ike to "end me""ageMto 3%ice !e fir"t turn"Minto an

integer m* "uch that 0 ` m_ nand gcd/m* n P 1 (y u"ing an agreed+upon re)er"i(%e

protoco% known a" apadding "cheme !e then compute" the cipher te>t c* u"ing 3%iceU"

pu(%ic key e* corre"ponding to Thi" can (e done efficient%y* e)en for ponentiation 5o( then tran"mit" cto 3%ice

3. Dec&@:"#8

32
https://en.wikipedia.org/wiki/Leonard_Adlemanhttps://en.wikipedia.org/wiki/Leonard_Adlemanhttps://en.wikipedia.org/wiki/Clifford_Cockshttps://en.wikipedia.org/wiki/Clifford_Cockshttps://en.wikipedia.org/wiki/Clifford_Cockshttps://en.wikipedia.org/wiki/Classified_informationhttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Encryptionhttps://en.wikipedia.org/wiki/RSA_problemhttps://en.wikipedia.org/wiki/RSA_problemhttps://en.wikipedia.org/wiki/RSA_problemhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Key_(cryptography)https://en.wikipedia.org/wiki/Private_keyhttps://en.wikipedia.org/wiki/Modular_exponentiationhttps://en.wikipedia.org/wiki/Alice_and_Bobhttps://en.wikipedia.org/wiki/Alice_and_Bobhttps://en.wikipedia.org/wiki/RSA_(cryptosystem)#Padding_schemeshttps://en.wikipedia.org/wiki/Leonard_Adlemanhttps://en.wikipedia.org/wiki/Clifford_Cockshttps://en.wikipedia.org/wiki/Clifford_Cockshttps://en.wikipedia.org/wiki/Classified_informationhttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/Encryptionhttps://en.wikipedia.org/wiki/RSA_problemhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Symmetric-key_algorithmhttps://en.wikipedia.org/wiki/Key_(cryptography)https://en.wikipedia.org/wiki/Private_keyhttps://en.wikipedia.org/wiki/Modular_exponentiationhttps://en.wikipedia.org/wiki/Alice_and_Bobhttps://en.wikipedia.org/wiki/Alice_and_Bobhttps://en.wikipedia.org/wiki/RSA_(cryptosystem)#Padding_schemes


33/171

3%ice can reco)er mfrom c(y u"ing her pri)ate key e>ponent d(y computing $i)en m*

"he can reco)er the origina% me""ageM(y re)er"ing the padding "cheme

. /e@ e8e&6"#8

The key" for the S3 a%gorithm are generated the fo%%owing way8

Choo"e two di"tinctprime num(er"pand q

or "ecurity purpo"e"* the integer"pand q"hou%d (e cho"en at random* and

"hou%d (e "imi%ar in magnitude (ut Udiffer in %ength (y a few digit"U V2Wto make

factoring harder :rime integer" can (e efficient%y found u"ing aprima%ity

te"t

Compute nPpq

ni" u"ed a" the modu%u"for (oth the pu(%ic and pri)ate key" It" %ength*

u"ua%%y e>pre""ed in (it"* i" the key %ength Compute(n) K (p)(q) K (p 1)(q 1) K n (p q 1)* where i"E%e&J'

#"e8 ;%8c"#8 Thi" )a%ue i" kept pri)ateChoo"e an integere"uch that1 e

(n) andc$(e (n)) K 1J ie*eand /n arec#:&"5e

1 Determineda"dbe1/mod /nJ ie*di" themodu%ar

mu%tip%icati)e in)er"eofe/modu%o /n

Thi" i" more c%ear%y "tated a"8 "o%)e fordgi)endeb 1 /mod /n

eha)ing a "hort(it+%engthand "ma%%!amming weightre"u%t" in more

efficient encryption ; mo"t common%y216R 1 P 6ponent

di" kept a" the pri)ate key e>ponent

Thepublic keycon"i"t" of the modu%u" nand the pu(%ic /or

encryption e>ponent e Theprivate keycon"i"t" of the

modu%u" nand the pri)ate /or decryption e>ponent d* which mu"t (e

kept "ecretp* q* and /n mu"t a%"o (e kept "ecret (ecau"e they can

(e u"ed to ca%cu%ate d

3n a%ternati)e* u"ed (y:=CS1* i" to choo"edmatchingdeb 1

/mod with P %cm/p 1*q 1* where %cm i" the%ea"t

33
https://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-rsa-2https://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-rsa-2https://en.wikipedia.org/wiki/Primality_testhttps://en.wikipedia.org/wiki/Primality_testhttps://en.wikipedia.org/wiki/Modular_arithmetichttps://en.wikipedia.org/wiki/Modular_arithmetichttps://en.wikipedia.org/wiki/Key_lengthhttps://en.wikipedia.org/wiki/Euler's_totient_functionhttps://en.wikipedia.org/wiki/Euler's_totient_functionhttps://en.wikipedia.org/wiki/Greatest_common_divisorhttps://en.wikipedia.org/wiki/Greatest_common_divisorhttps://en.wikipedia.org/wiki/Coprimehttps://en.wikipedia.org/wiki/Coprimehttps://en.wikipedia.org/wiki/Modular_multiplicative_inversehttps://en.wikipedia.org/wiki/Modular_multiplicative_inversehttps://en.wikipedia.org/wiki/Bit-lengthhttps://en.wikipedia.org/wiki/Hamming_weighthttps://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-Boneh-13https://en.wikipedia.org/wiki/PKCS1https://en.wikipedia.org/wiki/Least_common_multiplehttps://en.wikipedia.org/wiki/Prime_numberhttps://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-rsa-2https://en.wikipedia.org/wiki/Primality_testhttps://en.wikipedia.org/wiki/Primality_testhttps://en.wikipedia.org/wiki/Modular_arithmetichttps://en.wikipedia.org/wiki/Key_lengthhttps://en.wikipedia.org/wiki/Euler's_totient_functionhttps://en.wikipedia.org/wiki/Euler's_totient_functionhttps://en.wikipedia.org/wiki/Greatest_common_divisorhttps://en.wikipedia.org/wiki/Coprimehttps://en.wikipedia.org/wiki/Modular_multiplicative_inversehttps://en.wikipedia.org/wiki/Modular_multiplicative_inversehttps://en.wikipedia.org/wiki/Bit-lengthhttps://en.wikipedia.org/wiki/Hamming_weighthttps://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-Boneh-13https://en.wikipedia.org/wiki/PKCS1https://en.wikipedia.org/wiki/Least_common_multiple


34/171

common mu%tip%e 4"ing in"tead of /n a%%ow" more choice"

ford can a%"o (e defined u"ing theCarmichae% function* /n

Since any common factor" of /p 1 and /. 1 are pre"ent in the

factori"ation of p. 1*

V1&W

it i" recommended that /p 1 and /. 1ha)e on%y )ery "ma%% common factor"* if any (e"ide" the nece""ary 2

*. B&"e;@ e=:6"8 he "$e6 eh"8$ E":"c C%&e C&@:#'@'e5. (1,)

E":"c c%&e c&@:#&6:h@/ECC i" an approach topu(%ic+key cryptography(a"ed on

the a%ge(raic "tructureof e%%iptic cur)e"o)er finite fie%d" -CC re.uire" "ma%%er key"

compared to non+-CC cryptography /(a"ed on p%ain $a%oi" fie%d" to pro)ide e.ui)a%ent

"ecurity

-%%iptic cur)e" are app%ica(%e forencryption* digita% "ignature"*p"eudo+random

generator"and other ta"k" They are a%"o u"ed in "e)era% integer

factoriFationa%gorithm"that ha)e app%ication" in cryptography* "uch a" 'en"tra e%%iptic

cur)e factoriFation

:u(%ic+key cryptography i" (a"ed on theintracta(i%ityof certain mathematica%pro(%em"

-ar%y pu(%ic+key "y"tem" are "ecure a""uming that it i" difficu%t tofactora %arge integer

compo"ed of two or more %arge prime factor" or e%%iptic+cur)e+(a"ed protoco%"* it i"

a""umed that finding the di"crete %ogarithmof a random e%%iptic cur)e e%ement with

re"pect to a pu(%ic%y known (a"e point i" infea"i(%e8 thi" i" the Xe%%iptic cur)e di"crete

%ogarithm pro(%emX or -CD': The "ecurity of -CC depend" on the a(i%ity to compute

apoint mu%tip%icationand the ina(i%ity to compute the mu%tip%icand gi)en the origina% and

product point" The "iFe of the e%%iptic cur)e determine" the difficu%ty of the pro(%em

The primary (enefit promi"ed (y -CC i" a "ma%%er key "iFe* reducing "torage and

tran"mi""ion re.uirement"* ie that an e%%iptic cur)e group cou%d pro)ide the "ame %e)e%

of "ecurity afforded (y an S3+(a"ed "y"tem with a %arge modu%u" and corre"ponding%y

%arger key8 for e>amp%e* a 2change and -%%iptic Cur)e Digita% Signature 3%gorithm /-CDS3 for

digita% "ignature The 4SNationa% Security 3gency/NS3 a%%ow" their u"e for

protecting information c%a""ified up to top "ecretwith #?&+(it key"V1W!owe)er in 3ugu"t

201


35/171

hi%e the S3 patent e>pired in 2000* there may (epatent" in force co)ering certain

a"pect" of -CC techno%ogy* though "ome /inc%uding S3 'a(oratorie"V#Wand Danie%

5ern"teinV&W argue that the edera% e%%iptic cur)e digita% "ignature "tandard /-CDS3J

NIST I:S 1?6+# and certain practica% -CC+(a"ed key e>change "cheme" /inc%uding

-CD! can (e imp%emented without infringing them,. E=:6"8 /e@ 5686e5e8 "8 $e6". (1, 56&?)

/e@ M686e5e8

D"'&"%"#8 #; P%"c /e@'

P%"c-/e@ D"'&"%"#8 #; Sec&e ?e@'

D"'&"%"#8 #; P%"c /e@'

can (e con"idered a" u"ing one of8

:u(%ic announcement

:u(%ic%y a)ai%a(%e directory

:u(%ic+key authority :u(%ic+key certificate"

P%"c A88#%8ce5e8

4"er" di"tri(ute pu(%ic key" to recipient" or (roadca"t to community at %arge

eg append :$: key" to emai% me""age" or po"t to new" group" or emai% %i"t

maHor weakne"" i" forgery

anyone can create a key c%aiming to (e "omeone e%"e and (roadca"t it

unti% forgery i" di"co)ered can ma".uerade a" c%aimed u"er

P%"c@ A6"6e D"&ec#&@

Can o(tain greater "ecurity (y regi"tering key" with a pu(%ic directory

directory mu"t (e tru"ted with propertie"8

contain" Zname*pu(%ic+key[ entrie"

participant" regi"ter "ecure%y with directory

participant" can rep%ace key at any time

directory i" periodica%%y pu(%i"hed

directory can (e acce""ed e%ectronica%%y

"ti%% )u%nera(%e to tampering or forgeryP%"c-/e@ A%h#&"@

Impro)e "ecurity (y tightening contro% o)er di"tri(ution of key" from directory ha" propertie" of directory and re.uire" u"er" to know pu(%ic key for the directory then u"er" interact with directory to o(tain any de"ired pu(%ic key "ecure%y

35
https://en.wikipedia.org/wiki/ECC_patentshttps://en.wikipedia.org/wiki/ECC_patentshttps://en.wikipedia.org/wiki/RSA_(security_firm)https://en.wikipedia.org/wiki/RSA_(security_firm)https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-3https://en.wikipedia.org/wiki/Daniel_J._Bernsteinhttps://en.wikipedia.org/wiki/Daniel_J._Bernsteinhttps://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-4https://en.wikipedia.org/wiki/ECC_patentshttps://en.wikipedia.org/wiki/ECC_patentshttps://en.wikipedia.org/wiki/RSA_(security_firm)https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-3https://en.wikipedia.org/wiki/Daniel_J._Bernsteinhttps://en.wikipedia.org/wiki/Daniel_J._Bernsteinhttps://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-4


36/171

. E=:6"8 E":"c C%&e C&@:#&6:h@. (Dec12)

E":"c C%&e C&@:#&6:h@

MaHority of pu(%ic+key crypto /S3* D+! u"e either integer or po%ynomia% arithmetic

with )ery %arge num(er"po%ynomia%"

impo"e" a "ignificant %oad in "toring and proce""ing key" and me""age" an a%ternati)e i"

to u"e e%%iptic cur)e"

offer" "ame "ecurity with "ma%%er (it "iFe"

Re6 E":"c C%&e'

3n e%%iptic cur)e i" defined (y an e.uation in two )aria(%e" > G y* with coefficient"

con"ider a cu(ic e%%iptic cur)e of form o y

2

P x

#

R ax R bwhere >*y*a*( are a%% rea%num(er"

a%"o define Fero point ,

ha)e addition operation for e%%iptic cur)e

geometrica%%y "um of OR i" ref%ection of inter"ection

F"8"e E":"c C%&e'

o -%%iptic cur)e cryptography u"e" cur)e" who"e )aria(%e" G coefficient" are finite

ha)e two fami%ie" common%y u"ed8o prime cur)e" -p/a*( defined o)er p

o u"e integer" modu%o a prime

o (e"t in "oftware

o (inary cur)e" -2m/a*( defined o)er $/2n

o u"e po%ynomia%" with (inary coefficient"

o (e"t in hardware

E":"c C%&e C&@:#&6:h@

o -CC addition i" ana%og of modu%o mu%tip%y

o -CC repeated addition i" ana%og of modu%o e>ponentiation o need hardE pro(%em e.ui)to di"crete %og

o OPk:* where O*: (e%ong to a prime cur)e o i" ea"yE to compute O gi)en k*:

o (ut hardE to find k gi)en O*:

o known a" the e%%iptic cur)e %ogarithm pro(%em o Certicom e>amp%e8 -2#/A*17

ECC D";;"e-He568

36


37/171

o can do key e>change ana%ogou" to D+! o u"er" "e%ect a "uita(%e cur)e -p/a*(

o "e%ect (a"e point $P/>1*y1 with %arge order n "t n$P, o 3 G 5 "e%ect pri)ate key"

n3_n* n5_n

o compute pu(%ic key"8 :3Pn3$* :5Pn5$ o compute "hared key8 =Pn3:5* =Pn5:3

o "ame "ince =Pn3n5$

ECC E8c&@:"#8>Dec&@:"#8

o "e)era% a%ternati)e"* wi%% con"ider "imp%e"t

mu"t fir"t encode any me""age M a" a point on the e%%iptic cur)e :m

"e%ect "uita(%e cur)e G point $ a" in D+! o each u"er choo"e" pri)ate key n3_n

o and compute" pu(%ic key :3Pn3$

o to encrypt :m8 CmPZk$* :mRk :([* k random o decrypt Cmcompute8

o :mRk:(;n5/kG P :mRk/n5G;n5/kG P :m

ECC Sec%&"@

o re%ie" on e%%iptic cur)e %ogarithm pro(%em

o fa"te"t method i" :o%%ard rho methodE

o compared to factoring* can u"e much "ma%%er key "iFe" than with S3 etc

o for e.ui)a%ent key %ength" computation" are rough%y e.ui)a%ent

o

hence for "imi%ar "ecurity -CC offer" "ignificant computationa% ad)antage"o doe" re.uire rea%+time acce"" to directory when key" are needed

P%"c-/e@ Ce&";"c6e'

Certificate" a%%ow key e>change without rea%+time acce"" to pu(%ic+key authority

a certificate (ind" identity to pu(%ic key

u"ua%%y with other info "uch a" period of )a%idity* right" of u"e etc with a%% content"

"igned (y a tru"ted :u(%ic+=ey or Certificate 3uthority /C3

can (e )erified (y anyone who know" the pu(%ic+key authoritie" pu(%ic+key

P%"c-/e@ D"'&"%"#8 #; Sec&e /e@'

u"e pre)iou" method" to o(tain pu(%ic+ke

can u"e for "ecrecy or authentication

(ut pu(%ic+key a%gorithm" are "%ow

37


38/171

"o u"ua%%y want to u"e pri)ate+key encryption to protect me""age content"

hence need a "e""ion key

ha)e "e)era% a%ternati)e" for negotiating a "uita(%e "e""ion

S"5:e Sec&e /e@ D"'&"%"#8

:ropo"ed (y Merk%e in 1A7A 3 generate" a new temporary pu(%ic key pair

3 "end" 5 the pu(%ic key and their identity

5 generate" a "e""ion key = "end" it to 3 encrypted u"ing the "upp%ied pu(%ic key

3 decrypt" the "e""ion key and (oth u"e

pro(%em i" that an opponent can intercept and imper"onate (oth ha%)e" of protoco%

. E=:6"8 A$68ce$ E8c&@:"#8 S68$6&$

A$68ce$ E8c&@:"#8 S68$6&$ (AES) E6%6"#8 C&"e&"6

AES Rei(i%ity /in endecrypt* keying* other factor"AES C":he& - R"Qe8$6e

De"igned (y iHmen+Daemen in 5e%gium ha" 12?1A22


39/171

operate" an entire (%ock in e)ery round de"igned to (e8

re"i"tant again"t known attack"

o "peed and code compactne"" on many C:4"

o de"ign "imp%icity:roce""e" data a" & group" of & (yte" /"tate ha" A111# round" in which "tate

undergoe"8

o (yte "u("titution /1 S+(o> u"ed on e)ery (yte

o "hift row" /permute (yte" (etween group"co%umn"

o mi> co%umn" /"u(" u"ing matri> mu%tipy of group"

o add round key /@, "tate with key materia%

initia% @, key materia% G incomp%ete %a"t round a%% operation" can (e com(ined into

@, and ta(%e %ookup" + hence )ery fa"t G efficient

+. B&"e;@ e=:6"8 &":e DES.

T&":e DES

C%ear a rep%acement for D-S wa" needed theoretica% attack" that can (reak it

demon"trated e>hau"ti)e key "earch attack" 3-S i" a new cipher a%ternati)e prior to thi"

a%ternati)e wa" to u"e mu%tip%e encryption with D-S imp%ementation"

h@ T&":e-DES

hy not Dou(%e+D-S

N,T "ame a" "ome other "ing%e+D-S u"e* (ut ha)e o meet+in+the+midd%e attack

work" whene)er u"e a cipher twice

"ince @ P -=1V:W P D=2VCW

attack (y encrypting : with a%% key" and "tore

then decrypt C with key" and match @ )a%ue

can "how take" ,/2


40/171

T&":e-DES "h Th&ee-/e@'

3%though are no practica% attack" on two+key Trip%e+D-S ha)e "ome indication"

can u"e Trip%e+D-S with Three+=ey" to a)oid e)en the"e C P -=#VD=2V-=1V:WWW

ha" (een adopted (y "ome Internet app%ication"* eg :$:* SMIM-

10. E=:6"8 B# F"'h A#&"h5.

B#;"'h E8c&@:"#8 A#&"h5

5%owfi"h wa" de"igned in 1AA# (y 5ruce Scheier a" a fa"t* a%ternati)e to e>i"ting

encryption a%gorithm" "uch 3-S* D-S and # D-S etc

5%owfi"h i" a "ymmetric (%ock encryption a%gorithm de"igned in con"ideration with*

Fast:It encrypt" data on %arge #2+(it microproce""or" at a rate of 26 c%ock cyc%e"

per (yte

Compact:It can run in %e"" than


41/171

The Fe"'e '&%c%&e #; B#;"'h

De'c&":"#8 #; A#&"h5

5%owfi"h "ymmetric (%ock cipher a%gorithm encrypt" (%ock data of 6&+(it" at a time It

wi%% fo%%ow" the fei"te% network and thi" a%gorithm i" di)ided into two part"

1 =ey+e>pan"ion

2 Data -ncryption

/e@-e=:68'"#88

It wi%% con)ert a key of at mo"t &&? (it" into "e)era% "u( key array" tota%ing &16?

(yte" 5%owfi"h u"e" %arge num(er of "u( key"

The"e key" are generating ear%ier to any data encryption or decryption

The p+array con"i"t" of 1?* #2+(it "u(key"8

:1* :2^ :1?

our #2+(it S+5o>e" con"i"t of 2


42/171

S#* 0* S#* 1^ S#* 2e"* in order* with a fi>ed "tring

Thi" "tring con"i"t" of the he>adecima% digit" of pi /%e"" the initia% #8 :1 P 0>2f6a??*

:2 P 0>?1#1A?a2e* :& P 0>0#707#&&* etc

2 @, :1 with the fir"t #2 (it" of the key* @, :2 with the "econd #2+(it" of the key*

and "o on for a%% (it" of the key /po""i(%y up to :1& epeated%y cyc%e through the key

(it" unti% the entire :+array ha" (een @,ed with key (it" /or e)ery "hort key* there i"

at %ea"t one e.ui)a%ent %onger keyJ for e>amp%e* if 3 i" a 6&+(it key* then 33* 333* etc*

are e.ui)a%ent key"

# -ncrypt the a%%+Fero "tring with the 5%owfi"h a%gorithm* u"ing the "u( key"

de"cri(ed in "tep" /1 and /2

& ep%ace :1 and :2 with the output of "tep /#

t wou%d (e u"ed for authentication

42


43/171

Me''6e A%he8"c6"#8 C#$eIt i" a function of me""age and "ecret key produce a

fi>ed %ength )a%ue

H6'h ;%8c"#8Some function that map a me""age of any %ength to fi>ed %ength which

"er)e" a" authentication

3. h6 6&e he &e


44/171

MACIn Me""age 3uthentication Code* the "ecret key "hared (y "ender and recei)er

The M3C i" appended to the me""age at the "ource at a time which the me""age i"

a""umed or known to (e correct

H6'h F%8c"#8The ha"h )a%ue i" appended to the me""age at the "ource at time when

the me""age i" a""umed or known to (e correct The ha"h function it"e%f not con"idered to(e "ecret

,. A8@ h&ee h6'h 6#&"h5.

MD< /Me""age Dige"t )er"ion ed %ength )a%ue ca%%ed a" M3C M3C P Ck/M here M P )aria(%e %engthme""age = P "ecret key "hared (y "ender and recei)er C=/M P fi>ed %ength

authenticator

+. D";;e&e8"6e "8e&86 68$ e=e&86 e&& c#8.

I8e&86 e&& c#8In interna% error contro%* an error detecting code a%"o known a"

frame check "e.uence or check"um

E=e&86 e&& c#8 In e>terna% error contro%* error detecting code" are appended

after encryption

10. h6 "' 5e68 @ 5ee "8 he 5"$$e 66c?

Thi" i" the cryptana%ytic attack that attempt" to find the )a%ue in each of the range and

domain of the compo"ition of two function" "uch that the forward mapping of one

through the fir"t function i" the "ame a" the in)er"e image of the other through the "econd

function+.uite %itera%%y meeting in the midd%e of the compo"ed function

44


45/171

11. h6 "' he e #; c#5:&e''"#8 ;%8c"#8 "8 h6'h ;%8c"#8

The ha"h a%gorithm in)o%)e" repeated u"e of a compre""ion function f* that take" two

input" and produce a n+(it output 3t the "tart of ha"hing the chaining )aria(%e ha" an

initia% )a%ue that i" "pecified a" part of the a%gorithm The fina% )a%ue of the chaining

)aria(%e i" the ha"h )a%ue u"ua%%y (nJ hence the term compre""ion

12. h6 "' he $";;e&e8ce eee8 e6? 68$ ' c#"'"#8 &e'"'68ce

e6? c#"'"#8 &e'"'68ce S &e'"'68ce c#"'"#8

or any gi)en (%ock >* it i"

computationa%%y infea"i(%e to fine y>

wit !/yP!/>

It i" computationa%%y infea"i(%e to

find any pair />*y "uch that

!/>P!/y

It i" proportiona% to 2n It i" proportiona% to 2 n2

13. C#5:6&e MD* SHA1 68$ RIPEMD-1,0 6#&"h5. (Dec 13)

3%gorithm" MD< S!3+1 I:-MD160

Dige"t %ength 12? (it" 12? (it" 160 (it"

5a"ic unit of

proce""ing


46/171

on%y the communicating partie" ro%e in thi" digita% "ignature

2Thi" may (e formed (y encrypting the

entire me""age with the "ender9" pri)ate

key

-)ery "igned me""age from a "ender >

to a recei)er y goe" fir"t to an ar(iter 3*

who "u(Hect" the me""age and it"

"ignature to a num(er of te"t" to checkit" origin and content

1*. h6 6&e he ::e&"e' 6 $""6 '"86%&e 'h#%$ h6e

It mu"t )erify the author and the data and time of "ignature

It mu"t authenticate the content" at the time of "ignature

It mu"t (e )erifia(%e (y third partie" to re"o%)e di"pute"

1,. h6 &ee" "ecurity deficiencie" ofC5C+M3C/C5C+M3C i"

"ecure on%y for fi>ed+%ength me""age"

1. De;"8e HMAC

!a"h+(a"ed Me""age 3uthentication Code /!M3C i" a me""age authentication

code that u"e" acryptographic keyin conHunction with aha"h function !M3C

pro)ide" the"er)erand thec%ienteach with a pu(%ic and pri)ate key Thepu(%ic

keyi" known* (ut thepri)ate keyi" known on%y to that "pecific "er)er and that

"pecific c%ient The c%ient create" a uni.ue !M3C* or ha"h* per re.ue"t to the

"er)er (y com(ing the re.ue"t data and ha"hing that data* a%ong with a pri)ate key

and "ending it a" part of a re.ue"t The "er)er recei)e" the re.ue"t and regenerate"

46
https://en.wikipedia.org/wiki/Cryptographyhttps://en.wikipedia.org/wiki/CMAC#endnote_SP800-38Bhttps://en.wikipedia.org/wiki/Block_cipherhttps://en.wikipedia.org/wiki/Message_authentication_codehttps://en.wikipedia.org/wiki/Block_cipher_modes_of_operationhttps://en.wikipedia.org/wiki/CBC-MAChttp://searchsecurity.techtarget.com/definition/keyhttp://searchsqlserver.techtarget.com/definition/hashinghttp://whatis.techtarget.com/definition/serverhttp://searchenterprisedesktop.techtarget.com/definition/clienthttp://searchsecurity.techtarget.com/definition/public-keyhttp://searchsecurity.techtarget.com/definition/public-keyhttp://searchsecurity.techtarget.com/definition/private-keyhttps://en.wikipedia.org/wiki/Cryptographyhttps://en.wikipedia.org/wiki/CMAC#endnote_SP800-38Bhttps://en.wikipedia.org/wiki/Block_cipherhttps://en.wikipedia.org/wiki/Message_authentication_codehttps://en.wikipedia.org/wiki/Block_cipher_modes_of_operationhttps://en.wikipedia.org/wiki/CBC-MAChttp://searchsecurity.techtarget.com/definition/keyhttp://searchsqlserver.techtarget.com/definition/hashinghttp://whatis.techtarget.com/definition/serverhttp://searchenterprisedesktop.techtarget.com/definition/clienthttp://searchsecurity.techtarget.com/definition/public-keyhttp://searchsecurity.techtarget.com/definition/public-keyhttp://searchsecurity.techtarget.com/definition/private-key


47/171

it" own uni.ue !M3C The "er)er compare" the two !M3C"* and* if theyUre

e.ua%* the c%ient i" tru"ted and the re.ue"t i" e>ecuted Thi" proce"" i" often ca%%ed

a 'ec&eh68$'h6?e.

1+. h6 "' $""6 '"86%&e (M6@ 1*)

3 digita% "ignature i" a mathematica% techni.ue u"ed to )a%idate the authenticity

and integrity of a me""age* "oftware or digita% document/Digita% "ignature" can

pro)ide the added a""urance" of e)idence to origin* identity and "tatu" of an

e%ectronic document* tran"action or me""age* a" we%% a" acknow%edging informed

con"ent (y the "igner

20. G"e E656 D""6 S"86%&e Sche5e. (M6@ 13)

TheEG656 '"86%&e 'che5ei" adigita% "ignature"cheme which i" (a"ed on

the difficu%ty of computingdi"crete %ogarithm" It wa" de"cri(ed (yTaher

-%$ama%in 1A?& The -%$ama% "ignature "cheme a%%ow" a third+party to confirm

the authenticity of a me""age "ent o)er an in"ecure channe%

PART-B

1. E=:6"8 he c6''";"c6"#8 #; 6%he8"c6"#8 ;%8c"#8 "8 $e6". (M6@ 11)

me""age authentication i" concerned with8

o protecting the integrity of a me""age

o )a%idating identity of originator

o non+repudiation of origin /di"pute re"o%ution

e%ectronic e.ui)a%ent of a "ignature on a me""age

an6%he8"c6#&*'"86%&e* or5e''6e 6%he8"c6"#8 c#$e (MAC)i" "enta%ong with the me""age

the M3C i" generated )ia "ome a%gorithm which depend" on (oth the me""age

and "ome /pu(%ic or pri)ate key known on%y to the "ender and recei)er

the me""age may (e of any %ength

the M3C may (e of any %ength* (ut more often i" "ome fi>ed "iFe* re.uiring theu"e of "omeh6'h ;%8c"#8to conden"e the me""age to the re.uired "iFe if thi" i"not achie)ed (y the authentication "cheme

need to con"ider rep%ay pro(%em" with me""age and M3C

o re.uire a me""age "e.uence num(er* time"tamp or negotiated random

)a%ue"

47
http://searchnetworking.techtarget.com/definition/handshakinghttp://searchnetworking.techtarget.com/definition/handshakinghttps://en.wikipedia.org/wiki/Digital_signaturehttps://en.wikipedia.org/wiki/Discrete_logarithmhttps://en.wikipedia.org/wiki/Taher_ElGamalhttps://en.wikipedia.org/wiki/Taher_ElGamalhttp://searchnetworking.techtarget.com/definition/handshakinghttps://en.wikipedia.org/wiki/Digital_signaturehttps://en.wikipedia.org/wiki/Discrete_logarithmhttps://en.wikipedia.org/wiki/Taher_ElGamalhttps://en.wikipedia.org/wiki/Taher_ElGamal


48/171

Fig: Authentication using Private-key Ciphers if a me""age i" (eing encrypted u"ing a "e""ion key known on%y to the "ender and

recei)er* then the me""age may a%"o (e authenticatedo "ince on%y "ender or recei)er cou%d ha)e created it

o any interference wi%% corrupt the me""age /pro)ided it inc%ude" "ufficient

redundancy to detect change

o (ut thi" doe" not pro)ide non+repudiation "ince it i" impo""i(%e to pro)e

who created the me""age

me""age authentication may a%"o (e done u"ing the "tandard mode" of u"e of a

(%ock cipher

o "ometime" do not want to "end encrypted me""age"

o can u"e either C5C or C5 mode" and "end fina% (%ock* "ince thi" wi%%

depend on a%% pre)iou" (it" of the me""age

o no ha"h function i" re.uired* "ince thi" method accept" ar(itrary %ength

input and produce" a fi>ed output

o u"ua%%y u"e a fi>ed known IB

o thi" i" the approached u"ed in 3u"tra%ian -T "tandard" 3S?20ed+

%ength ha"h )a%ue* which "er)e" a" the authenticator

. E=:6"8 HMAC

Specified a" Internet "tandard C210&

u"e" ha"h function on the me""age8 !M3C=P !a"hV/=R@, opad jj

!a"hV/=R@, ipadjjMWW where =Ri" the key padded out to "iFeand opad* ipad

are "pecified padding con"tant"

o)erhead i" Hu"t # more ha"h ca%cu%ation" than the me""age need" a%one any of

MD


56/171

e%ia(%e

Tran"parent

Sca%a(%e

. I8 he c#8e8 #; /e&e' h6 "' &e65

3 fu%% "er)ice =er(ero" en)ironment con"i"ting of a =er(ero" "er)er* a no of c%ient"*

noof app%ication "er)er re.uire" the fo%%owing8 The =er(ero" "er)er mu"t ha)e u"er ID

and ha"hed pa""word of a%% participating u"er" in it" data(a"e The =er(ero" "er)er mu"t

"hare a "ecret key with each "er)er Such an en)ironment i" referred to a" ea%mE

*. h6 "' he :%&:#'e #; 4.*0+ '68$6&$ (Dec 1)

@


57/171

10. L"' he "5"6"#8' #; SMTP>RFC 22

1 SMT: cannot tran"mit e>ecuta(%e fi%e" or (inary o(Hect"

2 It cannot tran"mit te>t data containing nationa% %anguage character"

# SMT: "er)er" may reHect mai% me""age o)er certain "iFe]

& SMT: gateway" cau"e pro(%em" whi%e tran"mitting 3SCII and -5CDIC

ten"ion/SMIM- i" a "ecurity enhancement to the

MIM- Internet -+mai% format "tandard* (a"ed on techno%ogy from S3 Data Security

12. h6 "' 6 ;"&e6

3;"&e6i" a network "ecurity "y"tem de"igned to pre)ent unauthoriFed acce"" to or

from a pri)ate networkF"&e6'can (e imp%emented in (oth hardware and "oftware* or

a com(ination of (oth

3 firewa%% i" a "ing%e de)ice u"ed to enforce "ecurity po%icie" within a network or (etweennetwork" (y contro%%ing traffic f%ow"

The irewa%% Ser)ice" Modu%e /SM i" a )ery capa(%e de)ice that can (e u"ed to

enforce tho"e "ecurity po%icie" The SM wa" de)e%oped a" a modu%e or (%ade thatre"ide" in either a Cata%y"t 6y irewa%%"

!o"t 5a"ed firewa%%"

:er"ona% firewa%%"

Di"tri(uted irewa%%"

Circuit %e)e% firewa%%

3pp%ication pro>y firewa%%

1. h6 6&e "5"6"#8' #; ;"&e6'

cannot protect from attack" (ypa""ing it ; eg "neaker net* uti%ity modem"* tru"ted

organiFation"* tru"ted "er)ice" /eg SS'SS!

cannot protect again"t interna% threat" ; eg di"grunt%ed or co%%uding emp%oyee"

57


58/171

cannot protect again"t acce"" )ia '3N ; if improper%y "ecured again"t e>terna%

u"e

Cannot protect again"t ma%ware imported )ia %aptop* :D3* "torage infected out"ide

1*. h6 "' 68 "8&%$e&

3n Intruder i" a per"on who attempt" to gain unauthoriFed acce"" to a "y"tem* to damagethat "y"tem* or to di"tur( data on that "y"tem In "ummary* thi" per"on attempt" to

)io%ateSecurity(y interfering with "y"tem Availability* dataIntegrityor data

Confidentia%ity

1,. h6 "' IDS

3n"8&%'"#8 $eec"#8 '@'e5/IDS i" a de)ice or"oftware app%icationthat monitor"

network or "y"tem acti)itie" for ma%iciou" acti)itie" or po%icy )io%ation" and produce"

e%ectronic report" to a management "tation

17. What are the types of I!"

#et$or% &ase' I!(ost &ase' I!Intru"ion detection and pre)ention "y"tem" /ID:S

18. e)*e vir+s

3c#5:%e& "&%'i" ama%warethat* when e>ecuted*rep%icate"(y reproducing it"e%f or

infecting otherprogram"(y modifying themV1WInfecting computer program" can inc%ude

a" we%%* datafi%e"* or the(oot "ectorof thehard dri)e hen thi" rep%ication "ucceed"*

the affected area" are then "aid to (e XinfectedX

19. i,ere*tiate vir+s- $or a*' /roa* horse

I! W /A# (orse

3c#5:%e& "&%'i"

ama%warethat* when

e>ecuted*rep%icate"(y

reproducing it"e%f or

infectingotherprogram"(y

modifying them

It u"e" acomputer

networkto "pread

i"e%f4n%ike acomputer

)iru"* it doe" not need to

attach it"e%f to an e>i"tingprogram orm" a%mo"t

a%way" cau"e at %ea"t "ome

harm to the network* e)en

if on%y (y

con"uming(andwidth

The TroHan !or"e* at

fir"t g%ance wi%%

appear to (e

u"efu%"oftware(ut

wi%% actua%%y dodamage once

in"ta%%ed or run on

your computer

58
http://hitachi-id.com/concepts/security.htmlhttp://hitachi-id.com/concepts/integrity.htmlhttp://hitachi-id.com/concepts/confidentiality.htmlhttps://en.wikipedia.org/wiki/Software_applicationhttps://en.wikipedia.org/wiki/Malwarehttps://en.wikipedia.org/wiki/Quine_(computing)https://en.wikipedia.org/wiki/Computer_programhttps://en.wikipedia.org/wiki/Computer_virus#cite_note-Stallings_2012_p.182-1https://en.wikipedia.org/wiki/Computer_filehttps://en.wikipedia.org/wiki/Boot_sectorhttps://en.wikipedia.org/wiki/Hard_disk_drivehttps://en.wikipedia.org/wiki/Malwarehttps://en.wikipedia.org/wiki/Quine_(computing)https://en.wikipedia.org/wiki/Computer_programhttps://en.wikipedia.org/wiki/Computer_networkhttps://en.wikipedia.org/wiki/Computer_networkhttps://en.wikipedia.org/wiki/Computer_virushttps://en.wikipedia.org/wiki/Computer_virushttps://en.wikipedia.org/wiki/Bandwidth_(computing)http://www.webopedia.com/TERM/S/software.htmlhttp://hitachi-id.com/concepts/security.htmlhttp://hitachi-id.com/concepts/integrity.htmlhttp://hitachi-id.com/concepts/confidentiality.htmlhttps://en.wikipedia.org/wiki/Software_applicationhttps://en.wikipedia.org/wiki/Malwarehttps://en.wikipedia.org/wiki/Quine_(computing)https://en.wikipedia.org/wiki/Computer_programhttps://en.wikipedia.org/wiki/Computer_virus#cite_note-Stallings_2012_p.182-1https://en.wikipedia.org/wiki/Computer_filehttps://en.wikipedia.org/wiki/Boot_sectorhttps://en.wikipedia.org/wiki/Hard_disk_drivehttps://en.wikipedia.org/wiki/Malwarehttps://en.wikipedia.org/wiki/Quine_(computing)https://en.wikipedia.org/wiki/Computer_programhttps://en.wikipedia.org/wiki/Computer_networkhttps://en.wikipedia.org/wiki/Computer_networkhttps://en.wikipedia.org/wiki/Computer_virushttps://en.wikipedia.org/wiki/Computer_virushttps://en.wikipedia.org/wiki/Bandwidth_(computing)http://www.webopedia.com/TERM/S/software.html


59/171

20. e)*e $ors.

3c#5:%e& #&5i" a "tanda%onema%warecomputer programthat rep%icate" it"e%f in

order to "pread to other computer" ,ften* it u"e" acomputer network

to "pread it"e%f*

re%ying on "ecurity fai%ure" on the target computer to acce"" it 4n%ike acomputer )iru"*it

doe" not need to attach it"e%f to an e>i"ting program orm" a%mo"t a%way" cau"e at %ea"t

"ome harm to the network* e)en if on%y (y con"uming(andwidth* wherea" )iru"e" a%mo"t

a%way" corrupt or modify fi%e" on a targeted computer

PART B (1, 56&?')

1. plai* erberos i* 'etail.

/e&e'

tru"ted key "er)er "y"tem from MIT pro)ide" centra%i"ed pri)ate+key third+party authentication in a di"tri(uted network

o a%%ow" u"er" acce"" to "er)ice" di"tri(uted through network

o without needing to tru"t a%% work"tation"

o rather a%% tru"t a centra% authentication "er)er two )er"ion" in u"e8 & G amine each I: packet /no conte>t and permit or deny according to ru%e"o hence re"trict

acce"" to "er)ice" /port"

o po""i(%e defau%t po%icie" that not e>pre""%y permitted i" prohi(ited that not e>pre""%y prohi(ited i" permitted

A6c?' #8 P6c?e F"e&'

o I: addre"" "poofing fake "ource addre"" to (e tru"ted add fi%ter" on router to (%ock

o "ource routing attack" attacker "et" a route other than defau%t (%ock "ource routed packet"

o tiny fragment attack" "p%it header info o)er "e)era% tiny packet" either di"card or rea""em(%e (efore check

F"&e6' 9 S6e;% P6c?e F"e&'

o e>amine each I: packet in conte>t

keep" track" of c%ient+"er)er "e""ion"

check" each packet )a%id%y (e%ong" to one o (etter a(%e to detect (ogu" packet" out of conte>t

*. E=:6"8 R#e' #; F"&e6'.

64


65/171

3 firewa%% i" a term u"ed for a LL(arrierUU (etween a network of machine" and u"er" that operate

under a common "ecurity po%icy and genera%%y tru"t each other* and the out"ide wor%d In recent

year"* firewa%%" ha)e (ecome enormou"%y popu%ar on the Internet In %arge part* thi" i" due to the

fact that mo"t e>i"ting operating "y"tem" ha)e e""entia%%y no "ecurity* and were de"igned under

the a""umption that machine" and u"er" wou%d tru"t each other

There are two (a"ic rea"on" for u"ing a firewa%% at pre"ent8 to "a)e money in concentrating your

"ecurity on a "ma%% num(er of component"* and to "imp%ify the architecture of a "y"tem (y

re"tricting acce"" on%y to machine" that tru"t each other irewa%%" are often regarded a" "ome a"

an irritation (ecau"e they are often regarded a" an impediment to acce""ing re"ource" Thi" i"

not a fundamenta% f%aw of firewa%%"* (ut rather i" the re"u%t of fai%ing to keep up with demand"

to impro)e the firewa%%

There i" a fair%y %arge group of determined and capa(%e indi)idua%" around the wor%d who take

p%ea"ure in (reaking into "y"tem" ,ther than the "en"e of in"ecurity that it ha" in"ti%%ed in

"ociety* the amount of actua% damage that ha" (een cau"ed i" re%ati)e%y "%ight It high%ight" the

fact that e""entia%%y any "y"tem can (e compromi"ed if an ad)er"ary i" determined enough It i"

a tried and true method to impro)e "ecurity within D,D proHect" to ha)e a LL(%ack hatUU

organiFation that attempt" to (reak into "y"tem" rather than ha)e them found (y your rea%

ad)er"arie" 5y (ringing the )u%nera(i%itie" of "y"tem" to the forefront* the Internet hacker"

ha)e e""entia%%y pro)ided thi" "er)ice* and an impetu" to impro)e e>i"ting "y"tem" It i"

pro(a(%y a "tretch to "ay that we "hou%d thank them* (ut I (e%ie)e that it i" (etter to rai"e the"e

i""ue" ear%y rather than %ater when our "ociety wi%% (e a%mo"t 100 dependent on information

"y"tem"

,. plai* types of )re$alls.Type" of irewa%%" The firewa%%" can (e (road%y categoriFed into the fo%%owing three type"8 :acket i%ter" 3pp%ication+%e)e% $ateway" Circuit+%e)e% $ateway"P6c?e F"e&':acket fi%tering router app%ie" a "et of ru%e" to each incoming I: packet and

then forward" or di"card" it :acket fi%ter i" typica%%y "et up a" a %i"t of ru%e" (a"ed on matche"

of fie%d" in the I: or TC: header 3n e>amp%e ta(%e of te%net fi%ter" ru%e" The packet fi%ter

operate" with po"iti)e fi%ter ru%e" It i" nece""ary to "pecify what "hou%d (e permitted* and

e)erything that i" e>p%icit%y not permitted i" automatica%%y for(idden 3 ta(%e of packet fi%ter

ru%e" for te%net app%icationA::"c6"#8-ee G6e6@3pp%ication %e)e% gateway* a%"o ca%%ed a :ro>y Ser)er act" a" a

re%ay of app%ication %e)e% traffic 4"er" contact gateway" u"ing an app%ication and the re.ue"t i"

"ucce""fu% after authentication The app%ication gateway i" "er)ice "pecific "uch a" T:*

T-'N-T* SMT: or !TT:C"&c%" Lee G6e6@Circuit+%e)e% gateway can (e a "tanda%one or a "pecia%iFed "y"tem It

doe" not a%%ow end+to+end TC: connectionJ the gateway "et" up two TC: connection" ,nce the

65


66/171

TC: connection" are e"ta(%i"hed* the gateway re%ay" TC: "egment" from one connection to the

other without e>amining the content" The "ecurity function determine" which connection" wi%%

(e a%%owed and which are to (e di"a%%owed

. E=:6"8 @:e' #; 'ec%&e '@'e5.

T@:e' #; Sec%&e C#5:%"8 S@'e5'

Dedicated /Sing%e+'e)e% Sy"tem"

o hand%e" "u(Hect" and o(Hect" with "ame c%a""ification

o re%ie" on other "ecurity procedure" /eg phy"ica%

Sy"tem+!igh

o on%y pro)ide" need+to+know protection (etween u"er"

o entire "y"tem operate" at highe"t c%a""ification %e)e%

o a%% u"er" mu"t (e c%eared for that %e)e% of information

Compartmented

o )araition of Sy"tem+!igh which can proce"" two or more type" of compartmented

information

o not a%% u"er" are c%eared for a%% compartment"* (ut a%% mu"t (e c%eared to the highe"t %e)e% of

information proce""ed

Mu%ti+'e)e% Sy"tem"

o i" )a%idated for hand%ing "u(Hect" and o(Hect" with different right" and %e)e%" of "ecurity

"imu%taneou"%y

o maHor feature" of "uch "y"tem" inc%ude8

u"er identification and authentication

re"ource acce"" contro% and o(Hect %a(e%ing

audit trai%" of a%% "ecurity re%e)ant e)ent"

e>terna% )a%idation of the "y"tem" "ecurity

. E=:6"8 6c"e ;"&e6 ee5e8'.

The "tructure of an acti)e firewa%% e%ement* which i" integrated in the communication interface

(etween the in"ecure pu(%ic network and the pri)ate network To pro)ide nece""ary "ecurity

"er)ice"* fo%%owing component" are re.uired8I8e&6"#8 M#$%eIt integrate" the acti)e firewa%% e%ement into the communication "y"tem

with the he%p of de)ice dri)er" In ca"e of packet fi%ter"* the integration i" a(o)e the Network3cce"" 'ayer* where a" it are a(o)e the Tran"port %ayer port" in ca"e of 3pp%ication $ateway

A86@'"' M#$%e8 5a"ed on the capa(i%itie" of the firewa%%* the communication data i" ana%y"e"

in the 3na%y"i" Modu%e The re"u%t" of the ana%y"i" are pa""ed on to the Deci"ion Modu%eDec"'"#8 M#$%eThe Deci"ion Modu%e e)a%uate" and compare" the re"u%t" of the ana%y"i"

with the "ecurity po%icy definition" "tored in the u%e "et and the communication data i"

a%%owed or pre)ented (a"ed the outcome of the compari"on

66


67/171

Pce''"8 5#$%e ;#& Sec%&"@ &e6e$ Ee8'5a"ed on ru%e "et* configuration "etting" and

the me""age recei)ed from the deci"ion modu%e* it write" on the %og(ook and generate" a%arm

me""age to the Security Management Sy"temA%he8"c6"#8 M#$%eThi" modu%e i" re"pon"i(%e for the identification and authentication of

Documents

VII SEM updates.doc