Vishalya Dulam, profile picture
Uploaded byVishalya Dulam
DOCX, PDF814 views

Cryptography

This document provides an overview of cryptography techniques. It discusses modern cryptography methods like DES and DSA, how cryptography is used in applications like VPNs and secure web browsing. It also summarizes Windows authentication methods used in operating systems from Windows NT to Windows Server 2012, and the Kerberos authentication protocol.

Embed presentation

Download to read offline
CRYPTOGRAPHY 1 W1-CRYPTOGRAPHY Presented By Vishalya Dulam AVONMORE TERITARY INSTITUTE
CRYPTOGRAPHY 2 INDEX P.no Abstract 3 1. Cryptography 3-7 a) Modern Methods of Cryptography 4 (i) DES 4 (ii) DSA 5 b) Usage in I.T Industry 7 2. a) Application of Cryptographic Techniques in Computing 7 b) Cryptography Used in SET on Web Browser 8 c) Cryptography in VPN 9 3. Windows Authentication 9-12 a) Win NT 10 b) Win 2000 10 c) Win Server 2003 11 d) Win Server 2008 11 e) Win Server 2012 12 f) Difference between Integrated Windows Authentication and Logon Authentication 12 4. Kerberos Protocol 12-14 a) Description of Kerberos Protocol 12 b) Time Synchronization in Kerberos Protocol 14
CRYPTOGRAPHY 3 ABSTRACT: Primarily Computer Networks are used by University Researchers for sending e-mails and by co-operate company employees for sharing printers. At this stage there is no problem for security attention. Now-a-days millions of ordinary citizens using networks for banking, online shopping, e-booking, etc. Due to this network security became the massive problem. To overcome come this problem many security techniques are came into existence, in those techniques Cryptography is the one of the important technique for securing the data or information from the particular source to required destination. These are of many types and in this report we know about few methods of cryptography and their functioning. 1. CRYPTOGRAPHY: The word Cryptography comes from t he Greek word and it means “Sec ret Writing”. Cryptography is a process which encrypts the original data into cipher text by using key and this cipher text is decrypted at the other end by using key and these keys are called session keys which includes Public and Private Keys. Protection of Data or Information: Cryptography protects the data only, owner and other person who got access from owner can view the data. When the private information is encrypted and transmitted across the internet and stored on a server, it which allows only required persons to see the data who have key. Cryptography protects data Confidentially, Integrity,Availability,Authenticity and Non-repudiation For example, Sender sends plain text to the Receiver, the below diagram describes about the transmitting of data between sender and receiver. At first, Sender sends the plain text which is encrypted into cipher text using key is nothing but Encryption and it passes through network at last reaches the proper destination. Here, at the Receiver cipher text converts into original plain text using key is nothing but Decryption.
CRYPTOGRAPHY 4 a) MODERN METHODS IN CRYPTOGRAPHY: Many modern methods are come into existence in cryptography, now discussing two methods of cryptography and their theory of operation. (i) Data Encryption Standard (DES): DES is designed by IBM in 1976 by National Bureau of Standards (NES), which got approval from National Security Agent (NSA). In the year 2000 DES is used in the standard encryption process later from 2001 AES is replaced by DES. Theory of Operation: DES uses a symmetric key for both encryption and decryption of data; it is a one type of algorithm which takes a fixed length string of 64-bits plain text, it performs a series of complicated operations to convert the plain text into cipher text of same length at a time. The key is of 64-bits in it 56-bits are meant for encryption and decryption process, the person who holds this 64-bit key can perform the encryption and decryption of data. The remaining 8-bits of key are used for the purpose of parity check and later on it is not used or discarded. Key is transmitted as 8 bytes and each consists of odd parity. 16 rounds are included in DES process in which 16 intermediate keys is included which carries 48-bits each.
CRYPTOGRAPHY The above diagram the total process consists of three phases and it describes about functioning of initial permutation on entire DES structure consists of 64-bit block of data and it splits into 32-bit sub blocks which are passed through rounds as shown in figure. Each round is identical which includes 16 rounds, the security algorithm is increased and temporary efficiency is decreased. At the 16th round, the 32-bit output quantities are swapped by using functions which combines the text and the output of final permutation is 64-bit cipher text. 5 Key Structure: Initially, 56-bits keys are selected from 64-bits permuted choices, algorithm generates some sub keys. The below diagram tells about key function and it includes- 1. Key is then splits into two 28-bits and processed alternatively. In each round, both halves are rotated left by one or two bits and then 48-bit sub key is selected by permuted choice. The 8-bits are used by parity checker. 2. The key schedule is same for decryption. Strengths of DES:  DES uses 54 bit key for encryption, there are 256 possible keys. An attack on such number of keys is impossible.  It is tough to find the weakness of DES. Weakness of DES:  The purpose using IP and FP not clearly described.  Instead of 64-bits only 56-bits are used.  The designing of cipher have some defects. (ii) Digital Signal Algorithm (DSA): DSA is a United States Federal Government standard for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186 in 1993. Theory of Operation: DSA is one type of asymmetric cryptography where both public and private keys are used for transmitting the data from sender to receiver. Many organizations across the world use digital systems for transmitting the electronic data among them in a secured manner. The below diagram explains life cycle of document which includes digital signature. This technique is slower but reliable because there no chance for data loss. The main requirement for the organizations is
CRYPTOGRAPHY paper work which is transmitted digitally and the main fundamental principle is to validate the data by assigning digital signature. The procedure for digital signature is simple which ensures authenticate of documents transferring themselves and stored with computer tools. The digital signature of electronic document having the following requirements:  Authenticity: At the Receiver, it verifies the identity of the sender.  Non-repudiation: The sender c an’t delay the signature doc ument.  Integrity: The receiver is unavailable to modify the signed document which is sent by non-authorized 6 user. Digital signature is generated based on asymmetric key pair, the private key is used by the owner and it is not shared used to generate digital signature for specific document, for verification purpose the public key is used to authenticate the signature. The digital signature consists of three algorithms:  The algorithm generates a pair of key (PK, SK) where PK is public key and SK is secret key, this key pair is used to sign in the document.  In Signature algorithm, sender sends message ‘m’ and the private key gives signature as ‘x’.  In verifying algorithm, it verifies the incoming data and signature with public key. At this stage it accepts or rejects the signature. The document is sign in with private key and its signature verified with public key. Once security is given to document it is impossible to reconstruct the private key even though both keys are uniquely connected. Process: The original data is enc rypted by using one way hash func tion with the user’s privat e key. The following steps are involved in digital signal processing:  The user send the document or a file which is encrypted using the hash function here 256 bits SHA is used, when the owner uses private key to sign in then the sign is calculated with come hash functions, it also generates come control codes on document.  Once the hash get calculated then it is impossible to get it back so the hackers cannot hack the transmitting documents or file without private key.  On the receiver side, the data is decrypted using same hash algorithm with public key, it also compares with the new hash and previous hash functions. If they both match then user can sign in to the document.
CRYPTOGRAPHY The above diagram explains about the hash values and how the data is transmitted between user A and user B using hash algorithm. 7 Strengths of DSA:  Reduces the time and cost when compared to other algorithms.  High level of efficiency operations is done.  High data quality with long term storage of files. Weakness of DSA:  DSA signatures are much shorter than RSA (Rivest-Shamir-Adleman) algorithm, because DSA signature consist 56-bits and RSA signature consist 2048-bits.  The strength of verifying in DSA is slower when compared to RSA. b) USAGE IN I.T INDUSTRY:  The Digital Signature Algorithms are used in reputed Organizations and multiple companies with sub offices, to transfer the confidential information across them with the help of digital signatures.  The Data Enc ryption Standards are used in bank ATM’s for transac tions with help of pin number, person can perform the transactions; once it matches with the pin already existed in required bank portals. Reference: http://www.creativeworld9.com/2011/04/abstract -and-full-paper-on-network_13.html http://www.cs.ust.hk/faculty/cding/COMP364/SLIDES/readdes.pdf http://www.facweb.iitkgp.ernet.in/~sourav/DES.pdf https://www.lri.fr/~fmartignon/documenti/systemesecurite/4-DES.pdf http://www.herongyang.com/Cryptography/DSA-Introduction-What-Is-DSA-Digital-Signature- Algorithm.html http://en.wikipedia.org/wiki/Digital_Signature_Algorithm http://securityaffairs.co/wordpress/5223/digital-id/what-is-a-digital-signature-fundamental-principles.html 2. a) APPLICATION OF CRYPTOGRAPHIC TECHNIQUES IN COMPUTING:  User Authentication: When the user uses their password on the network for login purpose and then cryptography authentication techniques are used which gives high security to the password, like generating one time verification codes here user authentication uses public or private keys.  Hardware and Software Implementation: The hardware devices used in computer like electronic chips, ROM protected processors are implemented by cryptography and controlled by software, instead of by passing the data, the software is protected by cryptography techniques it ensures the hardware and gives correct information.  Transferring Files on Network: Files are transmitted between one user to other on network and data should be protecting against the attackers. The sender sends the file, it is encrypted and the encrypted file is sent to receiver. Symmetric key is used it means only one key is used for both encryption and decryption. To dec rypt the file, the system c omponent driver’s users their private
CRYPTOGRAPHY Key to decrypt the symmetric key which is used to encrypt the file, now the encrypted file system component drivers uses symmetric key to decrypt the file by other user on network. 8 b) CRYPTOGRAPHY IS USED ON SECURITY ELECTRONIC TRANSACTION (SET) ON THE WEB: Secured Electronic Transactions (SET) is one type of protocol which is used for the purpose of transactions on networks which are not secured and these are mainly used in banking sectors for online transactions done with credit cards. There are various technologies are used to secure the web browsers as SSL, HTTPS, SSH and IPsec:-  SSL: SSL stands for Socket Secure Layer. SSL is a one type of protocol which consists of certificates that are used to secure the data transmitting between the user and server, without certificates if data is transferred then there is a chance to hack the data. The below diagram tells about the interaction between browser and the server. When the browser requests the SSL and server responds along with session keys which is encrypted with SSL public key and sends back to server, now the browser and server start s talking with each other and the pages are transmitted securely.  HTTPS: HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. HTTPS by default uses port 443.The URL's beginning with HTTPS indicate that the connection is encrypted using SSL. The below figure tells us about the working of HTTPS and it is implemented by SSL and these SSL certificates are purchased by HTTPS and installed in web server to identify the type of business using to encrypt the sensitive data like Credit card information, SSL consists of certificates which gives permission to communicate securely to its web customers, HTTPS process done in transport layer. HTTPS is recognized easily by seeing lock symbol in the security status bar, we can click on it to view the identity of website. Mainly HTTPS uses SSL certificates for communication purpose to secure the data from client to server and vice versa.  SSH: SSH stands for Secure Shell, it is a one type of cryptographic network protocol which is used to transfer the data securely. User can login to the other system under same network as remote login to transfer the files from one system to other through SSH server. SSH a use automatically
CRYPTOGRAPHY generated public key or private key cryptography to login remote system and encrypts the network connection then uses the password to login.  IPSEC: IPSEC stands for Internet Protocol Security, it works under network layer to secure the internet traffic inside the IP. Cryptography technique used to protect the IP packets and the protection of this packet includes confidentially, authentication and integrity. 9 c) CRYPTOGRAPHY USED IN VPN: VPN stands for Virtual Private Network and it is the combination of both public network and private network. Data transmitting between both the networks can handle by remote user; the data is encrypted for security purpose. The below diagram tells us about the virtual network. The encryption techniques used for transferring the data they are:  DTLS: It stands for Datagram Transport Layer Security, these are used in open connect VPN and solves the problem occurred by SSL.  MPPE: It stands for Microsoft Point-to-Point Encryption; the data is encrypted using point-to-point protocol. 128-bit key, 56-bit key are supported for encrypting the data. In this the data is not compressed but the protocol is used as node between the PPP and VPN links. http://airccse.org/journal/nsa/1111nsa06.pdf http://www.isaca.org/Journal/Past-Issues/2000/Volume-6/Pages/Secure-Electronic-Transaction-SET-Protocol. aspx http://www.slideshare.net/kagoil235/cryptography-and-ecommerce http://www.slideshare.net/ijnsa/a-secure-electronic-payment-protocol-for-wireless-mesh-networks? qid=8c68ca76-307f-4992-b506-eed2a2267bcc&v=qf1&b=&f rom_search=10 http://www.infosecwriters.com/text_resources/pdf/Cryptosystems_SecureWebBrowse rs.pdf https://samsclass.info/122/ppt/ch09.ppt https://www.evsslcertificate.com/ssl/description-ssl.html http://en.wikipedia.org/wiki/Secure_Shell http://en.wikipedia.org/wiki/Virtual_private_network 3. WINDOWS AUTHENTICATION: Windows authentication is a process to secure the data that is transmitted from client to server on the network. Once you enable the windows Authentication, the username and password given by the client are strongly hashed with cryptographic techniques and send on the network for secure browsing. Windows Authentication is suitable mainly in private networks knows as Intranet by following conditions:  All computers and web servers are being in one domain.  Administrator can confirm every client using same browser like Internet Explorer.  NTLM are not supported by the HTTP proxy connections and mostly they are not required.
CRYPTOGRAPHY a) NT Authentication at Logon: Compare to other authentication methods, Windows NT authentication method is much complex it encrypts the username and password, which also held multiple communications between client and server. Passwords are not transmitted across the network and user credentials are automatically given once the users log on this are the benefits in Windows NT. When the user logon to Windows NT with the help of username and password, it requests to LSA which is responsible by Local Security Authority policy to verify the credentials authentication, it gets permission from Local SAM (Security Accounts Manager) database and gets access for the tokens to logon. This all process runs through Win logon. The below figure describes about the logon process of Windows NT. Protocol Used: The three different protocols Windows NT they are NetBIOS/NetBEUI, TCP/IP and PPTP. Here a brief description about TCP/IP. TCP/IP: It stands for Transfer Control Protocol/ Internet Protocol which is developed by DARPA (Defense Advanced Research Project Agency) for network connect ions. Users connected to internet using this protocol in Win NT, without this protocol users c an’t c onnec t to internet and it also used as interac tion between the operating system and hardware platforms like router. 10 b) Windows 2000 Authentication at Logon: Windows 2000 authenticates is varied whether the user logging from domain or local computer. Domain Logon: When the user tries to logon on domain the information provided by the user like username and password are given to domain controller, if the domain have the copy of user then it is validated if not denied. Local Computer Logon: When the user tries to logon on local computer then the information provided by user like user name and password are given to security subsystem of local computer which is operated by local security database, if the information exist then it is validated if not denied. Protocols Used:
CRYPTOGRAPHY 11 Different types of protocols are used in windows 2000 for the authentication purpose as listed below:  Password Authentication Protocol (PAP)  Shiva Password Authentication Protocol (SPAP)  Challenge Handshake Authentication Protocol (CHAP)  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)  Extensible Authentication Protocol (EAP) c) Windows Server 2003 Authentication at Logon: In Windows server 2003 all the users should logon to the computer and their identity should be validated for the authentication and the authorised users will get access to the resources. There are two types of interactive logon in server 2003 as shown below,  When the user not joined to the active directory domain then they can logon to the unjointed computer with local account.  When the user joined to the active directory domain then they can log on with local account or domain account. Protocols Used: The protocols used in Windows server 2003 for authentication purpose as listed below;  Kerberos v5  NTLM  SSL/TLS (Secure Socket Layer/Transport Layer Security) d) Windows Server 2008 Authentication at Logon: Windows Server 2008 logon process includes security components in windows security compare to previous Windows servers; these security policies keep the track record of account logons for security purpose; any organisations can also logon to other systems which are located in sub areas as remote computers with host servers contains Remote Desktop Protocol(RDP). Logon page interacts with the LSA (Local Security Authority) to communicate with Remote authentication sources such as Domain Controller.
CRYPTOGRAPHY 12 Protocols Used: The protocols used in Windows Server 2008 for authentication as listed below;  SSL (Secure Socket Layer)  RDP (Remote Desktop Protocol)  TCP/IP (Transmission Control Protocol/Internet Protocol)  Kerberos V.5 protocol e) Windows Server 2012 Authentication at Logon: User should mention login information like username and password to login in windows server 2012 and these details are used for authentication to user access in local computer under same domain, the certificates gives access to user to login which are stored in active directory, now the User can also have access to local network through same domain and get authenticated. Protocols Used: The protocols used in Windows Server 2012 for authentication are:  SMB (Server Message Block)  RDP (Remote Desktop Protocol) f) Difference between Integrated Windows Authentication and Logon Authentication: Integrated Windows Authentication Logon Authentication 1. This type of Authentication is more secure the username and password given by user are encrypted with hash algorithms and sent through the network. 2. Windows Authentication is best for internet environment because both client and server are in same domain. 3. It supports two authentication protocols like Kerberos and NTLM (NT LAN Manager). 1. This type of Authentication is not secured because the username and password are not encrypted. 2. Logon Authentication is used mainly in Industry to collect username and passwords. 3. It supports SSL for authentication. http://en.wikipedia.org/wiki/Windows_NT_startup_process http://technet.microsoft.com/en-us/library/hh831360.aspx 4. KERBEROS PROTOCOL: Kerberos is one type of protocol which is used for providing strong network authentication between the client and server using symmetric key cryptography. Many protocols are used in Internet for security purpose because it is an insecure place, but them fails to give security whereas Kerberos protocol gives strong network security, here client and server using Kerberos to prove their identity.
CRYPTOGRAPHY a) Description of Kerberos Protocol: This protoc ol works as ‘tic kets’ for the c ommunic ation purpose, the below diagram gives brief description how the protocol works and these even includes Authentication Server (AS) request from the client to get Ticket Granting Ticket (TGT), the combination of both TGT and AS is nothing but Key Distribution Center (KDC) which encrypts the users password using secret key and it is controlled by Domain Controller as shown below, The description of Kerberos Protocol includes eight steps, now we are going to look those steps with the help of diagrams:- Step-1: client sends a request to AS to verify the username and the password is encrypted with security key. Step-2: After verifying AS issues to client who includes time stamp and the session having expiry date like 8 hours. 13 Step-3: In this, request sent back to the client using TGT consist of tickets, as shown below. Step-4: In this step the authentication is done for the client by submitting the TGT to Ticket Granting Server (TGS). Step-5: TGS creates an encrypted key with the time stamp of 8 hours and got permission to the client to use a ticket.
CRYPTOGRAPHY Step-6: At this step, the client decrypts the ticket and sends acknowledgement (ACK) says that user got the ticket to TGS. Step-7: At this stage, the client sends encrypted key to service server as shown below in figure, now in server it decrypts the key to check the validation of time stamp. If it is validated then service server directly contacts KDC to get a session between client and the server. Step-8: At this step, the client checks whether the validation and decrypt s the key, then connection is initiated between client and server for communication purpose. Now the client is authenticated until the session expires. 14 b) TIME SYNCHRONISATION IS IMPORTANT FOR KERBEROS:  The authentication is based on time stamp of tickets in Kerberos protocol and as we discussed before there is a short life time for tickets which issued by TGT in order to prevent the hackers to perform any hacking process.  Accurate clock synchronization is there on Kerberos servers, if your clock not synchronized at certain time intervals then Kerberos shows fatal errors.  If user allows clock on to the server and they themselves makes their network as platform for the attackers it causes loss in their vulnerability.  Since to overcome these malware activities, time synchronization plays a vital role to provide security of the Kerberos protocol. http://tldp.org/HOWTO/Kerberos-Inf rastructure-HOWTO/time-sync.html http://en.wikipedia.org/wiki/Kerberos_(protocol)#Description http://web.mit.edu/kerberos/ http://www.slideshare.net/RakeshRajgopal/rakesh-raj?qid=c929c8b1-be01-408c-8de3- 4534487920c7&v=default&b=&from_search=12
CRYPTOGRAPHY 15

More Related Content

PPTX
Cryptography
bySagar Janagonda
 
PDF
Information Security Cryptography ( L02- Types Cryptography)
byAnas Rock
 
PDF
Cryptography
byKalyani Government Engineering College
 
PPTX
Cryptography and applications
bythai
 
PPTX
Information and network security 31 public key cryptography
byVaibhav Khanna
 
PPT
Cryptography
byPPT4U
 
PPTX
Cryptography
bySandip kumar
 
PPT
Cryptography
byIGZ Software house
 
Cryptography
bySagar Janagonda
 
Information Security Cryptography ( L02- Types Cryptography)
byAnas Rock
 
Cryptography
byKalyani Government Engineering College
 
Cryptography and applications
bythai
 
Information and network security 31 public key cryptography
byVaibhav Khanna
 
Cryptography
byPPT4U
 
Cryptography
bySandip kumar
 
Cryptography
byIGZ Software house
 

What's hot

PPTX
cryptography ppt free download
byTwinkal Harsora
 
PPTX
Cryptography
bySidharth Mohapatra
 
PPTX
Cryptography
byDarshini Parikh
 
PPTX
Cryptography
byprasham95
 
PPT
Cryptography Fundamentals
byDuy Do Phan
 
PPTX
Encryption
bykeith dias
 
PPTX
Introduction to Cryptography
byBharat Kumar Katur
 
PDF
Cryptanalysis and Attacks
byShahbaz Anjam
 
PPTX
Cryptography.ppt
byUday Meena
 
PPTX
Cryptography
byAnandKaGe
 
PPTX
Cryptography
byjayashri kolekar
 
PPT
Cryptography - A Brief History
byprasenjeetd
 
PPTX
Cryptography
byherrberk
 
PPT
Cryptography
bygueste4c97e
 
PPSX
Introductory Lecture on Cryptography and Information Security
byBikramjit Sarkar, Ph.D.
 
ODP
Encryption presentation final
byadrigee12
 
PPTX
cryptography
byJai Nathwani
 
DOC
Cryptography full report
byharpoo123143
 
PPS
Criptography
bySajan Sahu
 
PPTX
Cryptography and network security Nit701
byAmit Pathak
 
cryptography ppt free download
byTwinkal Harsora
 
Cryptography
bySidharth Mohapatra
 
Cryptography
byDarshini Parikh
 
Cryptography
byprasham95
 
Cryptography Fundamentals
byDuy Do Phan
 
Encryption
bykeith dias
 
Introduction to Cryptography
byBharat Kumar Katur
 
Cryptanalysis and Attacks
byShahbaz Anjam
 
Cryptography.ppt
byUday Meena
 
Cryptography
byAnandKaGe
 
Cryptography
byjayashri kolekar
 
Cryptography - A Brief History
byprasenjeetd
 
Cryptography
byherrberk
 
Cryptography
bygueste4c97e
 
Introductory Lecture on Cryptography and Information Security
byBikramjit Sarkar, Ph.D.
 
Encryption presentation final
byadrigee12
 
cryptography
byJai Nathwani
 
Cryptography full report
byharpoo123143
 
Criptography
bySajan Sahu
 
Cryptography and network security Nit701
byAmit Pathak
 

Similar to Cryptography

PPTX
Data encryption
byDeepam Goyal
 
PPTX
Cryptography notes for undergraduate kud
bymd4228787
 
PPT
Elementry Cryptography
byTata Consultancy Services
 
PDF
A REVIEW STUDY OF CRYPTOGRAPHY TECHNIQUES
byValerie Felton
 
PPT
Cryptography
byamiable_indian
 
PPTX
Cryptography and Network Security
byPa Van Tanku
 
PPTX
Network security
byABHISHEK KUMAR
 
PDF
Introduction to Cryptography
bySeema Goel
 
PDF
A Survey on Cryptographic Techniques for Network Security.pdf
byYasmine Anino
 
PDF
Study and implementation of DES on FPGA
byVenkata Kishore
 
PDF
Comparative study of private and public key cryptography algorithms a survey
byeSAT Publishing House
 
PPTX
cryptography-Final.pptx
bykarthikvcyber
 
PPTX
Cryptography
byPratiksha Patil
 
PPTX
Introduction to Network Security presentation
bykrishkiran2408
 
PPTX
Cryptography
byShray Jali
 
DOCX
Cryptography notes for iss3 information system security
bymeghagarg110
 
PPTX
big data and Iot , its security part ,hoe yoy help this
bywarriorshanta
 
PPTX
Security - ch3.pptx
byHabtamuHaileMichael2
 
PPTX
Security - ch3.pptx
byGebrehanaAlemaw
 
PDF
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
byIJNSA Journal
 
Data encryption
byDeepam Goyal
 
Cryptography notes for undergraduate kud
bymd4228787
 
Elementry Cryptography
byTata Consultancy Services
 
A REVIEW STUDY OF CRYPTOGRAPHY TECHNIQUES
byValerie Felton
 
Cryptography
byamiable_indian
 
Cryptography and Network Security
byPa Van Tanku
 
Network security
byABHISHEK KUMAR
 
Introduction to Cryptography
bySeema Goel
 
A Survey on Cryptographic Techniques for Network Security.pdf
byYasmine Anino
 
Study and implementation of DES on FPGA
byVenkata Kishore
 
Comparative study of private and public key cryptography algorithms a survey
byeSAT Publishing House
 
cryptography-Final.pptx
bykarthikvcyber
 
Cryptography
byPratiksha Patil
 
Introduction to Network Security presentation
bykrishkiran2408
 
Cryptography
byShray Jali
 
Cryptography notes for iss3 information system security
bymeghagarg110
 
big data and Iot , its security part ,hoe yoy help this
bywarriorshanta
 
Security - ch3.pptx
byHabtamuHaileMichael2
 
Security - ch3.pptx
byGebrehanaAlemaw
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
byIJNSA Journal
 

Recently uploaded

PDF
Parallel and Distributed Databases NOTES.pdf
bywrushabsirsat
 
PDF
action man.pdf album sa slicicama panini...
byStefanFilipovic9
 
PDF
Tour & Travel App Development Explained- Features, Costs, and Technologies Us...
byMike Brown
 
PDF
11 Best Sites for Buying Aged Reddit Accounts with Karma.pdf
byallseoit 143
 
PDF
alfred jonatan kvak panini album.pdf slicice
byStefanFilipovic9
 
PDF
album panini Evoksi.pdf panini album slicice
byStefanFilipovic9
 
PDF
anastasia panini album.pdf album sa slicicama
byStefanFilipovic9
 
PDF
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
PDF
Angry Birds film (2016).pdf panini album
byStefanFilipovic9
 
PDF
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
PDF
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
PPTX
Creating content that converts into leads.
bySEONutri
 
Parallel and Distributed Databases NOTES.pdf
bywrushabsirsat
 
action man.pdf album sa slicicama panini...
byStefanFilipovic9
 
Tour & Travel App Development Explained- Features, Costs, and Technologies Us...
byMike Brown
 
11 Best Sites for Buying Aged Reddit Accounts with Karma.pdf
byallseoit 143
 
alfred jonatan kvak panini album.pdf slicice
byStefanFilipovic9
 
album panini Evoksi.pdf panini album slicice
byStefanFilipovic9
 
anastasia panini album.pdf album sa slicicama
byStefanFilipovic9
 
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
Angry Birds film (2016).pdf panini album
byStefanFilipovic9
 
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
Creating content that converts into leads.
bySEONutri
 

Cryptography

  • 1.
    CRYPTOGRAPHY 1 W1-CRYPTOGRAPHY Presented By Vishalya Dulam AVONMORE TERITARY INSTITUTE
  • 2.
    CRYPTOGRAPHY 2 INDEX P.no Abstract 3 1. Cryptography 3-7 a) Modern Methods of Cryptography 4 (i) DES 4 (ii) DSA 5 b) Usage in I.T Industry 7 2. a) Application of Cryptographic Techniques in Computing 7 b) Cryptography Used in SET on Web Browser 8 c) Cryptography in VPN 9 3. Windows Authentication 9-12 a) Win NT 10 b) Win 2000 10 c) Win Server 2003 11 d) Win Server 2008 11 e) Win Server 2012 12 f) Difference between Integrated Windows Authentication and Logon Authentication 12 4. Kerberos Protocol 12-14 a) Description of Kerberos Protocol 12 b) Time Synchronization in Kerberos Protocol 14
  • 3.
    CRYPTOGRAPHY 3 ABSTRACT: Primarily Computer Networks are used by University Researchers for sending e-mails and by co-operate company employees for sharing printers. At this stage there is no problem for security attention. Now-a-days millions of ordinary citizens using networks for banking, online shopping, e-booking, etc. Due to this network security became the massive problem. To overcome come this problem many security techniques are came into existence, in those techniques Cryptography is the one of the important technique for securing the data or information from the particular source to required destination. These are of many types and in this report we know about few methods of cryptography and their functioning. 1. CRYPTOGRAPHY: The word Cryptography comes from t he Greek word and it means “Sec ret Writing”. Cryptography is a process which encrypts the original data into cipher text by using key and this cipher text is decrypted at the other end by using key and these keys are called session keys which includes Public and Private Keys. Protection of Data or Information: Cryptography protects the data only, owner and other person who got access from owner can view the data. When the private information is encrypted and transmitted across the internet and stored on a server, it which allows only required persons to see the data who have key. Cryptography protects data Confidentially, Integrity,Availability,Authenticity and Non-repudiation For example, Sender sends plain text to the Receiver, the below diagram describes about the transmitting of data between sender and receiver. At first, Sender sends the plain text which is encrypted into cipher text using key is nothing but Encryption and it passes through network at last reaches the proper destination. Here, at the Receiver cipher text converts into original plain text using key is nothing but Decryption.
  • 4.
    CRYPTOGRAPHY 4 a)MODERN METHODS IN CRYPTOGRAPHY: Many modern methods are come into existence in cryptography, now discussing two methods of cryptography and their theory of operation. (i) Data Encryption Standard (DES): DES is designed by IBM in 1976 by National Bureau of Standards (NES), which got approval from National Security Agent (NSA). In the year 2000 DES is used in the standard encryption process later from 2001 AES is replaced by DES. Theory of Operation: DES uses a symmetric key for both encryption and decryption of data; it is a one type of algorithm which takes a fixed length string of 64-bits plain text, it performs a series of complicated operations to convert the plain text into cipher text of same length at a time. The key is of 64-bits in it 56-bits are meant for encryption and decryption process, the person who holds this 64-bit key can perform the encryption and decryption of data. The remaining 8-bits of key are used for the purpose of parity check and later on it is not used or discarded. Key is transmitted as 8 bytes and each consists of odd parity. 16 rounds are included in DES process in which 16 intermediate keys is included which carries 48-bits each.
  • 5.
    CRYPTOGRAPHY The abovediagram the total process consists of three phases and it describes about functioning of initial permutation on entire DES structure consists of 64-bit block of data and it splits into 32-bit sub blocks which are passed through rounds as shown in figure. Each round is identical which includes 16 rounds, the security algorithm is increased and temporary efficiency is decreased. At the 16th round, the 32-bit output quantities are swapped by using functions which combines the text and the output of final permutation is 64-bit cipher text. 5 Key Structure: Initially, 56-bits keys are selected from 64-bits permuted choices, algorithm generates some sub keys. The below diagram tells about key function and it includes- 1. Key is then splits into two 28-bits and processed alternatively. In each round, both halves are rotated left by one or two bits and then 48-bit sub key is selected by permuted choice. The 8-bits are used by parity checker. 2. The key schedule is same for decryption. Strengths of DES:  DES uses 54 bit key for encryption, there are 256 possible keys. An attack on such number of keys is impossible.  It is tough to find the weakness of DES. Weakness of DES:  The purpose using IP and FP not clearly described.  Instead of 64-bits only 56-bits are used.  The designing of cipher have some defects. (ii) Digital Signal Algorithm (DSA): DSA is a United States Federal Government standard for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186 in 1993. Theory of Operation: DSA is one type of asymmetric cryptography where both public and private keys are used for transmitting the data from sender to receiver. Many organizations across the world use digital systems for transmitting the electronic data among them in a secured manner. The below diagram explains life cycle of document which includes digital signature. This technique is slower but reliable because there no chance for data loss. The main requirement for the organizations is
  • 6.
    CRYPTOGRAPHY paper workwhich is transmitted digitally and the main fundamental principle is to validate the data by assigning digital signature. The procedure for digital signature is simple which ensures authenticate of documents transferring themselves and stored with computer tools. The digital signature of electronic document having the following requirements:  Authenticity: At the Receiver, it verifies the identity of the sender.  Non-repudiation: The sender c an’t delay the signature doc ument.  Integrity: The receiver is unavailable to modify the signed document which is sent by non-authorized 6 user. Digital signature is generated based on asymmetric key pair, the private key is used by the owner and it is not shared used to generate digital signature for specific document, for verification purpose the public key is used to authenticate the signature. The digital signature consists of three algorithms:  The algorithm generates a pair of key (PK, SK) where PK is public key and SK is secret key, this key pair is used to sign in the document.  In Signature algorithm, sender sends message ‘m’ and the private key gives signature as ‘x’.  In verifying algorithm, it verifies the incoming data and signature with public key. At this stage it accepts or rejects the signature. The document is sign in with private key and its signature verified with public key. Once security is given to document it is impossible to reconstruct the private key even though both keys are uniquely connected. Process: The original data is enc rypted by using one way hash func tion with the user’s privat e key. The following steps are involved in digital signal processing:  The user send the document or a file which is encrypted using the hash function here 256 bits SHA is used, when the owner uses private key to sign in then the sign is calculated with come hash functions, it also generates come control codes on document.  Once the hash get calculated then it is impossible to get it back so the hackers cannot hack the transmitting documents or file without private key.  On the receiver side, the data is decrypted using same hash algorithm with public key, it also compares with the new hash and previous hash functions. If they both match then user can sign in to the document.
  • 7.
    CRYPTOGRAPHY The abovediagram explains about the hash values and how the data is transmitted between user A and user B using hash algorithm. 7 Strengths of DSA:  Reduces the time and cost when compared to other algorithms.  High level of efficiency operations is done.  High data quality with long term storage of files. Weakness of DSA:  DSA signatures are much shorter than RSA (Rivest-Shamir-Adleman) algorithm, because DSA signature consist 56-bits and RSA signature consist 2048-bits.  The strength of verifying in DSA is slower when compared to RSA. b) USAGE IN I.T INDUSTRY:  The Digital Signature Algorithms are used in reputed Organizations and multiple companies with sub offices, to transfer the confidential information across them with the help of digital signatures.  The Data Enc ryption Standards are used in bank ATM’s for transac tions with help of pin number, person can perform the transactions; once it matches with the pin already existed in required bank portals. Reference: http://www.creativeworld9.com/2011/04/abstract -and-full-paper-on-network_13.html http://www.cs.ust.hk/faculty/cding/COMP364/SLIDES/readdes.pdf http://www.facweb.iitkgp.ernet.in/~sourav/DES.pdf https://www.lri.fr/~fmartignon/documenti/systemesecurite/4-DES.pdf http://www.herongyang.com/Cryptography/DSA-Introduction-What-Is-DSA-Digital-Signature- Algorithm.html http://en.wikipedia.org/wiki/Digital_Signature_Algorithm http://securityaffairs.co/wordpress/5223/digital-id/what-is-a-digital-signature-fundamental-principles.html 2. a) APPLICATION OF CRYPTOGRAPHIC TECHNIQUES IN COMPUTING:  User Authentication: When the user uses their password on the network for login purpose and then cryptography authentication techniques are used which gives high security to the password, like generating one time verification codes here user authentication uses public or private keys.  Hardware and Software Implementation: The hardware devices used in computer like electronic chips, ROM protected processors are implemented by cryptography and controlled by software, instead of by passing the data, the software is protected by cryptography techniques it ensures the hardware and gives correct information.  Transferring Files on Network: Files are transmitted between one user to other on network and data should be protecting against the attackers. The sender sends the file, it is encrypted and the encrypted file is sent to receiver. Symmetric key is used it means only one key is used for both encryption and decryption. To dec rypt the file, the system c omponent driver’s users their private
  • 8.
    CRYPTOGRAPHY Key todecrypt the symmetric key which is used to encrypt the file, now the encrypted file system component drivers uses symmetric key to decrypt the file by other user on network. 8 b) CRYPTOGRAPHY IS USED ON SECURITY ELECTRONIC TRANSACTION (SET) ON THE WEB: Secured Electronic Transactions (SET) is one type of protocol which is used for the purpose of transactions on networks which are not secured and these are mainly used in banking sectors for online transactions done with credit cards. There are various technologies are used to secure the web browsers as SSL, HTTPS, SSH and IPsec:-  SSL: SSL stands for Socket Secure Layer. SSL is a one type of protocol which consists of certificates that are used to secure the data transmitting between the user and server, without certificates if data is transferred then there is a chance to hack the data. The below diagram tells about the interaction between browser and the server. When the browser requests the SSL and server responds along with session keys which is encrypted with SSL public key and sends back to server, now the browser and server start s talking with each other and the pages are transmitted securely.  HTTPS: HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. HTTPS by default uses port 443.The URL's beginning with HTTPS indicate that the connection is encrypted using SSL. The below figure tells us about the working of HTTPS and it is implemented by SSL and these SSL certificates are purchased by HTTPS and installed in web server to identify the type of business using to encrypt the sensitive data like Credit card information, SSL consists of certificates which gives permission to communicate securely to its web customers, HTTPS process done in transport layer. HTTPS is recognized easily by seeing lock symbol in the security status bar, we can click on it to view the identity of website. Mainly HTTPS uses SSL certificates for communication purpose to secure the data from client to server and vice versa.  SSH: SSH stands for Secure Shell, it is a one type of cryptographic network protocol which is used to transfer the data securely. User can login to the other system under same network as remote login to transfer the files from one system to other through SSH server. SSH a use automatically
  • 9.
    CRYPTOGRAPHY generated publickey or private key cryptography to login remote system and encrypts the network connection then uses the password to login.  IPSEC: IPSEC stands for Internet Protocol Security, it works under network layer to secure the internet traffic inside the IP. Cryptography technique used to protect the IP packets and the protection of this packet includes confidentially, authentication and integrity. 9 c) CRYPTOGRAPHY USED IN VPN: VPN stands for Virtual Private Network and it is the combination of both public network and private network. Data transmitting between both the networks can handle by remote user; the data is encrypted for security purpose. The below diagram tells us about the virtual network. The encryption techniques used for transferring the data they are:  DTLS: It stands for Datagram Transport Layer Security, these are used in open connect VPN and solves the problem occurred by SSL.  MPPE: It stands for Microsoft Point-to-Point Encryption; the data is encrypted using point-to-point protocol. 128-bit key, 56-bit key are supported for encrypting the data. In this the data is not compressed but the protocol is used as node between the PPP and VPN links. http://airccse.org/journal/nsa/1111nsa06.pdf http://www.isaca.org/Journal/Past-Issues/2000/Volume-6/Pages/Secure-Electronic-Transaction-SET-Protocol. aspx http://www.slideshare.net/kagoil235/cryptography-and-ecommerce http://www.slideshare.net/ijnsa/a-secure-electronic-payment-protocol-for-wireless-mesh-networks? qid=8c68ca76-307f-4992-b506-eed2a2267bcc&v=qf1&b=&f rom_search=10 http://www.infosecwriters.com/text_resources/pdf/Cryptosystems_SecureWebBrowse rs.pdf https://samsclass.info/122/ppt/ch09.ppt https://www.evsslcertificate.com/ssl/description-ssl.html http://en.wikipedia.org/wiki/Secure_Shell http://en.wikipedia.org/wiki/Virtual_private_network 3. WINDOWS AUTHENTICATION: Windows authentication is a process to secure the data that is transmitted from client to server on the network. Once you enable the windows Authentication, the username and password given by the client are strongly hashed with cryptographic techniques and send on the network for secure browsing. Windows Authentication is suitable mainly in private networks knows as Intranet by following conditions:  All computers and web servers are being in one domain.  Administrator can confirm every client using same browser like Internet Explorer.  NTLM are not supported by the HTTP proxy connections and mostly they are not required.
  • 10.
    CRYPTOGRAPHY a) NTAuthentication at Logon: Compare to other authentication methods, Windows NT authentication method is much complex it encrypts the username and password, which also held multiple communications between client and server. Passwords are not transmitted across the network and user credentials are automatically given once the users log on this are the benefits in Windows NT. When the user logon to Windows NT with the help of username and password, it requests to LSA which is responsible by Local Security Authority policy to verify the credentials authentication, it gets permission from Local SAM (Security Accounts Manager) database and gets access for the tokens to logon. This all process runs through Win logon. The below figure describes about the logon process of Windows NT. Protocol Used: The three different protocols Windows NT they are NetBIOS/NetBEUI, TCP/IP and PPTP. Here a brief description about TCP/IP. TCP/IP: It stands for Transfer Control Protocol/ Internet Protocol which is developed by DARPA (Defense Advanced Research Project Agency) for network connect ions. Users connected to internet using this protocol in Win NT, without this protocol users c an’t c onnec t to internet and it also used as interac tion between the operating system and hardware platforms like router. 10 b) Windows 2000 Authentication at Logon: Windows 2000 authenticates is varied whether the user logging from domain or local computer. Domain Logon: When the user tries to logon on domain the information provided by the user like username and password are given to domain controller, if the domain have the copy of user then it is validated if not denied. Local Computer Logon: When the user tries to logon on local computer then the information provided by user like user name and password are given to security subsystem of local computer which is operated by local security database, if the information exist then it is validated if not denied. Protocols Used:
  • 11.
    CRYPTOGRAPHY 11 Differenttypes of protocols are used in windows 2000 for the authentication purpose as listed below:  Password Authentication Protocol (PAP)  Shiva Password Authentication Protocol (SPAP)  Challenge Handshake Authentication Protocol (CHAP)  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)  Extensible Authentication Protocol (EAP) c) Windows Server 2003 Authentication at Logon: In Windows server 2003 all the users should logon to the computer and their identity should be validated for the authentication and the authorised users will get access to the resources. There are two types of interactive logon in server 2003 as shown below,  When the user not joined to the active directory domain then they can logon to the unjointed computer with local account.  When the user joined to the active directory domain then they can log on with local account or domain account. Protocols Used: The protocols used in Windows server 2003 for authentication purpose as listed below;  Kerberos v5  NTLM  SSL/TLS (Secure Socket Layer/Transport Layer Security) d) Windows Server 2008 Authentication at Logon: Windows Server 2008 logon process includes security components in windows security compare to previous Windows servers; these security policies keep the track record of account logons for security purpose; any organisations can also logon to other systems which are located in sub areas as remote computers with host servers contains Remote Desktop Protocol(RDP). Logon page interacts with the LSA (Local Security Authority) to communicate with Remote authentication sources such as Domain Controller.
  • 12.
    CRYPTOGRAPHY 12 ProtocolsUsed: The protocols used in Windows Server 2008 for authentication as listed below;  SSL (Secure Socket Layer)  RDP (Remote Desktop Protocol)  TCP/IP (Transmission Control Protocol/Internet Protocol)  Kerberos V.5 protocol e) Windows Server 2012 Authentication at Logon: User should mention login information like username and password to login in windows server 2012 and these details are used for authentication to user access in local computer under same domain, the certificates gives access to user to login which are stored in active directory, now the User can also have access to local network through same domain and get authenticated. Protocols Used: The protocols used in Windows Server 2012 for authentication are:  SMB (Server Message Block)  RDP (Remote Desktop Protocol) f) Difference between Integrated Windows Authentication and Logon Authentication: Integrated Windows Authentication Logon Authentication 1. This type of Authentication is more secure the username and password given by user are encrypted with hash algorithms and sent through the network. 2. Windows Authentication is best for internet environment because both client and server are in same domain. 3. It supports two authentication protocols like Kerberos and NTLM (NT LAN Manager). 1. This type of Authentication is not secured because the username and password are not encrypted. 2. Logon Authentication is used mainly in Industry to collect username and passwords. 3. It supports SSL for authentication. http://en.wikipedia.org/wiki/Windows_NT_startup_process http://technet.microsoft.com/en-us/library/hh831360.aspx 4. KERBEROS PROTOCOL: Kerberos is one type of protocol which is used for providing strong network authentication between the client and server using symmetric key cryptography. Many protocols are used in Internet for security purpose because it is an insecure place, but them fails to give security whereas Kerberos protocol gives strong network security, here client and server using Kerberos to prove their identity.
  • 13.
    CRYPTOGRAPHY a) Descriptionof Kerberos Protocol: This protoc ol works as ‘tic kets’ for the c ommunic ation purpose, the below diagram gives brief description how the protocol works and these even includes Authentication Server (AS) request from the client to get Ticket Granting Ticket (TGT), the combination of both TGT and AS is nothing but Key Distribution Center (KDC) which encrypts the users password using secret key and it is controlled by Domain Controller as shown below, The description of Kerberos Protocol includes eight steps, now we are going to look those steps with the help of diagrams:- Step-1: client sends a request to AS to verify the username and the password is encrypted with security key. Step-2: After verifying AS issues to client who includes time stamp and the session having expiry date like 8 hours. 13 Step-3: In this, request sent back to the client using TGT consist of tickets, as shown below. Step-4: In this step the authentication is done for the client by submitting the TGT to Ticket Granting Server (TGS). Step-5: TGS creates an encrypted key with the time stamp of 8 hours and got permission to the client to use a ticket.
  • 14.
    CRYPTOGRAPHY Step-6: Atthis step, the client decrypts the ticket and sends acknowledgement (ACK) says that user got the ticket to TGS. Step-7: At this stage, the client sends encrypted key to service server as shown below in figure, now in server it decrypts the key to check the validation of time stamp. If it is validated then service server directly contacts KDC to get a session between client and the server. Step-8: At this step, the client checks whether the validation and decrypt s the key, then connection is initiated between client and server for communication purpose. Now the client is authenticated until the session expires. 14 b) TIME SYNCHRONISATION IS IMPORTANT FOR KERBEROS:  The authentication is based on time stamp of tickets in Kerberos protocol and as we discussed before there is a short life time for tickets which issued by TGT in order to prevent the hackers to perform any hacking process.  Accurate clock synchronization is there on Kerberos servers, if your clock not synchronized at certain time intervals then Kerberos shows fatal errors.  If user allows clock on to the server and they themselves makes their network as platform for the attackers it causes loss in their vulnerability.  Since to overcome these malware activities, time synchronization plays a vital role to provide security of the Kerberos protocol. http://tldp.org/HOWTO/Kerberos-Inf rastructure-HOWTO/time-sync.html http://en.wikipedia.org/wiki/Kerberos_(protocol)#Description http://web.mit.edu/kerberos/ http://www.slideshare.net/RakeshRajgopal/rakesh-raj?qid=c929c8b1-be01-408c-8de3- 4534487920c7&v=default&b=&from_search=12
  • 15.