Securing Networks

SRTY-6002
Lecture 1
Introduction to Network Security
Professor Bio

Name: Stuart Budden

Email: [email protected]

• Over 25 years of IT industry experience that ranges from network analyst,

solution architect, and entrepreneur.
• Companies: IBM, HP, and owned several businesses
Agenda

• Where is the course information

• Student conduct
• Student success
• Expectations and how things work
• Today’s lecture
Fanshawe Online

• Fanshawe Online SRTY-6002 is the course website.

• EVERYTHING course-related will be posted there

• Content, Virtual Classroom, Submission box, Grades, Resources, Tests, etc

4
Classroom Conduct

• Eating and drinking

• Asking a question
• Cell phones muted or turned off
• Non-educational use of laptops
• Disturbing others will not be tolerated

• Testing
• Current and tested Respondus Lockdown Browser
• Hard wired Ethernet access (RJ45 patch cable)
• Working, tested, fully powered laptop (lost time due to PC problems is not recoverable)
• Student card displayed at all times

5
Student Success

• This is a “Lecture style” class, so I suggest you take notes

• Do NOT underestimate this course!
• Slides are a HANDOUT that highlights key points, but they do not cover all you need to
know.
• Not all concepts are fully explained on the slides
• Everything in the lessons / textbooks / exercises is fair game for the tests.
• Ask questions if you don’t “get” something – you likely won’t be the only person.
• Memory alone will not suffice. Understanding and Application are key!!

6
Student Success
• Attendance is required!
• Be on time
• Take notes this is essential
• Hand in ALL assignments
• Put the assignment name and your last name in the file name
• Assignments need a cover page that includes 5 things:
• your name, student number, course code, assignment number, and date
• All assignments submitted via FOL in the correct dropbox!
• Assignments submitted in any other method including email will not get review or graded.
• Assignments submitted using the wrong dropbox will not get graded.
• Dropbox is open until the noted time, example 11:59pm. You must submit before this time.
• Assignments must have references - Failure to do this may result in an academic offense which
could result in a grade of zero for the assignment
• Assignments submitted compressed are not accepted - 
• Assignments submitted compressed will not be marked and will result in a mark of 0
• Prepare properly for tests – include your laptop, PS, cables,
• Do all the homework
• Do NOT miss tests

7
References

• All assignments must have be referenced properly cited as noted in the

APA guide linked below.

• APA Guide: Version 7

• Failure to provide references may result in an academic offence.

Missed tests or rewrites...

• Missed Tests
• Students are not entitled to complete missed tests
• In case of a significant event supported by documentation AND professor’s approval AND
prior notification, a missed test may be completed
• Rewrites & extra grade items
• Students will not be permitted to rewrite tests
• Students will not be entitled to extra work or assignments in order to raise a grade
• Talk to the professor if you have an extenuating circumstances.

9
Course Information Sheet

• Learning Outcomes
• What you are expected to be able to demonstrate that you have
learned
• Questions on tests will reflect these items

• Detailed Content
• What you should expect to be taught each week
• Content & tests or assignments

10
 Lecture 1

Introduction to Network Security

Cryptographic algorithms and protocols can
be grouped into four main areas:
Symmetric encryption

• Used to conceal the contents of blocks or streams of data of any

size, including messages, files, encryption keys, and passwords

Asymmetric encryption

• Used to conceal small blocks of data, such as encryption keys and

hash function values, which are used in digital signatures

Data integrity algorithms

• Used to protect blocks of data, such as messages, from alteration

Authentication protocols

• Schemes based on the use of cryptographic algorithms designed to

authenticate the identity of entities
The field of network and
Internet security consists of:

measures to deter,
prevent, detect, and
correct security
violations that involve
the transmission of
information
Computer Security

The NIST Computer Security Handbook defines the term computer security
as:
“the protection afforded to an automated information system in order
to attain the applicable objectives of preserving the integrity, availability and
confidentiality of information system resources” (includes hardware, software,
firmware, information/ data, and telecommunications)
Computer Security Objectives
Confidentiality
• Data confidentiality
• Assures that private or confidential information is not made available or
disclosed to unauthorized individuals
• Privacy
• Assures that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may
be disclosed

Integrity
• Data integrity
• Assures that information and programs are changed only in a specified and
authorized manner
• System integrity
• Assures that a system performs its intended function in an unimpaired manner,
free from deliberate or inadvertent unauthorized manipulation of the system

Availability
• Assures that systems work promptly and service is not denied to
authorized users
Breach of Security - Levels of Impact

• The loss could be expected to have a severe or

Hi catastrophic adverse effect on organizational

operations, organizational assets, or individuals

gh
• The loss could be expected to have a
serious adverse effect on organizational

Moderate operations, organizational assets, or

individuals

• The loss could be expected to

have a limited adverse effect on
organizational operations,

Low organizational assets, or

individuals
Computer Security Challenges

• Security is not simple • Security mechanisms typically

• Potential attacks on the security features involve more than a particular
need to be considered algorithm or protocol
• Procedures used to provide particular • Security is essentially a battle of
services are often counter-intuitive wits between a perpetrator and
• It is necessary to decide where to use the designer
the various security mechanisms • Little benefit from security
• Requires constant monitoring investment is perceived until a
security failure occurs
• Is too often an afterthought
• Strong security is often viewed
as an impediment to efficient
and user-friendly operation
OSI Security Architecture

• Security attack
• Any action that compromises the security of information owned by an organization
• Security mechanism
• A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack
• Security service
• A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization
• Intended to counter security attacks, and they make use of one or more security
mechanisms to provide the service
Table 1.1
Threats and Attacks (RFC 4949)

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Security Attacks

•A means of classifying
security attacks, used both in
X.800 and RFC 4949, is in
terms of passive attacks and
active attacks
•A passive attack attempts to
learn or make use of
information from the system
but does not affect system
resources
•An active attack attempts to
alter system resources or
affect their operation
 Passive Attacks

• Two types of passive attacks are:

• The release of message contents
• Traffic analysis

• Are in the nature of

eavesdropping on, or
monitoring of,
transmissions
• Goal of the opponent is to
obtain information that is
being transmitted
 Active Attacks

• Involve some modification of the

• Takes place when one entity
data stream or the creation of a pretends to be a different entity
false stream Masquerade • Usually includes one of the other
• Difficult to prevent because of the forms of active attack

wide variety of potential physical,

software, and network • Involves the passive capture of a
vulnerabilities data unit and its subsequent
Replay retransmission to produce an
• Goal is to detect attacks and to unauthorized effect
recover from any disruption or
delays caused by them
Modification • Some portion of a legitimate
message is altered, or messages
of are delayed or reordered to
messages produce an unauthorized effect

• Prevents or inhibits the normal use

Denial of or management of
service communications facilities
Security Services

• Defined by X.800 as:

• A service provided by a protocol layer of communicating open systems and that
ensures adequate security of the systems or of data transfers

• Defined by RFC 4949 as:

• A processing or communication service provided by a system to give a specific kind
of protection to system resources
 Table 1.2

Security
Services
(X.800)

(This table is found on

page 12 in textbook)
Authentication

• Concerned with assuring that a communication is authentic

• In the case of a single message, assures the recipient that the message is from the
source that it claims to be from
• In the case of ongoing interaction, assures the two entities are authentic and that
the connection is not interfered with in such a way that a third party can masquerade
as one of the two legitimate parties

Two specific authentication services are defined in

X.800:
• Peer entity authentication
• Data origin authentication
Access Control

• The ability to limit and control the access to host systems and
applications via communications links
• To achieve this, each entity trying to gain access must first be
indentified, or authenticated, so that access rights can be tailored to the
individual
Data Confidentiality

• The protection of transmitted data from passive attacks

• Broadest service protects all user data transmitted between two users over a period of
time
• Narrower forms of service includes the protection of a single message or even specific
fields within a message
• The protection of traffic flow from analysis
• This requires that an attacker not be able to observe the source and destination,
frequency, length, or other characteristics of the traffic on a communications facility
Data Integrity

Can apply to a stream of messages, a single

message, or selected fields within a message

Connection-oriented integrity service, one that deals

with a stream of messages, assures that messages
are received as sent with no duplication, insertion,
modification, reordering, or replays

A connectionless integrity service, one that deals

with individual messages without regard to any
larger context, generally provides protection against
message modification only
Nonrepudiation

• Prevents either sender or receiver from denying a transmitted message

• When a message is sent, the receiver can prove that the alleged sender in fact
sent the message
• When a message is received, the sender can prove that the alleged receiver in
fact received the message
Availability Service

• Protects a system to ensure its availability

• This service addresses the security concerns raised by denial-of-service
attacks
• It depends on proper management and control of system resources and
thus depends on access control service and other security services
Security Mechanisms (X.800)

Specific Security
Mechanisms
• Encipherment
• Digital signatures
• Access controls
• Data integrity Pervasive Security Mechanisms
• Authentication exchange
• Trusted functionality
• Traffic padding
• Security labels
• Routing control
• Event detection
• Notarization
• Security audit trails
• Security recovery
 Table 1.3

Security
Mechanisms
(X.800)

(This table is found on

pages 14-15 in textbook)
Relationship between Security Services and Mechanisms

Encipherment Digital Access Data Authentication Routing Notarization

signature control integrity exchange control
Peer entity Y Y Y
authentication
Data origin Y Y
authentication
Access Y
control
Confidentiality Y Y

Traffic flow Y Y Y
confidentiality
Data integrity Y Y Y

Nonrepudiatio Y Y Y
n
Availability Y Y
Fundamental Security Design Principles

• Least common mechanism

• Economy of mechanism
• Psychological acceptability
• Fail-safe defaults
• Isolation
• Complete meditation
• Encapsulation
• Open design
• Modularity
• Separation of privilege
• Layering
• Least privilege
• Least astonishment
Fundamental Security Design Principles

Economy of mechanism Fail-safe defaults

• Means that the design of • Means that access decisions
security measures embodied in should be based on permission
both hardware and software rather than exclusion
should be as simple and small • The default situation is lack of
as possible access, and the protection
• Relatively simple, small design scheme identifies conditions
is easier to test and verify under which access is permitted
thoroughly • Most file access systems and
• With a complex design, there virtually all protected services on
are many more opportunities for client/server use fail-safe defaults
an adversary to discover subtle
weaknesses to exploit that may
be difficult to spot ahead of time
Fundamental Security Design Principles

Complete mediation Open design

• Means that every access must
be checked against the access • Means that the design of a security
control mechanism mechanism should be open rather
than secret
• Systems should not rely on
access decisions retrieved from • Although encryption keys must be
a cache secret, encryption algorithms should
be open to public scrutiny
• To fully implement this, every
• Is the philosophy behind the NIST
time a user reads a field or
program of standardizing encryption
record in a file, or a data item in
and hash algorithms
a database, the system must
exercise access control
• This resource-intensive
approach is rarely used
Fundamental Security Design Principles

Separation of privilege Least privilege

•Defined as a practice in which •Means that every process and
multiple privilege attributes are every user of the system should
required to achieve access to a operate using the least set of
restricted resource privileges necessary to perform
•Multifactor user authentication the task
is an example which requires •An example of the use of this
principle is role-based access
the use of multiple techniques,
control; the system security
such as a password and a policy can identify and define the
smart card, to authorize a user various roles of users or
processes and each role is
assigned only those permissions
needed to perform its functions
Fundamental Security Design Principles

Least common mechanism Psychological acceptability

• Means that the design should • Implies that the security mechanisms
minimize the functions shared should not interfere unduly with the
by different users, providing work of users, while at the same time
mutual security meeting the needs of those who
authorize access
• This principle helps reduce the
number of unintended • Where possible, security mechanisms
communication paths and should be transparent to the users of
reduces the amount of hardware the system or, at most, introduce
and software on which all users minimal obstruction
depend, thus making it easier to • In addition to not being intrusive or
verify if there are any burdensome, security procedures
undesirable security implications must reflect the user’s mental model
of protection
Fundamental Security Design Principles

Isolation Encapsulation
• Applies in three contexts: • Can be viewed as a specific
• Public access systems should be form of isolation based on
isolated from critical resources to object-oriented functionality
prevent disclosure or tampering
• Protection is provided by
• Processes and files of individual
users should be isolated from one
encapsulating a collection of
another except where it is explicitly procedures and data objects in
desired a domain of its own so that the
• Security mechanisms should be internal structure of a data
isolated in the sense of preventing object is accessible only to the
access to those mechanisms procedures of the protected
subsystem, and the procedures
may be called only at
designated domain entry points
Fundamental Security Design Principles

Modularity Layering
• Refers both to the development of • Refers to the use of multiple,
security functions as separate, overlapping protection approaches
protected modules and to the use addressing the people,
of a modular architecture for technology, and operational
mechanism design and aspects of information systems
implementation • The failure or circumvention of
any individual protection approach
will not leave the system
unprotected
Fundamental Security Design Principles

Least astonishment
• Means that a program or user interface should always respond in
the way that is least likely to astonish the user
• The mechanism for authorization should be transparent enough
to a user that the user has a good intuitive understanding of how
the security goals map to the provided security mechanism
Attack Surfaces

• An attack surface consists of the reachable and exploitable vulnerabilities in a

system
• Examples:
• Open ports on outward facing Web and other servers, and code listening on those ports
• Services available on the inside of a firewall
• Code that processes incoming data, email, XML, office documents, and industry-specific
custom data exchange formats
• Interfaces, SQL, and Web forms
• An employee with access to sensitive information vulnerable to a social engineering
attack
Attack Surface Categories

• Network attack surface

• Refers to vulnerabilities over an enterprise network, wide-area network, or the
Internet
• Software attack surface
• Refers to vulnerabilities in application, utility, or operating system code
• Human attack surface
• Refers to vulnerabilities created by personnel or outsiders
Attack Surface
Attack Tree

• A branching, hierarchical data structure that represents a set of potential

techniques for exploiting security vulnerabilities
• The security incident that is the goal of the attack is represented as the
root node of the tree, and the ways that an attacker could reach that
goal are represented as branches and subnodes of the tree
• The final nodes on the paths outward from the root, (leaf nodes),
represent different ways to initiate an attack
• The motivation for the use of attack trees is to effectively exploit the
information available on attack patterns
Example Attack Tree
Model for Network Security
Network Access Security Model
Unwanted Access

• Placement in a computer system of logic that exploits vulnerabilities in

the system and that can affect application programs as well as utility
programs such as editors and compilers
• Programs can present two kinds of threats:
• Information access threats
• Intercept or modify data on behalf of users who should not have access to that data
• Service threats
• Exploit service flaws in computers to inhibit use by legitimate users
Standards
National Institute of Standards and Technology

• NIST is a U.S. federal agency that deals with measurement science, standards, and technology related
to U.S. government use and to the promotion of U.S. private-sector innovation
• Despite its national scope, NIST Federal Information Processing Standards (FIPS) and Special
Publications (SP) have a worldwide impact

Internet Society

• ISOC is a professional membership society with world-wide organizational and individual membership
• Provides leadership in addressing issues that confront the future of the Internet and is the organization
home for the groups responsible for Internet infrastructure standards

ITU-T

• The International Telecommunication Union (ITU) is an international organization within the United
Nations System in which governments and the private sector coordinate global telecom networks and
services
• The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the ITU and
whose mission is the development of technical standards covering all fields of telecommunications

ISO

• The International Organization for Standardization is a world-wide federation of national standards

bodies from more than 140 countries
• ISO is a nongovernmental organization that promotes the development of standardization and related
activities with a view to facilitating the international exchange of goods and services and to developing
cooperation in the spheres of intellectual, scientific, technological, and economic activity
Introduction to Number Theory
What is Number Theory

• Number theory is the study of integers and an introductory study of number

theory involves exploring many common relationships between integers.

• Divisibility: Divisibility is the ability of a number to be evenly divided by another number.

For example, four divided by two is equal to two, an integer, and therefore we say four is
divisible by two.

• Modularity: Modular arithmetic is a special type of arithmetic that involves only integers.
Since modular arithmetic is such a broadly useful tool in number theory.

• Prime Numbers: A prime number (or simply prime) is a positive integer $p>1$ whose only
positive divisors are 1 and itself.
• Source:
• Glenn Olson:
https://www.youtube.com/playlist?list=PLr3WmPgPWZfX1HUpeyKkP6ir2wOFhqXMO
• Videos: 5, 6, 7 ,8, 9, 14, 18, 19, 20, 21, 22, 23, 67, 68, 70, 71, 72, 74, 75
Subset of Numbers

• Integers
• …-3,-2,-1,0,1,2,3…

• Whole Numbers
• 0,1,2,3….

• Counting Numbers (Natural Numbers)

• 1,2,3…
Even, Odd, Perfect Squares

• Even: 2k Where k is an integer

• Odd: 2k+1

• Show 10 is even: 10= 2 x 5

• Show 7 is odd: 7 = 2 x 3 +1

• Is zero (0) even or odd or neither? 0=2 x 0

• List the first 15 perfect squares:

1,4,9,16,25,36,49,64,81,100,121,144,169,196,225
Divisibility
• What is divisibility? Divisibility is dividing evenly with no remainder
• 20 is divisible by 5
• 20 / 5 = 4 remainder = 0
• Rule of zero (0) – is divisible by all integers except 0
• Rule for 2 – if the last digit is divisible by 2 then the entire number is divisible by 2
• Rule for 4 – 22 if the last two digits are divisible by 4 then the entire number is
divisible by 4
• Rule for 8 – 23 if the last three digits are divisible by 8 then the entire number is
divisible by 8

• Rule for 3 – is the sum of the digits is divisible by 3 then then the entire number is
divisible by 3

• Rule for 9 – is the sum of the digits is divisible by 9 then then the entire number is
divisible by 9
Divisibility Problems

• Is 123,456,789 divisible by 9?

• Is 211,111,235,416 divisible by 18?

• Is 55,682,168,544 divisible by 36?

• 13,64a is divisible by 3. a=?

• 153,453,763,6a2 is divisible by 4. a=?

• 1,26a is divisible by 6 . a=?

• 345,987,097,5430a4 is divisible by 8 a=?

• 132,243,112,3a6 is divisible by 12 a=?

• 12a3b is divisible by both 4 and 9
•a ≠ b
• Find the value of digit a
Primes

• Prime is a natural number with only two positive distinct divisors of 1 and itself.
• Examples are 7= 1x7

• Composite is a natural number with some other positive divisor besides 1 and
itself
• Examples 6 6=1x6 and 6 = 2x3

• Relatively Prime (Coprime) are natural numbers with no positive divisor in

common besides 1
• Examples 8 and 13
Prime Problems

• What is 1?
• Is it prime
• Is it composite
• Or neither

• Smallest composite integer relatively prime to both 30 and 91?

• What is the smallest composite integer which is not divisible by the first 8 prime
numbers?
Prime Factors

• What is the largest prime factor of 247?

• Write 748 as a product of primes

Divisibility

• We say that a nonzero b divides a if a = mb for some m, where a, b, and m are

integers
• b divides a if there is no remainder on division
• The notation b | a is commonly used to mean b divides a
• If b | a we say that b is a divisor of a

The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24

13 | 182; - 5 | 30; 17 | 289; - 3 | 33; 17 | 0
Properties of Divisibility

• If a | 1, then a = ±1
• If a | b and b | a, then a = ±b
• Any b ≠ 0 divides 0
•If a | b and b | c, then a | c

•If b | g and b | h, then b | (mg + nh) for arbitrary integers m and n

11 | 66 and 66 | 198 = 11 | 198

Properties of Divisibility
• To see this last point, note that:
•If b | g , then g is of the form g = b * g1 for some integer g1
•If b | h , then h is of the form h = b * h1 for some integer h1
•So:
•mg + nh = mbg1 + nbh1 = b * (mg1 + nh1 )
and therefore b divides mg + nh

b = 7; g = 14; h = 63; m = 3; n = 2
7 | 14 and 7 | 63.
To show 7 (3 * 14 + 2 * 63),
we have (3 * 14 + 2 * 63) = 7(3 * 2 + 2 * 9),
and it is obvious that 7 | (7(3 * 2 + 2 * 9)).
Division Algorithm

• Given any positive integer n and any nonnegative integer a, if we divide

a by n we get an integer quotient q and an integer remainder r that obey
the following relationship:

a = qn + r 0 ≤ r < n; q = [a/n]
Relationships
Euclidean Algorithm

• One of the basic techniques of number theory

• Procedure for determining the greatest common divisor of two positive integers
• Two integers are relatively prime if their only common positive integer factor is
1
Greatest Common Divisor (GCD)

•The greatest common divisor of a and b is the largest integer that

divides both a and b
•We can use the notation gcd(a,b) to mean the greatest common
divisor of a and b
•We also define gcd(0,0) = 0
•Positive integer c is said to be the gcd of a and b if:
•c is a divisor of a and b
•Any divisor of a and b is a divisor of c

• An equivalent definition is:

gcd(a,b) = max[k, such that k | a and k | b]

 GCD
•Because we require that the greatest common divisor be
positive, gcd(a,b) = gcd(a,-b) = gcd(-a,b) = gcd(-a,-b)
•In general, gcd(a,b) = gcd(| a |, | b |)

•Also, because all nonzero integers divide 0, we have gcd(a,0)

=|a| gcd(60, 24) = gcd(60, - 24) = 12

•We stated that two integers a and b are relatively prime if their
only common positive integer factor is 1; this is equivalent to
saying that a and b are relatively prime if gcd(a,b) = 1

8 and 15 are relatively prime because the positive divisors of 8 are 1, 2,

4, and 8, and the positive divisors of 15 are 1, 3, 5, and 15. So 1 is the
only integer on both lists.
Euclidean Algorithm
Euclidean Algorithm Example
Table 2.1 - Euclidean Algorithm Example

(This table can be found on page 34 in the textbook)

Modular Arithmetic

• The modulus
• If a is an integer and n is a positive integer, we define a mod n to be the remainder when a
is divided by n; the integer n is called the modulus
• Thus, for any integer a:
a = qn + r 0 ≤ r < n; q = [a/ n]
a = [a/ n] * n + ( a mod n)

11 mod 7 = 4; - 11 mod 7 = 3
Modular Arithmetic

• Congruent modulo n
• Two integers a and b are said to be congruent modulo n if (a mod n) = (b mod
n)
• This is written as a = b(mod n)2
• Note that if a = 0(mod n), then n | a

73 = 4 (mod 23); 21 = - 9 (mod 10)

Properties of Congruences

•Congruences have the following properties:

1. a = b (mod n) if n (a – b)
2. a = b (mod n) implies b = a (mod n)
3. a = b (mod n) and b = c (mod n) imply a = c (mod n)
•To demonstrate the first point, if n (a - b), then (a - b) = kn for some k
•So we can write a = b + kn
•Therefore, (a mod n) = (remainder when b + kn is divided by n) = (remainder
when b is divided by n) = (b mod n)

23 = 8 (mod 5) because 23 - 8 = 15 = 5 * 3
- 11 = 5 (mod 8) because - 11 - 5 = - 16 = 8 * (- 2)
81 = 0 (mod 27) because 81 - 0 = 81 = 27 * 3
Modular Arithmetic
•Modular arithmetic exhibits the following properties:
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

2. [(a mod n) - (b mod n)] mod n = (a - b) mod n

3. [(a mod n) * (b mod n)] mod n = (a * b) mod n

•We demonstrate the first property:

•Define (a mod n) = ra and (b mod n) = rb. Then we can
write a = ra + jn for some integer j and b = rb + kn for some
integer k
•Then:
(a + b) mod n = (ra + jn + rb + kn) mod n
= (ra + rb + (k + j)n) mod n
= (ra + rb) mod n
= [(a mod n) + (b mod n)] mod n
Remaining Properties:

• Examples of the three remaining properties:

11 mod 8 = 3; 15 mod 8 = 7
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2
(11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) - (15 mod 8)] mod 8 = - 4 mod 8 = 4
(11 - 15) mod 8 = - 4 mod 8 = 4
[(11 mod 8) * (15 mod 8)] mod 8 = 21 mod 8 = 5
(11 * 15) mod 8 = 165 mod 8 = 5
Table 2.2(a) - Arithmetic Modulo 8

(This table can be found on page 37 in the textbook)

Table 2.2(b) - Multiplication Modulo 8

(This table can be found on page 37 in the textbook)

Table 2.2(c)

Additive
and
Multiplicative Inverse

Modulo 8

(This table can be found on page 37 in the textbook)

Table 2.3 - Properties of Modular Arithmetic for Integers in Zn

(This table can be found on page 38 in the textbook)

Table 2.4 - Extended Euclidean Algorithm Example

(This table can be found on page 43 in the textbook)

Result: d = 1; x = –111; y = 355
Prime Numbers

•Prime numbers only have divisors of 1 and itself

•They cannot be written as a product of other numbers
•Prime numbers are central to number theory
• Any integer a > 1 can be factored in a unique way as

a = p1 a1 * p2 a2 * . . . * pp1 a1
where p1 < p2 < . . . < pt are prime numbers and where each ai is a
positive integer
•This is known as the fundamental theorem of arithmetic
 Table 2.5
Primes Under 2000
Primes less than 2000

(This table can be found on page 44 in the textbook)

Fermat's Theorem

•States the following:

•If p is prime and a is a positive integer not divisible by p then
ap-1 = 1 (mod p)
•An alternate form is:
•If p is prime and a is a positive integer then
ap = a (mod p)
Euler's Theorem

• States that for every a and n that are relatively prime:

aø(n) = 1(mod n)
• An alternative form is:
aø(n)+1 = a(mod n)
Table 2.6 - Some Values of Euler’s Totient Function ø(n)

(This table can be found on page 48 in the textbook)

Miller-Rabin Algorithm
•Typically used to test a large number for primality

•Algorithm is:
TEST (n)

1.
• Find integers k, q, with k > 0, q odd, so that (n – 1)=2kq ;

2.
• Select a random integer a, 1 < a < n – 1 ;

• if aq mod n = 1 then return (“inconclusive") ;

3.

4.
• for j = 0 to k – 1 do

5.
• if (a2jq mod n = n – 1) then return (“inconclusive") ;

6.
• return (“composite") ;
Deterministic Primality Algorithm

•Prior to 2002 there was no known method of efficiently proving the

primality of very large numbers

•All of the algorithms in use produced a probabilistic result

•In 2002 Agrawal, Kayal, and Saxena developed an algorithm that

efficiently determines whether a given large number is prime
•Known as the AKS algorithm
•Does not appear to be as efficient as the Miller-Rabin algorithm
Chinese Remainder Theorem (CRT)

•Believed to have been discovered by the Chinese mathematician Sun-

Tsu in around 100 A.D.
•One of the most useful results of number theory
•Says it is possible to reconstruct integers in a certain range from their
residues modulo a set of pairwise relatively prime moduli
•Can be stated in several ways

Provides a way to manipulate (potentially very large)

numbers mod M in terms of tuples of smaller numbers
• This can be useful when M is 150 digits or more
• However, it is necessary to know beforehand the
factorization of M
Table 2.7 - Powers of Integers, Modulo 19

(This table can be found on page 57 in the textbook)

Table 2.8 - Tables of Discrete Logarithms, Modulo 19

(This table can be found on page 60 in the textbook)

Summary
• Computer security concepts • Security services
• Definition • Authentication
• Examples • Access control
• Challenges • Data confidentiality
• The OSI security architecture • Data integrity
• Security attacks • Nonrepudiation
• Passive attacks • Availability service
• Active attacks • Security mechanisms
• Fundamental security design
• Attack surfaces and attack trees principles
• Network security model
• Standards
Summary (con’t)

• Divisibility and the division algorithm • Fermat’s Theorem

• The Euclidean algorithm • Euler’s totient function
• Greatest Common Divisor • Euler’s Theorem
• Finding the Greatest Common Divisor • Testing for primality
• Modular arithmetic • Miller-Rabin algorithm
• The modulus • A deterministic primality algorithm
• Properties of congruences • Distribution of primes
• Modular arithmetic operations • The Chinese Remainder Theorem
• Properties of modular arithmetic • Discrete logarithms
• Euclidean algorithm revisited • Powers of an integer, modulo n
• The extended Euclidean algorithm • Logarithms for modular arithmetic
• Calculation of discrete logarithms
• Prime numbers
Copyright

• Slides 12-84 © 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.