This document provides an overview of cryptography techniques. It discusses modern cryptography methods like DES and DSA, how cryptography is used in applications like VPNs and secure web browsing. It also summarizes Windows authentication methods used in operating systems from Windows NT to Windows Server 2012, and the Kerberos authentication protocol.
Information and network security 31 public key cryptographyVaibhav Khanna
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, and private keys. The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way function
Information and network security 31 public key cryptographyVaibhav Khanna
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, and private keys. The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way function
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient.
its all about cryptography introduction ......
not at advanced level but you can know basics of what actually cryptography is ...eliminating history and going to the point
This presentation will show you the basics of cryptography.
Main topics like basic terminology,goals of cryptography,threats,types of cryptography,algorithms of cryptography,etc. are covered in this presentation.If you like this presentation please do hit the like.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
This presentation consists of the Seminar, provided by me in the partial fulfillment of my Bachelors Degree in G B Pant Engineering College. Seminar included information about Encryption, Decryption, Cryptosystems and Authenticity in crytosystem.
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks so that it cannot be read by anyone except the intended recipient.
its all about cryptography introduction ......
not at advanced level but you can know basics of what actually cryptography is ...eliminating history and going to the point
This presentation will show you the basics of cryptography.
Main topics like basic terminology,goals of cryptography,threats,types of cryptography,algorithms of cryptography,etc. are covered in this presentation.If you like this presentation please do hit the like.
Cryptography and network security Nit701Amit Pathak
Cryptography and network security descries the security parameter with the help of public and private key. Digital signature is one of the most important area which we apply in our daily life for transferring the data.
This presentation consists of the Seminar, provided by me in the partial fulfillment of my Bachelors Degree in G B Pant Engineering College. Seminar included information about Encryption, Decryption, Cryptosystems and Authenticity in crytosystem.
From the last several years data and Security has become a main concern for anyone who connected to the internet. Data security prevents any modification in our data and ensures that our data is only accessible by the intended receiver. We have redeveloped methods and algorithm to achieve this level of security. Cryptography Is a technique for securing data, information and communication using some algorithms that make the data unreadable for human eye. We can decrypt the data using algorithm that is predefined by the sender. Devendra Kumar Meena | Dr. A. Rengarajan "Cryptography Methodologies" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-6 , October 2022, URL: https://www.ijtsrd.com/papers/ijtsrd52232.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/52232/cryptography-methodologies/devendra-kumar-meena
Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...editor1knowledgecuddle
Today is the era of Internet and networks applications. So,Information security is a challenging issue in today’s technological world. There is a demand for a stronger encryption which is very hard to crack. The role of Cryptography is most important in the field of network security. There is a broad range of cryptographic algorithms that are used for securing networks and presently continuous researches on the new cryptographic algorithms are going on for evolving more advanced techniques for secures
communication. In this study is made for the cryptography algorithms, particularly algorithms- AES, DES, RSA, Blowfishare compared and performance is evaluated. Also some enhanced algorithms are described and compared with the enhanced algorithms.
Keywords - AES, DES, BLOWFISH, Decryption, Encryption, Security
Survey of Hybrid Encryption Algorithm for Mobile Communicationijsrd.com
To enhance the security of data transmission in Mobile communication, a hybrid encryption algorithm based on DES and RSA is proposed. The currently used encryption algorithm employed to protect the confidentiality of data during transport between two or more devices is a 128-bit symmetric block cipher. In the proposed hybrid encryption algorithm, DES algorithm is used for data transmission because of its higher efficiency in block encryption, encryption speed of DES algorithm is faster than RSA algorithm for long plaintext, and RSA algorithm distribute key safely and easily also RSA algorithm is used for the encryption of the key of the DES because of its management advantages in key cipher. Under the dual protection with the DES algorithm and the RSA algorithm, the data transmission in mobile communication system will be more secure. Meanwhile, it is clear that the procedure of the entire encryption is still simple and efficient. Digital abstract algorithm MD5 is adopted in this mechanism. Through comparing the digital signature which is transmitted by dispatcher and digital signature result of plaintext which is got by receiver through MD5 algorithm, data security can be guaranteed. This mechanism realizes the confidentiality, completeness, authentication and non- repudiation.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
2. CRYPTOGRAPHY
2
INDEX
P.no
Abstract 3
1. Cryptography 3-7
a) Modern Methods of Cryptography 4
(i) DES 4
(ii) DSA 5
b) Usage in I.T Industry 7
2. a) Application of Cryptographic Techniques in Computing 7
b) Cryptography Used in SET on Web Browser 8
c) Cryptography in VPN 9
3. Windows Authentication 9-12
a) Win NT 10
b) Win 2000 10
c) Win Server 2003 11
d) Win Server 2008 11
e) Win Server 2012 12
f) Difference between Integrated Windows Authentication and Logon
Authentication 12
4. Kerberos Protocol 12-14
a) Description of Kerberos Protocol 12
b) Time Synchronization in Kerberos Protocol 14
3. CRYPTOGRAPHY
3
ABSTRACT:
Primarily Computer Networks are used by University Researchers for sending e-mails and by co-operate
company employees for sharing printers. At this stage there is no problem for security attention. Now-a-days
millions of ordinary citizens using networks for banking, online shopping, e-booking, etc. Due to this
network security became the massive problem. To overcome come this problem many security techniques
are came into existence, in those techniques Cryptography is the one of the important technique for
securing the data or information from the particular source to required destination. These are of many
types and in this report we know about few methods of cryptography and their functioning.
1. CRYPTOGRAPHY:
The word Cryptography comes from t he Greek word and it means “Sec ret Writing”. Cryptography is
a process which encrypts the original data into cipher text by using key and this cipher text is decrypted at
the other end by using key and these keys are called session keys which includes Public and Private Keys.
Protection of Data or Information:
Cryptography protects the data only, owner and other person who got access from owner can view the
data. When the private information is encrypted and transmitted across the internet and stored on a
server, it which allows only required persons to see the data who have key. Cryptography protects data
Confidentially, Integrity,Availability,Authenticity and Non-repudiation
For example, Sender sends plain text to the Receiver, the below diagram describes about the transmitting
of data between sender and receiver. At first, Sender sends the plain text which is encrypted into cipher
text using key is nothing but Encryption and it passes through network at last reaches the proper
destination. Here, at the Receiver cipher text converts into original plain text using key is nothing but
Decryption.
4. CRYPTOGRAPHY
4
a) MODERN METHODS IN CRYPTOGRAPHY:
Many modern methods are come into existence in cryptography, now discussing two methods of
cryptography and their theory of operation.
(i) Data Encryption Standard (DES):
DES is designed by IBM in 1976 by National Bureau of Standards (NES), which got approval from National
Security Agent (NSA). In the year 2000 DES is used in the standard encryption process later from 2001
AES is replaced by DES.
Theory of Operation:
DES uses a symmetric key for both encryption and decryption of data; it is a one type of algorithm which
takes a fixed length string of 64-bits plain text, it performs a series of complicated operations to convert
the plain text into cipher text of same length at a time. The key is of 64-bits in it 56-bits are meant for
encryption and decryption process, the person who holds this 64-bit key can perform the encryption and
decryption of data. The remaining 8-bits of key are used for the purpose of parity check and later on it is
not used or discarded. Key is transmitted as 8 bytes and each consists of odd parity. 16 rounds are
included in DES process in which 16 intermediate keys is included which carries 48-bits each.
5. CRYPTOGRAPHY
The above diagram the total process consists of three phases and it describes about functioning of initial
permutation on entire DES structure consists of 64-bit block of data and it splits into 32-bit sub blocks
which are passed through rounds as shown in figure. Each round is identical which includes 16 rounds, the
security algorithm is increased and temporary efficiency is decreased. At the 16th round, the 32-bit output
quantities are swapped by using functions which combines the text and the output of final permutation is
64-bit cipher text.
5
Key Structure:
Initially, 56-bits keys are selected from 64-bits permuted choices, algorithm generates some sub keys.
The below diagram tells about key function and it includes-
1. Key is then splits into two 28-bits and processed alternatively. In each round, both halves are rotated
left by one or two bits and then 48-bit sub key is selected by permuted choice. The 8-bits are used by
parity checker.
2. The key schedule is same for decryption.
Strengths of DES:
DES uses 54 bit key for encryption, there are 256 possible keys. An attack on such number of keys
is impossible.
It is tough to find the weakness of DES.
Weakness of DES:
The purpose using IP and FP not clearly described.
Instead of 64-bits only 56-bits are used.
The designing of cipher have some defects.
(ii) Digital Signal Algorithm (DSA):
DSA is a United States Federal Government standard for digital signatures. It was proposed by the
National Institute of Standards and Technology (NIST) in 1991 for use in their Digital Signature Standard
(DSS), specified in FIPS 186 in 1993.
Theory of Operation:
DSA is one type of asymmetric cryptography where both public and private keys are used for transmitting
the data from sender to receiver. Many organizations across the world use digital systems for transmitting
the electronic data among them in a secured manner.
The below diagram explains life cycle of document which includes digital signature. This technique is
slower but reliable because there no chance for data loss. The main requirement for the organizations is
6. CRYPTOGRAPHY
paper work which is transmitted digitally and the main fundamental principle is to validate the data by
assigning digital signature.
The procedure for digital signature is simple which ensures authenticate of documents transferring
themselves and stored with computer tools. The digital signature of electronic document having the
following requirements:
Authenticity: At the Receiver, it verifies the identity of the sender.
Non-repudiation: The sender c an’t delay the signature doc ument.
Integrity: The receiver is unavailable to modify the signed document which is sent by non-authorized
6
user.
Digital signature is generated based on asymmetric key pair, the private key is used by the owner and it is
not shared used to generate digital signature for specific document, for verification purpose the public key
is used to authenticate the signature. The digital signature consists of three algorithms:
The algorithm generates a pair of key (PK, SK) where PK is public key and SK is secret key, this
key pair is used to sign in the document.
In Signature algorithm, sender sends message ‘m’ and the private key gives signature as ‘x’.
In verifying algorithm, it verifies the incoming data and signature with public key. At this stage it
accepts or rejects the signature.
The document is sign in with private key and its signature verified with public key. Once security is given
to document it is impossible to reconstruct the private key even though both keys are uniquely connected.
Process:
The original data is enc rypted by using one way hash func tion with the user’s privat e key. The following
steps are involved in digital signal processing:
The user send the document or a file which is encrypted using the hash function here 256 bits SHA
is used, when the owner uses private key to sign in then the sign is calculated with come hash
functions, it also generates come control codes on document.
Once the hash get calculated then it is impossible to get it back so the hackers cannot hack the
transmitting documents or file without private key.
On the receiver side, the data is decrypted using same hash algorithm with public key, it also
compares with the new hash and previous hash functions. If they both match then user can sign in
to the document.
7. CRYPTOGRAPHY
The above diagram explains about the hash values and how the data is transmitted between user A and
user B using hash algorithm.
7
Strengths of DSA:
Reduces the time and cost when compared to other algorithms.
High level of efficiency operations is done.
High data quality with long term storage of files.
Weakness of DSA:
DSA signatures are much shorter than RSA (Rivest-Shamir-Adleman) algorithm, because DSA
signature consist 56-bits and RSA signature consist 2048-bits.
The strength of verifying in DSA is slower when compared to RSA.
b) USAGE IN I.T INDUSTRY:
The Digital Signature Algorithms are used in reputed Organizations and multiple companies with
sub offices, to transfer the confidential information across them with the help of digital signatures.
The Data Enc ryption Standards are used in bank ATM’s for transac tions with help of pin number,
person can perform the transactions; once it matches with the pin already existed in required bank
portals.
Reference:
http://www.creativeworld9.com/2011/04/abstract -and-full-paper-on-network_13.html
http://www.cs.ust.hk/faculty/cding/COMP364/SLIDES/readdes.pdf
http://www.facweb.iitkgp.ernet.in/~sourav/DES.pdf
https://www.lri.fr/~fmartignon/documenti/systemesecurite/4-DES.pdf
http://www.herongyang.com/Cryptography/DSA-Introduction-What-Is-DSA-Digital-Signature-
Algorithm.html
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
http://securityaffairs.co/wordpress/5223/digital-id/what-is-a-digital-signature-fundamental-principles.html
2. a) APPLICATION OF CRYPTOGRAPHIC TECHNIQUES IN COMPUTING:
User Authentication: When the user uses their password on the network for login purpose and then
cryptography authentication techniques are used which gives high security to the password, like
generating one time verification codes here user authentication uses public or private keys.
Hardware and Software Implementation: The hardware devices used in computer like electronic
chips, ROM protected processors are implemented by cryptography and controlled by software,
instead of by passing the data, the software is protected by cryptography techniques it ensures the
hardware and gives correct information.
Transferring Files on Network: Files are transmitted between one user to other on network and
data should be protecting against the attackers. The sender sends the file, it is encrypted and the
encrypted file is sent to receiver. Symmetric key is used it means only one key is used for both
encryption and decryption. To dec rypt the file, the system c omponent driver’s users their private
8. CRYPTOGRAPHY
Key to decrypt the symmetric key which is used to encrypt the file, now the encrypted file system
component drivers uses symmetric key to decrypt the file by other user on network.
8
b) CRYPTOGRAPHY IS USED ON SECURITY ELECTRONIC TRANSACTION (SET) ON THE WEB:
Secured Electronic Transactions (SET) is one type of protocol which is used for the purpose of transactions
on networks which are not secured and these are mainly used in banking sectors for online transactions
done with credit cards.
There are various technologies are used to secure the web browsers as SSL, HTTPS, SSH and IPsec:-
SSL: SSL stands for Socket Secure Layer. SSL is a one type of protocol which consists of
certificates that are used to secure the data transmitting between the user and server, without
certificates if data is transferred then there is a chance to hack the data. The below diagram tells
about the interaction between browser and the server.
When the browser requests the SSL and server responds along with session keys which is encrypted with
SSL public key and sends back to server, now the browser and server start s talking with each other and
the pages are transmitted securely.
HTTPS: HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. HTTPS by default
uses port 443.The URL's beginning with HTTPS indicate that the connection is encrypted using SSL.
The below figure tells us about the working of HTTPS and it is implemented by SSL and these SSL
certificates are purchased by HTTPS and installed in web server to identify the type of business
using to encrypt the sensitive data like Credit card information, SSL consists of certificates which
gives permission to communicate securely to its web customers, HTTPS process done in transport
layer.
HTTPS is recognized easily by seeing lock symbol in the security status bar, we can click on it to
view the identity of website. Mainly HTTPS uses SSL certificates for communication purpose to
secure the data from client to server and vice versa.
SSH: SSH stands for Secure Shell, it is a one type of cryptographic network protocol which is used
to transfer the data securely. User can login to the other system under same network as remote
login to transfer the files from one system to other through SSH server. SSH a use automatically
9. CRYPTOGRAPHY
generated public key or private key cryptography to login remote system and encrypts the network
connection then uses the password to login.
IPSEC: IPSEC stands for Internet Protocol Security, it works under network layer to secure the
internet traffic inside the IP. Cryptography technique used to protect the IP packets and the
protection of this packet includes confidentially, authentication and integrity.
9
c) CRYPTOGRAPHY USED IN VPN:
VPN stands for Virtual Private Network and it is the combination of both public network and private
network. Data transmitting between both the networks can handle by remote user; the data is encrypted
for security purpose. The below diagram tells us about the virtual network.
The encryption techniques used for transferring the data they are:
DTLS: It stands for Datagram Transport Layer Security, these are used in open connect VPN and
solves the problem occurred by SSL.
MPPE: It stands for Microsoft Point-to-Point Encryption; the data is encrypted using point-to-point
protocol. 128-bit key, 56-bit key are supported for encrypting the data. In this the data is not
compressed but the protocol is used as node between the PPP and VPN links.
http://airccse.org/journal/nsa/1111nsa06.pdf
http://www.isaca.org/Journal/Past-Issues/2000/Volume-6/Pages/Secure-Electronic-Transaction-SET-Protocol.
aspx
http://www.slideshare.net/kagoil235/cryptography-and-ecommerce
http://www.slideshare.net/ijnsa/a-secure-electronic-payment-protocol-for-wireless-mesh-networks?
qid=8c68ca76-307f-4992-b506-eed2a2267bcc&v=qf1&b=&f rom_search=10
http://www.infosecwriters.com/text_resources/pdf/Cryptosystems_SecureWebBrowse rs.pdf
https://samsclass.info/122/ppt/ch09.ppt
https://www.evsslcertificate.com/ssl/description-ssl.html
http://en.wikipedia.org/wiki/Secure_Shell
http://en.wikipedia.org/wiki/Virtual_private_network
3. WINDOWS AUTHENTICATION:
Windows authentication is a process to secure the data that is transmitted from client to server on the
network. Once you enable the windows Authentication, the username and password given by the client
are strongly hashed with cryptographic techniques and send on the network for secure browsing. Windows
Authentication is suitable mainly in private networks knows as Intranet by following conditions:
All computers and web servers are being in one domain.
Administrator can confirm every client using same browser like Internet Explorer.
NTLM are not supported by the HTTP proxy connections and mostly they are not required.
10. CRYPTOGRAPHY
a) NT Authentication at Logon:
Compare to other authentication methods, Windows NT authentication method is much complex it
encrypts the username and password, which also held multiple communications between client and server.
Passwords are not transmitted across the network and user credentials are automatically given once the
users log on this are the benefits in Windows NT.
When the user logon to Windows NT with the help of username and password, it requests to LSA which is
responsible by Local Security Authority policy to verify the credentials authentication, it gets permission
from Local SAM (Security Accounts Manager) database and gets access for the tokens to logon. This all
process runs through Win logon. The below figure describes about the logon process of Windows NT.
Protocol Used:
The three different protocols Windows NT they are NetBIOS/NetBEUI, TCP/IP and PPTP. Here a brief
description about TCP/IP.
TCP/IP: It stands for Transfer Control Protocol/ Internet Protocol which is developed by DARPA (Defense
Advanced Research Project Agency) for network connect ions. Users connected to internet using this
protocol in Win NT, without this protocol users c an’t c onnec t to internet and it also used as interac tion
between the operating system and hardware platforms like router.
10
b) Windows 2000 Authentication at Logon:
Windows 2000 authenticates is varied whether the user logging from domain or local computer. Domain
Logon: When the user tries to logon on domain the information provided by the user like username and
password are given to domain controller, if the domain have the copy of user then it is validated if not
denied.
Local Computer Logon: When the user tries to logon on local computer then the information provided by
user like user name and password are given to security subsystem of local computer which is operated by
local security database, if the information exist then it is validated if not denied.
Protocols Used:
11. CRYPTOGRAPHY
11
Different types of protocols are used in windows 2000 for the authentication purpose as listed below:
Password Authentication Protocol (PAP)
Shiva Password Authentication Protocol (SPAP)
Challenge Handshake Authentication Protocol (CHAP)
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
Extensible Authentication Protocol (EAP)
c) Windows Server 2003 Authentication at Logon:
In Windows server 2003 all the users should logon to the computer and their identity should be validated
for the authentication and the authorised users will get access to the resources. There are two types of
interactive logon in server 2003 as shown below,
When the user not joined to the active directory domain then they can logon to the unjointed
computer with local account.
When the user joined to the active directory domain then they can log on with local account or
domain account.
Protocols Used:
The protocols used in Windows server 2003 for authentication purpose as listed below;
Kerberos v5
NTLM
SSL/TLS (Secure Socket Layer/Transport Layer Security)
d) Windows Server 2008 Authentication at Logon:
Windows Server 2008 logon process includes security components in windows security compare to
previous Windows servers; these security policies keep the track record of account logons for security
purpose; any organisations can also logon to other systems which are located in sub areas as remote
computers with host servers contains Remote Desktop Protocol(RDP). Logon page interacts with the LSA
(Local Security Authority) to communicate with Remote authentication sources such as Domain Controller.
12. CRYPTOGRAPHY
12
Protocols Used:
The protocols used in Windows Server 2008 for authentication as listed below;
SSL (Secure Socket Layer)
RDP (Remote Desktop Protocol)
TCP/IP (Transmission Control Protocol/Internet Protocol)
Kerberos V.5 protocol
e) Windows Server 2012 Authentication at Logon:
User should mention login information like username and password to login in windows server 2012 and
these details are used for authentication to user access in local computer under same domain, the
certificates gives access to user to login which are stored in active directory, now the User can also have
access to local network through same domain and get authenticated.
Protocols Used:
The protocols used in Windows Server 2012 for authentication are:
SMB (Server Message Block)
RDP (Remote Desktop Protocol)
f) Difference between Integrated Windows Authentication and Logon Authentication:
Integrated Windows Authentication Logon Authentication
1. This type of Authentication is more
secure the username and password given
by user are encrypted with hash
algorithms and sent through the network.
2. Windows Authentication is best for
internet environment because both client
and server are in same domain.
3. It supports two authentication
protocols like Kerberos and NTLM (NT
LAN Manager).
1. This type of Authentication is not secured
because the username and password are not
encrypted.
2. Logon Authentication is used mainly in
Industry to collect username and passwords.
3. It supports SSL for authentication.
http://en.wikipedia.org/wiki/Windows_NT_startup_process
http://technet.microsoft.com/en-us/library/hh831360.aspx
4. KERBEROS PROTOCOL:
Kerberos is one type of protocol which is used for providing strong network authentication between the
client and server using symmetric key cryptography. Many protocols are used in Internet for security
purpose because it is an insecure place, but them fails to give security whereas Kerberos protocol gives
strong network security, here client and server using Kerberos to prove their identity.
13. CRYPTOGRAPHY
a) Description of Kerberos Protocol:
This protoc ol works as ‘tic kets’ for the c ommunic ation purpose, the below diagram gives brief description
how the protocol works and these even includes Authentication Server (AS) request from the client to get
Ticket Granting Ticket (TGT), the combination of both TGT and AS is nothing but Key Distribution Center
(KDC) which encrypts the users password using secret key and it is controlled by Domain Controller as
shown below,
The description of Kerberos Protocol includes eight steps, now we are going to look those steps with the
help of diagrams:-
Step-1: client sends a request to AS to verify the username and the password is encrypted with security
key.
Step-2: After verifying AS issues to client who includes time stamp and the session having expiry date like
8 hours.
13
Step-3: In this, request sent back to the client using TGT consist of tickets, as shown below.
Step-4: In this step the authentication is done for the client by submitting the TGT to Ticket Granting
Server (TGS).
Step-5: TGS creates an encrypted key with the time stamp of 8 hours and got permission to the client to
use a ticket.
14. CRYPTOGRAPHY
Step-6: At this step, the client decrypts the ticket and sends acknowledgement (ACK) says that user got
the ticket to TGS.
Step-7: At this stage, the client sends encrypted key to service server as shown below in figure, now in
server it decrypts the key to check the validation of time stamp. If it is validated then service server
directly contacts KDC to get a session between client and the server.
Step-8: At this step, the client checks whether the validation and decrypt s the key, then connection is
initiated between client and server for communication purpose. Now the client is authenticated until the
session expires.
14
b) TIME SYNCHRONISATION IS IMPORTANT FOR KERBEROS:
The authentication is based on time stamp of tickets in Kerberos protocol and as we discussed
before there is a short life time for tickets which issued by TGT in order to prevent the hackers to
perform any hacking process.
Accurate clock synchronization is there on Kerberos servers, if your clock not synchronized at
certain time intervals then Kerberos shows fatal errors.
If user allows clock on to the server and they themselves makes their network as platform for the
attackers it causes loss in their vulnerability.
Since to overcome these malware activities, time synchronization plays a vital role to provide
security of the Kerberos protocol.
http://tldp.org/HOWTO/Kerberos-Inf rastructure-HOWTO/time-sync.html
http://en.wikipedia.org/wiki/Kerberos_(protocol)#Description
http://web.mit.edu/kerberos/
http://www.slideshare.net/RakeshRajgopal/rakesh-raj?qid=c929c8b1-be01-408c-8de3-
4534487920c7&v=default&b=&from_search=12