The document outlines an agenda for a cyber security workshop organized by RIGHT Org. It covers topics such as network fundamentals, OSI and TCP/IP models, information security overview and components, common attacks, cryptography, authorization and authentication, firewalls, and hacking tools. The workshop will introduce networking concepts, security threats, cryptography techniques for confidentiality and integrity, and tools for virtual machines, packet tracing, and penetration testing.
Two Days National Level Workshop on Network Security on Februrary 27th and 28th 2015 organzied by Department of Computer Science, Rathinam College of Arts and Science, Eachanari, Coimbatore.
The sessions are handled by Mr. Neeraj Kumar, Associate Consultant Information and Network Security, UTL Technologies, Banagalore.
The program was organized in association with UTL Technologies, Bangalore.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
Two Days National Level Workshop on Network Security on Februrary 27th and 28th 2015 organzied by Department of Computer Science, Rathinam College of Arts and Science, Eachanari, Coimbatore.
The sessions are handled by Mr. Neeraj Kumar, Associate Consultant Information and Network Security, UTL Technologies, Banagalore.
The program was organized in association with UTL Technologies, Bangalore.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
CNIT 125 6. Identity and Access ManagementSam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Po...Gurbir Singh
A high level view, without using maths of the development in cryptography since World War 2. Professor Piper covers the changing attitudes of governments, the significance of Public key cryptography in modern society and the potential impact on information security professionals.
This was a presentation for the Institute of Information Security Professionals NW branch meeting in Manchester on 11th June 2013.
The copyright is held by the author - Prof. Fred Piper
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
Security Concepts: Introduction, The need for security, Security approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A model for Network Security Cryptography Concepts and Techniques: Introduction, plain text and cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and asymmetric key cryptography, steganography, key range and key size, possible types of attacks
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
This series in about the Entrepreneurial and E-Commerce opportunities and how to harness the power of Information Technology to improve or revolutionize business.
This session discusses about:
the types of threats that could occur to an e-commerce business, and what are the prevention methods and technologies available for such threats.
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_S18.shtml
Series of documented process.
Used to define policies and procedures.
For implementation and management information security.
Basically blueprints.
For building information security program.
To manage risks and vulnerabilities.
Computer Virus:
A program or piece of code.
Loaded into computer
Without your knowledge
Runs against your wishes.
Erases files, slow down PC’s, Format HDD and crash your system.
Types of virus:
Boot Viruses
Polymorphic Viruses
Macro Viruses
Worms
Trojans
Spywares
Encryption:
Process of converting Plaintext(readable data) into a form which hides its content, called Cypher-text.
Decryption:
Reverse process of encryption.
With cypher-text converted back into corresponding plaintext.
#securityFramework
Dale Peterson and Corey Thuen pinch hit for Kyle Wilhoit to present his concept of malware incubation. It is creating a realistic environment for malware to be grown so that it can be studied and help with incident response.
CNIT 125 6. Identity and Access ManagementSam Bowne
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Prof. Fred Piper: Professor Fred Piper -: Cryptography - From Black Art to Po...Gurbir Singh
A high level view, without using maths of the development in cryptography since World War 2. Professor Piper covers the changing attitudes of governments, the significance of Public key cryptography in modern society and the potential impact on information security professionals.
This was a presentation for the Institute of Information Security Professionals NW branch meeting in Manchester on 11th June 2013.
The copyright is held by the author - Prof. Fred Piper
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
Security Concepts: Introduction, The need for security, Security approaches, Principles of security, Types of Security attacks, Security services, Security Mechanisms, A model for Network Security Cryptography Concepts and Techniques: Introduction, plain text and cipher text, substitution techniques, transposition techniques, encryption and decryption, symmetric and asymmetric key cryptography, steganography, key range and key size, possible types of attacks
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
This series in about the Entrepreneurial and E-Commerce opportunities and how to harness the power of Information Technology to improve or revolutionize business.
This session discusses about:
the types of threats that could occur to an e-commerce business, and what are the prevention methods and technologies available for such threats.
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/123/123_S18.shtml
Series of documented process.
Used to define policies and procedures.
For implementation and management information security.
Basically blueprints.
For building information security program.
To manage risks and vulnerabilities.
Computer Virus:
A program or piece of code.
Loaded into computer
Without your knowledge
Runs against your wishes.
Erases files, slow down PC’s, Format HDD and crash your system.
Types of virus:
Boot Viruses
Polymorphic Viruses
Macro Viruses
Worms
Trojans
Spywares
Encryption:
Process of converting Plaintext(readable data) into a form which hides its content, called Cypher-text.
Decryption:
Reverse process of encryption.
With cypher-text converted back into corresponding plaintext.
#securityFramework
Dale Peterson and Corey Thuen pinch hit for Kyle Wilhoit to present his concept of malware incubation. It is creating a realistic environment for malware to be grown so that it can be studied and help with incident response.
encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
2. OUTLINE
• Network Fundamentals
• OSI
• TCP/IP
• Protocols
• Information security
• Overview
• Components
• Common Attacks
• Cryptography
• Traditional
• Modern
• Authorization & Authentication
• Firewall
• Access control
• Next Generation
• Hack The Box
• Tools
• VM
• Packet Tracer
• Kali & Nethunter
3. NETWORK FUNDAMENTALS
INTRODUCTION
A network is a set of devices (often referred to as nodes) connected by communication
links. A node can be a computer, printer, or any other device capable of sending and/or
receiving data generated by other nodes on the network.
Standards:
De facto standards that have not been approved by an organized body but have been
adopted as standards through widespread use.
De jure those standards that have been legislated by an officially recognized body.
ISO, IEEE, ANSI, TIA, IETF, ITU-T
5. OSI REFERENCE MODEL
• De Jure Standard
Established in 1947, the International Standards
Organization (ISO) is a multinational body
dedicated to worldwide agreement on
international standards. An ISO standard that
covers all aspects of network communications is
the Open Systems Interconnection (OSI) model.
It was first introduced in the late 1970s.
7. TCP/IP MODEL
• Open De Facto Standard
• Governed by IETF Working
• Support for a flexible architecture
• Adding more system to a network is easy.
• In TCP/IP, the network remains intact until
the source, and destination machines were
functioning properly.
• TCP is a connection-oriented protocol.
• TCP offers reliability and ensures that data
which arrives out of sequence should put
back into order.
• TCP allows you to implement flow control,
so sender never overpowers a receiver with
data.
8. INFORMATION SECURITY
OVERVIEW
• What is security?
• In general, security is “The quality or state of
being secure that is to be free from danger”.
• To be protected from adversaries from those
• who would do harm, intentionally or otherwise
• A successful organization should have
• Physical security is to protect
• physical objects, or areas of an organization from
unauthorized access and misuse
• Personal Security is to protect
• individual or group who are authorized to access
the organization and its operations
• Operations Security is to protect
• details of a particular operation or series of
activities
• Communications Security is to protect
• an organization’s communications media,
technology, and content
• Network security is to protect
• networking components ,connections, and contents
• Information Security is to protect
• information, critical elements, including the
systems and hardware.
9. INFORMATION SECURITY
An Information System is much more than computer hardware. It is the security of entire set:
• software, hardware, data, people, and procedures necessary to use information as a resource
• within and outside the organization
Briefly, information security is a work of
• Securing the component
• computer as a subject of attack (compute used as active tools for attack)
• computer as a object of attack (it is the entity being attack)
• Security and Access Balancing
• Perfect security is not possible
• Security should be considered a balance between protection and availability
• Security must allow reasonable access
• yet protect against threat
11. COMPONENTS OF InfoSec
• Confidentiality
• concealment of information or resources
• only seen by people who have the right to see it
• keeping information secret from unauthorized access
• Integrity
• refers to the trustworthiness of data or resources
• preventing improper or unauthorized change
• ensuring that information remains intact and unaltered
• includes both the correctness and the trustworthiness of the data
• Availability
• ability to use the information or resource desired
• having access to your information when you need it
• no person or event is able to block legitimate or timely access to information
• Information is useless if it is not available
• In some cases information needs to be changed constantly
• it must be accessible to those authorized to access it
12. ADDITIONAL OBJECTIVES
• Authenticity
• being genuine and able to be verified or trust
• to ensure that the data, transactions, communications or documents
• are genuine
• authenticity to validate that both parties involved are who they claim to be
• Accountability
• involves actions of an entity can be traced uniquely
• nonrepudiation, deterrence, fault isolation, intrusion, detection and prevention
• one party of a transaction cannot deny having received a transaction
• nor can the other party deny having sent a transaction
• Non-repudiation implies one’s intention to fulfill their obligations to a contract
13. COMMON SECURITY ATTACKS
• Attacks Threatening Confidentiality
• snooping and traffic analysis
• Snooping refers to unauthorized access to or interception of data
• Traffic analysis: information collected by an intruder by monitoring online traffic
• Attacks Threatening Integrity
• modification, masquerading, replaying and repudiation of information
• Attacks Threatening Availability
• Denial of Service (DOS) attack
• Make system so busy that it might collapses
• intercept message sent in one direction such that
• Sending system believe that other party or message has lost
• It should be resent
14. COMMON SECURITY ATTACKS
• Interruption: This is an attack on availability
• Disrupting traffic
• Physically breaking communication line
• Interception: This is an attack on confidentiality
• Overhearing, eavesdropping over a communication line
• Modification: This is an attack on integrity
• Corrupting transmitted data or tampering with it before it
reaches its destination
• Fabrication: This is an attack on authenticity
• Faking data as if it were created by a legitimate and
authentic party
15. CRYPTOGRAPHY
Cryptography!!
• Greek word, means “Secret Writing”
• Cryptography is used for information security
• To protect information from unauthorized or accidental disclosure
• Transform usable information to a for that renders
• unusable by anyone other than an authorized user
• this process is called encryption
• original message is known as plain text
• message sent through channel is referred to as cypher text
• Encrypted information can be transformed back into original usable form
• known as decryption
• done by cryptographic key
16. CYPHER TEXT GENERATION
Types of cypher text
• Traditional Ciphers: hiding information from intruders
• Substitution Ciphers
• Replace one symbol with another
• plain text characters are replaced by other characters
• Transposition Ciphers
• Does not substitute
• change the position of the symbols
• Modern symmetric key cyphers
• traditional cypher is no longer secure ??
• thus, modern symmetric-key ciphers have been developed
• combination of substitution, transposition and some other complex transformations
• Examples
• DES: Data Encryption Standard: developed by NIST in 1977;
• AES: Advanced Encryption Standard: NIST in 2001 (shortcoming of DES)
17. CRYPTOGRAPHY
ASYMMETRIC KEY
Asymmetric Key Cryptography
• used for confidentiality
• Unlike symmetric key cryptography; distinctive keys are used
• Private key and public key
• A public key encryption is only decrypt by private key
Both symmetric and asymmetric exist in parallel
• In symmetric key cryptography a secret token is shared between two parties
• in asymmetric key cryptography: token is unshared by two parties. Creates their own
token
• issues are: performance?? Key transfer?? Complement of each other(!!)
• advantage of one compensate the disadvantage of others
18. CRYPTOGRAPHY
TERMINOLOGIES
• Plaintext – original text
• Cipher Text – Encrypted text
• Cryptology – the art and science of making and breaking “secret codes.”
• Cryptography – the making of “secret codes.”
• Cryptanalysis – the breaking of “secret codes.”
• Crypto — a synonym for any or all of the above (and more), where the precise meaning should be
clear from context
• Decrypt – cipher text to plain text
We will discuss on
• Classical Crypto-system
• Symmetric key cryptography
• Public key cryptography
• Hash functions
• Advanced Cryptanalysis
19. OBJECTIVES OF CRYPTOSYSTEM
Objectives of the Cryptosystem
• make it infeasible to recover plain text from ciphertext
However, According to Kerckhoffs’ Principle
• Inner working mechanisms of cryptography are completely known to the attacker
• Design of cipher is not secret
• cipher – must not require to be secret
Why?
• Reverse engineering may discover the technique
• crypto algorithm must be tested with extensive public analysis
• without rigorous public testing – it may failed (ex. microsoft)
Security?: Best known attack on the system is impractical, in the sense of being computationally
impossible.
20. CLASSICAL CRYPTO SYSTEM
SUBSTITUTION
Cryptography for Confidentiality
• Substitution
• Transposition
Substitution Method
• cipher text generated by substituting the letter of n places ahead of current letter
• By looking each plain text letter and substitute by another letter
Convention: plain text in lowercase. cipher text in uppercase
Brute-force attack and exhaustive key search
How large the keyspace is?. If 240 per second
• keyspace of 256 can be exhausted in 216 seconds, 264 would take more than half a year; 2128
requires nine quintillion years.
22. CLASSICAL CRYPTO SYSTEM
TRANSPOSITION
Double Transposition Method
• Write the plain text into an array or matrix
• permute rows and columns
• suppose plain text in 3 × 4 matrix
Now, if we permute the rows according to (1, 2, 3) → (3, 2, 1) and then transpose the columns
according to (1, 2, 3, 4) → (4, 2, 1, 3) we obtain,
Cipher text is the final array
Bad news are in transposition symbols are there
Good news is – to break statistical information is not helpful
23. SYMMETRIC CRYPTOGRAPHY
BLOCK CIPHER
Block Cipher
• Splits plain text in fixed-sized blocks
• generated fixed-sized blocks of cipher
• an iterating function F is used for some number of round
• The function F is depends of output of the previous round and key K
• F is known as round function
• Example: Feistel Cipher describe the general principle
24. DATA ENCRYPTION STANDARD
Data Encryption Standard
• Developed in 1970 by IBM called Lucifer cipher
• For commercial use US NBS (now NIST) issues a request for cipher
• NBS has little number of crypto expert, therefore they turned to Gov secret agency NSA.
NSA design and use cipher and it is super secret
• But NSA was reluctant to get involved with DES
• Under pressure they agreed to study the Lucifer cipher provided that its role would not be
public
• eventually, people think NSA may placed backdoor so NSA along can break the code
• NSA changes the original Lucifer cipher to design DES
• Key length reduced to 64 from 128
• Also, found that 8-bits of 64-bits key was effectively discarded
• exhaustive key search reduce from 2127 to 255
25. DES STRUCTURE
• Change was made in Lucifer to involve
substitution box or S-boxes
• 16-round
• 64-bit block length
• 56-bit key
• 48-bit subkey from 56-bit key
• eight S-boxes map 6-bits to
• 4-bits. 48-bits to 32-bits.
• Lookup table
• round function as
• Ri = Li−1⊕[F(Ri−1,Ki) =
P−box(S−boxes(Exapnd(Ri−1)⊕Ki))]
• Li = Ri−1
26. DES: DISCUSSION
Comments on DES
• Mathematicians are very good at solving linear equations
• only part S-Box is non-linear of DES and it is the fundamental security
component
• DES is today vulnerable because of the key is too small
• In theory, less work or computation is needed for exhaustive key search
• It was designed to process in a system with small (byte) sized words
• Variation is triple-DES with large key is more effective
27. PUBLIC KEY CRYPTOGRAPHY
In Symmetric Cryptography
• Same key is used for encryption and decryption
• Need secure distribution of key!! – important problem
Asymmetric Key Cryptography
• Two different keys are used for encryption and decryption
• Eliminate most vexing problem to distribute symmetric key
• Public key for encryption
• Private key for decryption
• Some public keys are used only to transfer symmetric key
28. PUBLIC KEY ENCRYPTION
BACKGROUND
Background
• Is invented by GCHQ (British equivalent of NSA) in late 1960-70 and Academic researcher
shortly thereafter.
• Government cannot grasp the full potential of Public key encryption
• Compared to symmetric key, public key is recent.
• it was a revolution of cryptography
• it lay dormant until the academicians pushed it into the limelight
Based on very special mathematical structure. It also based on trapdoor one way function.
Compute one direction but hard to compute other directions.
• A trap door feature ensure that attacker cannot use public information to recover the private
information
29. HOW DOES IT WORK?
General Idea
• Generates two prime numbers p and p provides very large N where N = pq
• for a given sufficiently large N, it is difficult to find factors p and q
• Two large key pair Public Key and Private Key.
• Any one want to transfer data to receiver must use receiver public key to encrypt
• Only receiver’s private key can decrypt the message
• For digital signature – sender use it’s private key to encrypt and any one can
verify (integrity) sender’s message (decrypt) by using sender’s public key.
• sender’s digital signature is attached with the message therefore copy of
signature is not possible
• example: knapsack cryptography – one of the first practical example of public
key encryption
30. KNAPSACK PUBLIC KEY
CRYPTOGRAPHY
Knapsack Public Key Cryptography
• Diffie and Hellman conjectured that public cryptography is possible
• They only offer key exchange policy
• nearly at the same time: Merkle-Hellman proposed a cryptosystem based on NP-Hard problem
• For the cryptosystem Knapsack problem is defined as,
Definition (Knapsack Problem)
Given a set (n) of weight as W0, W1, · · · , Wn−1 and desired sum S, find a0, a1, a2, · · · ,
an−1 for each ai ∈ {0, 1}. So that
S = a0W0 + a1W1 + a2W2 + · · · + an−1Wn−1
with a maximum number of elements
31. KNAPSACK PROBLEM
EXAMPLE
Suppose the weights are: 85, 13, 9, 7, 47, 27, 99, 86 and S = 172 then the solution exists and given by,
a = (a0, a1, a2, a3, a4, a5, a6, a7) = (11001100)
since, 85 + 13 + 47 + 27 = 172
• Knapsack problem is NP-Complete but special Knapsack superincreasing knapsack can be solved in
linear time
• Definition (Superincreasing Knapsack)
• It is variant of general Knapsack where weights are arranged in increasing order such that each weight
is greater than sum of previous weights as,
Wi> 𝑗=0
𝑖−1
𝑊𝑗
Example: 3, 6, 11, 25, 46, 95, 200, 411
32. KNAPSACK CRYPTOGRAPHY
Steps of Knapsack Cryptography
• Generate a superincreasing Knapsack, example: (2, 3, 7, 14, 30, 57, 120, 251)
• Convert the superincreasing knapsack into a general knapsack.
• Choose n and m relatively prime;
• where m is a multiplier and n is greater sum of all elements
• convert general knapsack to superincreasing knapsack
• The public key is the general knapsack.
• The private key is the superincreasing knapsack together with the conversion factors
33. CONVERT TO SUPERINCREASING
KNAPSACK
Let multiplier m = 41 and modulus n = 491 then for the following superincreasing Knapsack:
(2, 3, 7, 14, 30, 57, 120, 251), the general Knapsack is
2m = 2 × 41 = 82 mod 491
3m = 3 × 41 = 123 mod 491
7m = 7 × 41 = 287 mod 491
14m = 14 × 41 = 83 mod 491
30m = 30 × 41 = 248 mod 491
57m = 57 × 41 = 373 mod 491
120m = 120 × 41 = 10 mod 491
251m = 251 × 41 = 471 mod 491
≡ {82, 123, 287, 83, 248, 373, 10, 471}
Therefore, the public key is {82, 123, 287, 83, 248, 373, 10, 471} and the private key is {2, 3, 7, 14,
30, 57, 120, 251, 12} and multiplicative inverse(modulo) 41−1 mod 491 = 12. Which can be
determined 12 = (w × 491)/41 + 1, w > 0 such that (w × 491) is divisible by m = 41.
34. EXAMPLE
Example (public key encryption)
Let M = 11001011, and public and private keys are show as above, then, encrypt message M:
C = 82 + 123 + 248 + 10 + 471 = 934
Decrypt cipher text C:
C.𝑚−1mod n = (934 × 12) mod 491 = 406
Now solve the super increasing Knapsack problem as, and the solution is
2 × 1 + 3 × 1 + 7 × 0 + 14 × 0 + 30 × 1 + 57 × 0 + 120 × 1 + 251 × 1
= 2 + 3 + 30 + 120 + 251
= 406
and the message is 11001011
35. DOWNSIDE OF KNAPSACK CIPHER
Downside of Knapsack cipher
• General Knapsack is a NP-Complete problem
• The bottom line is that the general Knapsack which is generated from superincreasing Knapsack
is not really a General Knapsack
• In 1983 Shamir broke it using apple II computer
• The lattice reduction attack take the advantages of such structure
• lattice reduction attack – easily recover plain text from cipher text
• Therefore, it is not secure
There are variant of Knapsack cipher, that are more secure, but people are reluctant to use
them since the name “knapsack” is forever tainted
36. CRYPTOGRAPHIC HASH FUNCTION
A cryptographic hash function h(x) must have the following features
• Compression: for a input x, the output length of y = h(x) is small. In practice the length is
fixed (e.g., 160 bits), regardless of the input
• Efficiency: Must be easy to computer h(x) regardless of the input
• On way: Not invertible; For a give y = h(x), for any x’ it is infeasible to compute y from
h(x’)
• Weak collision resistance: It is infeasible to change message without changing the hash.
• For a given x and h(x), it is infeasible to find any y, with y 6= x such that h(y) = h(x)
• Strong collision resistance: It’s infeasible to find any x and y, such that x != y and h(x) =
h(y). Cannot find two input producing same output
Let 128-bit hash calculated from 150-bits input, then there are 222 collision on average. The
collision resistance property states that it should be computationally hard to calculate.
37. BIRTHDDAY ATTACK
Birthday attack
• recall the birthday problem we can find √2^N = 2^n/2different input, we can expect a
collision or two input that hash the same value
• the attacker can find the same value as h(M) = h(M’) (!!)
• It is a brute-force attack similar to exhaustive key search
38. AUTHORIZATION
Authorization
• Authentication is the issue which establish identity
• Authorization deals with situation where we already authenticated
• The decision of authentication is binary permitted to enter the system or not
• authorization can be a much more ne grained process
• Firewall { is the form of access control for the network.
• CAPTCHA which is a form of access control to restrict access to human
• Intrusion detection come on scene when rewall fails
• Authorization was often considered the heart of information security
• today it seems like quaint notion.
39. ACCESS CONTROL MATRIX
Lampson's access control matrix
• this matrix contains all of the relevant information needed by an operating system
• Make decision which user allowed to do and what to do
• ACL and Capabilities (C-Lists) are derived from Lampson's access control matrix
Subject: is the user of the system and Object is the system resources. An example: (Row
present the subject, on the other hand column tells about objects)
40. FIREWALL
Firewall -What does it mean?
• A firewall acts a lot like a secretary for your network.
• The firewall examines requests for access to your network, and it decides whether they pass a
reasonableness test.
• If so, they are allowed through, and, if not, they are refused.
Firewall Terminology and Types
• Packet Filter
• Stateful packet filter
• Application Proxy