Network Security

Dr. Indranil Sen Gupta

Head, School of Information Technology
Professor, Computer Science & Engg.
Indian Institute of Technology
Kharagpur
1
ICDCN06, IIT Guwahati

Outline of the Tutorial

Security attacks and services

Cryptography: basic concepts
Private key cryptography
Public key cryptography
Network security principles in use
Penetration testing and ethical hacking

2
ICDCN06, IIT Guwahati

Security Attacks and Services

3
ICDCN06, IIT Guwahati

Security Attacks

Any action that compromises the security

of information.
Four types of attack:
1.
2.
3.
4.

Interruption
Interception
Modification
Fabrication

Basic model:
S
Source

D
Destination
4

ICDCN06, IIT Guwahati

 Interruption:
Attack on availability

Interception:
Attack on confidentiality

5
ICDCN06, IIT Guwahati

Modification:

Attack on integrity
I

Fabrication:
Attack on authenticity

S
I

6
ICDCN06, IIT Guwahati

Passive and Active Attacks

Passive attacks
Obtain information that is being transmitted
(eavesdropping).
Two types:
Release of message contents:- It may be desirable to
prevent the opponent from learning the contents of
the transmission.
Traffic analysis:- The opponent can determine the
location and identity of communicating hosts, and
observe the frequency and length of messages being
exchanged.

Very difficult to detect.

7
ICDCN06, IIT Guwahati

Active attacks
Involve some modification of the data stream or
the creation of a false stream.
Four categories:
Masquerade:- One entity pretends to be a different entity.
Replay:- Passive capture of a data unit and its
subsequent retransmission to produce an unauthorized
effect.
Modification:- Some portion of a legitimate message is
altered.
Denial of service:- Prevents the normal use of
communication facilities.
8
ICDCN06, IIT Guwahati

Security Services

Confidentiality
Authentication
Integrity
Non-repudiation
Access control
Availability
Denial of Service Attacks
Virus that deletes files

9
ICDCN06, IIT Guwahati

Network Access Security Model

10
ICDCN06, IIT Guwahati

Cryptography: Basic Concepts

11
ICDCN06, IIT Guwahati

Introduction
Most important concept behind network
security is encryption.
Two forms of encryption are in common use:
Private (or Symmetric)
Single key shared by sender and receiver.
Examples: DES, AES, IDEA

Public-key (or Asymmetric)

Separate keys for sender and receiver.
Examples: RSA, Diffie-Hellman

12
ICDCN06, IIT Guwahati

Some Terminologies
Plaintext:
the data that is to be encrypted

Ciphertext:
the encrypted form of the data

Encryption/Decryption algorithm
the algorithm used to carry out the transformation.

Key
Usually a secret entity.
Used as parameter to the encryption/decryption
algorithm.
13
ICDCN06, IIT Guwahati

Private Key Cryptography

14
ICDCN06, IIT Guwahati

Simplified Model of Conventional Encryption

Shared Key K

Plaintext
P

Encryption
Algorithm

Shared Key K

Ciphertext C

Decryption
Algorithm

Plaintext
P

15
ICDCN06, IIT Guwahati

Classical Techniques

Broadly falls under two categories:

1. Substitution ciphers
Each letter of group of letters of the plaintext
are replaced by some other letter or group of
letters, to obtain the ciphertext.
2. Transposition ciphers
Letters of the plaintext are permuted in some
form.

16
ICDCN06, IIT Guwahati

Substitution Ciphers
1. Caesar Cipher
Earliest known substitution cipher.
Replace each letter of the alphabet with the letter
three places after that alphabet.
Alphabets are assumed to be wrapped around (
Z is followed by A, etc.).
P:
C:

HAPPY NEW YEAR

KDSSB QHZ BHDU

17
ICDCN06, IIT Guwahati

We can generalize the idea by replacing each

letter by the kth following letter.
If we assign a number to each letter (A=1, B=2,
etc), then
C = E (P) = (P + k 1) % 26 + 1
P = D (C) = (C k + 25) % 26 + 1

Drawback:
Brute force attack is easy
Try out all the 25 possible keys

18
ICDCN06, IIT Guwahati

2. Mono-alphabetic Cipher
Allow any arbitrary substitution.
There can be 26! or 4x1026 possible keys.
A typical key may be:
(ZAQWSXCDERFVBGTYHNMJUIKLOP)
Drawback:

We can make guesses by observing the relative

frequency of letters in the text.
Compare it with standard frequency distribution
charts in English (say).
Also look at the frequency of digrams and
trigrams, for which tables are also available.
Easy to break in general.
19

ICDCN06, IIT Guwahati

3. Poly-alphabetic Cipher
Use different mono-alphabetic substitutions as
we proceed through the plaintext message.
Vigenere cipher is the best known cipher of
this class.

Consists of 26 Caesar ciphers, with shifts of 0 to 25.

Each cipher is denoted by a key letter, which is the
ciphertext letter that substitutes for the plaintext
letter a.
To encrypt a message, a key is needed that is as
long as the message (usually, a repeating keyword).
Decryption is just the reverse.

20
ICDCN06, IIT Guwahati

10

 Drawback:
Key and the plaintext share the same
frequency distribution of letters.
The best thing would have been to use a
keyword which is as large as the plaintext, and
has no statistical relationship to it.

21
ICDCN06, IIT Guwahati

Transposition Cipher
Many techniques were proposed under this
category.
A simple scheme:
Write out the plaintext in a rectangle, row by row,
and read the message column by column, by
permuting the order of the columns.
Order of the column becomes the key.

22
ICDCN06, IIT Guwahati

11

 An example
P: we have enjoyed the workshop in jadavpur
Key:

C:

4 3
w e
n j
h e
h o
d a

1
h
o
w
p
v

2
a
y
o
i
p

5
v
e
r
n
u

6
e
d
k
j
r

7
e
t
s
a
-

howpv ayoip ejeoa wnhhd vernu edkjr etsa-

23
ICDCN06, IIT Guwahati

Drawback:
The ciphertext has the same letter frequency
as the original plaintext.
Guessing the number of columns and some
probable words in the plaintext holds the key.

24
ICDCN06, IIT Guwahati

12

Some Important Issues

Security of the scheme
Depends entirely on the secrecy of the key.
Does not depend on the secrecy of the algorithm.
(Has to be public for criticism!)

So, the assumptions that we make:

Algorithms for encryption/decryption are known
to the public.
Keys used are kept secret.

25
ICDCN06, IIT Guwahati

What is meant by
Security lies in the Keys
Time required at 106
decryptions / s

Key Size
(bits)

Number of
Alternative Keys

32

232 = 4.3 x 109

2.15 milliseconds

56

256 = 7.2 x 1016

10 hours

128

2128 = 3.4 x 1038

5.4 x 1018 years

168

2168 = 3.7 x 1050

5.9 x 1030 years

26

ICDCN06, IIT Guwahati

13

Practical Encryption Algorithms

Data Encryption Standard (DES)
Block size is 64 bits.
Key is 56 bits.

IDEA
Block size is 64 bits.
Key size is 128 bits.

Advanced Encryption Standard (AES)

Also known as Rijndael cryptosystem.
Block size can be 128, 192, or 256 bits.
Key size can be 128, 192, or 256 bits.
27
ICDCN06, IIT Guwahati

Block Encryption Algorithms

Data Encryption Standard (DES)
The most widely used encryption scheme.
Known as the Data Encryption Algorithm (DEA).
It is a block cipher.
The plaintext is 64-bits in length.
The key is 56-bits in length.
Longer plaintexts are processed in 64-bit blocks.

28
ICDCN06, IIT Guwahati

14

P (64-bit)

K (56-bit)

Initial Permutation

Round 1
Round 2

Round 16

Permuted Choice 1

K1
K2

K16

Permuted Choice 2

Left circular shift

Permuted Choice 2

Left circular shift

Permuted Choice 2

Left circular shift

32-bit Swap
Reverse Inverse
Permutation

General Schematic
of DES Algorithm

C (64-bit)
29
ICDCN06, IIT Guwahati

Single Iteration of DES Algorithm

30
ICDCN06, IIT Guwahati

15

DES
The overall processing at each iteration:
Li = Ri-1
Ri = Li-1 F(Ri-1, Ki)

Fiestel Structure

Concerns about:
The algorithm and the key length (56-bits)
Longer key lengths essential for critical
applications

31
ICDCN06, IIT Guwahati

Problems with DES

56-bit key size considered to be too small for
providing acceptable level of security for
most applications.
Broken by various cryptanalysis groups.

32
ICDCN06, IIT Guwahati

16

Hence, Triple DES!

Use three keys and three executions of
the DES algorithm (encrypt-decryptencrypt).
C = EK3 [DK2 [EK1 [P]]]

C = ciphertext
P = Plaintext
EK[X] = encryption of X using key K
DK[Y] = decryption of Y using key K

Effective key length of 168 bits.

33
ICDCN06, IIT Guwahati

Triple DES: Illustration

K1
P

K2

D
X

K3
C

K3
E

K2

K1

E
Y

34
ICDCN06, IIT Guwahati

17

Some Points to Observe

Key distribution problem of secret key
systems:
Establish key before communication.
Need n(n-1)/2 keys with n different parties.
A
E

D
35

ICDCN06, IIT Guwahati

Key Distribution
Two parties A and B trying to communicate.
A key could be selected by A and physically
delivered to B.
A third party could select the key and physically
deliver it to both A and B.
If A and B have previously used a key, one party
could transmit the new key to the other, encrypted
using the old key.
If A and B each have an encrypted connection to a
third party C, C could deliver a key on the
encrypted links to A and B.
36
ICDCN06, IIT Guwahati

18

Key Distribution (contd.)

Session key:
Data encrypted with a one-time session key.
At the conclusion of the session the key is
destroyed

Permanent key:
Used between entities for the purpose of
distributing session keys.

37
ICDCN06, IIT Guwahati

Public Key Cryptography

38
ICDCN06, IIT Guwahati

19

Basic Concept

Uses two keys for every simplex logical

communication link.
a) Public key
b) Private key

Every communication node will have a pair

of keys.
For n number of nodes, total number of keys
required is 2n.

39
ICDCN06, IIT Guwahati

Encryption using Public Key System

Bs private key KRB

Bs public key KUB

Plaintext
P

Encryption
Algorithm

Ciphertext C

Decryption
Algorithm

Plaintext
P

40
ICDCN06, IIT Guwahati

20

Authentication using Public Key System

As private key KRA

Encryption
Algorithm

Plaintext
P

Ciphertext C

As public key KUA

Decryption
Algorithm

Plaintext
P

41
ICDCN06, IIT Guwahati

Applications

Three categories:
a) Encryption/decryption:

The sender encrypts a message with the recipients

public key.

b) Digital signature / authentication:

The sender signs a message with its private key.

c) Key exchange:

Two sides cooperate to exhange a session key.

42
ICDCN06, IIT Guwahati

21

Requirements
Computationally easy for a party B to
generate a key pair
Public key KUB
Private key KRB

Easy for sender to generate ciphertext:

C = E (M, KUB)

Easy for the receiver to decrypt ciphertext

using private key:
M = D (C, KRB) = D (E (M, KUB), KRB)

43
ICDCN06, IIT Guwahati

Computationally infeasible to determine

KRB knowing KUB.
Computationally infeasible to recover
message M, knowing KUB and ciphertext C.
Either of the two keys can be used for
encryption, with the other used for
decryption:
M = D (E (M, KUB), KRB) = D (E (M, KRB), KUB)

44
ICDCN06, IIT Guwahati

22

The RSA Public Key Algorithm

RSA Algorithm
Developed by Ron Rivest, Adi Shamir and Len
Adleman at MIT, in 1977.
A block cipher.
The most widely implemented.

45
ICDCN06, IIT Guwahati

The RSA Algorithm

1.
2.
3.
4.
5.
6.
7.

Select p,q
Calculate n = p x q
Calculate
Select integer e
Calculate d
Public Key
Private key

Key Generation
p and q both prime

(n) = ( p 1)(q 1)

gcd((n), e) = 1; 1 < e < (n)

d = e 1 mod (n)
KU = {e,n}
KR = {d,n}

(n) is the number of positive numbers less than n

and relatively prime to n (called Euler totient).
46
ICDCN06, IIT Guwahati

23

The RSA Algorithm - Encryption

Plaintext:

M<n

Ciphertext:

C = Me (mod n)

47
ICDCN06, IIT Guwahati

The RSA Algorithm - Decryption

Ciphertext:

Plaintext:

M = Cd (mod n)

48
ICDCN06, IIT Guwahati

24

Example

Select two prime numbers, p=7 and q=17.

Calculate n = pq = 717 = 119.
Calculate (n) = (p-1)(q-1) = 96.
Select e such that e is relatively prime to (n)=96,
and less than (n).
In this case, e=5.

Determine d such that de = 1 (mod 96) and d<96.

d=77, because 775 = 385 = 496+1.

Public key KU = {5,119}

Private key KR = {77,119}
49
ICDCN06, IIT Guwahati

Example (contd.)

50
ICDCN06, IIT Guwahati

25

The Security of RSA

RSA is secure since
We use large number of bits in e and d.
The problem of factoring n into two prime factors is
computationally very difficult.
Knowing p and q will allow us to know (n).
This will help an intruder to know the values of e and d.
Until recently, this was felt to be infeasible for numbers in the
range of 100 decimal digits or so (approximately 300 bits).
A worldwide team cooperating over the internet and using
1600 computers recently cracked the code in eight months.
Currently, a 1024-bit key size (about 300 decimal digits) is
considered strong enough for virtually all applications.

Key sizes in the range of 1024 to 2048 bits seems safe.

51
ICDCN06, IIT Guwahati

Private and Public Key Systems: a

Comparison
Symmetric encryption/decryption is much
faster than asymmetric encryption/
decryption:
RSA: kilobits/second
DES: megabits/second

DES is about 100 times faster than RSA

52
ICDCN06, IIT Guwahati

26

Network Security Principles

in Use

53
ICDCN06, IIT Guwahati

Authentication Application::
KERBEROS
Users wish to access services on servers.
Three threats exist:
User pretend to be another user.
User alter the network address of a computer.
User eavesdrop on exchanges and use a replay
attack.

54
ICDCN06, IIT Guwahati

27

 Provides a centralized authentication server

(AS) to authenticate users to servers and
servers to users.
Relies on conventional encryption.
Makes no use of public-key encryption.

Two versions: version 4 and 5.

Version 4 makes use of DES.

55
ICDCN06, IIT Guwahati

56
ICDCN06, IIT Guwahati

28

Electronic Mail Security:: Pretty

Good Privacy (PGP)
PGP provides a confidentiality and
authentication service that can be used for
electronic mail and file storage applications.
Why popular?
It is availiable free on a variety of platforms.
Based on well known algorithms.
Wide range of applicability

57
ICDCN06, IIT Guwahati

Summary of PGP services:

Function

Algorithm Used

Digital Signature

DSS/SHA or
RSA/SHA
CAST or IDEA or 3key Triple DES with
Diffie-Hellman or RSA

Message
Encryption
Compression

ZIP

Email
Compatibility

Radix-64 Conversion

58
ICDCN06, IIT Guwahati

29

PGP Cryptographic Functions

59
ICDCN06, IIT Guwahati

Secure Socket Layer (SSL)

SSL was first used by Netscape.
To ensure security of data sent through HTTP,
LDAP or POP3.

Uses TCP to provide reliable end-to-end

secure service.
In general, SSL can be used for secure data
transfer for any network service running over
TCP/IP.

60
ICDCN06, IIT Guwahati

30

HTTP

LDAP

POP3

SSL
TCP/IP

Application
Layer

Network
Layer

61
ICDCN06, IIT Guwahati

The main objectives of SSL are:

Authenticate the client and server to each other.
Ensure data integrity.
Ensure data privacy.
Required for both the protocol data and also
the application data.

62
ICDCN06, IIT Guwahati

31

SSL Architecture
SSL consists of two layers of protocols:
SSL Record Protocol
Ensures data security and integrity.

Protocols required to establish SSL connection.

Three protocols used in this layer:
SSL Handshake Protocol
SSL ChangeCipherSpec Protocol
SSL Alert Protocol

63
ICDCN06, IIT Guwahati

SSL
SSL
SSL
Application
Handshake ChangeCipherSpec
Alert
Protocol
Protocol
Protocol
Protocol (HTTP, etc.)
SSL Record Protocol

TCP
IP

64
ICDCN06, IIT Guwahati

32

SSL Record Protocol

Mainly responsible for data encryption and
integrity.
Basic function:
Take an application message to be sent.
Fragment the application message data.
16 Kbytes or smaller.

Encapsulate it with appropriate headers and

create an object called a record.
Encrypt the record and forward it to TCP.

65
ICDCN06, IIT Guwahati

Application Data

Fragments

Compressed data
MAC
Add MAC
Encrypt data
TCP packet

H: SSL record
header
66

ICDCN06, IIT Guwahati

33

The Higher Layer Protocols

SSL Alert Protocol
Used to send session messages associated with
data exchange and functioning of the protocol.
Each message consists of two bytes:
First byte is either 1 (warning) or 2 (fatal). If fatal, the
SSL session is terminated.
Second byte contains one of the defined error codes.

67
ICDCN06, IIT Guwahati

SSL ChangeCipherSpec Protocol

Consists of a single message that carries the
value of 1.
Purpose of this message is to cause the pending
session state to be established as a fixed state.
Define the set of protocols to be used.
Must be sent from client to server, and vice versa.

68
ICDCN06, IIT Guwahati

34

 SSL Handshake Protocol

Used to initiate a session between the server and
the client.
Within the application data, algorithms and keys
used for data encryption can be negotiated.
Provides mutual authentication.
Process of negotiation divided into four phases.

69
ICDCN06, IIT Guwahati

Client sends to the server

SSL version
Random (used to protect key exchange)
Session ID
CipherSuite

Server sends back

SSL version
Random (a different number is generated)
Session ID
CipherSuite

70
ICDCN06, IIT Guwahati

35

Transport Layer Security (TLS)

Extension of SSL.
Aim is to provide security and data integrity
features at the transport layer between two
web applications.
Supported my most web servers and
browsers today.

71
ICDCN06, IIT Guwahati

Secure Shell (SSH)

Originally developed in 1995.
As a secure replacement for telnet, rlogin, rcp,
etc.
Allows port forwarding (tunneling over SSH)
Built-in support for proxies/firewalls.

Widely used nowadays.

72
ICDCN06, IIT Guwahati

36

 In SSHv1 protocol, the server uses two keys:

Long-term server identification key.
Binds the connection to the server.
1024 bit RSA.

Short-term encryption key, changed every hour.

Makes later recovery impossible.
Short-term keys are regenerated as a background task.
768 bit RSA.

73
ICDCN06, IIT Guwahati

Multiple authentication mechanisms

Straight passwords (protected by SSH
encryption).
RSA based authentication.
Client decrypts a challenge from the server; returns the
hash to the server.

Plug-in mechanisms (biometrics, smartcard, etc.).

74
ICDCN06, IIT Guwahati

37

IP Security (IPSec)
Security built into the IP layer.
Provides host-to-host (or firewall-to-firewall)
encryption and authentication.
Required for IPv6, but optional for IPv4.

Consists of two parts:

IPSec proper (for encryption and authentication).
IPSec key management.

75
ICDCN06, IIT Guwahati

IPSec
Provides two modes of protection
Tunnel Mode
Transport Mode

Authentication and Integrity

Confidentiality
Replay Protection

76
ICDCN06, IIT Guwahati

38

 Protection in Tunnel Mode

Encapsulates the entire IP packet within IPSec
protection.
Tunnels can be created between several different
node types:
Firewall to firewall
Host to firewall
Host to host

77
ICDCN06, IIT Guwahati

Protection in Transport Mode

Encapsulates only the transport layer information
within IPSec protection.
Can only be created between host nodes.

Authentication and Integrity

Verifies the origin of data.
Assures that data sent is the data received.
Assures that the network headers have not
changed since the data was sent.

78
ICDCN06, IIT Guwahati

39

 Confidentiality
Encrypts data to protect against eavesdropping.
Can hide data source when encryption is used
over a tunnel.

Replay Prevention
Causes transmitted packets to be dropped.

79
ICDCN06, IIT Guwahati

Problems with IPSec

Excessively complex and difficult to use.
Does now allow use of NAT.
Routers need to be made IPSec aware.

80
ICDCN06, IIT Guwahati

40

Secure HTTP (S-HTTP)

An extension to the HTTP protocol to
support sending data securely over the web.
Difference from SSL:
SSL is designed to establish a secure connection
between two hosts.
s-HTTP is designed to send individual messages
securely.

81
ICDCN06, IIT Guwahati

Some Features:
Provides a variety of security mechanisms to HTTP
clients and servers.
Does not require client-side public certificates (or
public keys), as it supports symmetric key-only
operation modes.
Provides full flexibility of cryptographic algorithms.

s-HTTP and HTTPS are not the same.

HTTPS is an alternative to s-HTTP.
HTTP runs on top of SSL or TSL.
82
ICDCN06, IIT Guwahati

41

Penetration Testing and Ethical

Hacking

83
ICDCN06, IIT Guwahati

What is a Penetration Test?

A process of actively evaluating the
information security measures in an
organization.
Most common procedure:
The security measures are actively analyzed for
design weaknesses, technical flaws and
vulnerabilities.
Results are delivered in a comprehensive report.

84
ICDCN06, IIT Guwahati

42

Ethical Hacking .
Definition of ethical hacking
A situation where a computer and network expert
attacks a security system on behalf of its owners,
seeking vulnerabilities that a malicious hacker
could exploit.
To test a security system, ethical hacking uses
the same methods as their less principled
counterparts (hackers), but report problems
instead of taking advantage of them.

Also called penetration testing.

85
ICDCN06, IIT Guwahati

Why is it Required?
There are several reasons why organizations
choose to perform a penetration test.
To identify the threats facing the information
assets of the organization.
Reduce the IT security costs by identifying and
resolving vulnerabilities and weaknesses.
Provide the organization with information
assurance.
Gain and maintain certification to an industry
regulation (BS7789, HIPAA, etc.).
86
ICDCN06, IIT Guwahati

43

Types of Tests
1. External Penetration Testing
This is the traditional approach.
The testing is focused on servers, infrastructure,
and the underlying software (OS, database, etc.).
Two broad approaches:

Black box testing: performed with no prior knowledge

of the infrastructure to be tested.
White box testing: performed with full disclosure of the
topology and the environment.

87
ICDCN06, IIT Guwahati

This basically involves the following:

Comprehensive analysis of publicly available
information about the target.
Identification and analysis of the target hosts.
Analysis of the behavior of security devices like
screening routers and firewalls.
Identification and analysis of the vulnerabilities within
the target hosts.

88
ICDCN06, IIT Guwahati

44

2. Internal Penetration Testing

Follows a methodology similar to external
testing.
Provides a more complete view of the site
security.
Testing is typically carried out from a number of
network access points, representing each logical
and physical segment.

Can include DMZ, VPNs, subnets, etc.

89
ICDCN06, IIT Guwahati

3. Application Security Assessment

To identify and assess threats to the
organization through proprietary applications or
systems.
The application must not expose the underlying
servers and software to attack.
A malicious user should not be able to access,
modify, or destroy data or services within the
system.
Even in a well-deployed and secured
infrastructure, a weak application can expose the
organizations assets to risk.
90
ICDCN06, IIT Guwahati

45

4. Remote Access Security Assessment

This addresses the security risks associated
with an increasingly mobile workforce.

Working from home

Broadband always-on Internet access
802.11 wireless networking

Increased exposure by extending the traditional

perimeter of the organization.

91
ICDCN06, IIT Guwahati

Some of the Typical Areas

Network Security

Network surveying
Port scanning
System identification
Services identification
Router testing
Firewall testing
Intrusion detection system testing
Trusted systems testing
Password cracking
Denial of service testing

92
ICDCN06, IIT Guwahati

46

 Wireless Security

Wireless networks testing

WEP security testing
Infrared systems testing
Cordless communications testing

Other areas include Information Security,

Social Engineering, Physical Security, etc.

93
ICDCN06, IIT Guwahati

About the Tools to be Used

Tools are essential for automating the
penetration testing process.
Where to find the tools?
A number of commercial tools are available.
They work by using sets of thousands of pre-defined
signatures that can identify vulnerabilities in a system.
Signatures need to be updated on a regular basis.

Open-source tools that are freely available.

Also called hacker tools, and are often made available
on hacker web sites.

94
ICDCN06, IIT Guwahati

47

 May range from very professionally developed and

maintained tools, to poorly documented scripts meant to
perform specific tasks.
Special care must be taken to ensure that the tools
themselves do not contain virus or any other malicious
contents.

Specialist penetration testing providers can

develop their own tools.
Because available tools are mostly incomplete, and
multiple tools need to be used.
Many vulnerabilities are not covered by them.

95
ICDCN06, IIT Guwahati

Hacker Web SItes

Some pointers . there are many many more
http://www.hackthissite.org/
http://www.happyhacker.org/
http://www.2600.com/
http://hackaday.com/

96
ICDCN06, IIT Guwahati

48

97
ICDCN06, IIT Guwahati

98
ICDCN06, IIT Guwahati

49

99
ICDCN06, IIT Guwahati

100
ICDCN06, IIT Guwahati

50

References
1.
2.
3.
4.
5.
6.

Cryptography and Network Security: Principles and Practice, 2nd

Edition, William Stallings, Prentice Hall, New Jersey, 1999.
Network Security Essentials: Applications and Standards, William
Stallings, Pearson Education Asia, 2000.
Applied Cryptography, B. Schneier, Wiley, New York, 1996.
Internet Cryptography, R. Smith, Addison Wesley, MA, 1997.
Handbook of Applied Cryptography, A.J. Menezes, et al.
http://www.cacr.math.uwaterloo.ca/hac/
Journals

7.

IEEE Transactions on Information Theory

Computer Security
Communications of the ACM
IEEE Communications Magazine
Computer Communications Review

The Internet
101

ICDCN06, IIT Guwahati

102
ICDCN06, IIT Guwahati

51