Docstoc

NETWORK DESIGN SECURITY AND MANAGEMENT

Document Sample
NETWORK DESIGN SECURITY AND MANAGEMENT Powered By Docstoc
					              NETWORK DESIGN SECURITY AND MANAGEMENT
                              (IF452)

OVERVIEW OF NETWORK SECURITY

1.What is Encipherment?
     The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an
algorithm and zero or more encryption keys.

2.What are the four basic tasks in designing a particular security service?
   1. Design an algorithm for performing the security-related transformation.
      The algorithm should be such that an opponent cannot defeat its purpose.
   2. Generate the secret information to be used with the algorithm.
   3. Develop methods for the distribution and sharing of the secret information
   4. Specify a protocol to be used by the two principals that makes use of the
      security algorithm and the secret information to achieve a particular security.

3.Define Threats.
       Information access threats intercept or modify data on behalf of users who should
   not have access to that data.
       Service threats exploit service flaws in computers to inhibit use by legitimate
   users.

4.What is the use of digital signature?
      Data appended to, or a data unit that allows a recipient of the data unit to prove the
source and integrity if the data unit and protect against forgery.

5.Define security recovery.
      Security recovery deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions.

6.What are the aspects of information security?
  There are three aspects of the information security.
      Security attack
      Security mechanism
      Security Service
7.List some common information integrity functions?
      Identification
      Authorization
      Concurrence
      Liability
      Endorsement
      Validation
      Time of occurrence
      Registration
8.What is meant by threat?
     A potential for violation of security, which exists when there is a
circumstances,capability,action or event that could breach security and cause harm. That
is, a threat is a possible danger that might exploit a vulnerability.

9.What is meant by attack?
     An attack on system security that derives from an intelligent threat: that is an
intelligent act that is a deliberate attempt(especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.

10.State some example of security attacks?
   1.Gain unauthorized access to information(ie.violate secrecy or privacy)
   2.Disavow responsibility or liability for information the cheater did originate.
   3.Enlarge cheater’s legitimate license(for access ,origination, distribution etc).
   4.Pervert the function of software, typically by adding a covert function.
   5.Cause others to violate a protocol by means of introducing incorrect information.

CLASSICAL ENCRYPTION TECHNIQUES
1.What are the essential ingredients of a symmetric cipher?
       A symmetric encryption scheme has five ingredients:
       Plaintext: This is the original intelligible message or data that is fed into the
   algorithm as input.
       Encryption algorithm: The encryption algorithm performs various substitutions
   and transformations on the plaintext.
       Secret Key: The secret key is also input to the encryption algorithm. The key is
   the value independent of the plaintext. The algorithm will produce a different output
   depending on the specific key being used at the time. The exact substitutions and
   transformations performed by the algorithm depend on the key.
       Cipher text: This is the scrambled message produced as output. It depends on the
   plaintext and the key.
       Decryption algorithm: This is essentially the encryption algorithm in reverse. It
   takes the cipher text and the secret key and produces the original plaintext.

2.What are the two basic functions used in the encryption algorithm?
        All the encryption algorithms are based on two general principles:
        Substitution: In which each element in the plaintext(bit, letter, group of bits or
   letters) is mapped into another element.
        Transposition: In which elements in the plaintext are rearranged.
        The fundamental requirement is that no information be lost(that is ,that all
        operations are reversible). Most systems, referred to as product systems, involve
        multiple stages of substitutions and transpositions.
3.How many keys are required for two people to communicate via a cipher?
        If both sender and receiver use the same key, the system is referred as symmetric,
single-key, secret-key or conventional encryption. If both sender and receiver uses a
different key, the system is referred as asymmetric, two-key or public key encryption.

4.What is the difference between a block cipher and a stream cipher?
        A block cipher processes the input one block at a time, producing an output block
for each input block.
        A stream cipher processes the input continuously, producing output one element
at a time, as it goes alone.

5.What are the two general approaches to attacking a cipher?
       The general two approaches for attacking a cipher
       Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus
   perhaps some knowledge of the general characteristics of the plaintext or even some
   samples plaintext-cipher text pairs. This type of attack exploits the characteristics of
   the algorithm to attempt to deduce a specific plaintext or to deduce the key being
   used. If the attack succeeds in deducing the key, the effect is catastrophic: All future
   and past messages encrypted with the key are compromised.
       Brute-force attack: The attacker tries every possible key on a piece of cipher text
   until an intelligible translation into plaintext is obtained. On average, half of all
   possible keys must be tried to achieve success.

6.List and briefly define types of cryptanalytic attacks based on what is known to
the attacker?
The various types of cryptanalytic attacks, based on the amount of information known to
the cryptanalyst
          Type of attack                                 Known to cryptanalyst
Cipher text                                         Encryption algorithm
                                                    Cipher text to be decoded
Known plaintext                                     Encryption algorithm
                                                    Cipher text to be decoded
                                                    One or more plaintext-cipher text
                                                 pairs formed with the secret key
Chosen plaintext                                    Encryption algorithm
                                                    Cipher text to be decoded
                                                    Plaintext message chosen by
                                                 cryptanalyst, together with its
                                                 corresponding cipher text generated
                                                 with the secret key.
Chosen cipher text                                  Encryption algorithm
                                                    Cipher text to be decoded
                                                    Purported cipher text chosen by
                                                 cryptanalyst, together with its
                                                 corresponding decrypted plaintext
                                                 generated with the secret key.
Chosen text                                         Encryption algorithm
                                                    Cipher text to be decoded
                                                    Plaintext message chosen by
                                                 cryptanalyst, together with its
                                                 corresponding cipher text generated
                                                 with the secret key.
                                                    Purported cipher text chosen by
                                                 cryptanalyst, together with its
                                                 corresponding decrypted plaintext
                                                 generated with the secret key


7.What is the difference between an unconditionally secure cipher and a
computationally secure cipher?
        An encryption scheme is unconditionally secure if the cipher text generated by the
scheme does not contain enough information to determine uniquely the corresponding
plaintext, no matter how much cipher text is available.
        An encryption scheme is said to be computationally secure if:
        The cost of breaking the cipher exceeds the value of the encrypted information.
        The time required to break the cipher exceeds the useful lifetime of the
    information.

8.Briefly define the Caesar cipher?
         The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places down the alphabet .The alphabet is wrapped around, so that the
letter following Z is A.
                C = E (p) = (p + 3) mod (26)
       The general Caesar cipher algorithm is
              C = E (p) = (p + k) mod (26)
            where k takes the value in the range 1 to 25
       The decryption algorithm is
               p = D(C) = (C - k) mod (26)

9.Briefly define the monoalphabetic cipher?
        A dramatic increase in the key space is achieved by allowing an arbitrary
substitution. There are 26! Possible keys. It is referred to as monoalphabetic substitution
cipher, because a single cipher alphabet is used per message.

10.Briefly define the Playfair cipher?        
         The Playfair cipher treats the digrams in the plaintext as single units and translates
these units into ciphertext digrams. This algorithm is based on the use of a 5 by 5 matrix
of letters constructed using keyword. Consider keyword as monarchy. The matrix is
constructed by filling in the letters of the keyword from left to right and from top to
bottom, and then filling in the remainder of the matrix with the remaining letters. The
letters I, J count as one letter

                             M    O   N    A      R
                             C    H   Y    B      D
                             E    F   G    I/J    K
                             L    P   Q    S      T
                             U    V   W    X      Z

     The rules to be followed are:
        Repeating plaintext letters that come in the same pair are separated with a filer
   letter, such as x.
        Plaintext letters that fall in the same row are replaced by the letter to the right,
   with the first element of the row circularly following the first.
        Plaintext letters that fall in the same column are replaced by the letter beneath,
   with the top element circularly following the last.
        Otherwise each letter is replaced by the letter that lies in its own row and the
   column occupied by the other plaintext.

11.What is the difference between a monoalphabetic cipher and a polyalphabetic
cipher?
       In monoalphabetic cipher single cipher alphabet is used per message. But in
polyalphabetic cipher there are multiple ciphertext letters for each plaintext letter, one for
each unique letter of keyword.

12.What are two problems with the one-time pad?
     The one- time pad has the following two fundamental difficulties:
         (a)          There is the practical problem of making large quantities of
             random keys. Supplying truly random characters in this volume is a
             significant task.
           (b)           For every message to be sent, a key of equal length is needed by
                 both sender and receiver. Thus a mammoth key distribution problem exists.

BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD
1.Why is it important to study the Feistel Cipher?
          Feistel cipher using the concept of a product cipher, which is the performing of
two or more basic ciphers in sequence in such a way that the final result or
product is cryptographically stronger then any of the component ciphers.
       Feistel proposed the use of a cipher that alternates substitutions and permutations.
So Feistel cipher is considered to be an important one.

2.What is the difference between a block cipher and a stream cipher?
       A block cipher process the input one block of elements at a time producing an
output block for each input block.
       A stream cipher process the input elements continuously , producing output one
element at a time, as it goes along.

3.Why is it not practical to use an arbitrary reversible substitution cipher of the
kind shown in Table.
              Encryption and decryptions tables for substitution cipher
          Plain Text     Cipher                   Cipher          Plain Text
                         Text                     Text
          0000           1110                     0000            1110
          0001           0100                     0001            0011
          0010           1101                     0010            0100
          0011           0001                     0011            1000
          0100           0010                     0100            0001
          0101           1111                     0101            1100
          0110           1011                     0110            1010
          0111           1000                     0111            1111
          1000           0011                     1000            0111
          1001           1010                     1001            1101
          1010           0110                     1010            1001
          1011           1100                     1011            0110
          1100           0101                     1100            1011
          1101           1001                     1101            0010
          1110           0000                     1110            0000
          1111           0111                     1111            0101


In this example the key requires 64 bits. In general, for an n-bit general substitution block
cipher, the size of the key is n*2n. For a 64-bit block, which is a desirable length to thwart
statistical attacks, the key size is 64*264 = 270 ~ 1021 bits. So it is not practical to use an
arbitrarily reversible substitution cipher.
4.What is product cipher?
       Product cipher has the performance of two or more basic ciphers in sequence is
such a way that the final result or product is cryptographically stronger than any of the
component ciphers.

5.What is the difference between Diffusion and Confusion?
          In Diffusion the statistical structure of the plaintext is dissipated into long range
statistics of the cipher text. This is achieved by having each plaintext digit affect the
value of many cipher text digits. Which is equivalent to saying that each cipher text digit
is affected by many plaintext digits.
         Confusion seeks to make a relationship between the statistics of the cipher text
and the value of the encryption key as complex as possible. Thus even if the attacker can
get some handle on the statistics of the cipher text, the way in which the key was used to
produce that cipher text is so complex as to make it difficult to deduce the key.

6 .Which parameters and design choices determine the actual          algorithm of a
Feistel cipher?
        Block size: Larger block sizes mean greater security but reduced
   encryption/decryption speed. A block size of 64 bits is a reasonable tradeoff and has
   been nearly universal in block cipher design.However, the new AES uses a 128-bit
   block size.
        Key size:Larger key size means greater security but may decrease
   encryption/decryption speed.Key sizes of 64 bits or less are now widely considered to
   be inadequate, and 128 bits has ecome a common size.
        Number of rounds: The essence of the Feistel cipher is that a single round offers
   inadequate security but that multiple rounds offer increasing security.A typical size is
   16 rounds.
        Subkey generation algorithm: Greater complexity in this algorithm should lead
   to greater difficulty of cryptanalysis.
        Round function: Again, greater complexity generally means greater resistance to
   cryptanalysis.

7. What is the purpose of the S-boxes in DES?
        The role of the S-boxes in the function F is that the substitution consists of a set
of eight S-boxes ,each of which accepts 6 bits as input and produces 4 bits as follows:
The first and last bits of the input to box Si form a 2-bit binary number to select one of
four substitutions defined by the four rows in the table for Si.The middle four bits select
one of the sixteen columns.The decimal value in the cell selected by the row and column
is then converted to its 4-bit representation to produce the output. For example, in S1,for
input 011001,the row is 01 and the column is 1100.The value in row 1,column 12 is 9,so
the output is 1001.

8. Explain the avalanche effect?
            A desirable property of any encryption algorithm is that a small change in
either the plaintext or the key should produce a significant change in the ciphertext.In
particular, a change I one of the plaintext or one bit of the key should produce a change in
many bits of the ciphertext.

9. What is the difference between differential and linear cyptanalysis?
        Linear cryptanalysis based on finding linear approximations to describe the
transformations performed in DES

KEY MANAGEMENT:OTHER PUBLIC KEY CRYPTOSYSTEMS

   1.What are the two different uses of public-key cryptography related to key
   distribution?

                There are two aspects to the use of public-key cryptography
      In this regard:
       The distribution of public keys
       The use of public-key encryption to distribution secret
       keys


   2.List four general categories of schemes for the distribution of public keys.

       Public announcement
       Publicly available directory
       Public-key authority
       Public-key certificates


   3.What are the essential ingredients of a public-key directory?

       The authority maintains a directory with a entry for each participant.
       Each participant registers a public key with the directory authority.
       A participant may replace the existing key with a new one at any time.
       Periodically, the authority publishes the entire directory or updates to the
   directory.
       Participants could also access the directory electronically.

   4.What is public-key certificate?

          The public-key authority could be a bottleneck in the system, for a
     user must appeal to the authority for a public key for every other user that it
       wishes to contact. As before the directory of names and public keys maintained by
       the authority is vulnerable to tempering.

   5.What are the requirements for the use of a public-key certificate scheme?
       Any participant can read a certificate to determine the name and public key of the
   certificate’s owner.
       Any participant can verify that the certificate originated from the certificate
   authority and is not counterfeit.
       Only the certificate authority can create and update certificates.
       Any participant can verify the currency of the certificate.

   6.Briefly explain Diffie-Hellman key exchange.

The purpose for this algorithm is to enable two users to exchange a key securely that can
then be used for subsequent encryption of messages. It depends for its effectiveness on
the difficulty of computing discrete logarithms.

MESSAGE AUTHENTICATION AND HASH FUNCTIONS
1)What types of attacks are addressed by message authentication?
             Content modification - Changes to the contents of the message
             Sequence modification - Any modification to a sequence of messages
                                      between parties, including insertion, deletion,
                                      and reordering.
            Timing modification     - Delay or replay of messages.

2)What two levels of functionality comprise a message authentication or digital
signature mechanism?
                                    Low-level authentication
                                  Higher-level authentication
            At the lower level there must be some sort of function that produces an
            authenticator: a value to be used to authenticate a message. This lower level
            function is then used as primitive in a higher-level authentication protocol
            that enables a receiver to verify the authenticity of message.

3) What are some approaches to producing message authentication?
       Message encryption             - The cipher text of the entire image
                                       serves as its authenticator.
       Message authentication code - (MAC) A public function of the         message and a
   secret key that produces a fixed length value that serves as a authenticator.
       Hash function                  - A public function that maps a
                                     message of any length into a fixed– length
                                     hash value, which serves as
                                     the authenticator.

4) When combination of symmetric encryption and an error control code is used for
message authentication, in what order must the two functions be performed?
     The message is encrypted first, and then the MAC is calculated using the resulting
cipher text to form the transmitted block.
5) What is a message authentication code?
                  An alternative authentication technique involves the use of a small fixed
size block of data, known as a cryptographic checksum or MAC that is appended to the
message.

6) What is the difference between a message authentication code and a one-way
hash function?

   The difference between an MAC and a one-way hash function is that unlike an MAC,
   a hash code does not use a key but is a function only of the input message.

7) In what ways can a hash value be secured so as to provide message
authentication?

   The ways in which a hash code can be used to provide message authentication are:
       The message plus concatenated hash code is encrypted using symmetric
   encryption.The hash code provides the structure required for authentication.
       Only the hash code is encrypted using symmetric encryption. This reduces the
   processing burden.
       Only the hash code is encrypted using public key encryption and the sender’s
   private key.This provides digital signature.
       The message plus the public key-encrypted hash code may be encrypted using a
   symmetric secret key.
       A hash function may be used without encryption for message authentication.It
   assumes that two communicating parties (A and B) share a common key (s). ’A’
   computes the hash value over the concatenation of M and S.B knows S and therefore
   can re-compute M.
       The entire message plus the hash code may be encrypted.

   8) Is it necessary to recover the secret key in order to attack a MAC algorithm?

   A number of keys will produce the correct MAC and the opponent has no way of
   knowing which is the correct key. On an awerage 2(n-k) keys produce a
   match.Therefore attacks do not require the discovery of the key.

   9) What characteristics are needed in a secure hash function?

   Requirements of a hash function(H):
      H can be applied to a block of data of any size.
      H produces a fixed length output.
      H(x) is easy to compute for any given x
      For any given value h it is computationally infeasible to find y/x with H(y)=H(x).
      It is computationally infeasible to find any pair(x,y) such that H(x)=H(y).

    10) What is the difference between a strong and a weak collision resistance?
       For any given value h it is computationally infeasible to find y/x with
   H(y)=H(x).This is “weak collision resistance”.It is a one-way property.It is easy to
   generate a code given a message, but almost impossible to do the reverse.
       It is computationally infeasible to find any pair(x,y) such that H(x)=H(y).This is
   “strong collision resistance”. This guarantees that an alternative message hashing to
   the same value as a given message cannot be found.This prevents forgery.

    11)What is the function of a compression function in a hash function?

    The hash function involves repeated use of a compression function. The motivation
    is that if the compression function is collision resistant, then the hash function is also
    collision resistant function.So a secure hash function can be produced.

AUTHENTICATION APPLICATIONS
1.What problem was Kerberos designed to address?

        The problem that Kerberos addresses is this: Assume an open distributed
environment in which users at workstations wish to access services on servers
distributed throughout the network. We would like for servers to be able to restrict access
to authorized users and to be able to authenticate requests for service. In this environment
a workstation cannot be trusted to identify its users correctly to network services.

2.What are the three threats associated with user authentication over a network or
Internet?

       The three threats are:

       A user may gain access to a particular workstation and pretend to another user
   operating from that workstation.
       A user may alter the network address of a workstation so that the requests sent
   from the altered workstation appear to come from the impersonated workstation.
       A user may eavesdrop on exchanges and use a replay attack to gain entrance to a
   server or to disrupt operations.

3.List three approaches to secure user authentication in a distributed environment?

       Three approaches to secure user authentication in a distributed environment are:

       Rely on each individual client workstation to assure the identity of its user or
   users and rely on each server to enforce a security policy based on user identification
   (ID).
       Require that client systems authenticate themselves to servers, but trust the client
   system concerning the identity of its user.
       Require the user to prove identity for each service invoked. Also require that
   servers prove their identity to clients.
4.What four requirements were defined for Kerberos?

       The four requirements defined for Kerberos are:

       Secure: A network eavesdropper should not be able to obtain the necessary
   information to impersonate a user. More generally Kerberos should be strong enough
   that a potential opponent does not find it to be the weak link.
       Reliable: For all services that relay on Kerberos for access control, lack of
   availability of the supported services. Hence, Kerberos should be highly reliable and
   should employ a distributed server architecture, with one system able to back up
   another.
       Transparent: Ideally, the user should not be aware that authentication is taking
   place, beyond the requirement to enter a password.
       Scalable: The system should be capable of supporting large numbers of clients
   and servers. This suggests a modular, distributed architecture.

5.What entities constitute a full-service Kerberos environment?

      A full service environment consists of a Kerberos server, a number of clients and
a number of application servers.

6.In the context of Kerberos, what is a realm?

       The Kerberos server must have the user ID (UID) and hashed password of all
   participating users in its database. All users are registered with the Kerberos server.
       The Kerberos server must share a secret with each server. All servers are
   registered with the Kerberos server.
       Such an environment is referred to as realm.

7.What are the principle differences between version 4 and version 5 of Kerberos?

The principle differences between version 4 and version 5 of Kerberos are:

1.Encryption system dependence
2.Internet Protocol Dependence
3.Message byte ordering
4.Ticket Life Time
5.Authentication Forwarding
6.Interrealm Authentication

ELECTRONIC MAIL SECURITY
1. What are the five principle services provided by the PGP?
          Function                    Algorithm used               Description


                                                                   The hash code of a
          Digital Signature           DSS\SHA or RSA\SHA           message is created using
                                                                   SHA1.This message
                                                                   digest is encrypted using
                                                                   DSS or RSA with the
                                                                   sender’s private key and
                                                                   included with the
                                                                   message

                                      CAST or IDEA or              A message is encrypted
          Message Encryption          Three-key Triple DES         using CAST-128 or
                                      with Diffie-Hellman or       IDEA or 3DES with a
                                      RSA                          one-time session key
                                                                   generated by the sender.
                                                                   The session key is
                                                                   encrypted using Diffie-
                                                                   Hellman or RSA with the
                                                                   recipient’s public key
                                                                   and included with the
                                                                   message
                                                                   A message may be
          Compression                 ZIP                          compressed, for storage
                                                                   or transmission using
                                                                   ZIP
                                                                   To provide transparency
          Email compatibility         Radix 64 conversion          for email applications, an
                                                                   encrypted message may
                                                                   be converted to an
                                                                   ASCII string using radix
                                                                   64 conversion
                                                                   To accommodate
          Segmentation                       ------                maximum message size
                                                                   limitations, PGP
                                                                   performs segmentation
                                                                   and reassembly


2.What is the utility of a detached signature?
      A detached signature may be stored and transmitted separately from the message it
signs. This is useful in several contexts. A user may wish to maintain a separate
signature log of all messages sent or received. A detached signature of an executable
program can detect subsequent virus infection. Finally detached signature can be used
when more than one party must sign a document, such as legal contract.

 3. Why does PGP generate a signature before applying compression?

    The signature is generated before compression due to 2 reasons:

       1. It is preferable to sign an uncompressed message so that one can store only the
       uncompressed message together with the signature for future verification
       2. Even if one were willing to generate dynamically a recompressed message for
       verification, PGP’s compression algorithm presents a difficulty


4.What is Radix 64 conversion?
Radix 64 converts the input stream into radix 64 format.
It expands a message by 33%

5.Why is R 64 conversion useful for email generation?
The Radix 64 conversion is performed before the segmentation of the messages take
place
The use of radix 64 is that it converts he input stream to 33%. The radix 64 converts the
input stream to a radix 64 format

6.What is MIME?
         Multipurpose Internet Mail Extensions (MIME) is an extension to the RFC 822
framework that is intended to address some of the problems and limitations of these use
of SMTP.
 Some of limitations: -
    1. It cannot transmit executable files or folders.
    2. SMTP servers may reject, mail message over a certain size.

7.Why is the segmentation and reassembly function in PGP is needed?
      E-mail facilities often are restricted to a maximum message length. To
accommodate this restriction, PGP automatically subdivides a message that is too large
into segments that are small enough to send via e-mail. The segmentation is done after
all of the other processing, including the radix-64 conversion. Thus, the session key
component and signature component appear only once, at the beginning of the first
segment.

8.What is S/MIME?
     Secure/Multipurpose Internet Mail Extension is a security enhancement to the MIME
Internet e-mail format standard, based on technology from RSA Data Security. It is
ability to sign and/or encrypt messages.

9.What is RFC 822?
      RFC 822 defines a format for text messages that are sent using electronic mail.
It has been the standard for Internet-based text message and remains in common use. In
the RFC822 context, messages are viewed as having an envelope and contents. The
envelope contains whatever information needed to accomplish transmission and delivery.
The contents compose the object to be delivered to the recipient.

10.How does PGP use the concept of trust?
   PGP provide a convenient means of using trust, associating trust with public keys, and
exploiting trust information. Each entry in the public-key ring is a public key certificate.
Associated with each such entry is a key legitimacy field that indicates the extent to
which PGP will trust that this is a valid public key for this user; the higher the level of
trust, the stronger is the binding of this user ID to this key.

IPSEC

1.Give examples of applications of IPSec?
       Secure branch office connectivity over the Internet.
       Secure remote access over the Internet.
       Establishing extranet and intranet connectivity with partners.
       Enhancing electronic commerce security.

2.What services are provided by IPSec?
      Access control
      Connectionless integrity
      Data origin authentication
      Rejection of replayed packets

3.What parameters identify an SA and What parameter Characterize the nature of
a particular SA?
       A security association(SA) is uniquely identified by three parameters,
       Security Parameter Index(SPI)
       IP Destination Address
       Security Protocol Identifier
       The parameters that characterize the particular SA is
       Sequence number counter
       Sequence counter overflow
       Anti-Replay window
       AH Information
       ESP Information
       Lifetime of this SA
       IPSec Protocol Mode
       Path MTU

4.What is the difference between Transport mode and Tunnel mode?

Transport mode                                 Tunnel mode
1.It provides protection for upper layer       1. It provides protection to the entire IP
protocols.                                     packet.
2.Used for end-to-end communication            3.It is used when one or both ends of an
between two host                               SA is a security gateway , such as
3.AH:Authenticates IP payload and              firewall or router that implement IPSec.
selected portions of IP header and IPv6        3.Authenticates entir inner IP packet
extension header                               plus selected portions of outer IP header
                                               and outer IPv6 extension headers.

5.What is replay attack?

        A replay attack is one which an attacker obtains a copy of an authenticated packet
and later transmit it to the intended destination.

6.Why does ESP include a padding field?

        Padding field is added to the ESP to provide partial traffic flow confidentiality by
concealing the actual length of the payload.

7.What are the basic approaches to bundling SAs?

       1.Transport adjacency
              Refers to applying more than one security protocol to the same packet,
without invoking tunneling.
       2.Iterated tunneling
              Refers to the application of multiple layers of security protocol affected
through IP tunneling.

FIREWALL

1.List the three design goals for a firewall.
     1.All traffic from inside to outside, and vice versa, must pass through the firewall.
This is achieved by physically blocking all access to the local network except via the
firewall.
     2.Only authorized traffic, as defined by the local security policy, will be allowed to
pass. Various types of firewalls are used, which implement various types of security
policies.
     3. The firewall itself is immune to penetration. this implies that use of a trusted
system with a secure operating system.

2.List four techniques used by firewalls to control access and enforce a security
policy.
         Service control
         Direction control
         User control
         Behavior control
3.What information does a typical packet-filtering router use?
     Packet filtering router uses the following information:
                   Source IP address:
                           The IP address of the system that originated the IP packet
                   Destination IP address:
                            The IP address of the system the IP packet is trying to reach
                   Source and destination transport-level address:
                             The transport level port number,which defines
               applications such as SNMP or TELNET
                   IP protocol field:
                              Defines the transport protocol
                   Interface:
                             For a router with three or more ports,which interface of the
                  router the packet came from or which interface of the router the packet
                  is destined for.


4.what are some weaknesses of a packet-filtering router?

                      They cannot prevents attacks that employ application-specific
                       functions.
                      Logging functionality is limited
                      Do not support advanced user authentication schemes.
                      It cannot detect a network packet in which the OSI layer 3
                       addressing information has been alerted.
                      They are susceptible to security breaches caused by improper
                       configuration.

5.what is the difference between a packet-filtering router and a stateful inspection
firewall?
        A simple packet-filtering firewall must permit inbound network traffic on all
these high-numbered ports for TCP-based traffic to occur. This creates a vulnerability
that can be exploited by unauthorized users.
        A stateful inspection packet filter tightens up the rules for TCP traffic by creating
a directory of outbound TCP connection. The packet filters now allow incoming traffic to
high-numbered ports only for those packets that fit the profile of one of the entries in the
directory.

6. What is an application level gateway?
        An application level gateway, are also called a proxy server, acts as a relay of
application level traffic. The user contacts the gateway using a TCP/IP application, such
as telnet or FTP, and the gateway asks the user for the name of the remote host be
accessed.

7. What is a circuit level gateway?
        A circuit-level gateway does not permit an end-to-end TCP connection; rather, the
gateway sets up two TCP connections, one between itself and a TCP user on an inner
host and other between itself and a TCP user on an outer host. Once these connections are
established, the gateway typically relays TCP segments from one connection to other
without examining the contents.

8.what are the differences among the three configuration of firewall?
        In the screened host firewall, single-homed bastion configuration, the firewall
consists of two systems: a packet-filtering router and a bastion host.
        In the screened host firewall, dual-homed bastion configuration prevents such a
security breach.
        In the screened subnet firewall configuration is the most secure one.
Here two packet filters are used, one between the bastion host and the Internet and one
between the bastion host and the internal network.

9.In the context access control, what is the difference between a subject and an
object?
       Subject is an entity capable of accessing objects. Any user or application actually
gains access to an object by means of a process that represents that user or application.
       Object is one in which anything is controlled.eg.files, programs and segments of
memory.

10. What is the difference between an access control list and a capability ticket?
       An access control list lists users and their permitted access rights for each object.
       A capability ticket specifies authorized objects and operations for a user. Each
user has a no.of tickets and may be authorized to loan or give them to others.

11.what are the two rules that a reference monitor enforces?
                  No read up
                     A subject can only read an object of less or equal security level.
                     This is referred to as simple security property.
                  No write down
                     A subject can only write into an object of grater or equal security
                     level. This is referred to as * property.

12.what properties are required for a reference monitor?
                  Complete mediation: The security rules are enforced on every
                     access, just, for example, when a file is opened.
                  Isolation: The reference monitor and database are protected from
                     unauthorized modification.
                  Verifiability: The reference monitor’s correctness must be
                     provable
Web Security
1.What are the advantages of each of the three approaches shown in the figure?

Figure 1 :                             Figure 2:
                                              HTTP         FTP         SMTP
  HTTP       FTP      SMTP
               TCP                                       SSL or TLS
             IP/IPSec
                                                             TCP
                                                              IP


Figure 3:



               S/MIME          PGP          SET

Kerberos               SMTP                HTTP

   UDP                        TCP

                         IP



Figure 1:
          The advantage of using IPSec is that it is transparent to end users and
applications and provides a general-purpose solution.Further,IPSec includes a filtering
capability so that only selected traffic need incur the overhead of IPSec processing.
Figure 2:
          SSL(or TLS) could be provided as part of the underlying protocol suite and
therefore be transparent to applications.
Figure 3:
          The advantage of this approach is that the service can be tailored to the specific
needs of a given application.

2. What protocols comprise SSL?

          The protocols that comprise SSL are:SSL Handshake Protocol,SSL Change
Cipher Spec Protocol,SSL Alert Protocol,Hypertext Transfer Protocol(HTTP) and SSL
Recprd Protocol.

3. What is the difference between an SSL connection and an SSL
    session ?
             A Connection is a transport that provides a suitable type of service.For
SSL,such connections are peer-to-peer relationships.The connections are transient.
             An SSL session is an association between a client and a server.Sessions are
created by the Handshake Protocol.Sessions define a set of cryptographic security
parameters, which can be shared among multiple connections.

4. List and briefly define the parameters that define an SSL session state.
           A session state is defined by the following parameters:
                          Session identifier
                          Peer certificate
                          Compression method
                          Cipher spec
                          Master secret
                          Is resumable

5. List and briefly define the parameters that define an SSL session connection.

         A connection state is defined by the following parameters:
                           Server and client random
                           Server write MACsecret
                           Client write MACsecret
                           Server write key
                           Client write key
                           Initialization vectors
                           Sequence numbers


ESSAYS

1.Write notes on security service
  1.AUTHENTICATION
      The assurance that the communicating entity is the one that it claims to be.
Peer Entity Authentication:
             Used in association with a logical connection to provide confidence in the
              identity of the entities connected.
Data Origin Authentication:
             In a connectionless transfer, provides assurance that the source of received
             data is as claimed.

2.ACCESS CONTROL
   The prevention of unauthorized use of a resource (that is this service control who can
have access to a resource, under what condition access can occur, and what those
accessing the resource are allowed to do).

3.DATA CONFIDENTIALITY
   The protection of data from unauthorized disclosure
Connection Confidentiality:
       The protection of all user data on a connection.
Connectionless Confidentiality:
       The protection of all user data in a single data block.
Selective –Field Confidentiality:


The confidentiality of selective field within the user data on a connection or in a single
         data block.
Traffic-Flow Confidentiality:
         The protection of the information that might be derived from observation of
traffic flows.

DATA INTEGRITY
   The assurance that data received are exactly as sent by an authorized entity.
  Connection Integrity with recovery:
      Provides for the integrity of all user data on a connection and detect any
      modification,ionsertion,deletion,or replay of any data within an entire data
      sequence, with recovery attempted.
Connection Integrity without recovery:
       As above, but provides only detection without recovery.
Selective-Field Connection Integrity:
       Provides for the integrity of selected fields within the user data of the data block
       transferred over a connection and takes the form of determination of whether the
       selected fields have been modified,inserted,deleted or replayed.
Connectionless Integrity:
       Provides for the integrity of a single connectionless data block and may take the
       form of detection of data modifivation.Additionally a limited form of replay
       detection may be provided.
Selective-field Connectionless Integrity:
       Provides for the integrity of selected fields within a single connectionless data
       block: takes the form of determination of whether the selected fields have been
       modified.
5.NONREPUDIATION
    Provides protection against denial by one of the entities involved in a communication
of having participated in all or part of the communication.
Nonrepudiation ,Origin:
        Proof that the message was sent by the specified party.
Nonrepudiation,Destination:
        Proof that the message was received by the specified party.



2.Security Attacks
A useful means of classifying security attacks, used both in x.800 and RFC 2828, is in
terms of passive attacks and active attacks. A passive attack attempts to learn or make use
of information from the system but does not affect system resources. An active attack
attempts to alter system resources or affect their operation.


Passive attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
Two types of passive attacks are release of message contents and traffic analysis. The
release of message contents is easily understood. A telephone conversation, an
electronic mail message, and a transferred file may contain sensitive or confidential
information.
   A second type of passive attack, traffic analysis, is subtler. Suppose that we had a
Way of masking the contents of messages or other information traffic so that opponents,
even if they captured the message, could not extract the information from the message.
    Passive attacks are very difficult to detect because they do not involve any alteration
of the data.

Active attacks
Active attacks involves some modification of the data stream or the creation of a false
Stream and can be subdivided into four categories.
           I. Masquerade
          II. Replay
         III. Modification of message
         IV. Denial of service
A masquerade takes place when one entity when one entity pretends to be a different
entity. A masquerade attack usually includes one of the other forms of active attack.
Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.
Modification of messages simply means that some portion of a legitimate message is
altered or that messages are delayed or reordered, to produce an unauthorized effect.
 The denial of service prevents or inhibits the normal use or management of
communication facilities.

1.Explain about transposition techniques?
        All the substitution techniques involve the substitution of a cipher text symbol for
a plaintext symbol. A very different kind of mapping is achieved by performing some
sort of permutation on the plaintext letters. This technique is referred to as a transposition
cipher.
        The simplest such cipher is of the rail fence technique, in which the plaintext is
written down as a sequence of diagonals and then read off as a sequence of rows. For
example, to encipher the message “meet me after the toga party” with a rail fence of
depth 2, we write the following:
                m e m a t r h t g p r y
                  e t e f e t e o a a t
        The encrypted message is
                MEMATRHTGPRYETEFETEOAAT
        This sort of thing would be trivial to cryptanalyze. A more complex scheme is to
write the message in a rectangle, row by row, and read off the message off, column by
column, but permute the order of the columns. The order of the columns then becomes
the key to the algorithm. For example,

               Key:        4 3 1 2 5 6 7
               Plaintext: a t t a c k p
                          o s t p o n e
                          d u n t i l t
                          w o a m x y z
               Cipher text: TNNAAPTMTSUOAODWCOIXKNLYPETZ

        A pure transposition cipher is easily recognized because it has the same letter
frequencies as the original plaintext. For the type columnar transposition, cryptanalysis is
fairly straightforward and involves laying out the cipher text in a matrix and playing
around with column positions. Diagram and triagram frequency tables can be useful.
        The transposition cipher can be made significantly more secure by performing
more than one stage of transposition. The result is a more complex permutation that is not
easily reconstructed. Thus, if the foregoing message is re-encrypted using the same
algorithm,

               Key:        4 3 1 2 5 6 7
               Plaintext: t t n a a p t
                          m t s u o a o
                          d w c o i x k
                          n l y p e t z
               Cipher text: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ

         To visualize the result of this double transposition, designate the letters in the
original plaintext message by the numbers designating their position. Thus, with 28
letters in the message, the original sequence of letters is

               01 02 03 04 05 06 07 08 09 10 11 12 13 14
               15 16 17 18 19 20 21 22 23 24 25 26 27 28

       After the first transposition we have

                03 10 17 24 04 11 18 25 02 09 16 23 01 08
               15 22 05 12 19 26 06 13 20 27 07 14 21 28

which has somewhat a regular structure. But after the second transposition , we have

               17 09 05 27 24 16 12 07 10 02 22 20 03 25
               15 13 04 23 19 14 11 01 26 21 18 08 06 28
This is much less structured permutation and is much more difficult to cryptanalyze.
2.Write short notes on Steganography
                 The methods of stegonagraphy conceal the existence of the message,
whereas the methods of cryptography render the message unintelligible to outsiders by
various transformations of the text. A simple form of steganography, but one that is time
consuming is one in which an arrangement of words or letters within an apparently
innocuous text spells out the real message.
    Some of the other techniques are:
 Character marking: Selected letters of printed or typewritten text are overwritten in
    pencil. The marks are ordinarily not visible unless the paper is held at an angle to
    bright light.
 Invisible Ink: A number of substances can be used for writing but leave no visible
    traces until heat or some chemical is applied on the paper.
 Pin punctures: Small pin punctures on selected letters are ordinarily not visible
    unless the paper is held up in front of a light.
 Typewriter correction ribbon: Used between lines typed with a black ribbon, the
    results of typing with the correction are visible only under a strong light.

         For example, The Kodak Photo CD format’s maximum resolution is 2048 by
3072 pixels with each pixel containing 24 bits of RGB color information. The least
significant bit of each 24-bit pixel can be changed without greatly affecting the quality of
the image. The result is that we can hide a 2.3-megabyte message in a single digital
snapshot.
        The advantage of steganography is that it can be employed by parties who have
something to lose should the fact of their secret communication be discovered.
        Steganography has a number of drawbacks when compared to encryption. It
requires a lot of overhead information to hide relatively few bits of information.


1.Briefly describe about the Strength of DES?
         With a key length of 56 bits, there are 256 possible Keys, Which is approximately
7.2* 1016 Keys. Thus, on the face of it, a brute-force attack appears impractical.
Assuming that, on average half the key space has to be searched, a single machine
performing one DES encryption per microsecond would take more than a thousand years
to break the cipher
            However, the assumption of one encryption per microsecond is overly
conservative. As far back as1977, Diffie and hellman postulated that the technology
existed to built a parallel machine with 1 million encryption devices, each of which could
perform one encryption per microsecond. This would bring the average search time down
to about 10 hours. The authors estimated that the cost would be about $20
million in 1977 dollars.
              DES finally and definitively proved insure in July 1988, when the electronic
Frontier Foundation (EFF) announced that it had broken a DEF encryption using a
special-purpose “DES cracker” machine that was built for less than $250,000. The attack
took less than three days. The EFF has published a detailed description of the machine,
enabling others to build their own cracker. And, of course, hard ware
prices will continue to drop as speeds increase, making DES virtually Worthless.

         It is important to note that there is more to a key-search attack than simply
running through all possible keys. Unless known plaintext is provided the analyst must be
able to recognize plaintext as plaintext .If the message is just plaintext in English,
then the result pops out easily, although the task of recognizing English would have to be
automated. If the text message has been compressed before encryption, then recognition
is more difficult. And if the message is some more general type of data, such as
numerical file, and this has been compressed, the problem becomes more difficult to
automate, the supplement the Brute-force approach, some degree of knowledge about the
expected plaintext is needed, and the handsome means of automatically distinguishing
plaintext from garble is also needed. The EEF approach addresses this issue as well and
introduces some automated techniques that would be effective in many context.

                            The Nature of DES Algorithm
       Another concern is the possibility that the cryptanalysis is possible by exploiting
the characteristics of the DES algorithm. The focus of concern has been on the eight
substitution tables, or S-boxes that are used in each iteration. Because the design criteria
for these boxes, and indeed for the entire algorithm, were not made public, there is a
suspicion that the boxes were constructed in such a way that cryptanalysis is possible for
an opponent who knows the weaknesses in the S-boxes. This assertion is tantalizing, and
over the years a number of regularities and unexpected behaviors of the s-boxes have
been discovered. Despite this no one has so far succeeded in discovering the supposed
fatal weaknesses in the s-boxes.


                                     Timing Attacks
       A timing attack is one in which information about the key or plaintext is obtained
by observing how long it takes a given implementation to perform decryptions on various
cipher texts. A timing attack exploits the facts that the encryption and decryption
algorithm often takes slightly different amounts of time on different inputs. report on an
approach that yields the Hamming weight of the secret key. This is the long way from
knowing the actual key, but it is an intriguing first step. DES appears to be fairly resistant
to a successful timing attack but suggest some avenues to explore.

2.Briefly explain about DES design criteria?

       The criteria used in the design of DES, focused on the design of the S-boxes and
on the P function that takes the output of the S boxes .The criteria for the S-boxes are as
follows:
    1. No output bit of any S-box should be too close a linear function of the input bits.
       Specifically,if we select any output bit and any subset of the six input bits, the
       fraction of inputs for which this output bit equals the XOR of these input bits
       should not be close to 0 or 1, but rather should be near ½.
    2. Each row of an S-box should include all 16 possible output bit combinations.
   3. if two inputs to an S-box differ in exactly one bit, the outputs must differ I atleast
      two bits.
4.If two inputs to an S-box differ in their first two bits and are
identical in their last two bits, the two outputs must not be the same.
5.For any non zero 6-bit difference between inputs, no more than8 of the 32 pairs of
inputs exhibiting that difference may result in the same output difference.
6.This is a criterion similar to the previous one, but for the case of three S boxes.
Coppersmith pointed out that the first criterion in the preceding list was needed because
the S-boxes are the only nonlinear part of DES. If the S-boxes were linear ,the entire
algorithm would be linear and easily broken. We have seen this phenomenon with the
Hill Cipher, which is linear. The remaining criteria were primarily aimed at thwarting
differencial cryptanalysis and at providing good confusion properties.
The criteria for the permutation P are as follows:
    1. The four output bits from each S-box at round I are distributed so that two of them
        affect “middle bits” of round(I+1) and the other two affect end bits. The end bits
        are the two left-hand bits and the two righthand bits, which are shared with
        adjacent S-boxes.
    2. The four output bits from each S-box affect six different S-boxes on the next
        round, and no two affect the same S-box.
    3. For two S-boxes j,k, if an output bit from Sj, affects a middle bit of Sk on the next
        round,then an output bit from Sk cannot affect a middle bit of Sj. This implies that
        for j=k, an output bit from Sj must not affect a middle bit of Sj.

   These criteria are intended to increase the diffusion of the algorithm.

Key management
   There are two aspects to the use of public-key cryptography
   in this regard:
                     The distribution of public keys
                     The use of public-key encryption to distribution secret keys.

Distribution of public keys

               Four general categories of schemes for the distribution of public keys.
               Public announcement
               Publicly available directory
               Public-key authority
               Public-key certificates




Public announcement of public keys
                                      KUa           KUb


                                      KUa        KUb
         A                 .                              .                  B
                           .                              .            .
                            .                              .
                                               KUb
                                    KUa



          Here the public-key is public one. For example PGP.
Although this approach is convenient, it has a weakness that anyone can forge such
a public announcement.

Publicly available directory
  It has the following elements:
               The authority maintains a directory with a entry for each participant.
               Each participant registers a public key with the directory authority.
               A participant may replace the existing key with a new one at any time.
               Periodically, the authority publishes the entire directory or updates to the
               directory.
               Participants could also access the directory electronically.




                                    Public key
                    KUa
                                    directory                  KUb




             A
                                                                            B




Public-key authority
                                       Public    key
                                       authority


     (1) Request||timer1               (5) EKRauth [kua||Request||Time2]


         (2) EKRauth [Kub||Request ||Time1]
(4)Request||Time2]




                      (3) EKUa [Ida||N1]                                       Responder
 Initiator
                               (6)EKUa[N1||N2]                                     B
     A
                            (7) EKUb [N2]

             It has the following steps:

                  Time stamp message
                  Authority public key
                  A sends id of A and a nonce it B
                  B receives A’s public key
                  B sends a message to A
                  A returns N2 encrypted using B’s public key

                                  Public-key certificates

     Certificate that can be used by participants to exchange keys without
contacting a public-key authority.


                                     Certificate
                                     authority


                      KUa                               KUb
                                                                  CB=EKRauth
                            CA=EKRauth [Time1,IDA,KUa]               [Time2,IDB,Kub]

                                           (1) CA
              A                                                            B
                                           (2) CB
Public key distribution of secret keys

Simple secret key distribution



                                    (1) KUa||IDA
                A                                                      B
                                    (2) EKUa [Ks]



        1.A generate KUa, KRa and sends Kua and IDA
        2.B generate ks and encrypts it using EKUa
        3.A discards KUa and KRa
        4.B discards KUa
        5.Transaction using conventional methods

Secret key distribution with confidentiality and authentication

                             (1)EKUb [N1||Ida]
    Initiator
        (2                   (2)EKUa [N1||N2]                       Responder
        A                          (3)EKUb[N2]                            B
                                   (4)EKUb [EKRa[ks]]



2.Diffie-Helman key exchange

                    Solution to problem of key agreement or key exchange in 1976
                    Two parties can agree on a symmetric key
                    Key can be used for encryption or decryption
                    Once parties agree on the key symmetric key encryption algorithm is used
                    for confidential


Algorithm

                    Alice and Bob agree on two larges prime no.s n and g
                    Alice chooses large random no x and calculate
                    A=gx mod n
                    Alice send the no A to Bob
                    Bob independently chooses another large random integer y and calculate
          B=gy mod n
          Bob sends B to Alice
          Now A computes the secret key k1
          k1=Bx mod n
          B computes the secret key k2
          k2=Ax mod n
          k1=k2=k symmetric key


1.Explain Message Authentication Code

 This technique assumes that two communicating parties A and B share a common
key K.When A sends a message to B it calculates the MAC as a function of the
message and the key:MAC=CK{M),
Where,
M=input message
C=MAC function
K=shared secret key
MAC=message authentication code

The message plus the MAC are transmitted to the recipient. The recipient performs
the same calculation on the received message to generate a new MAC.The received
MAC is compared to the calculated MAC.If only the sender and receiver know the
secret key,if the received MAC matches the calculated MAC , then
1.The receiver is assured that the message has not been altered.
2.The receiver is assured that the message is from the alleged sender.
3.If the message includes a sequence number then the receiver is assured of the
proper sequence.
 The MAC function need not be reversible.Usually, it is a many-to-one function.
If there are N possible messages then an n bit MAC is used where N>>2n and there
are 2k possible keys where the key has k bits.
 For example, if we are using 100 bit messages then there are 2100 different
messages and if a 10 bit MAC is used there are 210 different MACs. On an average
each MAC value is generated by a total of (2100/210)=290 different messages. If a
5bit key is used there are 25=32 different mappings from a set of messages to a set of
MAC values.
Usually two separate keys are used each of which is shared by the sender and
receiver.The message is calculated with the message as input and is then
concatenated to the message.The entire block is then encrypted.
                                                         M           C
          M                                   ||
                                k                                             COMPARE
                                                                         k
                                C

                      SOURCEc
                                                                                      DESTINATIO
                                                                                      N


      M                             ||                    D          M                     C
                                                                                                    COMPAR


                       C
                                                                                               K1
                       c


The fig shows the basic uses of MAC.

MAC is used when:
1.There are a number of applications in which the same message is broadcast to many
destinations.
2.When there exchanges where there is heavy load on one side and there is no time to
decrypt.
3.For authentication of a computer in plain text.
 4.When it is not needed to keep messages secret but it is important to provide
authentication.
5.Because separation of authentication and confidentiality provides architectural
flexibility.
6.When users wish to prolong the period of protection beyond the time of reception and
yet allow processing of message contents.
MAC does not provide digital signature because both sender and receiver share the same
key.


REQUIREMENTS OF MAC:
Assume that the opponent knows the MAC function C but does not know the key K.Then
the MAC function should have the following properties:
1.If an opponent observes M and CK(M), it should be computationally infeasible for the
opponent to construct a message M' such that CK(M')=CK(M).
2.CK(M) should be uniformly distributed in the sense that for randomly chosen messages
M and M', the probability that CK(M)=CK(M') IS 2-n, where n is the number of bits in the
MAC.
3.Let M' be equal to some known transformation on M.That is, M'=f(M).For example, f
may involve inverting one or more specific bits.In that case,Pr[CK(M)=CK(M')]=2-n.


2.Hash Function
                  A variation on the message authentication code is the one-way hash
function. As with the message authentication code, a hash function accepts a variable size
message M as input and produces a fixed-size output , referred to as hash code H(M).
                  A variety of ways in which hash code can be used to provide message
authentication, as follows:
        The message plus concatenated hash code is encrypted using symmetric
    encryption.
        Only the hash code is encrypted using symmetric encryption.
        Only the hash code is encrypted using the public-key encryption and using the
    sender’s private key.
        If confidentiality as well as a digital signature is desired ,then the message plus
    the public key encrypted hash code can be encrypted using a symmetric secret key.
        This technique uses a hash function but no encryption for message authentication.
        Confidentiality can be added to the approach of(e) by encrypting the entire
    message plus the hash code.

                          A ---- B: M || Ck(M)
                              Provides authentication
                                   ---- Only A and B share K
                             (a)Message authentication
                 ----------------------------------------------------------------
                          A ---- B: Ek2[M || Ck1(M)
                                Provides authentication
                                             ----- Only A and B share K1
                                Provides confidentiality
                                                  Only A and B share K2
                           (b)Message authentication and confidentiality:
                               authentication tied to plain text
                 -----------------------------------------------------------------------------
                           A ----- B:EX2[M] CK1(CK2[M2])
                                Provides authentication
                                     ------- Using K1
                                Provides confidentiality
                                      -------Using K2
                            (c)Message authentication and confidentiality
                                authentication tied to cipher text.



             When confidentiality is not required , methods (b) and (c) have an
             advantage over those that encrypt the message in that less computation is
             required
1.Write about the AH and ESP associated with IPSec

AUTHENTICATION HEADER

       The authentication header provides support for data integrity and
authentication of IP packets. The data integrity feature ensures that undetected
modification to a packet’s content in transit is not possible. The authentication
feature enables an end system or network to authenticate the the user or
application and filter traffic accordingly.
Authentication is based on the use of a message authentication code(MAC)
       The authentication header consists of the following fields.
     Next header(8 bits):Identifies the type of header immediately following this
       header.
     Payload length(8 bits):Length of authentication header in 32-bit words,minus
       2.
     Reserved(16 bits):For future use.
     Security parameters index(32 bits):Identifies a security association.
     Sequence number(32 bits):A monotonically increasing counter value.
     Authentication data(variable):A variable-length field that contains the
       Integrity Check Value.




Anti-replay service
       A replay attack is one in which an attacker obtains a copy of an
authenticated packet and later transmits it to the intended destination. The
sequence number field is designed to thwart such attacks.

Integrity check value
        The authentication data field holds a value referred to as the integrity check
value. The ICV is a message authentication code or a truncated version of a code
produced by a MAC algorithm.

Transport and tunnel modes
        These are the two ways in which the IPSec authentication service can be
used.In one case authentication is provided directly between a server and client
work stations;the work station can be either on the same network as the server or
on an external network.As long as the work station and the server share a protected
secret key, the authentication process is secure.This case uses a transport mode SA.
In the other case a remote work station authenticates itself to the corporate firewall,
either for access to the entire internal network or because the requested server does
not support the authentication feature. This case uses a tunnel mode SA.
        For transport mode AH using IPv4, the AH is inserted after the original IP
header and before the IP payload.
        In the context of IPv6, the AH is viewed as an end-to-end payload;that is it is
not examined or processed by intermediate routers. Therefore the AH appears
after the IPv6 base header and the hop-by-hop,routing and fragment extension
headers.
        For tunnel mode AH the original IP packet is authenticated, and the AH is
inserted between the original IP header and a new outer IP header

       IPv4              Orig IP hdr       TCP               Data



                   Orig IP hdr     Extension       TCP            Data
IPv6                               hdrs if
                                   present

IPv4
   Orig IP hdr          AH                  TCP                  Data




IPv6
                     New IP AH          Orig IP TCP    Data
    Orig IP       hop-by-hop ,          AH        dest                  TCP   data
                     hdr                hdr
    hdr           dest,routing,fragment




IPv4




IPv6
New Ext AH Orig IP hdr               Ext hdrs          TCP              data
IP  hdrs
hdr


ENCAPSULATING SECURITY PAYLOAD

       The encapsulating security payload provides confidentiality services ,
including confidentiality of message contents and limited traffic flow
confidentiality.As an optional feature , ESP can also provide the same
authentication services as AH.

ESP Format
ESP packet contains the following fields

      Security parameters index(32 bits):Identifies a security association.
      Sequence number(32 bits):A monotonically increasing counter value;this
       provides an anti-replay function,as discussed for AH.
      Payload data(variable):This is a transport level segment(transport mode)or
       IP packet(tunnel mode)that is protected by encryption.
      Padding(0-255 bytes):The padding field serves several purposes:
           o If an encryption algorithm requires the plain text to be a multiple of
               some number of bytes the padding field is used to expand the plain
               text to the required length.
           o The ESP format requires that the cipher text must be an integer
               multiple of 32 bits. The padding field is used to assure this alignment.
           o Additional padding may be added to provide partial traffic flow
               confidentiality by concealing the actual length of the payload.
      Pad length(8 bits):Indicates the nuber of pad bytes immediately preceding
       this field.
      Next header(8 bits):Identifies the type of data contained in the payload data
       field.
      Authentication data(variable):A variable length field that contains the
       Integrity Check Value computed over the ESP packet minus the
       authentication data field.
Transport and tunnel modes
        Figure shows the two ways in which IPsec ESP services can be used.Hosts on
the internal networks use the internet for the transport of data but do not interact
with the other internet based hosts. By terminating the tunnels at the security
gateway to each internal network the configuration allows the hosts to avoid
implementing the security capability . The former technique is supported by a
transport mode SA, while the latter technique uses a tunnel mode SA.

Transport mode ESP
        Transport mode ESP is used to encrypt and optionally authenticate the data
carried by IP. For this mode using IPv4, the ESP header is inserted into the IP
packet immediately prior to the transport layer header and an ESP trailer is placed
after the IP packet.
        In the context of IPv6, ESP is viewed as an end-to-end payload ; that is it is
not examined or processed by intermediate routers. Therefore the ESP header
appears after the IPv6 base header and the hop-by-hop, routing and fragment
extension headers.The destination option extension could appear before or after the
ESP header, depending on the semantics required.For IPv6 encryption covers the
entire transport level segment plus the ESP trailer plus the destination options
extension header if it occurs after the ESP header.
IPv4
Orig     ESP      TCP                data            ESP trlr          ESP auth
IP       hdr
hdr

IPv6
orig   hop-by-hop ,          ESP       dest    TCP          data        ESP        ESP
IP     dest,routing,fragment hdr                                        trlr       auth
hdr


Tunnel mode ESP
       Tunnel mode ESP is used to encrypt the entire IP packet . For this mode the
ESP header is prefixed to the packet and then the packet plus the ESP trailer is
encrypted. This method can be used to counter the traffic analysis.
IPv4
New     ESP      Orig IP hdr      TCP               data            ESP        ESP
IP      hdr                                                         trlr       auth
hdr


IPv6
new    Ext       ESP      Orig   Ext          TCP    data              ESP         ESP
IP hdr hdrs      hdr      IP hdr hdrs                                  trlr        auth



2.Write about how security associations can be combined.

       An individual SA can implement either the AH or ESP protocol but not
both. Sometimes a particular traffic flow will call for the services provided by both
AH and ESP.Multiple SA must be employed for the same traffic flow to achieve the
desired IP services. The term security association bundle refers to a sequence of SAs
through which traffic must be processed to provide a desired set of IPsec services.
The SAs in a bundle may terminate at different endpoints or at the same endpoints.
       Security associations may be combined into bundle in two types.
   o Transport adjacency: Refers to applying more than one security protocol to
       the same IP packet without invoking tunneling.
   o Iterated tunneling: Refers to the application of multiple layers of security
       protocols effected through IP tunneling.

The two approaches can be combined for example by having a transport SA
between hosts travel part of the way through a tunnel SA between security gateways
Authentication plus confidentiality
       Encryption and authentication can be combined inorder to transmit an IP
packet that has both confidentiality and authentication between hosts.

       ESp with authentication option
               In this approach the user first applies ESP to the data to be protected
and the appends the authentication data field. There are two sub cases.
       Transport mode ESP:Authentication and encryption apply to the IP payload
delivered to the host but the IP header is not protected.
       Tunnel mode ESP:Authentication applies to the entire IP packet delivered to
the outer IP destination address and authentication is performed at that destination.

For both the cases authentication applies to cipher text rather than the plain text.

        Transport adjacency
               Another way to apply authentication after the encryption is to use two
bundle transport SAs with the inner being an ESP SA and the outer being an AH
SA . In this case ESP is used without its authentication option. Because the inner SA
is a transport SA, encryption is applied to the IP payload. The resulting packet
consists of an IP header followe by an ESP. AH is then applied in the transport
mode so that authenticayion covers the ESP plus the original IP header except for
mutable fields.

       Transport-Tunnel bundle
               One approach to applying authentication before encryption between
two hosts is to use a bundle consisting of an inner AH transport SA an outer ESP
tunnel SA. IN this case authentication is applied to the IP payload plus the IP
header except for the mutable fields. The resulting IP packet is then processed in the
tunnel mode by the ESP; the result is that the entire authenticated inner packet is
encrypted and a new outer IP header is added.

Basic combinations of security associations

       In case1 all security is provided between end systems that implement IPsec.
For any two end systems to communicate via an SA they must share the appropriate
secret keys. The following are among the possible combinations.
     AH in transport mode.
     ESp in transport mode.
     AH followed by ESP in transport mode.
     Any one of a,b, or c inside an AH or ESP in tunnel mode.
For case2 security is provided only between gateways and no hosts implement IPsec.

Case3 builds on case2 by adding end-to-end security. The gateway –to-gateway
tunnel provides either authentication or confidentiality or both for all traffic
between end systems. When the gateway-to-gateway tunnel is ESP it also provides a
limited form of traffic confidentiality.
Case4 provides support for a remote host that uses the internet to reach an
organization’s firewall and then to gain access to some server or workstation behind
the firewall. Only tunnel mode is required between the remote host and the firewall .
             7

1.Explain S/MIME?
S/MIME
           Secure/Multipurpose Internet Mail Extension is a security enhancement to the
MIME Internet e-mail format standard, based on technology from RSA Data Security. It
is ability to sign and/or encrypt messages.
RFC 822
            RFC 822 defines a format for text messages that are sent using electronic mail.
It has been the standard for Internet-based text message and remains in common use. In
the RFC822 context, messages are viewed as having an envelope and contents. The
envelope contains whatever information needed to accomplish transmission and delivery.
The contents compose the object to be delivered to the recipient.
MIME
                     Multipurpose Internet Mail Extensions (MIME) is an extension to the
RFC 822 framework that is intended to address some of the problems and limitations of
the use of SMTP.
 Some of limitations: -
    1.It cannot transmit executable files or folders.
    2.SMTP servers may reject, mail message over a certain size.
   3. Some SMTP implementations do not adhere completely to the SMTP standards
      defined in RFC 821. Common problems include
      Deletion, addition, or reordering of carriage return and linefeed
      Truncating or wrapping lines longer than 76 characters
      Removal of trailing white space
      Padding of lines in a message to the same length
      Conversion of tab characters into multiple space characters

The MIME specification includes the following elements:

1.Five message header fields are defined which may be included in and RFC 822 header.
2.A numbers of content formats are defined, thus standardizing representations that
support multimedia electronic mail.
3.Transfer encodings are defined that enable the conversion of any content format into a
form that is protected from alteration by the mail system.



S/MIME Functionality
    It offers ability to sign and/or encrypt messages.
Functions
       Enveloped Data: This consists of encrypted content of any type and encrypted
   content encryption keys for one or more recipients.
       Signed Data: A digital signature is formed by taking the message digest of the
   content to be signed and then encrypting that with the private key of signer. The
   content plus signature are the encoded using base64 encoding.
       Clear-signed data: As with assigned data, a digital signature of the content is
   formed. In this case only the digital signature is encoded using base64.
       Signed and enveloped date: Signed-only and encrypted-only entities may be
   nested, so that encrypted data may be signed and signed data or clear-signed data may
   be signed and signed data or clear-signed data may be encrypted.

   Cryptographic algorithms
      Function                               Requirement

      Create a message digest to be used in MUST support SHA-1.
      Forming a digital signature           Receiver SHOULD support md5 for
                                            backward compatibility
      Encrypt session key for transmission Sending and receiving agents MUST
      with message                          support Diffie-Hellman.
                                            Sending agents Should support RSA
                                            encryption with key sizes 51 bits to 1024
                                            bits.
MUST: The definition is an absolute requirement of the specification. An
implementation must include this feature or function to be in conformance with the
specification.
SHOULD: There may exist valid reasons in particular circumstances to ignore this
feature or function, but it is recommended that an implementation include this feature of
function.

          S/MIME incorporates three public-key algorithms. The Digital Signature
Standard (DSS) is the preferred algorithm for digital signature. S/MIME use a variant of
Diffie-Hellman that does provide encryption/decryption.
            The S/MIME specification includes a discussion of the procedure for
deciding which content encryption algorithm to use.

A sending agent should follow the following rules, in the following order:

   1. The sending agent SHOULD choose the first capability on the list that it is
      capable of using.
   2. If the sending agent has no such list of capabilities from an intended recipient but
      has received one or more messages from the recipient, then the outgoing message
      SHOULD use the same encryption algorithm as was used on the last signed and
      encrypted message received from that intended recipient.
   3. If the sending agent has no acknowledge about the decryption capabilities of the
      intended recipient and is willing to risk that the recipient may not be able to
      decrypt the message, then the sending agent SHOULD use tripleDES.
   4. 4. If the sending agent has no knowledge about the decryption capabilities of the
      intended recipient and is not willing to risk that the recipient may not be able to
      decrypt the message, then the sending agent MUST use RC2/40.

Securing a MIME Entity
    S/MIME secures a MIME entity with a signature, encryption, or both. A MIME
entity may be an entire message, or if the MIME content type is multipart, then a MIME
entity is one or more of the subparts of the message. Then the MIME entity plus some
security related date, such as algorithm identifies and certificated, are processed by
S/MIME to produce what is known as a PKCS object. A PKCS object is then treated as
message content and wrapped in MIME.
S/MIME Certificate Processing
     S/MIME uses public-key certificates. The key-management scheme used by
S/MIME is in some ways a hybrid between a strict X.509 certification hierarchy and
PGP’s web of trust. As with the PGP model, S/MIME managers and/or users must
configure each client with a list of trusted keys and with certificate revocation lists. That
is the responsibility is local for maintaining the certificated needed to verify incoming
signatures ad to encrypt outgoing messages. On the other hand, the certificates are signed
by certification authorities.

An S/MIME user has several key management functions to perform:
   1. 1.Key generation: Each key pair MUST be generated from a good source of
      nondeterministic random input and be protected in a secure fashion.
   2. 2.Registration: A user’s public key must be registered with a certification
      authority in order to receive an X.509 public key certificate.
   3. 3.Certificate storage and retrieval: A user requires access to local list of
      certificated in order to verify incoming signatures and to encrypt outgoing
      messages.


2. PRETTY GOOD PRIVACY


            PGP provides a confidentiality and authentication service that can be used for
electronic mail and file storage applications. Phil Zimmermann has done the following:
1. Selected the best available cryptographic as building blocks
2. Integrated these algorithms into a general purpose application that is independent of
operating system and processor and that is based on a small set of easy to use commands
3. Made the package and its documentation including the source code, freely available
via internet ,bulletin boards ,and commercial networks such as AOL
4. Entered into an agreement with a company to provide a fully compatible, low cost
commercial version of PGP.

PGP has grown explosively and now widely used. A number of reasons can be cited for
this growth,
1. It is available free worldwide in versions that run on a variety of platforms,including
windows ,UNIX,Macintosh,and many more.
2. It is based on algorithms that have survived extensive public review and are considered
extremely secure.
3. It has a wide range of applicability from corporations that wish to select and enforce a
standardized scheme for encrypting files and messages to individuals who wish to
communicate securely with others worldwide over the internet and other networks .
4. It was not developed by ,nor is it controlled by, any governmental or standard
organization
5. PGP is now on an internet standards track.


Notation


Ks =Session key used in symmetric encryption scheme
KRa=Private key of user A used in public key encryption scheme.
KUa= Public key of user A, used in public key encryption scheme
EP = Public key encryption
DP = Public key decryption
EC = Symmetric encryption
DC = Symmetric decryption
H = Hash function
|| = Concatenation
Z = compression using ZIP algorithm
R64 = Conversion to radix 64 ASCII format R64 = Conversion to radix 64 ASCII format
DP




                                                                                       DP


                           KRA
                   H                                                     M                   COMPAR
                                        |            Z              -1
          M        I                    |
                                                                Z                            E
                                                                1111
                                                                                        H
                           E                                    -
                           P

                                                EP

                                                                         D
                                                                         P
          M
                   Z           EC               ||
                                                                                                   M
                                                                             D         Z-1
                                                                             C



     DP




               H
          M
                       E                                        DP                             D
                       P            |       Z        E   |                                     P
                                    |                C   |                              M
                                                                         D       Z-1
                                                                         C                             C
                                                                                              H
                                                                                                       E
Operational Description
 PGP provides five services


       Authentication – DSS/SHA or RSA/SHA
       Confidentiality – CAST or IDEA or 3DES Diffe or RSA
       Compression –ZIP
       Email Compatibility – Radix 64 conversion
       Segmentation

Authentication
   1. The sender creates a message
   2. SHA-1 is used to generate a 160 bit hash code of the message
3. The hash code is encrypted with RSA using the sender’s private key,and the result is
prepended to the message
4. The receiver uses RSA with the sender’s public key to decrypt and recover the hash
code
5. The receiver generates a new hash code for the message and compares it with the
decrypted hash code


Confidentiality

  1. The sender generates a message and random 128 bit number to be used as a session
key for this message only
2. The message is encrypted ,using CAST -128 with the session key
3. The session key is encrypted with RSA with its private key to decrypt and recover the
session key
4. The session key is used to decrypt the message
5.The receiver uses RSA with its private key to decrypt and recover the session key

Compression
1. The signature is generated before compression for 2 reasons
 a. It is preferable to sign an uncompreesed message so that one can store only the
compressed message together with the signature for future verification
 b. Even if one were willing to generate dynamically a recompressed message for
verification

2.The message encryption is applied after compression to strengthen cryptographic
security


Email Compatibility
 When PGP is used , atleast part of the block to be transmitted is encrypted.If only the
signature service is used then the message digest is encrypted.If the confidentiality
service is used , the message plus signature are encrypted .Thus part or all of the resulting
block consist of a stream of arbitrary 8 bit octets.



Segmentation and reassembly

 Email facilities often are restricted to a maximum message length.To accommodate this
restriction PGP automatically subdivides the message that is too large into segments that
are small enough to send via email


Cryptographic Keys and Key rings

1. A means of generating unpredictable session keys is needed
2. We would like to allow a user to have multiple public-key/private-key pairs
 The user may wish to change his or her key pair from time to time.Also the recipient will
know only the old private key until an update reaches them
3. Each PGP entity must maintain a file of its own public/private key pairs as well as a
file of public keys of correspondence

Key Rings

Private Key Rings
       Timestamp: The date/time when this key pair was generated
       Key ID: The least significant 64 bits of the public key for the entry
       Public key: The public key portion of the pair
       Private key: The private key portion of the pair
       User ID: is the user’s email address

   Public key Rings
       Timestamp:The date/time when the entry was generated
       Key ID: The least significant 64 bits of the public key for this entry
       Public key: the public keys for this entry
       UserID: Identifies the owner of this key
          PGP MESSAGE GENERATION


                                                                          Public key
                                                                          ring
  ||



             Passphrase               H


                            Encryp
                            ted
                            private
                            key       D
                                      C




                            Key
                            id                               Key
          Private key
          ring                                               id

                        H             E   ||
                                      P            EP   ||
         M
                                                             output
                                               E
                                               C




1.Differences between version4 and version5
Version4 had the following environmental shortcomings:
1.Ecryption system dependence:
It requires the use of DES
2.Internet protocol dependence:
requires the use of internet protocol addresses
3.Message byte ordering:
Sender of a message employs a byte ordering of its own choice
4.Ticket lifetime
Lifetime values are encrypted in an 8 bit quantity.
5.Authentication forwarding:
It does not allow credentials issued to one client to be forwarded to some other host and
used by some other client.
6.Interrealm authentication:
Interoperability among N realms requires the order of N2 kerberos to kerberos
relationships.

Apart from these it had the following technical deficiencies:
1.Double encryption
The tickets provided to clients are encrypted twice.
2.PCBC encryption
Encryption makes use of a nonstandard mode of DES known as Propagating Block
Chaining(PCBC)
3.Session keys
each ticket includes a session key that is used by the client.
4.Password attacks
Both versions are vulnerable to a password attack.
These are overcome in version 5.




1.Differences between version4 and version5

Version4 had the following environmental shortcomings:
1.Ecryption system dependence:
It requires the use of DES
2.Internet protocol dependence:
requires the use of internet protocol addresses
3.Message byte ordering:
Sender of a message employs a byte ordering of its own choice
4.Ticket lifetime
Lifetime values are encrypted in an 8 bit quantity.
5.Authentication forwarding:
It does not allow credentials issued to one client to be forwarded to some other host
and used by some other client.
6.Interrealm authentication:
Interoperability among N realms requires the order of N2 kerberos to kerberos
relationships.

Apart from these it had the following technical deficiencies:
1.Double encryption
The tickets provided to clients are encrypted twice.
2.PCBC encryption
Encryption makes use of a nonstandard mode of DES known as Propagating Block
Chaining(PCBC)
3.Session keys
each ticket includes a session key that is used by the client.
4.Password attacks
Both versions are vulnerable to a password attack.
These are overcome in version 5.


2.Version5 authentication dialogue
It consists of
1.user ID and TGS
2.Realm
 Indicates realm of a user
3.Options
Used to request that certain flags be set in the return ticket
4.Times
Used by the client to request the time settings.
5.Nonce
A random value that is repeated in the message to assure that the response is fresh.

The client server authentication exchange includes the features:
Subkey:Client’s choice of an encryption key for an application’s session.
Sequence number:An optional field that specifies the starting sequence number to
beused by the server for messages to the client.
TICKET FLAGS that are used include:
INITIAL
This ticket was issued by the AS protocol and not based on the ticket granting ticket.
PRE-AUTHENT
During initial authentication the client was authenticated by the KDC.
HW-AUTHENT
The protocol employed for initial authentication required the use of hardware.
RENEWABLE
Tells TGS that this ticket can be used to obtain a replacement ticket
MAY-POSTDATE
Tells TGS that a postdated ticket may be issued based on this ticket granting ticket.
POSTDATED
Indicates that this ticket has been postdated
INVALID
This ticket is invalid and must be validated by the KDC.
PROXIABLE
Tells TGS that a new service granting ticket with a new network address may be issued.
based on this presented ticket.
PROXY
Indicates that this ticket is a proxy.
FORWARDABLE
Tells TGS that a new ticket granting ticket with a new network address may be issued.
based on this ticket granting ticket
FORWARDED
Indicates that this ticket has either been forwarded or was issued based on authentication
involving a forwarded ticket granting ticket.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:5
posted:12/3/2011
language:English
pages:52
liamei12345 liamei12345 http://
About