Scribd
Upload
28 views

Cyber Security Unit 1&2

Uploaded by

Prabhat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF or read online on Scribd
28 views

Cyber Security Unit 1&2

Uploaded by

Prabhat
Copyright
© © All Rights Reserved
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 46
TABLE OF CONTENTS Chapter-1 Introduction (1 =1) to (4-42) 41 Introduction....... 1-2 12 Elements of Information Security .......... 1-2 1.3 Security Policy... L1e3 14 Techniques .. oe ate 15° Steps... 21-4 | 1.6 Categories... -1e4 1.7 Operational Model of Network Security ..... 1-5 1.8 Basic Terminologies in Network Security.... 1-5 1.9 Threats and Vulnerability. 1.10 Difference between Security and Privacy .... 1.11 Security Attacks . LALA Passive Attack... 111.2 Active Attack. . 1.11.3 Difference between Passive and Active Attack. ........ 1.114 Man-in-the-Middle Attack. be Ui Chapter-2 Data Encryption Techniques and Standards (2-1) to (2-32) 24 Introduction . seveeee 222 22 Encryption Methods......+-- 22.1 Symmetric Encryption . . . | 22.41 Advantages ofSymmatiokey | Cryptography....eceeeeseeese 24 22.1.2 Disadvantages of Symmetric-key Cryptography... ++ +--+ seeee B04 | 22.13 Symmetric V/S Asymmetric.....2-4 | 2-4 | 222 Asymmetric Encryption... 23. Cryptography .... 23.1 Terminology and Background.......... 2-5 2.4 Substitution Ciphers... . 24.1 Caesar Cipher . 2 242 Monoalphabetic Cipher ..-.++.++.e0+062+7 243 Playfair Cipher... 22-7 244° Hill Cipher...... 2-7 245 Polyalphabetic Substitution .. .2- 24.6 One Time Pad. . 2-9 24.7 Feistel Cipher......0ceececeeeseeees 229 2.48 Comparison between Monoalphabetic and Polyalphabetic Cipher .......220+00++ 2-1 2.5 Transposition Ciphers. . 25.1 Comparison of Substitution and ‘Transposition Ciphers 2.6 Steganography Applications and Limitations . 2 2.6.1 Difference between Steganography and Cryptography 2.7 Block Ciphers .. 2.7.1 Advantages and Disadvantage of Block 2.8 Stream Cipher . . 28.1 Advantages and. Cipher... 2... 2.8.2 Comparison between Stream and Block Cipher eee eeeeseeeeeeeeeeee DOT 2.9. Block Cipher Modes of Operation . . “17 2.10 Simple DES 2.11 Data Encryption Standard (DES) .. . 2.11.1 Details of Single Round. 2.11.2 Key Generation .......... 21.3 DES Eneryption........ 2.11.4 DES Decryption... @ 2.1.5 DES Weak Keys, 2.11.6 Advantages of DES 2.11.7 Disadvantages of DES 2-27 2.11.8 Block Cipher Design Principles. 2-28 2.11.9 Double DES. 2-28 2.11.10 Triple DES. . 2-28 2.12 Confusion and Diffusion . 2-30 2.12.1 Distinguish between Diffusion and Confusion, 2.13 Advance Eneryption Standard (AES)... 2.13.1 Evaluation Criteria for AES... 2.13.2 AES Cipher 2.13.3. Comparison between AES and DES .... 2-32 Migreapang Chapter-3 Public Key and Management (3-1) to (3 - 38) A Public Key Cryptography . 23-2 3.1.1 Advantages and Disadvantages 3-4 3:12 Comparison between Public Key and Private Key Algorithm. 3-4 3.2 RSA Alg¢ 321 Attacks onRSA....... 3.2.1.1 Computing 6(0) 3.2.1.2 Timing Attacks .... Mathematical Attacks Adaptive Chosen 3.2.13 32.14 Cipher-text Attacks -.3+6 3.3 Key Distribution . ecgud -9 3.3.1 Distribution of Public Keys . : 3.3.2 Distribution of Secret Keys using Public Key Cryptography 3-1 3.3.3. Key Distribution and Certification. 3-13 3.3.4 Key Distribution. 3-18 3.4 Diffie-Hellman Key Exchange. 3-18 3.5 Elliptic Curve 3-20 Authentication Methods. . 3. 3-21 1 Password Based Authentication Methods Fi sessed 3.6.2 Extensible Authentication Protocol... 3 - 22 ereisea2, 3.6.3 Biometric Authentication.......- 3.7 Messaige Digest . 3-23 MDS Description | aaa veoeesuetuete 3038 | 3:72. itterences between MDS and MDS... 3-24 3.73 Comparison between MDS and SHA... 3-25 3:8 Kerberos ' eee 3228 3:8. Kerberos Terminology. 13-25 382 Kerberos Version 4 veesses 326 | 3.8.2.1 Simple Authentication Dialogue... 3-26 | 3.8.2.2 Secure Authentication Dialogue ... 3-27 | 3.8.2.3 Kerberos Realms 3-27 | 383. Kerberos Version 5. {327 3.83.1 Version $ Authentication Dialogue. 3-21 3:84 Comparison between Kerberos Versions Sand 3-28 [385 strengths of Kerberos 3-38 3.8.6 Weakness of Kerberos | 3e7 Difference between Kerberos and SSL. 3.9 X.509 Authentication Service 304 3.92 393 | 304 3.95 X.S09 Format of Certificate Obtaining User's Certificate Revocation of Certificates | 30 Digital Signatures. 3.10.1 Arbitrated Digital Signatures . 3.10.2 Direct Digital Signature. 3.10.3 Digital Signature Standard. 3.10.4 Digital Signature Algorithm. .. 3.10.5 ELGamal Digital Signatures 3.11 Authentication Protocol . i 3.11.1 Mutual Authentication .- TECHNICAL PUBLICATIONS® ‘an up-thrust for knowledge Introduction Syllabus Introduction, Elements of Information Security, Security Policy, Techniques, Steps, Categories, Operational Model of Network Security, Basic Terminologies in Network Security. Threats and Vulnerability, Difference between Security and Privacy. Contents 1.1. Introduction 4.2 Elements of Information Security 1.3. Security Policy. 1.4 Techniques 1.5 Steps 1.6 Categories 4.7. Operational Model of Network Security, 1.8 Basic Terminologies in Network Security.. 1,9 Threats and Vulnerability 1.10 Difference between Security and Privacy.. 1.11 Security Attacks.. a [14] introduction +The history of information security begins with computer security, «Network security, to protect networking components, connections, and contents. Information security to protect the confidentiali integrity and availability of information assets, whether in storage, processing or transmission. «Physical security consists of all mechanisms used to ensure that physical access to the computer systems and networks is restricted to only authorize users. + Data security is the science and study. of methods of protecting data from unauthorized disclosure and modification. Data and information security is about enabling collaboration while managing risk with an approach that balances availability versus the confidentiality of data, + Security is required because the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and administrative means. + Network security measures are needed to protect data during their transmission. + Following are the examples of security violations. 1. User A transmits a sensitive information file to user B. The unauthorized user C is able to monitor the transmission and capture a copy of the file during its transmission. 2. A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message. 3. While transmitting the message between two users, the unauthorised user intercepts the message, alters its contents to add or delete entries and then + forwards the message to destination user. [22] elements of information Security + Security goals are as follows : 1. Confidentially 2. Integrity 3. Availability TECHNICAL PUBLICATIONS® Introduction | 4. Confidentiatity | «Confidentiality refers to limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized ones. | «Sensitive information should be kept secret from \ individuals who are not authorized to see the information. + Underpinning the goal of confidentiality are authentication methods like userIDs and passwords that uniquely identify a data system’s users, and supporting control methods that limit each identified ‘user's access to the data system's resources, | Fig. 1.24 Relationship between confidentiality integrity i ‘and availability + Confidentiality is not only applied to storage of date but also applies to the transmission of information. + Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network. 2. Integrity «Integrity refers to the trustworthiness of information resources. ‘Integrity should not be altered without detection. + It includes the concept of "data integrity" namely, that | data have not been changed inappropriately, whether | by accident or deliberately malign activity. | tTt also includes “origin’ or "source integrity” that is the | data actually came from the person or entity you think it did, rather than an imposter. * Integrity ensures that information is not changed altered in transit. Under certain attack models, adversary may not have to power to impersonate 2° authenticated party or understand a confident? communication, but may have the ability to change 8 information being transmitted. an up-thrust for knowledge cyber securty «On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong, 3, Availability ‘Availablity refers, to the availability of information, resources. An information system that is not available when you need it is at least as bad as none at all. + Availability means that people who are authorized to use information are not prevented from doing so. It may be much worse, depending on how reliant the ‘organization has become on a functioning computer and communications infrastructure. + Almost all modern organizations are highly dependent ‘on functioning information systems. Many literally could not operate without them. «Availability, like other aspects of security, may be affected by purely technical issues (eg. a ‘malfunctioning part of a computer or communications device), natural phenomena (e.g. wind or water), or human causes (accidental or deliberate). «For example, an object or service is thought to be available if i. Itis present in a usable form. Ithas capacity enough to meet the services needs. iii. The service is completed an acceptable period of time. + By combining these goals, we can construct the availability. The data item, service or system is available if i, There is a timely response to our request. ‘The service and system can be used easily. iil, Concurrency is controlled. iv. It follows the fault tolerance. Resources are allocated fairly. Review Questions 4. List and explain various elements of information | security 2. What are the elements of information security ? Explain in brig 4 [aa] security Poicy *Security policy is a definition of what it means to be Secure for a system, organization or other entity Introduction «For an organization, it addresses the constraints on. behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. +A. security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur. +A security policy must identify all of a company’s assets as well as all the potential threats to those assets. Company employees need to be kept updated on the company’s secutity policies. The policies themselves should be updated regularly as well. - ‘Access control : It is the ability to limit and control the access to host systems and applications via communications links. This service controls, who can have access to a resource. +A security policy establishes what must be done to protect information stored on computers. A well written policy contains sufficient definition of "what" to do so that the "how" can be identified and measured or evaluated. ‘+ Security to the information can be provided by using internal approach and external approach. Internal approach ; Protect from internal attacks by using necessary measures. ‘+ External approach : Protect from outside attacks. In general, a good security policy does the following : 2. Includes defined scope and applicability; 3, Consistent with higher-level policy and guidance; 4. Open to change based on new risks and vulnerabilities; 5. Identifies the areas of responsibility for users, administrators and management; 6. Provides sufficient guidance for development of specific procedures; 7. Balances protection with productivity; 8. Identifies how incidents will be handled Review Question 1. What are the security approaches used to implement security policy ? TECHNICAL PUBLICATIONS® - an up-tnust for knowledge (Cpe Seay [al] ‘* Commonly used security techniques are as follows 1. Encryption : Used to protect information and data. It is cryptography techniques. Different types ‘of encryption are used for providing security. Techniques | 1 Access control : Access to data or computer is controlled by using some mechanism. Access control is a security technique that regulates who or what can view or use resources in a computing, environment. It is a fundamental concept in ‘security that minimizes risk to the business or organization. Data backup : Data backup refers to saving additional copies of your data in separate physical or virtual locations from data files in storage. Tf you lose your-data, recovery could be slow, costly or impossible. It is important that you secure, store’ and backup your data on a regular basis. Firewall : Firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Antivirus software : Many antivirus software programs include real-time threat detection and protection to guard against __potential ‘vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks. Intrusion detection systems : IDS can offer protection from external users and intemal | attackers. It also automatically monitors the | Internet to search for any of the latest threats | ‘which could result in a future attack. | Series of confidence : It ensure that all software use has been authentic. | Review Questions ' 1. List and explain diferent security techniques. | 2. What are various security technique used in cyber security . | | | Ll TECHNICAL PUBLICATIONS® 15 Steps « Steps in providing security to information or computer system includes following steps : 1 ‘Assets: The information on the server was secured with appropriate security controls. ‘Although the hacker was able to gain access only to the information with a lower level of protection, the breach had a huge impact on the organization. There are several good reasons to dlassify information. Not all data has the same value to an organization. Risks : A successful information risk management programs starts at the top of the organization. Protections : To find solutions for the protection of the information. 4. Tools and techniques : Select proper tools and techniques for the protection of information. 5. Priorities : Decide the order of the security tools and techniques for the protection. of the information. Categories + Various categories of computer security are : 1. Cryptography 2. Data security 3. Computer security 4, Network security + Cryptography is data encryption and decryption. ‘Data security is ensuring safe data from modification and corruption. *Computer security is formal description of security policies. It includes protection, preventation ané detection of unauthorized use of computer. ‘+ Network security is protection of data on the network during transmission or sharing, | Review Questions 1. List and explain categories of information security. 2. What are the categories of computer security. 19 up-thrust for knowledge Cyber Security, Gz] +A message is to be transferred from source to destination across some sort of internet. Both the sides must cooperate for the exchange of the data. +A. logical information channel is established by defining a route through the intemet from source to destination, # All the techniques for providi components 1. A_ security Operational Model of Network Security security have two related transformation on the information to be sent, mn shared by the two principles, it is hoped, unknown to the opponent. 7.1 shows the network security model. ‘+A trusted third party is needed to achieve secure transmission. « Basic tasks in designing a particular security service. 1. Design an algorithm for performing the security related transformation. Generate the secret information to be used with the algorithm. Develop methods for the distribution and sharing. of the secret information. 4. Specify a protocol to be used by the two principles that makes use of the security algorithm and the secret information to achieve a particular security service. 2 _ [Transformation channel Secret information "Trusted third party Opponent Fig. 4.7.4 Network security model [2 Dw and epee opertinl ad of ner | sect, 2. Drm and ein operation! ma of 2. Esplin operation! mat of tor sec ‘Basic terminology used for security purposes are as follows a. Cryptography : The art or science encompassing the principles and methods of transforming an plaintext message into one that is unintelligible and then retransforming that message back to its original form. Plaintext : The original message. b Ciphertext : The transformed message produced as output, It depends on the plaintext and key. d. Cipher : An algorithm for transforming plaintext message into one that is unintelligible by transposition and/or substitution methods. Key : Some critical information used by the cipher, known only to the sender and receiver. £ Encipher (encode) : The process of converting plaintext to ciphertext using a cipher and a key. Decipher (decode) : The process of converting ciphertext back into plaintext using a cipher and a key. Transformation Secret information TECHNICAL PUBLICATIONS® - an up-thrust for knowledge (Cyber Security h Cryptanalysis : The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called code-breaking, Cryptanalysis is to break an encryption. Cryptanalyst can do any or all of the three different things : 1. Attempt to break a single message. 2. Attempt to recognize patterns in encrypted messages, in order to be able to break subsequent ones by — applying a strainghtforward decryption algorithm. 3. Attempt to find general weakness in an encryption algorithm, without. necessarily having intercepted any messages i. Cryptology: Both cryptography cxyptanalysis. j. Code : An algorithm for transforming an plaintext message into an unintelligible one using a code-book. [ia] threats and vulnerability Threat «The term "threat" refers to the source and means of a particular type of attack. «A threat assessment is performed to determine the best ‘approaches to securing a system against a particular ‘threat, or class of threat ‘Penetration testing exercises are substantially focused fon assessing threat profiles, to help one develop effective countermeasures against the types of attacks represented by a given threat. Where risk assessments focus more on analyzing the potential and tendency of ‘one's resources to fall prey to various attacks, threat assessments focus more on analyzing the attacker's resources. «Analyzing threats can help one develop specific security policies to implement in line with policy priorities and understand the specific implementation needs for securing one’s resources. and Vulnerability + The term “vulnerability” refers to the security flaws in a system that allows an attack to be successful, * Vulnerability testing should be performed on an bbngoing basis by the parties responsible for resolving ‘Stich vulnerabilities, and helps to provide data used to Introduction identify unexpected dangers to security that need to be addressed. ‘Such vulnerabilities are not particular to technology - they can also apply to social factors such as individual authentication and authorization policies. ‘Testing for vulnerabilities is useful for maintaining ‘ongoing security, allowing the people responsible for the security of one's resources to respond effectively to new dangers as they arise. It is also invaluable for policy and technology development, and as part of a technology selection process; selecting the right technology early on can ensure significant savings in time, money, and other business costs further down the line, «Understanding the proper use of such terms is important -not only to sound like you know what you're talking about, nor even just to facilitate ‘communication. It also helps develop and employ good policies «The specificity of technical jargon reflects the way experts have identified clear distinctions between practical realities of their fields of expertise, and can help clarify even for oneself how one should address the challenges that arise. « Other examples of vulnerability include these : 1. A weakness in a firewall that lets hackers get into a computer network 2. Unlocked doors at businesses 3. Lack of security caineras Privacy Falvey ia the appropaiate” 9 Secunh is el Se te oftaere rman oneal, nes. Ss and availability" of data- 2 ay the aly to Ace vat foron 8. The Issue of privacy is one ~ Security may. provide ta chek iptace Coaldentaty The over consumer's righ goal of most secunty | spud tak patent pote AN | IRlcmaton fom ary everpse at ope67.< | cite pares. i J TECHNICAL PUBLICATIONS® - an up-thrust for knowledge BS 9 Howmet aici | see | ea so ‘The company XYZ uses Its possible to have poor privacy and good security practices. ‘For example, if user make peti e macmeiins ‘nd provide GEmuypton Bay tn pepo ed See poner a | Mares Ioreation tn Ser eo i ect ty cae en Ets inoematon oe ed pty itt poe ‘compromise from, technology or ‘vulnerabilities in the have three valuable Computer based components : Hardware, software and data «Securities of these components are evaluated in terms of vulnerability, threats, attacks and control systems «An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system. Asset + Asset means people, property and information. ‘People may include employees and customers along with other invited persons such as contractors or guests. «Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, critical company records and many other intangible items. Vulnerability Vulnerability refers to the security flaws in a system that allows an attack to be successful. ‘* Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. Vulnerability is a weakness or gap in our Protection efforts. Vulnerability testing should be performed on an ongoing basis by the parties responsible for resolving such vulnerabilities, and helps to provide data used to identify unexpected dangers to security that need to be addressed, ‘Testing for vulnerabilities is useful for maintaining ongoing security, allowing the people responsible for TECHNICAL PUBLICATIONS® . Introduction the security of one’s resources to respond effectively to new dangers as they arise. + Example : In design, implementation or procedure, that might be exploited to cause loss or harm. Throat «+ Anything that can exploit vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset {A threat is what we're trying to protect against «+ Threat refers to the source and means of a particular type of attack. “+A threat assessment is performed to determine the best approaches to’ securing system against a particular threat, or class of threat + A potential for violatioh of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit vulnerability. «+ Penetration testing exercises are substantially focused fon assessing threat profiles, to help one develop effective countermeasures against the types of attacks " represented by a given threat. + Where risk assessments focus more on analyzing the potential and tendency of one’s resources to fall prey to various attacks, threat assessments focus more on. analyzing the attacker's resources. + Analyzing threats can help one develop specific security policies to implement in line with policy priorities and understand the specific implementation needs for securing one’s resources. ‘Threats come in many forms, depending on their mode of attack. From viruses to trojans, spyware and bots, threats have evolved into sophisticated programs intended to harm computers. Risk +The potential for loss, damage or destruction of an asset as a result of a threat exploiting vulnerability. Risk is the intersection of ‘assets, threats, and vulnerabilities. + The formula used to determine risk is Risk = Asset + Threat + Vulnerability R=A+T+v + Risk is a function of threats exploiting vulnerabilities to obtain damage or destroy assets. Thus, threats may exist, but if there are no vulnerabilities then there is little/no risk. 3 up-thrust for knowledge + Similarly, you can have vulnerability, but if you have no threat, then you have little/no risk. Controt ‘Control is used as proactive measure. Control is a action, device, procedure, or technique that removes or reduces a vulnerability. ‘A threat is blocked by control of vulnerability « Interception, interruption, modification and fabrication are the system security threats. 1.11.1 | Passive Attack «« Passive attacks are those, wherein the attacker indulges in eavesdropping on, or monitoring of data transmission. A passive attack attempts to learn or make use of information from the system but does not affect system resources. «The attacker aims to obtain information that is in transit. The term passive indicates that the attacker message from sender Fig. 1.11.1 Release of message contents Read content of torecever Receiver does not attempt to perform any modifications to the data, « Passive attacks are of two types : 1. Release of message contents 2, Traffic analysis * «« Release of message content is shown in Fig. 1.11.1 & telephone conversation, an electronic mail message ani a transferred file may contain sensitive or confidentid information we would like to prevent an oppone:! from learning the content of these transmissions. «Traffic analysis : Mask the contents of message so th opponents could not extract the information from message. Encryption is used for masking Fig. 1117 shows the traffic analysis. « Passive attacks are very difficult to detect because th do not involve any alteration of data. It is feasible! prevent the success of attack, usually by means ¢ encryption. ‘Observe pattern of messages from sender Fig, 1.11.2 Traffic analysie TECHNICAL PUBLICATIONS® - an up-thrust for knowledge: cyber Security . de a. 1.14.2 | Active Attack « Active attacks involve some modification of the data stream or the creation of a false stream. These attacks ‘can not be prevented easily. « Active attacks can be subdivided into four types : 1. Masquerade 2. Replay 3. Modification of message 4. Denial of service 4. Masquerade + It takes place when one entity pretends to be a different entity. Fig. 1.11.3 shows masquerade. ‘Message from opponent that appears fo be from sender Fig, 4.11.3 Masquerade «For example : Authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. + Interruption attacks are called as masquerade attacks. 2, Roplay ‘It involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. « Fig. 1.114 shows replay attack. Capture message from | sender to receiver, later | replay message to receiver, Fig, 1.11.4 Roplay TECHNICAL PUBLICATIONS® - an up-trust for knowledge 3. Modification of message ‘elt involves some change to the original message. It produces an unauthorized effect. Fig, 1.11.5 shows the modification of message. «For example, a message meaning “Allow Rupali Dhotre to read confidential file accounts " is modified to mean "Allow Mahesh Awati to read confidential file accounts". 4, Donial of service « Fabrication causes Denial Of Service (DOS) attacks. + DOS prevents the normal use or management of ‘communications facilities. + Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance. ‘Fig, 1.116 shows denial of service attack, Fig, 1.11.8 Modification of message Disrupts service provided by server Fig. 1.14.6 Denial of sorvico ‘Opponent modifies message from sender toreceiver + It is difficult to prevent active attack because of the wide variety of potential physical, software and network vulnerabilities. ‘+The first type of DOS attacks were single source attacks, meaning that a single system was used fo attack another system and cause something on thet system to fail. SYN flood is the most widely used DOS attack. ‘+ Fig. 1.117 shows the SYN flood DOS attack. Source system sends a large number of TCP SYN packets to the target system. The SYN packets 2° used to begin a new TCP connection. + When the target receives a SYN packet, it replies with TCP SYN ACK packet, which acknowledges the SYN packet and sends connection setup information back the source of the SYN. TECHNICAL PUBLICATIONS® - an up-trust for knowiodge > cyber Security a ‘Source Sever af] ES, Torget | system Legitimate connection attempt TCP SYN packet TCP SYNAGK packet TCP ACK packet Syn flood DOS attack [TCP SYN packet] TOP SYNAGK packet The final TCP ACK packet is never sent Fig. 1.11.7 SYN flood DOS attack + The target also places the new connection information into a pending connection buffer. «For a real TCP connection, the source would send a final TCP ACK packet when it receives the SYN ACK. + However, for this attack, the source ignores the SYN ACK and continues to send SYN packets, Eventually, the target's pending connection buffer fills up and it ‘can no longer respond to new connection requests. 1.11.3 | Difference between Passive and Active ‘Attack nature of eavesdropping ‘on, oF monitoring © transmissions, | Types t Masquerade, © olay, modification of = ‘Range ane dsl Of ‘Types : Release of message contents and traffic analysis, Very difficult to detect difficult to ‘The emphasis in dealing Tis quite i ° with passive attacks fs on ° prevent active attacks we Frecitelys ‘prevention rather than. Aetection. Te does not affect the TECHNICAL PUBLICATIONS® at msi ae _-__) 11.4 | Man-in-the-Middle Attack «In cryptography, a Man-In-The-Middle (MITM) attack is an attack in which an attacker is able to read, insert and modify at will, meassages between two parties ithout either party knowing that the link between them has been compromised ‘+The attacker must be able to observe and intercept messages going between the two victims. The MITM attack.can work against publickey cryptography and is also particularly applicable to the original Diffie-Hellman key exchange protocol, when used without authentication. «The MITM attack may include one or more of 1. Eavesdropping, including traffic analysis and possibly a known-plaintext attack. Chosen ciphertext attack, depending on what the receiver does with a message that it decrypts. 3. Substitution attack Replay attacks Denial of service attack. The attacker may for instance jam all communications before attacking cone of the parties. The defense is for both parties to periodically send authenticated status messages and to treat their disappearance with paranoia, ‘« MITM is typically used to refer to active manipulation of the meassages, rather than passively eavesdropping. Example of a successful MITM attack against public-key encryption + Suppose Alice wishes to communicate with Bob and that Mallory wishes to eavesdrop on the conversation, or possibly deliver a false message to Bob. To get started. Alice must ask Bob for his public key. If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. * Mallory can simply send Alice a public key for which she has the private, matching, key. Alice, believing this public key to be Bob's, then encrypts her message with Mallory’s key and sends the enciphered message back to Bob. «Mallory again intercepts, deciphers the message, keeps a copy, and reenciphers it using the public key Bob originally sent to Alice. When Bob receives the newly enciphered message, he will believe it came from Alice. + This example shows the need for Alice and Bob to have some way to ensure that they are truly using the 17 upethrust for knowledge (Cyber Security correct public Keys of each other. Otherwise, such attacks are generally possible in principle, against any message sent using public-key technology. . Defenses against the attack «+ The possibility of a man-in-the-middle attack remains a serious security problem even for many publickey based cryptosystems. Various defenses against MITM attacks use authentication techniques that are based on | 1. Public keys | 2. Stronger mutual authentication if 3. Secret keys (high information entropy secrets) 4. Passwords (low information entropy secrets) through a secure channel. ¥ —_ tod, 5. Other criteria, such as voice recognition or biometrics The integrity of public keys must generally be asins fn some manner, but need not be secret, when, passwords and shared secret Keys have the additions secrecy requirement. Public keys can be verified ty Certificate Authority, whose public key is distibin, Othe, Review Questions 1. What is passive and active attack in informatoy security explain with suitable example, 2. Explain various active attacks in detail. TECHNICAL PUBLICATIONS® - a 4n upsthrust for knowiedge ine] Data Encryption Techniques and Standards Syllabus Introduction, Encryption Methods : Symmetric, Asymmetric, Cryptography, Substitution Ciphers. Transposition Ciphers, Steganography applications and limitations, Block Ciphers and methods of operations, Feistal Cipher, Data Encryption Standard (DES), Triple DES, Weak Keys in DES Algorithms, Advance Encryption Standard (AES). Contents 2.1 Introduction .. 2.2 Encryption Methods. 2.3 Cryptography.. 24 Substitution Ciphers: 2.5. Transposition Ciphers... 2.6 Steganography Applications and Limitations ....s 2.7. Block Ciphers... 2.8 Stream Cipher 2.9 Block Cipher Modes of Operation .. esnseeiee 2 = 20 2.10 Simple DES... 2-22 211 Data Encryption Standard (DES) 2.12 Confusion and Diffusion nee 2-30 2.13 Advance Encryption Standard (AES) .. 2-30 @-1 Cyber Security Introduction | Important Torms. 1. Plaintext : Original message 2. Ciphertext : Coded message 3. Enciphering or encryption : ‘The process of | converting from plaintext to ciphertext 4. Deciphering or decryption : ‘The process of restoring the plaintext from the ciphertext Many schemes used for encryption constitute the area of study known as cryptography. Such a scheme is known as a cryptographic system (cryptosystem) or a cipher. + Techniques used for deciphering a message without any knowledge of the enciphering details fall into the area of cryptanalysis. + Cryptanalysis is what the layperson calls "breaking the code", The areas of cryptography and cryptanalysis together are called cryptology. 2.2 | Encryption Methods | 224 ‘Symmetric Encryption + A symmetric encryption model has five ingredients. 1. Plaintext 2. Encryption algorithm | 3. Secret key 4. Ciphertext | 5. Decryption algorithm | Fi ‘ig. 2.2.1 shows the conventional encryption model, | Socrot key shared by Sender and recip 2-2 Ss Data Encryption Techniques and Stn, + Plaintext is the original message or data that is‘, into the algorithm as input. + Encryption algorithm performs various substitutcn and transformations on the plaintext, + Secret key is a value independent of the plaintext an of the algorithm. The exact substitutions ang transformations performed by the algorithm depend cx the key. ‘+ Ciphertext is the scrambled message produced as ‘output. It depends on the plaintext and the secret key. + Decryption algorithm takes the ciphertext and the secret key and produces the original plaintext. +The original intelligible message, referred plaintext is converted into random nonsense, referrei to as ciphertext. The science and art of manipulating messages to make them secure is called cryptography. + An original message to be transformed is called the plaintext, and the resulting message after tte transformation is called the ciphertext. «The process of converting the plaintext into ciphertet is called encryption. The reverse process is calle decryption. The encryption process consists of a algorithm and a key. The key controls the algorithm. «The objective is to design an encryption technique » that it would be very difficult or impossible for 2 unauthorized party to understand the contents of th ciphertext. +A user can recover the original message only decrypting the ciphertext using the secret key Depending upon the secret key used, the algoriths will produce a different output. If the secret ki changes, the output of the algorithm also changes. jont® Praintort Encryption input algorithm Fig, 2.2.4 Conventional TECHNICAL PUBLICATIONS® Decryption | Plaintext | ‘algorithm, output neryptlon model + on up-thrust for knowledge ‘Data Encryption Techniques and Standards Decryotion |_x algorithm + Fig. 222 shows the conventional encryption process. ‘The security of the conventional encryption depends on the several factors. The encryption algorithm must be powerful. Decryption message must be difficult. ‘The algorithm depend on the secrecy of the key only. ‘The algorithm is upon to all but only key is to keep secret, As shown in the diagram, the message source is the plaintext. Le. X with the message X and encryption key K as input and ciphertext Y, we can write this as, Y= EX) 222) Using equation (22.1) Y is to be produced by using encryption algorithm E as a function of the plaintext X. ‘The intended receiver in possession of the key, is able to invert the transformation. x=D&Y) ‘+ An opponent, observing Y but not having access to K or X, must attempt to recover X and K or both X and K. It is assumed that the opponent does have knowledge of the encryption (E) and decryption (D) algorithms, (2.2.2) Charactorstics of cryptography 1. The type of operations used for transforming Plaintext to ciphertext. 2. The number of keys used. 3. The way in which the plaintext is processed. Cryptanalysie ‘The process of trying to break any cipher text message to obtain the original plain text message itself is called 38 cryptanalysis. TECHNICAL PUBLICATIONS® Fig. 22.2 Model of conventional eryptosystem ‘«Cryptanalysis is the breaking of codes. The person attempting a cryptanalysis is called as a exyptanalyst. + Brute force attack : The attacker tries every possible key on a piece of cipher text until an intelligible translation into plaintext is obtained. ‘Types of attacks on encrypted messages | fa ‘an up-thrust for knowledge Ss Data Encryption Techniques and Standards ——— — : e 5. Chosen text 1. Eneryplonalgorlthm || Key ageemeny’ A big problem No problem a al 2, Clphertext | je xehange [ Bhs mesge chen bj || Stmbsotion aust Sesser | + ceyplanalyet, together with is i square of of partly 0 cororing yieney || orumdjou ikea Seerated wih the secret ey. | || eps in Eesti \ 4.Purpeted cperint chosen) || emesis” se | by expan wet a) | | ecae | is _comesponting deaypied | Usage aint for canbe weed for | ploinest generted wit the | Grerpdon and sncypon and | i | canpion decption | 2 aban Clara, (Gray | Gmot be used for well efor ‘The various type of cryptanalytic attacks based on the | Sigil sigatares | egnatures(ingrty | info e eryptanalys | iegirand non antnon amount of information known to the cryptanalyst. | Spon repudiation checks) | 1 | anes 22.1.1] Advantages of Symmetric-key Cryptography 4 1. High rates of data throughput. 2.2.2 | Asymmetric Encryption ‘It is also called as public key cryptography. 3. Symmetric-key ciphers can be used as primitives to |, two different keys are used one for encryption and construct various cryptographic mechanisms (ie. : pseudorandom number generators) 4, Symmetric-key ciphers can be composed to produce stronger ciphers. 2. Keys for symmetricckey ciphers are relatively short decryption each. « Both the keys are mathematically related to each other. * These algorithms can not be decrypted easily. ‘Each user has a key therefore key distribution is not necessary. ‘Public key cryptography is more secured than symmetric encryption. 5. Symmetric-key encryption is perceived to have an extensive history. | [224.2] Disadvantages of Symmetric-key Cryptography 1. Key must remain secret at both ends. Roviow Question 2, In large networks, there are many Keys pairs to be 1. Compare between symmetric key encryption and managed asymmetric key encryption. 3. Sound cryptographic practices dictates that the key be changed frequently 2.3 | Cryptography || Digital signature mechanisms arising from | symmetric key encryption typically require either "large keys or the use of third trusted parties. © Cryptography is the practice and study of techniques for secure communication in the presence of third patties Symmottic VIS Asymmetric + Cryptography is the science of writing in secret code ma and is an ancient art Symmetic Key Asymmettic Key Cryptography Cryptography * Cryptography is not only protects data from theft ot alteration, but can also be used for user authentication Key used for Same key Is used One key used for tion) for ition and encryption and | spay ference cere cert ey| | ‘There are, in general, three types of cryptographic ta esed for | Schemes typically used to accomplish these goals * | Secret key cryptography, public ny, and | | 'Y cryptography, public-key cryptography, . | pee Very fast ‘Slower: ‘hash functions. || deeaption | Sie of suiting Usa ling Un same as More thn he encrypted tex!” rls hanthe gna te original clear text - oe woe | / | | dean. | | | » | Fe y TEOWICALPRLaToNs® msm momma Gyper Security 2.3.1 | Terminology and Background « Following text notations are used in this book. $: Sender R: Receiver T: Transmission medium 0: Outsider, interceptor, intruder, attacker, or, adversary « Steps involved in message sending froth § to R via T, 1. Sender encrypts the message to T. 2. Transmission medium delivers the message to recipient. 3, Any time after S transmits it via T, the message is vulnerable to exploitation. 4. Recipient decrypts the received message. +S wants to send a message to R but $ entrusts the message to T who will deliver it to R. So the possible actions of O are to block (interrupt), intercept, modify, fabricate Terminology 1, Encryption : Encryption is the process of encoding a plain text message into not readable. 2. Decryption : Process of transferring an encrypted message back into its normal form. Plaintext : The original form of message 4. Ciphertext : The encrypted form of plain text. 5. Cryptosystem : A system for encryption and decryption is called a cryptosystem. + Encode(encipher) Vs. Decode(decipher) 1. Encoding : The process of translating entire words or phrases to other words or phrases 2 Enciphering : Translating letters or symbols individually. 3. Encryption : The group term that covers both encoding and enciphering. Plaintext Vs. Ciphertext 1. P(plaintext) : The original form of a message. 2 C(ciphertext) : The encrypted form. * Basic operations 1. Plaintext to ciphertext : Encryption : C= E?) 2. Ciphertext to plaintext : Decryption : P= D(C) 3. Requirement : P = D(E(P)) «Fig. 23.1 shows the block diagram of cryptosystem. ane = ciohoront, [oa sina Paints | Ererypton -CBRAELS | ‘Decrpton -_One Pantene Fig. 23.4 Cryptosystom Cryptosystem + Cryptosystems are of two types : Symmetric and asymmetric. In symmetric cryptosystem, same key is used for encryption and decryption. ln Asymmetric cryptosystem, two different keys are used. One key for encryption and another key for decryption. + Fig 23.2 (a) and (b) shows the both cryptosystems. Key “original Planter, Te | oherton, area Se) Eneypton OE Decryption Plaintot Fig. 2.3.2 (a) Symmetric eryptosystem (Ke"= Ko) Encryption key Decryption key ‘| “| a Lo Ea |_ Original Prater | Encryption FORME S| Decryption |S si ae OEY Prainext Fig, 2.3.2 (b) Asymmetric eryptosystem (Ke=/ Ko) Cryptography : Cryptography means hidden writing, the practice of using encryption to conceal text. Cryptanalysis : Cryptanalyst studies encryption and encrypted message, with the goal of finding the hidden meaning of the messages. «Cryptology : Includes both cryptography and cryptanalysis. Cryptanalysis ‘«Cryptanalysis is to break an encryption. Cryptanalyst can do any or all of three different things : 1. Attempt to break a single message. 2. Attempt to recognize pattems in encrypted messages, in order to be able to break subsequent cones by applying a straightforward decryption algorithm, 3, Attempt to find general “weakness in an encryption algorithm, without necessarily having intercepted any messages. TECHNICAL PUBLICATIONS® - an up-trust for knowledge > yrer Secuity 2-6 _Data Encryption Techniques and Stand, Breakable encryption + An encryption algorithm may be breakable, meaning that given enough time and data, an analyst could determine the algorithm, # Pra icality is an issue 1. Fora given cipher scheme, there may be 10™possible decipherments, so the task is to select the right ‘one out of the 10°, = Ceyptanalyst cannot be expected to try just the hard, long way but within this time another efficient algorithm may exist. 3. Estimates of breakability are based on current technology so it is budget dependent. 4 | Substitution Ciphers + A substitution cipher changes characters in the plaintext to produce to ciphertext. A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols. ‘If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns. 2.4.1 | Caesar Ciphor + Coesar cipher is a special case of substitution techniques wherein each alphabet in a message is replaced by an alphabet three places down the line. + Caesar cipher is susceptible to a statistical ciphertext only attack. + For example, _hellow world Baa j ; 910 We 1s Z 24 « The algorithm can be expressed as follows. For each plaintext letter P, substitute the ciphertext letter C : C = EG, P)=(P +3) mod 26 + A shift may be of any amount, so that the general Caesar algorithm is C= EK P)=(+K) mod 26 . where K = Values from 1 to 25 + The decryption algorithm is simply P = Dik, C)=(C-K) mod 26 § +If it is known that a given ciphertext is a Caesar cipher, then a brute force cryptanalysis is easily Performed : Simply try all the 25 possible keys. TECHNICAL PUBLICATIONS® - .8n up-thrust for knowledge ai eDemerits: 1, The encryption and decryption algorithms are known, ‘There are only 25 Keys to try. 3, The language of the plaintext is known and easily recognizable. [za2] Monoalphabetic Cipher + Monoalphabetic cipher substitutes one letter of the alphabet with another letter of the alphabet. However, rather than substituting according to a regular pattem, any letter can be substituted for any other letter, as Jong as each letter has a unique substitute left and vice versa. nOpgtetuvwxiye Cex For example Plaintext message : hello how are you Ciphertext message : acggk akr moc wky ‘+ Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original alphabet. Homophonic substitution cipher ‘It provides multiple substitutes for a single letter. For example, A can be replaced by D,,H, P, R; B can be replaced by E, Q §, T ete. Playfair Cipher +The playfair algorithm is based on the use of a 5x 5 matrix of letters constructed using a keyword. ‘For example : Monarchy is the keyword. * The matrix is constructed by filling in the letters of the Keyword from left to right and from top to bottom and then filling in the remainder of the matrix with the remaining letters in alphabetic order- “The letters and J count as one letter. = Dasa Encryption Techniques and Standen 2.4.4 | Hill Cipher «The encryption algorithm takes m successive plaintext letters and substitutor for them m ciphertext letters. +The substitution is determined by m linear equations jin which each character is assigned a numerical value 25), the system can be Cy = Ky Py + Kip Pp + Kyp Ps) mod 26 Cy = Kay Py + Kyz Pp + Kyg P3) mod 26 (Koy Py + Kap Pp + Kgg Ps) mod 26 «This can be expressed in term of column vectors and matrices : & G)_(Ka Ka Ks )/5 |=] Ka Kz Kes | Fa mod 26 G) (Kn ke Ko lB or C = KP mod 26 Where C and P are column vectors of length 3, representing the plaintext and ciphertext. + K is a3. 3 matrix, representing the encrypting key. + For example = Plaintext = Paymoremoney wv 5 21 18 21 2219 Key &) = ‘The first three letters of the plaintext are represented by the vector. C = KP mod 26 17 17 5\(15 = ]21 18 21]/ 0 |mod 26 2 2 19}(24 375 WW = | 819 | mod 26 =| 13 |= LNS 436) 18 For plaintext pay, ciphertext is LNS, The entire ciphertext is LNSHDLEWMTRW ‘* Decryption requires using the inverse of the matrix K. « The general terms in Hill cipher is Cipher C = E(K, P) = KP mod 26 Plaintext P = D(K, P)= K71C mod 26=K7 KP =P TECHNICAL PUBLICATIONS® - an up-thrist for knowledge dng TECHNICAL PUBLICATIONS® - an up-thrust for knowledge i ag 5 _ 2 a a [ oes |=) oye] =) ax 2 z = 2 vialalele Boos i ge og alelelolz}= ipeeocone z ed Oe Om we D> & BF, [- RE BRRE 5 ge af woalz/zlofa oman 5] ze ¥: “/s/g/z/ ole o/@/e/e] io, iar areal et 3 aE 22 ttt - | g qe ay. | PEL xi mi] [s[=[> [spel > Beg Fas fale[p| eel x] >I 6 « alefol i Fl aeeaecl . : alele | oa8 “iid vel = ae Se PRs als a 2aé gee eos | gif 2 baelly | 822 § Gaggia +} Be = 88 i | late! £a8 z aint x/n/nf

You might also like