SlideShare a Scribd company logo

Mathematics Research Paper - Mathematics of Computer Networking - Final Draft

A
AlexanderCominsky

1. The document discusses the mathematics behind various computer networking security protocols including Spanning Tree Protocol (STP), Secure Sockets Layer (SSL)/Transport Layer Security (TLS), and RSA encryption. 2. It explains how STP uses concepts from graph theory like trees, cycles, and Dijkstra's shortest path algorithm to create loop-free network topologies and ensure efficient routing. 3. It describes how SSL/TLS uses asymmetric and symmetric key cryptography, including RSA, to securely transmit data across networks by encrypting communications between devices.

Technology
1 of 23
Download to read offline
1 Alexander N. Cominsky MA-453: Senior Coordinating Seminar Bro. Daniel P. Wisniewski, O.S.F.S, Ph.D. Mathematics of Computer Networking (Second Half) The topic of this research paper is the mathematics of security in computer networks. I have chosen this topic because computer networking is the field that I plan to make my career in, and, while I know how to create computer networks and implement security controls within them, I do not know much about the mathematics behind the security protocols that I implement. In this paper I plan to cover the mathematics, primarily from the fields of graph theory, abstract algebra, and cryptology, behind Spanning Tree Protocol, the SSL/TLS communication protocols, Wi-Fi security, and hashing. Spanning Tree Protocol To understand what Spanning Tree Protocol, or STP, is in relation to computer networks, one must first understand what trees and cycles are in graph theory. What follows is a brief refresher in the basic elements of graph theory that will be referred to throughout the discussion on STP. A graph is a series of points, referred to as vertices, and the lines that connect them, referred to as edges (Johnsonbaugh, 377). If two vertices are connected by an edge they are considered adjacent and the edge between them is considered incident to them. If we can traverse through a graph, G, from one vertex, v, to another vertex, u, then we have created what is called a path through the graph (Johnsonbaugh, 378). A graph is then connected if a path can be created between all vertices in the graph. A cycle is a path within G from v to v where no edge, e, is repeated in the path Figure 1, Cycles: An example cycle can be seen about vertex a by following a path to vertex d, then to vertex cc, then back to a (Cycles).
2 (Johnsonbaugh, 389-391). An illustrated example of cycles can be seen in Figure 1, where multiple cycles exist. A tree is defined as a graph that for any two vertices, v and u, there exists a unique path between them. This means that the graph is not only connected, but also no cycles between any vertices as this would result in alternate paths between two vertices (Johnsonbaugh, 440; 449). Figure 2: Tree shows an example of a graph that is a tree. Next, one needs to understand weighted graphs. If we look at any graph, we can add numbers to each edge of the graph to represent the weight of that edge. The resulting graph is now referred to as a weighted graph and the sum of each of the weights of the edges in a path is called the path length (Johnsonbaugh, 379-380). Dijkstra’s Shortest-Path Algorithm is a method by which the paths of the shortest length from one vertex to all other vertices can be determined. First, select a source vertex, denote its length as 0 as it does not need to travel anywhere to be at itself, and assign a value of infinity to all other vertices as their true distance is currently unknown. Next, calculate the new value for all vertices that our beginning vertex is adjacent to by adding the weight of the edge to the weight of our initial vertex. For the first round, this will be 0 plus the value of our edge weight. Since this number is less than infinity, it will replace the value assigned to these vertices. The initial vertex is marked as visited and the vertex with the smallest value assigned to it is selected next. If a vertex has been visited than it has been assigned the lowest possible value to travel to it. We repeat the process from before, adding the value associated with our selected vertex to each of the edge weights of its incident edges. If this calculated value is lower for than the assigned value of each adjacent vertex, the new numeric value is assigned, otherwise the old value remains. This process is repeated until all vertices Figure 2, Tree: Observer that this graph has no cycles between any points (Tree).
3 have been marked as visited. The numeric value of each vertex that has been assigned represents the shortest possible distance from that vertex to the starting vertex (Johnsonbaugh, 407-412). Figure 3 shows an example of the first 2 rounds of Dijkstra’s Shortest-Path Algorithm on a weighted graph. Now, how does this all relate to computer networks? If one looks at a computer network, with each device on the network, whether it be an end computer, Wi-Fi access point, switch, or router, can be identified as a vertex and the method by which that they are connected to each other, such as a cable, can be represented by an edge. Weights can then be assigned to the edges of the graph based on the network speed between any two devices (Tetz). STP is then implemented at this stage to remove cycles within this graph without creating a disconnected graph. Thus, the resulting graph representation of the network will be a tree. But why do we need to remove cycles in a computer networking environment to begin with? Well, when a packet of information is being sent from one computer or another, a computer network must determine how to get it there. A Media Access Control Address, or MAC Address, is assigned to every device on a computer network. These act like a street address. Every switch, a device that helps connect multiple devices to one another on a network, stores a list of all the MAC addresses it knows and associates them with the appropriate port on the device. If it does not know the port to send a packet through to get to its required destination, Figure 3, Dijkstra’s Shortest-Path Algorithm: On the left you can see the first round being completed with a being the initial vertex. On the right you can see the second round being completed from vertex f (Johnsonbaugh, 409).
4 then it floods a message out of all ports to try and determine where the destination is. If a cycle exists in the network, then the message will continuously be sent out in a loop causing an enormous strain on the network resulting in a need to remove loops (Odom 150-152). But why then do we allow loops to exist at all? Simple: if a connection goes bad, then there are redundant lines throughout the network that can be brought on to ensure that connectivity is always up. But how does STP work? Well, it utilizes Dijkstra’s Shortest-Path Algorithm. One switch on the network is assigned as the root switch, which in the terms of Dijkstra’s Shortest- Path Algorithm is the first vertex looked at. This is either determined by the end user or mathematically by the smallest MAC address as they are hexadecimal. Then the steps of the algorithm are followed to find the shortest paths. Ports on the switch that are used in the shortest path are then labeled as root ports. Each edge then gets assigned a designated port on one of its sides. This is the port that is on the switch that is closest to the root switch. If an edge only has a designated port, the other side of the edge is labeled as blocking. Edges that have both a root port and a designated port are kept, and edges that are labeled designated and blocking are removed resulting in a graph with no loops. This protocol runs in the background of the network, recalculating barring any change in the network environment. Figure 4, STP: In this figure, each edge has been completely labeled. The edges 55:11,33:66 and 11:55, 11:22 are no longer used. (STP)
5 Basic Cryptography Concepts Moving on from the applications of graph theory, the next topic of this paper will be the applications of cryptography in network security. This will be broken up into 3 stages, asymmetric key cryptography, symmetric key cryptography, and message hashing. Well, what is cryptography? Cryptography “is the process of concealing messages” (Cozzens and Miller, 1). Many different mathematical methods for encrypting and decrypting messages have been developed over the course of history. This paper will be addressing RSA, DES, and AES algorithms and how they are used within security protocols. To start, some important cryptography terms will be defined. Plaintext is the message that is to be the input of the cryptographical algorithm (or cipher), while cyphertext is the output (Ciampa 102-103). Keys are used by both asymmetric and symmetric cryptography. Ciampa defines a key as “a mathematical value entered into the algorithm to produce the cipher text” (103). In symmetric cryptography, one key is used for both the encryption and decryption of the plaintext. This means that the key must be shared between the sender and the receiver of a message (Ciampa 113). In asymmetric cryptography, the same key used to encrypt will not be the same key used to decrypt. At least one of these keys will be kept private and will not be shared between the sender and the receiver (Ciampa 116-117). Asymmetric cyphers are often used to encrypt the keys of symmetric ciphers so that they can secretly be shared between users. This process is called a key exchange (Ciampa 122). Many ciphers use modulus to keep within a certain set of values after each character of plaintext is run through the algorithm such as 0 through 25 representing each alphabetic character as shown in Figure 5. Two numbers x and y are equivalent modulo m, if their difference is a multiple of m, and we write this as:  𝑥 = 𝑦 (𝑚𝑜𝑑(𝑚)). For example, 14 =
6 66 (𝑚𝑜𝑑(26)) because 66  −  14  =  52 and 52 is a multiple of 26. To be able to utilize a key, k, in a cipher using mod m, sometimes it must have an inverse, 𝑘−1  in mod m, where 1 = 𝑘*𝑘−1  (𝑚𝑜𝑑(𝑚)). TLS/SSL Protocols When data is being transported across a network, it can be easily intercepted by anyone else on a network. Earlier in this paper, it was shown that switches flood packets were the exact port of a destination address is unknown. This means every computer on the network could possibly get data packets not intended for them until the switch is able to determine where packets are supposed to go. Considering this is accidental sharing of data and that some people try to find ways to steal data off networks in other ways, this information that is traveling over the network needs to be protected. That is where Transport Layer Security (TLS) and its processor Secure Sockets Layer (SSL) protocols come into play. Their purpose, according to Ciampa, is “to protect data-in-transit” (174). These protocols are used in a wide variety of services such as Hypertext Transfer Protocol and Secure/Multipurpose Internet Mail Extensions which are commonly referred to as HTTP and S/MIME respectively. HTTP is a protocol used to retrieve web pages for viewing through a web browser, hence why website addresses, such as https://www.google.com/, begin with HTTP. By adding in SSL/TLS, it is ensured that the information being retrieved from a website server is encrypted the entire time it is in transit until it arrives at its host destination. A website that implements SSL/TLS within HTTP denotes this by adding an “S” after HTTP in the website address as shown in the example above (Davies, 4- Figure 5, Number and Letter Assignments in Modulo 26 (Cozzens and Miller, 25).
7 5). S/MIME works similarly to HTTP except instead of protecting websites, it protects emails while they are in transit, so they can only be read by the sender and the receiver (Davies, 546- 547). Both TLS and SSL utilize both asymmetric and symmetric key cryptography. This would imply that these protocols use a form of key exchange. There are two unique things about these protocols in this regard: they allow for multiple different key exchanges to be used based on the user’s preference, and they don’t share the key for the symmetric key. Rather than sharing the symmetric key itself, they share a value called the pre-master that will be used to generate the key to keep the key safer (Davies, 329). As demonstrated by Davies in the third chapter of his book, TLS supports RSA, Diffie-Hellman, and Elliptical Curve Diffie-Hellman key exchanges. For this next section the focus will be on one method of key exchange, RSA and how the protocols then generate the also needed symmetric key. RSA Cipher RSA cipher was created in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman; the acronym is merely their last names. As an asymmetric key cipher, it relies on the use of two keys: one private and one public (Cozzens and Miller, 214). The first step in the RSA process is to pick two different prime numbers. These prime numbers will be called p and q. A new number n will be created and set equal to p*q. Next, the Euler totient function, 𝜙, also called the Euler Phi function, must be applied to n. The function is defined as, 𝜙(𝑛) = 𝑚 such that 1 ≤ 𝑚 ≤ 𝑛 and  𝑔𝑐𝑑(𝑚, 𝑛) = 1 where 𝑚, 𝑛 ∈ 𝐙+  . Less formally defined, it calculates the total number of integers less than n that are relatively prime to n. For a number to be relatively prime to another number, their greatest common factor or divisor is 1 (Cozzens and Miller, 216). For primes, the calculation is simple, because all
8 numbers less than any prime do not share a factor with a prime (Guichiard and Keef). Therefore, 𝜙(𝑝) = (𝑝 − 1) where 𝑝 is a prime number. But n is composite in the case of RSA and can be rewritten as 𝜙(𝑛) = 𝜙(𝑝𝑞). As proved in Guichiard and Keef: If 𝑝 and 𝑞 are relatively prime and n = pq, then  𝜙(𝑛) = 𝜙(𝑝)𝜙(𝑞). In this case 𝑝 and 𝑞 are a both prime so 𝜙(𝑛) = 𝜙(𝑝)𝜙(𝑞)  = (𝑝 − 1)(𝑞 − 1). Next, a value must be chosen for encryption denoted as e. It must hold that 1  <  𝑒  <  𝜙(𝑛), and the 𝑔𝑐𝑑(𝑒,  𝜙(𝑛)) = 1. This is so that its inverse used to decrypt, denoted d, will exist as stated in an earlier paragraph. In this case, 𝑑 = 𝑒−1 𝑚𝑜𝑑(𝜙(𝑛)). The public key and private keys for RSA can now be created. The public key is defined as (𝑒, 𝑛) and the private key is likewise (𝑑, 𝑛) (Cozzens and Miller, 216). Since the public key can only encrypt and can’t decrypt the message, there is no need to keep it hidden, whereas the private key must always remain hidden as all it can do is decrypt the message (Davies, 92). To encrypt the message, find the numeric value of the first character of the message and call that value m. To find the cipher text value, c, is calculated as follows: 𝑐 = 𝑚 𝑒 (𝑚𝑜𝑑(𝑛)). To revert the cipher text character to back to plaintext, use the equation 𝑚 = 𝑐 𝑑 (𝑚𝑜𝑑(𝑛)). But why does this work? To understand why RSA works, some group theory topics must first be introduced. A group, G is a non-empty set, 𝑆 and a binary operation * denoted (𝑆, *) that holds the following properties (Finston, 123): 1. Closure: ∀ 𝑎,  𝑏  ∈  𝑆, the result of the operation, 𝑎 * 𝑏inS 2. Associativity: ∀𝑎, 𝑏, 𝑐 ∈ 𝑆, (𝑎 ∗ 𝑏) ∗ 𝑐 = 𝑎 ∗ (𝑏 ∗ 𝑐). 3. Identity element: ∃ 𝑒  ∈  𝑆 such that,  ∀ 𝑎  ∈ 𝑆,  then 𝑒  ∗  𝑎  =  𝑎  ∗  𝑒  =  𝑎
9 4. Inverse element: ∀ 𝑎  ∈  𝑆,   ∃ 𝑏  ∈ 𝑆,   such that  𝑎  ∗  𝑏  =  𝑏  ∗  𝑎  =  𝑒 where 𝑒 is the identity element; 𝑏 is called the inverse of 𝑎 denoted 𝑎−1 . The order of a group is the number of elements in 𝑆 denoted |𝐺|. If the order of a group is not infinite, it is considered a finite group. A cyclic group is a group where all elements of 𝑆 in the group can be generated by a single element of the group and its operation. A nonempty subset, 𝐻, of 𝐺 is said to be a subgroup of 𝐺 if the operation on G is the same operation on 𝐻, and if 𝐻 is a group with respect to this operation (Finston, 125). Langrage’s Theorem states that if 𝐺 is a finite group and 𝐻 is a subgroup of 𝐺, then |𝐻| divides |𝐺| (Finston, 128). A group with the operation of multiplication and the set of all integers less than n and relatively prime 𝑛 is called a multiplicative group of integers modulo n and is denoted 𝐙 𝒏 ∗ . The order of n can be calculated using the Euler Phi function from before (Finston 124). For example, the group 𝐙 𝟓 ∗ has order 4 since there are 4 integers less than 5 relatively prime numbers to 5, and can be generated by 2 since: 21 = 2 𝑚𝑜𝑑(5) 22 = 4 𝑚𝑜𝑑(5) 23 = 3 𝑚𝑜𝑑(5) 24 = 1 𝑚𝑜𝑑(5) To generalize this example, given a group 𝐙 𝒏 ∗ let 𝑎 ∈ 1,2,3 … . 𝑛 − 1  and be relatively prime to n then 𝑎 is a generator of 𝐙 𝒏 ∗ . Euler’s Theorem which states if a ∈ 𝐙 𝒏 ∗ , then 𝑎 𝜙(𝑛)   =  1 𝑚𝑜𝑑(𝑛). Finston lays out the proof for RSA as follows (129). Let G be 𝐙 𝒏 ∗ . Its order is therefore 𝜙(𝑛) = (𝑝 − 1)(𝑞 − 1) since n was chosen to be the multiplication of two primes. Because of how the keys 𝑒 and 𝑑 are chosen in RSA, 𝑒𝑑 = 1 𝑚𝑜𝑑(𝜙(𝑛)) holds. This can be rewritten as 1  = (𝑒𝑑  +  𝑠 𝜙(𝑛) ) 𝑚𝑜𝑑(𝜙(𝑛)) where s ∈ 𝐙. This is true because 𝑠𝜙(𝑛)  𝑚𝑜𝑑(𝜙(𝑛)) = 0.
10 The RSA implies that 𝑚 𝑒 𝑑 = 𝑚 𝑚𝑜𝑑(𝑛). That is if you encrypt then decrypt 𝑚 you will get 𝑚 back. Well, 𝑚  =  𝑚 𝑒𝑑 + 𝑠 𝜙(𝑛) since 𝑚1   =  𝑚 and 1  =  𝑒𝑑  +  𝑠 𝜙(𝑛) as defined above. 𝑚ed + s ϕ(𝑛) = 𝑚ed + 𝑚s ϕ(𝑛) 𝑚ed + 𝑚s ϕ(𝑛) = 𝑚ed + + 𝑚ϕ(𝑛) 𝑠 𝑚 𝑒𝑑 + + 𝑚 𝜙(𝑛) 𝑠 = 𝑚 𝑒 𝑑 + 1 𝑠 by the Euler’s Theorem 𝑚 𝑒 𝑑 + 1 𝑠 = 𝑚 𝑒 𝑑 as desired. So why does SSL/TLS use this system to encrypt the symmetric keys? Well, it is basically impossible to determine the inverse of a key used in RSA because the n value is made using two primes. The factoring of a product of extremely large primes is very difficult (Davies, 92). RSA algorithms used on computers are defined by their bit size, that is, the amount of computer bits that are used to store the value of n. As an example, according to Davies, an RSA algorithm with a key bit size of 512, referred to commonly as RSA-512, would be manipulating values in the range of10154 (92). Most RSA algorithms used on computers today use even larger key sizes such as 1024 or 2048 bits (Davies, 92). Why do TLS and SSL not just use RSA to encrypt all the data in a message, rather than using a symmetric key algorithm? The answer is simple, the decryption of RSA takes far too long. This is due to the Discrete Logarithm Problem. When looking at any 𝐙 𝒏 ∗ we arrive at the equation: 𝑎 𝑥   =  𝑏 𝑚𝑜𝑑 (𝑛). This can be rewritten as 𝑥  =  dlog 𝑎 𝑏 where dlog represents the discrete logarithm (Davies, 130). Discrete logarithms are necessary because decimal answers when encoding and decoding messages won’t convert into a character as all characters are represented by whole numbers. Solving for the value of x is very difficult and gets more difficult as x, 𝑎, and 𝑏 get larger. This is called the Discrete Logarithm Problem. This problem is even
11 an issue for computers and since large exponents and their solutions are use discretely in RSA this becomes an issue of performance and speed on computers. Because messages need to be sent very quickly and the Discrete Logarithm Problem does not allow for speed, another solution is needed. Most symmetric key algorithms work considerably faster in both hardware and software than RSA (Ciampa 119). AES Cipher The Advanced Encryption Standard (AES) cipher is the cipher used by the newest iteration of TLS. It was developed in 2000-2001 by the National Institute of Standards and Technology (NIST) to replace the Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES) which both had their collective failings. The DES cipher is considered insecure and while 3DES is considered secure, it is slow as it merely applies the DES cipher three times. AES was designed to run much more efficiently and securely than its predecessors, DES and 3DES (Davies, 60). AES manipulates binary numbers (or base 2 numbers) to encrypt messages. To convert a character to binary first the character must be converted into a decimal or base ten number, the standard numbers system used in mathematics. Most of the time, this is done by looking up a character’s numeric ASCII value. ASCII stands for the American Standard Code for Information Interchange and was developed to serve the purpose of converting binary to characters (“ASCII Table and Description”). Figure 6 shows the basic ASCII table.
12 To covert this base 10 or decimal number to binary repeatedly divide it by there is 0 left as the quotient. The remainder of each division step will comprise the binary number. For example, 1310 will divide by 2 as such: Number to be Divided by Quotient Remainder 13 6 1 6 3 0 3 1 1 1 0 1 Therefore, the binary representation of 1310 is 1011. To convert back, addition of powers of 2 is used. This can be written as 𝑎0  ∗  20 + 𝑎1  ∗  21 + ⋯ +  𝑎 𝑛  ∗  2 𝑛 where 𝑎𝑖 is the digits of the binary from right to left with 𝑎0  being the first value and 𝑎 𝑛 being the last value. So, for the binary representation 1011 can be converted as such: 1 ∗ 20 + 1 ∗ 21 + 0 ∗ 22 + 1 ∗ 23 . Hexadecimal or base 16 numbers are commonly used in cryptographical algorithms as well and will be discussed later in this paper. They are calculated from base 10 numbers in much the Figure 6, The ASCII Table (“ASCII Table and Description”)
13 same way as binary numbers are except instead of dividing a number by 2, the decimal number is divided by 16. This will result in possible remainders up to 15. To represent these values a, b, c, d, e, and f are used to represent the values 10, 11, 12, 13, 14, and 15. To convert back to decimal is very similar too. Instead of using powers of 2, powers of 16 are used. For example, 244 can be represented as f4 in hexadecimal. AES falls into a special family of symmetric ciphers called block ciphers. Instead of acting upon just one character at a time, characters are grouped into blocks and the whole block is operated upon. AES specifically acts upon 16 bytes of data at a time. A byte is a form of measurement in computer science made up of 8 bits of memory. A bit is the smallest form of computer memory and is represented in binary. If a number does not take up 8 bits of binary, that is it is 8 digits long in binary, then zeros are added to the left of the number until it is 8 digits long. AES manipulates these bits by applying what is known as an XOR operation, which can be denoted by the symbol ⊕ called XORing. This is essentially the addition of the values, often referred to as states, of the bits mod 2. 1 0 XOR 1 1 0 0 1 1 1 0 1 0 0 0 Now the steps for applying the AES cipher will be explained for a 128-bit key with the differences for larger key sizes explained later. The 128-bit key for AES is generated from a randomly generated 16-bit value. This value is first divided into sections each 4 bits long. To
14 generate the fifth portion of the key the first section is XORed to the fourth section. This value then has each of its component bits permuted one byte to the left so that the order of the bits would go from (1,2,3,4) to (2,3,4,1). After this is completed, the fifth section is run through a series of sub tables where it is additionally permuted and XORed based on the algorithms and values in the sub table. In 128-bit keys, the permutations and sub tables are only applied once every fourth iteration stating with the fifth iteration. To generate the sixth portion the fifth portion is XORed with the second. Likewise, the seventh is the outcome of the sixth being XORed with the third. This is done until the desired key length has been created. With each section representing 4 bytes and the initial four sections already having been created by the 16- bit random value this will take 28 total rounds to create. Figure 7 shows this process. For a 192- bit key the permutations and substitutions happen every six rounds instead of every four starting on with the fifth section. For 256-bit keys the permutations are done every fourth round, but the sub tables are done every eight rounds (Davies, 60-65). Figure 7, AES Key Generation (Davies, 65)
15 With the key generated now plaintext data can be encrypted and decrypted. The first 16 bytes of data are put into a 4x4 matrix with 1 byte making up each entry of the matrix moving down the columns first. This matrix is called the State. Because of the amount of space a matrix full of binaries numbers would take up, this is represented in hexadecimal though all the operations on the values will be binary operations. The same is done with the first 16 bytes of the key which is the entirety of a 128-bit key. First each byte in the state has the substitution table from the key creation applied to it (Davies, 68). Then, each row of the state is permuted. The first row remains the same, in the second row each byte is shifted to the right one entry, in the third each byte is shifted to the right two entries, and in the fourth row each byte is shifted to the right three entries (Davies, 69). The next step of AES is called column mixing. This is done through matrix multiplication, where each column of the state is multiplied by the following matrix given in Figure 8. Since the algorithm works with matrices, one would suppose that this would follow the rules of matrix multiplication that are typical to Linear Algebra where each row of this predetermined matrix is multiplied by the column of the state that is being mixed to generate a new 4x1 matrix representing the new column. However, this would require having to find the inverse of the above matrix which does not come out to having whole numbers (Davies, 70). Instead, the finite field or Galois field of order 28 denoted 𝐺𝐹 (28) is used (Wagner, 119). Figure 8, AES Column Mixing Matrix. Note that it is represented in hexadecimal instead of binary in this example to save space. (Davies 70).
16 To understand what a field is, one must first understand what a ring is and what properties it can have. A ring R is a set with two binary operations, addition, denoted 𝑎 + 𝑏, and multiplication, denoted ab, such that ∀𝑎, 𝑏, 𝑐 ∈ 𝑅: 1. Additive Commutativity: 𝑎 + 𝑏 = 𝑏 + 𝑎 2. Additive Associativity: (𝑎 + 𝑏) + 𝑐 = 𝑎 + (𝑏 + 𝑐) 3. Additive Identity: There ∃ 0 ∈ 𝑅 such that 𝑎 + 0 = 𝑎 4. Additive Inverse: There ∃ −𝑎 ∈ 𝑅 such that 𝑎 + −𝑎 = 0 5. Multiplicative Inverse: 𝑎(𝑏𝑐) = (𝑎𝑏)𝑐 6. Left and Right Distribution of multiplication over Division: 𝑎(𝑏 + 𝑐) = 𝑎𝑏 + 𝑎𝑐 and (𝑏 + 𝑐)𝑎 = 𝑏𝑎 + 𝑐𝑎 While multiplication in a ring does not need to be commutative, if it does, it is called a commutative ring. A ring also does not need to have a multiplicative identity either. A unity, 1, in a ring is a non-zero element of the ring that is a multiplicative identity, 𝑎 ∗ 1 = 1 ∗ 𝑎 =  𝑎. A non-zero element in a commutative ring with a unity may not have an inverse either, but if it does it is called a unit (Gallian, 245-246). Then, a field is then a commutative ring with a unity in which every non-zero element is a unit. (Gallian, 257). A finite field is a field whose set is a finite set. For any prime integer p and any integer 𝑛 ≥  1 , there is a unique field with 𝑝 𝑛 elements in it, denoted 𝐺𝐹(𝑝 𝑛 ). The elements of these fields are defined by polynomials with degree 𝑛 − 1 and the coefficients of which are elements of  𝐙 𝑝. The multiplication of these polynomials is done like normal polynomial multiplication except that the coefficients of the polynomials are 𝑚𝑜𝑑(𝑝) since the coefficients are in 𝐙 𝑝. For example, if the term in question was 7𝑥2 and the 𝑝 value was 2, then this term would become 1𝑥2 . In 𝐺𝐹 (28), the multiplications of the polynomials can lead to the existence of a
17 polynomial that is degree 14. To do this, it is divided by an irreducible polynomial that exists within the finite field. An irreducible polynomial is a polynomial that is not the product of two other polynomials within the field. The remainder of this division is the final value of the multiplication. For AES the irreducible polynomial chosen for the division is 𝑥8   +  𝑥4   +  𝑥3   +  𝑥  +  1. This method of multiplication replaces the normal method of multiplication for matrices for AES. The binary values within each entry of the matrix are converted into polynomials. The zero or one values become the coefficients of the polynomial. For example, 10101100 would become 𝑥7 + 𝑥6 + 𝑥3 + 𝑥2 . Once each column is multiplied by the matrix from Figure 8, then the column mixing step is finished (Wagner, 120). The last step of encryption then is XORing the 16 bytes within the state to a 16-byte section of the key generated earlier called a round key. This completes one round of encryption for the first 16 bytes of data. Each set of 16 bytes goes through 10, 12, or 14 rounds of this encryption based on whether it is a 128-bit, 192-bit, or 256-bit version or the cipher. On the last round the column mixing step is skipped (Davies, 70). To decrypt, first a round key is selected from the key just as in the encryption stage. This followed by the undoing the permutation of the rows, the substitution table and the mixing of the columns. This is repeated for the number of same rounds required to encrypt. On the last round the mixing of the columns is again skipped (Davies, 74-75). Hashing Algorithms These features work great for sending and receiving data, but they do not inform the users whether the message itself is an authentic message. Rather these algorithms merely conceal the data. The solution to this problem are one-way hash functions. A hash function 𝐻(𝑀) is a
18 function that takes in a message 𝑀 of any length and converts it into a hash value of fixed length h (Schneier, 429). A hash function has certain properties (Schneier, 429): 1. Given 𝑀, it is easy to compute 𝐻(𝑀), that is the function uses simple computational techniques and can be done quickly. 2. Given h, it is hard to compute 𝑀 such that 𝐻(𝑀) = ℎ, that is the function is one way. 3. Given 𝑀, it is hard to find another message 𝑀' such that 𝐻(𝑀) = 𝐻(𝑀' ), that no two messages have a high probability of having the same hash value. This is also called collision resistance. One of the main families of hash functions today are the Secure Hash Algorithm (SHA). It was developed by the National Security Agency (NSA) and NIST. SHA-1, the first of the SHA hash algorithms created, produced hash value is a 160-bit value. While presently SHA-1 is no longer secure, it is quite well documented and has an easy-to-follow algorithm, so it will be used as an example (Schneier, 442). To begin the algorithm, the text of the message to be hashed is transformed into binary with each character representing one byte. These binary bytes are then appended to form one long string of binary. A single 1 is added to the end of this string. Then zeros are added to the end of the message to make it have a length of 448 𝑚𝑜𝑑(512). The length of the message before it was transformed into binary is also turned into binary. Zeros are then added to the beginning of that binary number until it is 64 bits long. These two strings of binary are then appended together with the message binary being first (Schneier, 442). This message is then broken down into sub-messages, each 512 bits in length. SHA operates on each of its 512-bit messages 80 times. The operation number 𝑡 is denoted 𝑡  =  0 to 79 (this value of 𝑡 will be referenced in future functions). Five 32-bit sets of binary keys in SHA are set to be used as initial values for the algorithm’s calculation. Because
19 each of those values would each be 32 characters long, they are going to be listed below in hexadecimal: H0 67452301 H1 efcdab89 H2 98adcfe H3 10325476 H4 3d2e1f0 Next the original message 𝑀 is broken up into 16 sections, called words, denoted 𝑀0, 𝑀1, 𝑀2, … … , 𝑀15 (Schneier, 443). A total of 80 words are needed for the operation and they are generated by the following function (Schneier, 443): 𝑊𝑡 = { 𝑀𝑡  𝑓𝑜𝑟 0 ≤  𝑡  ≤  15 𝑆1 (𝑊𝑡−3 ⨁ 𝑊𝑡−8⨁ 𝑊𝑡−14⨁𝑊𝑡−16) 𝑓𝑜𝑟 16 ≤ 𝑡 ≤ 79 The function 𝑆 𝑛(𝑋) is a left circular shift operation on the binary string that is an input by n places. This means that each of the digits of a binary number are shifted to the left n times (“US Secure Hash Algorithm 1 (SHA1)”). For example, 𝑆2 (10010011) = 01001110. Next the function that will be used to produce the end hash value will be explained. But first, some new binary operations that have not yet been explained must be described. They are the AND (⋀), and OR (⋁), binary operators and they are described in the table below: 1 0 AND OR 1 1 1 1 0 1 0 1 1 0 0 1 0 0 0 0
20 Additionally, the unary operator NOT(¬) inverses the state of the bit, meaning a 0 becomes a 1 and a 1 becomes a 0. These operations are used within the function used to generate new binary values each round. It is defined as (Schneier, 443): 𝑓𝑡(𝑋, Y, Z) = { (𝑌 ∧ X) ∨ (( ¬X) ∧ Z) 𝑓𝑜𝑟 0 ≤ 𝑡 ≤ 19 𝑋 ⨁ 𝑌 ⨁ 𝑍 𝑓𝑜𝑟 20 ≤ 𝑡 ≤ 39 (𝑋 ∧ 𝑌) ∨ (𝑋 ∧ 𝑍) ∨ (𝑌 ∧ 𝑍) 𝑓𝑜𝑟 40 ≤ 𝑡 ≤ 59 𝑋 ⨁ 𝑌 ⨁ 𝑍 𝑓𝑜𝑟 60 ≤ 𝑡 ≤ 79 Another function of constant binary values 𝐾𝑡 must be defined that will be used during each round. Again, because of the length that these binary values would be, they are being represented in hexadecimal (Schneier, 443): 𝐾𝑡 = { 5𝑎827999 𝑓𝑜𝑟 0 ≤ 𝑡 ≤ 19 6𝑒𝑑9𝑒𝑏𝑎1 𝑓𝑜𝑟 20 ≤ 𝑡 ≤ 39 8𝑓1𝑏𝑏𝑐𝑑𝑐 𝑓𝑜𝑟 40 ≤ 𝑡 ≤ 59 𝑐𝑎62𝑐1𝑑6 𝑓𝑜𝑟 60 ≤ 𝑡 ≤ 79 Now that all the background information of the algorithm is defined, the actual algorithm itself can be outlined. The first step, before the rounds start, is defining five variables to help keep track of current values. They are: 𝑎 =  𝐻0,  𝑏 =  𝐻1, 𝑐 =  𝐻2, 𝑑 =  𝐻3, and 𝑒 = 𝐻4. Another variable called 𝑡𝑒𝑚𝑝 with also be defined and all the words for each message are generated. The second step is to begin the 80 rounds on the first message, where the first round is considered round 0. Each round will follow the following algorithm (Schneier, 443): 1. 𝑡𝑒𝑚𝑝 = ( 𝑆5 +  𝑓𝑡(𝑏,  𝑐,  𝑑) + 𝑒 + 𝑊𝑡 + 𝐾𝑡) 𝑚𝑜𝑑(232  ) 2. 𝑒 = 𝑑 3. 𝑑 = 𝑐 4. 𝑐 = 𝑆30 (𝑏) 5. 𝑏 = 𝑎 6. 𝑎 = 𝑡𝑒𝑚𝑝
21 If there is more than one message, step 2 is repeated, with 𝑎, 𝑏, 𝑐, 𝑑, and 𝑒 remaining whatever values they held in the previous iteration. Once all the messages have been processed, 𝑎, 𝑏, 𝑐, 𝑑, and 𝑒 are added 𝑚𝑜𝑑(232) to 𝐻1, 𝐻2, 𝐻3, 𝐻4, and 𝐻5 respectively (“US Secure Hash Algorithm 1 (SHA1)”). The results of these additions are transformed into hexadecimal and concatenated together to form the requested 160-bit hash value. Why is SHA-1 no longer considered to be secure? Well, it is because collisions were found, meaning that two different files had the same hash value after being run through the algorithm (Konheim, 296). As defined before, this makes the algorithm very weak as it is longer certain that the file was not manipulated. In 2005 they had been determined collisions to be possible. By 2009 they had been found to occur relatively easily (Konheim, 296). The mathematics of computer networking is far reaching, and this paper has barely scratched the surface. Many fields of mathematics are encountered when working with computer networks. Graph theory and cryptography are used to protect computer networks from attackers with abstract algebra being the basis for many of the algorithms used. This is so important today due to our increasing reliance on technology in our day to day lives. Without these mathematical algorithms, computer networks would be prone to failing, and everything we send over them would be completely unprotected. And with computers getting increasingly more powerful and prevalent across the globe, the need for more forms of protective algorithms like these will become increasingly more necessary.
22 Works Cited “ASCII Table and Description.” ASCIITable.com. Web. 12 Nov. 2018. <http://www.asciitable.com/>. Ciampa, Mark D. Security+ Guide to Network Security Fundamentals. 6th ed. Boston: Cengage Learning, 2018. Print. Cozzens, Margaret, and Steven J. Miller. The Mathematics of Encryption: An Elementary Introduction. Vol. 29. Providence: American Mathematical Society, 2013. Print. Cycles. Digital image. TutorialsPoint.com. 2018. Web. 13 Oct. 2018. <https://www.tutorialspo int.com/graph_theory/images/connectivity.jpg> Davies, Joshua. Implementing SSL/TLS Using Cryptography and PKI. Indianapolis: Wiley, 2011. Print. Finston, David, and Patrick Morandi. An Introduction to Abstract Algebra via Applications. Las Cruces, NM: New Mexico State U, 2007. Print. Forouzan, Behrouz A. Introduction to Cryptography and Network Security. New York: McGraw Hill, 2008. Print. Gallian, Joseph A. Contemporary Abstract Algebra. 8th ed. Boston, MA: Brooks/Cole Cengage Learning, 2013. Print. Guichard, David, and Patrick Keef. "The Euler Phi Function." The Euler Phi Function. Whitman College Web. 16 Oct. 2018. Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World. Englewood Cliffs: Prentice Hall, 2011. Print. Keshav, Srinivasan. Mathematical Foundations of Computer Networking. New York: Addison- Wesley, 2012. Print.
23 Konheim, Alan G. Hashing in Computer Science: Fifty Years of Slicing and Dicing. Hoboken: John Wiley & Sons, 2010. Print. Odom, Wendell. Cisco CCENT/CCNA ICND1 100-101 Official Cert Guide. Indianapolis: Cisco, 2013. Print. Stallings, William. Cryptology and Network Security: Principles and Practices. 2nd ed. Upper Saddle River: Prentice-Hall, 1999. Print. Tetz, Edward. "Spanning Tree Protocol (STP) Introduction." Dummies.com. John Wiley & Sons, Inc., 2011. Web. 31 Aug. 2018. <https://www.dummies.com/programming/networking/cisco/spanning-tree-protocol-stp- introduction/>. Tree. Digital image. UCDenver.edu. University of Colorado Denver. Web. 13 Oct. 2018. <http://www-math.ucdenver.edu/~wcherowi/courses/m4408/gtln8p1.gif> “US Secure Hash Algorithm 1 (SHA1).” IETF Tools. Sept. 2001 Web. 09 Nov. 2018. <https://tools.ietf.org/html/rfc3174#section-4>. Wagner, Neal. The Laws of Cryptography. 2003. Print.

Recommended

A few approaches to cope with crash/byzantine failures in communication netwo...
A few approaches to cope with crash/byzantine failures in communication netwo...A few approaches to cope with crash/byzantine failures in communication netwo...
A few approaches to cope with crash/byzantine failures in communication netwo...
Feliciano Colella
 
Communication and networking in Multi
Communication and networking in Multi Communication and networking in Multi
Communication and networking in Multi
Utkarsh Ahuja
 
Ad34186189
Ad34186189Ad34186189
Ad34186189
IJERA Editor
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpu
IJNSA Journal
 
Automatic cluster formation and assigning address for wireless sensor net
Automatic cluster formation and assigning address for wireless sensor netAutomatic cluster formation and assigning address for wireless sensor net
Automatic cluster formation and assigning address for wireless sensor net
IAEME Publication
 
Simulation of Scale-Free Networks
Simulation of Scale-Free NetworksSimulation of Scale-Free Networks
Simulation of Scale-Free Networks
Gabriele D'Angelo
 
A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...
A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...
A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...
csandit
 
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKSA NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
IJNSA Journal
 

Recommended

A few approaches to cope with crash/byzantine failures in communication netwo...
A few approaches to cope with crash/byzantine failures in communication netwo...A few approaches to cope with crash/byzantine failures in communication netwo...
A few approaches to cope with crash/byzantine failures in communication netwo...
Feliciano Colella
 
Communication and networking in Multi
Communication and networking in Multi Communication and networking in Multi
Communication and networking in Multi
Utkarsh Ahuja
 
Ad34186189
Ad34186189Ad34186189
Ad34186189
IJERA Editor
 
Analysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpuAnalysis of rsa algorithm using gpu
Analysis of rsa algorithm using gpu
IJNSA Journal
 
Automatic cluster formation and assigning address for wireless sensor net
Automatic cluster formation and assigning address for wireless sensor netAutomatic cluster formation and assigning address for wireless sensor net
Automatic cluster formation and assigning address for wireless sensor net
IAEME Publication
 
Simulation of Scale-Free Networks
Simulation of Scale-Free NetworksSimulation of Scale-Free Networks
Simulation of Scale-Free Networks
Gabriele D'Angelo
 
A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...
A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...
A SECURE DIGITAL SIGNATURE SCHEME WITH FAULT TOLERANCE BASED ON THE IMPROVED ...
csandit
 
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKSA NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
A NEW KEY ESTABLISHMENT SCHEME FOR WIRELESS SENSOR NETWORKS
IJNSA Journal
 
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Indraneel Pole
 
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsA New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
Eswar Publications
 
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMSIMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
csandit
 
A new RSA public key encryption scheme with chaotic maps
A new RSA public key encryption scheme with chaotic maps A new RSA public key encryption scheme with chaotic maps
A new RSA public key encryption scheme with chaotic maps
IJECEIAES
 
Design and Implementation of a Secure Communication Protocol
Design and Implementation of a Secure Communication Protocol Design and Implementation of a Secure Communication Protocol
Design and Implementation of a Secure Communication Protocol
IJECEIAES
 
Criptography approach using magnets
Criptography approach using magnetsCriptography approach using magnets
Criptography approach using magnets
snv09
 
Info mimi-hop-by-hop authentication
Info mimi-hop-by-hop authenticationInfo mimi-hop-by-hop authentication
Info mimi-hop-by-hop authentication
Selva Raj
 
Info mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copyInfo mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copy
Selva Raj
 
A novel cluster based wormhole avoidance algorithm for mobile adhoc networks
A novel cluster based wormhole avoidance algorithm for mobile adhoc networksA novel cluster based wormhole avoidance algorithm for mobile adhoc networks
A novel cluster based wormhole avoidance algorithm for mobile adhoc networks
csandit
 
Best data science course in pune. converted
Best data science course in pune. convertedBest data science course in pune. converted
Best data science course in pune. converted
sripadojwarumavilas
 
Machine learning certification in gurgaon
Machine learning certification in gurgaon Machine learning certification in gurgaon
Machine learning certification in gurgaon
TejaspathiLV
 
Using spectral radius ratio for node degree
Using spectral radius ratio for node degreeUsing spectral radius ratio for node degree
Using spectral radius ratio for node degree
IJCNCJournal
 
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKSON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ijwmn
 
Scale free network Visualiuzation
Scale free network VisualiuzationScale free network Visualiuzation
Scale free network Visualiuzation
Harshit Srivastava
 
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
IJNSA Journal
 
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
ijfcstjournal
 
H010223640
H010223640H010223640
H010223640
IOSR Journals
 
Distribution of maximal clique size under
Distribution of maximal clique size underDistribution of maximal clique size under
Distribution of maximal clique size under
ijfcstjournal
 
Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3
Naishil Shah
 
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream CiphersMultiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
IJNSA Journal
 
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream CiphersMultiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
IJNSA Journal
 
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
IJNSA Journal
 

More Related Content

What's hot

Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Indraneel Pole
 
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsA New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
Eswar Publications
 
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMSIMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
csandit
 
A new RSA public key encryption scheme with chaotic maps
A new RSA public key encryption scheme with chaotic maps A new RSA public key encryption scheme with chaotic maps
A new RSA public key encryption scheme with chaotic maps
IJECEIAES
 
Criptography approach using magnets
Criptography approach using magnetsCriptography approach using magnets
Criptography approach using magnets
snv09
 
Info mimi-hop-by-hop authentication
Info mimi-hop-by-hop authenticationInfo mimi-hop-by-hop authentication
Info mimi-hop-by-hop authentication
Selva Raj
 
Info mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copyInfo mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copy
Selva Raj
 
A novel cluster based wormhole avoidance algorithm for mobile adhoc networks
A novel cluster based wormhole avoidance algorithm for mobile adhoc networksA novel cluster based wormhole avoidance algorithm for mobile adhoc networks
A novel cluster based wormhole avoidance algorithm for mobile adhoc networks
csandit
 

What's hot (11)

Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
Restricted Boltzmann Machine - A comprehensive study with a focus on Deep Bel...
 
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative GroupsA New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
A New Key Agreement Protocol Using BDP and CSP in Non Commutative Groups
 
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMSIMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
IMPROVING SCHEDULING OF DATA TRANSMISSION IN TDMA SYSTEMS
 
A new RSA public key encryption scheme with chaotic maps
A new RSA public key encryption scheme with chaotic maps A new RSA public key encryption scheme with chaotic maps
A new RSA public key encryption scheme with chaotic maps
 
Design and Implementation of a Secure Communication Protocol
Design and Implementation of a Secure Communication Protocol Design and Implementation of a Secure Communication Protocol
Design and Implementation of a Secure Communication Protocol
 
Criptography approach using magnets
Criptography approach using magnetsCriptography approach using magnets
Criptography approach using magnets
 
Info mimi-hop-by-hop authentication
Info mimi-hop-by-hop authenticationInfo mimi-hop-by-hop authentication
Info mimi-hop-by-hop authentication
 
Info mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copyInfo mimi-hop-by-hop authentication-copy
Info mimi-hop-by-hop authentication-copy
 
A novel cluster based wormhole avoidance algorithm for mobile adhoc networks
A novel cluster based wormhole avoidance algorithm for mobile adhoc networksA novel cluster based wormhole avoidance algorithm for mobile adhoc networks
A novel cluster based wormhole avoidance algorithm for mobile adhoc networks
 
Best data science course in pune. converted
Best data science course in pune. convertedBest data science course in pune. converted
Best data science course in pune. converted
 
Machine learning certification in gurgaon
Machine learning certification in gurgaon Machine learning certification in gurgaon
Machine learning certification in gurgaon
 

Similar to Mathematics Research Paper - Mathematics of Computer Networking - Final Draft

Using spectral radius ratio for node degree
Using spectral radius ratio for node degreeUsing spectral radius ratio for node degree
Using spectral radius ratio for node degree
IJCNCJournal
 
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKSON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ijwmn
 
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
ijfcstjournal
 
Distribution of maximal clique size under
Distribution of maximal clique size underDistribution of maximal clique size under
Distribution of maximal clique size under
ijfcstjournal
 
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream CiphersMultiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
IJNSA Journal
 
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream CiphersMultiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
IJNSA Journal
 
FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...
FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...
FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...
IJCNCJournal
 
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...
IJCNCJournal
 
User_42751212015Module1and2pagestocompetework.pdf.docx
User_42751212015Module1and2pagestocompetework.pdf.docxUser_42751212015Module1and2pagestocompetework.pdf.docx
User_42751212015Module1and2pagestocompetework.pdf.docx
dickonsondorris
 
A comparative study on multicast routing using dijkstra’s, prims and ant colo...
A comparative study on multicast routing using dijkstra’s, prims and ant colo...A comparative study on multicast routing using dijkstra’s, prims and ant colo...
A comparative study on multicast routing using dijkstra’s, prims and ant colo...
IAEME Publication
 
A comparative study on multicast routing using dijkstra’s
A comparative study on multicast routing using dijkstra’sA comparative study on multicast routing using dijkstra’s
A comparative study on multicast routing using dijkstra’s
iaemedu
 
EFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUE
EFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUEEFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUE
EFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUE
IJNSA Journal
 

Similar to Mathematics Research Paper - Mathematics of Computer Networking - Final Draft (20)

Using spectral radius ratio for node degree
Using spectral radius ratio for node degreeUsing spectral radius ratio for node degree
Using spectral radius ratio for node degree
 
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKSON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
ON FINDING MINIMUM AND MAXIMUM PATH LENGTH IN GRID-BASED WIRELESS NETWORKS
 
Scale free network Visualiuzation
Scale free network VisualiuzationScale free network Visualiuzation
Scale free network Visualiuzation
 
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
 
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
DISTRIBUTION OF MAXIMAL CLIQUE SIZE UNDER THE WATTS-STROGATZ MODEL OF EVOLUTI...
 
H010223640
H010223640H010223640
H010223640
 
Distribution of maximal clique size under
Distribution of maximal clique size underDistribution of maximal clique size under
Distribution of maximal clique size under
 
Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3Implementation of Spanning Tree Protocol using ns-3
Implementation of Spanning Tree Protocol using ns-3
 
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream CiphersMultiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
 
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream CiphersMultiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
Multiple Dimensional Fault Tolerant Schemes for Crypto Stream Ciphers
 
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
CASCADE BLOCK CIPHER USING BRAIDING/ENTANGLEMENT OF SPIN MATRICES AND BIT ROT...
 
Bigdata analytics
Bigdata analyticsBigdata analytics
Bigdata analytics
 
Description Of A Graph
Description Of A GraphDescription Of A Graph
Description Of A Graph
 
FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...
FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...
FAULT TOLERANT ROUTING ALGORITHM IN OCTAGON-CELL INTERCONNECTED NETWORK FOR H...
 
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...
Security Analysis of AES and Enhancing its Security by Modifying S-Box with a...
 
User_42751212015Module1and2pagestocompetework.pdf.docx
User_42751212015Module1and2pagestocompetework.pdf.docxUser_42751212015Module1and2pagestocompetework.pdf.docx
User_42751212015Module1and2pagestocompetework.pdf.docx
 
A comparative study on multicast routing using dijkstra’s, prims and ant colo...
A comparative study on multicast routing using dijkstra’s, prims and ant colo...A comparative study on multicast routing using dijkstra’s, prims and ant colo...
A comparative study on multicast routing using dijkstra’s, prims and ant colo...
 
A comparative study on multicast routing using dijkstra’s
A comparative study on multicast routing using dijkstra’sA comparative study on multicast routing using dijkstra’s
A comparative study on multicast routing using dijkstra’s
 
Lecture 5 - Qunatifying a Network.pdf
Lecture 5 - Qunatifying a Network.pdfLecture 5 - Qunatifying a Network.pdf
Lecture 5 - Qunatifying a Network.pdf
 
EFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUE
EFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUEEFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUE
EFFICIENT DIGITAL ENCRYPTION ALGORITHM BASED ON MATRIX SCRAMBLING TECHNIQUE
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Mathematics Research Paper - Mathematics of Computer Networking - Final Draft

  • 1. 1 Alexander N. Cominsky MA-453: Senior Coordinating Seminar Bro. Daniel P. Wisniewski, O.S.F.S, Ph.D. Mathematics of Computer Networking (Second Half) The topic of this research paper is the mathematics of security in computer networks. I have chosen this topic because computer networking is the field that I plan to make my career in, and, while I know how to create computer networks and implement security controls within them, I do not know much about the mathematics behind the security protocols that I implement. In this paper I plan to cover the mathematics, primarily from the fields of graph theory, abstract algebra, and cryptology, behind Spanning Tree Protocol, the SSL/TLS communication protocols, Wi-Fi security, and hashing. Spanning Tree Protocol To understand what Spanning Tree Protocol, or STP, is in relation to computer networks, one must first understand what trees and cycles are in graph theory. What follows is a brief refresher in the basic elements of graph theory that will be referred to throughout the discussion on STP. A graph is a series of points, referred to as vertices, and the lines that connect them, referred to as edges (Johnsonbaugh, 377). If two vertices are connected by an edge they are considered adjacent and the edge between them is considered incident to them. If we can traverse through a graph, G, from one vertex, v, to another vertex, u, then we have created what is called a path through the graph (Johnsonbaugh, 378). A graph is then connected if a path can be created between all vertices in the graph. A cycle is a path within G from v to v where no edge, e, is repeated in the path Figure 1, Cycles: An example cycle can be seen about vertex a by following a path to vertex d, then to vertex cc, then back to a (Cycles).
  • 2. 2 (Johnsonbaugh, 389-391). An illustrated example of cycles can be seen in Figure 1, where multiple cycles exist. A tree is defined as a graph that for any two vertices, v and u, there exists a unique path between them. This means that the graph is not only connected, but also no cycles between any vertices as this would result in alternate paths between two vertices (Johnsonbaugh, 440; 449). Figure 2: Tree shows an example of a graph that is a tree. Next, one needs to understand weighted graphs. If we look at any graph, we can add numbers to each edge of the graph to represent the weight of that edge. The resulting graph is now referred to as a weighted graph and the sum of each of the weights of the edges in a path is called the path length (Johnsonbaugh, 379-380). Dijkstra’s Shortest-Path Algorithm is a method by which the paths of the shortest length from one vertex to all other vertices can be determined. First, select a source vertex, denote its length as 0 as it does not need to travel anywhere to be at itself, and assign a value of infinity to all other vertices as their true distance is currently unknown. Next, calculate the new value for all vertices that our beginning vertex is adjacent to by adding the weight of the edge to the weight of our initial vertex. For the first round, this will be 0 plus the value of our edge weight. Since this number is less than infinity, it will replace the value assigned to these vertices. The initial vertex is marked as visited and the vertex with the smallest value assigned to it is selected next. If a vertex has been visited than it has been assigned the lowest possible value to travel to it. We repeat the process from before, adding the value associated with our selected vertex to each of the edge weights of its incident edges. If this calculated value is lower for than the assigned value of each adjacent vertex, the new numeric value is assigned, otherwise the old value remains. This process is repeated until all vertices Figure 2, Tree: Observer that this graph has no cycles between any points (Tree).
  • 3. 3 have been marked as visited. The numeric value of each vertex that has been assigned represents the shortest possible distance from that vertex to the starting vertex (Johnsonbaugh, 407-412). Figure 3 shows an example of the first 2 rounds of Dijkstra’s Shortest-Path Algorithm on a weighted graph. Now, how does this all relate to computer networks? If one looks at a computer network, with each device on the network, whether it be an end computer, Wi-Fi access point, switch, or router, can be identified as a vertex and the method by which that they are connected to each other, such as a cable, can be represented by an edge. Weights can then be assigned to the edges of the graph based on the network speed between any two devices (Tetz). STP is then implemented at this stage to remove cycles within this graph without creating a disconnected graph. Thus, the resulting graph representation of the network will be a tree. But why do we need to remove cycles in a computer networking environment to begin with? Well, when a packet of information is being sent from one computer or another, a computer network must determine how to get it there. A Media Access Control Address, or MAC Address, is assigned to every device on a computer network. These act like a street address. Every switch, a device that helps connect multiple devices to one another on a network, stores a list of all the MAC addresses it knows and associates them with the appropriate port on the device. If it does not know the port to send a packet through to get to its required destination, Figure 3, Dijkstra’s Shortest-Path Algorithm: On the left you can see the first round being completed with a being the initial vertex. On the right you can see the second round being completed from vertex f (Johnsonbaugh, 409).
  • 4. 4 then it floods a message out of all ports to try and determine where the destination is. If a cycle exists in the network, then the message will continuously be sent out in a loop causing an enormous strain on the network resulting in a need to remove loops (Odom 150-152). But why then do we allow loops to exist at all? Simple: if a connection goes bad, then there are redundant lines throughout the network that can be brought on to ensure that connectivity is always up. But how does STP work? Well, it utilizes Dijkstra’s Shortest-Path Algorithm. One switch on the network is assigned as the root switch, which in the terms of Dijkstra’s Shortest- Path Algorithm is the first vertex looked at. This is either determined by the end user or mathematically by the smallest MAC address as they are hexadecimal. Then the steps of the algorithm are followed to find the shortest paths. Ports on the switch that are used in the shortest path are then labeled as root ports. Each edge then gets assigned a designated port on one of its sides. This is the port that is on the switch that is closest to the root switch. If an edge only has a designated port, the other side of the edge is labeled as blocking. Edges that have both a root port and a designated port are kept, and edges that are labeled designated and blocking are removed resulting in a graph with no loops. This protocol runs in the background of the network, recalculating barring any change in the network environment. Figure 4, STP: In this figure, each edge has been completely labeled. The edges 55:11,33:66 and 11:55, 11:22 are no longer used. (STP)
  • 5. 5 Basic Cryptography Concepts Moving on from the applications of graph theory, the next topic of this paper will be the applications of cryptography in network security. This will be broken up into 3 stages, asymmetric key cryptography, symmetric key cryptography, and message hashing. Well, what is cryptography? Cryptography “is the process of concealing messages” (Cozzens and Miller, 1). Many different mathematical methods for encrypting and decrypting messages have been developed over the course of history. This paper will be addressing RSA, DES, and AES algorithms and how they are used within security protocols. To start, some important cryptography terms will be defined. Plaintext is the message that is to be the input of the cryptographical algorithm (or cipher), while cyphertext is the output (Ciampa 102-103). Keys are used by both asymmetric and symmetric cryptography. Ciampa defines a key as “a mathematical value entered into the algorithm to produce the cipher text” (103). In symmetric cryptography, one key is used for both the encryption and decryption of the plaintext. This means that the key must be shared between the sender and the receiver of a message (Ciampa 113). In asymmetric cryptography, the same key used to encrypt will not be the same key used to decrypt. At least one of these keys will be kept private and will not be shared between the sender and the receiver (Ciampa 116-117). Asymmetric cyphers are often used to encrypt the keys of symmetric ciphers so that they can secretly be shared between users. This process is called a key exchange (Ciampa 122). Many ciphers use modulus to keep within a certain set of values after each character of plaintext is run through the algorithm such as 0 through 25 representing each alphabetic character as shown in Figure 5. Two numbers x and y are equivalent modulo m, if their difference is a multiple of m, and we write this as:  𝑥 = 𝑦 (𝑚𝑜𝑑(𝑚)). For example, 14 =
  • 6. 6 66 (𝑚𝑜𝑑(26)) because 66  −  14  =  52 and 52 is a multiple of 26. To be able to utilize a key, k, in a cipher using mod m, sometimes it must have an inverse, 𝑘−1  in mod m, where 1 = 𝑘*𝑘−1  (𝑚𝑜𝑑(𝑚)). TLS/SSL Protocols When data is being transported across a network, it can be easily intercepted by anyone else on a network. Earlier in this paper, it was shown that switches flood packets were the exact port of a destination address is unknown. This means every computer on the network could possibly get data packets not intended for them until the switch is able to determine where packets are supposed to go. Considering this is accidental sharing of data and that some people try to find ways to steal data off networks in other ways, this information that is traveling over the network needs to be protected. That is where Transport Layer Security (TLS) and its processor Secure Sockets Layer (SSL) protocols come into play. Their purpose, according to Ciampa, is “to protect data-in-transit” (174). These protocols are used in a wide variety of services such as Hypertext Transfer Protocol and Secure/Multipurpose Internet Mail Extensions which are commonly referred to as HTTP and S/MIME respectively. HTTP is a protocol used to retrieve web pages for viewing through a web browser, hence why website addresses, such as https://www.google.com/, begin with HTTP. By adding in SSL/TLS, it is ensured that the information being retrieved from a website server is encrypted the entire time it is in transit until it arrives at its host destination. A website that implements SSL/TLS within HTTP denotes this by adding an “S” after HTTP in the website address as shown in the example above (Davies, 4- Figure 5, Number and Letter Assignments in Modulo 26 (Cozzens and Miller, 25).
  • 7. 7 5). S/MIME works similarly to HTTP except instead of protecting websites, it protects emails while they are in transit, so they can only be read by the sender and the receiver (Davies, 546- 547). Both TLS and SSL utilize both asymmetric and symmetric key cryptography. This would imply that these protocols use a form of key exchange. There are two unique things about these protocols in this regard: they allow for multiple different key exchanges to be used based on the user’s preference, and they don’t share the key for the symmetric key. Rather than sharing the symmetric key itself, they share a value called the pre-master that will be used to generate the key to keep the key safer (Davies, 329). As demonstrated by Davies in the third chapter of his book, TLS supports RSA, Diffie-Hellman, and Elliptical Curve Diffie-Hellman key exchanges. For this next section the focus will be on one method of key exchange, RSA and how the protocols then generate the also needed symmetric key. RSA Cipher RSA cipher was created in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman; the acronym is merely their last names. As an asymmetric key cipher, it relies on the use of two keys: one private and one public (Cozzens and Miller, 214). The first step in the RSA process is to pick two different prime numbers. These prime numbers will be called p and q. A new number n will be created and set equal to p*q. Next, the Euler totient function, 𝜙, also called the Euler Phi function, must be applied to n. The function is defined as, 𝜙(𝑛) = 𝑚 such that 1 ≤ 𝑚 ≤ 𝑛 and  𝑔𝑐𝑑(𝑚, 𝑛) = 1 where 𝑚, 𝑛 ∈ 𝐙+  . Less formally defined, it calculates the total number of integers less than n that are relatively prime to n. For a number to be relatively prime to another number, their greatest common factor or divisor is 1 (Cozzens and Miller, 216). For primes, the calculation is simple, because all
  • 8. 8 numbers less than any prime do not share a factor with a prime (Guichiard and Keef). Therefore, 𝜙(𝑝) = (𝑝 − 1) where 𝑝 is a prime number. But n is composite in the case of RSA and can be rewritten as 𝜙(𝑛) = 𝜙(𝑝𝑞). As proved in Guichiard and Keef: If 𝑝 and 𝑞 are relatively prime and n = pq, then  𝜙(𝑛) = 𝜙(𝑝)𝜙(𝑞). In this case 𝑝 and 𝑞 are a both prime so 𝜙(𝑛) = 𝜙(𝑝)𝜙(𝑞)  = (𝑝 − 1)(𝑞 − 1). Next, a value must be chosen for encryption denoted as e. It must hold that 1  <  𝑒  <  𝜙(𝑛), and the 𝑔𝑐𝑑(𝑒,  𝜙(𝑛)) = 1. This is so that its inverse used to decrypt, denoted d, will exist as stated in an earlier paragraph. In this case, 𝑑 = 𝑒−1 𝑚𝑜𝑑(𝜙(𝑛)). The public key and private keys for RSA can now be created. The public key is defined as (𝑒, 𝑛) and the private key is likewise (𝑑, 𝑛) (Cozzens and Miller, 216). Since the public key can only encrypt and can’t decrypt the message, there is no need to keep it hidden, whereas the private key must always remain hidden as all it can do is decrypt the message (Davies, 92). To encrypt the message, find the numeric value of the first character of the message and call that value m. To find the cipher text value, c, is calculated as follows: 𝑐 = 𝑚 𝑒 (𝑚𝑜𝑑(𝑛)). To revert the cipher text character to back to plaintext, use the equation 𝑚 = 𝑐 𝑑 (𝑚𝑜𝑑(𝑛)). But why does this work? To understand why RSA works, some group theory topics must first be introduced. A group, G is a non-empty set, 𝑆 and a binary operation * denoted (𝑆, *) that holds the following properties (Finston, 123): 1. Closure: ∀ 𝑎,  𝑏  ∈  𝑆, the result of the operation, 𝑎 * 𝑏inS 2. Associativity: ∀𝑎, 𝑏, 𝑐 ∈ 𝑆, (𝑎 ∗ 𝑏) ∗ 𝑐 = 𝑎 ∗ (𝑏 ∗ 𝑐). 3. Identity element: ∃ 𝑒  ∈  𝑆 such that,  ∀ 𝑎  ∈ 𝑆,  then 𝑒  ∗  𝑎  =  𝑎  ∗  𝑒  =  𝑎
  • 9. 9 4. Inverse element: ∀ 𝑎  ∈  𝑆,   ∃ 𝑏  ∈ 𝑆,   such that  𝑎  ∗  𝑏  =  𝑏  ∗  𝑎  =  𝑒 where 𝑒 is the identity element; 𝑏 is called the inverse of 𝑎 denoted 𝑎−1 . The order of a group is the number of elements in 𝑆 denoted |𝐺|. If the order of a group is not infinite, it is considered a finite group. A cyclic group is a group where all elements of 𝑆 in the group can be generated by a single element of the group and its operation. A nonempty subset, 𝐻, of 𝐺 is said to be a subgroup of 𝐺 if the operation on G is the same operation on 𝐻, and if 𝐻 is a group with respect to this operation (Finston, 125). Langrage’s Theorem states that if 𝐺 is a finite group and 𝐻 is a subgroup of 𝐺, then |𝐻| divides |𝐺| (Finston, 128). A group with the operation of multiplication and the set of all integers less than n and relatively prime 𝑛 is called a multiplicative group of integers modulo n and is denoted 𝐙 𝒏 ∗ . The order of n can be calculated using the Euler Phi function from before (Finston 124). For example, the group 𝐙 𝟓 ∗ has order 4 since there are 4 integers less than 5 relatively prime numbers to 5, and can be generated by 2 since: 21 = 2 𝑚𝑜𝑑(5) 22 = 4 𝑚𝑜𝑑(5) 23 = 3 𝑚𝑜𝑑(5) 24 = 1 𝑚𝑜𝑑(5) To generalize this example, given a group 𝐙 𝒏 ∗ let 𝑎 ∈ 1,2,3 … . 𝑛 − 1  and be relatively prime to n then 𝑎 is a generator of 𝐙 𝒏 ∗ . Euler’s Theorem which states if a ∈ 𝐙 𝒏 ∗ , then 𝑎 𝜙(𝑛)   =  1 𝑚𝑜𝑑(𝑛). Finston lays out the proof for RSA as follows (129). Let G be 𝐙 𝒏 ∗ . Its order is therefore 𝜙(𝑛) = (𝑝 − 1)(𝑞 − 1) since n was chosen to be the multiplication of two primes. Because of how the keys 𝑒 and 𝑑 are chosen in RSA, 𝑒𝑑 = 1 𝑚𝑜𝑑(𝜙(𝑛)) holds. This can be rewritten as 1  = (𝑒𝑑  +  𝑠 𝜙(𝑛) ) 𝑚𝑜𝑑(𝜙(𝑛)) where s ∈ 𝐙. This is true because 𝑠𝜙(𝑛)  𝑚𝑜𝑑(𝜙(𝑛)) = 0.
  • 10. 10 The RSA implies that 𝑚 𝑒 𝑑 = 𝑚 𝑚𝑜𝑑(𝑛). That is if you encrypt then decrypt 𝑚 you will get 𝑚 back. Well, 𝑚  =  𝑚 𝑒𝑑 + 𝑠 𝜙(𝑛) since 𝑚1   =  𝑚 and 1  =  𝑒𝑑  +  𝑠 𝜙(𝑛) as defined above. 𝑚ed + s ϕ(𝑛) = 𝑚ed + 𝑚s ϕ(𝑛) 𝑚ed + 𝑚s ϕ(𝑛) = 𝑚ed + + 𝑚ϕ(𝑛) 𝑠 𝑚 𝑒𝑑 + + 𝑚 𝜙(𝑛) 𝑠 = 𝑚 𝑒 𝑑 + 1 𝑠 by the Euler’s Theorem 𝑚 𝑒 𝑑 + 1 𝑠 = 𝑚 𝑒 𝑑 as desired. So why does SSL/TLS use this system to encrypt the symmetric keys? Well, it is basically impossible to determine the inverse of a key used in RSA because the n value is made using two primes. The factoring of a product of extremely large primes is very difficult (Davies, 92). RSA algorithms used on computers are defined by their bit size, that is, the amount of computer bits that are used to store the value of n. As an example, according to Davies, an RSA algorithm with a key bit size of 512, referred to commonly as RSA-512, would be manipulating values in the range of10154 (92). Most RSA algorithms used on computers today use even larger key sizes such as 1024 or 2048 bits (Davies, 92). Why do TLS and SSL not just use RSA to encrypt all the data in a message, rather than using a symmetric key algorithm? The answer is simple, the decryption of RSA takes far too long. This is due to the Discrete Logarithm Problem. When looking at any 𝐙 𝒏 ∗ we arrive at the equation: 𝑎 𝑥   =  𝑏 𝑚𝑜𝑑 (𝑛). This can be rewritten as 𝑥  =  dlog 𝑎 𝑏 where dlog represents the discrete logarithm (Davies, 130). Discrete logarithms are necessary because decimal answers when encoding and decoding messages won’t convert into a character as all characters are represented by whole numbers. Solving for the value of x is very difficult and gets more difficult as x, 𝑎, and 𝑏 get larger. This is called the Discrete Logarithm Problem. This problem is even
  • 11. 11 an issue for computers and since large exponents and their solutions are use discretely in RSA this becomes an issue of performance and speed on computers. Because messages need to be sent very quickly and the Discrete Logarithm Problem does not allow for speed, another solution is needed. Most symmetric key algorithms work considerably faster in both hardware and software than RSA (Ciampa 119). AES Cipher The Advanced Encryption Standard (AES) cipher is the cipher used by the newest iteration of TLS. It was developed in 2000-2001 by the National Institute of Standards and Technology (NIST) to replace the Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES) which both had their collective failings. The DES cipher is considered insecure and while 3DES is considered secure, it is slow as it merely applies the DES cipher three times. AES was designed to run much more efficiently and securely than its predecessors, DES and 3DES (Davies, 60). AES manipulates binary numbers (or base 2 numbers) to encrypt messages. To convert a character to binary first the character must be converted into a decimal or base ten number, the standard numbers system used in mathematics. Most of the time, this is done by looking up a character’s numeric ASCII value. ASCII stands for the American Standard Code for Information Interchange and was developed to serve the purpose of converting binary to characters (“ASCII Table and Description”). Figure 6 shows the basic ASCII table.
  • 12. 12 To covert this base 10 or decimal number to binary repeatedly divide it by there is 0 left as the quotient. The remainder of each division step will comprise the binary number. For example, 1310 will divide by 2 as such: Number to be Divided by Quotient Remainder 13 6 1 6 3 0 3 1 1 1 0 1 Therefore, the binary representation of 1310 is 1011. To convert back, addition of powers of 2 is used. This can be written as 𝑎0  ∗  20 + 𝑎1  ∗  21 + ⋯ +  𝑎 𝑛  ∗  2 𝑛 where 𝑎𝑖 is the digits of the binary from right to left with 𝑎0  being the first value and 𝑎 𝑛 being the last value. So, for the binary representation 1011 can be converted as such: 1 ∗ 20 + 1 ∗ 21 + 0 ∗ 22 + 1 ∗ 23 . Hexadecimal or base 16 numbers are commonly used in cryptographical algorithms as well and will be discussed later in this paper. They are calculated from base 10 numbers in much the Figure 6, The ASCII Table (“ASCII Table and Description”)
  • 13. 13 same way as binary numbers are except instead of dividing a number by 2, the decimal number is divided by 16. This will result in possible remainders up to 15. To represent these values a, b, c, d, e, and f are used to represent the values 10, 11, 12, 13, 14, and 15. To convert back to decimal is very similar too. Instead of using powers of 2, powers of 16 are used. For example, 244 can be represented as f4 in hexadecimal. AES falls into a special family of symmetric ciphers called block ciphers. Instead of acting upon just one character at a time, characters are grouped into blocks and the whole block is operated upon. AES specifically acts upon 16 bytes of data at a time. A byte is a form of measurement in computer science made up of 8 bits of memory. A bit is the smallest form of computer memory and is represented in binary. If a number does not take up 8 bits of binary, that is it is 8 digits long in binary, then zeros are added to the left of the number until it is 8 digits long. AES manipulates these bits by applying what is known as an XOR operation, which can be denoted by the symbol ⊕ called XORing. This is essentially the addition of the values, often referred to as states, of the bits mod 2. 1 0 XOR 1 1 0 0 1 1 1 0 1 0 0 0 Now the steps for applying the AES cipher will be explained for a 128-bit key with the differences for larger key sizes explained later. The 128-bit key for AES is generated from a randomly generated 16-bit value. This value is first divided into sections each 4 bits long. To
  • 14. 14 generate the fifth portion of the key the first section is XORed to the fourth section. This value then has each of its component bits permuted one byte to the left so that the order of the bits would go from (1,2,3,4) to (2,3,4,1). After this is completed, the fifth section is run through a series of sub tables where it is additionally permuted and XORed based on the algorithms and values in the sub table. In 128-bit keys, the permutations and sub tables are only applied once every fourth iteration stating with the fifth iteration. To generate the sixth portion the fifth portion is XORed with the second. Likewise, the seventh is the outcome of the sixth being XORed with the third. This is done until the desired key length has been created. With each section representing 4 bytes and the initial four sections already having been created by the 16- bit random value this will take 28 total rounds to create. Figure 7 shows this process. For a 192- bit key the permutations and substitutions happen every six rounds instead of every four starting on with the fifth section. For 256-bit keys the permutations are done every fourth round, but the sub tables are done every eight rounds (Davies, 60-65). Figure 7, AES Key Generation (Davies, 65)
  • 15. 15 With the key generated now plaintext data can be encrypted and decrypted. The first 16 bytes of data are put into a 4x4 matrix with 1 byte making up each entry of the matrix moving down the columns first. This matrix is called the State. Because of the amount of space a matrix full of binaries numbers would take up, this is represented in hexadecimal though all the operations on the values will be binary operations. The same is done with the first 16 bytes of the key which is the entirety of a 128-bit key. First each byte in the state has the substitution table from the key creation applied to it (Davies, 68). Then, each row of the state is permuted. The first row remains the same, in the second row each byte is shifted to the right one entry, in the third each byte is shifted to the right two entries, and in the fourth row each byte is shifted to the right three entries (Davies, 69). The next step of AES is called column mixing. This is done through matrix multiplication, where each column of the state is multiplied by the following matrix given in Figure 8. Since the algorithm works with matrices, one would suppose that this would follow the rules of matrix multiplication that are typical to Linear Algebra where each row of this predetermined matrix is multiplied by the column of the state that is being mixed to generate a new 4x1 matrix representing the new column. However, this would require having to find the inverse of the above matrix which does not come out to having whole numbers (Davies, 70). Instead, the finite field or Galois field of order 28 denoted 𝐺𝐹 (28) is used (Wagner, 119). Figure 8, AES Column Mixing Matrix. Note that it is represented in hexadecimal instead of binary in this example to save space. (Davies 70).
  • 16. 16 To understand what a field is, one must first understand what a ring is and what properties it can have. A ring R is a set with two binary operations, addition, denoted 𝑎 + 𝑏, and multiplication, denoted ab, such that ∀𝑎, 𝑏, 𝑐 ∈ 𝑅: 1. Additive Commutativity: 𝑎 + 𝑏 = 𝑏 + 𝑎 2. Additive Associativity: (𝑎 + 𝑏) + 𝑐 = 𝑎 + (𝑏 + 𝑐) 3. Additive Identity: There ∃ 0 ∈ 𝑅 such that 𝑎 + 0 = 𝑎 4. Additive Inverse: There ∃ −𝑎 ∈ 𝑅 such that 𝑎 + −𝑎 = 0 5. Multiplicative Inverse: 𝑎(𝑏𝑐) = (𝑎𝑏)𝑐 6. Left and Right Distribution of multiplication over Division: 𝑎(𝑏 + 𝑐) = 𝑎𝑏 + 𝑎𝑐 and (𝑏 + 𝑐)𝑎 = 𝑏𝑎 + 𝑐𝑎 While multiplication in a ring does not need to be commutative, if it does, it is called a commutative ring. A ring also does not need to have a multiplicative identity either. A unity, 1, in a ring is a non-zero element of the ring that is a multiplicative identity, 𝑎 ∗ 1 = 1 ∗ 𝑎 =  𝑎. A non-zero element in a commutative ring with a unity may not have an inverse either, but if it does it is called a unit (Gallian, 245-246). Then, a field is then a commutative ring with a unity in which every non-zero element is a unit. (Gallian, 257). A finite field is a field whose set is a finite set. For any prime integer p and any integer 𝑛 ≥  1 , there is a unique field with 𝑝 𝑛 elements in it, denoted 𝐺𝐹(𝑝 𝑛 ). The elements of these fields are defined by polynomials with degree 𝑛 − 1 and the coefficients of which are elements of  𝐙 𝑝. The multiplication of these polynomials is done like normal polynomial multiplication except that the coefficients of the polynomials are 𝑚𝑜𝑑(𝑝) since the coefficients are in 𝐙 𝑝. For example, if the term in question was 7𝑥2 and the 𝑝 value was 2, then this term would become 1𝑥2 . In 𝐺𝐹 (28), the multiplications of the polynomials can lead to the existence of a
  • 17. 17 polynomial that is degree 14. To do this, it is divided by an irreducible polynomial that exists within the finite field. An irreducible polynomial is a polynomial that is not the product of two other polynomials within the field. The remainder of this division is the final value of the multiplication. For AES the irreducible polynomial chosen for the division is 𝑥8   +  𝑥4   +  𝑥3   +  𝑥  +  1. This method of multiplication replaces the normal method of multiplication for matrices for AES. The binary values within each entry of the matrix are converted into polynomials. The zero or one values become the coefficients of the polynomial. For example, 10101100 would become 𝑥7 + 𝑥6 + 𝑥3 + 𝑥2 . Once each column is multiplied by the matrix from Figure 8, then the column mixing step is finished (Wagner, 120). The last step of encryption then is XORing the 16 bytes within the state to a 16-byte section of the key generated earlier called a round key. This completes one round of encryption for the first 16 bytes of data. Each set of 16 bytes goes through 10, 12, or 14 rounds of this encryption based on whether it is a 128-bit, 192-bit, or 256-bit version or the cipher. On the last round the column mixing step is skipped (Davies, 70). To decrypt, first a round key is selected from the key just as in the encryption stage. This followed by the undoing the permutation of the rows, the substitution table and the mixing of the columns. This is repeated for the number of same rounds required to encrypt. On the last round the mixing of the columns is again skipped (Davies, 74-75). Hashing Algorithms These features work great for sending and receiving data, but they do not inform the users whether the message itself is an authentic message. Rather these algorithms merely conceal the data. The solution to this problem are one-way hash functions. A hash function 𝐻(𝑀) is a
  • 18. 18 function that takes in a message 𝑀 of any length and converts it into a hash value of fixed length h (Schneier, 429). A hash function has certain properties (Schneier, 429): 1. Given 𝑀, it is easy to compute 𝐻(𝑀), that is the function uses simple computational techniques and can be done quickly. 2. Given h, it is hard to compute 𝑀 such that 𝐻(𝑀) = ℎ, that is the function is one way. 3. Given 𝑀, it is hard to find another message 𝑀' such that 𝐻(𝑀) = 𝐻(𝑀' ), that no two messages have a high probability of having the same hash value. This is also called collision resistance. One of the main families of hash functions today are the Secure Hash Algorithm (SHA). It was developed by the National Security Agency (NSA) and NIST. SHA-1, the first of the SHA hash algorithms created, produced hash value is a 160-bit value. While presently SHA-1 is no longer secure, it is quite well documented and has an easy-to-follow algorithm, so it will be used as an example (Schneier, 442). To begin the algorithm, the text of the message to be hashed is transformed into binary with each character representing one byte. These binary bytes are then appended to form one long string of binary. A single 1 is added to the end of this string. Then zeros are added to the end of the message to make it have a length of 448 𝑚𝑜𝑑(512). The length of the message before it was transformed into binary is also turned into binary. Zeros are then added to the beginning of that binary number until it is 64 bits long. These two strings of binary are then appended together with the message binary being first (Schneier, 442). This message is then broken down into sub-messages, each 512 bits in length. SHA operates on each of its 512-bit messages 80 times. The operation number 𝑡 is denoted 𝑡  =  0 to 79 (this value of 𝑡 will be referenced in future functions). Five 32-bit sets of binary keys in SHA are set to be used as initial values for the algorithm’s calculation. Because
  • 19. 19 each of those values would each be 32 characters long, they are going to be listed below in hexadecimal: H0 67452301 H1 efcdab89 H2 98adcfe H3 10325476 H4 3d2e1f0 Next the original message 𝑀 is broken up into 16 sections, called words, denoted 𝑀0, 𝑀1, 𝑀2, … … , 𝑀15 (Schneier, 443). A total of 80 words are needed for the operation and they are generated by the following function (Schneier, 443): 𝑊𝑡 = { 𝑀𝑡  𝑓𝑜𝑟 0 ≤  𝑡  ≤  15 𝑆1 (𝑊𝑡−3 ⨁ 𝑊𝑡−8⨁ 𝑊𝑡−14⨁𝑊𝑡−16) 𝑓𝑜𝑟 16 ≤ 𝑡 ≤ 79 The function 𝑆 𝑛(𝑋) is a left circular shift operation on the binary string that is an input by n places. This means that each of the digits of a binary number are shifted to the left n times (“US Secure Hash Algorithm 1 (SHA1)”). For example, 𝑆2 (10010011) = 01001110. Next the function that will be used to produce the end hash value will be explained. But first, some new binary operations that have not yet been explained must be described. They are the AND (⋀), and OR (⋁), binary operators and they are described in the table below: 1 0 AND OR 1 1 1 1 0 1 0 1 1 0 0 1 0 0 0 0
  • 20. 20 Additionally, the unary operator NOT(¬) inverses the state of the bit, meaning a 0 becomes a 1 and a 1 becomes a 0. These operations are used within the function used to generate new binary values each round. It is defined as (Schneier, 443): 𝑓𝑡(𝑋, Y, Z) = { (𝑌 ∧ X) ∨ (( ¬X) ∧ Z) 𝑓𝑜𝑟 0 ≤ 𝑡 ≤ 19 𝑋 ⨁ 𝑌 ⨁ 𝑍 𝑓𝑜𝑟 20 ≤ 𝑡 ≤ 39 (𝑋 ∧ 𝑌) ∨ (𝑋 ∧ 𝑍) ∨ (𝑌 ∧ 𝑍) 𝑓𝑜𝑟 40 ≤ 𝑡 ≤ 59 𝑋 ⨁ 𝑌 ⨁ 𝑍 𝑓𝑜𝑟 60 ≤ 𝑡 ≤ 79 Another function of constant binary values 𝐾𝑡 must be defined that will be used during each round. Again, because of the length that these binary values would be, they are being represented in hexadecimal (Schneier, 443): 𝐾𝑡 = { 5𝑎827999 𝑓𝑜𝑟 0 ≤ 𝑡 ≤ 19 6𝑒𝑑9𝑒𝑏𝑎1 𝑓𝑜𝑟 20 ≤ 𝑡 ≤ 39 8𝑓1𝑏𝑏𝑐𝑑𝑐 𝑓𝑜𝑟 40 ≤ 𝑡 ≤ 59 𝑐𝑎62𝑐1𝑑6 𝑓𝑜𝑟 60 ≤ 𝑡 ≤ 79 Now that all the background information of the algorithm is defined, the actual algorithm itself can be outlined. The first step, before the rounds start, is defining five variables to help keep track of current values. They are: 𝑎 =  𝐻0,  𝑏 =  𝐻1, 𝑐 =  𝐻2, 𝑑 =  𝐻3, and 𝑒 = 𝐻4. Another variable called 𝑡𝑒𝑚𝑝 with also be defined and all the words for each message are generated. The second step is to begin the 80 rounds on the first message, where the first round is considered round 0. Each round will follow the following algorithm (Schneier, 443): 1. 𝑡𝑒𝑚𝑝 = ( 𝑆5 +  𝑓𝑡(𝑏,  𝑐,  𝑑) + 𝑒 + 𝑊𝑡 + 𝐾𝑡) 𝑚𝑜𝑑(232  ) 2. 𝑒 = 𝑑 3. 𝑑 = 𝑐 4. 𝑐 = 𝑆30 (𝑏) 5. 𝑏 = 𝑎 6. 𝑎 = 𝑡𝑒𝑚𝑝
  • 21. 21 If there is more than one message, step 2 is repeated, with 𝑎, 𝑏, 𝑐, 𝑑, and 𝑒 remaining whatever values they held in the previous iteration. Once all the messages have been processed, 𝑎, 𝑏, 𝑐, 𝑑, and 𝑒 are added 𝑚𝑜𝑑(232) to 𝐻1, 𝐻2, 𝐻3, 𝐻4, and 𝐻5 respectively (“US Secure Hash Algorithm 1 (SHA1)”). The results of these additions are transformed into hexadecimal and concatenated together to form the requested 160-bit hash value. Why is SHA-1 no longer considered to be secure? Well, it is because collisions were found, meaning that two different files had the same hash value after being run through the algorithm (Konheim, 296). As defined before, this makes the algorithm very weak as it is longer certain that the file was not manipulated. In 2005 they had been determined collisions to be possible. By 2009 they had been found to occur relatively easily (Konheim, 296). The mathematics of computer networking is far reaching, and this paper has barely scratched the surface. Many fields of mathematics are encountered when working with computer networks. Graph theory and cryptography are used to protect computer networks from attackers with abstract algebra being the basis for many of the algorithms used. This is so important today due to our increasing reliance on technology in our day to day lives. Without these mathematical algorithms, computer networks would be prone to failing, and everything we send over them would be completely unprotected. And with computers getting increasingly more powerful and prevalent across the globe, the need for more forms of protective algorithms like these will become increasingly more necessary.
  • 22. 22 Works Cited “ASCII Table and Description.” ASCIITable.com. Web. 12 Nov. 2018. <http://www.asciitable.com/>. Ciampa, Mark D. Security+ Guide to Network Security Fundamentals. 6th ed. Boston: Cengage Learning, 2018. Print. Cozzens, Margaret, and Steven J. Miller. The Mathematics of Encryption: An Elementary Introduction. Vol. 29. Providence: American Mathematical Society, 2013. Print. Cycles. Digital image. TutorialsPoint.com. 2018. Web. 13 Oct. 2018. <https://www.tutorialspo int.com/graph_theory/images/connectivity.jpg> Davies, Joshua. Implementing SSL/TLS Using Cryptography and PKI. Indianapolis: Wiley, 2011. Print. Finston, David, and Patrick Morandi. An Introduction to Abstract Algebra via Applications. Las Cruces, NM: New Mexico State U, 2007. Print. Forouzan, Behrouz A. Introduction to Cryptography and Network Security. New York: McGraw Hill, 2008. Print. Gallian, Joseph A. Contemporary Abstract Algebra. 8th ed. Boston, MA: Brooks/Cole Cengage Learning, 2013. Print. Guichard, David, and Patrick Keef. "The Euler Phi Function." The Euler Phi Function. Whitman College Web. 16 Oct. 2018. Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World. Englewood Cliffs: Prentice Hall, 2011. Print. Keshav, Srinivasan. Mathematical Foundations of Computer Networking. New York: Addison- Wesley, 2012. Print.
  • 23. 23 Konheim, Alan G. Hashing in Computer Science: Fifty Years of Slicing and Dicing. Hoboken: John Wiley & Sons, 2010. Print. Odom, Wendell. Cisco CCENT/CCNA ICND1 100-101 Official Cert Guide. Indianapolis: Cisco, 2013. Print. Stallings, William. Cryptology and Network Security: Principles and Practices. 2nd ed. Upper Saddle River: Prentice-Hall, 1999. Print. Tetz, Edward. "Spanning Tree Protocol (STP) Introduction." Dummies.com. John Wiley & Sons, Inc., 2011. Web. 31 Aug. 2018. <https://www.dummies.com/programming/networking/cisco/spanning-tree-protocol-stp- introduction/>. Tree. Digital image. UCDenver.edu. University of Colorado Denver. Web. 13 Oct. 2018. <http://www-math.ucdenver.edu/~wcherowi/courses/m4408/gtln8p1.gif> “US Secure Hash Algorithm 1 (SHA1).” IETF Tools. Sept. 2001 Web. 09 Nov. 2018. <https://tools.ietf.org/html/rfc3174#section-4>. Wagner, Neal. The Laws of Cryptography. 2003. Print.