CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
1
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
DEPARTMENT OF INFORMATION TECHNOLOGY
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY
IV IT 2019 – 2020 ODD
UNIT I - INTRODUCTION & NUMBER THEORY
Worksheet
Topic: Services, Mechanisms and Attacks
Terminologies:
 ___________________ is the study of techniques for ensuring secrecy &
authentication of information
o ____________________ is the art or science encompassing the principles and
methods of transforming an intelligible message into one that is unintelligible
and then retransforming that message back to its original form
o ____________________ is the process of attempting to discover message or
key or both
 _______________________ is a generic name for the collection of tools designed to
protect data and to thwart hackers
 _______________________ is a measures to protect data during their transmission
 _______________________ is a measures to protect data during their transmission
over a collection of interconnected networks
 _______________________ is that any action that compromises the security of
information owned by an organization
 _______________________ is a mechanism that is designed to detect, prevent or
recover from a security attack
 _______________________ is a service that enhances the security of the data
processing systems and the information transfers of an organization
 _______________________ is a process of converting plaintext to cipher text using a
cipher and a key
 _______________________ is a process of converting cipher text back into plaintext
using a cipher and a key
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
2
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
 ______________________ is An algorithm for transforming an intelligible message
into one that is unintelligible by transposition and/or substitution methods
Three independent dimensions of cryptography:
1.
a)
b)
2.
a)
b)
3.
a)
b)
Types of cryptanalytic attacks:
1.
2.
3.
4.
Topic: OSI Security Architecture
a) Security Services:
Ensures that the information in a computer system a n d
transmitted information are accessible only for reading
by authorized parties.
Ensures that the origin of a message or electronic
document is correctly identified, with an assurance that
the identity is not false
Ensures that only authorized parties are able to modify
computer system assets and transmitted information
Requires that neither the sender nor the receiver of a
message be able to deny the transmission.
Requires that access to information resources may be
controlled by or the target system.
Requires that computer system assets be available to
authorized parties when needed.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
3
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
b) Security Attacks:
Match the following:
Masquerade Some portion of message is altered or the messages are
delayed or recorded, to produce an unauthorized effect.
Replay Prevents or inhibits the normal use or management of
communication facilities
Modification of messages involves passive capture of a data unit and its
subsequent transmission to produce an unauthorized
effect.
Denial of service One entity pretends to be a different entity.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
4
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
c) Security Mechanism:
Specific
Security
Mechanis
m
Pervasive
Security
Mechanis
m
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
5
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Network Security Model
Topic: Classical Encryption techniques (Symmetric Cipher Model, Substitution
Techniques, Transposition Techniques, Steganography)
a) Symmetric Cipher Model
Symmetric encryption is a form of cryptosystem in which ___________________ and
_______________________ are performed using the ___________ key.
Ingredients:
i.
ii.
iii.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
6
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
iv.
v.
b) Substitution Techniques
i) Caesar Cipher:
Encryption Process
Decryption Process
General Form:
Encryption Process
Decryption Process
Key Space:
Drawback:
1. Encrypt and decrypt the plain text “Today we have cryptography and network security
class during afternoon” using key as 15
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
7
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
2. Perform brute force attack on “ojbqrxw rb cqn vxbc ruudbrxw hxd ljw qjen”
ii) Playfair Cipher
Key Generation:
1.
2.
3.
4.
Encryption:
1.
2.
3.
4.
5.
Decryption:

CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
8
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Strength:

Drawback:

1. Generate the key matrix for the key “beautiful”
2. Encrypt the plain text “We enjoyed the educational tour” using above key
3. Decrypt the cipher text
“RVKFWQAFSPGMRORFPZMPBANRKWMWDAMVFHVRPZ” using the key
“avengers”
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
9
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
iii) Hill Cipher:
Encryption Process
Decryption Process
Advantage:
Disadvantage:
1. Encrypt the plain text “welcome” using the key
( )
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
10
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
2. Decrypt the cipher text “OYKHWBZI” using hill cipher. The cipher text is obtained
by encrypting the plain text with the key 





54
32
Inverse key:
Decryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
11
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
3. Decrypt the cipher text “DPQRQ EVKPQ LR” using hill cipher. The cipher text is
obtained by encrypting the plain text with the key
( )
Inverse key:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
12
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Decryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
13
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
iv) Vigenere Cipher:
Encryption Process
Decryption Process
Strength:
1. Encrypt the message “we are discovered yourself” using the key “world”
v) Autokey Cipher
1. Encrypt the message “we are discovered yourself” using the key “world”
vi) One Time Pad:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
14
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Advantage:
Disadvantage:
c) Transposition Techniques
i) Rail Fence:
1. Encrypt the message “computer science engineering”
ii) Row Columnar Transposition:
1. Encrypt the message “computer science engineering” using the key “423165”
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
15
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: FINITE FIELDS AND NUMBER THEORY-Groups, Rings, Fields
a) Group:
Group is a set of elements denoted by {G, *} where, * is a binary operations.
Axioms:
i.
ii.
iii.
iv.
Abelian group:
v.
b) Rings:
A ring R, sometimes denoted by {R, +, x}, is a set of elements with two binary operations,
called addition and multiplication.
Axioms:
i.
ii.
iii.
Commutative Ring:
iv.
Integral Domain:
v.
vi.
c) Fields
A field F, sometimes denoted by {F, +, x}, is a set of elements with two binary operations,
called addition and multiplication.
Axioms:
 All above axioms
vii.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
16
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Modular arithmetic- Euclid’s algorithm
Modular Arithmetic:
Modular arithmetic is 'clock arithmetic' b mod n says when divided by n have a remainder r
a = qn + r
a and b are congruent if; a mod n = b mod n
Properties:
i. [(a mod n) + (b mod n)] mod n = (a + b) mod n
ii. [(a mod n) - (b mod n)] mod n = (a - b) mod n
iii. [(a mod n) * (b mod n)] mod n = (a * b) mod n
Euclid’s Algorithm:
 To find the GCD of two numbers
 GCD (a,b) = GCD(b, a mod b)
Euclid(a, b):
if(b == 0)
return a;
else
return Euclid(b, a mod b);
1. Determine the gcd (24140, 16762)
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
17
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
2. Determine the gcd (4655, 12075)
Extended Euclid’s Algorithm:
 To find the value of x and y in an equation ax + by = d = gcd(a,b)
 If gcd(a,b) = 1 then these values are inverse
1. Using the extended Euclidean algorithm, find the multiplicative inverse of
1234 mod 4321
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
18
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Number Theory
a) Prime Numbers:
 Prime numbers only have divisors of 1 and self they cannot be written as a product of
other numbers
b) Prime Factorization:
 To factors a number „n‟ is to write it as a product of other numbers
 n = a * b * c such that a, b, c are primes
1. Factor 4883 and 4369 into products of primes.
c) Fermet’s Theorem
1. Using the Fermat‟s theorem, find 3201
mod 11
2. Use Fermat‟s theorem to find a number x between 0 and 28 with x85
congruent to 6
module 29
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
19
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
d) Euler Totient Function
1. Find the value of
Φ (231)
Φ (440)
e) Euler’s Theorem
1. Use Euler‟s theorem to find a number a between 0 and 9 such that a is congruent to
71000
modulo 10
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
20
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
2. Use Euler‟s theorem to find a number x between 0 and 28 with x85
congruent to 6
module 35
f) Primitive Root:
o from Euler‟s theorem have aø(n)
mod n=1
o consider am
=1 (mod n), GCD(a,n)=1
o must exist for m = ø(n) but may be smaller
o once powers reach m, cycle will repeat
o if smallest is m = ø(n) then a is called a primitive root
o if p is prime, then successive powers of a "generate" the group mod p
o these are useful but relatively hard to find
1. Primitive root of mod 19
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
21
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Testing for Primality
Miller Rabin Test:
• a test based on Fermat‟s Theorem
• algorithm is:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n–1)=2k
q
2. Select a random integer a, 1<a<n–1
3. if aq
mod n = 1 then return (“maybe prime");
4. for j = 0 to k – 1 do
5. if (a2jq
mod n = n-1)
then return(" maybe prime ")
6. return ("composite")
Topic: The Chinese Remainder Theorem
 to compute A(mod M)
o first compute all ai = A mod mi separately
o determine constants ci below, where Mi = M/mi
o then combine results to get answer using:
1. Using Chinese Remainder Theorem solve x for,
x ≡ 2 (mod 3); x ≡ 3 (mod 5); x ≡ 2 (mod 7)
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
22
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Discrete logarithms
 the inverse problem to exponentiation is to find the discrete logarithm of a number
modulo p
 that is to find i such that b = ai
(mod p)
 this is written as i = dloga b (mod p)
 if a is a primitive root then it always exists, otherwise it may not, eg.
x = log3 4 mod 13 has no answer
x = log2 3 mod 13 = 4 by trying successive powers
 whilst exponentiation is relatively easy, finding discrete logarithms is generally a hard
problem
Question Bank
Q. No Question
Marks
Allotted
Knowledge
Level
Number
of Times
in AU
PART – A
INTRODUCTION
1. Differentiate between Active attacks and Passive Attacks. 2 K2 2
2. Define Steganography. 2 K1
3. Define cryptanalysis. 2 K1
4. Classify the security threats. 2 K1
5. Define cryptography. 2 K1
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
23
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
6. What is traffic padding? What is its purpose? 2 K1
7. What are the security mechanisms provided through cryptography? 2 K1
8. Why network needs security? 2 K1
NUMBER THEORY
9. State Euler‟s theorem. 2 K1 1
10. Find 117
mod 13. 2 K2
11. Define primitive root. 2 K1
12. Why is Modular arithmetic used in cryptography? 2 K1
13. Why are Random numbers used in Network Security? 2 K1
14. Find GCD of 1070 and 1066 using Euclid algorithm. 2 K2 2
15. Sate Fermat‟s theorem. 2 K1 2
16. Define order of a group. Find the order of all elements in G =<
Z10*,*>.
2 K1 1
CLASSICAL ENCRYPTION TECHNIQUES
17. Compare Substitution and Transposition techniques. 2 K2
18. Compare Block and Stream cipher mechanisms. 2 K2
19. Illustrate the two basic functions used in encryption algorithms. 2 K2
20.
Decipher the following cipher Text using brute
force attack: CMTMROOEOORW (Hint:
Algorithm-Rail fence).
2
K3
21. Give an example each for substitution and transposition ciphers. 2 K2
22.
Convert the Given Text “kamaraj college of engineering and
technology” into cipher text using Rail fence Technique.
2 K2
23. Identify the list of keys that are required for two people to
communicate via a cipher?
2 K3
24. Why is asymmetric encryption bad for huge data? Specify the
reason.
2 K2 1
PART B
NUMBER THEORY
25. State and Derive Fermat‟s theorem & Euler‟s
theorem.
13 K2 1
26. State and explain Chinese remainder theorem with example. 13 K2 3
27. Explain the following in detail
(i) Modular Exponentiation
(ii) Finite fields
13
K2 1
28. Explain the following. Groups, Rings and Field. 13 K2 1
INTRODUCTION
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
24
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
29. Explain the different security mechanisms focused by OSI
Security architecture.
13 K2 1
CLASSICAL ENCRYPTION TECHNIQUES
30. Describe the substitution Techniques in detail. 13 K2 4
31. Describe the Transposition Techniques in detail. 13 K2 2
PART C
CLASSICAL ENCRYPTION TECHNIQUES
32. Encrypt the message “PAY” using hill cipher with the
following key matrix and show the decryption to get original
plain text.
| 17 17 5 |
K= | 21 18 21 |
| 2 2 19 |
15 K3
33. Given Cipher text “YMJTYMJWXNIJTKXNQJSHJ”,
knowing the messageis encrypted by Caesar cipher and k=5.
Try to decrypt the message.
15 K2
34. Differentiate between transposition cipher and substitution
cipher. Apply two
stage transpositions Cipher on the “treat diagrams as single
units” using the keyword “sequence”.
15 K2
35. (i) State the rules to perform encryption using playfair cipher
and encrypt
“snowshooos” using „monarchy‟ I and J count as one letter and
x is the filler letter.
(ii) Encrypt the word “Semester Result” with the keyword
“Examination” using playfair cipher.
15 K2 2
36. State and explain Chinese Remainder theorem. Using the same,
find an integer that has a remainder of 3 when divided by 7,4
when divided by 13 but is divisible by 12.
15 K2 3
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
25
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
DEPARTMENT OF INFORMATION TECHNOLOGY
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY
IV IT 2019 – 2020 ODD
UNIT II - BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY
Worksheet
Topic: Data Encryption Standard
Introduction:
The Data Encryption Standard (DES) is a ____________________,
________________ published by the
___________________________________________________ (____________) in the year
______________.
DES Structure:
Specification:
 Size of the plain text –
 Size of the cipher text –
 Size of the key –
 Number of rounds -
 Number of sub keys -
 Size of sub key -
 Number of S – boxes -
 Operations -
Encryption
Process
Decryption
Process
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
26
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
a) Initial Permutation:
Input:
Output:
Makes use of P - box
b) Rounds:
Input:
Output:
Encryption Process:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
27
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Round Function:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
28
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
c) Final Permutation
Input:
Output:
Makes use of P - box
d) Key Generation
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
29
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
S – DES
Encryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
30
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Key Generation:
S – DES Structure:
Specification:
 Size of the plain text –
 Size of the cipher text –
 Size of the key –
 Number of rounds -
 Number of sub keys -
 Size of sub key -
 Number of S – boxes -
 Operations -
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
31
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Properties:
Avalanche effect means a small change in the plaintext (or key) should create a
significant change in the cipher text. DES has been proved to be strong with regard to this
property.
Completeness effect means that each bit of the cipher text needs to depend on many bits
on the plaintext. The diffusion and confusion produced by D-boxes and S-boxes in DES,
show a very strong completeness effect.
Topic: Block Cipher Principles- Block Cipher Modes of Operation
 Electronic Codebook Block (ECB)
 Independent blocks
 Encryption Process :
 Decryption Process :
 Advantage:
o Simple
 Limitations
o Message repetition may show in cipher text
o Vulnerable to cut and paste attack
 Use
o Confidentiality: Sending few blocks of data
Encryption:
Decryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
32
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
 Cipher Block Chaining (CBC)
 Message is broken into blocks
 Encryption:
 Decryption:
 Limitations:
o A cipher text block depends on all blocks before it
o Any change to a block affects all following cipher text blocks
o need Initialization Vector (IV)
 which must be known to sender & receiver
 Use:
o Bulk data encryption
o Authentication
Encryption:
Decryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
33
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
 Cipher Feedback Mode (CFB)
 Stream oriented processing
 Encryption:
 Decryption:
 Limitation:
o Errors propagate for several blocks
 Use:
o Authentication
Encryption
Decryption
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
34
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
 Output Feedback Mode (OFB)
 Stream oriented processing
 Encryption:
 Decryption:
 Advantage:
o Bit errors do not propagate
 Limitations:
o Need initial vector
o Sender and receiver must remain in synchronized
 Use:
o Stream encryption on noisy channels
Encryption:
Decryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
35
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
 Counter Mode (CTR)
 Processed in parallel
 Stream oriented processing
 Encryption:
 Decryption:
 Advantage:
o Efficient
o Good for busty high speed links
o Random access to encrypted data blocks
o Provable security
 Uses:
o High speed network encryption
Encryption:
Decryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
36
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Advanced Encryption Standard (AES)
Specification:
 Size of plain text -
 Size of cipher text -
 Size of key -
 Operations -
Initial Criteria:



Final Criteria:




Overall Structure:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
37
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Triple DES
Double DES
Encryption:
Decryption:
Triple DES
Encryption:
Decryption:
Topic: Blowfish
Topic: RC5 algorithm
Topic: Public key cryptography: Principles of public key cryptosystems
Topic: The RSA algorithm
Step 1:
Step 2:
Step 3:
Encryption:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
38
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Step 1:
Step 2:
Decryption:
Step 1:
Step 2:
Topic: Key management - Diffie Hellman Key exchange
Topic: Elliptic curve arithmetic-Elliptic curve cryptography
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
39
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
DEPARTMENT OF INFORMATION TECHNOLOGY
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY
IV IT 2019 – 2020 ODD
UNIT IV - SECURITY PRACTICE & SYSTEM SECURITY
Worksheet
Topic: Firewall
Definition:
 Effective means of ______________________________________ from
___________________________________________ while affording access to the
outside world via WAN`s or the Internet
Firewall Design Principles:



Firewall Characteristics:
Design Goals
 All traffic from ________________________________________________________
 Only _________________________________ will be allowed to pass
 The firewall itself is __________________________________________
General Techniques




CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
40
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Scope of Firewall
 A firewall defines a _______________________ that keeps
________________________ out of the protected network.
 A firewall provides a ___________________________________________________.
 A firewall is a _______________________________________________ that are not
security related.
 A firewall can serve as the ___________________________________.
Limitations
 The firewall cannot protect against _______________________ the firewall.
 The firewall may not protect fully against ___________________.
 An internal firewall that separates portions of an enterprise network cannot guard
against _________________________________________ on different sides of the
internal firewall.
 A ____________, __________, or _____________________________ may be used
and infected outside the corporate network, and then attached and used internally.
Types of Firewalls:



Packet Filtering Routers:
 Applies a _____________________ to each __________________________ and then
__________________ or _____________________ the packet
 Filter packets going in ___________ directions
 The packet filter is typically set up as _______________________ based on
________________________________ header
o
o
o
o
o
 Two default policies (discard or forward)
o
o
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
41
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Example:
Rule 1:
Rule 2:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
42
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Rule 3:
Rule 4:
Rule 5:
Advantages:



Disadvantages:


Attacks and Countermeasures:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
43
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology



Application Level Gateway:
 An application-level gateway (or ______________________), acts as a
_________________________________________________________.
 A user contacts the gateway using ___________________________ and gateway
asks the user for the _______________________________ to be accessed.
 When the user responds and provides a ___________________ and
________________________________, the gateway contacts the
________________________ on the ____________________ and
___________________________ containing the application data between the two
endpoints.
Advantages:
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
44
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology



Disadvantages:

Circuit Level Gateway:
 A circuit-level gateway ________________________________, one between
____________ and an ____________________, and the other between
_____________ and a _______________________________.
 Once the two connections are established, it relays ___________________ from one
connection to the other ______________________________________________.
 The ____________________________ consists of determining which
_________________________________________.
 It is typically used when __________________________ are _______________ to
decide what ____________________________________.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
45
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Bastion Host:
 A bastion host is a ___________________________ in the network‟s security,
serving as a _______________________ for an _____________________________
or ______________________________, or for external services.
Characteristics:









Firewall Configuration:
1. Screened host firewall system (single-homed bastion host)
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
46
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
 Firewall consists of two systems:
o
o
 Greater security than single configurations because of two reasons:
o
o
2. Screened host firewall system (dual-homed bastion host)
3. Screened-subnet firewall system
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
47
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Virus and related threats
Malicious Software:
1.
2.
3.
4.
5.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
48
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
6. Viruses:
 A piece of ___________________________ attached to some other code
Virus Operations:
 Virus phases:
o – waiting on trigger event
o – replicating to programs/disks
o – by event to execute payload
o – of payload
Virus Structure:
program V :=
{goto main;
1234567;
subroutine infect-executable := {loop:
file := get-random-executable-file;
if (first-line-of-file = 1234567) then goto loop
else prepend V to file; }
subroutine do-damage := {whatever damage is to be done}
subroutine trigger-pulled := {return true if some condition holds}
main: main-program := {infect-executable;
if trigger-pulled then do-damage;
goto next;}
next:
}
Types of Viruses:






CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
49
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
Topic: Virus Countermeasures
Three ways:



Antivirus Software:
 First Generation
o
o
 Second Generation
o
o
 Third Generation
o
 Fourth Generation
o
Advanced Antivirus Techniques:


CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
50
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
DEPARTMENT OF INFORMATION TECHNOLOGY
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY
IV IT 2019 – 2020 ODD
UNIT IV - SECURITY PRACTICE & SYSTEM SECURITY
Worksheet
Topic: E - Mail Security
Threats in E - Mail:





Requirements:




Solutions:


Protocol / Program Supported:


Pretty Good Privacy (PGP):
 It is developed by _________________________________ and it is
_______________ software.
 It runs on _____________ platform.
PGP Operations:
1.
CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT
51
Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology
2.
3.
4.

Cryptography Workbook

  • 1.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 1 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology DEPARTMENT OF INFORMATION TECHNOLOGY CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT 2019 – 2020 ODD UNIT I - INTRODUCTION & NUMBER THEORY Worksheet Topic: Services, Mechanisms and Attacks Terminologies:  ___________________ is the study of techniques for ensuring secrecy & authentication of information o ____________________ is the art or science encompassing the principles and methods of transforming an intelligible message into one that is unintelligible and then retransforming that message back to its original form o ____________________ is the process of attempting to discover message or key or both  _______________________ is a generic name for the collection of tools designed to protect data and to thwart hackers  _______________________ is a measures to protect data during their transmission  _______________________ is a measures to protect data during their transmission over a collection of interconnected networks  _______________________ is that any action that compromises the security of information owned by an organization  _______________________ is a mechanism that is designed to detect, prevent or recover from a security attack  _______________________ is a service that enhances the security of the data processing systems and the information transfers of an organization  _______________________ is a process of converting plaintext to cipher text using a cipher and a key  _______________________ is a process of converting cipher text back into plaintext using a cipher and a key
  • 2.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 2 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology  ______________________ is An algorithm for transforming an intelligible message into one that is unintelligible by transposition and/or substitution methods Three independent dimensions of cryptography: 1. a) b) 2. a) b) 3. a) b) Types of cryptanalytic attacks: 1. 2. 3. 4. Topic: OSI Security Architecture a) Security Services: Ensures that the information in a computer system a n d transmitted information are accessible only for reading by authorized parties. Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false Ensures that only authorized parties are able to modify computer system assets and transmitted information Requires that neither the sender nor the receiver of a message be able to deny the transmission. Requires that access to information resources may be controlled by or the target system. Requires that computer system assets be available to authorized parties when needed.
  • 3.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 3 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology b) Security Attacks: Match the following: Masquerade Some portion of message is altered or the messages are delayed or recorded, to produce an unauthorized effect. Replay Prevents or inhibits the normal use or management of communication facilities Modification of messages involves passive capture of a data unit and its subsequent transmission to produce an unauthorized effect. Denial of service One entity pretends to be a different entity.
  • 4.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 4 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology c) Security Mechanism: Specific Security Mechanis m Pervasive Security Mechanis m
  • 5.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 5 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Network Security Model Topic: Classical Encryption techniques (Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Steganography) a) Symmetric Cipher Model Symmetric encryption is a form of cryptosystem in which ___________________ and _______________________ are performed using the ___________ key. Ingredients: i. ii. iii.
  • 6.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 6 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology iv. v. b) Substitution Techniques i) Caesar Cipher: Encryption Process Decryption Process General Form: Encryption Process Decryption Process Key Space: Drawback: 1. Encrypt and decrypt the plain text “Today we have cryptography and network security class during afternoon” using key as 15
  • 7.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 7 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 2. Perform brute force attack on “ojbqrxw rb cqn vxbc ruudbrxw hxd ljw qjen” ii) Playfair Cipher Key Generation: 1. 2. 3. 4. Encryption: 1. 2. 3. 4. 5. Decryption: 
  • 8.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 8 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Strength:  Drawback:  1. Generate the key matrix for the key “beautiful” 2. Encrypt the plain text “We enjoyed the educational tour” using above key 3. Decrypt the cipher text “RVKFWQAFSPGMRORFPZMPBANRKWMWDAMVFHVRPZ” using the key “avengers”
  • 9.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 9 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology iii) Hill Cipher: Encryption Process Decryption Process Advantage: Disadvantage: 1. Encrypt the plain text “welcome” using the key ( )
  • 10.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 10 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 2. Decrypt the cipher text “OYKHWBZI” using hill cipher. The cipher text is obtained by encrypting the plain text with the key       54 32 Inverse key: Decryption:
  • 11.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 11 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 3. Decrypt the cipher text “DPQRQ EVKPQ LR” using hill cipher. The cipher text is obtained by encrypting the plain text with the key ( ) Inverse key:
  • 12.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 12 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Decryption:
  • 13.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 13 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology iv) Vigenere Cipher: Encryption Process Decryption Process Strength: 1. Encrypt the message “we are discovered yourself” using the key “world” v) Autokey Cipher 1. Encrypt the message “we are discovered yourself” using the key “world” vi) One Time Pad:
  • 14.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 14 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Advantage: Disadvantage: c) Transposition Techniques i) Rail Fence: 1. Encrypt the message “computer science engineering” ii) Row Columnar Transposition: 1. Encrypt the message “computer science engineering” using the key “423165”
  • 15.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 15 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: FINITE FIELDS AND NUMBER THEORY-Groups, Rings, Fields a) Group: Group is a set of elements denoted by {G, *} where, * is a binary operations. Axioms: i. ii. iii. iv. Abelian group: v. b) Rings: A ring R, sometimes denoted by {R, +, x}, is a set of elements with two binary operations, called addition and multiplication. Axioms: i. ii. iii. Commutative Ring: iv. Integral Domain: v. vi. c) Fields A field F, sometimes denoted by {F, +, x}, is a set of elements with two binary operations, called addition and multiplication. Axioms:  All above axioms vii.
  • 16.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 16 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Modular arithmetic- Euclid’s algorithm Modular Arithmetic: Modular arithmetic is 'clock arithmetic' b mod n says when divided by n have a remainder r a = qn + r a and b are congruent if; a mod n = b mod n Properties: i. [(a mod n) + (b mod n)] mod n = (a + b) mod n ii. [(a mod n) - (b mod n)] mod n = (a - b) mod n iii. [(a mod n) * (b mod n)] mod n = (a * b) mod n Euclid’s Algorithm:  To find the GCD of two numbers  GCD (a,b) = GCD(b, a mod b) Euclid(a, b): if(b == 0) return a; else return Euclid(b, a mod b); 1. Determine the gcd (24140, 16762)
  • 17.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 17 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 2. Determine the gcd (4655, 12075) Extended Euclid’s Algorithm:  To find the value of x and y in an equation ax + by = d = gcd(a,b)  If gcd(a,b) = 1 then these values are inverse 1. Using the extended Euclidean algorithm, find the multiplicative inverse of 1234 mod 4321
  • 18.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 18 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Number Theory a) Prime Numbers:  Prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers b) Prime Factorization:  To factors a number „n‟ is to write it as a product of other numbers  n = a * b * c such that a, b, c are primes 1. Factor 4883 and 4369 into products of primes. c) Fermet’s Theorem 1. Using the Fermat‟s theorem, find 3201 mod 11 2. Use Fermat‟s theorem to find a number x between 0 and 28 with x85 congruent to 6 module 29
  • 19.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 19 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology d) Euler Totient Function 1. Find the value of Φ (231) Φ (440) e) Euler’s Theorem 1. Use Euler‟s theorem to find a number a between 0 and 9 such that a is congruent to 71000 modulo 10
  • 20.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 20 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 2. Use Euler‟s theorem to find a number x between 0 and 28 with x85 congruent to 6 module 35 f) Primitive Root: o from Euler‟s theorem have aø(n) mod n=1 o consider am =1 (mod n), GCD(a,n)=1 o must exist for m = ø(n) but may be smaller o once powers reach m, cycle will repeat o if smallest is m = ø(n) then a is called a primitive root o if p is prime, then successive powers of a "generate" the group mod p o these are useful but relatively hard to find 1. Primitive root of mod 19
  • 21.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 21 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Testing for Primality Miller Rabin Test: • a test based on Fermat‟s Theorem • algorithm is: TEST (n) is: 1. Find integers k, q, k > 0, q odd, so that (n–1)=2k q 2. Select a random integer a, 1<a<n–1 3. if aq mod n = 1 then return (“maybe prime"); 4. for j = 0 to k – 1 do 5. if (a2jq mod n = n-1) then return(" maybe prime ") 6. return ("composite") Topic: The Chinese Remainder Theorem  to compute A(mod M) o first compute all ai = A mod mi separately o determine constants ci below, where Mi = M/mi o then combine results to get answer using: 1. Using Chinese Remainder Theorem solve x for, x ≡ 2 (mod 3); x ≡ 3 (mod 5); x ≡ 2 (mod 7)
  • 22.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 22 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Discrete logarithms  the inverse problem to exponentiation is to find the discrete logarithm of a number modulo p  that is to find i such that b = ai (mod p)  this is written as i = dloga b (mod p)  if a is a primitive root then it always exists, otherwise it may not, eg. x = log3 4 mod 13 has no answer x = log2 3 mod 13 = 4 by trying successive powers  whilst exponentiation is relatively easy, finding discrete logarithms is generally a hard problem Question Bank Q. No Question Marks Allotted Knowledge Level Number of Times in AU PART – A INTRODUCTION 1. Differentiate between Active attacks and Passive Attacks. 2 K2 2 2. Define Steganography. 2 K1 3. Define cryptanalysis. 2 K1 4. Classify the security threats. 2 K1 5. Define cryptography. 2 K1
  • 23.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 23 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 6. What is traffic padding? What is its purpose? 2 K1 7. What are the security mechanisms provided through cryptography? 2 K1 8. Why network needs security? 2 K1 NUMBER THEORY 9. State Euler‟s theorem. 2 K1 1 10. Find 117 mod 13. 2 K2 11. Define primitive root. 2 K1 12. Why is Modular arithmetic used in cryptography? 2 K1 13. Why are Random numbers used in Network Security? 2 K1 14. Find GCD of 1070 and 1066 using Euclid algorithm. 2 K2 2 15. Sate Fermat‟s theorem. 2 K1 2 16. Define order of a group. Find the order of all elements in G =< Z10*,*>. 2 K1 1 CLASSICAL ENCRYPTION TECHNIQUES 17. Compare Substitution and Transposition techniques. 2 K2 18. Compare Block and Stream cipher mechanisms. 2 K2 19. Illustrate the two basic functions used in encryption algorithms. 2 K2 20. Decipher the following cipher Text using brute force attack: CMTMROOEOORW (Hint: Algorithm-Rail fence). 2 K3 21. Give an example each for substitution and transposition ciphers. 2 K2 22. Convert the Given Text “kamaraj college of engineering and technology” into cipher text using Rail fence Technique. 2 K2 23. Identify the list of keys that are required for two people to communicate via a cipher? 2 K3 24. Why is asymmetric encryption bad for huge data? Specify the reason. 2 K2 1 PART B NUMBER THEORY 25. State and Derive Fermat‟s theorem & Euler‟s theorem. 13 K2 1 26. State and explain Chinese remainder theorem with example. 13 K2 3 27. Explain the following in detail (i) Modular Exponentiation (ii) Finite fields 13 K2 1 28. Explain the following. Groups, Rings and Field. 13 K2 1 INTRODUCTION
  • 24.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 24 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 29. Explain the different security mechanisms focused by OSI Security architecture. 13 K2 1 CLASSICAL ENCRYPTION TECHNIQUES 30. Describe the substitution Techniques in detail. 13 K2 4 31. Describe the Transposition Techniques in detail. 13 K2 2 PART C CLASSICAL ENCRYPTION TECHNIQUES 32. Encrypt the message “PAY” using hill cipher with the following key matrix and show the decryption to get original plain text. | 17 17 5 | K= | 21 18 21 | | 2 2 19 | 15 K3 33. Given Cipher text “YMJTYMJWXNIJTKXNQJSHJ”, knowing the messageis encrypted by Caesar cipher and k=5. Try to decrypt the message. 15 K2 34. Differentiate between transposition cipher and substitution cipher. Apply two stage transpositions Cipher on the “treat diagrams as single units” using the keyword “sequence”. 15 K2 35. (i) State the rules to perform encryption using playfair cipher and encrypt “snowshooos” using „monarchy‟ I and J count as one letter and x is the filler letter. (ii) Encrypt the word “Semester Result” with the keyword “Examination” using playfair cipher. 15 K2 2 36. State and explain Chinese Remainder theorem. Using the same, find an integer that has a remainder of 3 when divided by 7,4 when divided by 13 but is divisible by 12. 15 K2 3
  • 25.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 25 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology DEPARTMENT OF INFORMATION TECHNOLOGY CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT 2019 – 2020 ODD UNIT II - BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY Worksheet Topic: Data Encryption Standard Introduction: The Data Encryption Standard (DES) is a ____________________, ________________ published by the ___________________________________________________ (____________) in the year ______________. DES Structure: Specification:  Size of the plain text –  Size of the cipher text –  Size of the key –  Number of rounds -  Number of sub keys -  Size of sub key -  Number of S – boxes -  Operations - Encryption Process Decryption Process
  • 26.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 26 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology a) Initial Permutation: Input: Output: Makes use of P - box b) Rounds: Input: Output: Encryption Process:
  • 27.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 27 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Round Function:
  • 28.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 28 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology c) Final Permutation Input: Output: Makes use of P - box d) Key Generation
  • 29.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 29 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology S – DES Encryption:
  • 30.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 30 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Key Generation: S – DES Structure: Specification:  Size of the plain text –  Size of the cipher text –  Size of the key –  Number of rounds -  Number of sub keys -  Size of sub key -  Number of S – boxes -  Operations -
  • 31.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 31 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Properties: Avalanche effect means a small change in the plaintext (or key) should create a significant change in the cipher text. DES has been proved to be strong with regard to this property. Completeness effect means that each bit of the cipher text needs to depend on many bits on the plaintext. The diffusion and confusion produced by D-boxes and S-boxes in DES, show a very strong completeness effect. Topic: Block Cipher Principles- Block Cipher Modes of Operation  Electronic Codebook Block (ECB)  Independent blocks  Encryption Process :  Decryption Process :  Advantage: o Simple  Limitations o Message repetition may show in cipher text o Vulnerable to cut and paste attack  Use o Confidentiality: Sending few blocks of data Encryption: Decryption:
  • 32.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 32 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology  Cipher Block Chaining (CBC)  Message is broken into blocks  Encryption:  Decryption:  Limitations: o A cipher text block depends on all blocks before it o Any change to a block affects all following cipher text blocks o need Initialization Vector (IV)  which must be known to sender & receiver  Use: o Bulk data encryption o Authentication Encryption: Decryption:
  • 33.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 33 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology  Cipher Feedback Mode (CFB)  Stream oriented processing  Encryption:  Decryption:  Limitation: o Errors propagate for several blocks  Use: o Authentication Encryption Decryption
  • 34.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 34 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology  Output Feedback Mode (OFB)  Stream oriented processing  Encryption:  Decryption:  Advantage: o Bit errors do not propagate  Limitations: o Need initial vector o Sender and receiver must remain in synchronized  Use: o Stream encryption on noisy channels Encryption: Decryption:
  • 35.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 35 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology  Counter Mode (CTR)  Processed in parallel  Stream oriented processing  Encryption:  Decryption:  Advantage: o Efficient o Good for busty high speed links o Random access to encrypted data blocks o Provable security  Uses: o High speed network encryption Encryption: Decryption:
  • 36.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 36 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Advanced Encryption Standard (AES) Specification:  Size of plain text -  Size of cipher text -  Size of key -  Operations - Initial Criteria:    Final Criteria:     Overall Structure:
  • 37.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 37 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Triple DES Double DES Encryption: Decryption: Triple DES Encryption: Decryption: Topic: Blowfish Topic: RC5 algorithm Topic: Public key cryptography: Principles of public key cryptosystems Topic: The RSA algorithm Step 1: Step 2: Step 3: Encryption:
  • 38.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 38 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Step 1: Step 2: Decryption: Step 1: Step 2: Topic: Key management - Diffie Hellman Key exchange Topic: Elliptic curve arithmetic-Elliptic curve cryptography
  • 39.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 39 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology DEPARTMENT OF INFORMATION TECHNOLOGY CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT 2019 – 2020 ODD UNIT IV - SECURITY PRACTICE & SYSTEM SECURITY Worksheet Topic: Firewall Definition:  Effective means of ______________________________________ from ___________________________________________ while affording access to the outside world via WAN`s or the Internet Firewall Design Principles:    Firewall Characteristics: Design Goals  All traffic from ________________________________________________________  Only _________________________________ will be allowed to pass  The firewall itself is __________________________________________ General Techniques    
  • 40.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 40 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Scope of Firewall  A firewall defines a _______________________ that keeps ________________________ out of the protected network.  A firewall provides a ___________________________________________________.  A firewall is a _______________________________________________ that are not security related.  A firewall can serve as the ___________________________________. Limitations  The firewall cannot protect against _______________________ the firewall.  The firewall may not protect fully against ___________________.  An internal firewall that separates portions of an enterprise network cannot guard against _________________________________________ on different sides of the internal firewall.  A ____________, __________, or _____________________________ may be used and infected outside the corporate network, and then attached and used internally. Types of Firewalls:    Packet Filtering Routers:  Applies a _____________________ to each __________________________ and then __________________ or _____________________ the packet  Filter packets going in ___________ directions  The packet filter is typically set up as _______________________ based on ________________________________ header o o o o o  Two default policies (discard or forward) o o
  • 41.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 41 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Example: Rule 1: Rule 2:
  • 42.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 42 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Rule 3: Rule 4: Rule 5: Advantages:    Disadvantages:   Attacks and Countermeasures:
  • 43.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 43 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology    Application Level Gateway:  An application-level gateway (or ______________________), acts as a _________________________________________________________.  A user contacts the gateway using ___________________________ and gateway asks the user for the _______________________________ to be accessed.  When the user responds and provides a ___________________ and ________________________________, the gateway contacts the ________________________ on the ____________________ and ___________________________ containing the application data between the two endpoints. Advantages:
  • 44.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 44 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology    Disadvantages:  Circuit Level Gateway:  A circuit-level gateway ________________________________, one between ____________ and an ____________________, and the other between _____________ and a _______________________________.  Once the two connections are established, it relays ___________________ from one connection to the other ______________________________________________.  The ____________________________ consists of determining which _________________________________________.  It is typically used when __________________________ are _______________ to decide what ____________________________________.
  • 45.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 45 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Bastion Host:  A bastion host is a ___________________________ in the network‟s security, serving as a _______________________ for an _____________________________ or ______________________________, or for external services. Characteristics:          Firewall Configuration: 1. Screened host firewall system (single-homed bastion host)
  • 46.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 46 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology  Firewall consists of two systems: o o  Greater security than single configurations because of two reasons: o o 2. Screened host firewall system (dual-homed bastion host) 3. Screened-subnet firewall system
  • 47.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 47 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Virus and related threats Malicious Software: 1. 2. 3. 4. 5.
  • 48.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 48 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 6. Viruses:  A piece of ___________________________ attached to some other code Virus Operations:  Virus phases: o – waiting on trigger event o – replicating to programs/disks o – by event to execute payload o – of payload Virus Structure: program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file; } subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if some condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next: } Types of Viruses:      
  • 49.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 49 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology Topic: Virus Countermeasures Three ways:    Antivirus Software:  First Generation o o  Second Generation o o  Third Generation o  Fourth Generation o Advanced Antivirus Techniques:  
  • 50.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 50 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology DEPARTMENT OF INFORMATION TECHNOLOGY CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY IV IT 2019 – 2020 ODD UNIT IV - SECURITY PRACTICE & SYSTEM SECURITY Worksheet Topic: E - Mail Security Threats in E - Mail:      Requirements:     Solutions:   Protocol / Program Supported:   Pretty Good Privacy (PGP):  It is developed by _________________________________ and it is _______________ software.  It runs on _____________ platform. PGP Operations: 1.
  • 51.
    CS6701 – CRYPTOGRAPHYAND NETWORK SECURITY IV IT 51 Prepared by, R. Arthy, AP/IT, Kamaraj College of Engineering and Technology 2. 3. 4.